Data Privacy and GDPR Handbook
Data Privacy and GDPR Handbook
Click to enlarge
Author(s): Sharma, Sanjay
ISBN No.: 9781119594246
Pages: 496
Year: 201911
Format: Trade Cloth (Hard Cover)
Price: $ 110.40
Dispatch delay: Dispatched between 7 to 15 days
Status: Available

1 Origins and Concepts of Data Privacy 1 1.1 Questions and Challenges of Data Privacy 2 1.1.1 But Cupid Turned Out to Be Not OK 3 1.2 The Conundrum of Voluntary Information 3 1.3 What is Data Privacy? 5 1.3.1 Physical Privacy 5 1.


3.2 Social Privacy Norms 5 1.3.3 Privacy in a Technology-Driven Society 5 1.4 Doctrine of Information Privacy 6 1.4.1 Information Sharing Empowers the Recipient 6 1.4.


2 Monetary Value of Individual Privacy 7 1.4.3 "Digital Public Spaces" 7 1.4.4 A Model Data Economy 8 1.5 Notice-and-Choice versus Privacy-as-Trust 9 1.6 Notice-and-Choice in the US 9 1.7 Enforcement of Notice-and-Choice Privacy Laws 11 1.


7.1 Broken Trust and FTC Enforcement 11 1.7.2 The Notice-and-Choice Model Falls Short 12 1.8 Privacy-as-Trust: An Alternative Model 13 1.9 Applying Privacy-as-Trust in Practice: The US Federal Trade Commission 14 1.9.1 Facebook as an Example 15 1.


10 Additional Challenges in the Era of Big Data and Social Robots 16 1.10.1 What is a Social Robot? 16 1.10.2 Trust and Privacy 17 1.10.3 Legal Framework for Governing Social Robots 17 1.11 The General Data Protection Regulation (GDPR) 18 1.


12 Chapter Overview 19 Notes 21 2 A Brief History of Data Privacy 23 2.1 Privacy as One''s Castle 23 2.1.1 Individuals'' "Castles" Were Not Enough 24 2.2 Extending Beyond the "Castle" 24 2.3 Formation of Privacy Tort Laws 24 2.3.1 A Privacy Tort Framework 25 2.


4 The Roots of Privacy in Europe and the Commonwealth 25 2.5 Privacy Encroachment in the Digital Age 26 2.5.1 Early Digital Privacy Laws Were Organic 27 2.5.2 Growth in Commercial Value of Individual Data 27 2.6 The Gramm-Leach-Bliley Act Tilted the Dynamic against Privacy 28 2.7 Emergence of Economic Value of Individual Data for Digital Businesses 29 2.


7.1 The Shock of the 9/11 Attacks Affected Privacy Protection Initiatives 29 2.7.2 Surveillance and Data Collection Was Rapidly Commercialized 30 2.7.3 Easing of Privacy Standards by the NSA Set the Tone at the Top 30 2.8 Legislative Initiatives to Protect Individuals'' Data Privacy 31 2.9 The EU Path 33 2.


9.1 The Internet Rights Revolution 34 2.9.2 Social Revolutions 34 2.10 End of the Wild West? 37 2.11 Data as an Extension of Personal Privacy 37 2.12 Cambridge Analytica: A Step Too Far 39 2.13 The Context of Privacy in Law Enforcement 39 Summary 41 Notes 41 3 GDPR''s Scope of Application 45 3.


1 When Does GDPR Apply? 45 3.1.1 "Processing" of Data 46 3.1.2 "Personal Data" 47 3.1.3 Exempted Activities under GDPR 51 3.2 The Key Players under GDPR 52 3.


3 Territorial Scope of GDPR 54 3.3.1 Physical Presence in the EU 54 3.3.2 Processing Done in the Context of the Activities 55 3.3.3 Users Based in the EU 56 3.3.


4 "Time of Stay" Standard 57 3.4 Operation of Public International Law 57 Notes 57 4 Technical and Organizational Requirements under GDPR 61 4.1 Accountability 61 4.2 The Data Controller 62 4.2.1 Responsibilities of the Controller 63 4.2.2 Joint Controllers and Allocating Liability 65 4.


2.3 The Duty to Cooperate with the SA 68 4.3 Technical and Organizational Measures 69 4.3.1 Maintain a Data-Protection Level 69 4.3.2 Minimum Requirements for Holding a Data Protection Level 69 4.3.


3 Weighing the Risks 70 4.3.4 The Network and Information Systems Directive 71 4.4 Duty to Maintain Records of Processing Activities 72 4.4.1 Content of Controller''s Records 72 4.4.2 Content of Processor''s Records 73 4.


4.3 Exceptions to the Duty 73 4.5 Data Protection Impact Assessments 73 4.5.1 Types of Processing That Require DPIA 74 4.5.2 Scope of Assessment 75 4.5.


3 Business Plan Oversight 78 4.6 The Data Protection Officer 80 4.6.1 Designation of DPO 80 4.6.2 Qualifications and Hiring a DPO 81 4.6.3 Position of the DPO 81 4.


6.4 Tasks of the DPO 82 4.6.5 An Inherent Conflict of Interest? 83 4.6.6 DPO Liability 84 4.7 Data Protection by Design and Default 84 4.7.


1 Data Protection at the Outset 84 4.7.2 Balancing the Amount of Protection 85 4.7.3 Applying Data Protection by Design 86 4.7.4 Special Case: Blockchain Technology and GDPR 91 4.8 Data Security during Processing 92 4.


8.1 Data Security Measures 93 4.8.2 Determining the Risk Posed 94 4.8.3 Data Protection Management Systems: A "Technical and Organizational Measure" 94 4.9 Personal Data Breaches 94 4.9.


1 Overview of Data Breaches 95 4.9.2 The Controller''s Duty to Notify 103 4.9.3 Controller''s Duty to Communicate the Breach to Data Subjects 106 4.10 Codes of Conduct and Certifications 107 4.10.1 Purpose and Relationship under GDPR 107 4.


10.2 Codes of Conduct 108 4.10.3 Certification 110 4.11 The Data Processor 112 4.11.1 Relationship between Processor and Controller 112 4.11.


2 Responsibilities of Controller in Selecting a Processor 113 4.11.3 Duties of the Processor 114 4.11.4 Subprocessors 116 Notes 116 5 Material Requisites for Processing under GDPR 125 5.1 The Central Principles of Processing 125 5.1.1 Lawful, Fair, and Transparent Processing of Data 126 5.


1.2 Processing Limited to a "Purpose" 127 5.1.3 Data Minimization and Accuracy 130 5.1.4 Storage of Data 131 5.1.5 Integrity and Confidentiality of the Operation 131 5.


2 Legal Grounds for Data Processing 132 5.2.1 Processing Based on Consent 132 5.2.2 Processing Based on Legal Sanction 144 5.2.3 Changing the Processing "Purpose" 148 5.2.


4 Special Categories of Data 149 5.3 International Data Transfers 161 5.3.1 Adequacy Decisions and "Safe" Countries 162 5.3.2 Explicit Consent 166 5.3.3 Standard Contractual Clauses 166 5.


3.4 The EU-US Privacy Shield 169 5.3.5 Binding Corporate Rules 172 5.3.6 Transfers Made with or without Authorization 175 5.3.7 Derogations 177 5.


3.8 Controllers Outside of the EU 180 5.4 Intragroup Processing Privileges 182 5.5 Cooperation Obligation on EU Bodies 183 5.6 Foreign Law in Conflict with GDPR 184 Notes 185 6 Data Subjects'' Rights 193 6.1 The Controller''s Duty of Transparency 194 6.1.1 Creating the Modalities 194 6.


1.2 Facilitating Information Requests 195 6.1.3 Providing Information to Data Subjects 195 6.1.4 The Notification Obligation 196 6.2 The Digital Miranda Rights 197 6.2.


1 Accountability Information 197 6.2.2 Transparency Information 198 6.2.3 Timing 200 6.2.4 Defenses for Not Providing Information 200 6.3 The Right of Access 201 6.


3.1 Accessing Personal Data 201 6.3.2 Charging a "Reasonable Fee" 202 6.4 Right of Rectification 203 6.4.1 Inaccurate Personal Data 204 6.4.


2 Incomplete Personal Data 204 6.4.3 Handling Requests 204 6.5 Right of Erasure 205 6.5.1 Development of the Right 205 6.5.2 The Philosophical Debate 206 6.


5.3 Circumstances for Erasure under GDPR 209 6.5.4 Erasure of Personal Data Which Has Been Made Public 211 6.5.5 What is "Erasure" of Personal Data? 212 6.5.6 Exceptions to Erasure 212 6.


6 Right to Restriction 214 6.6.1 Granting Restriction 215 6.6.2 Exceptions to Restriction 216 6.7 Right to Data Portability 216 6.7.1 The Format of Data and Requirements for Portability 217 6.


7.2 Business Competition Issues 218 6.7.3 Intellectual Property Issues 219 6.7.4 Restrictions on Data Portability 220 6.8 Rights Relating to Automated Decision Making 221 6.8.


1 The Right to Object 221 6.8.2 Right to Explanation 223 6.8.3 Profiling 224 6.8.4 Exceptions 225 6.8.


5 Special Categories of Data 225 6.9 Restrictions on Data Subject Rights 226 6.9.1 Nature of Restrictions Placed 226 6.9.2 The Basis of Restrictions 227 Notes 228 7 GDPR Enforcement 233 7.1 In-House Mechanisms 233 7.1.


1 A Quick Review 234 7.1.2 Implementing an Internal Rights Enforcement Mechanism 235 7.2 Data Subject Representation 240 7.2.1 Standing of NPOs to Represent Data Subjects 240 7.2.2 Digital Rights Activism 241 7.


3 The Supervisory Authorities 241 7.3.1 Role of Supervisory Authority 241 7.3.2 The Members of the Supervisory Authority 242 7.3.3 An Independent Body 243 7.3.


4 Professional Secrecy 243 7.3.5 Competence of the Supervisory Authority 244 7.3.6 Tasks of the Supervisory Authority 246 7.3.7 Powers of the SA 248 7.3.


8 Cooperation and Consistency Mechanism 250 7.3.9 GDPR Enforcement by Supervisory Authorities 252 7.4 Judicial Remedies 253 7.4.1 Judicial Action against the Controller or Processor 253 7.4.2 Courts versus SA; Which is Better for GDPR Enforcement? 254 7.


4.3 Judicial Action against the Supervisory Authority 254 7.4.4 Controller Suing the Data Subject? 256 7.4.5 Suspending the Proceedings 257 7.5 Alternate Dispute Resolution 258 7.5.


1 Is an ADR Arrangement Allowed under GDPR? 260 7.5.2 ADR Arrangements 260 7.5.3 Key Hurdles of Applying ADR to GDPR 261 7.5.4 Suggestions for Impleme.


To be able to view the table of contents for this publication then please subscribe by clicking the button below...
To be able to view the full description for this publication then please subscribe by clicking the button below...