Are ‘pseudonymised’ data always personal data? Implications of the GDPR for administrative data research in the UK

There has naturally been a good deal of discussion of the forthcoming General Data Protection Regulation. One issue of interest to all data controllers, and of particular concern for researchers, is whether the GDPR expands the scope of personal data through the introduction of the term ‘pseudonymisation’ in Article 4(5). If all data which have been ‘pseudonymised’ in the conventional sense of the word (e.g. key-coded) are to be treated as personal data, this would have serious implications for research. Administrative data research, which is carried out on data routinely collected and held by public authorities, would be particularly affected as the sharing of de-identified data could constitute the unconsented disclosure of identifiable information.Instead, however, we argue that the definition of pseudonymisation in Article 4(5) GDPR will not expand the category of personal data, and that there is no intention that it should do so. The definition of pseudonymisation under the GDPR is not intended to determine whether data are personal data; indeed it is clear that all data falling within this definition are personal data. Rather, it is Recital 26 and its requirement of a ‘means reasonably likely to be used’ which remains the relevant test as to whether data are personal. This leaves open the possibility that data which have been ‘pseudonymised’ in the conventional sense of key-coding can still be rendered anonymous. There may also be circumstances in which data which have undergone pseudonymisation within one organisation could be anonymous for a third party. We explain how, with reference to the data environment factors as set out in the UK Anonymisation Network's Anonymisation Decision-Making Framework.     

A comparison of data protection legislation and policies across the EU

Although the protection of personal data is harmonized within the EU by Directive 95/46/EC and will be further harmonized by the General Data Protection Regulation (GDPR) in 2018, there are significant differences in the ways in which EU member states implemented the protection of privacy and personal data in national laws, policies, and practices. This paper presents the main findings of a research project that compares the protection of privacy and personal data in eight EU member states: France, Germany, the UK, Ireland, Romania, Italy, Sweden, and the Netherlands. The comparison focuses on five major themes: awareness and trust, government policies for personal data protection, the applicable laws and regulations, implementation of those laws and regulations, and supervision and enforcement.The comparison of privacy and data protection regimes across the EU shows some remarkable findings, revealing which countries are frontrunners and which countries are lagging behind on specific aspects. For instance, the roles of and interplay between governments, civil rights organizations, and data protections authorities vary from country to country. Furthermore, with regard to privacy and data protection there are differences in the intensity and scope of political debates, information campaigns, media attention, and public debate. New concepts like privacy impact assessments, privacy by design, data breach notifications and big data are on the agenda in some but not in all countries. Significant differences exist in (the levels of) enforcement by the different data protection authorities, due to different legal competencies, available budgets and personnel, policies, and cultural factors.     

DATA REGULATION IN THE INTERNET OF THINGS

The reflections on data regulation in the internet of things (IoT) in this paper provide an overview of the different conceptions and legal problems of “data property rights.” Beginning with an overview of the existing and possible applications of the future IoT (in particular, smart cars), this paper describes the legal concerns that may arise because of increased commercialization of object-generated data. The author uses German and European Union law to illustrate the legal complexities, solutions, and shortcomings. He demonstrates how and to what extent these issues are covered by traditional data protection regulations and highlights the conceptual blind spots of these regulations. He then contrasts the data protection paradigm (de lege lata) with the idea of a general erga omnes data property right (de lege ferenda) and describes the most common understanding of such a right, that is, a data producers’ property right. Against the background of the possible economic advantages of general data property rights, the paper discusses conceptual problems and constitutional concerns. In conclusion, the author rejects the idea of a general data property right.     

An examination of the experience of cryptocurrency use in Russia. In search of better practice

This study concerns the use of crypto-currency with specific reference to the situation in Russia. A variety of such systems exist; Bitcoin, however, is perhaps the best-known example and will be used as synonymous with the concept throughout this article. Our findings not only show how the views of Russian government bodies are formed and developed, but also sheds light on the specific innovative methods which legal entities use for development of the economy. Consideration will be given to recent developments within Russia which has been more active than many countries in seeking to clarify the status of Bitcoin and providing for the regulation of the technology.     

Opinion 1/15 of the Grand Chamber dated 26 July 2017 about the agreement on Passenger Name Record data between the EU and Canada

On 26 July 2017, the Grand Chamber of the European Court of Justice rendered its seminal Opinion 1/15 about the agreement on Passenger Name Record data between the EU and Canada. The Grand Chamber considered that the decision of the Council about the conclusion, on behalf of the Union, of the agreement between the EU and Canada about the transfer and processing of PNR data must be based jointly on Article 16(2) about the protection of personal data and Article 87(2)(a) about police co-operation among member states in criminal matters, but not on Article 82(1)(d) about judicial co-operation in criminal matters in the EU of the Treaty on the Functioning of the EU. The Grand Chamber also considered that the agreement is incompatible with Article 7 on the right to respect for private life, Article 8 on the right to the protection of personal data, Article 21 on non-discrimination and Article 52(1) on the principle of proportionality of the Charter of Fundamental Rights of the EU since it does not preclude the transfer, use and retention of sensitive data. In addition to the requirement to exclude such data, the Grand Chamber listed seven requirements that the agreement must include, specify, limit or guarantee to be compatible with the Charter.The opinion of the Grand Chamber has far-reaching implications for the agreement on PNR data between the EU and Canada. It has also far-reaching implications for international agreements on PNR data between the EU and other third states. Last, it has far-reaching implications for Directive 681 of 27 April 2016 on PNR data.     

数字政府建设中的政务服务

本文基于新公共管理和新公共服务两大理论的学理分析,剖析了数字政府建设中政务服务效能提升的制约瓶颈并提供了相应的对策建议.分析结果表明:分散的政务服务抑制了服务效能、异向的政务数据影响了业务协同、失衡的供给能力制约了发展水平.研究结论认为,优化政务服务基础平台、完善政务信息共享机制、提高政务服务供给能力是数字政府建设中政...     

Policy visions of big data: views from the Global South

Abstract

Government intentions stand at the heart of debates about how big data can and should be used in the Global South. This paper provides new insights by examining the political and economic visions promoted by emerging power governments in Brazil, India and China (the BICs). Doing so is crucial as these countries not only comprise some of the world’s largest populations, but have also demonstrated their initiative in national and international promotion of big data politics. Drawing on a content analysis of strategic and legal documents discussing the use of big data, we identify potential areas for big data cooperation among the BICs by determining the compatibility of national policy visions. Three visions are apparent: data as a force for political liberation or repression, for improving public services and for facilitating development. Successful BIC cooperation is likely related to the latter two, but less probable for the liberation/repression vision. We conclude by identifying the implications of BIC engagement with big data for the Global South more broadly.     

Generating data with sexual offenders using qualitative material: A paradigm to complement not compete with quantitative methodology

This paper proposes triangulation as a research strategy in which the domain of sexual offending may be assessed using both qualitative and quantitative data. Examples of studies that have employed this approach with sexual offenders are outlined, showing the benefit that can be gained from utilizing multiple methods of assessment. The paper also outlines a range of quality criteria when conducting qualitative research, that Gaskell and Bauer (2000) argue are functional equivalents of reliability and validity.     

The Social Outcomes of Education and Feedbacks on Growth in Africa

Most of the effects of education included in the complete model presented here are shown to be consistent with those found in the mainstream of the research on each outcome using microeconomic data. This, however, is a first effort to estimate net education effects more comprehensively, beyond just growth and health effects on other key measures of development in Africa, and also a new view of indirect feedbacks on economic growth and of externalities. After developing the conceptual framework, the regression estimates are presented together with a discussion of the net direct and indirect effects of education on each outcome. These are shown to improve infant mortality, increase longevity, strengthen civic institutions and democratisation, increase political stability, and increase investment in physical capital, which in turn have positive delayed feedback effects on the economic growth process. The effects also lower fertility rates and population growth rates but the latter occurs only after long delays because of the short-term positive effects of education on health. There are significant net education effects reducing poverty, inequality and crime, the latter after netting out negative externalities from growth and white-collar crime. Education effects reducing poverty and substituting skills for extractive exports also contribute to environmental sustainability. Simulations solve the complete model endogenously and iteratively over time for all of the direct and indirect (largely externality) effects. They reveal that indirect feedback effects including those on non-market outcomes are larger than the direct effects. Some effects are immediate, but many of the lags are long. So policy options for a continent in crisis that consider these lags are considered.     

Structural Convergence in Manufacturing Industries between Leaders and Latecomers

This article uses cross-country panel data on three-digit manufacturing to test for progressive structural convergence in industrial output mix between industrialising and industrialised economies. Regressions based on Logistic and Almost-Ideal models show that industrial deepening entails share losses for light and selected heavy manufacturing, and share gains for engineering and consumer durables. While semi-industrial economies manage to shift into petrochemical and engineering industries, the least industrialised nurture a broad spectrum of non-traditional manufacturing. Diversity in factor endowments and policy notwithstanding, growing similarity in demand and technological diffusion appear to produce weak convergence of industrial structures between developing and developed countries.