Search results - CEJSH

1

Personal Data Protection as an Expression of Personalism

100%

Chojara-Sobiecka M., Kroczek P.

Philosophy and Canon Law

|

2021

|

vol. 7

|

issue 2

1-9

EN

Human-related issues are the objected personalism. One of the current problems contemporarily recognized and widely known is data protection. The article aims to present a mutual connection between legal regulations of data protection, taking under consideration GDPR, and personalism. The conclusion is that there are many elements in legal regulations that justify the conviction that the protection of personal data can be seen as an expression of personalism.

2

The great escape? Liability of public authorities in the data protection area

100%

Mesarčík M.

The Lawyer Quarterly

|

2021

|

vol. 11

|

issue 1

158-177

EN

The article is focused on the analysis of the liability of public authorities in the data protection area. Public authorities stand outside the spotlight of academics and politics in terms of liability considering the processing of personal data. Nevertheless, public authorities are often controllers of a vast amount of personal data via eGovernment services. Thus, this contribution is aimed to foster the discussion of liability issues concerning public authorities while processing personal data from the point of relevant international data protection legislation and national legislation on the liability of public authorities and its applicability in the data protection area.

3

Anonimizacja niektórych danych w oświadczeniu majątkowym posła

100%

Dubowski R.

Zeszyty Prawnicze BAS

|

2023

|

issue 3(79)

202-209

EN

The issue under analysis concerns the anonymisation of the data of a natural person to whom the Deputy has a financial obligation. After analysing the provisions of the GDPR, the author concludes that they do not preclude the disclosure of the name of the natural person with regard to whom the liability has arisen and do not provide a legal basis for effectively requesting the Marshal of the Sejm to anonymise the data of private individuals with regard to whom the liability has arisen in the declaration of assets.

4

The Analysis of Risks to Personal Data Security

100%

Kosznik-Biernacka S.

Security Dimensions: International & National Studies

|

2020

|

vol. 34(34)

256-267

EN

Article 32 of the EU General Data Protection Regulation imposes the obligation to implement appropriate safeguards to protect personal data. It states that the application of adequate measures is to be preceded by a risk analysis and evaluation. In the current paper, as the main risk factors, probability and consequences were assumed that take into account the basic attributes of information, i.e. confidentiality, integrity and availability. Next, a risk analysis methodology based on the risk matrix is proposed. The issue discussed in the publication is currently valid and still requires careful analysis in order to develop universal standards aimed at establishing certification mechanisms as well as quality labels and markings in terms of personal data protection.

5

Issues of personal data management in organizations – GDPR compliance level analysis

100%

Kucęba R., Chmielarz G.

Informatyka Ekonomiczna

|

2018

|

issue 1(47)

58-71

EN

The paper presents the issues of information and personal data security management in organizations. The authors include in it an analysis of breaches to personal data security in organizations as a vital factor that conditions the necessity to improve the previously applied solutions in this area. Additionally, the paper contains analyses concerning the preparation level of organizations to ensure compliance with the General Data Protection Regulation (GDPR) which is coming into force. The paper constitutes a cognitive query in the scope of the subject matter defined in its title

6

Digitizing the public administration and safeguarding individual rights: automated decision-making at the intersection of the GDPR and Polish administrative procedure

100%

Geburczyk F.

Ruch Prawniczy, Ekonomiczny i Socjologiczny

|

2021

|

vol. 83

|

issue 1

99-113

EN

Automating administrative decision-making through the use of algorithms integrated into administrative procedures constitutes a major goal of both the Polish government and the EU. Notwithstanding the undeniable benefits of automated administrative decision-making, the tentative development of the law regulating administrative procedures in this regard translates into risks to important elements of administrative due process. Although a systematic regulatory approach to automated administrative decision-making is lacking, an analysis of the provisions of the GDPR concerning profiling algorithms and automated decision-making may prove rewarding, given that they may directly affect the procedural rights of parties in proceedings before national authorities. On the other hand, the imprecise language of the GDPR makes it susceptible to interpretations deeply embedded in the hitherto elaborated practices of the Polish administrative procedure. The article analyses the intersection between the GDPR and Polish administrative procedure in order to examine the potential for mutual influences between both frameworks.

7

Gloss on the ruling of the Supreme Administrative Court of 25 May 2022, case reference number III OSK 2273/21

100%

Walencik D.

Ius Novum

|

2023

|

vol. 17

|

issue 1 ENG

PL

The glossed ruling covers two key issues concerning the application of the autonomous and comprehensive rules of the protection of natural persons with regard to the processing of personal data applied by organisational units of the Catholic Church in the territory of the Republic of Poland. The first issue concerns the possibility of further application of these autonomous, comprehensive rules after the GDPR came into force. The second issue concerns the ability to designate and grant a legal status to an independent separate supervisory authority: the Ecclesiastical Data Protection Officer. Approving the stance presented in the ruling of the Supreme Administrative Court, the gloss presents arguments confirming the fact that when the GDPR came into force, a regulation concerning the processing of personal data existed in the Catholic Church (it was primarily contained in the standards of the Code of Canon Law of 1983), which the Catholic Church, by the time specified in Article 91(1) GDPR, harmonised with the provisions of that legal act. Moreover, the mode of operation, the manner of designating or dismissing the Ecclesiastical Data Protection Officer does not have to be derived from the universally binding law. It may arise from the internal law of the Catholic Church, provided that the requirements laid down in Chapter VI GDPR, i.e. independence, fulfilment of general conditions concerning data protection supervisory authorities, secrecy, performance of tasks and exercise of the powers laid down in the GDPR (relevant competences), are met. This argument originates from the principle of autonomy and independence of churches and other religious organisations, guaranteed by the provisions of the Constitution of the Republic of Poland. The reasoning is also confirmed in recital 165 of the GDPR preamble, which states that “This Regulation respects and does not prejudice the status under the constitutional law of churches and associations or religious communities in the Member States, as recognised in Article 17 TFEU”.

8

Zadania i decyzje Prezesa Urzędu Ochrony Danych Osobowych

100%

Sakowska-Baryła M., Wyporska-Frankiewicz J.

Roczniki Nauk Prawnych

|

2022

|

vol. 32

|

issue 1

61-82

EN

Changes in the field of personal data protection related to the entry into force of the provisions of the GDPR and the Act on the protection of personal data resulted in the imposition of a number of different tasks on the President of the Personal Data Protection Office. Many of them are implemented by this authority using the fundamental legal form of administrative action – i.e. an administrative decision, which in this case is adopted in one-instance proceedings. On this basis, the following analysis was carried out: the status and scope of tasks, including the supervisory powers of the President of the Personal Data Protection Office, and the procedural framework in which they are undertaken – including the form of an administrative decision. It was also considered worth to examine whether, in specific cases, the form of an administrative decision constitutes an adequate means of implementing the tasks entrusted by the provisions of the GDPR to the President of the Personal Data Protection Office. In the conclusion, the authors considered it justified to recommend that the legislator should precisely define the legal form in which the tasks of the President of the Personal Data Protection Office should be performed. Moreover, they indicated that the legislator does not seem to notice that the nature of the tasks entrusted to the President of UODO indicates that the form of an administrative decision does not always seem to be not only the best, but even appropriate. Especially when it comes to the actions of this authority related to the need to issue a warning or issue a reminder – the form of an administrative decision does not seem to be justified.

PL

Zmiany w zakresie problematyki ochrony danych osobowych związane z wejściem w życie przepisów RODO oraz ustawy o ochronie danych osobowych spowodowały nałożenie na Prezesa UODO szeregu różnorodnych zadań. Wiele z nich organ ten wykonuje korzystając z podstawowej prawnej formy działania administracji, jaką jest decyzja administracyjna, która w tym przypadku podejmowana jest w jednoinstancyjnym postępowaniu. Na tym tle podjęto kolejno analizę: statusu i zakresu zadań, w tym uprawnień nadzorczych Prezesa UODO oraz ram proceduralnych, w których są one podejmowane – w tym z wykorzystaniem formy decyzji administracyjnej. Za zasadne uznano też zbadanie, czy w konkretnych przypadkach forma decyzji administracyjnej stanowi adekwatny środek realizacji zadań powierzonych przez przepisy RODO Prezesowi UODO. W konkluzji autorki uznały za konieczne rekomendowanie, aby ustawodawca ściśle określił formę prawną, w jakiej powinny być wykonywane zadania Prezesa UODO. Nadto wskazały one, że ustawodawca zdaje się nie dostrzegać, że charakter powierzonych Prezesowi UODO zadań wskazuje, iż forma decyzji administracyjnej nie zawsze wydaje się być nie tylko najlepszą, ale wręcz odpowiednią. Szczególnie, gdy chodzi o działania tego organu związane z koniecznością wydania ostrzeżenia czy udzielenia upomnienia – forma decyzji administracyjnej nie wydaje się być zasadną.

9

The Court of Justice Kicks Around the Dichotomy Between Data Protection and Competition Law Case Comment of the Preliminary Ruling in Case C-252/21 Meta Platforms v. Bundeskartellamt

100%

Martínez A. R.

Yearbook of Antitrust and Regulatory Studies

|

2023

|

vol. 16

|

issue 28

131-152

FR

La protection des données et le droit de la concurrence sont à la croisée des chemins en ce qui concerne leur intégration. Les autorités antitrust et les autorités de contrôle de la protection des données ont été confrontées à la question de savoir si les deux domaines du droit devaient être repris dans la même analyse. L’autorité allemande de la concurrence a été la première à les fusionner dans le cadre de l’affaire qui a fait jurisprudence contre les conditions générales de traitement des données de Facebook. La théorie du préjudice d’exploitation avancée par le Bundeskartellamt est la première du genre à intégrer des considérations relatives à la protection des données dans l’analyse antitrust, notamment en établissant une distinction entre une infraction au règlement général sur la protection des données (RGPD) et un préjudice anticoncurrentiel. Ce commentaire d’affaire présente les principaux développements au niveau national pour ensuite aborder les questions qui ont été repondues par la Cour de justice de l’Union européenne dans l’affaire C-252/21 concernant l’interprétation du GDPR dans le contexte du droit de la concurrence.

EN

Data protection and competition law have been at a crossroads in terms of their integration. Antitrust authorities as well as data protection supervisory authorities have grappled with the question of whether both fields of law should be combined into the same analysis. The German competition authority, the Bundeskartellamt, was the first to fuse them in its landmark case against Facebook’s data processing terms and conditions. The exploitative theory of harm put forward by the German NCA is the first of its kind to integrate data protection considerations into the antitrust analysis, namely by drawing a line between an infringement with the General Data Protection Regulation (GDPR) and anti-competitive harm. This case comment outlines its key developments at the national level, to then address the questions that have been answered by the Court of Justice of the European Union, CJEU, in Case C-252/21 concerning the interpretation of the GDPR in the context of competition law.

10

Soudní dvůr Evropské unie poprvé k nehmotné újmě způsobené porušením nařízení GDPR

89%

Otta Š.

Právník. Teoretický časopis pro otázky státu a práva (The Lawyer - Scientific Review for Problems of State and Law)

|

2024

|

vol. 163

|

issue 5

500-511

EN

The GDPR celebrated its sixth birthday this year. However, this certainly does not mean that all questions related to its application have been answered. One of the unanswered questions so far has been the interpretation of the conditions for the right to compensation for non-material damage caused by a breach of the Regulation. The Court of Justice has recently changed that with its first answers to the preliminary questions referred by the Austrian Supreme Court. The article presents the legal framework of the GDPR on compensation for non-material damage and then focuses on the Court’s judgment, starting with a description of the facts of the case, the Advocate General’s opinion and an analysis of the Court’s conclusions themselves.

CS

Nařízení GDPR oslavilo v letošním roce již šesté narozeniny své účinnosti. To však rozhodně neznamená, že již došlo k zodpovězení všech otázek spojených s jeho aplikací. Jednou z takových nezodpovězených otázek doposud zůstával výklad podmínek pro přiznání práva na náhradu nehmotné újmy způsobené porušením nařízení. To nedávno změnil Soudní dvůr prvními odpověďmi na předběžné otázky položené rakouským nejvyšším soudem. Článek představuje právní rámec nařízení GDPR ohledně náhrady nehmotné újmy a dále je zaměřen na rozsudek Soudního dvora, počínaje popisem skutkových okolností případu, přes stanovisko generálního advokáta až po rozbor jeho samotných závěrů.

11

Cross-Border Flow of Personal Data in the Context of Emigration of the Faithful of the Catholic Church from Poland

88%

Kroczek P.

Ecumeny and Law

|

2021

|

vol. 9

|

issue 2

141-149

EN

The increased emigration of Poles has caused numerous problems of legal and canonical nature, also relating to the activity of the Catholic Church. The article concerns the cross-border processing of personal data carried out by the Catholic Church entities in the context of the emigration of the faithful. Processing of the data of believers takes place, for example, in the formalities related to preparation for entering marriage. From the point of view of canon law the article deals with such issues as: the legality of the process of cross-border data processing, the obligations of the data controller carrying out such a process and the role of the supervisory authority.

12

Ochrana osobních údajů v kriminologickém výzkumu

88%

Nová K., Drápal J.

Česká kriminologie (Czech Criminology)

|

2021

|

vol. 6

|

issue 1-2

1-20

EN

Empirical researchers often use secondary data collected by others, especially state institutions. Due to the increasing availability of data online and the ever-growing ease of merging various datasets, the protection of personal data and adherence to the principles of data processing is becoming increasingly important for researchers. In criminal justice research, the protection of personal data is especially important, as information on convictions or criminal proceedings is under special protection. This article presents the basic principles for conducting research using personal data, focusing on their application in criminological research and especially on the use of secondary data. The article further discusses the responsibilities of personal data administrators and their role in the context of processing data for research purposes, data security, creating databases and their various forms, and the process of anonymization and pseudonymization. The article concludes with practical recommendations for ensuring ethical and legal practices in the field of criminological research vis-à-vis personal data protection.

13

The Powers of the Supervisory Body in the GDPR as a Basis for Shaping the Practices of Personal Data Processing

88%

Hajduk P.

Review of European and Comparative Law

|

2021

|

vol. 45

|

issue 2

57-75

EN

The purpose of this article is to analyse the competences of the supervisory authority provided for in the General Data Protection Regulation (GDPR) as a tool to shape the practice of personal data processing. This article verifies the thesis that the status of the supervisory authority formed in the GDPR, taking into account the authority’s independence, makes it possible to exercise the authority thoroughly, which is the basis for shaping personal data processing practice. Supervisory authorities have a wide range of powers to carry out the duties assigned to them. This is guaranteed by their independence. The exercise of powers resonates with all entities that fall under the jurisdiction of those authorities. The decisions of the authorities become the subject of interest of both the literature and personal data administrators. The powers connected with imposing administrative penalties might play a particular role. Their imposition causes that entities which are in similar circumstances may expect to be subject to the same penalties. In order to avoid this situation, they tend to adapt their practices to the model adopted in the decision. Opinions and recommendations, as well as codes of conduct approved by the supervisory authorities for particular sectors, which are a benchmark for administrators in those sectors, play an important preventive role.

14

The US lessons for the EU personal data breach notification

88%

Kasl F.

The Lawyer Quarterly

|

2021

|

vol. 11

|

issue 1

192-205

EN

The new obligation to notify personal data breaches under Articles 33 and 34 of the General Data Protection Regulation 2016/679 can be seen as a reflection of the US regulatory approach to security breach incidents, which has an established tradition since the enactment of Security Breach Information Act in California in 2002. The contribution presents in two parts the relevant legal frameworks of the US and the EU, in order to provide a discussion on their similarities and differences. The aim is to identify available intellectual stimuli to the respective academic debate regarding interpretation, application and specification of the EU provisions based on inspiration from the US experience. The Part II adds the insight into the respective EU regulatory approach and contains the discussion of the parallels of the US and EU frameworks and available insight to be drawn from this doctrinal research.

15

Zakres danych o obywatelach gromadzonych przez organy administracji rządowej w ostatnich 15 latach

88%

Kurczewska K.

Zeszyty Prawnicze BAS

|

2023

|

issue 4(80)

254-305

EN

The article presents changes in the method and scope of data collected and processed about citizens by government administration that have occurred over the last 15 years. During this time, there has been a significant increase in the number of areas in which data is collected, as well as the level of detail of the data itself. The reasons for the changes are the development of technologies for managing large data sets, adapting legislation to EU standards, increasing the number of public benefits and services, and increasing the scope of control and supervision exercised by administrative bodies. The article also presents changes in the methods of obtaining data.

16

Health data processing in the context of telemedicine: an overview between Brazil and the European Union post pandemic COVID-19

88%

Costa V. V.

Studia Prawnicze: rozprawy i materiały

|

2021

|

issue 2(29)

EN

The use of telemedicine had notably been developed in Brazil after the beginning of the public emergency period caused by the pandemic of COVID-19. With the new data protection law in force in Brazil, which is similar to the GDPR, health data are in the spotlight. The purpose of this article is to exam what measures Brazil has adopted to guarantee the data protection for health data in view of this scenario, taking the EU as a perspective for comparison reasons. For the Brazilian analysis, not only the formal legislation was considered, but also the guidance of the Federal Council of Medicine, which is the competent authority to supervise and issue orders on the development of medicine in Brazil, including the telemedicine. The comparison with the EU was chosen due to the similar data protection regulation, since the LGPD presents similar provisions and regulations to those established in the GDPR, and because the European Commission has issued a study on February 11, 2021, assessing the implementation of the GDPR and the domestic regulations for health data in each of the EU countries. This article has found out Brazilian regulation still presents flaws and points for clarification, which are fundamental to guarantee the necessary legal security in operations.

17

Przetwarzanie danych osobowych do celów badań naukowych. Aspekty prawne

87%

Pyka A.

Studia Prawa Publicznego

|

2019

|

issue 4(28)

79-101

EN

This article refers to the issue of personal data processing conducted in connection with scientific research and in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). It is not uncommon for the purposes of scientific research to process personal data, which is connected with the obligation to respect the rights of the data of the subjects involved. Entities conducting scientific research that process personal data for this purpose are required to apply the general regulation governing, among others, the obligations imposed on the controllers. The issue of personal data processing for scientific research purposes has also been regulated in national legislation in connection with the need to apply the General Data Protection Regulation. The article discusses the basics of the admissibility of data processing for the needs of scientific research; providing personal data regarding criminal convictions and offences extracted from public registers at the request of the entity conducting scientific research; exercising the rights of the data of the subjects concerned; as well as the implementation of appropriate technical and organizational measures to ensure the security of data processing. In addition, the article discusses the issue of anonymization of personal data carried out after achieving the purpose of personal data processing, as well as the processing of special categories of personal data. The topics discussed in the article were not discussed in detail, as this would require further elaboration in a publication with a much wider volume range.

18

Koncepcja polityki bezpieczeństwa w świetle zmian w ochronie danych osobowych w placówce medycznej

75%

Dziembała M.

Studia Ekonomiczne

|

2018

|

vol. 355

21-30

PL

Artykuł przedstawia koncepcję budowy polityki bezpieczeństwa danych osobowych w placówce medycznej, ze szczególnym uwzględnieniem przetwarzanych danych osobowych, w świetle zmian, które obowiązywać będą od 25 maja 2018 r. po wprowadzeniu Rozporządzenia Parlamentu Europejskiego w sprawie ochrony osób fizycznych w związku z przetwarzaniem danych osobowych i w sprawie swobodnego przepływu takich danych. W jego ramach została opracowana koncepcja w postaci spisów treści dokumentów dostosowanych do istniejących regulacji oraz przyszłych wymogów prawnych.

EN

The article presents the concept of building a personal data security policy in a medical facility, with particular emphasis on personal data being processed, in the light of changes that will apply from 25 May 2018 after the introduction of the European Parliament Regulation on the protection of individuals with regard to the processing of personal data and on the free movement such data. A concept, specific tables of contents of documents adapted to existing regulations and future legal requirements were developed.

19

W poszukiwaniu prawa właściwego dla cywilnoprawnych roszczeń odszkodowawczych z tytułu naruszenia RODO (art. 82 RODO)

75%

Jagielska M., Jagielski M.

Problemy Prawa Prywatnego Międzynarodowego

|

2021

|

vol. 28

51-73

EN

The main purpose of this study is to determine which conflict of law rules constitute the basis for the search for the law applicable to private-law compensation claims provided for in Article 82 of the GDPR, and whether it is possible to apply the Rome II Regulation on the law applicable to non-contractual obligations in this regard. The authors first set out the main features of the claim, with particular emphasis on those areas where discrepancies may arise at the level of national law. They then qualify the claim as a tortious one, which leads them to pose a question about the applicability of the Rome II Regulation in this case. Special attention is given to the relationship between privacy and personal data protection. The authors argue that these two spheres have become gradually separated from each other and finally, under GDPR, claims for damages for a breach of personal data protection being independent of claims for an infringement of personal rights. Consequently, they assume that the law applicable to a claim under Article 82 of the GDPR should be indicated on the basis of the Rome II Regulation, despite the doubts arising from the exclusion provided for in Article 1.2.g Rome II. If approach is accepted, it will have significant consequences for the harmonisation of the application of the GDPR in the EU Member States, and for achieving the harmonisation of decisions at the level of national law.

20

Ochrona prawa do prywatności w Polsce w świetle RODO

75%

Chrostowska-Malak K.

Przegląd Zachodni

|

2020

|

issue 1 (374)

329-349

EN

The provisions of the GDPR in force as of 25.05.2018 form the basis for the creation of a new system for the protection of personal data (protection of the right to privacy) at the EU level, its member states and in individual entities subject to them. Although the Regulation requires compliance to clearly defined rules, it gives the entities to which it applies the possibility to introduce various organizational solutions and means of protection depending on the nature of the organization, its conditions and needs. We have passed the first stage of implementing the new regulations, characterized by uncertainty and information chaos, sometimes accompanied by the fear of high fines. Now, we are entering a phase of greater certainty of action (legal certainty). Undoubtedly, there is no judicial interpretation of the provisions of the GDPR. On the other hand, the jurisprudence regarding the right to privacy, guidelines of the socalled Working Group, art. 29, and on a regular basis - the guidelines and explanations of state authorities responsible for the implementation of the new EU law prove very helpful. The experience gained, not only in the form of good examples, but also the conclusions drawn from bad practices, referred to as „GDPR absurdities”, is becoming more and more valuable. These situations have made us realize how dangerous it can be to misinterpret law when such an interpretation is done in isolation from the essence of the law. The protection of personal data, although subject to an independent legal regime, is not only a value in itself. It is to serve first and foremost the individual and the social welfare and, consequently, the proper functioning of public and private sector entities to which the provisions of the GDPR apply. The purpose of this article will be to present the basis of the privacy protection system in the light of the GDPR, and - taking into account less than one year of the functioning of the GDPR - an attempt to formulate proposals that at the current stage seem to be of crucial importance for the process of further development of the personal data protection system.

Refine search results