Your search keyword '"data protection law"' showing total 335 results

51. Der deliktische Schadensersatz im europäischen Datenschutzprivatrecht : Unter besonderer Berücksichtigung der Schadensbemessung

Author

Jacquemain, Tobias and Jacquemain, Tobias

Subjects

EuR: Andere Rechtsgebiete, Datenschutzrecht, EU Law: Other Areas of Law, Data Protection Law

Abstract

Rechtsfolgen bei Verstößen gegen Datenschutzrecht sind nur von nachgeordneter Bedeutung und fokussieren sich in der Regel ausschließlich auf Geldbußen als verwaltungsrechtliche Sanktion. Woran scheitert die deliktische Haftung, die einen Ausgleich für den Betroffenen leisten könnte?Das Fehlen einer brauchbaren Definition des Schadens bei Datenschutzverstößen, aber noch vielmehr die Schwierigkeit beim Bemessen des Schadens machen einen effektiven Schadensersatzanspruch kaum möglich. Die bei Verstößen vorherrschend auftretenden immateriellen Schäden sind nicht in Geld messbar und behindern die effektive Rechtsdurchsetzung etwaiger Ansprüche. Daten sind zu lukrativen Wirtschaftsgütern geworden. Das legt materielle Schädigungen bei Datenschutzverletzung durch Private nah. Der deliktische Schutz des Rechts auf informationelle Selbstbestimmung umfasst den Schutz kommerzieller Interessen. Daher erscheint eine „Materialisierung“ von Datenschutzverstößen praktikabel.

Published

2017

52. A fair trial in complex technology cases: Why courts and judges need a basic understanding of complex technologies.

Author

Custers, Bart

Subjects

*INFORMATION technology, *DATA protection laws, *JUDGES, *COURTS, *DATA protection

Abstract

Technology is getting increasingly complicated. If complex technologies have the potential to cause harm, people may need protection. Such legal protection is increasingly available, but it is only effective if it can also be enforced in courts. If people do not understand what is happening, for instance, with their personal data, they may not go to court at all. When people go to court, they may encounter another problem: if also courts and judges have a limited understanding of how the complex technologies work, this can affect the right to a fair trial. In this paper, it is argued that a fair trial requires that courts and judges need to have sufficient understanding of the technology in cases on which they are ruling. Since not all judges can be trained to have deep understanding of technology, other ways to address this are proposed. [ABSTRACT FROM AUTHOR]

Published

2024

53. Discrimination for the sake of fairness by design and its legal framework.

Author

Hoch, Holly, Hertweck, Corinna, Loi, Michele, and Tamò-Larrieux, Aurelia

Subjects

*DISCRIMINATION (Sociology), *FAIRNESS, *COMPUTER scientists, *DATA protection laws, *ALGORITHMS

Abstract

As algorithms are increasingly enlisted to make critical determinations about human actors, the more frequently we see these algorithms appear in sensational headlines crying foul on discrimination. There is broad consensus among computer scientists working on this issue that such discrimination can be reduced by intentionally collecting and consciously using sensitive information about demographic features like sex, gender, race, religion etc. Companies implementing such algorithms might, however, be wary of allowing algorithms access to such data as they fear legal repercussions, as the promoted standard has been to omit protected attributes, otherwise dubbed "fairness through unawareness". This paper asks whether such wariness is justified in light of EU data protection and anti-discrimination laws. In order to answer this question, we introduce a specific case and analyze how EU law might apply when an algorithm accesses sensitive information to make fairer predictions. We review whether such measures constitute discrimination, and for who, arriving at different conclusions based on how we define the harm of discrimination and the groups we compare. Finding that several legal claims could arise regarding the use of sensitive information, we ultimately conclude that the proffered fairness measures would be considered a positive (or affirmative) action under EU law. As such, the appropriate use of sensitive information in order to increase the fairness of an algorithm is a positive action, and not per se prohibited by EU law. [ABSTRACT FROM AUTHOR]

Published

2024

54. Datenschutzgerechte Wege zur Nutzung von Real World Data

Author

Drepper, Johannes

Published

2022

55. Genetic Classes and Genetic Categories: Protecting Genetic Groups Through Data Protection Law

Author

Hallinan, Dara, de Hert, Paul, Floridi, Luciano, Editor-in-chief, Taddeo, Mariarosaria, Editor-in-chief, Taylor, Linnet, editor, and van der Sloot, Bart, editor

Published

2017

56. The right to privacy and the protection of personal data: Convention 108 as a universal and timeless standard for policymakers in Europe and beyond

Author

Urszula Góral

Subjects

data protection, privacy, data protection law, data protection policy, Convention 108, GDPR, Law, Political institutions and public administration (General), JF20-2112

Abstract

It is widely recognised that the first binding legal act regarding the protection of personal data of an international nature is Convention 108, adopted on 28 January 1981. By virtue of the Convention, the Parties are required to apply in their domestic legal order the principles introduced by the Council of Europe to ensure guarantees for the fundamental human rights of all individuals with regard to the processing of personal data. This paper refers to Convention 108 as the foundation for European and international data protection laws in a number of European countries. It has influenced policies and legislation far beyond Europe’s borders. However, due to the development of ICT tools that permit establishing new data-driven business models based on data-processing systems, Convention 108 has become subject to modernisation. At the same time, intensive negotiations were conducted in the EU concerning a new data-protection package to reform the data-protection system, and many other countries around the world have introduced provisions related to the processing of personal data. This paper analyses the impact of the standards set out in Convention 108 on the decision-making process and its global dimension.

Published

2021

57. Data-driven value extraction and human well-being under EU law

Author

Trzaskowski, Jan

Published

2022

58. Strengthening legal protection against discrimination by algorithms and artificial intelligence.

Author

Zuiderveen Borgesius, Frederik J.

Subjects

*ARTIFICIAL intelligence, *DATA protection laws, *LAW enforcement, *LEGAL instruments, *ALGORITHMS

Abstract

Algorithmic decision-making and other types of artificial intelligence (AI) can be used to predict who will commit crime, who will be a good employee, who will default on a loan, etc. However, algorithmic decision-making can also threaten human rights, such as the right to non-discrimination. The paper evaluates current legal protection in Europe against discriminatory algorithmic decisions. The paper shows that non-discrimination law, in particular through the concept of indirect discrimination, prohibits many types of algorithmic discrimination. Data protection law could also help to defend people against discrimination. Proper enforcement of non-discrimination law and data protection law could help to protect people. However, the paper shows that both legal instruments have severe weaknesses when applied to artificial intelligence. The paper suggests how enforcement of current rules can be improved. The paper also explores whether additional rules are needed. The paper argues for sector-specific – rather than general – rules, and outlines an approach to regulate algorithmic decision-making. [ABSTRACT FROM AUTHOR]

Published

2020

59. Predictions from data analytics: Does Malaysian data protection law apply?

Author

San, Tay Pek

Subjects

*DATA protection laws, *DATA analytics, *ARTIFICIAL intelligence, *GENERAL Data Protection Regulation, 2016, *PERSONAL information management

Abstract

As data analytics become prevalent in industries in Malaysia to draw predictions about individuals' habits and behaviour, it is important that certainty exists about the legal status of predictions vis-à-vis data protection law. The predictions can be privacy-intrusive and threaten individuals' autonomy, although this may not always be so. The Malaysian Personal Data Protection Act 2010 is silent on the legal status of predictions. This paper examines whether the Malaysian Parliament should extend the Act to provide control to individuals over predictions about themselves. In doing so, the paper explores the position in the EU, Japan, Australia and the USA. The finding is that in those jurisdictions, predictions are within the remit of data protection law. It is argued that this is an over-generalisation and is inconsonant with commercial realities. The author advocates that a different approach be adopted to achieve a balance between individuals' interest to control their data and commercial needs to use predictions without undue hindrance. [ABSTRACT FROM AUTHOR]

Published

2020

60. N-ary Information Markets: Money, Attention, and Personal Data as Means of Payment.

Author

Stock, Wolfgang G.

Subjects

MONEY market, PREDICTION markets, PERSONALLY identifiable information, DATA protection laws, PAYMENT

Abstract

On information markets, we can identify different relations between sellers and their customers, with some users paying with money, some paying with attention, and others paying with their personal data. For the description of these different market relations, this article introduces the notion of arity into the scientific discussion. On unary information markets, customers pay with their money; examples include commercial information suppliers. Binary information markets are characterized by one market side paying with attention (e.g., on the search engine Google) or with personal data (e.g., on most social media services) and the other market side (mainly advertisers) paying with money. Our example of a ternary market is a social media market with the additional market side of influencers. If customers buy on unary markets, they know what to pay (in terms of money). If they pay with attention or with their personal data, they do not know what they have to pay exactly in the end. On n-ary markets (n greater than 1), laws should regulate company's abuse of money and which is new abuse of data streams with the aid of competition (or anti-trust) laws, and by modified data protection laws, which are guided by fair use of end users' attention and data. [ABSTRACT FROM AUTHOR]

Published

2020

61. ENCUESTA SOBRE LA PROTECCIÓN DE DATOS PERSONALES.

Abstract

In this academic survey a group of Constitutional Law Professors answer some questions about personal data protection and its challenges in the digital society, the recognition of a fundamental right of data protection and its possibilities against the transnational threats, the way of recognition of that right in a national and supranational process, the role played by the legislators and the judges, and about the data protection agencies and its functions. [ABSTRACT FROM AUTHOR]

Published

2020

62. KİŞİSEL SAĞLIK VERİLERİNİN İŞLENMESİNE VE COVID-19 PANDEMİSİ SÜRECİNDE MOBİL UYGULAMALARLA PAYLAŞILMASINA HUKUKÎ BİR BAKIŞ.

Author

AKKURT, Sinan Sami

Subjects

PERSONALLY identifiable information, DATA protection, RIGHT of publicity, CRIMINAL records, MOBILE apps, VIS major (Civil law), CIVIL rights

Abstract

Copyright of Istanbul Commerce University Journal of Social Sciences / İstanbul Ticaret Üniversitesi Sosyal Bilimler Dergisi is the property of Istanbul Commerce University Journal of Social Sciences and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2020

63. Genetic Privacy and Data Protection: A Review of Chinese Direct-to-Consumer Genetic Test Services.

Author

Du, Li and Wang, Meng

Subjects

DATA security failures, GENETIC testing, GENETIC privacy, INFORMED consent (Medical law), INFORMATION policy, SEARCH engines

Abstract

Background: The existing literature has not examined how Chinese direct-to-consumer (DTC) genetic testing providers navigate the issues of informed consent, privacy, and data protection associated with testing services. This research aims to explore these questions by examining the relevant documents and messages published on websites of the Chinese DTC genetic test providers. Methods: Using Baidu.com, the most popular Chinese search engine, we compiled the websites of providers who offer genetic testing services and analyzed available documents related to informed consent, the terms of services, and the privacy policy. The analyses were guided by the following inquiries as they applied to each DTC provider: the methods available for purchasing testing products; the methods providers used to obtain informed consent; privacy issues and measures for protecting consumers' health information; the policy for third-party data sharing; consumers right to their data; and the liabilities in the event of a data breach. Results: 68.7% of providers offer multiple channels for purchasing genetic testing products, and that social media has become a popular platform to promote testing services. Informed consent forms are not available on 94% of providers' websites and a privacy policy is only offered by 45.8% of DTC genetic testing providers. Thirty-nine providers stated that they used measures to protect consumers' information, of which, 29 providers have distinguished consumers' general personal information from their genetic information. In 33.7% of the cases examined, providers stated that with consumers' explicit permission, they could reuse and share the clients' information for non-commercial purposes. Twenty-three providers granted consumer rights to their health information, with the most frequently mentioned right being the consumers' right to decide how their data can be used by providers. Lastly, 21.7% of providers clearly stated their liabilities in the event of a data breach, placing more emphasis on the providers' exemption from any liability. Conclusions: Currently, the Chinese DTC genetic testing business is running in a regulatory vacuum, governed by self-regulation. The government should develop a comprehensive legal framework to regulate DTC genetic testing offerings. Regulatory improvements should be made based on periodical reviews of the supervisory strategy to meet the rapid development of the DTC genetic testing industry. [ABSTRACT FROM AUTHOR]

Published

2020

64. Technical Solutions for Legal Challenges: Equality of Arms in Criminal Proceedings.

Author

Quattrocolo, Serena, Anglano, Cosimo, Canonico, Massimo, and Guazzone, Marco

Subjects

CRIMINAL procedure, JURISPRUDENCE, JUDICIAL process, MACHINE learning, JUSTICE administration

Abstract

The paper focuses on how computational models and methods impact on current legal systems, and in particular, on criminal justice. While the discussion about the suitabilty of the exploitation of learning machines and Artificial Intelligence (AI) either as surveillance means and human substitutes in the judicial decision-making process is arising, the authors reflect upon the risk of using AI and algorithm-based evidence in criminal proceedings. The claim of the paper is twofold: on the one hand, we should reinterpret todays legal frameworks, e. g. the European Convention of Human Rights, shifting the attention from possible violations of the right to privacy to potential infringements on a basic fair trial feature, the Equality of Arms. On the other hand, we should aknowledge that main legal issues, triggered by the breathtaking advancements in AI, can properly be addressed mainly through technical solutions (e. g. methods for assessing the completeness and correctness of digital evidence related to mobile devices and conversations). No legal theory, which overlooks the crossover of juridical and computational expertise, will survive the present time. [ABSTRACT FROM AUTHOR]

Published

2020

65. Broad consent under the GDPR: an optimistic perspective on a bright future.

Author

Hallinan, Dara

Subjects

*SCIENTIFIC community, *DATA protection, *PATERNALISM, TREATY on European Union (1992). Protocols, etc., 2007 December 13

Abstract

Broad consent – the act of gaining one consent for multiple potential future research projects – sits at the core of much current genomic research practice. Since the 25th May 2018, the General Data Protection Regulation (GDPR) has applied as valid law concerning genomic research in the EU and now occupies a dominant position in the legal landscape. Yet, the position of the GDPR concerning broad consent has recently been cause for concern in the genomic research community. Whilst the text of the GDPR apparently supports the practice, recent jurisprudence contains language which is decidedly less positive. This article takes an in-depth look at the situation concerning broad consent under the GDPR and – despite the understandable concern flowing from recent jurisprudence – offers a positive outlook. This positive outlook is argued from three perspectives, each of which is significant in defining the current, and ongoing, legitimacy and utility of broad consent under the GDPR: the principled, the legal technical, and the practical. [ABSTRACT FROM AUTHOR]

Published

2020

66. TRENDS REGARDING FINES AND SANCTIONS IN COMPETITION LAW, LABOR LAW AND DATA PROTECTION LAW.

Author

GABRIEL, Barbu Silviu and SILVIU, Goga Alexandru

Subjects

DATA protection laws, UNFAIR competition, LABOR laws, LEGAL sanctions, CONSTITUTIONAL law

Abstract

The reason on writing this paper is based on the fact that nowadays civil and administrative sanctions and fines have become huge from a financial standing point, making a significant issue on the matters of the constitutionality – the right to property. ECHR and the European Court of Justice also have talking points on this. The Romanian Courts and mostly judges form second tier courts such as Tribunals or Courts of Appeal have become more aware of the fines they are presented with to be cancelled or at least diminished and regard some of them to be exaggerated. The research has been done on the basis on European and national Romanian law and, also on the basis of cases presented in front of the courts and their outcome. The fines in competition law can be negotiated but are a percentage of your annual income, the ones regarding labor law for working without a contract are 10.000 lei per person (about 2100 euros) and the ones in data protection law are also based on a fix sum and a percentage. Thus the results with which we came up are amazing, regarding that some cases have been won, but most of the fines and sanctions remained in place, some companies even agreeing to pay in advance or asking for a payment plan without going to trial. In other cases we noticed that Romanian national law is more rigorous and at some times even more severe than that of other EU member states. In conclusion, there should be a more strict revision on fines and sanctions throughout the whole European legal system and to ensure a more transparent and equitable framework in which companies and even natural persons can be aware of the fines and sanctions and if they are not contrary to Constitutional and European Law. [ABSTRACT FROM AUTHOR]

Published

2019

67. Is a Picture Worth a Thousand Terms? Visualising Contract Terms and Data Protection Requirements for Cloud Computing Users

Author

Esayas, Samson, Mahler, Tobias, McGillivray, Kevin, Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Doug, Series editor, Weikum, Gerhard, Series editor, Casteleyn, Sven, editor, Dolog, Peter, editor, and Pautasso, Cesare, editor

Published

2016

68. Digital Competition Law and Data Privacy in the EU – The Overlap and Interplay between GDPR, Article 102 TFEU, and DMA

Author

Nilsson, Oskar and Nilsson, Oskar

Abstract

Large digital platforms impact the entire internal market of the EU. In particular, three challenges characterise their relationship with businesses and end-users, “access to data”, “imbalanced bargaining power”, and “degrading data privacy”, where the common denominator is personal data. This thesis investigates to what extent these challenges are regulated in the GDPR, Article 102 TFEU and the DMA, together with the plausible overlap and interplay between the three legal frameworks. The study is thus framed in three regulation specific questions and one comparing and analysing question. The purpose-oriented part of the thesis is divided into three chapters, one for each research question, together with the corresponding fourth research question. The overarching approach is to move from “practical” to “theoretical”, i.e., initiating with case-law by the EU Courts, then viewpoints by relevant EU institutions, and finishing with theories by legal scholars, when investigating each challenge. Due to a relevant and financially strong sector, the material is of both high quality and current. Each legal framework could theoretically be applicable to each challenge, but to various extents and practical vs theoretical depth. The study further concludes that the predominant overlap is between the data portability provisions in the GDPR and the DMA respectively, questioning the “without prejudice” clause of the DMA. Furthermore, the predominant interplay is between the Article 102 TFEU and the GDPR, by using lack of “choices” and data protection principles as benchmarks for determining abuse. Beyond this, the thesis broadly investigates, if the three legal frameworks could theoretically be applied to the same challenge, following the bpost case the CJEU enabled the Commission to apply two legal frameworks side-by-side (competition rules and sector-specific rules), thus raising the question if a third could be possible. Either way, it can be concluded that the three provisions

Published

2023

69. The Controversial Interface between Competition and Data Protection Law - An Analysis of Privacy Concerns in the context of Merger Control

Author

Timofti, Cristina and Timofti, Cristina

Abstract

In the digital market, data has become an invaluable asset that businesses strive to achieve. Since most of the data acquired is personal data, current legal and academic debates have begun to investigate whether and how privacy is addressed within the context of merger control. The purpose of this thesis is to shed light on the role of competition law in safeguarding consumers from potential privacy breaches. It examines various competition rulings to determine how adjudicators have incorporated privacy concerns in data-driven mergers assessment. It further seeks to explore ways to fit the protection of personal data into merger or acquisition control by analyzing and interpreting the relevant legal instruments. The paper concludes that privacy concerns might prevent or shape a merger when the two legal fields overlap. The research further found that data protection consideration might be assessed in the merger process to the extent that it is viewed as an aspect of consumer welfare or if Member States consider it as a legitimate interest under the Merger Regulation. Finally, this thesis concludes that Digital Markets Act serves as a tool to connect the dots and bridge the gap between competition and data protection law.

Published

2023

70. Editorial: A trialogue on regulating data-driven criminal procedure

Author

Galič, Maša, Stevens, Lonneke, Koops, Bert Jaap, Galič, Maša, Stevens, Lonneke, and Koops, Bert Jaap

Abstract

This editorial introduces a special issue on the challenges of regulating data-driven criminal investigations, in light of the interplay – or rather, the lack thereof – between criminal procedure law and data protection law. The aim is to bring together scholars from both fields, to facilitate mutual understanding and to present ideas on better aligning these bodies of law to form a comprehensive normative framework. In data-driven investigations, police typically assemble large data sets to build an information position, followed by automated analysis to detect patterns and find evidence of potential crimes. The shift from traditional targeted, “case-seeks-evidence” investigations to data-driven untargeted, “evidence-seeks-case” investigations challenges the current normative framework. Discussing this challenge and the insights offered by the six contributions to this special issue, the authors identify multiple problems: people in criminal law lack knowledge of and therefore undervalue data protection law; data subject rights do not function well in the criminal procedure context; there may be an increasing emphasis on instrumentality in criminal law, at the cost of legal protection; criminal law strongly focuses on legal protection of suspects, particularly during trial, and does not cope well with investigations that never end up in court, nor with the protection of innocent citizens whose data are now also pervasively processed as by-catch in criminal investigations; and the law has relatively strong norms on data collection, but not on data analysis. The way forward lies in evolving towards a system that does not only protect suspects and victims but that systematically incorporates the rights of innocent thirds; developing an integrated and conclusive system of data processing rules in law enforcement, including data analysis and on-going reuse of data; and establishing a system of supervision that is adequately equipped to deal with the new reality of da

Published

2023

71. C-252/21 Meta v Bundeskartellamt: The lawfulness of Big Tech’s processing of personal data and the relationship between data protection and competition law

Author

Hriscu, Ana-Maria and Hriscu, Ana-Maria

Abstract

Case C-252/21 Meta Platforms v Bundeskartellamt dealt with a number of important questions regarding the relationship between data protection and competition law, as well the lawfulness, from the standpoint of the Data Protection Regulation (GDPR), of the processing of personal data from third party online sources. This case note summarises the judgement and reflects, in the commentary, on Big Tech’s reliance on consent as a lawful ground for processing, on the opportunities of using data protection as a benchmark in competition law and finally, on challenges of seeing data protection through the prism of competition law in the online context.

Published

2023

72. Anforderungen des Datenschutzes im Umgang mit personenbezogenen Daten

Author

Langner, Patrick

Subjects

anonymisation, Archivierung, data protection, FDM, Anonymisierung, personal data, informierte Einwilligung, informed consent, personenbezogene Daten, Forschungsdatenmanagement, Datenschutz, research data, Daten, Datenschutzrecht, archiving, data, RDM, pseudonymisation, research data management, Pseudonymisierung, law, Forschungsdaten, data protection law

Abstract

Der Umgang mit digitalen Forschungsdaten ist oft von rechtlichen Fragen betroffen. Der Vortrag konzentriert sich auf die Anforderungen des Datenschutzes beim Umgang mit (sensiblen) personenbezogenen Daten. Was sind die wichtigsten Pflichten von Forscher*innen im Umgang mit personenbezogenen Daten (z.B. informierte Einwilligung)? Welche grundlegenden Maßnahmen sind bei der Arbeit mit personenbezogenen Daten notwendig (z.B. Anonymisierung, Pseudonymisierung)? Gibt es besondere Erlaubnisse für die Datenverarbeitung zu Forschungszwecken (z. B. Auskunfts- und Widerspruchsrecht, Archivierung, Veröffentlichung)? Die dreitägige HeFDI Data Week ermöglicht es Forschenden, Lehrenden und allen weiteren Interessierten, Themen und Angebote des Forschungsdatenmanagements kennenzulernen und zu erproben. Darüber hinaus werden den Teilnehmenden Daten- und Coding-Kompetenzen vermittelt sowie Dienste und Angebote verschiedener hessischer Infrastruktur-Einrichtungen und Zentren vorgestellt., Die HeFDI Data Week ist ein Angebot der Landesinitiative HeFDI - Hessische Forschungsdateninfrastrukturen, welche vom Hessischen Ministerium für Wissenschaft und Kunst (HMWK) finanziert wird.

Published

2023

73. Definition of Data Sharing Agreements : The Case of Spanish Data Protection Law

Author

Egea, Marina, Matteucci, Ilaria, Mori, Paolo, Petrocchi, Marinella, Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Doug, Series editor, Weikum, Gerhard, Series editor, Felici, Massimo, editor, and Fernández-Gago, Carmen, editor

Published

2015

74. Training Your Staff

Author

Manning, Anna and Manning, Anna

Published

2015

75. Der Schutz personenbezogener Daten in der Cloud

Author

Florian Jotzo and Florian Jotzo

Subjects

Data Protection Law, Datenschutzrecht

Abstract

Welche datenschutzrechtlichen Hürden müssen private Nutzer und Unternehmen überwinden, wenn sie Cloud-Dienste einsetzen? Die Schwerpunkte dieser Arbeit liegen bei der Zuweisung der Verantwortlichkeit, der Auftragsdatenverarbeitung und den Haftungsfragen im internationalen Privatrecht. Beantwortet werden diese Fragen im Kontext der europäischen Vorgaben.

Published

2013

76. Data-driven Value Extraction and Human Well-being under EU Law

Author

Jan Trzaskowski

Subjects

Marketing, Data-driven business law, Economics and Econometrics, Data protection law, Privacy, Management of Technology and Innovation, ComputingMilieux_LEGALASPECTSOFCOMPUTING, Human well-being, Social welfare computing, Data-driven business model, Business and International Management, Computer Science Applications, Consumer protection law

Abstract

In this article, we explore the intersection between data protection law and consumer protection law in their application to data-driven business models that monetise attention and personal data. We approach European Union law from a constitutional perspective, as in addition to economic harms some aspects of predatory business models also pose a risk for human dignity, human well-being, social welfare and democracy. From a three-tiered model of information asymmetry, it is argued that there is a need to rethink consumer protection in order to restore some sense of equity in commercial interactions online. In that vein Social welfare computing can play an important role in combating superficiality and strengthening social cohesion.

Published

2022

77. Regulating online advertising for gambling – once the genie is out of the bottle.

Author

Hörnle, Julia, Schmidt-Kessen, Maria, Littler, Alan, and Padumadasa, Eranjan

Subjects

*INTERNET advertising, *INTERNET gambling, *DATA protection laws, *ONLINE profiling, *SOCIAL media

Abstract

The article focuses on advertising for online gambling products on social media platforms and examines advertising practices from the viewpoint of consumer fairness. It shows how online advertising is fundamentally different from traditional advertising in print media, offline media sites (such as billboards) and broadcasting. The growth of social media usage has created an opportunity for online advertising to exploit ways of advertising which are only beginning to be understood fully and receive regulatory attention, and which, therefore, may exploit current regulatory loopholes. In this article, we identify two major issues in respect of online advertising of online gambling: first the potential for unethical placing of gambling advertising targeted at vulnerable users, and secondly the opaque use of commercial advertising in user-generated content on social media platforms. Having identified these two problems of gambling advertising, we take stock of how the existing regulatory structures deal with gambling advertising online, with a view to making recommendations on how to tackle these problems. We argue that data protection law and gambling regulation have not yet satisfactorily addressed these issues and that a much more radical approach is needed, as set out in the article. [ABSTRACT FROM AUTHOR]

Published

2019

78. Delimiting the concept of personal data after the GDPR.

Author

Wong, Benjamin

Subjects

*PERSONALLY identifiable information, *GENERAL Data Protection Regulation, 2016, *DATA protection, *JUDGE-made law

Abstract

This paper explains how the concept of personal data should be delimited. Certainty on this matter is crucial, as it determines the material scope of the data protection obligations. The primary boundary delimiting the scope of personal data is the requirement that personal data 'relate to' an individual. The courts of the UK and the EU have sought to delineate this boundary, but there are serious difficulties in the present approaches that have emerged thus far. Two possible ways forward are suggested, taking into account the implications of the direct application of the GDPR in the UK. [ABSTRACT FROM AUTHOR]

Published

2019

79. Judecătorul Uniunii Europene într-o Europă a conformării.

Author

LENAERTS, Koen

Subjects

EUROPEAN Union law, LEGAL compliance, DATA protection, DATA protection laws, UNFAIR competition, PERSONALLY identifiable information, RIGHT of privacy

Abstract

Copyright of Revista Română de Drept European is the property of Wolters Kluwer Romania and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2019

80. Juggling more than three balls at once: multilevel jurisdictional challenges in EU Data Protection Regulation.

Author

Hörnle, Julia

Subjects

GENERAL Data Protection Regulation, 2016, CONFLICT of laws, DATA protection laws

Abstract

This article analyses the rules on regulatory competence, jurisdiction and applicable in European Union (EU) data protection law in the light of recent case law of the Court of Justice of the EU and national courts and in the light of the changes that were introduced by the General Data Protection Regulation (GDPR). It finds that, in the regulatory context, the rules on applicable law effectively become rules of regulatory competence (jurisdiction in the narrower sense) and that a crucial distinction should be made between internal conflicts of law (between the Member States) and external conflicts of law (Member States vs third countries). It argues that Member States should trust each other sufficiently to apply the law of the main establishment for internal conflicts but welcomes the wide interpretation of the establishment rules in Google Spain. It argues that this wide interpretation should apply to external conflicts of law only. Finally, the article finds that enforcement cooperation has been improved through the detailed provisions in the GDPR (compared to the Data Protection Directive) but that an opportunity has been missed in not creating a single EU enforcement authority. This is unfortunate since the coordination procedure established in the GDPR is likely to be cumbersome and fraught with political wrangling. [ABSTRACT FROM AUTHOR]

Published

2019

81. Challenging the EU's ‘Right to Be Forgotten’? Society's ‘Right to Know’ in Japan.

Author

Zufall, Frederike

Subjects

DATA protection, DATA protection laws, CONFLICTS of law in data protection, RIGHT to be forgotten

Abstract

This article asks the extent to which the concept of the ‘right to be forgotten’ has been received by Japanese law – or whether, to the contrary, Japan is challenging the EU's concept. In a 2017 judgment, the Japanese Supreme Court rejected a request for injunctive relief to delete search results from the search engine Google. The decisive argument focused on the public interest around the facts concerned: a crime committed by the applicantseveral years earlier. The court did not just award the right to freedom of expression to Google, but centred its decision on society's right to know – thereby putting society's interest before that of the individual. In the light of the pending adoption of the EU-Japan adequacy decision, this divergence from the EU concept raises doubts as to whether 'adequacy' can be achieved between legal systems founded on cultural differences. Can we still afford to base our legal regimes on different social consciousness in the era of a borderless Internet? [ABSTRACT FROM AUTHOR]

Published

2019

82. Algo-Rhythms and the Beat of the Legal Drum.

Author

Pagallo, Ugo

Subjects

*ALGORITHMS, *MACHINE learning, *DATA protection

Abstract

The paper focuses on concerns and legal challenges brought on by the use of algorithms. A particular class of algorithms that augment or replace analysis and decision-making by humans, i.e. data analytics and machine learning, is under scrutiny. Taking into account Balkin's work on "the laws of an algorithmic society", attention is drawn to obligations of transparency, matters of due process, and accountability. This US-centric analysis on drawbacks and loopholes of current legal systems is complemented with the analysis of norms and principles of the EU data protection law, or "GDPR". The aim is twofold. On the one hand, the intent is to shed light on some crucial differences between the US and EU law on the regulation of algorithmic operators, both public and private. Whereas, in the USA, scholars debate whether and to what extent new duties and responsibilities of algorithmic operators, e.g. information fiduciaries, have to amend the current framework of self-regulation and light government—as shown by the White House's Office of Science and Technology Policy report from November 2016—in EU law much of the new duties and responsibilities of algorithmic operators have been passed upon them as data controllers. Whether such approaches will successfully tackle the normative challenges of the algorithmic society is, on the other hand, an open issue that will likely represent the main topic of debate over the next years. Disagreement may concern: (i) the terms framing the legal question in e.g. statistical purposes of the data processing; (ii) how such terms are related to each other in legal reasoning (e.g. a right to explanation as valid law in the EU); and (iii) legal hard cases that will increasingly have to do with the principles that are at stake also but not only in data protection (e.g. informational self-determination). By entrusting such legal hard cases to algorithms, or some sort of smart artificial agent, humans still bear full responsibility for the judgment of what is socially, ethically, and legally "plain" and "hard" in social affairs. The balance between delegation of decisions to algorithms and non-delegation will be the leitmotiv of the algorithmic society. Since the devil is in the detail, the current paper is devoted to some of them. [ABSTRACT FROM AUTHOR]

Published

2018

83. Algorithms that forget: Machine unlearning and the right to erasure.

Author

Juliussen, Bjørn Aslak, Rui, Jon Petter, and Johansen, Dag

Subjects

*RIGHT to be forgotten, *MACHINE learning, *GENERAL Data Protection Regulation, 2016, *ELECTRONIC data processing, *DISCLOSURE laws

Abstract

Article 17 of the General Data Protection Regulation (GDPR) contains a right for the data subject to obtain the erasure of personal data. The right to erasure in the GDPR gives, however, little clear guidance on how controllers processing personal data should erase the personal data to meet the requirements set out in Article 17. Machine Learning (ML) models that have been trained on personal data are downstream derivatives of the personal data used in the training data set of the ML process. A characteristic of ML is the non-deterministic nature of the learning process. The non-deterministic nature of ML poses significant difficulties in determining whether the personal data in the training data set affects the internal weights and adjusted parameters of the ML model. As a result, invoking the right to erasure in ML and to erase personal data from a ML model is a challenging task. This paper explores the complexities of enforcing and complying with the right to erasure in a ML context. It examines how novel developments in machine unlearning methods relate to Article 17 of the GDPR. Specifically, the paper delves into the intricacies of how personal data is processed in ML models and how the right to erasure could be implemented in such models. The paper also provides insights into how newly developed machine unlearning techniques could be applied to make ML models more GDPR compliant. The research aims to provide a functional understanding and contribute to a better comprehension of the applied challenges associated with the right to erasure in ML. [ABSTRACT FROM AUTHOR]

Published

2023

84. Data Protection and Competition Law Enforcement in the Digital Economy: Why a Coherent and Consistent Approach is Necessary

Author

Wiedemann, Klaus

Published

2021

85. Responsible management of IT security vulnerabilities

Author

Wagner, Manuela and Vettermann, Oliver

Subjects

interdisziplinäre Forschung, Verfassungsrecht, IT security research, IT-Sicherheitsrecht, constitutional law, Datenschutzrecht, Urheberrecht, IT security law, copyright law, interdisciplinary research, IT-Sicherheitsforschung, Strafrecht, criminal law, data protection law

Abstract

IT-Sicherheitslücken in Hard- und Software betreffen private, unternehmerische und auch staatliche Systeme. Sobald eine Ausnutzung der Lücken technisch möglich ist, stellen sie eine Bedrohung für die IT-Sicherheit aller Beteiligten dar. Konkret betroffen sind Bürger:innen und Unternehmen als Nutzende, Hersteller von Soft- und Hardware sowie staatliche (kritische) IT-Infrastruktur. Es ist daher im gesamtgesellschaftlichen Interesse, die Zahl der ausnutzbaren Sicherheitslücken so gering wie möglich zu halten. Dieses Whitepaper führt in die rechtlichen und praktischen Probleme der IT-Sicherheitsforschung ein. Zugleich zeigt es vor allem rechtliche Auswege auf, die perspektivisch zu einer rechtssicheren IT-Sicherheitsforschung führen., IT security vulnerabilities in hard- and software affect private, corporate and also governmental systems. As soon as it is technologically possible to exploit the vulnerabilities, they pose a threat to the IT security of all parties involved. Specifically impacted are citizens and companies as users, manufacturers of software and hardware, and government (critical) IT infrastructure. It is therefore in the interest of the whole society to keep the number of exploitable security vulnerabilities as limited as possible. This white paper introduces legal and practical problems of IT security research. Above all, it points out legal solutions that will lead to a legally secure IT security research in the future.

Published

2023

86. Transnational Internet Law

Author

Marsden, Christopher and Zumbansen, Peer, book editor

Published

2021

87. The Law of Global Digitality.

Author

C. Kettemann, Matthias, C. Kettemann, Matthias, Peukert, Alexander, and Spiecker gen. Döhmann, Indra

Subjects

Jurisprudence & general issues, Bots, Central Bank Digital Currency, Commercial Law, Conflict of laws, Consumer Contracts, Cybersquatters, Data Protection Law, Deep Fakes, Digital Platform Disclosure Obligations, Digital commerce, European General Data Protection Regulation, Facebook, GDPR, Global Commerce, Global Digitality, IP rights, Intellectual property enforcement, Money laundering, business law, code is law, criminal law, cross-border digital issues, cyberlaw, digital communication, financial markets, global communication networks, global digital issues, jurisdiction, local legal systems

Abstract

Summary: The Internet is not an unchartered territory. On the Internet, norms matter. They interact, regulate, are contested and legitimated by multiple actors. But are they diverse and unstructured, or are they part of a recognizable order? And if the latter, what does this order look like? This collected volume explores these key questions while providing new perspectives on the role of law in times of digitality. The book compares six different areas of law that have been particularly exposed to global digitality, namely laws regulating consumer contracts, data protection, the media, financial markets, criminal activity and intellectual property law. By comparing how these very different areas of law have evolved with regard to cross-border online situations, the book considers whether cyberlaw is little more than "the law of the horse", or whether the law of global digitality is indeed special and, if so, what its characteristics across various areas of law are. The book brings together legal academics with expertise in how law has both reacted to and shaped cross-border, global Internet communication and their contributions consider whether it is possible to identify a particular mediality of law in the digital age. Examining whether a global law of digitality has truly emerged, this book will appeal to academics, students and practitioners of law examining the future of the law of digitality as it intersects with traditional categories of law.

88. Several Aspects of GDPR in the World of Research - What Can We Expect? With Czech Perspectives.

Author

KOLMAN, JIŘÍ

Abstract

The Czech Academy of Sciences and Czech universities are in the beginning of the implementation of the General Data Protection Regulation (GDPR). How to deal successfully with the GDPR in a specific environment that is often international, funded by many resources (a mixture of various national and international, public and private funds and companies, with their own financial and administrative rules), having their specific tasks, missions and cultures (academic freedoms, scientific excellence, competitive environment)? This article focuses on the GDPR's impact on the life of the research entities, such are research institutes and universities. The GDPR is an EU regulation that should have equal legal effect over the entire European Union; however, in certain specific parts of the GDPR specific implementing legislative measures are expected of the EU member states. Moreover, due to different history of the legislation regulating personal data protection in each EU member state, the article focuses mainly on the area of the Czech Republic. The scope of this article is limited to specific issues of scientific life (e.g. open access, open data, peer review), other general aspects of the GDPR (e.g. handling the employees' personal data, the personal data of research subjects) are not the objects of this text. [ABSTRACT FROM AUTHOR]

Published

2018

89. DÉFENDRE LES VIVANTS OU LES MORTS?

Author

CASTEX, Lucien, HARBINJA, Edina, and ROSSI, Julien

Abstract

Copyright of Réseaux (07517971) is the property of Editions La Decouverte and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2018

90. Recent Developments and Overview of the Country and Practitioners Reports

Author

Cole, Mark David and Cole, Mark David

Published

2022

91. Competition and Data Protection Law in Conflict : Data Protection as a Justification for Anti-Competitive Conduct and a Consideration in Designing Competition Law Remedies

Author

Bornudd, David and Bornudd, David

Abstract

Competition and data protection law are two powerful regimes simultaneously shaping the use of digital information, which has given rise to new interactions between these areas of law. While most views on this intersection emphasize that competition and data protection law must work together, nascent developments indicate that these legal regimes may sometimes conflict. In the first place, firms faced with antitrust allegations are to an increasing extent invoking the need to protect the privacy of their users to justify their impugned conduct. Here, the conduct could either be prohibited by competition law despite of data protection or justified under competition law because of data protection. In the EU, no such justification attempt has reached court-stage, and it remains unclear how an enforcer ought to deal with such a claim. In the second place, competition law can mandate a firm to provide access to commercially valuable personal data to its rivals under a competition law remedy. Where that is the case, the question arising in this connection is whether an enforcer can and should design the remedy in a way that aligns with data protection law. If so, the issue remains of how that ought to be done. The task of the thesis has been to explore these issues, legally, economically, and coherently. The thesis has rendered four main conclusions. First, data protection has a justified role in EU competition law in two ways. On the one hand, enhanced data protection can increase the quality of a service and may thus be factored in the competitive analysis as a dimension of quality. On the other, data protection as a human right must be guaranteed in the application of competition law. Second, these perspectives can be squared with the criteria for justifying competition breaches, in that data protection can be invoked to exculpate a firm from antitrust allegations. Third, in that context, the human rights dimension of data protection may entail that the enforcer must

Published

2022

92. Paying with Data : A Study on EU Consumer Law and the Protection of Personal Data

Author

Kotsios, Andreas and Kotsios, Andreas

Abstract

“If you are not paying for the product you are the product”. In a paraphrasis: if you do not pay for the product with money, you probably pay for it with your personal data. This is a common understanding we have nowadays when it comes to how a number of IT companies work; and this understanding has some very solid grounds since business models based on creating direct revenues by processing personal data – be it sharing the data or insights from the data or creating profiles that are then used to provide targeted advertisements and promotions – are the main reason why most of today’s tech giants have become so profitable. In the EU the processing of personal data has traditionally been regulated under the data protection law regime. However, lately a new approach has gained in popularity where consumer law may also be applied in order to augment the protection of consumers when they provide their data in exchange for a product. A number of scholars, authorities and even some national courts have examined and recommended solutions on how consumer law could be interpreted in order to include the protection of consumers from unfair practices and contractual terms with regard to the processing of personal data by traders. This study, however, takes a step back and ponders whether there are any legal reasons for such a new approach, based on the substantive protection consumer law may provide under its notion of fairness. More specifically, it is examined whether consumer law indeed provides a better or different kind of protection for consumers with regard to their personal data when they “pay” with them in comparison to the protection provided solely under the EU data protection law regime, as well as what new understandings this new approach entails both with regard to consumer law and data protection in general in the EU.

Published

2022

93. The Law of Global Digitality

Author

C. Kettemann, Matthias, Peukert, Alexander, and Spiecker gen. Döhmann, Indra

Subjects

Bots, business law, Central Bank Digital Currency, Commercial Law, Conflict of laws, Consumer Contracts, Cybersquatters, code is law, criminal law, cross-border digital issues, cyberlaw, Data Protection Law, Deep Fakes, Digital commerce, Digital Platform Disclosure Obligations, digital communication, European General Data Protection Regulation, Facebook, financial markets, GDPR, Global Commerce, Global Digitality, global communication networks, global digital issues, Intellectual property enforcement, IP rights, jurisdiction, local legal systems, Money laundering, bic Book Industry Communication::L Law::LA Jurisprudence & general issues

Abstract

The Internet is not an unchartered territory. On the Internet, norms matter. They interact, regulate, are contested and legitimated by multiple actors. But are they diverse and unstructured, or are they part of a recognizable order? And if the latter, what does this order look like? This collected volume explores these key questions while providing new perspectives on the role of law in times of digitality. The book compares six different areas of law that have been particularly exposed to global digitality, namely laws regulating consumer contracts, data protection, the media, financial markets, criminal activity and intellectual property law. By comparing how these very different areas of law have evolved with regard to cross-border online situations, the book considers whether cyberlaw is little more than "the law of the horse", or whether the law of global digitality is indeed special and, if so, what its characteristics across various areas of law are. The book brings together legal academics with expertise in how law has both reacted to and shaped cross-border, global Internet communication and their contributions consider whether it is possible to identify a particular mediality of law in the digital age. Examining whether a global law of digitality has truly emerged, this book will appeal to academics, students and practitioners of law examining the future of the law of digitality as it intersects with traditional categories of law.

Published

2022

94. Der grundrechtliche Schutz der digitalen Identität unter Berücksichtigung von Datenschutz- und IT-Sicherheitsrecht

Author

Vettermann, Oliver

Subjects

Digitale Identität, Datenschutzrecht, Grundrechte, IT-Sicherheitsrecht, Informationelle Selbstbestimmung, Digital Identity, Data Protection Law, Fundamental Rights, IT Security Law, Informational Self-Determination, bic Book Industry Communication::L Law

Abstract

The digital identity is the essential human data interface when interacting on the Internet or with IT systems to enable the multitude of services. No platform can be used without creating a (at least temporary) data construct to the retrieving user, which reflects the identity of the user and enables an assignment of the application data. This thesis examines the construct of digital identity and puts it into the fundamental rights framework. In doing so, data protection and IT security law are also consulted as concrete manifestations of fundamental rights.

Published

2022

95. The ECJ’s Decision in “Planet49” (Case C-673/17): A Cookie Monster or Much Ado About Nothing?

Author

Wiedemann, Klaus

Published

2020

96. Online Price Discrimination and EU Data Privacy Law.

Author

Zuiderveen Borgesius, Frederik and Poort, Joost

Subjects

PRICE discrimination, ONLINE shopping, INTERNET privacy laws, ELECTRONIC commerce, DATA protection laws

Abstract

Online shops could offer each website customer a different price. Such personalized pricing can lead to advanced forms of price discrimination based on individual characteristics of consumers, which may be provided, obtained, or assumed. An online shop can recognize customers, for instance through cookies, and categorize them as price-sensitive or price-insensitive. Subsequently, it can charge (presumed) price-insensitive people higher prices. This paper explores personalized pricing from a legal and an economic perspective. From an economic perspective, there are valid arguments in favour of price discrimination, but its effect on total consumer welfare is ambiguous. Irrespectively, many people regard personalized pricing as unfair or manipulative. The paper analyses how this dislike of personalized pricing may be linked to economic analysis and to other norms or values. Next, the paper examines whether European data protection law applies to personalized pricing. Data protection law applies if personal data are processed, and this paper argues that that is generally the case when prices are personalized. Data protection law requires companies to be transparent about the purpose of personal data processing, which implies that they must inform customers if they personalize prices. Subsequently, consumers have to give consent. If enforced, data protection law could thereby play a significant role in mitigating any adverse effects of personalized pricing. It could help to unearth how prevalent personalized pricing is and how people respond to transparency about it. [ABSTRACT FROM AUTHOR]

Published

2017

97. Personal Data Protection in Nigeria: Reflections on Opportunities, Options and Challenges to Legal Reforms.

Author

Abdulrauf, Lukman and Fombad, Charles

Subjects

*PERSONALLY identifiable information, *DATA protection laws, *LAW reform, *CRIMINAL investigation, *HUMAN rights, *SECURITY systems

Abstract

The right to personal data protection is, without doubt, an important right in the jurisprudence of rights in the contemporary information society. It is becoming as crucial as other orthodox human rights and also attracting significant attention from academics, lawyers, human rights activists and policy makers. In spite of the growing attention data protection receives at international and regional levels, Nigeria is still lagging behind many competitor states like South Africa in establishing an effective legal framework to protect personal data. Individuals' personal data is being collected and used without any serious form of control to check against abuse. This paper reflects on opportunities, option and challenges to legal reforms on data protection in Nigeria. It contends that certain legislative and practical challenges stand in the way of an effective legal regime on personal data protection. The paper suggests appropriate legal reforms that are needed to enable prevent the increasing risks of violating the right to data protection in a country that is making rapid advances in Information and Communication Technology but hamstrung by an outdated regulatory framework. [ABSTRACT FROM AUTHOR]

Published

2017

98. JUDICIAL JURISDICTION OVER INTERNET PRIVACY VIOLATIONS AND THE GDPR: A CASE OF ''PRIVACY TOURISM''?

Author

REVOLIDIS, IOANNIS

Subjects

CONFLICT of laws, INTERNET privacy laws, DATA protection, JURISDICTION (International law), GOVERNMENT policy, RIGHT of privacy

Published

2017

99. Privacy at Work: the Regulation of Camera Surveillance in Hungarian Labour Law.

Author

LUKÁCS, Adrienn

Subjects

DATA protection laws, CLOSED-circuit television, VIDEO surveillance, LABOR laws, EMPLOYEE rights

Abstract

Copyright of Acta Universitatis George Bacovia. Juridica is the property of George Bacovia University, Faculty of Sciences Economics, Juridical & Administrative and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2017

100. You Are What You Pay – Personal Profiling with Alternative Payment Data and the Data Protection Law

Author

Ulrich Krüger and Pauline Affeldt

Subjects

G28, credit scoring, 050208 finance, business.industry, media_common.quotation_subject, 05 social sciences, Internet privacy, Payment, personal profiling, 0502 economics and business, ddc:330, G20, Data Protection Act 1998, Profiling (information science), alternative payment data, Business, G23, GDPR, 050207 economics, data protection law, media_common

Abstract

Summary: The global trend toward cashless payment started well before the corona pandemic. Along with it, investors in the data-driven tech industry are inspired by the promise of targeted behavioral scoring based on big data. It seems economically tempting to combine these two trends by using all data generated by the payment services to create personal profiles. However, this business model conflicts with the individual’s right of informational self-determination and raises questions regarding inaccuracies, discrimination, and the non-transparency of the algorithms underlying these profiles. Our article provides a short overview over the recent economic developments in the financial service industry and a legal assessment in light of the GDPR. Not everything that is feasible with big data scoring using alternative payment data is legally allowed in Europe. Nevertheless, traditional banks could have the opportunity to improve their internal credit scoring systems and use individual customer profiles to further market their financial services. Zusammenfassung: Nicht erst seit der Corona Pandemie gibt es weltweit den Trend zum bargeldlosen Zahlungsverkehr. Zudem beflügelt die Vorstellung eines zielgenauen Behavioral (Big Data) Scoring die Fantasien von Investoren in der Datentechnologiebranche. Es scheint ökonomisch verführerisch, beide Trends zusammenführen, wenn man alle Daten aus dem Zahlungsverkehr für ein persönliches Profil auswerten würde. Dieses Geschäftsmodell liegt jedoch mit dem Recht des Einzelnen auf informationelle Selbstbestimmung im Konflikt und wirft Fragen auf im Hinblick auf Ungenauigkeit, Diskriminierung und Intransparenz. Unser Artikel gibt einen Überblick über die ökonomische Entwicklung des Sektors und eine rechtliche Bewertung insbesondere aus Sicht der europäischen Datenschutz-Grundverordnung. Nicht alles was im Big Data Scoring mit alternativen Zahlungsdaten möglich sein könnte, ist in Europa auch rechtlich zulässig. Vor allem für die „klassischen“ Banken könnte sich gleichwohl eine Möglichkeit eröffnen ihre internen Credit Scoring Systeme zu verbessern und mit angepasst-individuellen Kundenprofilen weitere ihrer Finanzdienstleistungen zu vertreiben.

Published

2020