Data Privacy and GDPR Handbook (Hardcover)

· 제목 : Data Privacy and GDPR Handbook (Hardcover) 
· 분류 : 외국도서 > 경제경영 > 기업관리
· ISBN : 9781119594246
· 쪽수 : 496쪽
· 출판일 : 2019-11-05

Chapter 1: The Origin and Concept of Data Privacy

1. Introduction

2. Questions and Challenges of Data Privacy

3. The conundrum of voluntary information

4. What is Data Privacy?

5. Doctrine of information privacy

6. Social norms and laws

7. Options for a legal construct: Notice-and-Choice vs. Privacy-as-Trust

8. Notice and choice in the US

9. Enforcement of Notice-and-choice Privacy Laws

10. Privacy-as-trust: An Alternative Model

11. Applying Privacy-as-Trust into Practice – The US Federal Trade Commission (FTC)

12. Additional Challenges in the Advent of the Big Data era

13. Efficacy of privacy-as-trust model

Chapter 2: A Brief History of Data Privacy

1. The extension of privacy as a “right to be left alone”

2. Extending individuals’ privacy rights beyond the “castle”

3. Formation of privacy tort laws.

4. The roots of individual privacy in Europe and the Commonwealth.

5. Privacy encroachment in the new age of internet and connected media.

6. The Gramm-Leach-Bliley Act and the dynamic against privacy rights of individuals.

7. Emergence of economic value of individual data for digital businesses.

8. Legislative initiatives to protect individuals’ data privacy.

9. The Internet Rights Revolution and The EU path

10. Data as an extension of Personal Privacy and End of the 'Wild West'?

11. Cambridge Analytica – a Step too far.

12. The context of privacy in law enforcement.

Chapter 3: GDPR’s Scope of Application

1. When does GDPR apply?

“Processing” of Data

“Personal Data”

Exempted Activities under GDPR

2. The Key Players under GDPR

3. Territorial Scope of GDPR

Physical Presence in the EU:

Processing done “in the context of the activities”

Users based in the EU

“Time of Stay” standard

4. Operation of Public International Law

Chapter 4: Technical & Organizational Requirements under GDPR

1. Accountability

2. The Data Controller

Responsibilities of the Controller

Joint Controllers & Allocating Liability

The Duty to Cooperate with the SA

3. Technical & Organizational Measures

Maintain a Data Protection Level

Minimum Requirements for holding a Data Protection Level

Weighing the Risks

The Network & Information Systems Directive

4. Duty to Maintain Records of Processing Activities

Content of Controller’s Records

Content of Processor’s Records

Exceptions to the Duty

5. Data Protection Impact Assessments

Types of Processing which require DPIA

Scope of Assessment

Business plan oversight?

6. The Data Protection Officer

Designation of DPO

Qualifications & Hiring a DPO

Position of the DPO

Tasks of the DPO

An inherent Conflict of Interest?

DPO Liability

7. Data Protection by Design & Default

Data Protection at the outset

Balancing the amount of Protection

Applying Data Protection by Design

Special Case: Blockchain Technology & GDPR

8. Data Security during Processing

Data Security measures

Determining the Risk Posed

Data Protection Management Systems; A “technical & organizational measure”

9. Personal Data Breaches

Data Breaches Generally

The Controller's duty to Notify

Controller's duty to Communicate the Breach to Data Subjects

10. Codes of Conduct & Certifications

Purpose & Relationship under GDPR

Codes of Conduct

Certification

11. The Data Processor

Relationship between Processor & Controller

Responsibilities of Controller in selecting a Processor

Duties of the Processor

Sub-Processors

Chapter 5: Material Requisites for Processing under the GDPR

1. The Central Principles of Processing

Lawful, Fair & Transparent Processing of Data

Processing limited to a ‘Purpose’

Data Minimization & Accuracy

Storage of Data

Integrity & Confidentiality of the Operation

2. Legal Grounds for Data Processing

Processing based on Consent

Processing based on Legal Sanction

Changing the Processing “Purpose”

Special Categories of Data

3. International Data Transfers

Adequacy Decisions & “Safe” Countries

Explicit Consent

Standard Contractual Clauses

The EU-US Privacy Shield

Binding Corporate Rules

Transfers made with or without Authorization

Derogations

Controllers outside of the EU

4. Intra-Group Processing Privileges

5. Cooperation Obligation on EU Bodies

6. Foreign Law in Conflict with the GDPR

Chapter 6: Data Subject’s Rights

1. The Controller’s duty of Transparency

Creating the Modalities

Facilitating Information Requests

Providing Information to Data Subjects

The Notification Obligation

2. The ‘Digital Miranda’ Rights

Accountability Information

Transparency Information

Timing

Defenses for not providing Information

3. The Right of Access

Accessing Personal Data

Charging a ‘reasonable fee’

4. Right of Rectification

Inaccurate Personal Data

Incomplete Personal Data

Handling Requests

5. Right of Erasure

Development of the Right

The Philosophical debate

Circumstances for Erasure under the GDPR

Erasure of Personal Data which has been made Public

What is ‘Erasure’ of Personal Data?

Exceptions to Erasure

6. Right to Restriction

Granting Restriction

Exceptions to Restriction

7. Right to Data Portability

The Format of Data & Requirements for Portability

Business Competition Issues

Intellectual Property Issues

Restrictions on Data Portability

8. Rights relating to Automated Decision making

The Right to Object

Right to Explanation

Profiling

Exceptions

Special Categories of Data

9. Restrictions on Data Subject Rights

Nature of Restrictions placed

The Basis of Restrictions

Chapter 7: GDPR Enforcement

1. In-House Mechanisms

A Quick Review

Implementing an Internal Rights Enforcement Mechanism

2. Data Subject Representation

Standing of NPOs to represent Data Subjects

Digital Rights Activism

3. The Supervisory Authorities

Role of Supervisory Authority

The Members of the Supervisory Authority

An Independent Body

Professional Secrecy

Competence of the Supervisory Authority

Tasks of the Supervisory Authority

Powers of the SA

Cooperation & Consistency Mechanism

GDPR Enforcement by Supervisory Authorities

4. Judicial Remedies

Judicial action against the Controller or Processor

Courts v. SA; which is better for GDPR enforcement?

Judicial action against the Supervisory Authority

Controller suing the Data Subject?

Suspending the Proceedings

5. Alternate Dispute Resolution

Is an ADR arrangement allowed under GDPR?

ADR Arrangements

Key hurdles of applying ADR to the GDPR

Suggestions for implementing ADR mechanisms

6. Forum Selection Clauses

7. Challenging the existing Law

Chapter 8: Remedies

1. Allocating Liability

Controller alone liable

Processor alone liable

Joint & Several liabilities

2. Compensation

Quantifying ‘Full Compensation’

Conflict in the scope of 'Standing' in Court

3. Administrative Fines

Fines for Regulatory Infringements

Fines for Grave Infringements

Determining the quantum of the Fine

4. Processing Injunctions

Domestic Law

The EU Injunction Directive

The SA’s Power to Restrain Processing

5. Specific Performance

Chapter 9: Governmental use of Data

1. Member State Legislations

2. Processing in 'Public Interest'

What is Public Interest?

Public Interest as a 'legal basis' for Processing

State use of 'Special' Data

Processing relating to Criminal Record Data

3. Public Interest & The Rights of a Data Subject

Erasure & Restriction of Data Processing

Data Portability

Right to Object

Right to Explanation

4. Organizational Exemptions & Responsibilities

5. Public Documents & Data

The Network & Information Systems Directive

Telemedia Data Protection

National Identification Numbers

6. Archiving

7. Handling Government Subpoenas

8. Public Interest Restrictions on GDPR

9. Processing & Freedom of Information & Expression

Journalism & Expression under the GDPR

Combating 'Fake News' in the Modern Age

10. State use of Encrypted Data

11. Employee Data Protection

The Opening Clause

Employment Agreements

The German ‘Betriebsrat’

The French ‘Comité d’ enterprise’

Chapter 10: Facebook – A Perennial Abuser of Data Privacy

1. Facebook has propagated online social networking into an unstoppable global phenomenon.

2. Over the last two years Facebook has been disparaged for its data privacy practices.

3. Facebook has consistently been in violation of GDPR standards both in letter and spirit.

4. The charges against Facebook

5. What is Facebook

6. A network within the social network.

7. There is no shortage of “code of conduct” policies at Facebook

8. Facebook indisputably owns social networking and online human interaction.

9. Social networking as a mission

10. Facebook’s underlying business model

11. Facebook is the apex of sharing and customizability

12. Bundling of privacy policies

13. On the surface Facebook covers all privacy policy bases

14. On the face of it, Facebook claims some philanthropy as well.

15. Mechanisms for Personal Data Collection

16. Advertising – Facebook’s big revenue kahuna

17. And then there is direct marketing

18. Our big (advertiser) brother

19. There is a method to snooping on our clicks

20. What do we control? Or think we do.

21. Even our notifications can produce revenue.

22. Extent of Data Sharing

23. Unlike celebrities, we endorse without compensation

24. Whatever happened to trust

25. And to security of how we live

26. Who is responsible for security of our life data through breaches, or partnerships?

27. And then there were more: Facebook TV, Portal and other Future Projects

28. Who is responsible for content?

29. Why should content be moderated

30. There are Facebook Community Standards

31. Facebook’s process for content moderation

32. Prospective Facebook Content Moderation ‘Supreme Court’

33. Working with Governmental Regimes

34. “Live” Censorship

35. Disinformation & ‘Fake’ News

36. Facebook’s False News Policy

37. Fixing the “Fake News” problem

38. Conclusion

Chapter 11: Facebook & GDPR

1. The Lead Supervisory Authority

2. Facebook no sprachen Deutsche

3. Where is the beef? Fulfilling the Information Obligation

4. Data processing purpose limitation

5. Legitimate Interests; Commercial ‘restraint’ needed

6. Privacy by design?

7. Public endorsement of personalized shopping

8. Customizing Data Protection

9. Our rights versus Facebook obligations

10. A Digital Blueprint & A GDPR Loophole

11. Investigations ahead

12. Future Projects

Chapter 12: Creating a GDPR Compliance Department

1. Step 1: Establish a ‘Point Person’

2. Step 2: Internal Data Audit

3. Step 3: Budgeting

4. Step 4: Levels of Compliance needed

4.1: Local Legal Standards

4.2: Enhanced Legal Standards for International Data Transfers

4.3: International Legal Standards

4.4: Regulatory Standards

4.5: Contractual Obligations

4.6: Groups of Undertakings

5. Step 5: Sizing up the Compliance Department

6. Step 6: Curating the Department to your needs

6.1: ‘In-House’ Employees

6.2: External Industry Operators

6.3: Combining the Resources

7. Step 7: Bring Processor Partners into Compliance

8. Step 8: Bring Affiliates into Compliance

9. Step 9: The Security of Processing

10. Step 10: Revamping Confidentiality Procedures

11. Step 11: Record Keeping

12. Step 12: Educate Employees on New Protocols

13. Step 13: Privacy Policies & User Consent

14. Step 14: Get Certified

15. Step 15: Plan for the Worst Case Scenario

16. Conclusion