The author evaluates the costs and/or gains and the interference (positive or negative) in the commercial, public administrative and social spheres that data protection laws have the potential to create, with numerous references to legislation and administrative decision making in a wide variety of jurisdictions.

This is the first work to examine the fundamental aims and principles of data privacy law in an international context. Bygrave analyses relevant law from across the globe, paying particular attention to international instruments and using these as a foundation for examining national law.

data. Furthermore, the European Union established clear basic principles for the collection, storage and use of personal data by governments, businesses and other organizations or individuals in Directive 95/46/EC and Directive 2002/58/EC on Privacy and Electronic communications. Nonetheless, the twenty-?rst century citizen – utilizing the full potential of what ICT-technology has to offer – seems to develop a digital persona that becomes increasingly part of his individual social identity. From this perspective, control over personal information is control over an aspect of the identity one projects in the world. The right to privacy is the freedom from unreasonable constraints on one’s own identity. Transactiondata–bothtraf?candlocationdata–deserveourparticularattention. As we make phone calls, send e-mails or SMS messages, data trails are generated within public networks that we use for these communications. While traf?c data are necessary for the provision of communication services, they are also very sensitive data. They can give a complete picture of a person’s contacts, habits, interests, act- ities and whereabouts. Location data, especially if very precise, can be used for the provision of services such as route guidance, location of stolen or missing property, tourist information, etc. In case of emergency, they can be helpful in dispatching assistance and rescue teams to the location of a person in distress. However, p- cessing location data in mobile communication networks also creates the possibility of permanent surveillance.

Bringing together leading European scholars, this thought-provoking Research Handbook provides a state-of-the-art overview of the scope of research and current thinking in the area of European data protection. Offering critical insights on prominent strands of research, it examines key challenges and potential solutions in the field. Chapters explore the fundamental right to personal data protection, government-to-business data sharing, data protection as performance-based regulation, privacy and marketing in data-driven business models, data protection and judicial automation, and the role of consent in an algorithmic society.

In the contemporary information society, organisations increasingly rely on the collection and analysis of large-scale data (popularly called ‘big data’) to make decisions. These processes, which take place largely beyond the individual’s knowledge, produce a cascade of effects that go beyond privacy and data protection. Should we focus on the possibilities of tackling these often negative effects through other areas of law, or maybe even find new solutions to cope with the dark side of big data? This ground-breaking book is the first to address this crucially important question in detail. Among the issues raised in the analysis are such vital elements as the following: − what is meant by ‘big data’; – ‘privacy’ according to the European Court of Human Rights and the Court of Justice of the European Union; – what the European Union legal framework on privacy and data protection consists of and how it functions in the light of big data; – what companies, governments and other organisations are permitted to do with big data under the current regulatory framework; – the central importance of personal autonomy; – circumstances that influence whether or not the right to privacy is triggered; – big data’s possible impact on democracy through, inter alia, potentially limiting freedom of expression; – how governmental or corporate surveillance chills the receiver’s gathering of information and ideas; – selective offering of choices or information, or manipulation of people’s ideas; – procedural aspects that influence the extrapolation of normative concepts of privacy and data protection; and – how discrimination occurs in big data. This book foregrounds a critical scrutiny of commercial uses of big data – its scale, its limited capacity for independent oversight and the expected prevalence of interference with individuals’ rights. The author’s conclusions explore possible legal alternatives to mitigate the negative impact of big data, using legal instruments, case law and legal academic literature in her analysis. Because the amount of digital data keeps growing and the private lives of individuals are increasingly taking place online – and because of the opacity of the big data process, the fundamental values that are at stake, and the speed of technological developments compared to the pace of legal reform – this comprehensive assessment of flaws in the current framework and possible practical solutions will be warmly welcomed by practitioners, policymakers and government officials in all legal fields related to privacy and data protection.

This thesis examines the principle of purpose limitation in data protection law from the perspective of regulating data-driven innovation. According to this approach, the principle of purpose limitation not only protects an individual's autonomy but simultaneously leaves sufficient room for data controllers to innovate when finding the best solution for protection. The first component of the principle of purpose limitation (i.e. to specify the purpose of data processing) is a precautionary protection instrument which obliges the controller to identify specific risks arising from its processing against all fundamental rights of the data subject. In contrast, the second component (i.e. the requirement to limit data processing to the preceding purpose) aims to control the risk caused by data processing that occurred at a later stage and adds to the risks which were previously identified. This approach provides an answer to the question of how the General Data Protection Regulation which does not only effectively protect an individual's autonomy but also helps controllers to turn their legal compliance into a mechanism that enhances innovation, should be interpreted with regard to all the fundamental rights of the data subject.

Personal data protection has become one of the central issues in any understanding of the current world system. In this connection, the European Union (EU) has created the most sophisticated regime currently in force with the General Data Protection Regulation (GDPR) of 2016. This book on this major data protection reform offers a comprehensive discussion of all principles of personal data processing, obligations of data controllers and rights of data subjects. This is the core of the personal data protection regime. GDPR is applicable directly in all Member States, providing for a unification of data protection rules within the EU. However, it poses a problem in enabling international trade and data transfers outside the EU between economies which have different data protection models in place. Among the broad spectrum of aspects of the subject covered are the following: – summary of the changes introduced by the GDPR; – new territorial scope; – key principles of personal data processing; – legal bases for the processing of personal data; – marketing, cookies and profiling; – new information clauses; – new Subject Access Requests (SARs), including the ‘right to be forgotten’ on the Internet, the right to data portability and the right to object to profiling; – new data protection by design and by default; – benefits from implementing a data protection certificate; and – data transfers outside the EU, including BCRs, SCCs and special features of EU–US arrangements. This book references many rulings of European courts, as well as interpretations and guidelines formulated by European data protection authorities, examples and best practices, making it of great practical value to lawyers and business leaders. Because of the increase in legal certainty in this area guaranteed by the GDPR, multinational corporations and their customers and contractors will benefit enormously from consulting and using this book. For practitioners and academics, researching or advising clients on this area, and government policy advisors, this book provides an indispensable source of guidance and information for many years to come.