 Subjects -> PATENTS, TRADEMARKS AND COPYRIGHTS (Total: 26 journals)
|
|
|
- Governing machine-learning models: challenging the personal data
presumption- Authors: Leiser M; Dechesne F.
Pages: 187 - 200
Abstract: Key PointsThis article confronts assertions made by Dr Michael Veale, Dr Reuben Binns, and Professor Lilian Edwards in ‘Algorithms that remember: Model Inversion Attacks and Data Protection Law’, as well as the general trend by the courts to broaden the definition of ‘personal data’ under Article 4(1) GDPR to include ‘everything data-related’. Veale and others use examples from computer science to suggest some models, subject to certain attacks, reveal personal data. Accordingly, Veale and others argue that data subject rights could be exercised against the model itself.A computer science perspective, as well as case law from the Court of Justice of the European Union, is used to argue that effective machine-learning model governance can be achieved without widening the scope of personal data and that the governance of machine-learning models is better achieved through already existing provisions of data protection and other areas of law.Extending the scope of personal data to machine-learning models would render the protections granted to intelligent endeavours within the black box ineffectual.
PubDate: Mon, 03 Aug 2020 00:00:00 GMT
DOI: 10.1093/idpl/ipaa009
Issue No: Vol. 10, No. 3 (2020)
- Pitching trade against privacy: reconciling EU governance of personal data
flows with external trade- Authors: Yakovleva S; Irion K.
Pages: 201 - 221
Abstract: Key PointsGlobal data flows underpinning cross-border digital trade have moved centre stage in international trade negotiations. New trade law disciplines on the free flow of data are included in a number of international trade deals.The European Union (EU) has a key role to play in the global governance of the protection of personal data. The EU’s strict data protection regime has sometimes been framed as a digital trade barrier.This article juxtaposes the EU’s governance of fundamental rights to privacy and data protection with external trade policy on cross-border data flows.The process of aligning EU’s normative approach to personal data protection with its external trade policy has been, until very recently, riddled with contradictions.The article concludes with an assessment of the EU’s recent horizontal strategy on cross-border data flows and personal data protection in trade and investment agreements, which aims to align EU external policy.
PubDate: Mon, 30 Mar 2020 00:00:00 GMT
DOI: 10.1093/idpl/ipaa003
Issue No: Vol. 10, No. 3 (2020)
- Australia’s Consumer Data Right and the uncertain role of
information privacy law- Authors: Burdon M; Mackie T.
Pages: 222 - 235
Abstract: Key PointsData portability rights are viewed by policymakers worldwide as a significant legal innovation to stimulate competitive digital economies. These rights allow consumers and businesses to seamlessly receive and transfer data for commercialization and efficiency purposes.The newly implemented Australian Consumer Data Right (CDR) provides an illuminating example of the complex relationship between information privacy and competition law which is central to data portability initiatives. The CDR grants consumers and businesses access and transfer rights for consumer data in the Australian banking, energy, and telecommunications sectors, through the implementation of mandated API standards.There are three policy vectors at the heart of the CDR that parallel previous Australian, UK, and EU data portability developments. They are the type of regulated data covered by the CDR scheme, privacy and security protections and the overarching regulatory framework.We argue that the CDR, and its antecedents, primarily construct data portability as a competition law measure. However, while the general policy intention of the CDR is clear, we contend that the scheme reveals an uncertain role for information privacy law as part of its operation. Uncertainty is evident in how policymakers have considered the information privacy law issues inherent in the three policy vectors.We contend that the CDR could give rise to definitional problems with regulated data, duplicated privacy and security protections and a conceptually challenging regulatory framework. In conclusion, we suggest potential solutions that would assist with the operation of the CDR within Australia’s broader information privacy law framework, governed by the Privacy Act 1988 (Cth), which would also better align with the General Data Protection Regulation (GDPR).
PubDate: Mon, 24 Aug 2020 00:00:00 GMT
DOI: 10.1093/idpl/ipaa008
Issue No: Vol. 10, No. 3 (2020)
- To track or not to track' Employees’ data privacy in the age of
corporate wellness, mobile health, and GDPR†- Authors: Brassart Olsen C.
Pages: 236 - 252
Abstract: Key PointsEmployers have been increasingly offering wristbands or smartwatches, also known as ‘mHealth devices’, to their employees.The use of mHealth devices at work may come at a price for employees, who may unknowingly or unwillingly share their health information with their employer and third parties, such as mHealth providers. This could lead to data privacy breaches and discrimination in the workplace.The EU regime has recognized that the use of mHealth devices raises issues in the workplace, and Article 29 Working Party has stated that employees’ free consent to the processing of mHealth data is highly unlikely because of the sensitive nature of health data and the unequal nature of the employment relationship.However, the current EU regime leaves room for some exceptions and uncertainty: first, under GDPR, employees’ health data may be processed if the employer can show that such processing is necessary for preventive and occupational medicine; second, GDPR only provides a positive definition of ‘health data’, which leaves room for ambiguity regarding some type of mHealth data, such as lifestyle data.Although the current EU regime recognizes the challenges raised by the use of mHealth devices in the workplace, further clarification would be welcome, as it would enable to create a culture of trust between employees, employers and mHealth developers.
PubDate: Mon, 27 Apr 2020 00:00:00 GMT
DOI: 10.1093/idpl/ipaa004
Issue No: Vol. 10, No. 3 (2020)
- The layered links model: an alternative approach to international privacy
regulation- Authors: Bougiakiotis E.
Pages: 253 - 268
Abstract: Key PointsCurrently, privacy and data protection lack international (as opposed to regional) regulation in large part because of the diverging values of various countries.Often the laws of various countries may impose conflicting obligations that so far have been addressed via ad hoc agreements.Despite calls for international convergence to avoid them, both in and out of academia, little progress has been achieved in practice.This article argues for an alternative model of international privacy regulation based on the use of layered links that are reflective of the different views of states on data protection regulation.
PubDate: Tue, 10 Mar 2020 00:00:00 GMT
DOI: 10.1093/idpl/ipaa002
Issue No: Vol. 10, No. 3 (2020)
- Mere access to personal data: is it processing'
- Authors: Schreiber A.
Pages: 269 - 277
Abstract: Key PointsThere is a range of views on ‘access’ as a part of processing under the General Data Protection Regulation (GDPR). Access was not mentioned in Article 4(2) GDPR, but could fit the definition of processing, and could also be included within other forms of processing such as retrieval, storage, and transfer.Many scholars view access as central to the definition of privacy, and differentiate ‘intrusion’—including acting on the data, from ‘mere intrusion’—in which data is accessed but nothing further is done.The intrusion/mere intrusion distinction may be irrelevant for the applicability of GDPR, as even ‘mere intrusion’ will generate subjective privacy harm, and may lead to objective privacy harm, and should therefore be protected by data protection law; this is also the view of the EU Commission under the GDPR.A risk-based reading of the GDPR may lead to differential treatment of different forms of access, defining potentially harmful forms of access as processing, and minimalist, transient forms of access as not processing.
PubDate: Mon, 30 Mar 2020 00:00:00 GMT
DOI: 10.1093/idpl/ipaa005
Issue No: Vol. 10, No. 3 (2020)
|
Hybrid journal (It can contain Open Access articles)
