Publications
Chosen filters:
Chosen filters:
Protecting EU Data Outside EU Borders under the GDPR Vrije Universiteit Brussel
The EU General Data Protection Regulation (GDPR) aims to protect personal data outside EU borders by its rules on territorial scope and its restrictions on international data transfers. Despite its importance in EU fundamental rights law, the purpose and interaction of the GDPR’s protections of cross-border data processing have long been shrouded in confusion. Initiatives of EU bodies to interpret the GDPR’s safeguards illustrate the need for EU ...
Codes of (mis)conduct? An appraisal of articles 40-41 GDPR in view of the 1995 data protection directive and Its shortcomings Ghent University
The GDPR and International Organizations Vrije Universiteit Brussel
The entry into application of the EU General Data Protection Regulation (GDPR) on May 25, 2018 has raised questions about its impact on data processing by intergovernmental organizations that operate under public international law (referred to here as international organizations or IOs). EU data protection law can have impact beyond EU borders, and the global reach of EU law is a well-recognized phenomenon. 1 The GDPR contains numerous ...
Humans in the GDPR and AIA governance of automated and algorithmic systems. Essential pre-requisites against abdicating responsibilities Vrije Universiteit Brussel
The GDPR mandates humans to intervene in different ways in automated decision-making (ADM). Similar human intervention mechanisms can be found amongst the human oversight requirements in the future regulation of AI in the EU. However, Article 22 GDPR has become an unenforceable second-class right, following the fate of its direct precedent -Article 15 of the 1995 Data Protection Directive. Then, why should European policymakers rely on ...
Comparing LED and GDPR adequacy Vrije Universiteit Brussel
The 2015 Schrems decision established that for an adequacy decision authorizing personal data transfers from the European Union (EU) to a third country, that third country has to have a level of protection of fundamental rights and freedoms ‘essentially equivalent’ to that in the EU. Since May 2018, the European Commission (Commission) has the exclusive competence not only to assess third countries for an adequacy decision in relation to the ...
What is Equivalent? A Probe into GDPR Adequacy based on EU Fundamental Rights Vrije Universiteit Brussel
In July 2018, the European Parliament questioned the validity of the Privacy Shield, regulating the transfer of personal data to the United States (US). This event shows a persistent lack of clarity regarding the conditions a third country needs to fulfil to be considered adequate from the perspective of the General Data Protection Regulation (GDPR). This paper tries to clarify these conditions by analysing the standard of equiva-lence that was ...
The Path to Recognition of Data Protection in India: The Role of the GDPR and International Standards Vrije Universiteit Brussel
By providing rules of the road for data process- ing, data protection legislation has become a key enabler of the information society. The European Union’s General Data Protection Regulation (GDPR) has been highly influential around the world, and the recent Schrems II judgment of the Court of Justice of the EU, which strengthened restrictions on international data transfers under EU law, has important implications for India as it prepares to ...
Digital identity and protection of personal data: intersections and risks in the eIDAS and GDPR regulations Vrije Universiteit Brussel
The proposed amendment to the Regulation on electronic identification and trust services for electronic transactions in the internal market (eIDAS) has reinvigorated the European debate on the issue of digital identity. The various problems that have emerged from this debate require better coordination with pre-existing legislative instruments. This contribution aims to analyze the main points of friction between the regulatory framework related ...
Revisiting Identification Issues in GDPR ‘Right Of Access’ Policies: A Technical and Longitudinal Analysis Hasselt University
Several data protection regulations permit individuals to request all personal information that an organization holds about them by utilizing Subject Access Requests (SARs). Prior work has observed the identification process of such requests, demonstrating weak policies that are vulnerable to potential data breaches. In this paper, we analyze and compare prior work in terms of methodologies, requested identification credentials and threat models ...