Advertisement

The Draft Data Protection Regulation and the Development of Data Processing Applications

  • Eleni Kosta
  • Colette Cuijpers
Conference paper
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 421)

Abstract

Nowadays, data processing components are often part of a multitude of products and services. The current review of the European data protection framework, is proposing the replacement of the Data Protection Directive with a Regulation, which will undoubtedly impact the development of such products and services. This chapter analyses some of the critical changes proposed in the Regulation, highlighting the developments with regard to the actual scope of application of the European legal framework, the consent of the users and the particularities of processing pseudonymous data. It also critically assesses the proposed obligations relating to data security, notification of personal data breaches, the principles of data protection by design and by default, as well as data protection impact assessments. The authors conclude that these changes may actually be a step in the direction of more privacy-aware development of products and applications that entail data processing operations, if certain modalities are taken into account before the final adoption of the draft Regulation.

Keywords

consent data protection impact assessment General Data Protection Regulation privacy by design pseudonymisation 

References

  1. 1.
    European Parliament and Council of the European Union: Directive 95/46/EC of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data [1995] OJ L281/31 (November 23, 1995)Google Scholar
  2. 2.
    European Commission: Proposal for a Regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) COM (2012) 11 final – 2012/0011 (COD) (January 25, 2012)Google Scholar
  3. 3.
    European Commission, Proposal for a Directive of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data by competent authorities for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and the free movement of such data, COM (2012) 10 final – 2012/0010 (COD) (January 25, 2012)Google Scholar
  4. 4.
    European Parliament: Report on the proposal for a regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) (COM(2012)0011 – C7-0025/2012 – 2012/0011(COD)), A7-0402/2013 (November 21, 2013)Google Scholar
  5. 5.
    Albrecht, J.P.: European Parliament, Committee on Civil Liberties, Justice and Home Affairs: Draft report on the proposal for a regulation of the European Parliament and of the Council on the protection of individual with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation), 2012/0011(COD) (January 16, 2013)Google Scholar
  6. 6.
    Council of the European Union, Proposal for a regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) - Key issues of Chapters I-IV, 2012/0011(COD) (May 31, 2013)Google Scholar
  7. 7.
    European Council, Cover note 24/25 October 2013 Conclusions, EUCO 169/13 (October 25, 2013) Google Scholar
  8. 8.
    Kuner, C.: The European Commission’s Proposed Data Protection Regulation: A Copernican Revolution in European Data Protection Law. PVLR 11, 6 (2012)Google Scholar
  9. 9.
    Schwarz, P.M.: EU Privacy and the Cloud: Consent and Jurisdiction Under the Proposed Regulation. PVLR 12, 718 (2013)Google Scholar
  10. 10.
    Burton, C., Anna, P.: Status of the Proposed EU Data Protection Regulation: Where Do We Stand? PVLR 12, 1470 (2013)Google Scholar
  11. 11.
    Joined Cases C-585/08 and C-144/09, Peter Pammer v. Reederei Karl Schlüter GmbH & Co. KG and Hotel Alpenhof GesmbH v. Oliver Heller [2010] ECR I-12527Google Scholar
  12. 12.
    Schreurs, W., Hildebrandt, M., Els, K., Vanfleteren, M., Cogitas, E.S.: The Role of Data Protection Law and Non-discrimination Law in Group Prolfing in the Private Sector. In: Hildebrandt, M., Gutwirth, S. (eds.) Profiling the European Citizen. Cross-Disciplinary Perspectives, pp. 241–269. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  13. 13.
    Data Protection in Europe – Academics are taking a position. CLSR 29, 180–184 (2013)Google Scholar
  14. 14.
    Aldhouse, F.: Data protection in Europe – Some thoughts on reading the academic manifesto. CLSR 29, 289–292 (2013)Google Scholar
  15. 15.
    Article 29 Data Protection Working Party: Opinion 01/2012 on the data protection reform proposals. WP 191 (March 23, 2012)Google Scholar
  16. 16.
    European Data Protection Supervisor: Opinion on the data protection reform package (2012)Google Scholar
  17. 17.
    Article 29 Data Protection Working Party: Opinion 8/2001 on the processing of personal data in the employment context. WP 48 (September 13, 2001)Google Scholar
  18. 18.
    Council of Europe: Recommendation CM/Rec (2010)13 of the Committee of Ministers to member states on the protection of individuals with regard to automatic processing of personal data in the context of profiling (Adopted by the Committee of Ministers on 23 November 2010 at the 1099th meeting of the Ministers’ Deputies) Google Scholar
  19. 19.
    Ohm, P.: Broken Promises Of Privacy: Responding to the Surprising Failure of Anonymization. UCLA Law Review 57, 1701–1777 (2010)Google Scholar
  20. 20.
    Article 29 Data Protection Working Party: Opinion 13/2011 on Geolocation services on smart mobile devices. WP 185 (May 16, 2011)Google Scholar
  21. 21.
    Council of the European Union – Press Office: Background – Justice and Home Affairs Council, Brussels 7 and 8 March (March 6, 2013), http://www.consilium.europa.eu/ueDocs/cms_Data/docs/pressData/en/jha/135854.pdf (as references in [14])
  22. 22.
    European Parliament and the Council of the European Union, Directive 2002/21/EC of 7 March 2002 on a common regulatory framework for electronic communications networks and services (“Framework Directive”) [2002] OJ L108/33 (24.04.2002), as modified by European Parliament and the Council of the European Union, Directive 2009/140/EC amending Directives 2002/21/EC on a common regulatory framework for electronic communications networks and services, 2002/19/EC on access to, and interconnection of, electronic communications networks and associated facilities, and 2002/20/EC on the authorisation of electronic communications networks and services (“Better Regulation Directive”) [2009] OJ L337/37 (December 18, 2009)Google Scholar
  23. 23.
    Cavoukian, A.: Privacy by Design in Law, Policy and Practice. A White Paper for Regulators, Decision-makers and Policy-makers (2011), http://www.ipc.on.ca/images/Resources/pbd-law-policy.pdf
  24. 24.
    European Parliament and Council of the European Union: Directive 2004/17/EC of 31 March 2004 coordinating the procurement procedures of entities operating in the water, energy, transport and postal services sectors, OJ L 134/001 (April 30, 2004)Google Scholar
  25. 25.
    European Parliament and Council of the European Union: Directive 2004/18/EC of 31 March 2004 on the coordination of procedures for the award of public works contracts, public supply contracts and public service contracts, OJ L 134/114 (April 30, 2004)Google Scholar
  26. 26.
    Article 29 Data Protection Working Party: Opinion 9/2011 on the revised Industry Proposal for a Privacy and Data Protection Impact Assessment Framework for RFID Applications. WP 180 (February 11, 2011)Google Scholar
  27. 27.
    Privacy and Data Protection Impact Assessment Framework for RFID Applications (January 12, 2011), http://cordis.europa.eu/fp7/ict/enet/documents/rfid-pia-framework-final.pdf
  28. 28.
    Wright, D., de Hert, P. (eds.): Privacy Impact Assessment. Springer, Heidelberg (2012)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2014

Authors and Affiliations

  • Eleni Kosta
    • 1
  • Colette Cuijpers
    • 1
  1. 1.Tilburg Institute for Law, Technology, and Society (TILT)Tilburg UniversityTilburgThe Netherlands

Personalised recommendations