book

Data Privacy and GDPR Handbook

by Sanjay Sharma

November 2019

Beginner to intermediate

496 pages

15h 32m

English

Wiley

Read now

Unlock full access

1.1 Questions and Challenges of Data Privacy1.2 The Conundrum of Voluntary Information1.3 What Is Data Privacy?1.4 Doctrine of Information Privacy1.5 Notice-and-Choice versus Privacy-as-Trust1.6 Notice-and-Choice in the US1.7 Enforcement of Notice-and-Choice Privacy Laws1.8 Privacy-as-Trust: An Alternative Model71.9 Applying Privacy-as-Trust in Practice: The US Federal Trade Commission1.10 Additional Challenges in the Era of Big Data and Social Robots1.11 The General Data Protection Regulation (GDPR)1.12 Chapter OverviewNotes
2.1 Privacy as One’s Castle2.2 Extending Beyond the “Castle”2.3 Formation of Privacy Tort Laws2.4 The Roots of Privacy in Europe and the Commonwealth2.5 Privacy Encroachment in the Digital Age2.6 The Gramm-Leach-Bliley Act Tilted the Dynamic against Privacy2.7 Emergence of Economic Value of Individual Data for Digital Businesses2.8 Legislative Initiatives to Protect Individuals’ Data Privacy2.9 The EU Path2.10 End of the Wild West?2.11 Data as an Extension of Personal Privacy2.12 Cambridge Analytica: A Step Too Far2.13 The Context of Privacy in Law EnforcementSummaryNotes
3.1 When Does GDPR Apply?3.2 The Key Players under GDPR3.3 Territorial Scope of GDPR3.4 Operation of Public International LawNotes
4.1 Accountability4.2 The Data Controller4.3 Technical and Organizational Measures4.4 Duty to Maintain Records of Processing Activities4.5 Data Protection Impact Assessments4.6 The Data Protection Officer4.7 Data Protection by Design and Default4.8 Data Security during Processing4.9 Personal Data Breaches4.10 Codes of Conduct and Certifications4.11 The Data ProcessorNotes
5.1 The Central Principles of Processing5.2 Legal Grounds for Data Processing5.3 International Data Transfers5.4 Intragroup Processing Privileges5.5 Cooperation Obligation on EU Bodies5.6 Foreign Law in Conflict with GDPRNotes
6.1 The Controller’s Duty of Transparency6.2 The Digital Miranda Rights6.3 The Right of Access6.4 Right of Rectification6.5 Right of Erasure6.6 Right to Restriction6.7 Right to Data Portability6.8 Rights Relating to Automated Decision Making6.9 Restrictions on Data Subject RightsNotes
7.1 In-House Mechanisms7.2 Data Subject Representation7.3 The Supervisory Authorities7.4 Judicial Remedies7.5 Alternate Dispute Resolution7.6 Forum Selection Clauses7.7 Challenging the Existing LawNotes
8.1 Allocating Liability8.2 Compensation8.3 Administrative Fines8.4 Processing Injunctions8.5 Specific PerformanceNotes
9.1 Member State Legislations9.2 Processing in the “Public Interest”9.3 Public Interest and the Rights of a Data Subject9.4 Organizational Exemptions and Responsibilities9.5 Public Documents and Data9.6 Archiving9.7 Handling Government Subpoenas9.8 Public Interest Restrictions on GDPR9.9 Processing and Freedom of Information and Expression9.10 State Use of Encrypted Data9.11 Employee Data ProtectionNotes

10.1 Step 1: Establish a “Point Person”10.2 Step 2: Internal Data Audit10.3 Step 3: Budgeting10.4 Step 4: Levels of Compliance Needed10.5 Step 5: Sizing Up the Compliance Department10.6 Step 6: Curating the Department to Your Needs10.7 Step 7: Bring Processor Partners into Compliance10.8 Step 8: Bring Affiliates into Compliance10.9 Step 9: The Security of Processing10.10 Step 10: Revamping Confidentiality Procedures10.11 Step 11: Record Keeping10.12 Step 12: Educate Employees on New Protocols10.13 Step 13: Privacy Policies and User Consent10.14 Step 14: Get Certified10.15 Step 15: Plan for the Worst Case Scenario10.16 ConclusionNotes
11.1 Social Networking as an Explosive Global Phenomenon11.2 Facebook Is Being Disparaged for Its Data Privacy Practices11.3 Facebook Has Consistently Been in Violation of GDPR Standards11.4 The Charges against Facebook11.5 What Is Facebook?11.6 A Network within the Social Network11.7 No Shortage of “Code of Conduct” Policies11.8 Indisputable Ownership of Online Human Interaction11.9 Social Networking as a Mission11.10 Underlying Business Model11.11 The Apex of Sharing and Customizability11.12 Bundling of Privacy Policies11.13 Covering All Privacy Policy Bases11.14 Claims of Philanthropy11.15 Mechanisms for Personal Data Collection11.16 Advertising: The Big Revenue Kahuna11.17 And Then There Is Direct Marketing11.18 Our Big (Advertiser) Brother11.19 A Method to Snooping on Our Clicks11.20 What Do We Control (or Think We Do)?11.21 Even Our Notifications Can Produce Revenue11.22 Extent of Data Sharing11.23 Unlike Celebrities, We Endorse without Compensation11.24 Whatever Happened to Trust11.25 And to Security of How We Live11.26 Who Is Responsible for Security of Our Life Data?11.27 And Then There Were More11.28 Who Is Responsible for Content?11.29 Why Should Content Be Moderated?11.30 There Are Community Standards11.31 Process for Content Moderation11.32 Prospective Content Moderation “Supreme Court”11.33 Working with Governmental Regimes11.34 “Live” Censorship11.35 Disinformation and “Fake” News11.36 ConclusionNotes
12.1 The Lead Supervisory Authority12.2 Facebook nicht spricht Deutsch12.3 Where Is the Beef? Fulfilling the Information Obligation12.4 Data Processing Purpose Limitation12.5 Legitimate Interests Commercial “Restraint” Needed12.6 Privacy by Design?12.7 Public Endorsement of Personalized Shopping12.8 Customizing Data Protection12.9 User Rights versus Facebook’s Obligations12.10 A Digital Blueprint and a GDPR Loophole12.11 Investigations Ahead12.12 Future ProjectsNotes
13.1 Our Second Brain13.2 Utopian or Dystopian?13.3 Digital Empowerment: Leveling the Playing FieldNotes
20142015201620172018Notes

Content preview from Data Privacy and GDPR Handbook

6Data Subjects’ Rights

The rights of every man are diminished when the rights of one man are threatened.

— John F. Kennedy

GDPR Recital 1 states: “The protection of natural persons in relation to processing of personal data is a fundamental right.” This statement is the regulation’s anchor and is the main objective to be achieved. With respect to digital rights, GDPR formalizes several preexisting rights and creates new ones for data subjects (or “users”). At the same time, the provisions under Chapter III are not only substantive by laying down rights and liabilities, but are also procedural. It creates a framework for answering the following questions:

What rights do the data subjects have?
How must it be explained to the users?
How can the rights be enforced?
What must be considered when enforcing it?
Under what circumstances may the Controllers derogate or refuse to enforce this right?

With the proliferation of technology, securing these rights is the primary responsibility of the Controller. GDPR is responsive to recent scandals like Cambridge Analytica and British Airways, combined with EU jurisprudence being formalized. Regardless, ensuring strong compliance will prevent paying fines up to €20 million or 4% of the business’s annual turnover.¹ This chapter seeks to answer these questions and provides a framework for protecting these rights.

6.1 The Controller’s Duty of Transparency

The first aspect of the scheme of rights under Chapter III is the manner of informing ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Start your free trial

Publisher Resources

ISBN: 9781119594246Purchase book

Data Privacy and GDPR Handbook

by Sanjay Sharma

6Data Subjects’ Rights

6.1 The Controller’s Duty of Transparency

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

You might also like

Data Privacy

Practical Data Privacy

IAPP CIPP / US Certified Information Privacy Professional Study Guide

Data Center Handbook, 2nd Edition

Publisher Resources

6.1 The Controller’s Duty of Transparency

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,and much more.

You might also like

Data Privacy

Practical Data Privacy

IAPP CIPP / US Certified Information Privacy Professional Study Guide

Data Center Handbook, 2nd Edition

Publisher Resources

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.