تحلیل بستر قانونی حمایت از داده شخصی در اتحادیه اروپا

نویسندگان

دانشگاه فردوسی مشهد؛ مشهد، ایران؛

چکیده

داده‌های شخصی اهمیت اقتصادی فراوانی دارند، به‌طوری‌که آن‌ها را پول آینده نامیده‌اند. در عین ‌حال، محیط‌هایی که اشخاص در آن‌ها زندگی می‌کنند و به‌طور مداوم با آن‌ها سروکار دارند، داده‌های اشخاص را جمع‌آوری و پردازش کرده و به ‌شیوه‌های مختلف از داده‌ها استفاده می‌کنند. بنابراین، ضرورت وجود قوانینی که از این امر ارزشمند در مقابلِ استفاده‌های فراوان حفاظت کند، احساس می‌شود. مهم‌ترین بستر قانونی برای حمایت از داده شخصی، مقررات عمومی حفاظت از داده (GDPR) است. این مقررات در سال ۲۰۱۶ توسط پارلمان و شورای اروپا تصویب و از سال ۲۰۱۸ در تمامی کشورهای عضو اتحادیه اروپا لازم‌الاجرا شده است و به‌دلیل ویژگی‌ها و حمایت‌های بدیع و دقیق خود، جامع‌ترین بستر قانونی در خصوص حمایت از داده است. به‌ جهت اهمیت GDPR در خصوص حفاظت از داده‌‌های شخصی، معرفی این بستر قانونی، پرداختن به مفاهیم اساسی، دامنه اعمال و بیان نقاط قوت این مقررات به‌منظور درک بهتر حمایت‌های مندرج در GDPR ضروری است. پژوهش حاضر با تتبع در مقررات مذکور و منابع مرتبط، به این مهم می‌پردازد و در جهت شفاف‌سازی این مقررات برای کمک به تدوین بستر قانونی مناسب، در خصوص حمایت از داده شخصی در نظام حقوقی ایران گام برمی‌دارد.

کلیدواژه‌ها


عنوان مقاله [English]

Analysis of the Legal Framework for the Protection of Personal Data in the European Union

نویسندگان [English]

  • Mahdieh Latifzadeh
  • Sayyed Mohammad Mahdi Qabuli Dorafshan
  • Saeed Mohseni
  • Mohammed Abedi
چکیده [English]

Personal data is of great economic importance, which is called the currency of the future, but the environment in which people live and work with it constantly, collect and process personal data and use it in a variety of ways. Therefore, there is a need for laws that protect this valuable thing. The most important legal framework for the protection of personal data is the General Data Protection Regulation (GDPR). This regulation was approved in 2016 and came into force in 2018, and is currently the most comprehensive framework for the protection of personal data. However, in previous years the EU has enacted legislation on the protection of personal data (Personal Data Protection Directive 1995), but this regulation is the most complete legal framework for data protection due to its innovative features and protections. Due to the importance of this regulation in the protection of personal data, it is necessary to introduce this legal framework and express the basic concepts, scope of application and strengths of this regulation in order to better understand the protections contained in the GDPR. The present article, by searching this regulation and related sources, states this and takes steps to clarify this regulation to help formulate an appropriate legal framework regarding the protection of personal data in the Iranian legal system.

کلیدواژه‌ها [English]

  • GDPR
  • personal data
  • Processing
  • controller
  • Processor
  1. ابن ادریس حلی، محمد‌بن احمد. 1387. ‌موسوعه ابن إدریس الحلی. قم: دلیل ما.
  2. ابن ادریس حلی، محمد‌بن احمد. 1387. ‌موسوعه ابن إدریس الحلی. قم: دلیل ما.
  3. حسینی عاملی، محمدجواد بن محمد. بی‌تا. مفتاح الکرامه فی شرح قواعد العلامه. بیروت: دار إحیاء التراث العربی.
  4. حسینی عاملی، محمدجواد بن محمد. بی‌تا. مفتاح الکرامه فی شرح قواعد العلامه. بیروت: دار إحیاء التراث العربی.
  5. سیستانی، علی. 1415 ه.ق. منهاج الصالحین. قم: مکتب آیه‌الله العظمی السید السیستانی.
  6. سیستانی، علی. 1415 ه.ق. منهاج الصالحین. قم: مکتب آیه‌الله العظمی السید السیستانی.
  7. شهید ثانی، زین‌‌الدین. 1410 ه.ق. الروضه البهیه فی شرح اللمعه الدمشقیه. قم: مکتبه الداوری.
  8. شهید ثانی، زین‌‌الدین. 1410 ه.ق. الروضه البهیه فی شرح اللمعه الدمشقیه. قم: مکتبه الداوری.
  9. شیخ طوسی، محمد‌بن حسن. 1387 ه.ق. المبسوط فی فقه الإمامیه. تهران‌: مکتبه المرتضویه.
  10. شیخ طوسی، محمد‌بن حسن. 1387 ه.ق. المبسوط فی فقه الإمامیه. تهران‌: مکتبه المرتضویه.
  11. علامه حلی، حسن بن یوسف. 1420 ه.ق. تحریر الأحکام الشرعیه علی مذهب الإمامیه. قم: مؤسسه الإمام الصادق علیه‌السلام.
  12. علامه حلی، حسن بن یوسف. 1420 ه.ق. تحریر الأحکام الشرعیه علی مذهب الإمامیه. قم: مؤسسه الإمام الصادق علیه‌السلام.
  13. کاتوزیان، ناصر. 1396. عقود معین 2. تهران: گنج دانش.
  14. کاتوزیان، ناصر. 1396. عقود معین 2. تهران: گنج دانش.
  15. Ahmed, J. U. 2010. Documentary Research Method: New Dimensions. Indus Journal of Management & Social Science (IJMSS) 4 (1): 1-14.
  16. Ahmed, J. U. 2010. Documentary Research Method: New Dimensions. Indus Journal of Management & Social Science (IJMSS) 4 (1): 1-14.
  17. Allison, S. 2009. the Concept of Personal Data Under the Data Protection Regime. Edinburgh Student Law Review 1: 48-65.
  18. Allison, S. 2009. the Concept of Personal Data Under the Data Protection Regime. Edinburgh Student Law Review 1: 48-65.
  19. Baker McKenzie. 2019. EDPB - Guidelines on the Territorial Scope of the GDPR (Art. 3) and on Representatives (Art. 27) - Now adopted after public consultation (pp. 1-6). https://www.bakermckenzie.com/en/insight/publications/2019/12/guidelines-on-the-territorial-scope-of-gdpr (accessed June 16, 2020)
  20. Baker McKenzie. 2019. EDPB - Guidelines on the Territorial Scope of the GDPR (Art. 3) and on Representatives (Art. 27) - Now adopted after public consultation (pp. 1-6). https://www.bakermckenzie.com/en/insight/publications/2019/12/guidelines-on-the-territorial-scope-of-gdpr (accessed June 16, 2020)
  21. Bitar, H. and J. Bjorn. 2017. GDPR : Securing Personal Data in Compliance with new EU-Regulations A7009N GDPR : Securing Personal Data in Compliance with new EU- Regulations Luleå University of Technology. Business.
  22. Bitar, H. and J. Bjorn. 2017. GDPR : Securing Personal Data in Compliance with new EU-Regulations A7009N GDPR : Securing Personal Data in Compliance with new EU- Regulations Luleå University of Technology. Business.
  23. California's Consumer Privacy Act and Other State Privacy & Security Laws. (n.d.). Morgan Lewis. Retrieved from https://www.morganlewis.com/topics/ccpa-and-state-privacy-security-laws (accessed Oct. 4, 2020)
  24. California's Consumer Privacy Act and Other State Privacy & Security Laws. (n.d.). Morgan Lewis. Retrieved from https://www.morganlewis.com/topics/ccpa-and-state-privacy-security-laws (accessed Oct. 4, 2020)
  25. Chassang, G., T. Southerington, M. Boeckhout, & S. Slokenberga. 2018. Data Portability in Health Research and Biobanking: Legal Benchmarks for Appropriate Implementation. European Data Protection Law Review 3: 297-307. [DOI:10.21552/edpl/2018/3/8]
  26. Chassang, G., T. Southerington, M. Boeckhout, & S. Slokenberga. 2018. Data Portability in Health Research and Biobanking: Legal Benchmarks for Appropriate Implementation. European Data Protection Law Review 3: 297-307. [DOI:10.21552/edpl/2018/3/8]
  27. Colcelli, V. 2019. Joint Controller Agreement Under Gdpr. Eu and Member States - Legal and Economic Issues 3: 1030-1047. [DOI:10.25234/eclic/9043]
  28. Colcelli, V. 2019. Joint Controller Agreement Under Gdpr. Eu and Member States - Legal and Economic Issues 3: 1030-1047. [DOI:10.25234/eclic/9043]
  29. Consumers International. 2019. The state of data protection rules around the world (pp. 1-7). https://www.consumersinternational.org/media/155133/gdpr-briefing.pdf (accessed April 8, 2020)
  30. Consumers International. 2019. The state of data protection rules around the world (pp. 1-7). https://www.consumersinternational.org/media/155133/gdpr-briefing.pdf (accessed April 8, 2020)
  31. Curia. 2014a. František Ryneš v Úřad pro ochranu osobních údajů,In Case C-212/13 (Issue December).
  32. Curia. 2014a. František Ryneš v Úřad pro ochranu osobních údajů,In Case C-212/13 (Issue December).
  33. Curia. 2014b. Google Spain v. Agencia Española de Protección de Datos (AEPD) and Costeja González,In Case C-131/12 (Issue May).
  34. Curia. 2014b. Google Spain v. Agencia Española de Protección de Datos (AEPD) and Costeja González,In Case C-131/12 (Issue May).
  35. EC. European Commission. (n.d.). Can someone else process the data on my organisation's behalf? | European Commission. Retrieved from https://ec.europa.eu/info/law/law-topic/data-protection/reform/rules-business-and-organisations/obligations/controller-processor/can-someone-else-process-data-my-organisations-behalf_en (accessed March 12, 2020)
  36. EC. European Commission. (n.d.). Can someone else process the data on my organisation's behalf? | European Commission. Retrieved from https://ec.europa.eu/info/law/law-topic/data-protection/reform/rules-business-and-organisations/obligations/controller-processor/can-someone-else-process-data-my-organisations-behalf_en (accessed March 12, 2020)
  37. _____. 2019. Data Protection Certification Mechanisms Study on Articles 42 and 43 of the Regulation (EU) 2016/679 (pp. 1-255).
  38. _____. 2019. Data Protection Certification Mechanisms Study on Articles 42 and 43 of the Regulation (EU) 2016/679 (pp. 1-255).
  39. EC, E. C. (n.d.). Questions and Answers - General Data Protection Regulation. Retrieved from https://ec.europa.eu/commission/presscorner/detail/en/MEMO_18_387 (accessed Feb. 13, 2020)
  40. EC, E. C. (n.d.). Questions and Answers - General Data Protection Regulation. Retrieved from https://ec.europa.eu/commission/presscorner/detail/en/MEMO_18_387 (accessed Feb. 13, 2020)
  41. EDPB. 2019. Guidelines 3/2018 on the territorial scope of the GDPR (Article 3). November, 1-23. https://edpb.europa.eu/sites/edpb/files/files/file1/edpb_guidelines_3_2018_territorial_scope_after_public_consultation_en_0.pdf (accessed May 9, 2020)
  42. EDPB. 2019. Guidelines 3/2018 on the territorial scope of the GDPR (Article 3). November, 1-23. https://edpb.europa.eu/sites/edpb/files/files/file1/edpb_guidelines_3_2018_territorial_scope_after_public_consultation_en_0.pdf (accessed May 9, 2020)
  43. _____. (n.d.). The History of the General Data Protection Regulation. Retrieved from https://edps.europa.eu/data-protection/data-protection/legislation/history-general-data-protection-regulation_en (accessed Feb. 11, 2020)
  44. _____. (n.d.). The History of the General Data Protection Regulation. Retrieved from https://edps.europa.eu/data-protection/data-protection/legislation/history-general-data-protection-regulation_en (accessed Feb. 11, 2020)
  45. EUR-Lex. 2012a. Charter of Fundamental Rights of the European :union: (2012/C 326/02). Official Journal of the European :union:, 391-407. https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:12012P/TXT&from=EN (accessed March 18, 2020)
  46. EUR-Lex. 2012a. Charter of Fundamental Rights of the European :union: (2012/C 326/02). Official Journal of the European :union:, 391-407. https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:12012P/TXT&from=EN (accessed March 18, 2020)
  47. _____. 2012b. Consolidated Version of the Treaty on the Functioning of the European :union:. Official Journal of the European :union:, 47-390. https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:12012E/TXT&from=EN (accessed March 18, 2020)
  48. _____. 2012b. Consolidated Version of the Treaty on the Functioning of the European :union:. Official Journal of the European :union:, 47-390. https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:12012E/TXT&from=EN (accessed March 18, 2020)
  49. _____. 2016. Regulation (EU) 2016/679 On the Protection of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement of Such Data (General Data Protection Regulation - GDPR). Official Journal of the European :union:, 1-88. https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679&from=EN (accessed July 21, 2020)
  50. _____. 2016. Regulation (EU) 2016/679 On the Protection of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement of Such Data (General Data Protection Regulation - GDPR). Official Journal of the European :union:, 1-88. https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679&from=EN (accessed July 21, 2020)
  51. European Commission. (n.d.-a). Data protection in the EU. Retrieved from https://ec.europa.eu/info/law/law-topic/data-protection/data-protection-eu_en (accessed Jan. 16, 2021)
  52. European Commission. (n.d.-a). Data protection in the EU. Retrieved from https://ec.europa.eu/info/law/law-topic/data-protection/data-protection-eu_en (accessed Jan. 16, 2021)
  53. _____. (n.d.-b). How is data on my religious beliefs/sexual orientation/health/political views protected? Retrieved from https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/how-my-personal-data-protected/how-data-my-religious-beliefs-sexual-orientation-health-political-views-protected_en (accessed March 9, 2020)
  54. _____. (n.d.-b). How is data on my religious beliefs/sexual orientation/health/political views protected? Retrieved from https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/how-my-personal-data-protected/how-data-my-religious-beliefs-sexual-orientation-health-political-views-protected_en (accessed March 9, 2020)
  55. _____. 2016. Data protection in the EU | European Commission. Data Protection in the EU. https://ec.europa.eu/info/law/law-topic/data-protection/data-protection-eu_en (accessed Feb. 14, 2020)
  56. _____. 2016. Data protection in the EU | European Commission. Data Protection in the EU. https://ec.europa.eu/info/law/law-topic/data-protection/data-protection-eu_en (accessed Feb. 14, 2020)
  57. _____. 2018a. What is a data controller or a data processor? | European Commission. Ec.Europa.Eu. https://ec.europa.eu/info/law/law-topic/data-protection/reform/rules-business-and-organisations/obligations/controller-processor/what-data-controller-or-data-processor_en (accessed Dec. 19, 2019)
  58. _____. 2018a. What is a data controller or a data processor? | European Commission. Ec.Europa.Eu. https://ec.europa.eu/info/law/law-topic/data-protection/reform/rules-business-and-organisations/obligations/controller-processor/what-data-controller-or-data-processor_en (accessed Dec. 19, 2019)
  59. _____. 2018b. Who does the data protection law apply to? Ec.Europa.Eu. https://ec.europa.eu/info/law/law-topic/data-protection/reform/rules-business-and-organisations/application-regulation/who-does-data-protection-law-apply_en (accessed April 1, 2020)
  60. _____. 2018b. Who does the data protection law apply to? Ec.Europa.Eu. https://ec.europa.eu/info/law/law-topic/data-protection/reform/rules-business-and-organisations/application-regulation/who-does-data-protection-law-apply_en (accessed April 1, 2020)
  61. _____. 2019a. What constitutes data processing? | European Commission. https://ec.europa.eu/info/law/law-topic/data-protection/reform/what-constitutes-data-processing_en (accessed July 7, 2020)
  62. _____. 2019a. What constitutes data processing? | European Commission. https://ec.europa.eu/info/law/law-topic/data-protection/reform/what-constitutes-data-processing_en (accessed July 7, 2020)
  63. _____. 2019b. What is personal data. European Commission Policies, Information and Services. https://ec.europa.eu/info/law/law-topic/data-protection/reform/what-personal-data_en (accessed Aug. 6, 2020)
  64. _____. 2019b. What is personal data. European Commission Policies, Information and Services. https://ec.europa.eu/info/law/law-topic/data-protection/reform/what-personal-data_en (accessed Aug. 6, 2020)
  65. European Data Protection Supervisor. (n.d.). Legislation. Retrieved from https://edps.europa.eu/data-protection/data-protection/legislation_en (accessed Feb. 11, 2020)
  66. European Data Protection Supervisor. (n.d.). Legislation. Retrieved from https://edps.europa.eu/data-protection/data-protection/legislation_en (accessed Feb. 11, 2020)
  67. European Parliament. 2018. Petition No 0497/2018 by D.B. (German) on the General Data Protection Regulation (GDPR) (pp. 1-2). https://www.europarl.europa.eu/doceo/document/PETI-CM-631840_EN.pdf?redirect (accessed Dec. 17, 2019)
  68. European Parliament. 2018. Petition No 0497/2018 by D.B. (German) on the General Data Protection Regulation (GDPR) (pp. 1-2). https://www.europarl.europa.eu/doceo/document/PETI-CM-631840_EN.pdf?redirect (accessed Dec. 17, 2019)
  69. Feijóo, C., J. L. Gómez-Barroso, & P. Voigt. 2014. Exploring the economic value of personal information from firms' financial statements. International Journal of Information Management, 34 (2): 248-256. [DOI:10.1016/j.ijinfomgt.2013.12.005]
  70. Feijóo, C., J. L. Gómez-Barroso, & P. Voigt. 2014. Exploring the economic value of personal information from firms' financial statements. International Journal of Information Management, 34 (2): 248-256. [DOI:10.1016/j.ijinfomgt.2013.12.005]
  71. Finck, M. 2018. Blockchains and Data Protection in the European :union:. European Data Protection Law Review 4 (1): 17-35. [DOI:10.21552/edpl/2018/1/6]
  72. Finck, M. 2018. Blockchains and Data Protection in the European :union:. European Data Protection Law Review 4 (1): 17-35. [DOI:10.21552/edpl/2018/1/6]
  73. Futter, D., & G. Shivarattan. 2020. Territorial scope of the GDPR - Where does the boundary lie ? (pp. 1-5). https://www.ashurst.com/en/news-and-insights/legal-updates/territorial-scope-of-the-gdpr---where-does-the-boundary-lie/ (accessed August. 6, 2020)
  74. Futter, D., & G. Shivarattan. 2020. Territorial scope of the GDPR - Where does the boundary lie ? (pp. 1-5). https://www.ashurst.com/en/news-and-insights/legal-updates/territorial-scope-of-the-gdpr---where-does-the-boundary-lie/ (accessed August. 6, 2020)
  75. Gabel, D., & T. Hickman. 2019. Chapter 3: Subject matter and scope - Unlocking the EU General Data Protection Regulation. White & Case, 1-3. https://www.whitecase.com/publications/article/chapter-3-subject-matter-and-scope-unlocking-eu-general-data-protection (accessed Feb. 3, 2020)
  76. Gabel, D., & T. Hickman. 2019. Chapter 3: Subject matter and scope - Unlocking the EU General Data Protection Regulation. White & Case, 1-3. https://www.whitecase.com/publications/article/chapter-3-subject-matter-and-scope-unlocking-eu-general-data-protection (accessed Feb. 3, 2020)
  77. Ganotra, S. 2018. GDPR Compliant or Not Court Uncourt 5 (6): 1-4
  78. Ganotra, S. 2018. GDPR Compliant or Not Court Uncourt 5 (6): 1-4
  79. Goethem, A. van. 2018. The Effects of Brexit on Gdpr Implementation An Investigation into Data Protection Legislation within the United Kingdom (pp. 1-62). U.K.: Leiden University.
  80. Goethem, A. van. 2018. The Effects of Brexit on Gdpr Implementation An Investigation into Data Protection Legislation within the United Kingdom (pp. 1-62). U.K.: Leiden University.
  81. Greenleaf, G. 2012. Global Data Privacy Laws: 89 Countries, and Accelerating. Privacy Laws & Business International Report 115: 1-14.
  82. Greenleaf, G. 2012. Global Data Privacy Laws: 89 Countries, and Accelerating. Privacy Laws & Business International Report 115: 1-14.
  83. Information Commissioner's Office. 2018a. Codes of conduct. https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/accountability-and-governance/codes-of-conduct/ (accessed June. 5, 2020 )
  84. Information Commissioner's Office. 2018a. Codes of conduct. https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/accountability-and-governance/codes-of-conduct/ (accessed June. 5, 2020 )
  85. _____. 2018b. What are 'controllers' and 'processors'? https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/controllers-and-processors/what-are-controllers-and-processors/ (accessed Dec. 16, 2020)
  86. _____. 2018b. What are 'controllers' and 'processors'? https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/controllers-and-processors/what-are-controllers-and-processors/ (accessed Dec. 16, 2020)
  87. Jan Philipp, A. 2016. How the GDPR Will Change the World. In European Data Protection Law Review 2 (3): 287-289. [DOI:10.21552/EDPL/2016/3/4]
  88. Jan Philipp, A. 2016. How the GDPR Will Change the World. In European Data Protection Law Review 2 (3): 287-289. [DOI:10.21552/EDPL/2016/3/4]
  89. Korpisaari, P. 2019. Finland: A Brief Overview of the GDPR Implementation. European Data Protection Law Review 5 (2): 232-237. [DOI:10.21552/edpl/2019/2/13]
  90. Korpisaari, P. 2019. Finland: A Brief Overview of the GDPR Implementation. European Data Protection Law Review 5 (2): 232-237. [DOI:10.21552/edpl/2019/2/13]
  91. Kubben, P., M. Dumontier, & A. Dekker. (Eds.). 2019. Fundamentals of Clinical Data Science. Cham :Springer International Publishing. [DOI:10.1007/978-3-319-99713-1]
  92. Kubben, P., M. Dumontier, & A. Dekker. (Eds.). 2019. Fundamentals of Clinical Data Science. Cham :Springer International Publishing. [DOI:10.1007/978-3-319-99713-1]
  93. Legifrance. (n.d.). French Code civil. Retrieved from https://www.legifrance.gouv.fr/affichCode.do;jsessionid=529DE05A50A7DBD1C42C6A0C93B4F259.tplgfr34s_2?idSectionTA=LEGISCTA000006136404&cidTexte=LEGITEXT000006070721&dateTexte=20200812 (accessed Aug. 12, 2020)
  94. Legifrance. (n.d.). French Code civil. Retrieved from https://www.legifrance.gouv.fr/affichCode.do;jsessionid=529DE05A50A7DBD1C42C6A0C93B4F259.tplgfr34s_2?idSectionTA=LEGISCTA000006136404&cidTexte=LEGITEXT000006070721&dateTexte=20200812 (accessed Aug. 12, 2020)
  95. Marelli, L., & G. Testa. 2018. Scrutinizing the EU General Data Protection Regulation How will new decentralized governance impact research? Science, 496-498. (accessed Feb. 15. 2020) [DOI:10.1126/science.aar5419]
  96. Marelli, L., & G. Testa. 2018. Scrutinizing the EU General Data Protection Regulation How will new decentralized governance impact research? Science, 496-498. (accessed Feb. 15. 2020) [DOI:10.1126/science.aar5419]
  97. OECD. 2010. The economics of personal data and privacy: 30 years after the OECD guidelines. http://www.oecd.org/internet/ieconomy/theeconomicsofpersonaldataandprivacy30yearsaftertheoecdprivacyguidelines.htm (accessed April 25, 2020)
  98. OECD. 2010. The economics of personal data and privacy: 30 years after the OECD guidelines. http://www.oecd.org/internet/ieconomy/theeconomicsofpersonaldataandprivacy30yearsaftertheoecdprivacyguidelines.htm (accessed April 25, 2020)
  99. Olivi, G. 2019. Are we subject to GDPR ? The territorial scope criteria under the new EDPB Guidelines. Mondaq. https://www.mondaq.com/italy/privacy-protection/871206/are-we-subject-to-gdpr-the-territorial-scope-criteria-under-the-new-edpb-guidelines (accessed August 22, 2021)
  100. Olivi, G. 2019. Are we subject to GDPR ? The territorial scope criteria under the new EDPB Guidelines. Mondaq. https://www.mondaq.com/italy/privacy-protection/871206/are-we-subject-to-gdpr-the-territorial-scope-criteria-under-the-new-edpb-guidelines (accessed August 22, 2021)
  101. Politou, E., E. Alepis, & C. Patsakis. 2018. Forgetting personal data and revoking consent under the GDPR: Challenges and proposed solutions. Journal of Cybersecurity 4 (1): 1-20. [DOI:10.1093/cybsec/tyy001]
  102. Politou, E., E. Alepis, & C. Patsakis. 2018. Forgetting personal data and revoking consent under the GDPR: Challenges and proposed solutions. Journal of Cybersecurity 4 (1): 1-20. [DOI:10.1093/cybsec/tyy001]
  103. Practical Law. (n.d.-a). Certification mechanism. Retrieved March 11, 2020, from https://uk.practicallaw.thomsonreuters.com/w-014-8170?transitionType=Default&contextData=(sc.Default)&firstPage=true&bhcp=1 (accessed March 11, 2020)
  104. Practical Law. (n.d.-a). Certification mechanism. Retrieved March 11, 2020, from https://uk.practicallaw.thomsonreuters.com/w-014-8170?transitionType=Default&contextData=(sc.Default)&firstPage=true&bhcp=1 (accessed March 11, 2020)
  105. _____. (n.d.-b). Recital (EU). Retrieved August 11, 2020, from https://uk.practicallaw.thomsonreuters.com/w-009-6368?transitionType=Default&contextData=(sc.Default)&firstPage=true&bhcp=1 (accessed June 10, 2020)
  106. _____. (n.d.-b). Recital (EU). Retrieved August 11, 2020, from https://uk.practicallaw.thomsonreuters.com/w-009-6368?transitionType=Default&contextData=(sc.Default)&firstPage=true&bhcp=1 (accessed June 10, 2020)
  107. Purtova, N. 2018. The law of everything Broad concept of personal data and future of EU data protection law. Law, Innovation and Technology, 40-81. (accessed July 6, 2020) [DOI:10.1080/17579961.2018.1452176]
  108. Purtova, N. 2018. The law of everything Broad concept of personal data and future of EU data protection law. Law, Innovation and Technology, 40-81. (accessed July 6, 2020) [DOI:10.1080/17579961.2018.1452176]
  109. Reini, P. 2019. GDPR implementation Case: Headpower Oy [University of Transport and Communications]. https://www.theseus.fi/bitstream/handle/10024/166514/Reini_k7696_thesis_versio4.1.pdf?sequence=2 (accessed May 19, 2020)
  110. Reini, P. 2019. GDPR implementation Case: Headpower Oy [University of Transport and Communications]. https://www.theseus.fi/bitstream/handle/10024/166514/Reini_k7696_thesis_versio4.1.pdf?sequence=2 (accessed May 19, 2020)
  111. Sabti, S. A., & Y. R. Subbaiah. 2017. Conceptual analysis of sub Delegation: An overview. International Journal of Law, 3 (3): 75-79. www.lawjournals.org
  112. Sabti, S. A., & Y. R. Subbaiah. 2017. Conceptual analysis of sub Delegation: An overview. International Journal of Law, 3 (3): 75-79. www.lawjournals.org
  113. Serzhanova, V. 2012. Personal Data Protection in the European :union: under the Treaty of Lisbon. Poland: University of Rzeszow (Poland).
  114. Serzhanova, V. 2012. Personal Data Protection in the European :union: under the Treaty of Lisbon. Poland: University of Rzeszow (Poland).
  115. Singh, A. 2016. Protecting Personal Data as a Property Right. ILI Law Review, Winter Issue, 123-139.
  116. Singh, A. 2016. Protecting Personal Data as a Property Right. ILI Law Review, Winter Issue, 123-139.
  117. Spindler, G., & P. Schmechel. 2016. Personal Data and Encryption in the European General Data Protection Regulation. Journal of Intellectual Property, Information Technology and Electronic Commerce Law 7: 163-177.
  118. Spindler, G., & P. Schmechel. 2016. Personal Data and Encryption in the European General Data Protection Regulation. Journal of Intellectual Property, Information Technology and Electronic Commerce Law 7: 163-177.
  119. Taylor, M. J. 2006. Data Protection: Too Personal to protect? SCRIPT-Ed, 3 (1): 71-81. [DOI:10.2966/scrip.030106.71]
  120. Taylor, M. J. 2006. Data Protection: Too Personal to protect? SCRIPT-Ed, 3 (1): 71-81. [DOI:10.2966/scrip.030106.71]
  121. University of Oxford. 2018. Data Protection and Research (Issue March, pp. 1-17). https://researchsupport.admin.ox.ac.uk/sites/default/files/researchsupport/documents/media/data_protection_and_researchpdf (accessed Dec. 12, 2019)
  122. University of Oxford. 2018. Data Protection and Research (Issue March, pp. 1-17). https://researchsupport.admin.ox.ac.uk/sites/default/files/researchsupport/documents/media/data_protection_and_researchpdf (accessed Dec. 12, 2019)
  123. Viorescu, R. 2017, 2018. Reform Of Eu Data Protection Rules. In European Journal of Law and Public Administration (pp. 27-39). (accessed Feb. 28, 2019) [DOI:10.18662/eljpa/11]
  124. Viorescu, R. 2017, 2018. Reform Of Eu Data Protection Rules. In European Journal of Law and Public Administration (pp. 27-39). (accessed Feb. 28, 2019) [DOI:10.18662/eljpa/11]
  125. Voigt, P., & A. von dem Bussche. 2017. The EU General Data Protection Regulation (GDPR). Springer International Publishing. [DOI:10.1007/978-3-319-57959-7]
  126. Voigt, P., & A. von dem Bussche. 2017. The EU General Data Protection Regulation (GDPR). Springer International Publishing. [DOI:10.1007/978-3-319-57959-7]