eBook - ePub
Data Protection and Compliance
Second edition
Stewart Room, Stewart Room
This is a test
Condividi libro
- 350 pagine
- English
- ePUB (disponibile sull'app)
- Disponibile su iOS e Android
eBook - ePub
Data Protection and Compliance
Second edition
Stewart Room, Stewart Room
Dettagli del libro
Anteprima del libro
Indice dei contenuti
Citazioni
Informazioni sul libro
Large-scale data loss and data privacy compliance breaches continue to make headline news, highlighting the need for stringent data protection policies, especially when personal or commercially sensitive information is at stake. While regulations and legislation exist to address these issues, how organisations can best tailor their compliance approaches to their own operational circumstances has remained an open question. The focus of this book is on operationalising a truly risk-based approach to data protection and compliance, beyond just emphasis on regulatory frameworks and legalistic compliance.
Domande frequenti
Come faccio ad annullare l'abbonamento?
È semplicissimo: basta accedere alla sezione Account nelle Impostazioni e cliccare su "Annulla abbonamento". Dopo la cancellazione, l'abbonamento rimarrà attivo per il periodo rimanente già pagato. Per maggiori informazioni, clicca qui
È possibile scaricare libri? Se sì, come?
Al momento è possibile scaricare tramite l'app tutti i nostri libri ePub mobile-friendly. Anche la maggior parte dei nostri PDF è scaricabile e stiamo lavorando per rendere disponibile quanto prima il download di tutti gli altri file. Per maggiori informazioni, clicca qui
Che differenza c'è tra i piani?
Entrambi i piani ti danno accesso illimitato alla libreria e a tutte le funzionalità di Perlego. Le uniche differenze sono il prezzo e il periodo di abbonamento: con il piano annuale risparmierai circa il 30% rispetto a 12 rate con quello mensile.
Cos'è Perlego?
Perlego è un servizio di abbonamento a testi accademici, che ti permette di accedere a un'intera libreria online a un prezzo inferiore rispetto a quello che pagheresti per acquistare un singolo libro al mese. Con oltre 1 milione di testi suddivisi in più di 1.000 categorie, troverai sicuramente ciò che fa per te! Per maggiori informazioni, clicca qui.
Perlego supporta la sintesi vocale?
Cerca l'icona Sintesi vocale nel prossimo libro che leggerai per verificare se è possibile riprodurre l'audio. Questo strumento permette di leggere il testo a voce alta, evidenziandolo man mano che la lettura procede. Puoi aumentare o diminuire la velocità della sintesi vocale, oppure sospendere la riproduzione. Per maggiori informazioni, clicca qui.
Data Protection and Compliance è disponibile online in formato PDF/ePub?
Sì, puoi accedere a Data Protection and Compliance di Stewart Room, Stewart Room in formato PDF e/o ePub, così come ad altri libri molto apprezzati nelle sezioni relative a Law e Science & Technology Law. Scopri oltre 1 milione di libri disponibili nel nostro catalogo.
Informazioni
PART I
THE BIG PICTURE
1 INTRODUCTION TO DATA PROTECTION
Stewart Room
This chapter acts as the foundation stone for all the issues discussed in this book. It introduces the core aims and objectives of data protection; explains how the topic relates to the right to privacy; provides illustrations of some of the critical priorities in this area; and identifies the main sources of law.
WHAT IS DATA PROTECTION?
The idea of ‘data protection’ can be looked at in several ways. In an operational sense, it means achieving predefined outcomes during the collection, use and storage of personal data, which is called ‘data processing’. In a legal sense, it means the regulatory framework that governs these activities. In a colloquial and limited sense, it is sometimes viewed as a synonym for the security of data, but this would not be representative of the established European view of things.
Taking the General Data Protection Regulation 2016 (GDPR) as a starting point, the title of this legislation clarifies that data protection means ‘the protection of natural persons with regard to the processing of personal data and … the free movement of such data’. Recital 6 of the GDPR summarises the issues perfectly.
GDPR R.6 – Goals of data protection
Rapid technological developments and globalisation have brought new challenges for the protection of personal data. The scale of the collection and sharing of personal data has increased significantly. Technology allows both private companies and public authorities to make use of personal data on an unprecedented scale in order to pursue their activities. Natural persons increasingly make personal information available publicly and globally. Technology has transformed both the economy and social life, and should further facilitate the free flow of personal data within the Union and the transfer to third countries and international organisations, while ensuring a high level of the protection of personal data.
DOES DATA PROTECTION MEANS PRIVACY?
To emphasise a point that is implicit within the title of the GDPR but not always obvious, the topic of data protection is not simply about the concept of privacy. In fact, many aspects of the law cut through the concept of privacy, such as the support that it gives to sharing of personal data in the public interest, that is, without the consent or permission of the person whose data are affected.
However, the modern concept of data protection does have its historical root in privacy law. This is demonstrated by the text in the Council of Europe Resolution (73) 22, explanatory report box, which is from the Council’s 1973 Resolution on private sector1 data banks. The 1973 Resolution was a landmark event in data protection, as it provided one of the first statements of the data protection principles: the principles are the foundation stone upon which all forms of data protection law are built. It was followed in 1974 by a companion resolution for the public sector.2
Perhaps the best way to look at how privacy relates to the topic of data protection is to see it as being a very significant part of the topic, but the topic is much bigger than privacy. Due to the significance of the topic of privacy within data protection, it is worth looking into it a little further at this stage.
Council of Europe Resolution (73) 22, explanatory report
1. It is generally recognised that the development of modern science and technology, which enable man to attain an advanced standard of living, brings in its wake certain dangers threatening the rights of individuals. This is the case, for instance, with the utilisation of new techniques for surveillance or observation of persons and for compiling and processing data pertaining to them,
2. A survey, conducted in 1968–70 by the Committee of Experts on Human Rights of the Council of Europe, on the legislation of the Member States with regard to human rights and modern scientific and technological developments has shown that the existing law does not provide sufficient protection for the citizen against intrusions on privacy by technical devices …
3. A particular new source of possible intrusion into privacy has been created by the rapid growth and popularisation of computer technology. The purposes which computers are increasingly serving in the public and private sectors are by themselves not basically different from those served by more traditional forms of data storage and processing.
What is privacy?
There are many philosophical threads of ideas within the right to privacy, which cover concepts such as ‘the right to be let alone’,3 through to the concept of personal data protection within the GDPR.
The right to privacy was crystallised within the European Convention on Human Rights (ECHR) in 1950 (see Article 8) and was restated by the EU Charter of Fundamental Rights in 2012 (see Article 7). In the UK the right to privacy has developed into a tort known as the tort of misuse of private information, a civil law right, breach of which is actionable in court and compensatable in damages. Table 1.1 sets out the wording of the right to privacy as it has crystallised within pan-European law.
Table 1.1 The right to privacy
European Convention on Human Rights | Charter of Fundamental Rights of the European Union |
Article 8: Right to respect for private and family life 1. Everyone has the right to respect for his private and family life, his home and his correspondence. 2. There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others. | Article 7: Respect for private and family life Everyone has the right to respect for their private and family life, home and communications. |
Are there exceptions to the right to privacy?
The right to privacy is not an absolute right. As shown by Article 8.2 of the ECHR, privacy can be interfered with, if the interference is authorised by law and is necessary and proportionate. This means that when questions about interferences with privacy come to be judged, a balancing act must be performed to understand both the legal justification for the interference and how the right to privacy compares with other competing rights in a relative sense.
Privacy versus freedom of expression
A common situation where the balancing act needs to be performed is during press and media reporting of news stories, when the right to freedom of expression, crystallised by Article 10 of the ECHR, competes with the right to privacy. There have been countless court cases about this, often concerning celebrities,4 sportspeople5 and royalty,6 and they will never end. The phone-hacking scandal, which led to the Leveson Inquiry and the closure of the News of the World newspaper, as well as the prosecution and imprisonment of various people in the newspaper industry, illustrates the damage that can be done when the exercise of the right of freedom of expression fails to have regard to the balancing act.
Privacy versus security and law enforcement
Security and law and enforcement agencies override the right to privacy in the interests of national security, public safety, the prevention of disorder and crime and related public interests encapsulated by Article 8.2. Again, the balancing act must be performed and as with the case of freedom of expression, this has generated countless court cases and scandals. Example...