Law in the Internet Society	View r2 > r1 ...
Main AmLegalHist CompPrivConst EngLegalHist LawContempSoc LawNetSoc TWiki

 ClementLegrandFirstEssay 2 - 04 Nov 2016 - Main.ClementLegrand
 Line: 1 to 1
  
   META TOPICPARENT    name="FirstEssay" 

 Changed: 
<
<  Regulating Privacy: What Is the Point? WORK IN PROGRESS 
>
>  Regulating Privacy: What Is the Point? 
  -- By ClementLegrand - 03 Nov 2016


 Introduction 
 Changed: 
<
< 
On the 27th of April, The European Union officially published the General Data protection Regulation (GDPR) [Note: Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC], replacing a Directive dating back from 1995. This regulation is 88 pages long and is intended to regulate the processing of personal data in Europe, but also, under specific circumstances, the processing of personal data outside of Europe. [Note : Article 3.2 of the GDPR]. This approach raises several questions. The pervasive nature of the internet, the constant evolution of the technology, as well as the interests that the States themselves have in collecting information seem to limit the practical effect of adopting Regulation in this field. In this paper, I will, shortly but non-exhaustively,  present four arguments in favor of the adoption of such kind of regulation, through examples stemming from the European approach.
>
> On the 27th of April 2016, the European Union officially published the General Data Protection Regulation (GDPR) (1), replacing a Directive dating back from 1995. This regulation is 88 pages long and is intended to regulate, as from the 25 may 2018, the processing (i.e. “any operation, or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means”) of personal data (i.e. “any information relating to an identified or identifiable natural person”, where an identifiable natural person is “one who can be identified directly or indirectly”) in Europe (2).The European Union has chosen the approach of adopting one single normative instrument to regulate every kind of use of personal data, including collection of data via the Internet. This approach raises several questions. The pervasive nature of the internet, the constant evolution of the technology, as well as the interests that the States themselves have in collecting information seem to limit the practical effect of adopting Regulation in this field. In this paper, I will, shortly but non-exhaustively, develop arguments in favor and against the adoption of such kind of regulation, through examples stemming from the European approach (both under the current European data protection directive and under the GDPR).
   Regulation: Pro and Cons 

 The Territorial Limitation 
 Added: 
>
> 
The cyberspace has no borders. A company located in the Silicon Valley can offer its services online to the entire world and collect all kinds of data relating to its users, without having any branch outside of the United States. On the contrary, regulations are very often bound to a specific territory. In certain cases, rules apply to categories of legal entities linked to an organization. But in any case, such limitation of the applicability to certain places or entities seems to make regulation of privacy on the internet impossible. As a result, one could question the efficiency of a regulation, especially when it comes to the enforcement of the rights it protects for a breach that took place on the other side of the planet.
However, this limitation to a territory, with respect to data protection should be nuanced. In theory, the GDPR will be applicable to all companies offering services or collecting information regarding European behaviors through a website accessible in Europe (3). In practice, under the current Directive, the European Court of Justice (ECJ) applied the European data protection law to a processing carried out by Google Inc. in California. The ECJ decided that, despite the fact that the Spanish entity was not involved directly in the processing of personal data by Google Inc. (the Spanish entity was only in charge of selling advertisements), such processing took place “in the framework” of an establishment of Google, located in Spain (4). Even though the global aspect of the internet does not allow to regulate every entity processing personal data within a territory, regulation can have an extraterritorial effect.

   The Educational Effect 
 Added: 
>
> 
   The Economic Risk 
 Added: 
>
> One of the new features of the GDPR is the possibility for data protection authorities (DPA) to impose significant fines (up to EUR 20 000 000 or 4% of the global turnover of the infringer, whichever is higher) (XX) (XX) Article 83.5 of the GDPR. Under the Directive, some countries did not foresee the possibility to impose fines. Where such fines were foreseen, the amount at stakes were also much lower than under the GDPR. This creates a significant economic risk for companies collecting personal data; certain practices could not be as profitable as before, should such a fine be imposed.
   Conclusion 
 Added: 
>
> I think that the adoption of regulation is not incompatible with other ways to ensure privacy, such as promoting the use of open sources software. Even if regulation is not a perfect solution towards privacy, I think it is one step in the good direction. It gives enforceable rights to large categories of individuals against a large category of companies that collect behavior about them. As emphasized above, it also helps to raise awareness and to a certain extent, to empower the individuals. By enforcing their rights, individuals could request data protection authority to impose significant fines, thereby creating an economic risk for these companies and a potential thrilling effect.
  
 Changed: 
<
< You are entitled to restrict access to your paper if you want to.  But we all derive immense benefit from reading one another's work, and I hope you won't feel the need unless the subject matter is personal and its disclosure would be harmful or undesirable.
To restrict access to your paper simply delete the "#" character on the next two lines:
>
> (1) Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

(2) Article 4 (1) and 4(2) of the GDPR.
  
 Changed: 
<
<  
 #Set ALLOWTOPICVIEW = TWikiAdminGroup, ClementLegrand
  #Set DENYTOPICVIEW = TWikiGuest
 
>
> (3) Article 3.2 of the GDPR
  
 Changed: 
<
< Note: TWiki has strict formatting rules for preference declarations. Make sure you preserve the three spaces, asterisk, and extra space at the beginning of these lines. If you wish to give access to any other users simply add them to the comma separated ALLOWTOPICVIEW list.
>
> (4) ECJ, Google Spain v. Costeja Gonzalez, C-131/12 (May 13, 2014)
    META TOPICPARENT    name="FirstEssay"
-   META TOPICPARENT
+ name="FirstEssay"
-<
<
+ Regulating Privacy: What Is the Point? WORK IN PROGRESS
->
>
+ Regulating Privacy: What Is the Point?
 -- By ClementLegrand - 03 Nov 2016


 Introduction
-<
<
+On the 27th of April, The European Union officially published the General Data protection Regulation (GDPR) [Note: Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC], replacing a Directive dating back from 1995. This regulation is 88 pages long and is intended to regulate the processing of personal data in Europe, but also, under specific circumstances, the processing of personal data outside of Europe. [Note : Article 3.2 of the GDPR]. This approach raises several questions. The pervasive nature of the internet, the constant evolution of the technology, as well as the interests that the States themselves have in collecting information seem to limit the practical effect of adopting Regulation in this field. In this paper, I will, shortly but non-exhaustively,  present four arguments in favor of the adoption of such kind of regulation, through examples stemming from the European approach.
->
>
+On the 27th of April 2016, the European Union officially published the General Data Protection Regulation (GDPR) (1), replacing a Directive dating back from 1995. This regulation is 88 pages long and is intended to regulate, as from the 25 may 2018, the processing (i.e. “any operation, or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means”) of personal data (i.e. “any information relating to an identified or identifiable natural person”, where an identifiable natural person is “one who can be identified directly or indirectly”) in Europe (2).The European Union has chosen the approach of adopting one single normative instrument to regulate every kind of use of personal data, including collection of data via the Internet. This approach raises several questions. The pervasive nature of the internet, the constant evolution of the technology, as well as the interests that the States themselves have in collecting information seem to limit the practical effect of adopting Regulation in this field. In this paper, I will, shortly but non-exhaustively, develop arguments in favor and against the adoption of such kind of regulation, through examples stemming from the European approach (both under the current European data protection directive and under the GDPR).
  Regulation: Pro and Cons 

 The Territorial Limitation
->
>
+The cyberspace has no borders. A company located in the Silicon Valley can offer its services online to the entire world and collect all kinds of data relating to its users, without having any branch outside of the United States. On the contrary, regulations are very often bound to a specific territory. In certain cases, rules apply to categories of legal entities linked to an organization. But in any case, such limitation of the applicability to certain places or entities seems to make regulation of privacy on the internet impossible. As a result, one could question the efficiency of a regulation, especially when it comes to the enforcement of the rights it protects for a breach that took place on the other side of the planet.
However, this limitation to a territory, with respect to data protection should be nuanced. In theory, the GDPR will be applicable to all companies offering services or collecting information regarding European behaviors through a website accessible in Europe (3). In practice, under the current Directive, the European Court of Justice (ECJ) applied the European data protection law to a processing carried out by Google Inc. in California. The ECJ decided that, despite the fact that the Spanish entity was not involved directly in the processing of personal data by Google Inc. (the Spanish entity was only in charge of selling advertisements), such processing took place “in the framework” of an establishment of Google, located in Spain (4). Even though the global aspect of the internet does not allow to regulate every entity processing personal data within a territory, regulation can have an extraterritorial effect.
  The Educational Effect
->
>
  The Economic Risk
->
>
+One of the new features of the GDPR is the possibility for data protection authorities (DPA) to impose significant fines (up to EUR 20 000 000 or 4% of the global turnover of the infringer, whichever is higher) (XX) (XX) Article 83.5 of the GDPR. Under the Directive, some countries did not foresee the possibility to impose fines. Where such fines were foreseen, the amount at stakes were also much lower than under the GDPR. This creates a significant economic risk for companies collecting personal data; certain practices could not be as profitable as before, should such a fine be imposed.
  Conclusion
->
>
+I think that the adoption of regulation is not incompatible with other ways to ensure privacy, such as promoting the use of open sources software. Even if regulation is not a perfect solution towards privacy, I think it is one step in the good direction. It gives enforceable rights to large categories of individuals against a large category of companies that collect behavior about them. As emphasized above, it also helps to raise awareness and to a certain extent, to empower the individuals. By enforcing their rights, individuals could request data protection authority to impose significant fines, thereby creating an economic risk for these companies and a potential thrilling effect.
-<
<
+You are entitled to restrict access to your paper if you want to.  But we all derive immense benefit from reading one another's work, and I hope you won't feel the need unless the subject matter is personal and its disclosure would be harmful or undesirable.
To restrict access to your paper simply delete the "#" character on the next two lines:
->
>
+(1) Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

(2) Article 4 (1) and 4(2) of the GDPR.
-<
<
+ #Set ALLOWTOPICVIEW = TWikiAdminGroup, ClementLegrand
  #Set DENYTOPICVIEW = TWikiGuest
->
>
+(3) Article 3.2 of the GDPR
-<
<
+Note: TWiki has strict formatting rules for preference declarations. Make sure you preserve the three spaces, asterisk, and extra space at the beginning of these lines. If you wish to give access to any other users simply add them to the comma separated ALLOWTOPICVIEW list.
->
>
+(4) ECJ, Google Spain v. Costeja Gonzalez, C-131/12 (May 13, 2014)

ClementLegrandFirstEssay 1 - 03 Nov 2016 - Main.ClementLegrand

Line: 1 to 1

Added:

>
>

META TOPICPARENT	name="FirstEssay"

Regulating Privacy: What Is the Point? WORK IN PROGRESS

Regulating Privacy: What Is the Point? WORK IN PROGRESS

-- By ClementLegrand - 03 Nov 2016

Introduction

On the 27th of April, The European Union officially published the General Data protection Regulation (GDPR) [Note: Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC], replacing a Directive dating back from 1995. This regulation is 88 pages long and is intended to regulate the processing of personal data in Europe, but also, under specific circumstances, the processing of personal data outside of Europe. [Note : Article 3.2 of the GDPR]. This approach raises several questions. The pervasive nature of the internet, the constant evolution of the technology, as well as the interests that the States themselves have in collecting information seem to limit the practical effect of adopting Regulation in this field. In this paper, I will, shortly but non-exhaustively, present four arguments in favor of the adoption of such kind of regulation, through examples stemming from the European approach.

Regulation: Pro and Cons

The Territorial Limitation

The Educational Effect

The Economic Risk

Conclusion

You are entitled to restrict access to your paper if you want to. But we all derive immense benefit from reading one another's work, and I hope you won't feel the need unless the subject matter is personal and its disclosure would be harmful or undesirable. To restrict access to your paper simply delete the "#" character on the next two lines:

#Set ALLOWTOPICVIEW = TWikiAdminGroup, ClementLegrand
#Set DENYTOPICVIEW = TWikiGuest

Note: TWiki has strict formatting rules for preference declarations. Make sure you preserve the three spaces, asterisk, and extra space at the beginning of these lines. If you wish to give access to any other users simply add them to the comma separated ALLOWTOPICVIEW list.

Revision 2	r2 - 04 Nov 2016 - 04:59:57 - ClementLegrand
Revision 1	r1 - 03 Nov 2016 - 16:56:47 - ClementLegrand

This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.

Syndicate this site RSS ATOM