Full and structured lesson notes of the course privacy and data protection law taught by Prof. Gonzalez in 2020.
This summary contains the interactive sessions and the normal sessions, following the structure of the handbook.
Je kan mij altijd op fb sturen voor een betere prijs. Ik haalde met...
1. CONTEXT AND BACKGROUND OF EUROPEAN DATA PROTECTION LAW 8
1.1 THE RIGHT TO PERSONAL DATA PROTECTION 8
1.1.1 THE RIGHT TO RESPECT FOR PRIVATE LIFE AND THE RIGHT TO PERSONAL DATA PROTECTION: A BRIEF
INTRODUCTION 8
1.1.2 INTERNATIONAL LEGAL FRAMEWORK: UNITED NATIONS 9
1.1.3 THE EUROPEAN CONVENTION ON HUMAN RIGHTS 9
INTERACTION CLASS 10
1.1.4 COUNCIL OF EUROPE CONVENTION 108 11
CONVENTION 108 11
1.1.5 EUROPEAN UNION DATA PROTECTION LAW 12
DATA PROTECTION IN PRIMARY EU LAW 12
T HE GENERAL DATA PROTECTION REGULATION 13
DATA PROTECTION IN LAW ENFORCEMENT – DIRECTIVE 2016/680 14
DIRECTIVE ON PRIVACY AND ELECTRONIC COMMUNICATIONS 15
REGULATION NO. 45/2001 16
THE ROLE OF THE CJEU 16
1.2 LIMITATIONS ON THE RIGHT TO PERSONAL DATA PROTECTION 17
1.2.1 REQUIREMENTS FOR JUSTIFIED INTERFERENCE UNDER THE ECHR 17
IN ACCORDANCE WITH THE LAW 17
PERUSING A LEGITIMATE AIM 18
NECESSARY IN A DEMOCRATIC SOCIETY 18
1.2.2 CONDITIONS FOR LAWFUL LIMITATIONS UNDER THE EU CHARTER OF FUNDAMENTAL RIGHTS 19
PROVIDED FOR BY LAW 19
RESPECT THE ESSENCE OF THE RIGHT 19
NECESSITY AND PROPORTIONALITY 20
OBJECTIVES OF GENERAL INTEREST 21
RELATIONSHIP BETWEEN THE CHARTER AND THE ECHR 22
2. DATA PROTECTION TERMINOLOGY 23
2.1 PERSONAL DATA 23
2.1.1 MAIN ASPECTS OF THE CONCEPT OF PERSONAL DATA 23
THE DATA SUBJECT 23
NATURE OF THE DATA 23
ANONYMISATION 25
PSEUDONYMISATION 26
AUTHENTICATION 26
2.1.2 SPECIAL CATEGORIES OF PERSONAL DATA 26
PERSONAL DATA RELATING TO CRIMINAL CONVICTIONS AND OFFENCES 27
2.2 DATA PROCESSING 27
2.2.1 THE CONCEPT OF DATA PROCESSING 27
2.2.2 AUTOMATED DATA PROCESSING 27
2.2.3 NON- AUTOMATIC DATA PROCESSING 28
2.3 USERS OF PERSONAL DATA 28
2.3.1 CONTROLLERS AND PROCESSORS 28
CONTROLLER 29
JOINT CONTROLLERSHIP 30
PROCESSOR 30
RELATIONSHIP BETWEEN CONTROLLER AND PROCESSOR 31
1
,2.3.2 RECIPIENTS AND THIRD PARTIES 32
2.4 CONSENT 32
3. KEY PRINCIPLES OF EUROPEAN DATA PROTECTION LAW 33
3.1 THE LAWFULNESS, FAIRNESS AND TRANSPARENCY OF PROCESSING PRINCIPLES 33
3.1.1 LAWFULNESS OF PROCESSING 33
3.1.2 FAIRNESS OF PROCESSING 33
3.1.3 TRANSPARENCY OF PROCESSING 34
3.2 THE PRINCIPLE OF PURPOSE LIMITATION 34
3.3 THE DATA MINIMISATION PRINCIPLE 35
3.4 THE DATA ACCURACY PRINCIPLE 36
3.5 THE STORAGE LIMITATION PRINCIPLE 36
3.6 THE DATA SECURITY PRINCIPLE 37
3.7 THE ACCOUNTABILITY PRINCIPLE 38
4. RULES OF EUROPEAN DATA PROTECTION LAW 38
4.1 RULES ON LAWFUL PROCESSING 39
4.1.1 LAWFUL GROUNDS FOR PROCESSING DATA 39
CONSENT 39
FREE CONSENT 39
INFORMED CONSENT 40
SPECIFIC CONSENT 40
UNAMBIGUOUS CONSENT 41
CONSENT REQUIREMENTS FOR CHILDREN 41
THE RIGHT TO WITHDRAW CONSENT AT ANY TIME 41
NECESSITY FOR THE PERFORMANCE OF A CONTRACT 42
LEGAL DUTIES OF THE CONTROLLER 42
VITAL INTERESTS OF THE DATA SUBJECT OR THOSE OF ANOTHER NATURAL PERSON 42
PUBLIC INTEREST AND EXERCISE OF OFFICIAL AUTHORITY 42
LEGITIMATE INTERESTS PURSUED BY THE CONTROLLER OR BY A THIRD PARTY 43
4.1.2 PROCESSING SPECIAL CATEGORIES OF DATA (SENSITIVE DATA) 45
EXPLICIT CONSENT OF THE DATA SUBJECT 45
EMPLOYMENT LAW OR SOCIAL SECURITY AND SOCIAL PROTECTION LAW 45
VITAL INTERESTS OF THE DATA SUBJECT OR ANOTHER PERSON 45
CHARITIES OR NOT-FOR-PROFIT BODIES 45
DATA MANIFESTLY MADE PUBLIC BY THE DATA SUBJECT 46
LEGAL CLAIMS 46
REASONS OF SUBSTANTIAL PUBLIC INTEREST 46
OTHER GROUND FOR PROCESSING SENSITIVE DATA 47
ADDITIONAL CONDITIONS UNDER NATIONAL LAW 47
4.2 RULES ON SECURITY OF PROCESSING 47
4.2.1 ELEMENTS OF DATA SECURITY 47
OUTLOOK 48
4.2.2 CONFIDENTIALITY 49
4.2.3 PERSONAL DATA BREACH NOTIFICATIONS 49
4.3 RULES ON ACCOUNTABILITY AND PROMOTING COMPLIANCE 51
4.3.1 DATA PROTECTION OFFICERS 51
4.3.2 RECORDS OF PROCESSING ACTIVITIES 52
4.3.3 DATA PROTECTION IMPACT ASSESSMENT AND PRIOR CONSULTATION 53
4.3.4 CODES OF CONDUCT 54
4.3.5 CERTIFICATION 55
2
,4.3 DATA PROTECTION BY DESIGN AND BY DEFAULT 55
DATA PROTECTION BY DESIGN 55
DATA PROTECTION BY DEFAULT 55
5. INDEPENDENT SUPERVISION 56
5.1 INDEPENDENCE 56
5.2 COMPETENCE AND POWERS 58
5.3 COOPERATION 59
5.4 THE EUROPEAN DATA PROTECTION BOARD 60
5.4 THE GDPR CONSISTENCY MECHANISM 61
6. DATA SUBJECTS’ RIGHTS AND THEIR ENFORCEMENT 61
6.1 THE RIGHTS OF DATA SUBJECTS 62
6.1.1 RIGHT TO BE INFORMED 62
CONTENT OF THE INFORMATION 63
TIME OF PROVIDING INFORMATION 64
DIFFERENT WAYS OF PROVIDING INFORMATION 64
THE RIGHT TO LODGE A COMPLAINT 65
EXEMPTIONS FROM THE OBLIGATION TO INFORM 65
THE RIGHT OF ACCESS TO AN INDIVIDUAL’S OWN DATA 65
6.1.2 RIGHT TO RECTIFICATION 67
6.1.3 RIGHT TO ERASURE (RIGHT TO BE FORGOTTEN) 68
6.1.4 RIGHT TO RESTRICTION OF PROCESSING 70
OBLIGATION TO NOTIFY REGARDING THE RECTIFICATION OR ERASURE OF PERSONAL DATA OR PROCESSING
RESTRICTION 71
6.1.5 RIGHT TO DATA PORTABILITY 71
6.1.6 RIGHT TO OBJECT 71
THE RIGHT TO OBJECT ON GROUND RELATED TO THE DATA SUBJECTS’ PARTICULAR SITUATIONS 71
THE RIGHT TO PROCESSING OF DATA FOR DIRECT MARKETING PURPOSES 72
THE RIGHT TO OBJECT BY AUTOMATED MEANS 72
THE RIGHT TO OBJECT FOR SCIENTIFIC OR HISTORICAL RESEARCH PURPOSES OR STATISTICAL PURPOSES 73
6.1.7 AUTOMATED INDIVIDUAL DECISION MAKING INCLUDING PROFILING 73
6.2 REMEDIES, LIABILITY, PENALTIES AND COMPENSATION 74
6.2.1 RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY 74
6.2.2 RIGHT TO AN EFFECTIVE JUDICIAL REMEDY 74
R IGHT TO MANDATE A NOT-FOR-PROFIT BODY, ORGANISATION OR ASSOCIATION 77
6.2.3 LIABILITY AND THE RIGHT TO COMPENSATION 77
6.2.4 SANCTIONS 78
7. INTERNATIONAL DATA TRANSFERS AND FLOWS OF PERSONAL DATA 79
7.1 NATURE OF PERSONAL DATA TRANSFERS 79
7.2 FREE MOVEMENT/FLOW OF PERSONAL DATA BETWEEN MEMBER STATES OR CONTRACTING PARTIES 79
7.3 PERSONAL DATA TRANSFERS TO THIRD COUNTRIES/ NON-PARTIES OR INTERNATIONAL ORGANISATIONS
80
7.3.1 TRANSFERS ON THE BASIS OF AN ADEQUACY DECISION 80
7.3.2 TRANSFERS SUBJECT TO APPROPRIATE SAFEGUARDS 81
TRANSFERS SUBJECT TO CONTRACTUAL CLAUSES 82
TRANSFERS SUBJECT TO BINDING CORPORATE RULES 82
7.3.3 DEROGATIONS FOR SPECIFIC SITUATIONS 83
7.3.4 TRANSFERS BASED ON INTERNATIONAL AGREEMENTS 84
PASSENGER NAME RECORDS 84
3
,MESSAGING DATA 85
8. DATA PROTECTION IN THE CONTEXT OF POLICE AND CRIMINAL JUSTICE 86
8.1 EU LAW ON DATA PROTECTION IN POLICE AND CRIMINAL JUSTICE MATTERS 86
8.2.1 T HE DATA PROTECTION DIRECTIVE FOR POLICE AND CRIMINAL JUSTICE AUTHORITIES 86
PRINCIPLES RELATED TO PROCESSING 87
RIGHTS OF THE DATA SUBJECT 87
OBLIGATIONS OF THE CONTROLLER AND PROCESSOR 88
TRANSFERS TO THIRD COUNTRIES OR INTERNATIONAL ORGANISATIONS 89
INDEPENDENT SUPERVISION AND REMEDIES FOR DATA SUBJECTS 90
8.3 OTHER SPECIFIC LEGAL INSTRUMENTS ON DATA PROTECTION IN LAW ENFORCEMENT MATTERS 90
THE PRÜM DECISION 90
FRAMEWORK DECISION 2006/960/JHA- THE SWEDISH INITIATIVE 91
THE EU PNR DIRECTIVE 91
RETENTION OF TELECOMMUNICATIONS DATA 92
OUTLOOK 92
EU-US UMBRELLA AGREEMENT OF THE PROTECTION OF PERSONAL DATA EXCHANGE FOR LAW ENFORCEMENT
PURPOSES 93
8.3.1 DATA PROTECTION IN EU JUDICIAL AND LAW ENFORCEMENT AGENCIES 93
EUROPOL 93
EUROJUST 95
OUTLOOK 95
EUROPEAN PUBLIC PROSECUTOR’S OFFICE 95
8.3.2 DATA PROTECTION IN EU-LEVEL JOINT INFORMATION SYSTEMS 96
9. SPECIFIC TYPES OF DATA AND THEIR RELEVANT DATA PROTECTION RULES 97
9.1 ELECTRONIC COMMUNICATIONS 97
OUTLOOK 98
9.2 EMPLOYMENT DATA 98
9.3 HEALTH DATA 99
ELECTRONIC HEALTH RECORDS 99
9.4 DATA PROCESSING FOR RESEARCH AND STATISTICAL PURPOSES 100
9.5 FINANCIAL DATA 101
10. MODERN CHALLENGES IN PERSONAL DATA PROTECTION 102
10.1 BIG DATA, ALGORITHMS AND ARTIFICIAL INTELLIGENCE 102
10.1.1 DEFINING BIG DATA, ALGORITHMS AND ARTIFICIAL INTELLIGENCE 102
BIG DATA 102
ALGORITHMS AND ARTIFICIAL INTELLIGENCE 103
10.1.2 BALANCING THE BENEFITS AND RISKS OF BIG DATA 103
10.1.3 DATA PROTECTION-RELATED ISSUES 104
IDENTITY OF CONTROLLERS AND PROCESSORS, AND THEIR LIABILITY 104
IMPACT ON DATA PROTECTION PRINCIPLES 104
SPECIFIC RULES AND RIGHTS 105
INDIVIDUAL CONTROL 106
10.2 THE WEB 2.0 AND 3.0: SOCIAL NETWORKS AND INTERNET OF THINGS 106
10.2.1 DEFINING WEBS 2.0 AND 3.0 106
SOCIAL NETWORKING SERVICES 106
THE INTERNET OF THINGS 107
10.2.2 BALANCING BENEFITS AND RISKS 107
10.2.3 DATA PROTECTION-RELATED ISSUES 107
4
,CONSENT 107
SECURITY AND PRIVACY/DATA PROTECTION BY DESIGN AND BY DEFAULT 108
RIGHTS OF INDIVIDUALS 108
CONTROLLERS 108
FIRST SESSION ON THE RIGHT OF ACCESS 109
FIRST INTERACTIVE SESSION ON DATA PROTECTION NOTICES 110
WHAT ARE DP NOTICES? 110
HOW SHOULD DP NOTICES COMMUNICATE WITH US? 113
SECOND INTERACTIVE SESSION ON RIGHT OF ACCESS 120
SECOND INTERACTIVE SESSION ON DATA PROTECTION NOTICES 127
CONTENT OF A DATA PROTECTION NOTICE (CONTINUATION OF LAST SESSION) 127
THIRD INTERACTIVE SESSION ON THE RIGHT OF ACCESS 135
5
, Exam
You have 3 hours + open book -> handbook, slides, … This means that there is no
lockdown browser but you can’t work together.
No plagiarism is allowed -> You need to answer in a way that she can see you are
answering yourself. You need to show that you don’t just copy everything you can
use. DON’T JUST COPY SHE IS VERY STRICT WITH PLAGIARISM. If you quote someone
you need to do it clearly and can’t rephrase it in your own words. Write your own
answers and if you want to quote something than do it in a way that is obvious.
You need to give well-structured answers (correct, clear, full sentences and full
words).
Time: best use the first hour for the multiple choice and the rest of the time for the
open questions.
Structure your answers (in favour, problems. Say I’m going to do this first than that
and that, finishing with conclusion). You need to show her that you have been
studying and you are familiar with what was taught.
Avoid subjective opinions (it does not help) and generic reflections (everyone knows
them but they just fill space and are not relevant).
Positive and negative, connecting different notions or perspectives. We have been
seeing different perspectives from controllers, processors, subjects, CoE law.
Refer to the right provisions + accurate. Use practical examples (don’t need to
go into detail about your own life).
Try to think of the practical implications.
Content
Multiple choice questions (40%) and an essay like question (60%). Giscorrectie is
probably going to be a thing, ideally also no going back to previous questions, you
would need to be quick (1 hour).
Example of an essay question (in charter of fundamental rights, GDPR, use different
perspectives, why is it important today in the future or the past? What does it mean
to do this, use other things like AI and how you can do this in this).
6
, 7
Les avantages d'acheter des résumés chez Stuvia:
Qualité garantie par les avis des clients
Les clients de Stuvia ont évalués plus de 700 000 résumés. C'est comme ça que vous savez que vous achetez les meilleurs documents.
L’achat facile et rapide
Vous pouvez payer rapidement avec iDeal, carte de crédit ou Stuvia-crédit pour les résumés. Il n'y a pas d'adhésion nécessaire.
Focus sur l’essentiel
Vos camarades écrivent eux-mêmes les notes d’étude, c’est pourquoi les documents sont toujours fiables et à jour. Cela garantit que vous arrivez rapidement au coeur du matériel.
Foire aux questions
Qu'est-ce que j'obtiens en achetant ce document ?
Vous obtenez un PDF, disponible immédiatement après votre achat. Le document acheté est accessible à tout moment, n'importe où et indéfiniment via votre profil.
Garantie de remboursement : comment ça marche ?
Notre garantie de satisfaction garantit que vous trouverez toujours un document d'étude qui vous convient. Vous remplissez un formulaire et notre équipe du service client s'occupe du reste.
Auprès de qui est-ce que j'achète ce résumé ?
Stuvia est une place de marché. Alors, vous n'achetez donc pas ce document chez nous, mais auprès du vendeur valerie2stragier. Stuvia facilite les paiements au vendeur.
Est-ce que j'aurai un abonnement?
Non, vous n'achetez ce résumé que pour €8,99. Vous n'êtes lié à rien après votre achat.
