Privacy By Design e Data Protection Officer: aspetti normativi e buone prassi nel trattamento dei dati personali.

La Tesi tratta i concetti di Privacy e Protezione dei Dati personali, contestualizzandone il quadro normativo e tecnologico con particolare riferimento ai contesti emergenti rappresentati – per un verso – dalla proposta di nuovo Regolamento generale sulla protezione dei dati personali (redatto dal Parlamento Europeo e dal Consiglio dell’Unione Europea), – per un altro – dalla metodologia di progettazione del Privacy by Design e – per entrambi – dalla previsione di un nuovo attore: il responsabile per la protezione dei dati personali (Privacy Officer). L’elaborato si articola su tre parti oltre introduzione, conclusioni e riferimenti bibliografici. La prima parte descrive il concetto di privacy e le relative minacce e contromisure (tradizionali ed emergenti) con riferimento ai contesti di gestione (aziendale e Big Data) e al quadro normativo vigente. La seconda Parte illustra in dettaglio i principi e le prassi del Privacy by Design e la figura del Privacy Officer formalmente riconosciuta dal novellato giuridico. La terza parte illustra il caso di studio nel quale vengono analizzate tramite una tabella comparativa minacce e contromisure rilevabili in un contesto aziendale.

Impulses for an Effective and Modern Data Protection System

A substantial reform of data protection law is on the agenda of the European Commission as it is widely agreed that data protection law is faced by lots of challenges, due to fundamental technical and social changes or even revolutions. Therefore, the authors have issued draft new provisions on data protection law that would work in both Germany and Europe. The draft is intended to provide a new approach and deal with the consequences of such an approach. This article contains some key theses on the main legislatory changes that appear both necessary and adequate.

Missing Links in the Proposed EU Data Protection Regulation and Cloud Computing Scenarios: A Brief Overview

Applying location-focused data protection law within the context of a location-agnostic cloud computing framework is fraught with difficulties. While the Proposed EU Data Protection Regulation has introduced a lot of changes to the current data protection framework, the complexities of data processing in the cloud involve various layers and intermediaries of actors that have not been properly addressed. This leaves some gaps in the regulation when analyzed in cloud scenarios. This paper gives a brief overview of the relevant provisions of the regulation that will have an impact on cloud transactions and addresses the missing links. It is hoped that these loopholes will be reconsidered before the final version of the law is passed in order to avoid unintended consequences.

EU Data Protection Law and Targeted Advertising: Consent and the Cookie Monster - Tracking the crumbs of online user behaviour

This article provides a holistic legal analysis of the use of cookies in Online Behavioural Advertising. The current EU legislative framework is outlined in detail, and the legal obligations are examined. Consent and the debates surrounding its implementation form a large portion of the analysis. The article outlines the current difficulties associated with the reliance on this requirement as a condition for the placing and accessing of cookies. Alternatives to this approach are explored, and the implementation of solutions based on the application of the Privacy by Design and Privacy by Default concepts are presented. This discussion involves an analysis of the use of code and, therefore, product architecture to ensure adequate protections.

Online Personal Data Processing and EU Data Protection Reform. CEPS Task Force Report, April 2013

This report sheds light on the fundamental questions and underlying tensions between current policy objectives, compliance strategies and global trends in online personal data processing, assessing the existing and future framework in terms of effective regulation and public policy. Based on the discussions among the members of the CEPS Digital Forum and independent research carried out by the rapporteurs, policy conclusions are derived with the aim of making EU data protection policy more fit for purpose in today’s online technological context. This report constructively engages with the EU data protection framework, but does not provide a textual analysis of the EU data protection reform proposal as such.