Aims,methods and achievements in European data protection1

The protection of personal data represents one of recent most emerging legal issues. On one hand, the privacy and the discretion of individuals are challenged by various new means of data collection and communication. On the other hand, the growth and development of the information economy is heavily dependent on the level of freedom of business units in gathering, processing and distribution of various kinds of information. In this short notice, we will try to summarize the experience with the data protection laws with respect to their basic teleology.     

香港个人资料隐私保护之经验——兼论我国个人资料保护法之制定

个人信息作为信息的一种,具有与信息相同的特征。个人资料属于现代隐私的外延,指的是可以识别出个人的所有资料。我国香港特别行政区已于1996年12月实施了《个人资料(私隐)条例》。在实施的十年间,法院与香港个人资料私隐专员公署分别做出了一些司法原则和执行决定,很值得我国在制定《个人资料保护法》时加以参考与借鉴。     

The fundamental right of data protection in the European Union: in search of an uncharted right

The entry into force of the EU Charter of Fundamental Rights and the ensuing introduction of the right to data protection as a new fundamental right in the legal order of the EU has raised some challenges. This article is an attempt to bring clarity on some of these questions. We will therefore try to address the issue of the place of the right to the protection of personal data within the global architecture of the Charter, but also the relationship between this new fundamental right and the already existing instruments. In doing so, we will analyse the most pertinent case law of the Court of Luxembourg, only to find out that it creates more confusion than clarity. The lesson we draw from this overview is that the reasoning of the Court is permeated by a ‘privacy thinking’, which consists not only in overly linking the rights to privacy and data protection, but also in applying the modus operandi of the former to the latter (which are different we contend). The same flawed reasoning seems to be at work in the EU Charter of Fundamental Rights. Therefore, it is crucial that the different modi operandi be acknowledged, and that any upcoming data protection instrument is accurately framed in relation with Article 8 of the Charter.     

大数据时代社区应急治理中居民隐私顾虑之化解

大数据时代社区应急治理现代化既要运用大数据技术提高应对突发事件的效能,也要兼顾对居民隐私权的有效保护,消除居民隐私顾虑.隐私权的双重属性和社区应急治理中不规范的居民信息采集、使用和泄露行为会导致出现侵害居民隐私权的情况,使居民产生隐私顾虑.因此,大数据环境下社区应急治理需加强对居民隐私的保护,从法律、责任、多元主体协同...     

网络信息隐私权法律保护研究

网络信息隐私权是网络环境中产生的新问题.从隐私权涵义入手,阐述网络环境中隐私和隐私权的内容,分析国外网络信息隐私权保护现状,分析我国网络信息隐私权的保护情况,对法律保护模式及立法架构进行理性思考.     

网络隐私法律保护简论

隐私一般是指与公共利益、群体利益无关的、当事人不愿让他人知道或他人不便知道的个人信息,而个人数据是所有用来标识个人基本情况的数据。文章针对互联网技术的发展为个人数据处理带来的隐私权问题,在分析西方国家保护模式、梳理我国隐私权保护现状基础上,提出了在我国加强网络空间的隐私权保护的必要性和紧迫性。     

Property rights in personal data: Learning from the American discourse

This contribution is an attempt to facilitate a meaningful European discussion on propertization of personal data by explaining the idea as it emerged in its ‘mother-jurisdiction’, the United States. The piece starts with an overview of how the current US legal system addresses the data protection problem and whether, according to the US commentators, the law does it effectively. Furthermore, the contribution presents propertization of personal information as an alternative to the existing data protection regime and one of the ways to fill in the alleged gaps in the US data protection system. The article maps the US propertization debate. Pro-propertization arguments are considered from economic perspective as well as from the perspective of the limitations of the US legal and political system. In continuation it analyses proposals on how property rights in personal data would have to be regulated, if at all, in case the idea of propertization is accepted. The main points of criticism of propertization are also sketched. The article concludes with a brief summary of the US propertization discourse and, most importantly, with a list of the lessons Europeans can learn from their American counterparts engaging in the debate in the home jurisdiction. Among the main messages is that the outcome of the debate depends on the definition of the problem propertization is called on to tackle, and that it is the substance of the actual rights with regard to personal data that matters, and not whether we label them as property rights or not.     

个人信用信息数据库在我国征信体系构建中的法律定位分析

个人信用信息数据库的法律定位分析系指对数据库保护的具体法律关系定位而言。在我国征信体系构建的过程中,个人信用信息数据库的权利主体是谁,具体权利及权利内容如何,需要在借鉴美国、欧盟、日本等征信国家信用立法、管理等经验的基础上,结合我国的实际情况进行路径选择并给出具体设计。     

论我国基因隐私保护的立法模式选择

基因科技的发展激发了一种新的隐私保护需要——基因隐私.学界在对基因隐私法律保护的必要性达成一致后,对具体的法律保护进路存有争议.通过梳理基因隐私综合立法和单独立法两种保护模式的学理论证、立法实践及立法背景,根据我国实际,可以认为,我国现阶段应当采取以小综合立法模式为主,辅以行业自律机制,并在条件成熟时,向单独立法的保护进路发展.     

信息时代隐私权保护面临的挑战与应对

信息社会中人类生活的信息化、个人信息商品化、个人信息公用化、网络人格虚拟化等特征为隐私权的发展提供了时代背景并对隐私权的保护提出了挑战。信息社会的隐私权具备了不同于传统隐私权的特点：涉及范围扩充、积极权能增强、权利相对化等，因此，对于隐私权的保护也需要采取多样化的手段，以应对信息社会中隐私权保护所面临的隐私侵权问题严重、行为规范与伦理道德缺失等挑战。保护信息时代隐私权，既需要完善立法、建构隐私权保护的综合体系，同时还需要民众教育、技术开发、行业自律等环节的互相配合。     

Citizens' perceptions of data protection and privacy in Europe

Data protection and privacy gain social importance as technology and data flows play an ever greater role in shaping social structure. Despite this, understanding of public opinion on these issues is conspicuously lacking. This article is a meta-analysis of public opinion surveys on data protection and privacy focussed on EU citizens. The article firstly considers the understanding and awareness of the legal framework for protection as a solid manifestation of the complex concepts of data protection and privacy. This is followed by a consideration of perceptions of privacy and data protection in relation to other social goals, focussing on the most visible of these contexts–the debate surrounding privacy, data protection and security. The article then considers how citizens perceive the ‘real world’ environment in which data processing takes place, before finally considering the public's perception and evaluation of the operation of framework against environment.     

Protecting the privacy and security of sensitive customer data in the cloud

The global ubiquity of cloud computing may expose consumers' sensitive personal data to significant privacy and security threats. A critical challenge for the cloud computing industry is to earn consumers' trust by ensuring adequate privacy and security for sensitive consumer data. Regulating consumer privacy and security also challenges government enforcement of data protection laws that were designed with national borders in mind. From an information privacy perspective, this article analyses how well the regulatory frameworks in place in Europe and the United States help protect the privacy and security of sensitive consumer data in the cloud. It makes suggestions for regulatory reform to protect sensitive information in cloud computing environments and to remove regulatory constraints that limit the growth of this vibrant new industry.     

Investigating the legal protection of data,information and knowledge under the EU data protection regime

Information science distinguishes between the semantic forms/intangibles of data, information and knowledge. Data (e.g. an attribute of a data record in a relational database) does not have any meaning by itself. Information is data brought into context (e.g. data related to its primary key), and knowledge is the collection of information for useful intent (e.g. a database). This paper investigates the mapping of semantic forms in information science (i.e. data, information, knowledge) to correlative concepts in information law (primarily data protection legislation) with a view to investigating how such semantic forms are legally protected. The paper first proposes a data, information, knowledge, rules (DIKR) hierarchy in the context of relational database theory, and interprets this hierarchy with respect to data protection concepts. The paper then gives an in-depth discussion of the elements of the DIKR hierarchy (data, information, knowledge, deduced knowledge, induced knowledge) and how they relate to the EU Data Protection Directive 95/46/EC. These relationships are summarized in the form of a two dimensional correlation matrix. Finally the paper discusses how the semantic forms identified are protected under the EU Data Protection Directive, and gives insightful observations about the connection between information law and information science.     

The NHS Information Revolution: ‘Choice of Control’ to ‘Choice’ and ‘Control’

This paper provides a novel and critical analysis of the necessary and important balance between ‘individual privacy’ and ‘collective transparency’. We suggest that the onset of the Information Revolution has created a dilemma for the National Health Service (NHS) in terms of how it addresses its obligation to use information to improve best practice in healthcare for society (‘collective transparency’) whilst also keeping sensitive personal information confidential (‘individual privacy’). There is clearly a need to consider both whether the NHS is balancing this critically important informational relationship and whether its approach is fit for purpose. We argue that the NHS's ‘proxy-individual’ information guardian role could inadvertently mask individuals' intended roles, effectively circumventing autonomy-based laws by limiting the power of individuals to be autonomous. In this article we have identified three issues – first the prevailing ‘Mindset’ (the ‘M’) of ‘privacy’, which is viewed as individualistic, resulting in an overpowering concept of confidentiality; second, the quality and control of Information (the first ‘I’); and third, the concept of innovation (the second ‘i’), which is being used as a ‘solution’ rather than a vehicle for transparency. Indeed, transparency is our target of ‘best practice,’ and we suggest that individual privacy and collective transparency are best embedded within a complementary privacy framework that offers a better fit than the current split of control between the roles of the NHS and the roles of the individual. It is suggested that when facilitated by transparency, ‘control’ and ‘privacy’ form a continuum, aligning through the desire for choice. Therefore, the choice of control could facilitate control and choice. Together, they could replace the concept of privacy by empowering ‘informed patients’ to support the NHS's ‘No decision about me, without me’ pledge.     

‘Look to yourselves,that we lose not those things which we have wrought.’ What do the proposed changes to the purpose limitation principle mean for public bodies' rights to access third-party data?

This article analyses the proposed changes to the purpose limitation principles contained in the draft Data Protection Regulation adopted by the European Commission in January 2012. It examines the historical motives for the introduction of the principle as part of the 1995 Data Protection Directive, and looks at the constitutional framework under which it operates both at EU and member state level. It considers the risks and long-term consequences that EU citizens may face if the principle is eroded or substantially abandoned.     

网络信息时代电子病历的隐私保护研究

与传统纸质病历相比,电子病历信息的存储和共享的范围将进一步扩大,但同时也为隐私信息的暴露提供捷径。本文通过分析我国电子病历隐私保护现状及存在的问题,并对比发展较好的其他国家电子病历隐私保护历程,提出我国进一步完善电子病历隐私保护的建议。