Does e-government pay off? Study on the effective use of ICT in the public sector in Europe, in search for European exemplary public services – EUREXEMPs

In opdracht van het ministerie van Binnenlandse Zaken en Koninkrijksrelaties is onderzoek gedaan naar het effectieve gebruik van informatie en communicatietechnologie (ICT) in de publieke sector in Europa. Het doel van dit onderzoek was te onderzoeken of het de moeite waard is te investeren in initiatieven op het gebied van e-Government en te bepalen welke aanpassingen in de backoffice hiervoor nodig zij

Privacy for the Homo Digitalis: Proposal for a New Regulatory Framework for Data Protection in the Light of Big Data and the Internet of Things

The authors analyze innovations in data processing as a result of developments such as 'big data' and the 'Internet of Things' and discuss why these developments undermine the effectiveness and legitimacy of the current as well as upcoming EU data protection regime, thereby focusing on the private sector. The authors undertake a detailed analysis of key data processing principles used in the European data protection regime (purpose limitation, informational self-determination and data quality) and argue that due to social trends and technological developments the principle of purpose limitation should be abandoned as a separate criterion. Also, other principles (such as consent and the performance of an agreement) should no longer be recognised as independent legal grounds to legitimize data processing. The authors propose, instead, a test based on whether there is a legitimate interest for data collection and processing (as well as further processing) of data. The authors argue that such a test will provide for a more effective data protection regime that will have more legitimacy than the assessment under the existing legal regime that is primarily based on the purposes for which data may be collected and further used. Based on their analysis, the authors develop a framework to be used by companies as the principal (and only) test for the whole life cycle of personal data processing (collection, use, further use and destruction of data). This test has been drafted in such a way that it enables companies to comply with the new requirements under the upcoming EU General Data Protection Regulation, that will become effective in 2018. The authors conclude their analysis with proposals to increase the (effectiveness of) enforcement of the data protection rule