Brief Overview of the Legal Instruments and Restrictions for Sharing Data While Complying with the EU Data Protection Law

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9881)

Abstract

Data are the new oil of our society, but as opposed to the latter, business are not allowed to work them and re-use freely. To the extent that data fall under the category of “personal data”, businesses must comply with the data protection legal framework. In order to do this, it is primarily necessary to design internal and automatic procedures to understand if the sharing of data, as further processing operation, is compatible with the original purpose, and if appropriate safeguards – such as anonymisation – can be implemented without compromising achievement of the aim pursued through the sharing. When the aim of the sharing requires businesses to disclose personal data, businesses must detect a legal ground to rely upon and comply with several data protection rules. The aim of this paper is to briefly analyze solutions adopted by stakeholders under the EU data protection legal framework.

Keywords

Data sharing EU data protection law Purpose limitation Data minimization Anonymised data Data subjects’ rights Privacy by design 

References

  1. 1.
    European Parliamentary Research Service, The Cost of Non-Europe in the Sharing Economy (2016)Google Scholar
  2. 2.
    European Commission, European Cloud Initiative - Building a competitive data and knowledge economy in Europe – COM (2016). 178 finalGoogle Scholar
  3. 3.
    European Union Agency for Fundamental Rights, Handbook on European Data Protection Law (2014)Google Scholar
  4. 4.
  5. 5.
    Information Commissioner’s Office, The Data Sharing Code of Practice (2011). https://ico.org.uk/media/for-organisations/documents/1068/data_sharing_code_of_practice.pdf
  6. 6.
    Article 29 Data Protection Working Party, Opinion 03/2013 on Purpose Limitation (WP203), 2 April 2013Google Scholar
  7. 7.
    Fisk, G., Ardi, C., Pickett, N., Heidemann, J., Fisk, M., Papadopoulos, C.: Privacy principles for sharing cyber security data. In: Security and Privacy Workshops (SPW). IEEE (2015)Google Scholar
  8. 8.
    Paul, O.: Broken promises of privacy: responding to the surprising failure of anonymisation. UCLA Rev. 57, 1707 (2009)Google Scholar
  9. 9.
    Kuan, H.W., Millard, C., Walden, I.: The problem of ‘personal data’ in cloud computing – what information is regulated? The cloud of unknowing. Int. Data Priv. Law 1(4), 211–228 (2011). Queen Mary School of Law Legal Studies Research Paper No. 75/2011CrossRefGoogle Scholar
  10. 10.
    Article 29 Working Party, Opinion 05/2014 on Anonymisation Technique (WP216), 10 April 2014Google Scholar
  11. 11.
    El Emam, K., Alvarez, C.: A critical appraisal of the article 29 working party opinion 05/2014 on data anonymization techniques. Int. Data Priv. Law 5(1), 73–87 (2015)CrossRefGoogle Scholar
  12. 12.
    Edwards, L., Abel, W.: The Use of Privacy Icons and Standard Contract Terms for Generating Consumer Trust and Confidence in Digital Services, CREATe Working Paper 2014/15, 31 October 2014Google Scholar
  13. 13.
    Holtz, L.-E., Nocun, K., Hansen, M.: Towards displaying privacy information with icons. In: Fischer-Hübner, S., Duquenoy, P., Hansen, M., Leenes, R., Zhang, G. (eds.) Privacy and Identity Management for Life. IFIP AICT, vol. 352, pp. 338–348. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  14. 14.
    Enisa, On the security, privacy and usability of online seals. An overview (2013)Google Scholar
  15. 15.
    Caimi, C., Gambardella, C., Manea, M., Petrocchi, M., Stella, D.: Legal and technical perspectives in data sharing agreements definition. In: Berendt, B., et al. (eds.) APF 2015. LNCS, vol. 9484, pp. 178–192. Springer, Heidelberg (2016). doi:10.1007/978-3-319-31456-3_10 CrossRefGoogle Scholar
  16. 16.
    Mantelero, A.: The future of consumer data protection in the E.U. rethinking the “notice and consent” paradigm in the new era of predictive analytics. Comput. Law Secur. Rev. 30(6), 643–660 (2014)CrossRefGoogle Scholar
  17. 17.
    Enisa, Privacy by Design in Big Data (2015)Google Scholar

Copyright information

© Springer International Publishing AG 2016

Authors and Affiliations

  1. 1.Studio Legale Bird & BirdMilanItaly

Personalised recommendations