Published on LinkedIn, 6 May 2019. *** This is part of the GDPR ethics series; A broad mission statement may be found in its opening text. *** Article 8 of the GDPR puts forward the conditions under which children can lawfully consent to the processing of their data by third parties over the internet. In this way it
Published on LinkedIn, 15 March 2019. *** This is part of the GDPR ethics series; A broad mission statement may be found in its opening text. *** As seen in the analysis of Article 6 of the GDPR, consent is an important, and by far the preferable, legal mechanism for the lawful processing of personal data. Its importance is
Published on LinkedIn, 7 February 2019. *** This is part of the GDPR ethics series; A broad mission statement may be found in its opening text. *** Same as with Article 5, an article-by-article analysis of the GDPR from an ethics point of view need not go further than the first sentence when it comes to its Article
An article by article analysis of the GDPR from an ethics perspective need not go any further than the first line when it comes to its Article 5: “Personal data shall be processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’)”. What is “lawful processing” one
Appointed a member of the law-making committee drafting the GDPR (and the Police and Criminal Justice Data Protection Directive) implementation law in Greece. The law-making committee, established under the Greek Ministry of Justice, has been in session since 2016 but has not been able to produce a final legislative act yet, although public consultation has
Article 4 of the GDPR contains its definitions. This is in line both with its predecessor, the EU 1995 Data Protection Directive, and general EU law-making: Customarily, in all EU technical legislation a set of definitions comes before the actual legal provisions. This is basic law-writing technique also met in complex contracts: Definitions come first so
Article 3 of the GDPR sets its geographical scope. The general rule is that it applies whenever a controller or a processor is established in the EU regardless where the processing takes place. That is something expected. However, the GDPR also applies to people who are in the EU whenever they surf the web (“offered
LinkedIn article, published on 21 Oct 2018 The household exemption dominates Article 2 of the GDPR, the automated/non-automated distinction being by now outdated: The GDPR does not apply whenever processing of personal data is done “by a natural person in the course of a purely personal or household activity”. In the age of digital
LinkedIn article, published on 30 September 2018 Article 1 of the GDPR rarely attracts much attention: At best, it is viewed as a repetition of the GDPR title; At worst, as a functional article, a necessary introduction to the GDPR – and to the much juicier articles that follow, on material scope and territoriality.
My presentation in the Europe Regulates Robotics conference, "Is the GDPR EU's digital constitution"? The conference was held in Pisa, 27-28 September.