Publicaties
Protecting EU Data Outside EU Borders under the GDPR Vrije Universiteit Brussel
The EU General Data Protection Regulation (GDPR) aims to protect personal data outside EU borders by its rules on territorial scope and its restrictions on international data transfers. Despite its importance in EU fundamental rights law, the purpose and interaction of the GDPR’s protections of cross-border data processing have long been shrouded in confusion. Initiatives of EU bodies to interpret the GDPR’s safeguards illustrate the need for EU ...
How GDPR Enhances Transparency and Fosters Pseudonymisation in Academic Medical Research KU Leuven
The European General Data Protection Regulation (GDPR) has dotted the i's and crossed the t's in the context of academic medical research. One year into GDPR, it is clear that a change of mind and the uptake of new procedures is required. Research organisations have been looking at the possibility to establish a code-of-conduct, good practices and/or guidelines for researchers that translate GDPR's abstract principles to concrete measures ...
Multi-layered Explanations from Algorithmic Impact Assessments in the GDPR Vrije Universiteit Brussel
Impact assessments have received particular attention on both sides of the Atlantic as a tool for implementing algorithmic accountability. The aim of this paper is to address how Data Protection Impact Assessments (DPIAs) (Art. 35) in the European Union (EU)'s General Data Protection Regulation (GDPR) link the GDPR's two approaches to algorithmic accountability-individual rights and systemic governance-and potentially lead to more accountable ...
The GDPR and International Organizations Vrije Universiteit Brussel
The entry into application of the EU General Data Protection Regulation (GDPR) on May 25, 2018 has raised questions about its impact on data processing by intergovernmental organizations that operate under public international law (referred to here as international organizations or IOs). EU data protection law can have impact beyond EU borders, and the global reach of EU law is a well-recognized phenomenon. 1 The GDPR contains ...
Comparing LED and GDPR adequacy Vrije Universiteit Brussel
The 2015 Schrems decision established that for an adequacy decision authorizing personal data transfers from the European Union (EU) to a third country, that third country has to have a level of protection of fundamental rights and freedoms ‘essentially equivalent’ to that in the EU. Since May 2018, the European Commission (Commission) has the exclusive competence not only to assess third countries for an adequacy decision in relation to the ...
The future of privacy certification in Europe: an exploration of options under article 42 of the GDPR Vrije Universiteit Brussel
The EU faces substantive legislative reform in data protection, specifically in the form of the General Data Protection Regulation (GDPR). One of the new elements in the GDPR is its call to establish data protection certification mechanisms, data protection seals and marks to help enhance transparency and compliance with the Regulation and allow data subjects to quickly assess the level of data protection of relevant products and services. To ...
The Path to Recognition of Data Protection in India: The Role of the GDPR and International Standards Vrije Universiteit Brussel
By providing rules of the road for data process- ing, data protection legislation has become a key enabler of the information society. The European Union’s General Data Protection Regulation (GDPR) has been highly influential around the world, and the recent Schrems II judgment of the Court of Justice of the EU, which strengthened restrictions on international data transfers under EU law, has important implications for India as it prepares to ...
THE GDPR MADE SIMPLE(R) FOR SMEs Vrije Universiteit Brussel
This user-friendly Handbook offers guidance and practical suggestions for small and medium-sized enterprises (SMEs) that could facilitate compliance with the General Data Protection Regulation (GDPR).
Being primarily addressed to enterprises for which personal data processing is an auxiliary activity, the Handbook explains how to navigate the barrage of resources available on GDPR. In doing so it provides an overview of the main actors in ...
Being primarily addressed to enterprises for which personal data processing is an auxiliary activity, the Handbook explains how to navigate the barrage of resources available on GDPR. In doing so it provides an overview of the main actors in ...
Understanding the legal provisions that allow processing and profiling of personal data—an analysis of GDPR provisions and principles Vrije Universiteit Brussel
This contribution looks at the legal grounds for data processing (‘when is one allowed to collect and use data on others?’) according to the General Data Protection Regulation (GDPR). It then addresses the specific regime for profiling both by solely automated and non-automated means. What is the most suitable lawful basis for this specific, sometimes controversial kind of processing?
The vagueness and subjectivity of various relevant GDPR ...
The vagueness and subjectivity of various relevant GDPR ...