Handbook on European data protection law (GDPR)

This document was uploaded by one of our users. The uploader already confirmed that they had the permission to publish it. If you are author/publisher or own the copyright of this documents, please report to us by using this DMCA report form.

Simply click on the Download Book button.

Yes, Book downloads on Ebookily are 100% Free.

Sometimes the book is free on Amazon As well, so go ahead and hit "Search on Amazon"

The rapid development of information technology has exacerbated the need for robust personal data protection, the right to which is safeguarded by both European Union (EU) and Council of Europe (CoE) instruments. Safeguarding this important right entails new and signifi cant challenges as technological advances expand the frontiers of areas such as surveillance, communication interception and data storage. This handbook is designed to familiarise legal practitioners not specialised in data protection with this emerging area of the law. It provides an overview of the EU’s and the CoE’s applicable legal frameworks. It also explains key case law, summarising major rulings of both the Court of Justice of the European Union and the European Court of Human Rights. In addition, it presents hypothetical scenarios that serve as practical illustrations of the diverse issues encountered in this ever-evolving field.

Author(s): European Union Agency for Fundamental Rights, Council of Europe
Publisher: European Union Agency for Fundamental Rights, Council of Europe
Year: 2018

Language: English
Pages: 402
City: Luxembourg
Tags: GDPR

Foreword
Abbreviations and acronyms
How to use this handbook
1. Context and background of European data protection law
1.1. The right to personal data protection
Key points
1.1.1. The right to respect for private life and the right to personal data protection: a brief introduction
1.1.2. International legal framework: United Nations
1.1.3. The European Convention on Human Rights
1.1.4. Council of Europe Convention 108
1.1.5. European Union data protection law
1.2. Limitations on the right to personal data protection
Key points
1.2.1. Requirements for justified interference under the ECHR
1.2.2. Conditions for lawful limitations under the EU Charter of Fundamental Rights
1.3. Interaction with other rights and legitimate interests
Key points
1.3.1. Freedom of expression
1.3.2. Professional secrecy
1.3.3. Freedom of religion and belief
1.3.4. Freedom of the arts and sciences
1.3.5. Protection of intellectual property
1.3.6. Data protection and economic interests
2. Data protection terminology
2.1. Personal data
Key points
2.1.1. Main aspects of the concept of personal data
2.1.2. Special categories of personal data
2.2. Data processing
Key points
2.2.1. The concept of data processing
2.2.2. Automated data processing
2.2.3. Non-automated data processing
2.3. Users of personal data
Key points
2.3.1. Controllers and processors
2.3.2. Recipients and third parties
2.4. Consent
Key points
3. Key principles of European data protection law
3.1. The lawfulness, fairness and transparency of processing principles
Key points
3.1.1. Lawfulness of processing
3.1.2. Fairness of processing
3.1.3. Transparency of processing
3.2. The principle of purpose limitation
Key points
3.3. The data minimisation principle
Key points
3.4. The data accuracy principle
Key points
3.5. The storage limitation principle
Key points
3.6. The data security principle
Key points
3.7. The accountability principle
Key points
4. Rules of European data protection law
4.1. Rules on lawful processing
Key points
4.1.1. Lawful grounds for processing data
4.1.2. Processing special categories of data (sensitive data)
4.2. Rules on security of processing
Key points
4.2.1. Elements of data security
4.2.2. Confidentiality
4.2.3. Personal data breach notifications
4.3. Rules on accountability and promoting compliance
Key points
4.3.1. Data Protection Officers
4.3.2. Records of processing activities
4.3.3. Data protection impact assessment and prior consultation
4.3.4. Codes of conduct
4.3.5. Certification
4.4. Data protection by design and by default
5. Independent supervision
Key points
5.1. Independence
5.2. Competence and powers
5.3. Cooperation
5.4. The European Data Protection Board
5.5. The GDPR Consistency Mechanism
6. Data subjects’ rights and their enforcement
6.1. The rights of data subjects
Key points
6.1.1. Right to be informed
6.1.2. Right to rectification
6.1.3. Right to erasure (‘the right to be forgotten’)
6.1.4. Right to restriction of processing
6.1.5. Right to data portability
6.1.6. Right to object
6.1.7. Automated individual decision-making, including profiling
6.2. Remedies, liability, penalties and compensation
Key points
6.2.1. Right to lodge a complaint with a supervisory authority
6.2.2. Right to an effective judicial remedy
6.2.3. Liability and the right to compensation
6.2.4. Sanctions
7. International data transfers and flows of personal data
7.1. Nature of personal data transfers
Key points
7.2. Free movement/flow of personal data between Member States or Contracting Parties
Key points
7.3. Personal data transfers to third countries/non-parties or to international organisations
Key points
7.3.1. Transfers on the basis of an adequacy decision
7.3.2. Transfers subject to appropriate safeguards
7.3.3. Derogations for specific situations
7.3.4. Transfers based on international agreements
8. Data protection in the context of police and criminal justice
8.1. CoE law on data protection and national security, police and criminal justice matters
Key points
8.1.1. The police recommendation
8.1.2. The Budapest Convention on Cybercrime
8.2. EU law on data protection in police and criminal justice matters
Key points
8.2.1. The Data Protection Directive for Police and Criminal Justice Authorities
8.3. Other specific legal instruments on data protection in law enforcement matters
8.3.1. Data protection in EU judicial and law enforcement agencies
8.3.2. Data protection in EU-level joint information systems
9. Specific types of data and their relevant data protection rules
9.1. Electronic communications
Key points
9.2. Employment data
Key points
9.3. Health data
Key point
9.4. Data processing for research and statistical purposes
Key points
9.5. Financial data
Key points
10. Modern challenges in personal data protection
10.1. Big data, algorithms and artificial intelligence
Key points
10.1.1. Defining big data, algorithms and artificial intelligence
10.1.2. Balancing the benefits and risks of big data
10.1.3. Data protection-related issues
10.2. The webs 2.0 and 3.0: social networks and Internet of Things
Key points
10.2.1. Defining webs 2.0 and 3.0
10.2.2. Balancing benefits and risks
10.2.3. Data protection-related issues
Further reading
Case law
Selected case law of the European Court of Human Rights
Selected case law of the Court of Justice of the European Union
Index