Pricing privacy – the right to know the value of your personal data

The commodification of digital identities is an emerging reality in the data-driven economy. Personal data of individuals represent monetary value in the data-driven economy and are often considered a counter performance for “free” digital services or for discounts for online products and services. Furthermore, customer data and profiling algorithms are already considered a business asset and protected through trade secrets. At the same time, individuals do not seem to be fully aware of the monetary value of their personal data and tend to underestimate their economic power within the data-driven economy and to passively succumb to the propertization of their digital identity. An effort that can increase awareness of consumers/users on their own personal information could be making them aware of the monetary value of their personal data. In other words, if individuals are shown the “price” of their personal data, they can acquire higher awareness about their power in the digital market and thus be effectively empowered for the protection of their information privacy. This paper analyzes whether consumers/users should have a right to know the value of their personal data. After analyzing how EU legislation is already developing in the direction of propertization and monetization of personal data, different models for quantifying the value of personal data are investigated. These models are discussed, not to determine the actual prices of personal data, but to show that the monetary value of personal data can be quantified, a conditio-sine-qua-non for the right to know the value of your personal data. Next, active choice models, in which users are offered the option to pay for online services, either with their personal data or with money, are discussed. It is concluded, however, that these models are incompatible with EU data protection law. Finally, practical, moral and cognitive problems of pricing privacy are discussed as an introduction to further research. We conclude that such research is needed to see to which extent these problems can be solved or mitigated. Only then, it can be determined whether the benefits of introducing a right to know the value of your personal data outweigh the problems and hurdles related to it.     

Are ‘pseudonymised’ data always personal data? Implications of the GDPR for administrative data research in the UK

There has naturally been a good deal of discussion of the forthcoming General Data Protection Regulation. One issue of interest to all data controllers, and of particular concern for researchers, is whether the GDPR expands the scope of personal data through the introduction of the term ‘pseudonymisation’ in Article 4(5). If all data which have been ‘pseudonymised’ in the conventional sense of the word (e.g. key-coded) are to be treated as personal data, this would have serious implications for research. Administrative data research, which is carried out on data routinely collected and held by public authorities, would be particularly affected as the sharing of de-identified data could constitute the unconsented disclosure of identifiable information.Instead, however, we argue that the definition of pseudonymisation in Article 4(5) GDPR will not expand the category of personal data, and that there is no intention that it should do so. The definition of pseudonymisation under the GDPR is not intended to determine whether data are personal data; indeed it is clear that all data falling within this definition are personal data. Rather, it is Recital 26 and its requirement of a ‘means reasonably likely to be used’ which remains the relevant test as to whether data are personal. This leaves open the possibility that data which have been ‘pseudonymised’ in the conventional sense of key-coding can still be rendered anonymous. There may also be circumstances in which data which have undergone pseudonymisation within one organisation could be anonymous for a third party. We explain how, with reference to the data environment factors as set out in the UK Anonymisation Network's Anonymisation Decision-Making Framework.     

MiFID II – A radical contribution to the development of data law?

Away from the hubbub about HFT (High Frequency Trading) a quiet storm is blowing in to the EU that will radically change securities trading in bonds, OTC derivatives and other asset classes. The rules, called MiFID II,² top off the alphabet soup of an extensive new rule book that, after the European Parliament's ‘Super Tuesday’ on 15 April 2014, is finally set to become law. Radical changes are afoot!     

A review of telecom markets in the EU: What did the European Commission learn or not from the past?

The EU telecom regulation relies on a market-by-market sunset approach. In order to facilitate the market review of national regulatory authorities, the European Commission has offered two successive sets of recommended markets susceptible to ex ante regulation. The inclusion or exclusion of a recommended telecom market is analyzed on its competition conditions across the EU. Beginning in 2014 the European Commission published the draft third Market Recommendation. This article aims to give a critical evaluation of those recommended markets by surveying the competition situations on every telecom market in the EU Member States. It observes that while the drafted Third Recommendation makes a reasonable assessment for most telecom markets, it may not have appropriately addressed markets such as retail fixed access, wholesale call origination, wholesale fixed and mobile call termination, wholesale high-quality access, and wholesale broadcasting transmission.     

EU GDPR or APEC CBPR? A comparative analysis of the approach of the EU and APEC to cross border data transfers and protection of personal data in the IoT era

This article examines the two major international data transfer schemes in existence today – the European Union (EU) model which at present is effectively the General Data Protection Regulation (GDPR), and the Asia-Pacific Economic Cooperation (APEC) Cross Border Privacy Rules system (CBPR), in the context of the Internet of Things (IoT).While IoT data ostensibly relates to things i.e. products and services, it impacts individuals and their data protection and privacy rights, and raises compliance issues for corporations especially in relation to international data flows. The GDPR regulates the processing of personal data of individuals who are EU data subjects including cross border data transfers. As an EU Regulation, the GDPR applies directly as law to EU member nations. The GDPR also has extensive extraterritorial provisions that apply to processing of personal data outside the EU regardless of place of incorporation and geographical area of operation of the data controller/ processor. There are a number of ways that the GDPR enables lawful international transfer of personal data including schemes that are broadly similar to APEC CBPR.APEC CBPR is the other major regional framework regulating transfer of personal data between APEC member nations. It is essentially a voluntary accountability scheme that initially requires acceptance at country level, followed by independent certification by an accountability agent of the organization wishing to join the scheme. APEC CBPR is viewed by many in the United States of America (US) as preferable to the EU approach because CBPR is considered more conducive to business than its counterpart schemes under the GDPR, and therefore is regarded as the scheme most likely to prevail.While there are broad areas of similarity between the EU and APEC approaches to data protection in the context of cross border data transfer, there are also substantial differences. This paper considers the similarities and major differences, and the overall suitability of the two models for the era of the Internet of Things (IoT) in which large amounts of personal data are processed on an on-going basis from connected devices around the world. This is the first time the APEC and GDPR cross-border data schemes have been compared in this way. The paper concludes with the author expressing a view as to which scheme is likely to set the global standard.     

Transnational constitutionalism – conflicts-law constitutionalism – economic constitutionalism: the exemplary case of the European Union

Transnational constitutionalism is both a sociological given and a legal challenge. We observe the emergence of ever more legally framed transnational arrangements with ever more power and impact. Do such arrangements deserve to be called legitimate rule in Habermasian terms? Is it at all conceivable that the proprium of law can be defended against the rise of its informal competitors? This article opts for a third way that listens to neither the siren songs on law beyond the state nor to the defences of nation-state constitutionalism as the monopolist of legitimate rule. The proposed alternative suggests that transnational legal ordering of the European Union should build on its reconceptualization as a ‘three-dimensional conflicts law’ with a democracy-enhancing potential. This reconceptualization operationalizes the ‘united in diversity’ motto of the Draft Constitutional Treaty of 2004, preserves the essential accomplishments of Europe's constitutional democracies, provides for co-operative problem solving of transnational regulatory tasks, and retains supervisory powers over national and transnational arrangements of private governance.     

How Does the European Court of Justice Reason? A Review Essay on the Legal Reasoning of the European Court of Justice

This review essay analyses two significant recent contributions to the debate over the reasoning of the Court of Justice (CJ). These contributions highlight the impossibility of a wholly scientific and deductive approach to attributing ‘correct’ outcomes to the Court's case‐law. At the same time, their analysis adds significant findings for the debate over the Court's possible ‘activist’ or political role. Following from these contributions, this essay makes two arguments: firstly, that the inability of the Court to anchor its reasoning solely in a deductive form of legal reasoning should encourage the CJ to engage in a more advanced ‘constitutional dialogue’ with the EU's political institutions; and secondly, that truly understanding the Court's reasoning involves a closer analysis of the institutional and personal dynamics influencing Court decisions. Understanding European judicial reasoning may require a closer look at the social and political—as well as doctrinal—context within which European judges act.     

Who decides on the future of data protection? Role of law firms in shaping European data protection regime

Drawing on theories of European integration and governance and sociological studies on the influence of elite law firms on rule-setting, this paper shows that law firms (a) operate in the area of data protection that is of extreme complexity and requires expert knowledge; and (b) display characteristics similar to other actors who succeeded in influencing agenda-setting and the results of policy-making despite having no formal competence to do so. This article proposes a hypothesis of the influence of elite law firms in EU data protection rule-setting. It argues that the EU data protection sector is prone to such influence as it is by definition transnational and, at some technical and some core points, inadequate to reflect the real data processing practices and therefore is entrenched with uncertainty. Therefore, the research into politics of data protection in Europe cannot disregard the role of these actors in shaping the European data protection regime.     

Setting the Path for the UNWCC: The Representation of European Exile Governments on the London International Assembly and the Commission for Penal Reconstruction and Development, 1941–1944

This article discusses the development of the UNWCC and the intellectuals involved. It notes the commitment that smaller Allied states made to frame international criminal law with regard to war crimes. The article pays particular attention to two Czech delegates who stood out from the community of experts, and who were instrumental in formalizing how war crimes committed in Europe during the Second World War – and beyond – should be handled. The concept of crimes against humanity became a main outcome of the legal debates, serving not only as a blueprint for the London Charter, but the international criminal law system as a whole. The predecessors of the UNWCC, involving some of the most renowned lawyers of the time, formed one of the first truly transnational networks. Moreover, the experiences of the lawyers, and their framing of that experience in lengthy memorandums, helped to generate a new concept in politics: the protection of human rights.     

GeneMarker® HID: A reliable software tool for the analysis of forensic STR data

Abstract: GeneMarker^® HID was assessed as a software tool for the analysis of forensic short tandem repeat (STR) data and as a resource for analysis of custom STR multiplexes. The software is easy to learn and use, and includes design features that have the potential to reduce user fatigue. To illustrate reliability and accuracy, STR data from both single‐source and mixture profiles were analyzed and compared to profiles interpreted with another software package. A total of 1898 STR profiles representing 28,470 loci and more than 42,000 alleles were analyzed with 100% concordance. GeneMarker HID was also used to successfully analyze data generated from a custom STR multiplex, with simplified and rapid implementation. Finally, the impact of the user‐friendly design features of the software was assessed through a time scale study. The results suggest that laboratories can reduce the time required for data analysis by at least 25% when using GeneMarker HID.     

mHealth and data protection – the letter and the spirit of consent legal requirements

In this article, the role of consent is discussed in the framework of fundamental rights and in the context of mobile health technologies (mHealth), such as smart phones, mobile phones or tablet/palm-held computing devices to provide healthcare. The authors surmise how, in practice, although there will be more emphasis on informed consent formally, there will be less space for genuine individual consent. This betrays a focus more on the letter of consent rules in data protection than their spirit. This risks reducing consent to a tick box operation in a manner analogous to consumer transactions, something manifestly unsuitable for consent, even if only in informational terms, during medical procedures.     

A computerized data base of mail order garments – a contribution toward estimating the frequency of fibre types found in clothing: Part 3: The content of the data bank – is it representative?

In Part 3 of this series the authors have tried to evaluate the representativity of the Catalogue Data Base. At present this is only possible by comparing the fibre percentages obtained with figures from World Textile Production, with those of a more regional character, with existing data from alternative collections and with that from other enquiries. It is apparent that a true test for the representativity of the Catalogue Data Base is not possible. Figures which would be directly comparable do not exist. Nevertheless, it is possible to show that the most common fibre types and colours and their rank orders are the same in the different collections and production figures. The forensic value of common fibres when they appear in certain garments or combinations is presented and also the value of fibres which rarely appear in the CDB. The authors give an outlook on further activities to validate the data in the Catalogue Data Base and discuss the combination of the CDB data with that from alternative collections. Theoretical examples are presented.     

Reclaiming freedom of the press: A Hutchins Commission dream or nightmare?

This article explores how and why the Hutchins Commission's vision of a responsible press and an informed citizenry did not, and does not, realistically meet either the needs of the media industries or the public. Although it was the commission's goal to create a healthier society, the new technologies of communication present old and new problems—problems that cannot be negotiated by the commission's well‐meaning but idealistic notions of press responsibility. The Internet demonstrates the old dilemma of elite access and concentrated ownership and a new dilemma of utility characterized by isolated users whose communication can be argued only superficially as socially healthy. Perhaps a more innovative and structurally significant approach, beyond the rhetoric of “press‐responsibility,” is needed to create physical access to media that can achieve the kind of “publicness” the Hutchins Commission envisioned.     

Case comment: C-82/10 European Commission v Ireland—judgement of the Court of Justice of the European Union,September 29, 2011 (VHI case)

This article is the case comment on the recent judgement (September 29, 2011) of the Court of Justice of the European Union in the case No C-82/10 concerning non-life insurance. This case was initiated by the European Commission against Ireland for failure to fulfil its obligations by not covering the Voluntary Health Insurance Board by insurance supervisory scheme as provided for by relevant Directives. The above insurance institution which is the main health insurer in Ireland enjoys exemption from the supervisory scheme envisaged by relevant Directives. Ireland may maintain this exemption if its capacity is not amended; otherwise the above institution must be covered by the insurance supervisory scheme. This article provides a brief summary of facts and court conclusions alongside with relevant comments on the impact of this judgement. The author has commented both legal and economic aspect of this case paying particular attention to the role of this judgement in the development of the insurance supervisory scheme in the European Union law.     

There's more to it than data protection – Fundamental rights,privacy and the personal/household exemption in the digital age

Heated debates triggered by the plans to introduce the “right to be forgotten” exposed problems the all-encompassing application of rules on data processing may cause in practice. The purpose of this article is to discuss the compatibility of these rules with the rapidly evolving online environment in the context of the need to guarantee human rights on the internet. The author argues that there is an imbalance in the protection of individual rights online. It results from the limited application of personal/household exception and, in general, the narrow understanding of the concept of online privacy. According to the author in order for data protection laws to flesh out not only the fundamental right of data protection, but also play a mediatory role in balancing other rights, the application of the personal/household exception should be extended to include private online activities. This would reflect the complex character of the very concept of online privacy, diversity of actors and activities shaping online “territories”, as well as the increasingly heterogeneous fabric of the Web.     

The European Court of Justice – The Need for Change in a Changing World

The article, from a speech delivered at the 11th Liverpool Law ReviewAnnual Lecture at The Law School, Liverpool John Moore's University, November 2001, before invited guests and students, considers the role and position of the European Courts in achieving the objectives of the treaties and institutions of the European Union. It examines the current position of the Court of Justice of the European Communities and the Court of First Instance of the European Communities and the implications of the structural changes introduced by the Amsterdam Treaty. The article reflects upon how the future accession to the Union of new Member States may affect that situation. It also considers how changes proposed in the Treaty of Nice, when ratified, will enable the European Courts to meet future demands placed upon them. This revised version was published online in August 2006 with corrections to the Cover Date.