Article 4 of the GDPR contains its definitions. This is in line both with its predecessor, the EU 1995 Data Protection Directive, and general EU law-making: Customarily, in all EU technical legislation a set of definitions comes before the actual legal provisions. This is basic law-writing technique also met in complex contracts: Definitions come first so
Article 3 of the GDPR sets its geographical scope. The general rule is that it applies whenever a controller or a processor is established in the EU regardless where the processing takes place. That is something expected. However, the GDPR also applies to people who are in the EU whenever they surf the web (“offered
LinkedIn article, published on 21 Oct 2018 The household exemption dominates Article 2 of the GDPR, the automated/non-automated distinction being by now outdated: The GDPR does not apply whenever processing of personal data is done “by a natural person in the course of a purely personal or household activity”. In the age of digital
LinkedIn article, published on 30 September 2018 Article 1 of the GDPR rarely attracts much attention: At best, it is viewed as a repetition of the GDPR title; At worst, as a functional article, a necessary introduction to the GDPR – and to the much juicier articles that follow, on material scope and territoriality.
My presentation in the Europe Regulates Robotics conference, "Is the GDPR EU's digital constitution"? The conference was held in Pisa, 27-28 September.
Δημοσιεύθηκε στο startupper.gr, 21/05/2018 Καθώς η μέρα που ο Γενικός Κανονισμός για την Προστασία Δεδομένων θα τεθεί σε άμεση ισχύ σε ολόκληρη την Ευρωπαϊκή Ένωση πλησιάζει, χρήσιμο είναι, νομίζω, να εξετάσουμε ορισμένες διαφορετικές οπτικές σε σχέση με αυτόν (οι οποίες αποτελούν αυστηρά και μόνο προσωπική μου άποψη). Έτσι λοιπόν: – Αν δει κανείς τον Κανονισμό ως άτομο / πολίτης τότε
Δημοσιεύθηκε στο dEasy, 31.01.2018 Τις προάλλες, δηλαδή την Κυριακή 28 Ιανουαρίου, γιορτάσαμε την παγκόσμια ημέρα για τα προσωπικά δεδομένα. Εκείνες περίπου τις ημέρες βρέθηκα στο, ετήσιο, μεγάλο συνέδριο για τα προσωπικά δεδομένα στις Βρυξέλλες Computers, Privacy & Data Protection (CPDP), επομένως σκέφτηκα να μεταφέρω μερικές σκέψεις μου σχετικά – πάω στοίχημα ότι, με την πέραση που αυτές
Our new paper with Paul de Hert, Gianclaudio Malgieri, Laurent Beslay and Ignacio Sanchez on "The Right to Data Portability in the GDPR: Towards user-centric Interoperability of Digital Services" to be published in the Computer Law & Security Review, has been pre-published online. Our paper is open access, thanks to a generous grant by
Paul de Hert and Vagelis Papakonstantinou have just published their latest article, The new General Data Protection Regulation: Still a sound system for the protection of individuals? in the Computer Law & Security Review, Volume 32 Issue 2.