1-5 of 5 Results

  • Keyword: personal data x
Clear all

Chapter

Cover European Intellectual Property Law

22. Data Protection and Data Exclusivity  

Justine Pila and Paul L.C. Torremans

This chapter examines the law on data protection and data exclusivity. It focuses on the new GDPR Regulation. It covers rules on lawful processing of personal data, on the security of the processing, on the transparency of the processing, and on promoting compliance. It also discusses the rights of the data subject, the transfer of personal data to third countries, and the period of data exclusivity granted to the pharmaceutical sector independent of any form of patent protection.

Chapter

Cover Information Technology Law

3. The scope of data protection  

A number of concepts are critical to an understanding of the topic. Data protection legislation has historically applied where personal data concerning an identifiable individual is processed by a data controller using automated equipment. Developments in technology make it increasingly difficult to apply these concepts. Data that a decade ago would have been anonymous can now readily be linked to an individual. The emergence of cloud computing technology also creates legal complications in determining where processing takes place and which legal system will govern conduct. This chapter will focus on definitional issues in order to provide a basis for more detailed discussion of the application of data protection legislation in the following chapters.

Chapter

Cover Information Technology Law

5. The data protection principles  

The notion that data controllers should comply with a set of general data protection principles has been a feature of data protection statutes from the earliest days. As well as imposing obligations on controllers, the principles also confer rights – most notably relating to subject access on data subjects. This chapter will consider the scope and extent of the principles paying particular attention to the requirement that personal data be processed fairly and lawfully. A topic of more recent interest relates to the length of time for which data may be held and made available to third parties. Often referred to as involving the “right to be forgotten”, this is especially relevant to the operation of search engines which make it easy for users to find news stories what would have passed into obscurity in previous eras. The chapter considers also at the operation of the principle requiring users to adopt appropriate security measures against unauthorized access, a topic which is of particular relevance given recent and well publicised large-scale cyber-attacks.

Chapter

Cover Information Technology Law

2. The beginnings of data protection  

Data protection has, at least in western Europe, been seen as a key element of the legal response to the issue of information surveillance. Dating back to the 1970s and 1980s, many data protection laws are, as is the case in the UK, in their 3rd generation of statutes. The scope (and length) of these statutes has expanded significantly although the core data protection principles have remained essentially unaltered. In addition to developments within the EU there have been data protection initiatives within international fora such as the Council of Europe, the Organisation for Economic Cooperation and Development (OECD), the UN, and the Asia-Pacific Privacy Charter initiative. As with early UK developments where commercial pressure driven by the need to guarantee the free movement of data to and from the UK played a major role in the introduction of the first statute – the Data Protection Act 1984 – so commercial factors are once again at play with multi-national companies tending to argue that it is easier for them to comply with a global set of data protection rules – even though restrictive of their commercial freedom, than to have to comply with different rules in every country in which they do business.

Chapter

Cover Information Technology Law

6. Individual rights and remedies  

This chapter examines the rights that are specifically conferred upon data subjects and to the remedies which may be available in the event of any breach. The GDPR and the Data Protection Act 2018 provide for data subjects to be granted rights of access, the right to receive certain items of information, and rights either total or qualified to object to certain forms of processing of their personal data.