Personal data protection in employment: New legal challenges for Malaysia

The purpose of this article is to discuss and apply data protection principles in the context of employment. The Personal Data Protection Act (PDPA), passed by the Malaysian Parliament in 2010, has affected many aspects of life in Malaysia, including employment. Storage of data by employers is rampant. Management, as the data user, is duty bound to safeguard the employees' data according to the PDPA. Likewise, the employees, as data subjects, enjoy some rights under the PDPA. The author also examines issues of privacy law: whether such law exists in Malaysia and, if so, whether it can be reconciled with the PDPA's principles. The author adopts legal methodology anchored in exploratory analysis, with the legislative text as the main reference point.     

Financial Intelligence Units: Reflections on the applicable data protection legal framework

Financial Intelligence Units (FIUs) are key players in the current Anti-Money Laundering and Countering the Financing of Terrorism (AML/CFT) legal system. FIUs are specialised bodies positioned between private financial institutions and states’ law enforcement authorities, what renders them a crucial middle link in the chain of information exchange between the private and public sectors. Considering that a large share of this information is personal data, its processing must meet the minimum data protection standards. Yet, the EU data protection legal framework is composed of two main instruments, i.e. the General Data Protection Regulation (GDPR) and the Law Enforcement Directive (LED), which provide different thresholds for the protection of personal data. The aim of this paper is to clarify the applicable data protection legal regime for the processing of personal data by FIUs for AML/CFT purposes. To that end, the paper provides an overview of the nature and goals of AML/CFT policy and discusses the problem of the diversity of existing FIU models. Further, it proposes a number of arguments in favour of and against the possibility of applying either the GDPR or LED to the processing of personal data by the FIUs and reflects on how convincingly these arguments can be used depending on the specificities of a given FIU model.     

大数据时代第三方医药平台的涉法革新

充分应用云计算技术的第三方医药平台逐步成为在线交易的主要场所与信息集散地,医药生产企业、经销商、各类医疗机构和其他用户通过站点交易工具完成询价、洽谈、签约、支付、配送与售后服务等。亟待通过立法完善电子身份认证与审查制度、构筑电子居间监管系统、明确医药电子错误及建立医药电子合同管控机制等,进一步促进平台内医药信息共享与交易公平。     

An international legal framework for data protection: Issues and prospects

The processing of personal data across national borders by both governments and the private sector has increased exponentially in recent years, as has the need for legal protections for personal data. This article examines calls for a global legal framework for data protection, and in particular suggestions that have been made in this regard by the International Law Commission and various national data protection authorities. It first examines the scope of a potential legal framework, and proceeds to analyze the status of data protection in international law. The article then considers the various options through which an international framework could be enacted, before drawing some conclusions about the form and scope such a framework could take, the institutions that could coordinate the work on it, and whether the time is ripe for a multinational convention on data protection.     

The legal construction of privacy and data protection

In this contribution, the authors explore the differences and interplays between the rights to privacy and data protection. They describe the two rights and come to the conclusion that they differ both formally and substantially, though overlaps are not to be excluded. Given these different yet not mutually exclusive scopes they then apply the rights to three case-studies (body-scanners, human enhancement technologies, genome sequencing), highlighting in each case potential legal differences concerning the scope of the rights, the role of consent, and the meaning of the proportionality test. Finally, and on the basis of these cases, the authors propose paths for articulating the two rights using the qualitative and quantitative thresholds of the two rights, which leads them to rethink the relationship between privacy and data protection, and ultimately, the status of data protection as a fundamental right.     

Investigating the legal protection of data,information and knowledge under the EU data protection regime

Information science distinguishes between the semantic forms/intangibles of data, information and knowledge. Data (e.g. an attribute of a data record in a relational database) does not have any meaning by itself. Information is data brought into context (e.g. data related to its primary key), and knowledge is the collection of information for useful intent (e.g. a database). This paper investigates the mapping of semantic forms in information science (i.e. data, information, knowledge) to correlative concepts in information law (primarily data protection legislation) with a view to investigating how such semantic forms are legally protected. The paper first proposes a data, information, knowledge, rules (DIKR) hierarchy in the context of relational database theory, and interprets this hierarchy with respect to data protection concepts. The paper then gives an in-depth discussion of the elements of the DIKR hierarchy (data, information, knowledge, deduced knowledge, induced knowledge) and how they relate to the EU Data Protection Directive 95/46/EC. These relationships are summarized in the form of a two dimensional correlation matrix. Finally the paper discusses how the semantic forms identified are protected under the EU Data Protection Directive, and gives insightful observations about the connection between information law and information science.     

The effect of dynamic legal tradition on financial development: panel data evidence

This study examines the effect of dynamic legal tradition on financial development. In line with the theory of “dynamic legal tradition” proposed by Beck et al. (Law, politics, and finance. World Bank, Washington, DC, 2001), political variables are employed in the analysis to assess whether these variables could affect the legal environment and hence financial development in countries with different adaptability. The empirical results from the panel data of 60 counties for the period 1980–2006, show that political power could change the legal environment, especially in common law countries, which in turn could affect the development of financial systems. The result demonstrates that political factors that promote shareholder rights greatly influence the development of financial system followed by political factors that promote investor protection.     

Human-centered legal tech: integrating design in legal education

As the legal profession begins in earnest to deploy digital technology in service and information delivery, greater numbers of law schools are including technology instruction in their curricula. The prospect of more lawyers with digital expertise, while a welcome development, amplifies a parallel imperative that new technology tools be designed to be responsive to evolving human needs. This paper argues that coupling technology instruction with training in human-centered design approaches offers legal educators a means of preparing lawyers not only able to generate novel technology solutions, but able to fundamentally improve legal institutions and programs through those results. The use of design pedagogies within legal education also provides educators and students with the opportunity to reimagine the law as a creative pursuit by exploring structured methods like empathy via observation, prototyping, and the embrace of failure, with learning outcomes that hold the potential to transform how lawyers approach their role. This paper concludes by detailing the insights the NuLawLab has gained in the application of design methodologies in the creation of digital legal resources, and the modifications we are adopting to the approach to produce better results for the legal sector.     

The mandatory notification of data breaches: Issues arising for Australian and EU legal developments

Public and private sector organisations are now able to capture and utilise data on a vast scale, thus heightening the importance of adequate measures for protecting unauthorised disclosure of personal information. In this respect, data breach notification has emerged as an issue of increasing importance throughout the world. It has been the subject of law reform in the United States and in other jurisdictions. This article reviews US, Australian and EU legal developments regarding the mandatory notification of data breaches. The authors highlight areas of concern based on the extant US experience that require further consideration in Australia and in the EU.     

Disclosure of medical data to relatives after the patient's death: recent legal developments with respect to relatives' entitlements in the Netherlands

In the Netherlands the physician is still bound to professional confidentiality after the patient's death. However, in the legal doctrine and in case law some exceptions have been recognized, especially for circumstances where the relatives have a legitimate interest in the inspection of medical records of the deceased. Today developments as regards the Dutch proposal to new legislation on patients' rights, notably the proposed insertion of a provision stipulating the conditions under which the relatives have a right of access to medical records of the deceased, give cause for renewed consideration of this issue related to legal protection after death. This article explores whether the proposed provision corresponds to the prevailing principles regarding disclosure of medical data after death. It is concluded that there is a need to reconsider the provision's wording or to adhere to self-regulation of the Royal Dutch Medical Association in order to strike an appropriate balance between the various interests concerned.     

The legal duty of IAPs to preserve traffic data: a dream or a nightmare?

This paper describes, from the perspective of a defence attorney, the role and the limitations of IAP involvement in digital evidence collection in Italy.     

Computer-aided qualitative data analysis of social media for teachers and students in legal education

This article addresses a new field for legal education researchers. It describes and discusses emergent methods for computer-aided qualitative data analysis of social media in legal education. Social media contributes opportunities for learning, teaching, and research for legal educators and students. It potentially expedites collaborations, sharing, and collection of information and commentary on relevant and important issues and topics. These sources provide content and data for learning, teaching, and research. Benefits of computer-aided qualitative data analysis of social media in legal education include a systematic approach, transparency, accountability and durability, and innovative ways to communicate insights through textual and graphical communications. The article uses two examples in which computer-aided qualitative data analysis, combined with qualitative data analysis strategies, can contribute insights in and about legal education: analysis of social media discussions involving specific topics or events – to study students’ work, or academics’ interactions at conferences; and analysis of legal educators’ scholarly communications and social media activities, toward improving the visibility and influence of legal education scholarship. Research ethics for studies involving social media and human participants are also considered.     

Personalized or bureaucratized justice in legal services: Resolving sociological ambivalence in the delivery of legal aid for the poor

This paper examines and tests some of the claims about the professional autonomy of attorneys working in a bureaucratic environment. Following an analysis of the concept of professionalism across various types of attorney practices, data are offered to explore how attorneys who provide legal services for the poor resolve the potential conflict between bureaucratic demands and personal or professional autonomy. The data, which consist of attorney time sheets covering some 2284 separate legal tasks as well as in-depth personal interviews with 23 attorneys, reveal some difference between actual practice routines and perceived personal autonomy. Implications of this for the delivery of legal service are discussed. The paper concludes that although the conflicting demands of legal services practice might lead to sociological ambivalence, as long as the attorneys do not perceive themselves as bureaucratic service deliverers but as autonomous professionals, there is little manifest ambivalence. Developing an adaptive strategy to avoid sociological ambivalence, attorneys see themselves as individual service providers, personalizing the justice they deliver.A lawyer is a lawyer-but only to a pointAn earlier version of this paper was presented to the Midwest Political Science Association Annual Meeting, Milwaukee, Wisconsin, April 28–May 2, 1982.