Publicaties
Protecting EU Data Outside EU Borders under the GDPR Vrije Universiteit Brussel
The EU General Data Protection Regulation (GDPR) aims to protect personal data outside EU borders by its rules on territorial scope and its restrictions on international data transfers. Despite its importance in EU fundamental rights law, the purpose and interaction of the GDPR’s protections of cross-border data processing have long been shrouded in confusion. Initiatives of EU bodies to interpret the GDPR’s safeguards illustrate the need for EU ...
Codes of (mis)conduct? An appraisal of articles 40-41 GDPR in view of the 1995 data protection directive and Its shortcomings Universiteit Gent
The EU increasingly integrates alternative regulatory instruments (ARIs) in legislation, encouraging private stakeholder participation in the implementation and enforcement processes of those hard law instruments. Articles 40 and 41 GDPR are an example thereof, stipulating that bodies representing categories of controllers or processors should develop codes of conduct to specify the concrete application of the GDPRU+2019s principles, rights and ...
How GDPR Enhances Transparency and Fosters Pseudonymisation in Academic Medical Research KU Leuven
The European General Data Protection Regulation (GDPR) has dotted the i's and crossed the t's in the context of academic medical research. One year into GDPR, it is clear that a change of mind and the uptake of new procedures is required. Research organisations have been looking at the possibility to establish a code-of-conduct, good practices and/or guidelines for researchers that translate GDPR's abstract principles to concrete measures ...
Multi-layered Explanations from Algorithmic Impact Assessments in the GDPR Vrije Universiteit Brussel
Impact assessments have received particular attention on both sides of the Atlantic as a tool for implementing algorithmic accountability. The aim of this paper is to address how Data Protection Impact Assessments (DPIAs) (Art. 35) in the European Union (EU)'s General Data Protection Regulation (GDPR) link the GDPR's two approaches to algorithmic accountability-individual rights and systemic governance-and potentially lead to more accountable ...
The GDPR and International Organizations Vrije Universiteit Brussel
The entry into application of the EU General Data Protection Regulation (GDPR) on May 25, 2018 has raised questions about its impact on data processing by intergovernmental organizations that operate under public international law (referred to here as international organizations or IOs). EU data protection law can have impact beyond EU borders, and the global reach of EU law is a well-recognized phenomenon. 1 The GDPR contains ...
Comparing LED and GDPR adequacy Vrije Universiteit Brussel
The 2015 Schrems decision established that for an adequacy decision authorizing personal data transfers from the European Union (EU) to a third country, that third country has to have a level of protection of fundamental rights and freedoms ‘essentially equivalent’ to that in the EU. Since May 2018, the European Commission (Commission) has the exclusive competence not only to assess third countries for an adequacy decision in relation to the ...
The impact of the GDPR on the governance of biobank research Universiteit Gent
Governance of health and genomic data access in the context of biobanking is of salient importance in implementing the EU General Data Protection Regulation (GDPR). Various components of data access governance could be considered as U+2018organizational measuresU+2019 which are stressed in the Article 89(1) GDPR together with technical measures that should be used in order to safeguard rights of the data subjects when processing data under ...
The Brussels effect : how the GDPR conquered Silicon Valley Universiteit Gent
In 2018, the Californian government adopted a new data protection framework. The flagship of this framework is the California Consumer Privacy Act (CCPA). As this new framework is widely considered to resemble the European UnionU+2019s (EUU+2019s) General Data Protection Regulation (GDPR), this article intends to investigate whether the Brussels Effect could explain this resemblance. We apply process-tracing to test if the Brussels Effect ...
The future of privacy certification in Europe: an exploration of options under article 42 of the GDPR Vrije Universiteit Brussel
The EU faces substantive legislative reform in data protection, specifically in the form of the General Data Protection Regulation (GDPR). One of the new elements in the GDPR is its call to establish data protection certification mechanisms, data protection seals and marks to help enhance transparency and compliance with the Regulation and allow data subjects to quickly assess the level of data protection of relevant products and services. To ...