Hacia un nuevo sistema europeo de protección de datos: las claves de la reforma

The European Commission has presented legislative initiatives aimed at reforming the European legal system for data protection: a draft General Data Protection Regulation and a draft Directive in the area of Police and Criminal Justice. These proposals represent a comprehensive European data protection legal system review because they support on the basis of a different standard-setting instrument versus the previous Directive 95/46 and addresses new issues which were not being satisfactorily resolved by current rules (for example, the impact of new technologies and the Internet). These initiatives are called to revolutionize the global European data protection framework and make a special impact in the Spanish legal system because of the direct and immediate application of European Regulation and providing new rights to citizens. This new European data protection regulation is marked by a clear trend towards European centralization as evidenced with the strengthening of the powers of the European Commission through the use of the delegated and implementing acts, with the laying down of a common system of penalties which strengthens the repressive policy, with the recognizing of new powers to current institutions and organizations as the European Data Protection Board and the Data Protection European Supervisor and with the forecast of new European procedures for cooperation and consistency to ensure mutual assistance, joint investigations and, ultimately, effective European harmonisation. In addition, this new European framework seeks to address the technological revolution of our time giving more protection to the rights of citizens —in particular, minors— through information and transparency, new rights as to be forgotten and portability and new procedural and jurisdictional rules. Finally, the new legislation seeks to enhance an effective preventive strategy that takes into account the privacy by design and by default, through impact assessments, with the existence of data protection officers and, related to international transfers, legally recognizing the value of binding corporate rules.La Comisión Europea ha presentado sendas iniciativas legislativas dirigidas a reformar el sistema europeo de protección de datos: un proyecto de Reglamento General de Protección de Datos y un proyecto de Directiva en el ámbito de la Policía y la Justicia Penal. Estas propuestas suponen una revisión global del sistema europeo de protección de datos pues se sustentan sobre la base de un diferente instrumento normativo frente a la anterior Directiva 95/46 y abordan nuevas problemáticas que no estaban siendo satisfactoriamente resueltas por la normativa vigente (por ejemplo, el impacto de las nuevas tecnologías y de Internet). Estas iniciativas están llamadas a revolucionar el marco global europeo de la protección de datos y a provocar un extraordinario impacto en el sistema español al resultar de directa e inmediata aplicación el reglamento europeo y al proporcionar nuevos derechos a los ciudadanos. Esta nueva normativa europea de protección de datos está marcada por una inequívoca tendencia a la centralización comunitaria como se evidencia con el reforzamiento de los poderes de la Comisión Europea a través del recurso a los actos de delegación y de ejecución, con el establecimiento de un régimen sancionador común que fortalece la política represiva, con el otorgamiento de nuevos poderes a instituciones y organismos emergentes como el Consejo Europeo de Protección de Datos y el Supervisor Europeo de Protección de Datos y con la previsión de nuevos procedimientos europeos de cooperación y coherencia para garantizar la asistencia mutua, las investigaciones conjuntas y, en definitiva, la efectiva armonización europea. Además, este nuevo marco europeo busca hacer frente a la revolución tecnológica de nuestro tiempo otorgando más protección a los derechos de los ciudadanos —en particular, a los menores de edad— mediante la información y la transparencia, nuevos derechos como el olvido y la portabilidad y nuevas reglas procesales y jurisdiccionales. Por último, la nueva normativa busca reforzar una estrategia preventiva eficaz que contemple la protección de la privacidad desde el diseño y por defecto, mediante evaluaciones de impacto, con la existencia de delegados de protección de datos y, ante las transferencias internacionales, reconociendo jurídicamente el valor de las normas corporativas vinculantes.The European Commission has presented legislative initiatives aimed at reforming the European legal system for data protection: a draft General Data Protection Regulation and a draft Directive in the area of Police and Criminal Justice. These proposals represent a comprehensive European data protection legal system review because they support on the basis of a different standard-setting instrument versus the previous Directive 95/46 and addresses new issues which were not being satisfactorily resolved by current rules (for example, the impact of new technologies and the Internet). These initiatives are called to revolutionize the global European data protection framework and make a special impact in the Spanish legal system because of the direct and immediate application of European Regulation and providing new rights to citizens. This new European data protection regulation is marked by a clear trend towards European centralization as evidenced with the strengthening of the powers of the European Commission through the use of the delegated and implementing acts, with the laying down of a common system of penalties which strengthens the repressive policy, with the recognizing of new powers to current institutions and organizations as the European Data Protection Board and the Data Protection European Supervisor and with the forecast of new European procedures for cooperation and consistency to ensure mutual assistance, joint investigations and, ultimately, effective European harmonisation. In addition, this new European framework seeks to address the technological revolution of our time giving more protection to the rights of citizens —in particular, minors— through information and transparency, new rights as to be forgotten and portability and new procedural and jurisdictional rules. Finally, the new legislation seeks to enhance an effective preventive strategy that takes into account the privacy by design and by default, through impact assessments, with the existence of data protection officers and, related to international transfers, legally recognizing the value of binding corporate rules

Online Personal Data Processing and EU Data Protection Reform. CEPS Task Force Report, April 2013

This report sheds light on the fundamental questions and underlying tensions between current policy objectives, compliance strategies and global trends in online personal data processing, assessing the existing and future framework in terms of effective regulation and public policy. Based on the discussions among the members of the CEPS Digital Forum and independent research carried out by the rapporteurs, policy conclusions are derived with the aim of making EU data protection policy more fit for purpose in today’s online technological context. This report constructively engages with the EU data protection framework, but does not provide a textual analysis of the EU data protection reform proposal as such

The control over personal data: True remedy or fairy tale ?

This research report undertakes an interdisciplinary review of the concept of "control" (i.e. the idea that people should have greater "control" over their data), proposing an analysis of this con-cept in the field of law and computer science. Despite the omnipresence of the notion of control in the EU policy documents, scholarly literature and in the press, the very meaning of this concept remains surprisingly vague and under-studied in the face of contemporary socio-technical environments and practices. Beyond the current fashionable rhetoric of empowerment of the data subject, this report attempts to reorient the scholarly debates towards a more comprehensive and refined understanding of the concept of control by questioning its legal and technical implications on data subject\^as agency

Building up the “Accountable Ulysses” model. The impact of GDPR and national implementations, ethics, and health-data research: Comparative remarks.

The paper illustrates obligations emerging under articles 9 and 89 of the EU Reg. 2016/679 (General Data Protection Regulation, hereinafter “GDPR”) within the health-related data pro- cessing for research purposes. Furthermore, through a comparative analysis of the national implementations of the GDPR on the topic, the paper highlights few practical issues that the researcher might deal with while accomplishing the GDPR obligations and the other ethical requirements. The result of the analyses allows to build up a model to achieve an acceptable standard of accountability in health-related data research. The legal remarks are framed within the myth of Ulysse

Dispelling urban myths about default uncertainty factors in chemical risk assessment - Sufficient protection against mixture effects?

© 2013 Martin et al.; licensee BioMed Central LtdThis article has been made available through the Brunel Open Access Publishing Fund.Assessing the detrimental health effects of chemicals requires the extrapolation of experimental data in animals to human populations. This is achieved by applying a default uncertainty factor of 100 to doses not found to be associated with observable effects in laboratory animals. It is commonly assumed that the toxicokinetic and toxicodynamic sub-components of this default uncertainty factor represent worst-case scenarios and that the multiplication of those components yields conservative estimates of safe levels for humans. It is sometimes claimed that this conservatism also offers adequate protection from mixture effects. By analysing the evolution of uncertainty factors from a historical perspective, we expose that the default factor and its sub-components are intended to represent adequate rather than worst-case scenarios. The intention of using assessment factors for mixture effects was abandoned thirty years ago. It is also often ignored that the conservatism (or otherwise) of uncertainty factors can only be considered in relation to a defined level of protection. A protection equivalent to an effect magnitude of 0.001-0.0001% over background incidence is generally considered acceptable. However, it is impossible to say whether this level of protection is in fact realised with the tolerable doses that are derived by employing uncertainty factors. Accordingly, it is difficult to assess whether uncertainty factors overestimate or underestimate the sensitivity differences in human populations. It is also often not appreciated that the outcome of probabilistic approaches to the multiplication of sub-factors is dependent on the choice of probability distributions. Therefore, the idea that default uncertainty factors are overly conservative worst-case scenarios which can account both for the lack of statistical power in animal experiments and protect against potential mixture effects is ill-founded. We contend that precautionary regulation should provide an incentive to generate better data and recommend adopting a pragmatic, but scientifically better founded approach to mixture risk assessment. © 2013 Martin et al.; licensee BioMed Central Ltd.Oak Foundatio

Housing market regulation and the social demand for job protection

Controlling for country fixed effects, there is a positive and statistically significant relationship between the degree of housing market regulation (HMR) and the strictness of employment protection legislation (EPL) in OECD countries. We provide a model in which HMR increases foreclosure costs in case of mortgage default, while EPL raises the administrative cost of dismissal. Owing to banks' lending behavior, individuals' demand for job protection increases with the cost of foreclosure. We use the model to discuss social housing and family insurance, the case for mortgage unemployment insurance, regulations on the use of fixed-term contracts, the impact of min down-payment policies, feed-back effects from HMR to EPL, and the failure of a 2006 French reform of the labor contracts.Foreclosure costs; Job protection; Fixed-term contracts; CPE

Consumer credit information systems: A critical review of the literature. Too little attention paid by lawyers?

This paper reviews the existing literature on consumer credit reporting, the most extensively used instrument to overcome information asymmetry and adverse selection problems in credit markets. Despite the copious literature in economics and some research in regulatory policy, the legal community has paid almost no attention to the legal framework of consumer credit information systems, especially within the context of the European Union. Studies on the topic, however, seem particularly relevant in view of the establishment of a single market for consumer credit. This article ultimately calls for further legal research to address consumer protection concerns and inform future legislation

Role and Effects of Credit Information Sharing

Information sharing about borrowers’ characteristics and their indebtedness can have important effects on credit markets activity. First, it improves the banks’ knowledge of applicants’ characteristics and permits a more accurate prediction of their repayment probabilities. Second, it reduces the informational rents that banks could otherwise extract from their customers. Third, it can operate as a borrower discipline device. Finally, it eliminates borrowers’ incentive to become over-indebted by drawing credit simultaneously from many banks without any of them realizing. This chapter provides a brief account of models that capture these four effects of information sharing on credit market performance, as well as of the growing body of empirical studies that have attempted to investigate the various dimensions and effects of credit reporting activity. Understanding the effects of information sharing also helps to shed light on some key issues in the design of a credit information system, such as the relationship between public and private mechanisms, the dosage between black and white information sharing, and the “memory” of the system. Merging the insights from theoretical models with the lessons of experience, one can avoid serious pitfalls in the design of credit information systems.information sharing, credit markets