This chapter examines data protection, digitization of data, its implications for personal privacy, and the regulation of data industries. It begins by discussing the current law found in the General Data Protection Regulation and the Data Protection Act 2018. It examines the key concepts of data controllers, data processors, and data subjects, and discusses the conditions for the processing of personal data. This includes an examination of key cases such as Nowak v Data Protection Commissioner and Bodil Lindqvist. It looks at the geographical scope of the GDPR and the extraterritorial effect of the Regulation, and examines the domestic purposes exemption after Ryneš.
12
Chapter
The notion that data controllers should comply with a set of general data protection principles has been a feature of data protection statutes from the earliest days. As well as imposing obligations on controllers, the principles also confer rights – most notably relating to subject access on data subjects. This chapter will consider the scope and extent of the principles paying particular attention to the requirement that personal data be processed fairly and lawfully. A topic of more recent interest relates to the length of time for which data may be held and made available to third parties. Often referred to as involving the “right to be forgotten”, this is especially relevant to the operation of search engines which make it easy for users to find news stories what would have passed into obscurity in previous eras. The chapter considers also at the operation of the principle requiring users to adopt appropriate security measures against unauthorized access, a topic which is of particular relevance given recent and well publicised large-scale cyber-attacks.
Chapter
This chapter first describes the rationale for the establishment of supervisory agencies for data protection in EU States. This marks a significant divergence in approach from other countries such as the United States and continues to constitute a barrier to harmonisation in the data protection field. Specific attention is paid to the status and role of the United Kingdom’s Information Commissioner and the investigative and enforcement powers conferred on the Commissioner. The evolving nature of the requirements of registration of data controllers is considered as is the role of the Register of Data Controllers. Attention is given also to the appeal mechanisms established under the Act and to the role of the First Tier Tribunal.
Chapter
This chapter examines data protection, digitization of data, its implications for personal privacy, and the regulation of data industries. It begins by discussing the current law found, post Brexit in the UK General Data Protection Regulation and the Data Protection Act 2018. It examines the key concepts of data controllers, data processors, and data subjects, and discusses the conditions for the processing of personal data. This includes an examination of key cases such as Nowak v Data Protection Commissioner, the Facebook fan page case, and Bodil Lindqvist. It looks at the geographical scope of UK GDPR and the extra-territorial effect of the Regulation and examines the domestic purposes exemption after Ryneš. It examines questions of fairness and lawfulness of processing as discussed in Johnson v Medical Defence Union.
Chapter
A number of concepts are critical to an understanding of the topic. Data protection legislation has historically applied where personal data concerning an identifiable individual is processed by a data controller using automated equipment. Developments in technology make it increasingly difficult to apply these concepts. Data that a decade ago would have been anonymous can now readily be linked to an individual. The emergence of cloud computing technology also creates legal complications in determining where processing takes place and which legal system will govern conduct. This chapter will focus on definitional issues in order to provide a basis for more detailed discussion of the application of data protection legislation in the following chapters.
Chapter
Justine Pila and Paul L.C. Torremans
This chapter examines the law on data protection and data exclusivity. It focuses on the new GDPR Regulation. It covers rules on lawful processing of personal data, on the security of the processing, on the transparency of the processing, and on promoting compliance. It also discusses the rights of the data subject, the transfer of personal data to third countries, and the period of data exclusivity granted to the pharmaceutical sector independent of any form of patent protection.
Chapter
A. M. Farrell and E. S. Dove
This chapter covers two legal regimes in the biomedical context that are of increasing importance and complexity: the common law duty of confidentiality and data protection law. Both regimes have experienced significant development in the past generation. As part of this exploration, brief consideration will also be given to a third related and emerging legal regime, namely the tort of ‘misuse of private information’. The central focus of the chapter is the interplay between UK data protection law, the duty of confidentiality, and wider frameworks in Europe and at the international level. A range of sources are considered, including case law, primary, and secondary legislation such as the Health Service (Control of Patient Information) Regulations 2002, UK General Data Protection Regulation, and Data Protection Act 2018; guidance from entities such as the General Medical Council; and academic literature. The chapter illustrates that following both Brexit and the Covid-19 pandemic, medical confidentiality and data protection law are undergoing a state of reform that may have significant implications for patient privacy and trust in the healthcare system.
Chapter
Data protection has, at least in western Europe, been seen as a key element of the legal response to the issue of information surveillance. Dating back to the 1970s and 1980s, many data protection laws are, as is the case in the UK, in their 3rd generation of statutes. The scope (and length) of these statutes has expanded significantly although the core data protection principles have remained essentially unaltered. In addition to developments within the EU there have been data protection initiatives within international fora such as the Council of Europe, the Organisation for Economic Cooperation and Development (OECD), the UN, and the Asia-Pacific Privacy Charter initiative. As with early UK developments where commercial pressure driven by the need to guarantee the free movement of data to and from the UK played a major role in the introduction of the first statute – the Data Protection Act 1984 – so commercial factors are once again at play with multi-national companies tending to argue that it is easier for them to comply with a global set of data protection rules – even though restrictive of their commercial freedom, than to have to comply with different rules in every country in which they do business.
Chapter
This chapter considers the application of data protection principles within the media and electronic communications sectors. In both areas, the operation of data protection principles has been contentious. Data protection issues are principally concerned with the application of what might be regarded as ‘traditional’ data protection principles in the context of activities where different priorities might legitimately be identified. In some respects, media processing might be compared with law enforcement agencies. Digging out the truth about the unsavoury activities of powerful elements in society might well require the use of tactics and techniques that would be regarded as unfair in more general contexts.
Chapter
This chapter examines the rights that are specifically conferred upon data subjects and to the remedies which may be available in the event of any breach. The GDPR and the Data Protection Act 2018 provide for data subjects to be granted rights of access, the right to receive certain items of information, and rights either total or qualified to object to certain forms of processing of their personal data.
Chapter
The Internet has created a global network whereby data may be processed and transferred on a global basis. The practice of transborder data flows creates significant challenges for national laws and their enforcement and the desire to exert a degree of control over these has formed a significant component within data protection laws. The European Union has applied the basic rule that transfers will automatically be permitted only to countries that provide an “adequate” level of protection. Determination what is adequate is a complex task and a variety of other rules may also apply, especially those concerning data flows to or from the United States which applies a different model of protection to that pertaining in Europe.
Book
Emily Jackson
All books in this flagship series contain carefully selected substantial extracts from key cases, legislation, and academic debate, providing students with a stand-alone resource. Medical Law: Text, Cases, and Materials offers exactly what the title says—all of the explanation, commentary, and extracts from cases and key materials that students need to gain a thorough understanding of this complex topic. Key case extracts provide the legal context, facts, and background; extracts from materials, including from the most groundbreaking writers of today, provide differing ethical perspectives and outline current debates; and the author’s insightful commentary ensures that readers understand the facts of the cases and can navigate the ethical landscape to form their own understanding of medical law. Chapters cover all of the topics commonly found on medical law courses, including a separate chapter on mental health law. This new edition, thoroughly updated, includes: coverage of important new cases in all chapters, including Bawa-Garba v General Medical Council; Great Ormond Street Hospital for Children NHS Foundation Trust v Yates; Alder Hey Children's NHS Foundation Trust v Evans; Re (Northern Ireland Human Rights Commission's Application for Judicial Review); An NHS Trust v Y, and R (on the application of Conway) v Secretary of State for Justice; coverage of the new General Data Protection Regulation and the Independent Review of the Mental Health Act 1983.
Book
Ian J. Lloyd
Information Technology Law provides a thorough account of information technology (IT) law. The volume looks at the subject in a wide context, examining the legal response to the latest IT-related developments within society, bringing the law to life and examining how legal issues in IT can affect everyone. This title considers issues in IT law on European and international scales, providing a realistic overview of how the law in this area operates globally and encouraging further thought and investigation about the current issues within IT law. The ninth edition covers major new legislation in this field, including the General Data Protection Regulation and Data Protection Act 2018 l and its impact and scope; especially in the light of recent high-profile security breaches; updated coverage of patent and copyright law including consideration of the role of standard essential patents and standardisation within the IT sector, and digital rights management; discussion of the Consumer Rights Act 2015 with regards to digital products and content; and consideration of new cases in all areas of the law.
Chapter
Patrick Birkinshaw
The Freedom of Information Act is a statute of great constitutional significance. The Act heralded a right to publicly held information which government had attempted to keep private. FOIA laws have their origins in the pre-digital age and any discussion of information rights must take on board the contemporary reality of the global digitization of communications via social media networks and the enhanced capabilities of state intelligence agencies to conduct surveillance over electronic communications. The General Data Protection Regulation seeks to give greater security to personal data. However, private information is harvested by private tech companies which they have obtained often ‘voluntarily’ and used by intermediaries to influence public events, public power and elections—as illustrated by recent scandals involving the practice of ‘data farming’ by social media networks and the sale of personal data to political campaign consultants seeking to pinpoint electors and thereby affect the outcomes of national elections and referenda. Government surveillance is age-old, but the emergence of digital power has enabled public authority to invade our private lives far more intrusively and effectively. The most recent example is the Investigatory Powers Act 2016. All this poses substantial challenges for the public regulation of information access in a growing confusion of public and private in the constitution. Courts, meanwhile, have to balance demands for privacy protection, open justice and secrecy.
Chapter
All books in this flagship series contain carefully selected substantial extracts from key cases, legislation, and academic debate, providing students with a stand-alone resource. This chapter examines the regulation of access to genetic information. It first discusses various third parties’ interests in genetic test results and DNA profiles, and the extent to which genetic privacy is protected by the law. The chapter then considers the issue of whether genetic discrimination should be treated in the same way as other illegitimate discriminatory practices and also discusses recent developments in the field of genetics, namely direct-to-consumer genetic testing and pharmacogenetics.
Book
Information Technology Law: The Law and Society is the ideal companion for a course of study on information technology law and the ways in which it is evolving in response to rapid technological and social change. The fourth edition of this groundbreaking textbook develops its unique examination of the legal processes and their relationship to the modern ‘information society’. Charting the development of the rapid digitization of society and its impact on established legal principles, Murray examines the challenges faced with enthusiasm and clarity. Following a clearly defined part structure, the text begins by defining the information society and discussing how it may be regulated, before moving on to explore issues of internet governance, privacy and surveillance, intellectual property and rights, and commerce within the digital sphere. The author’s highly original and thought-provoking approach to the subject also makes it essential reading for researchers, IT professionals, and policymakers. This fourth edition includes expanded coverage of net neutrality, cryptocurrency, and blockchain technology as well as being significantly explained to cover developments in data retention and protection in light of significant developments in the area.
Chapter
The topic of privacy has many aspects. In some instances, especially where well-known figures are involved, it relates to the legal ability to stop the bringing of information about their private lives into a more public arena. For most people, it involves the ability to go about everyday life without having details of movements and actions recorded and analysed to form the basis for further actions relating to them. In some cases, this may appear relatively harmless. Most people are familiar with the notion of web advertising targeted by reference to a user’s browsing history but there have been more potentially threatening applications ranging from the use of automated facial recognition systems to monitor activity in public spaces to the oft cited use of Facebook data for political purposes as seen in the 2016 US Presidential election. More and more actions are recorded, processed and used as the basis for action that affects the individual concerned. Whether this is a force for good or ill is something that can be debated. What is clear is that informational surveillance will impact very significantly upon debates as to the nature of the societies that we wish to live in.
Chapter
This chapter examines the regulation of access to genetic information. It first discusses third parties’ interests in genetic test results, and the extent to which genetic privacy is protected by the law. It considers whether genetic discrimination should be treated in the same way as other types of discrimination and discusses developments in the field of genetics, including direct-to-consumer genetic testing and pharmacogenetics.
Chapter
The final chapter in the book examines matters relating to the intellectual property created and/or owned by a business and their responsibilities for the data they access and/or produce. Given the value of the outputs from the intellectual creativity of persons (software programs, books, music recordings etc.), this chapter outlines the rights available to protect them and the consequences for infringement. It first identifies the law surrounding creative ideas and work (copyright) before a product’s appearance (design rights) is considered. The chapter continues by assessing the protection of a brand name and image (trademarks) and finishes the substantive issues through examination of inventive ideas and works (patents). Confusion of the public through the unlawful use of an existing business’ name or product can result in the tortious liability of ‘passing-off’. Intellectual property is produced by employees and the consequences of employment status for the rights to exploit the property must be effectively managed. The chapter concludes with an assessment of developments in data protection—the GDPR, Data Protection Act, and the tactics available to businesses to avoid transgression of the law.
Book
Information Technology Law: The Law and Society is the ideal companion for a course of study on information technology law and the ways in which it is evolving in response to rapid technological and social change. The fifth edition of this ground-breaking textbook develops its unique examination of the legal processes and their relationship to the modern ‘information society’. Charting the development of the rapid digitization of society and its impact on established legal principles, Murray examines the challenges faced with enthusiasm and clarity. Following a clearly-defined part structure, the text begins by defining the information society and discussing how it may be regulated, before moving on to explore issues of internet governance, privacy and surveillance, intellectual property and rights, and commerce within the digital sphere. The author’s highly original and thought-provoking approach to the subject also makes it essential reading for researchers, IT professionals, and policy-makers. This fifth edition includes expanded coverage of AI authorship and computer generated works, cryptocurrency, cryptoassets and blockchain technology as well as being significantly expanded to cover developments in defamation law, net neutrality, data protection, and smart contracting.
12