Abstract
This chapter provides data scientists with an introduction to data protection law. The aim of this chapter is to provide some basic knowledge and understanding concerning some of the most important principles of data protection law through a general explanation of these key concepts. It will show for instance that the notion of personal data is a very broad one, which encompasses the vast majority of the data processed in contemporary data processing technologies, or that the distinction between a data controller and a data processor can be tricky. It will also show that in order to start a processing of data, one has the choice between six different grounds; however, one ground must be chosen, and when processing data, all the provisions of Art. 5 of the GDPR must be respected. On the one hand, the explanations are general and do not go into too much detail so that they are easily understandable by the reader. On the other hand, they provide for “actionable knowledge”. That is, they will allow the reader to play with and apply the data protection principles herein discussed to their data science applications, so that they can be performed in a socially responsible way.
Five key points are discussed:
-
1.
What exactly is meant by data protection?
-
2.
What is personal data?
-
3.
Who are the actors of data protection law?
-
4.
Under what conditions it is possible to start processing data?
-
5.
What principles should be respected when processing data?
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
While fundamental rights are only a tiny part of the EU’s competences, the Council of Europe is an international organisation that specialises in the protection of fundamental rights. It currently has 47 member states. This comprises all EU members states, but also many more; see 7 https://www.coe.int/en/web/about-us/who-we-are.
- 2.
At the moment of writing this chapter, this Bill has not been adopted (yet). Last moment of writing: 29 June 2020.
- 3.
See, e.g., 7 https://edps.europa.eu/press-publications/press-news/blog/facial-recognition-solution-search-problem_en, last accessed 29 June 2020.
References
Art. 29 WP. (2013). Opinion 03/2013 on Purpose Limitation.
Art. 29 WP. (2014). Opinion 06/2014 on the Notion of Legitimate Interests of the Data Controller under Article 7 of Directive 95/46/EC.
Art. 29 WP. (2007). Opinion 4/2007 on the concept of personal data.
Art. 29 WP. (2010). Opinion 1/2010 on the concepts of “controller” and “processor.”
Art. 29 WP. (2018a). Article 29 Working Party Guidelines on consent under Regulation 2016/679.
Art. 29 WP. (2018b). Guidelines on transparency under Regulation 2016/679.
Carey, P. (2018a). Data protection principles. In P. Carey (Ed.), Data protection: A practical guide to UK and EU law (5th ed., pp. 32–41). Oxford University Press.
Coleman, R., & McCahill, M. (2011). Surveillance & crime. Sage.
Dehon, E., & Carey, P. (2018). Fair, lawful, and transparent processing. In P. Carey (Ed.), Data protection: A practical guide to UK and EU law (5th ed., pp. 42–65). Oxford University Press.
European Parliament resolution of 16 February 2017 with recommendations to the Commission on Civil Law Rules on Robotics (2015/2103(INL)).
Gellman, R. (2019). FAIR INFORMATION PRACTICES: A Basic History.
Gutwirth, S. (2002). Privacy and the Information Age (Rowman & Littlefield 2002).
Hoofnagle, CJ., Sloot, B van der., & Zuiderveen Borgesius, F. (2019). ‘The European Union General Data Protection Regulation: What It Is and What It Mean’s. 28 Information and Communications Technology Law 65.
Mourby, M., Mackey, E., Elliot, M., Gowans, H., Wallace, S. E., Bell, J., et al. (2018). Are “pseudonymised” data always personal data? Implications of the GDPR for administrative data research in the UK. Computer Law and Security Review, 34(2), 222–233.
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), [2016], OJ L 119/1.
Rodway, S., & Carey, P. (2018). Outsourcing personal data processing. In P. Carey (Ed.), Data protection: A practical guide to UK and EU law (5th ed., pp. 175–183). Oxford University Press.
Voigt, P., & von dem Busche, A. (2017). The EU General Data Protection Regulation (GDPR), a practical guide. Springer.
Welfare, D., & Carey, P. (2018). Territorial scope and terminology. In P. Carey (Ed.), Data protection: A Practical guide to UK and EU law (5th ed., pp. 1–31). Oxford University Press.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Gellert, R. (2023). Data Protection Law and Responsible Data Science. In: Liebregts, W., van den Heuvel, WJ., van den Born, A. (eds) Data Science for Entrepreneurship. Classroom Companion: Business. Springer, Cham. https://doi.org/10.1007/978-3-031-19554-9_17
Download citation
DOI: https://doi.org/10.1007/978-3-031-19554-9_17
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-19553-2
Online ISBN: 978-3-031-19554-9
eBook Packages: Business and ManagementBusiness and Management (R0)