Old Wine With a New Label : Rights of Data Subjects under GDPR

Main Article Content

Sandeep Mittal

Abstract

Recent reforms in data privacy protection framework in European Union have lead to enactment of General Data Protection Regulation (GDPR). However, it remains debatable if GDPR would lead to significant improvement in the protection of privacy rights of individuals, which is always considered the fundamental right. The advent of technology and movement of data across geographical barriers and outsourcing of data processing jobs to countries outside the EU necessitated enactments of GDPR. An analysis is done to demonstrate that though some of the provision of GDPR remain generically remain similar to the Data Protection Directive, GDPR has incorporated some new provisions by choosing the ‘regulation’ as an instrument of law for better harmonisation, expensing the ‘right to be forgotten, legitimisation the role of consent, providing data protection by design and default, increasing accountability of data controllers and expanding the scope of provision of the directive to extra territorial jurisdiction would be remain to be seen whether GDPR is an old wine with the new label or something else in a wine bottle.

Downloads

Download data is not yet available.

Article Details

Section
Articles
Author Biography

Sandeep Mittal, Indian Police Service, Former Director, Ministry of Home Affairs (Govt. of India) New Delhi

Indian Police Service Cyber Security & Privacy Researcher Former Director, LNJN NICFS (MHA) New Delhi, India sandeep.mittal@nic.in

References

M. M. Group. (2015, 24.11.2015). World Internet Users Statistics and 2015 World Population Stats. Available: http://www.internetworldstats.com/stats.htm

S. R. Salbu, "European Union Data Privacy Directive and International Relations, The," Vand. J. Transnat'l L., vol. 35, p. 655, 2002.

J. Kang, "Information privacy in cyberspace transactions," Stanford Law Review, pp. 1193-1294, 1998.

Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data Official Journal L 281 , 23/11/1995 P. 0031 – 0050 (Accessed at: http://www.refworld.org/docid/3ddcc1c74.html on 14 November 2016), 1995.

ibid.

M. Burri and R. Schär, "The Reform of the EU Data Protection Framework," Journal of Information, vol. 6, 2016.

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (Text with EEA relevance) OJ L 119, 4.5.2016, p. 1–88 2016.

D. R. Nijhawan, "Emperor Has No Clothes: A Critique of Applying the European Union Approach to Privacy Regulation in the United States, The," Vand. L. Rev., vol. 56, p. 939, 2003.

J. R. Reidenberg, "E-commerce and trans-atlantic privacy," Hous. L. Rev., vol. 38, p. 717, 2001.

D. Zwick and N. Dholakia, "Contrasting European and American approaches to privacy in electronic markets: property right versus civil right," Electronic Markets, vol. 11, pp. 116-120, 2001.

M. Boban, "DIGITAL SINGLE MARKET AND EU DATA PROTECTION REFORM WITH REGARD TO THE PROCESSING OF PERSONAL DATA AS THE CHALLENGE OF THE MODERN WORLD," in Economic and Social Development (Book of Proceedings), 16th International Scientific Conference on Economic and Social, 2016, p. 191.

G. Shaffer, "Globalization and social protection: the impact of EU and international rules in the ratcheting up of US data privacy standards," Yale Journal of International Law, vol. 25, pp. 1-88, 2000.

S. Singleton, "Balancing a Right to be Forgotten with a Right to Freedom of Expression in the Wake of Google Spain v. AEPD," Ga. J. Int'l & Comp. L., vol. 44, pp. 165-195, 2015.

A. Bunn, "The curious case of the right to be forgotten," Computer Law & Security Review, vol. 31, pp. 336-350, 6// 2015.

C. Rees and D. Heywood, "The ?right to be forgotten? or the ?principle that has been remembered?," ibid.vol. 30, pp. 574-578, 10// 2014.

"Maximillian Schrems v Data Protection Commissioner, C-362/14, Court of Justice of the European Union," ed: Court of Justice of the European Union 2015.

M. A. Weiss and K. Archick, "US-EU Data Privacy: From Safe Harbor to Privacy Shield," Congressional Research Service, 2016.

M. Burri and R. Schär, "The Reform of the EU Data Protection Framework," Journal of Information, vol. 6, 2016.

P. de Hert and V. Papakonstantinou, "The new General Data Protection Regulation: Still a sound system for the protection of individuals?," Computer Law & Security Review, vol. 32, pp. 179-194, 2016.

V. Reding, "The European data protection framework for the twenty-first century," International Data Privacy Law, p. ips015, 2012.

Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data Official Journal L 281 , 23/11/1995 P. 0031 – 0050 (Accessed at: http://www.refworld.org/docid/3ddcc1c74.html on 14 November 2016), 1995.

Article 29 Working Party Opinion 4/2007

Regulation (EU) 2016/679, 2016. Recital 23

ibid. Article 43 (b)

ibid. Article 23

ibid. Article 23a

ibid. Article 9

ibid. Article 23

ibid. Article 17 (1)

ibid. Article 17 (3) Recital 65

ibid. Article 17 (2) Recital 66 & 67

A. Mantelero, "The EU Proposal for a General Data Protection Regulation and the roots of the ?right to be forgotten?," Computer Law & Security Review, vol. 29, pp. 229-235, 6// 2013.

Regulation (EU) 2016/679, 2016. Article 12

ibid. Article 13, 14, 15, 19

ibid. Article 20

ibid. Article 21, 22

ibid. Article 22 (2)

ibid. Article 21

M. Burri and R. Schär, "The Reform of the EU Data Protection Framework," Journal of Information, vol. 6, 2016.

Regulation (EU) 2016/679, 2016.

A. Cormack, "Is the Subject Access Right Now Too Great a Threat to Privacy," Eur. Data Prot. L. Rev., vol. 2, p. 15, 2016.

ibid.

Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data Official Journal L 281 , 23/11/1995 P. 0031 – 0050 (Accessed at: http://www.refworld.org/docid/3ddcc1c74.html on 14 November 2016), 1995.Article 2H

ibid. Article 7 (a)

Regulation (EU) 2016/679, 2016. Article 7 (1)

ibid. Article 4 (4)

ibid. Article 8 (1)

ibid. Article 8 (2)

E. Carolan, "The continuing problems with online consent under the EU's emerging data protection principles," Computer Law & Security Review, vol. 32, pp. 462-473, 2016.

Regulation (EU) 2016/679, 2016. Article 7(3)

S. Wachter, B. Mittelstadt, and L. Floridi, "Why a right to explanation of automated decision-making does not exist in the General Data Protection Regulation," 2016.

ibid.

Regulation (EU) 2016/679, 2016. Article 20 (3) read with Recital 71

ibid. Article 13, 14 read with Recital 60, 61, 62

ibid. Article 15 read with Recital 63

S. Wachter, B. Mittelstadt, and L. Floridi, "Why a right to explanation of automated decision-making does not exist in the General Data Protection Regulation," 2016.

Regulation (EU) 2016/679, 2016. Article 25(1)

ibid. Article 25(2)

E. Hanson, "The History of Digital Desire, vol. 1: An introduction," South Atlantic Quarterly, vol. 110, pp. 583-599, 2011.

Regulation (EU) 2016/679, 2016. Article 33

ibid. Article 35

ibid. Article 35(7)

ibid. Article 58

ibid. Article 83, 85, 86

ibid. Article 3(2)

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (Text with EEA relevance) OJ L 119, 4.5.2016, p. 1–88 2016. Recital 23