6,748 research outputs found
Data protection and the legitimate interest of data controllers: much ado about nothing or the winter of rights?
EU data protection law is in a process of reform to meet the challenges of the modern economy and rapid technological developments. This study analyses the legitimate interest of data controllers as a legal basis for
processing personal data under both the current data protection legislation and its proposed reform. The relevant provision expands the scope of lawful processing, but is formulated ambiguously, creating legal
uncertainty and loopholes in the law. The new proposed regime does not resolve the problem.Taking aârightsâ perspective, the paper aims to show that the provision should be narrowly interpreted in light of the ECJ case
law, and to give effect to the Charter of Fundamental Rights; a rephrasing of the norm is desirable. The provision on the legitimate interest of data controllers weakens the legal protection of data subjects
Behind Enemy Phone Lines: Insider Trading, Parallel Enforcement, and Sharing the Fruits of Wiretaps
Two key trends were present in the successful prosecution of Raj Rajaratnam and his coconspirators in one of the largest insider-trading conspiracies in history: the use of wiretaps to investigate and prosecute insider trading and a joint effort between the Department of Justice (DOJ) and the Securities & Exchange Commission (SEC) to conduct the investigation. Despite the close working relationship between the DOJ and the SEC, the DOJ never disclosed the fruits of the wiretaps to the SEC, presumably due to its belief that Title III of the Omnibus Crime Control and Safe Streets Act of 1968 (as amended, the âWiretap Actâ)âthe comprehensive framework that authorizes the government to conduct wiretaps in certain circumstancesâprohibited it from doing so.
Though the Second Circuit in SEC v. Rajaratnam ultimately held that the SEC could obtain wiretap materials from the criminal defendants as part of civil discovery, the question of whether direct disclosure of the wiretap materials from the DOJ to the SEC is prohibited has been raised but not yet addressed. This Note analyzes previous cases addressing the construction of the Wiretap Actâs disclosure provisions and concludes that direct disclosure from the DOJ to the SEC is not prohibited by the Act. It further proposes a process by which civil enforcement agencies, such as the SEC, can request disclosure of wiretap materials through the DOJ in such a way that balances the benefits of disclosure against the privacy interests of the parties whose conversations were intercepted
The right to privacy whithin criminal investigations: an approach from Strasbourg
The final degree paper analyzes the protection to the right to privacy within the criminal investigation process. During the investigations, the right to privacy of the suspect might be in danger due to the necessity of obtaining evidences for the future trial. For assessing the limits of the right to privacy in this purpose, the rules established by the European Convention of Human Rights and the interpretation of the Strasbourg Court will be taken into accoun
Protecting Information Privacy
This report for the Equality and Human Rights Commission (the Commission) examines the threats to information privacy that have emerged in recent years, focusing on the activities of the state. It argues that current privacy laws and regulation do not adequately uphold human rights, and that fundamental reform is required. It identifies two principal areas of concern: the stateâs handling of personal data, and the use of surveillance by public bodies. The central finding of this report is that the existing approach to the protection of information privacy in the UK is fundamentally flawed, and that there is a pressing need for widespread legislative reform in order to ensure that the rights contained in Article 8 are respected. The report argues for the establishment of a number of key âprivacy principlesâ that can be used to guide future legal reforms and the development of sector-specific regulation. The right to privacy is at risk of being eroded by the growing demand for information by government and the private sector. Unless we start to reform the law and build a regulatory system capable of protecting information privacy, we may soon find that it is a thing of the past
The right to privacy whithin criminal investigations: an approach from Strasbourg
The final degree paper analyzes the protection to the right to privacy within the criminal investigation process. During the investigations, the right to privacy of the suspect might be in danger due to the necessity of obtaining evidences for the future trial. For assessing the limits of the right to privacy in this purpose, the rules established by the European Convention of Human Rights and the interpretation of the Strasbourg Court will be taken into accoun
Reconciling U.S. Banking and Securities Data Preservation Rules with European Mandatory Data Erasure Under GDPR
United States law, which requires financial institutions to retain customer data, conflicts with European Union law, which requires financial institutions to delete customer data on demand. A financial institution operating transnationally cannot comply with both U.S. and EU law. Financial institutions thus face the issue that they cannot possibly delete and retain the same data simultaneously. This Note will clarify the scope and nature of this conflict.
First, it will clarify the conflict by examining (1) the relevant laws, which are Europeâs General Data Protection Regulation (GDPR), the U.S. Bank Secrecy Act, and Securities and Exchange Commission (SEC) regulations, (2) GDPRâs application to U.S. financial institutions, and (3) U.S. lawâs extraterritorial application to financial institutions operating in Europe, under the U.S. Supreme Courtâs Morrison-Kiobel two-step analysis. Second, it will propose a solution by examining international law and U.S. foreign relations law.
United States law subjects financial institutions to multiple data retention requirements. Securities regulations require broker-dealers to retain customer account and complaint records. The Bank Secrecy Act of 1970 requires financial institutions to retain customer data for at least five years. Sometimes, banks must permanently retain certain records.
GDPR empowers individuals to demand that companies erase their data. Couched in the theory of a right to erasure, GDPR lets customers withdraw their consent for a financial institution to process or retain their data. Violators may face fines of 4 percent of their worldwide revenue. GDPR applies broadly to U.S. data-processors that either (1) are established in the European Union, or (2) monitor or offer to sell goods or services to individuals in the European Union. Establishment is broadly construed by European courts and may be met by âa single representative in the European Union.â
In U.S. law, a two-step analysis determines whether and to what extent federal statutes govern conduct abroad. First, courts analyze whether the presumption against extraterritoriality has been rebutted. The presumption derives from the canon that a statute, âunless a contrary intent appears, is meant to apply only within the territorial jurisdictionâ of the United States. If the presumption is not rebutted, the court proceeds to the second step, when the court considers the statuteâs âfocusâ and whether the case involves the statuteâs domestic application. United States law has domestic application to data stored domestically, and sometimes possibly to data stored internationally; such data operations may also fall under GPDRâs jurisdiction. Then, if a customer asks a financial institution to delete data, the financial institution will face conflicting laws.
This Note seeks to resolve the conflict, recommending that courts approach resolution from the framework of the Restatement (Third) of Foreign Relations Law
Beyond \u3ci\u3eMicrosoft\u3c/i\u3e: A Legislative Solution to the SCAâs Extraterritoriality Problem
The Stored Communications Act governs U.S. law enforcementâs access to cloud data, but the statute is ill equipped to handle the global nature of the modern internet. A pending U.S. Supreme Court case, United States v. Microsoft, raises the question whether a warrant under the statute may be used to reach across international borders to obtain data that is stored in another country, regardless of the userâs nationality. While the Court will determine whether this is an impermissible extraterritorial application of the current law, many have called for a legislative resolution to this issue. Due to the insufficiency of the current law, the limits of traditional judicial doctrines, and the inherent advantages the legislature has over the judiciary in addressing technological change, this Note also recommends a legislative resolution. Building upon a legislative proposal, this Note proposes a framework with two separate sets of legal procedures based on user identity. These separate domestic and extraterritorial procedures provide a framework that would set clear guidelines for law enforcement and service providers while giving due respect to foreign sovereignty
- âŠ