Skip to main content

Soeben erschienen: Assessing the Legal and Ethical Impact of Data Reuse

Abstract: In the data economy, many organisations, particularly SMEs may not be in a position to generate large amounts of data themselves, but may benefit from reusing data previously collected by others. Organisations that collect large amounts of data themselves may also benefit from reusing such data for other purposes than originally envisioned. However, under the current EU personal data protection legal framework, constituted by the General Data Protection Regulation, there are clear limits and restrictions to the reuse of personal data. Data can only be reused for purposes that are compatible with the original purposes for which the data were collected and processed. This is at odds with the reality of the data economy, in which there is a considerable need for data reuse. To address this issue, in this article we present the concept of a Data Reuse Impact Assessment (DRIA), which can be considered as an extension to existing Privacy and Data Protection Impact Assessments (PIAs and DPIAs). By adding new elements to these existing tools that specifically focus on the reuse of data and aspects regarding data ethics, a DRIA may typically be helpful to strike a better balance between the protection of personal data that is being reused and the need for data reuse in the data economy. Using a DRIA may contribute to increased trust among data subjects that their personal data is adequately protected. Data subjects, in turn, may then be willing to share more data, which on the long term may also be beneficial for the data economy.

Custers, Bart; Vrabec, Helena U.; Friedewald, Michael: Assessing the Legal and Ethical Impact of Data Reuse: Developing a tool for Data Reuse Impact Assessments (DRIA). In: European Data Protection Law Review (EDPL) 5, No. 3, October 2019, pp. 317 – 337.

DOI https://doi.org/10.21552/edpl/2019/3/7

 

New article: Civilizing drones: Military discourses going civil

Braun, Sven, Michael Friedewald, and Govert Valkenburg, “Civilizing drones: Military discourses going civil“, Science & Technology Studies, Vol. 28, No. 2, 2015, pp. 73-87.

This article presents an account of how a technology being transferred from one area of deployment to another entails that specific discourses travel along. In particular, we show that the development of Unmanned Aircraft Systems (UAS, often referred to as drones) is importantly determined by its military progeny, as the civilian context inherits specific discourses from the military context. Contemporary ideas of privacy and security in drone use can be largely traced back to this original context. We show that concepts and their relative importance primarily depend on the discourses that travel together with the technologies on which the concepts aim to act. There is no technological reason for privacy and security to be implemented the way they are, nor can their implementation be explained merely from socio-political or moral discourses. Instead, material and discursive mechanisms successfully enact and reproduce the dominant military viewpoint.

Just published: “Open consent, biobanking and data protection law”

Hallinan, D.; Friedewald, M. (2015): Open Consent, Biobanking and Data Protection Law Can Open Consent be ‘Informed’ under the Forthcoming Data Protection Regulation? In: Life Sciences, Society and Policy 11, Nr. 1. http://www.lsspjournal.com/content/pdf/s40504-014-0020-9.pdf

This article focuses on whether a certain form of consent used by biobanks – open consent – is compatible with the Proposed Data Protection Regulation. In an open consent procedure, the biobank requests consent once from the data subject for all future research uses of genetic material and data. However, as biobanks process personal data, they must comply with data protection law. Data protection law is currently undergoing reform. The Proposed Data Protection Regulation is the culmination of this reform and, if voted into law, will constitute a new legal framework for biobanking. The Regulation puts strict conditions on consent – in particular relating to information which must be given to the data subject. It seems clear that open consent cannot meet these requirements. 4 categories of information cannot be provided with adequate specificity: purpose, recipient, possible third country transfers, data collected. However, whilst open consent cannot meet the formal requirements laid out by the Regulation, this is not to say that these requirements are substantially undebateable. Two arguments could be put forward suggesting the applicable consent requirements should be rethought. First, from policy documents regarding the drafting process, it seems that the informational requirements in the Regulation are so strict in order to protect the data subject from risks inherent in the use of the consent mechanism in a certain context – exemplified by the online context. There are substantial differences between this context and the biobanking context. Arguably, a consent transaction in the biobanking does not present the same type of risk to the data subject. If the risks are different, then perhaps there are also grounds for a reconsideration of consent requirements? Second, an argument can be made that the legislator drafted the Regulation based on certain assumptions as to the nature of ‘data’. The authors argue that these assumptions are difficult to apply to genetic data and accordingly a different approach to consent might be preferable. Such an approach might be more open consent friendly.