| |
| META TOPICPARENT | name="FirstEssay" |
|---|
| | | Introduction | |
<
< | On the 27th of April 2016, the European Union officially published the General Data Protection Regulation (GDPR), replacing a directive dating back from 1995. This regulation intends to regulate, as from the 25 may 2018, the processing (i.e. any operation which is performed on personal data) of personal data (i.e. any information relating to an identified or identifiable natural person) in Europe (2). The European Union opted for the approach of adopting one single normative instrument to regulate every kind of uses of personal data, including collection of data via the Internet. This approach raises several questions. The pervasive nature of the Internet, the constant evolution of the technology, as well as the interests that the States themselves have in collecting information seem to limit the practical effect of adopting regulation in this field. In this paper, I will, shortly but non-exhaustively, develop arguments in favor and against the adoption of such kind of regulation, through examples stemming from the European approach (both under the current European data protection directive and under the GDPR). | >
> | On the 27th of April 2016, the European Union officially published the General Data Protection Regulation (GDPR), replacing a directive dating back from 1995. This regulation intends to regulate, as from the 25 may 2018, the processing (i.e. any operation which is performed on personal data) of personal data (i.e. any information relating to an identified or identifiable natural person) in Europe (2). The European Union opted for the approach of adopting one single normative instrument to regulate every kind of uses of personal data, including collection of data via the Internet. This approach raises several questions. Perhaps the most important one is: how does this regulation achieve its main goal: protecting privacy? The privacy is a complex notion. It protects several aspect of an individual's personality. Among these aspects, the ones most commonly invoked are the following: the autonomy, the secrecy, and the anonymity of a person. Because anonymity and secrecy are not always possible (e.g. companies often need to have a list of their employees, a list of their providers and customers, such lists include most of the time some personal data such as names, adresses for deliveries), the GDPR's main goal is to ensure the autonomy of the individuals whose personal data is being processed, through ensuring control by these individuals over their data. Under the GDPR, any natural person (i.e. excluding companies)whose personal data is being processed qualifies as "data subject", and can therefore invoke a series of rights (i.e. the right to be informed, the right to access, the right to rectify, the right to data portability and the right to be forgotten). The GDPR wants to ensure data subjects can control the use that is made of their data. To a certain extent , it also protects secrecy of the data (by regulating the data controler's disclosure of the data) and the anonymity (for example, by requiring a privacy impact assessement and by requiring data controller to ensure privacy by design). Iwill analyze one the most famous inoovation of the GDPR: the so called "right to be forgoten". I will then analyze if regulation of privacy can interfere with freedom of speech.
. | | | | |
<
< | Regulation: | >
> | Right to be forgoten and conflict with freedom of information? | | | | |
<
< | Protecting data subject's autonomy | >
> | Right to be forgoten | | | | |
<
< | The privacy is a complex notion. It protects several aspect of an individual's personality. Among these aspects, the ones most commonly invoked are the following: the autonomy, the secrecy, and the anonymity of a person. Because anonymity and secrecy are not always possible (e.g. companies often need to have a list of their employees, a list of their providers and customers, such lists include most of the time some personal data such as names, adresses for deliveries), the GDPR's main goal is to ensure the autonomy of the individuals whose personal data is being processed, through ensuring control by these individuals over their data. Under the GDPR, any natural person (i.e. excluding companies)whose personal data is being processed qualifies as "data subject", and can therefore invoke a series of rights (i.e. the right to be informed, the right to access, the right to rectify, the right to data portability and the right to be forgotten). The GDPR wants to ensure data subjects can control the use that is made of their data. To a certain extent , it also protects secrecy of the data (by regulating the data controler's disclosure of the data) and the anonymity (for example, by requiring a privacy impact assessement and by requiring data controller to ensure privacy by design). | >
> | The right ot be forgoten is the quintessence of the individual's autonomy in protecting their privacy. It allows individual to object to the processing of their personal data by a data controler (i.e. any entity who determines the purposes and the means of the processing of the personal data - in other words, if Columbia University decides to automatically collect the information related to my activity on its network (means), in order to ensure security (purpose), it would qualify as "data controler" under the GDPR, should it apply-)under certain circumstances. This rights is however limited to certain circumstances. | | |
|
|