EU data protection law is of great practical relevance for any company doing business in today's global information economy. This book provides a detailed and practical exposition of European data protection law in the context of the issues that arise in electronic commerce and dataprocessing. It analyses the relevant EU legislation and case-law, and makes particular reference to the EU Data Protection Directives as well as to the national regulatory systems in Europe and the US. Numerous examples are taken from practice, and advice is given on how the relevant data protectionlaws apply to and impact upon business in Europe, the US, and worldwide. Beginning with a detailed description of the legislative process, the book goes on to discuss the basic legal concepts underlying data protection law. It then focuses on how to determine whether EU law applies to particular electronic commerce and online activities, and how to transfer personal dataoutside Europe so as to comply with EU law. The book also includes a comprehensive analysis of how to deal with complex compliance challenges, including notification of databases, processing of employee data, privacy policies, and website compliance and standardization. The key legislative texts needed to deal with complex data protection issues are included in the appendices, along with forms and precedents, contact information for data protection authorities, and links to useful websites. The book is fully up-to-date with the amendments to the TelecommunicationsData Protection Directive passed in the summer of 2002.

All are agreed that the digital economy contributes to a dynamic evolution of markets and competition. Nonetheless, concerns are increasingly raised about the market dominance of a few key players. Because these companies hold the power to drive rivals out of business, regulators have begun to seek scope for competition enforcement in cases where companies claim that withholding data is needed to satisfy customers and cut costs. This book is the first focus on how competition law enforcement tools can be applied to refusals of dominant firms to give access data on online platforms such as search engines, social networks, and e-commerce platforms – commonly referred to as the ‘gatekeepers’ of the Internet. The question arises whether the denial of a dominant firm to grant competitors access to its data could constitute a ‘refusal to deal’ and lead to competition law liability under the so-called ‘essential facilities doctrine', according to which firms need access to shared knowledge in order to be able to compete. A possible duty to share data with rivals also brings to the forefront the interaction of competition law with data protection legislation considering that the required information may include personal data of individuals. Building on the refusal to deal concept, and using a multidisciplinary approach, the analysis covers such issues and topics as the following: – data portability; – interoperability; – data as a competitive advantage or entry barrier in digital markets; – market definition and dominance with respect to data; – disruptive versus sustaining innovation; – role of intellectual property regimes; – economic trade-off in essential facilities cases; – relationship of competition enforcement with data protection law and – data-related competition concerns in merger cases. The author draws on a wealth of relevant material, including EU and US decision-making practice, case law, and policy documents, as well as economic and empirical literature on the link between competition and innovation. The book concludes with a proposed framework for the application of the essential facilities doctrine to potential forms of abuse of dominance relating to data. In addition, it makes suggestions as to how data protection interests can be integrated into competition policy. An invaluable contribution to ongoing academic and policy discussions about how data-related competition concerns should be addressed under competition law, the analysis clearly demonstrates how existing competition tools for market definition and assessment of dominance can be applied to online platforms. It will be of immeasurable value to the many jurists, business persons, and academics concerned with this very timely subject.

GDPR: Personal Data Protection in the European Union Mariusz Krzysztofek Personal data protection has become one of the central issues in any understanding of the current world system. In this connection, the European Union (EU) has created the most sophisticated regime currently in force with the General Data Protection Regulation (GDPR) (EU) 2016/679. Following the GDPR’s recent reform – the most extensive since the first EU laws in this area were adopted and implemented into the legal orders of the Member States – this book offers a comprehensive discussion of all principles of personal data processing, obligations of data controllers, and rights of data subjects, providing a thorough, up-to-date account of the legal and practical aspects of personal data protection in the EU. Coverage includes the recent Court of Justice of the European Union (CJEU) judgment on data transfers and new or updated data protection authorities’ guidelines in the EU Member States. Among the broad spectrum of aspects of the subject covered are the following: – right to privacy judgments of the CJEU and the European Court of Human Rights; – scope of the GDPR and its key definitions, key principles of personal data processing; – legal bases for the processing of personal data; – direct and digital marketing, cookies, and online behavioural advertising; – processing of personal data of employees; – sensitive data and criminal records; – information obligation & privacy notices; – data subjects rights; – data controller, joint controllers, and processors; – data protection by design and by default, data security measures, risk-based approach, records of personal data processing activities, notification of a personal data breach to the supervisory authority and communication to the data subject, data protection impact assessment, codes of conduct and certification; – Data Protection Officer; – transfers of personal data to non-EU/EEA countries; and – privacy in the Internet and surveillance age. Because the global scale and evolution of information technologies have changed the data processing environment and brought new challenges, and because many non-EU jurisdictions have adopted equivalent regimes or largely analogous regulations, the book will be of great usefulness worldwide. Multinational corporations and their customers and contractors will benefit enormously from consulting and using this book, especially in conducting case law, guidelines and best practices formulated by European data protection authorities. For lawyers and academics researching or advising clients on this area, this book provides an indispensable source of practical guidance and information for many years to come.

The new edition of this acclaimed book has been expanded to give a fully updated overview of European data protection law, with a focus on data protection compliance issues affecting companies, and incorporating the important legal developments which have taken place since the last edition was published. These include the first three cases of the European Court of Justice interpreting the EU Data Protection Directive (95/46); accession of new Member States to the EU; the new Data Retention Directive; new developments on international data transfers, such as model contracts and binding corporate rules; and conflicts between US security requirements and EU data protection law. The book provides pragmatic guidance for companies faced with data protection compliance issues. It includes extensive appendices, such as texts of the relevant directives, model contracts, and overviews of Member State implementations.

The rapid development of information technology has exacerbated the need for robust personal data protection, the right to which is safeguarded by both European Union (EU) and Council of Europe (CoE) instruments. Safeguarding this important right entails new and significant challenges as technological advances expand the frontiers of areas such as surveillance, communication interception and data storage. This handbook is designed to familiarise legal practitioners not specialised in data protection with this emerging area of the law. It provides an overview of the EU’s and the CoE’s applicable legal frameworks. It also explains key case law, summarising major rulings of both the Court of Justice of the European Union and the European Court of Human Rights. In addition, it presents hypothetical scenarios that serve as practical illustrations of the diverse issues encountered in this ever-evolving field.

This book on privacy and data protection offers readers conceptual analysis as well as thoughtful discussion of issues, practices, and solutions. It features results of the seventh annual International Conference on Computers, Privacy, and Data Protection, CPDP 2014, held in Brussels January 2014. The book first examines profiling, a persistent core issue of data protection and privacy. It covers the emergence of profiling technologies, on-line behavioral tracking, and the impact of profiling on fundamental rights and values. Next, the book looks at preventing privacy risks and harms through impact assessments. It contains discussions on the tools and methodologies for impact assessments as well as case studies. The book then goes on to cover the purported trade-off between privacy and security, ways to support privacy and data protection, and the controversial right to be forgotten, which offers individuals a means to oppose the often persistent digital memory of the web. Written during the process of the fundamental revision of the current EU data protection law by the Data Protection Package proposed by the European Commission, this interdisciplinary book presents both daring and prospective approaches. It will serve as an insightful resource for readers with an interest in privacy and data protection.

This book provides expert advice on the practical implementation of the European Union’s General Data Protection Regulation (GDPR) and systematically analyses its various provisions. Examples, tables, a checklist etc. showcase the practical consequences of the new legislation. The handbook examines the GDPR’s scope of application, the organizational and material requirements for data protection, the rights of data subjects, the role of the Supervisory Authorities, enforcement and fines under the GDPR, and national particularities. In addition, it supplies a brief outlook on the legal consequences for seminal data processing areas, such as Cloud Computing, Big Data and the Internet of Things.Adopted in 2016, the General Data Protection Regulation will come into force in May 2018. It provides for numerous new and intensified data protection obligations, as well as a significant increase in fines (up to 20 million euros). As a result, not only companies located within the European Union will have to change their approach to data security; due to the GDPR’s broad, transnational scope of application, it will affect numerous companies worldwide.