eBook - ePub
Data Protection and Compliance
Second edition
Stewart Room, Stewart Room
This is a test
Compartir libro
- 350 páginas
- English
- ePUB (apto para móviles)
- Disponible en iOS y Android
eBook - ePub
Data Protection and Compliance
Second edition
Stewart Room, Stewart Room
Detalles del libro
Vista previa del libro
Índice
Citas
Información del libro
Large-scale data loss and data privacy compliance breaches continue to make headline news, highlighting the need for stringent data protection policies, especially when personal or commercially sensitive information is at stake. While regulations and legislation exist to address these issues, how organisations can best tailor their compliance approaches to their own operational circumstances has remained an open question. The focus of this book is on operationalising a truly risk-based approach to data protection and compliance, beyond just emphasis on regulatory frameworks and legalistic compliance.
Preguntas frecuentes
¿Cómo cancelo mi suscripción?
¿Cómo descargo los libros?
Por el momento, todos nuestros libros ePub adaptables a dispositivos móviles se pueden descargar a través de la aplicación. La mayor parte de nuestros PDF también se puede descargar y ya estamos trabajando para que el resto también sea descargable. Obtén más información aquí.
¿En qué se diferencian los planes de precios?
Ambos planes te permiten acceder por completo a la biblioteca y a todas las funciones de Perlego. Las únicas diferencias son el precio y el período de suscripción: con el plan anual ahorrarás en torno a un 30 % en comparación con 12 meses de un plan mensual.
¿Qué es Perlego?
Somos un servicio de suscripción de libros de texto en línea que te permite acceder a toda una biblioteca en línea por menos de lo que cuesta un libro al mes. Con más de un millón de libros sobre más de 1000 categorías, ¡tenemos todo lo que necesitas! Obtén más información aquí.
¿Perlego ofrece la función de texto a voz?
Busca el símbolo de lectura en voz alta en tu próximo libro para ver si puedes escucharlo. La herramienta de lectura en voz alta lee el texto en voz alta por ti, resaltando el texto a medida que se lee. Puedes pausarla, acelerarla y ralentizarla. Obtén más información aquí.
¿Es Data Protection and Compliance un PDF/ePUB en línea?
Sí, puedes acceder a Data Protection and Compliance de Stewart Room, Stewart Room en formato PDF o ePUB, así como a otros libros populares de Law y Science & Technology Law. Tenemos más de un millón de libros disponibles en nuestro catálogo para que explores.
Información
PART I
THE BIG PICTURE
1 INTRODUCTION TO DATA PROTECTION
Stewart Room
This chapter acts as the foundation stone for all the issues discussed in this book. It introduces the core aims and objectives of data protection; explains how the topic relates to the right to privacy; provides illustrations of some of the critical priorities in this area; and identifies the main sources of law.
WHAT IS DATA PROTECTION?
The idea of ‘data protection’ can be looked at in several ways. In an operational sense, it means achieving predefined outcomes during the collection, use and storage of personal data, which is called ‘data processing’. In a legal sense, it means the regulatory framework that governs these activities. In a colloquial and limited sense, it is sometimes viewed as a synonym for the security of data, but this would not be representative of the established European view of things.
Taking the General Data Protection Regulation 2016 (GDPR) as a starting point, the title of this legislation clarifies that data protection means ‘the protection of natural persons with regard to the processing of personal data and … the free movement of such data’. Recital 6 of the GDPR summarises the issues perfectly.
GDPR R.6 – Goals of data protection
Rapid technological developments and globalisation have brought new challenges for the protection of personal data. The scale of the collection and sharing of personal data has increased significantly. Technology allows both private companies and public authorities to make use of personal data on an unprecedented scale in order to pursue their activities. Natural persons increasingly make personal information available publicly and globally. Technology has transformed both the economy and social life, and should further facilitate the free flow of personal data within the Union and the transfer to third countries and international organisations, while ensuring a high level of the protection of personal data.
DOES DATA PROTECTION MEANS PRIVACY?
To emphasise a point that is implicit within the title of the GDPR but not always obvious, the topic of data protection is not simply about the concept of privacy. In fact, many aspects of the law cut through the concept of privacy, such as the support that it gives to sharing of personal data in the public interest, that is, without the consent or permission of the person whose data are affected.
However, the modern concept of data protection does have its historical root in privacy law. This is demonstrated by the text in the Council of Europe Resolution (73) 22, explanatory report box, which is from the Council’s 1973 Resolution on private sector1 data banks. The 1973 Resolution was a landmark event in data protection, as it provided one of the first statements of the data protection principles: the principles are the foundation stone upon which all forms of data protection law are built. It was followed in 1974 by a companion resolution for the public sector.2
Perhaps the best way to look at how privacy relates to the topic of data protection is to see it as being a very significant part of the topic, but the topic is much bigger than privacy. Due to the significance of the topic of privacy within data protection, it is worth looking into it a little further at this stage.
Council of Europe Resolution (73) 22, explanatory report
1. It is generally recognised that the development of modern science and technology, which enable man to attain an advanced standard of living, brings in its wake certain dangers threatening the rights of individuals. This is the case, for instance, with the utilisation of new techniques for surveillance or observation of persons and for compiling and processing data pertaining to them,
2. A survey, conducted in 1968–70 by the Committee of Experts on Human Rights of the Council of Europe, on the legislation of the Member States with regard to human rights and modern scientific and technological developments has shown that the existing law does not provide sufficient protection for the citizen against intrusions on privacy by technical devices …
3. A particular new source of possible intrusion into privacy has been created by the rapid growth and popularisation of computer technology. The purposes which computers are increasingly serving in the public and private sectors are by themselves not basically different from those served by more traditional forms of data storage and processing.
What is privacy?
There are many philosophical threads of ideas within the right to privacy, which cover concepts such as ‘the right to be let alone’,3 through to the concept of personal data protection within the GDPR.
The right to privacy was crystallised within the European Convention on Human Rights (ECHR) in 1950 (see Article 8) and was restated by the EU Charter of Fundamental Rights in 2012 (see Article 7). In the UK the right to privacy has developed into a tort known as the tort of misuse of private information, a civil law right, breach of which is actionable in court and compensatable in damages. Table 1.1 sets out the wording of the right to privacy as it has crystallised within pan-European law.
Table 1.1 The right to privacy
European Convention on Human Rights | Charter of Fundamental Rights of the European Union |
Article 8: Right to respect for private and family life 1. Everyone has the right to respect for his private and family life, his home and his correspondence. 2. There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others. | Article 7: Respect for private and family life Everyone has the right to respect for their private and family life, home and communications. |
Are there exceptions to the right to privacy?
The right to privacy is not an absolute right. As shown by Article 8.2 of the ECHR, privacy can be interfered with, if the interference is authorised by law and is necessary and proportionate. This means that when questions about interferences with privacy come to be judged, a balancing act must be performed to understand both the legal justification for the interference and how the right to privacy compares with other competing rights in a relative sense.
Privacy versus freedom of expression
A common situation where the balancing act needs to be performed is during press and media reporting of news stories, when the right to freedom of expression, crystallised by Article 10 of the ECHR, competes with the right to privacy. There have been countless court cases about this, often concerning celebrities,4 sportspeople5 and royalty,6 and they will never end. The phone-hacking scandal, which led to the Leveson Inquiry and the closure of the News of the World newspaper, as well as the prosecution and imprisonment of various people in the newspaper industry, illustrates the damage that can be done when the exercise of the right of freedom of expression fails to have regard to the balancing act.
Privacy versus security and law enforcement
Security and law and enforcement agencies override the right to privacy in the interests of national security, public safety, the prevention of disorder and crime and related public interests encapsulated by Article 8.2. Again, the balancing act must be performed and as with the case of freedom of expression, this has generated countless court cases and scandals. Example...