Security policies and the weakening of personal data protection in the European Union

In recent years, the reinforcement of security policies alongside the expansion of information systems for law enforcement and crime prevention entailed growing restrictions to personal data protection principles and procedural rights in the European Union. This paper seeks to elucidate this trend, while matching it with an EU institutional discourse based on balancing and proportionality. Indeed, EU institutions regularly present security measures and fundamental rights as somewhat symmetric values to be easily conciliated through balancing and proportionality. Considering the raising of the protection of personal data to the status of a fundamental right by the Charter of Fundamental Rights, its effect on a possible rebalancing of the values at stake is discussed. Yet, we conclude, for the time being, the potential for just and democratic solutions provided by the ideas of balancing and proportionality does not appear to be properly used.     

大数据背景下个人生物识别信息安全的法律规制

个人生物识别信息具有个人数据的唯一性、程序识别性、可复制性、损害的不可逆性及信息的关联性等特征。在大数据背景下,个人生物识别信息的广泛应用会带来严重的生物信息安全风险,其滥用可造成隐私权、平等权和财产权等权益受到侵犯,需要立法进行全方位规制。我国目前个人生物信息的相关立法存在总体位阶较低且内容分散、保护范围狭窄、权利义务边界不清、法律责任不明晰等缺陷,应当采取渐进式专门立法的思路,完善现有相关部门法关于个人生物信息的规制内容,构建层次分明、内外协调的个人生物识别信息安全保护的法律体系。     

香港个人资料隐私保护之经验——兼论我国个人资料保护法之制定

个人信息作为信息的一种,具有与信息相同的特征。个人资料属于现代隐私的外延,指的是可以识别出个人的所有资料。我国香港特别行政区已于1996年12月实施了《个人资料(私隐)条例》。在实施的十年间,法院与香港个人资料私隐专员公署分别做出了一些司法原则和执行决定,很值得我国在制定《个人资料保护法》时加以参考与借鉴。     

Legal constraints for the protection of privacy and personal data in electronic evidence handling1

This paper describes the application of personal data protection rules in the process of e‐evidence handling. It focuses mainly on the application of Directive 95/46/EC rules to the digital environment. It also makes reference to the legal risks derived from the collection and processing of e‐evidence in violation of privacy and personal data protection law.     

Ownership of personal data in the Internet of Things

This article analyses, defines, and refines the concepts of ownership and personal data to explore their compatibility in the context of EU law. It critically examines the traditional dividing line between personal and non-personal data and argues for a strict conceptual separation of personal data from personal information. The article also considers whether, and to what extent, the concept of ownership can be applied to personal data in the context of the Internet of Things (IoT). This consideration is framed around two main approaches shaping all ownership theories: a bottom-up and top-down approach. Via these dual lenses, the article reviews existing debates relating to four elements supporting introduction of ownership of personal data, namely the elements of control, protection, valuation, and allocation of personal data. It then explores the explanatory advantages and disadvantages of the two approaches in relation to each of these elements as well as to ownership of personal data in IoT at large. Lastly, this article outlines a revised approach to ownership of personal data in IoT that may serve as a blueprint for future work in this area and inform regulatory and policy debates.     

论个人信用体系建设中对隐私权的法律保护

现代社会日益发展成为信用经济社会。因此,个人信用体系建设的重要性逐渐凸显出来。个人信用体系运营围绕的核心就在于个人的信用信息,而这无时不与个人的隐私相联系,进而牵涉到个人的隐私权保护问题。针对此问题,本文从信用记录的原则、范围、使用规定及个人信用记录的维护等方面提出了在个人信用体系建设立法中对个人隐私权保护的措施。     

论中医药传统知识保护立法的基本原则

中医药传统知识不仅是我国的传统文化和医疗资源,也是具有巨大经济价值的商业资源,通过立法来保护中医药传统知识已经成为了中医药界的共识。在保护中医药传统知识立法的过程中,立法技术要遵循与现行法律有效衔接、制度创新、上位法与下位法相结合等基本原则;立法内容要遵循保护与利用相结合、分类确权、体现价值、国家利益、政府主导等基本原则;立法进程要遵循先易后难、协调配合等基本原则,从而实现对中医药传统知识保护法律制度的系统构建。     

Investigating the legal protection of data,information and knowledge under the EU data protection regime

Information science distinguishes between the semantic forms/intangibles of data, information and knowledge. Data (e.g. an attribute of a data record in a relational database) does not have any meaning by itself. Information is data brought into context (e.g. data related to its primary key), and knowledge is the collection of information for useful intent (e.g. a database). This paper investigates the mapping of semantic forms in information science (i.e. data, information, knowledge) to correlative concepts in information law (primarily data protection legislation) with a view to investigating how such semantic forms are legally protected. The paper first proposes a data, information, knowledge, rules (DIKR) hierarchy in the context of relational database theory, and interprets this hierarchy with respect to data protection concepts. The paper then gives an in-depth discussion of the elements of the DIKR hierarchy (data, information, knowledge, deduced knowledge, induced knowledge) and how they relate to the EU Data Protection Directive 95/46/EC. These relationships are summarized in the form of a two dimensional correlation matrix. Finally the paper discusses how the semantic forms identified are protected under the EU Data Protection Directive, and gives insightful observations about the connection between information law and information science.     

论一般人格权的功能与制度价值

一般人格权是指民事主体所享有的,概括人格独立、人格平等、人格自由、人格尊严全部内容的一般人格利益,并由此产生和规定具体人格权的个人基本权利。它是为弥补具体人格权封闭性缺陷而产生的概念,以人格独立、人格自由、人格平等和人格尊严为其内容,具有解释功能、补充功能与创造功能。在我国民法典中应明确予以规定。     

On the "general acceptance" of handwriting identification principles

Informed by the admissibility requirements of the broad and narrow Frye tests as well as Daubert's general acceptance factor, the present study elicited the views of a homogeneous group of forensic document examiners and a heterogeneous group of handwriting scientists regarding the degree to which a set of principles relating to the nature of handwriting and its identification were generally accepted within the respondents' fields. Among forensic document examiners, the greatest agreement was found concerning the process of examination, and somewhat less agreement on other matters. Forensic document examiners and handwriting scientists appear not to agree on the acceptability of most of the propositions.     

Shared genetic data and the rights of involved people.

The authors examine the two main attitudes toward genetics: Exceptionalism and Undervaluation. They firstly pose the basis of the matter from the scientific point of view and then verify how these two attitudes really work in the different fields where human genetics finds relevant applications, dealing with the questions arising from the unique characteristics of genetic data that is shared among the whole bio-group. Then some judicial cases related to the conflicts arising when genetic data are stored in repositories, whatever the aims and reasons, are presented and discussed. The matter is then considered from the criminal law perspective, in the light of the new possible implications of DNA fingerprinting in criminal investigations. Finally, some general considerations on opposing Exceptionalism/Undervaluation viewpoints and the real reason for making up new rules are presented.     

论国际水域利用和保护的原则

本文提出了各国在利用和保护国际水域中所应遵循的四大原则 ,即公平合理利用原则、不造成重大损害原则、受益补偿原则、国际合作原则 ,并从有关的国际条约和国际司法判例入手就各原则进行详细论述。     

遗传资源、传统知识与民间文学保护若干基本问题之探讨（二）

一、传统知识的保护(一)传统知识的概念目前在对传统知识概念的探讨上,WIPO所提出的概念具有一定的代表性。根据WIPO的报告,传统知识是指“以传统为基础之文学、艺术或科学作品;表演;发明;科学发现;外观设计;符号、名称与象征;未公开信息;以及工业、科学、文学、艺术领域或其他一切以传统为基础的创新与创作”。在传统知识的概念中,“以传统为基础”是核心要素,它指“知识体系、智力创造和创新活动、文化表达形式通常都是代代相传的,其被认定为系某个特定人群或居住区域所固有,并随着环境的变化而不断演进。”〔1〕从WIPO对传统知识所…     

Population data on nine STRs from Cantabria, a mountainous region in northern Spain.

Allele frequencies for nine STRs loci included in the AmpFlTR Profiler Plus kit (D3S1358, vWA, FGA, D8S1179, D21S11, D18S51, D5S818, D13S317, D7S820) were obtained from a sample of 158 unrelated individuals living in Cantabria, a region in northern Spain.     

A reflection on the priorities of a data protection authority

Eric Howe, the first Data Protection Registrar, was setting up his Office about the same time as the first appearance in 1985 of this journal, whose distinguished editor Professor Saxby is now retiring. That is this author's excuse for looking back to the early years of United Kingdom data protection and reflecting on what a data protection authority is actually for. As this article hopes to make clear, using the early United Kingdom experience as an example, Data Protection Authorities are faced with an unclear role running the risk of creating false expectations among the general public. The author concludes that representations to government are often minimally effective and that with the limited resources available a DPA should give priority to encouraging compliance by data controllers and assisting individuals with a complaints resolution service.     

Rights and obligations of the persons concerning their genetic data.

The right to privacy is a right that is universally recognised and which encompasses the protection of the genetic codes. However, this is not an absolute right and is limited when certain interests come into play. This article highlights such limits, analysing the different uses that can be made with the genetic data, as well as the dangers that such uses can entail.