Old Wine With a New Label : Rights of Data Subjects under GDPR

Article Sidebar

PDF
Published: Aug 28, 2017
DOI: https://doi.org/10.26483/ijarcs.v8i7.4190
Keywords:
Rights of Data, Data Protection Regulation, Accessing of Personal data, Internet of Things, Control of Users over Their Personal Data, Data Protection Framework, General Data Protection Regulation

Main Article Content

Sandeep Mittal
Indian Police Service, Former Director, Ministry of Home Affairs (Govt. of India) New Delhi
http://orcid.org/0000-0001-7156-7045

Abstract

Recent reforms in data privacy protection framework in European Union have lead to enactment of General Data Protection Regulation (GDPR). However, it remains debatable if GDPR would lead to significant improvement in the protection of privacy rights of individuals, which is always considered the fundamental right. The advent of technology and movement of data across geographical barriers and outsourcing of data processing jobs to countries outside the EU necessitated enactments of GDPR. An analysis is done to demonstrate that though some of the provision of GDPR remain generically remain similar to the Data Protection Directive, GDPR has incorporated some new provisions by choosing the ‘regulation’ as an instrument of law for better harmonisation, expensing the ‘right to be forgotten, legitimisation the role of consent, providing data protection by design and default, increasing accountability of data controllers and expanding the scope of provision of the directive to extra territorial jurisdiction would be remain to be seen whether GDPR is an old wine with the new label or something else in a wine bottle.

Downloads

Download data is not yet available.

Article Details

Issue
Vol. 8 No. 7 (2017): July-August 2017
Section
Articles

COPYRIGHT

Submission of a manuscript implies: that the work described has not been published before, that it is not under consideration for publication elsewhere; that if and when the manuscript is accepted for publication, the authors agree to automatic transfer of the copyright to the publisher.

Authors who publish with this journal agree to the following terms:

  • Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgment of the work's authorship and initial publication in this journal.
  • Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgment of its initial publication in this journal.
  • Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work
  • The journal allows the author(s) to retain publishing rights without restrictions.
  • The journal allows the author(s) to hold the copyright without restrictions.
Author Biography

Sandeep Mittal, Indian Police Service, Former Director, Ministry of Home Affairs (Govt. of India) New Delhi

Indian Police Service Cyber Security & Privacy Researcher Former Director, LNJN NICFS (MHA) New Delhi, India sandeep.mittal@nic.in

References

M. M. Group. (2015, 24.11.2015). World Internet Users Statistics and 2015 World Population Stats. Available: http://www.internetworldstats.com/stats.htm

S. R. Salbu, "European Union Data Privacy Directive and International Relations, The," Vand. J. Transnat'l L., vol. 35, p. 655, 2002.

J. Kang, "Information privacy in cyberspace transactions," Stanford Law Review, pp. 1193-1294, 1998.

Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data Official Journal L 281 , 23/11/1995 P. 0031 – 0050 (Accessed at: http://www.refworld.org/docid/3ddcc1c74.html on 14 November 2016), 1995.

ibid.

M. Burri and R. Schär, "The Reform of the EU Data Protection Framework," Journal of Information, vol. 6, 2016.

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (Text with EEA relevance) OJ L 119, 4.5.2016, p. 1–88 2016.

D. R. Nijhawan, "Emperor Has No Clothes: A Critique of Applying the European Union Approach to Privacy Regulation in the United States, The," Vand. L. Rev., vol. 56, p. 939, 2003.

J. R. Reidenberg, "E-commerce and trans-atlantic privacy," Hous. L. Rev., vol. 38, p. 717, 2001.

D. Zwick and N. Dholakia, "Contrasting European and American approaches to privacy in electronic markets: property right versus civil right," Electronic Markets, vol. 11, pp. 116-120, 2001.

M. Boban, "DIGITAL SINGLE MARKET AND EU DATA PROTECTION REFORM WITH REGARD TO THE PROCESSING OF PERSONAL DATA AS THE CHALLENGE OF THE MODERN WORLD," in Economic and Social Development (Book of Proceedings), 16th International Scientific Conference on Economic and Social, 2016, p. 191.

G. Shaffer, "Globalization and social protection: the impact of EU and international rules in the ratcheting up of US data privacy standards," Yale Journal of International Law, vol. 25, pp. 1-88, 2000.

S. Singleton, "Balancing a Right to be Forgotten with a Right to Freedom of Expression in the Wake of Google Spain v. AEPD," Ga. J. Int'l & Comp. L., vol. 44, pp. 165-195, 2015.

A. Bunn, "The curious case of the right to be forgotten," Computer Law & Security Review, vol. 31, pp. 336-350, 6// 2015.

C. Rees and D. Heywood, "The ?right to be forgotten? or the ?principle that has been remembered?," ibid.vol. 30, pp. 574-578, 10// 2014.

"Maximillian Schrems v Data Protection Commissioner, C-362/14, Court of Justice of the European Union," ed: Court of Justice of the European Union 2015.

M. A. Weiss and K. Archick, "US-EU Data Privacy: From Safe Harbor to Privacy Shield," Congressional Research Service, 2016.

M. Burri and R. Schär, "The Reform of the EU Data Protection Framework," Journal of Information, vol. 6, 2016.

P. de Hert and V. Papakonstantinou, "The new General Data Protection Regulation: Still a sound system for the protection of individuals?," Computer Law & Security Review, vol. 32, pp. 179-194, 2016.

V. Reding, "The European data protection framework for the twenty-first century," International Data Privacy Law, p. ips015, 2012.

Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data Official Journal L 281 , 23/11/1995 P. 0031 – 0050 (Accessed at: http://www.refworld.org/docid/3ddcc1c74.html on 14 November 2016), 1995.

Article 29 Working Party Opinion 4/2007

Regulation (EU) 2016/679, 2016. Recital 23

ibid. Article 43 (b)

ibid. Article 23

ibid. Article 23a

ibid. Article 9

ibid. Article 23

ibid. Article 17 (1)

ibid. Article 17 (3) Recital 65

ibid. Article 17 (2) Recital 66 & 67

A. Mantelero, "The EU Proposal for a General Data Protection Regulation and the roots of the ?right to be forgotten?," Computer Law & Security Review, vol. 29, pp. 229-235, 6// 2013.

Regulation (EU) 2016/679, 2016. Article 12

ibid. Article 13, 14, 15, 19

ibid. Article 20

ibid. Article 21, 22

ibid. Article 22 (2)

ibid. Article 21

M. Burri and R. Schär, "The Reform of the EU Data Protection Framework," Journal of Information, vol. 6, 2016.

Regulation (EU) 2016/679, 2016.

A. Cormack, "Is the Subject Access Right Now Too Great a Threat to Privacy," Eur. Data Prot. L. Rev., vol. 2, p. 15, 2016.

ibid.

Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data Official Journal L 281 , 23/11/1995 P. 0031 – 0050 (Accessed at: http://www.refworld.org/docid/3ddcc1c74.html on 14 November 2016), 1995.Article 2H

ibid. Article 7 (a)

Regulation (EU) 2016/679, 2016. Article 7 (1)

ibid. Article 4 (4)

ibid. Article 8 (1)

ibid. Article 8 (2)

E. Carolan, "The continuing problems with online consent under the EU's emerging data protection principles," Computer Law & Security Review, vol. 32, pp. 462-473, 2016.

Regulation (EU) 2016/679, 2016. Article 7(3)

S. Wachter, B. Mittelstadt, and L. Floridi, "Why a right to explanation of automated decision-making does not exist in the General Data Protection Regulation," 2016.

ibid.

Regulation (EU) 2016/679, 2016. Article 20 (3) read with Recital 71

ibid. Article 13, 14 read with Recital 60, 61, 62

ibid. Article 15 read with Recital 63

S. Wachter, B. Mittelstadt, and L. Floridi, "Why a right to explanation of automated decision-making does not exist in the General Data Protection Regulation," 2016.

Regulation (EU) 2016/679, 2016. Article 25(1)

ibid. Article 25(2)

E. Hanson, "The History of Digital Desire, vol. 1: An introduction," South Atlantic Quarterly, vol. 110, pp. 583-599, 2011.

Regulation (EU) 2016/679, 2016. Article 33

ibid. Article 35

ibid. Article 35(7)

ibid. Article 58

ibid. Article 83, 85, 86

ibid. Article 3(2)

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (Text with EEA relevance) OJ L 119, 4.5.2016, p. 1–88 2016. Recital 23