Vulnerability has traditionally been viewed through the lens of specific groups of people, such as ethnic minorities, children, the elderly, or people with disabilities. With the rise of digital media, our perceptions of vulnerable groups and individuals have been reshaped as new vulnerabilities and different vulnerable sub-groups of users, consumers, citizens, and data subjects emerge. Vulnerability and Data Protection Law not only depicts these problems but offers the reader a detailed investigation of the concept of data subjects and a reconceptualization of the notion of vulnerability within the General Data Protection Regulation. The regulation offers a forward-facing set of tools that-though largely underexplored-are essential in rebalancing power asymmetries and mitigating induced vulnerabilities in the age of artificial intelligence. Considering the new risks and potentialities of the digital market, the new awareness about cognitive weaknesses, and the new philosophical sensitivity about the condition of human vulnerability, the author looks for a more general and layered definition of the data subject's vulnerability that goes beyond traditional labels. In doing so, he seeks to promote a 'vulnerability-aware' interpretation of the GDPR. A heuristic analysis that re-interprets the whole GDPR, this work is essential for both scholars of data protection law and for policymakers looking to strengthen regulations and protect the data of vulnerable individuals.

This book will challenge the orthodox view that children cannot have the same rights as adults because they are particularly vulnerable. It will argue that we should treat adults and children in the same way as the child liberationists claim. However, the basis of that claim is not that children are more competent than we traditionally given them credit for, but rather that adults are far less competent than we give them credit for. It is commonly assumed that children are more vulnerable. That is why we need to have a special legal regime for children. Children cannot have all the same rights as adults and need especial protect from harms. While in the 1970s “child liberationists” mounted a sustained challenge to this image, arguing that childhood was a form of slavery and that the assumption that children lacked capacity was unsustainable. This movement has significantly fallen out of favour, particularly given increasing awareness of child abuse and the multiple ways that children can be harmed at the hands of adults. This book will explore the concept of vulnerability, the way it used to undermine the interests of children and our assumptions that adults are not vulnerable in the same way that children are. It will argue that a law based around mutual vulnerability can provide an approach which avoids the need to distinguish adults and children.

The concept of a risk-based approach to data protection came to the fore during the overhaul process of the EU's General Data Protection Regulation (GDPR). At its core, it consists of endowing the regulated organizations that process personal data with increased responsibility for complying with data protection mandates. Such increased compliance duties are performed through risk management tools. This book provides a comprehensive analysis of this legal and policy development, which considers a legal, historical, and theoretical perspective. By framing the risk-based approach as a sui generis implementation of a specific regulation model known as meta regulation, this book provides a recollection of the policy developments that led to the adoption of the risk-based approach in light of regulation theory and debates. It also discusses a number of salient issues pertaining to the risk-based approach, such as its rationale, scope, and meaning; the role for regulators; and its potential and limits. The book also looks at they way it has been undertaken in major statutes with a focus on key provisions, such as data protection impact assessments or accountability. Finally, the book devotes considerable attention to the notion of risk. It explains key terms such as risk assessment and management. It discusses in-depth the role of harms in data protection, the meaning of a data protection risk, and the difference between risks and harms. It also critically analyses prevalent data protection risk management methodologies and explains the most important caveats for managing data protection risks.

This book provides the first comprehensive doctrinal and comparative study to examine the influence of the fundamental human right to respect for private life on data retention within EU law, specifically communications data and passenger name record data, for the purpose of countering serious crime. First, it is the only academic publication that offers a complete picture of the EU's institutions, not just the Court of Justice of the EU, at work in a legally and politically sensitive field from a variety of perspectives, thereby contributing to a scholarly understanding of topics which tend to attract generalized opinions not based on detailed analysis of law and practice in specific areas. Secondly, this original analysis of EU data retention law casts a spotlight on the real and actual extent of the weight now being given in the mainstreaming of fundamental rights within the EU policymaking process, providing a more complete picture of the role and impact of human rights on this area of law and policymaking. Thirdly, this book is the only work to outline and examine in detail the impact of the tensions and dialogue between the EU and European Convention on Human Rights (ECHR) legal systems within the case law of both courts on data privacy and serious crime. In addition, this book also sets out the implications of the above analysis, and recent landmark jurisprudence on Article 8 ECHR and Articles 7 and 8 of the EU Charter of Fundamental Rights, for new related EU legislation, including Directive 2016/680 on data processing for the purposes of the prevention, investigation, detection or prosecution of criminal offences and relevant provisions of the forthcoming E-Privacy Regulation.

This book provides expert advice on the practical implementation of the European Union’s General Data Protection Regulation (GDPR) and systematically analyses its various provisions. Examples, tables, a checklist etc. showcase the practical consequences of the new legislation. The handbook examines the GDPR’s scope of application, the organizational and material requirements for data protection, the rights of data subjects, the role of the Supervisory Authorities, enforcement and fines under the GDPR, and national particularities. In addition, it supplies a brief outlook on the legal consequences for seminal data processing areas, such as Cloud Computing, Big Data and the Internet of Things.Adopted in 2016, the General Data Protection Regulation will come into force in May 2018. It provides for numerous new and intensified data protection obligations, as well as a significant increase in fines (up to 20 million euros). As a result, not only companies located within the European Union will have to change their approach to data security; due to the GDPR’s broad, transnational scope of application, it will affect numerous companies worldwide.

This new book provides an article-by-article commentary on the new EU General Data Protection Regulation. Adopted in April 2016 and applicable from May 2018, the GDPR is the centrepiece of the recent reform of the EU regulatory framework for protection of personal data. It replaces the 1995 EU Data Protection Directive and has become the most significant piece of data protection legislation anywhere in the world. The book is edited by three leading authorities and written by a team of expert specialists in the field from around the EU and representing different sectors (including academia, the EU institutions, data protection authorities, and the private sector), thus providing a pan-European analysis of the GDPR. It examines each article of the GDPR in sequential order and explains how its provisions work, thus allowing the reader to easily and quickly elucidate the meaning of individual articles. An introductory chapter provides an overview of the background to the GDPR and its place in the greater structure of EU law and human rights law. Account is also taken of closely linked legal instruments, such as the Directive on Data Protection and Law Enforcement that was adopted concurrently with the GDPR, and of the ongoing work on the proposed new E-Privacy Regulation.