Content deleted Content added
Tag: Reverted |
Rescuing 1 sources and tagging 0 as dead.) #IABot (v2.0.9.5 |
||
| (10 intermediate revisions by 10 users not shown) | |||
Line 1:
{{Short description|EU regulation on
{{Redirect|GDPR|the economics term|Gross domestic product of region}}
{{Use dmy dates|date=October 2020}}
Line 28:
==Contents==
The GDPR 2016 has eleven chapters, concerning general provisions, principles, rights of the data subject, duties of data controllers or processors, transfers of personal data to third countries, supervisory authorities, cooperation among member states, remedies, liability or penalties for breach of rights, provisions related to specific processing situations, and miscellaneous final provisions. Recital 4 proclaims that ‘processing of personal data should be designed to serve mankind’.
===General provisions===
The regulation applies if the data controller (an organisation that collects information about living people, whether they are in the EU or not), or processor (an organisation that processes data on behalf of a data controller like cloud service providers), or the data subject (person) is based in the EU. Under certain circumstances,<ref>'''Article 3(2)''': This Regulation applies to the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union, where the processing activities are related to:
(a) the offering of goods or services, irrespective of whether a payment of the data subject is required, to such data subjects in the Union; or
(b) the monitoring of their behaviour as far as their behaviour takes place within the Union.</ref> the regulation also applies to organisations based outside the EU if they collect or process personal data of individuals located inside the EU. The regulation does not apply to the processing of data by a person for a "purely personal or household activity and thus with no connection to a professional or commercial activity." (Recital 18).
According to the [[European Commission]], "Personal data is information that relates to an identified or identifiable individual. If you cannot directly identify an individual from that information, then you need to consider whether the individual is still identifiable. You should take into account the information you are processing together with all the means reasonably likely to be used by either you or any other person to identify that individual."<ref>{{Cite web|url=https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/key-definitions/what-is-personal-data/|title=What is personal data?|date=January 2021|access-date=22 July 2019|archive-date=24 July 2019|archive-url=https://web.archive.org/web/20190724112940/https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/key-definitions/what-is-personal-data/|url-status=live}}</ref> The precise definitions of terms such as "personal data", "processing", "data subject", "controller", and "processor" are stated in '''Article 4'''.<ref name="32016R0679"/>{{rp|Art. 4}}
Line 54 ⟶ 55:
If informed ''consent''<ref name="32016R0679"/>{{rp|Art. 4(11)}} is used as the lawful basis for processing, consent must have been explicit for data collected and each purpose data is used for.<ref name="32016R0679"/>{{rp|Art. 7}} Consent must be a specific, freely given, plainly worded, and unambiguous affirmation given by the data subject; an online form which has consent options structured as an opt-out selected by default is a violation of the GDPR, as the consent is not unambiguously affirmed by the user. In addition, multiple types of processing may not be "bundled" together into a single affirmation prompt, as this is not specific to each use of data, and the individual permissions are not freely given. (Recital 32).
Data subjects must be allowed to withdraw this consent at any time, and the process of doing so must not be harder than it was to opt in.<ref name="32016R0679"/>{{rp|Art. 7(3)}} A data controller may not refuse service to users who decline consent to processing that is not strictly necessary in order to use the service.<ref name="32016R0679"/>{{rp|Art. 8}} Consent for children, defined in the regulation as being less than 16 years old (although with the option for member states to individually make it as low as 13 years old), must be given by the child's parent or custodian, and verifiable.<ref>{{Cite web|url=https://iapp.org/resources/article/age-of-consent-in-the-gdpr-updated-mapping/|title=Age of consent in the GDPR: updated mapping|website=iapp.org|access-date=26 May 2018|archive-url=https://web.archive.org/web/20180527023437/https://iapp.org/resources/article/age-of-consent-in-the-gdpr-updated-mapping/|archive-date=27 May 2018|url-status=dead}}</ref><ref name="privacy association">[https://www.privacyassociation.org/media/presentations/A12_EU_DP_Regulation_PPT.pdf "How the Proposed EU Data Protection Regulation Is Creating a Ripple Effect Worldwide"] {{Webarchive|url=https://web.archive.org/web/20210217012511/https://iapp.org/media/presentations/A12_EU_DP_Regulation_PPT.pdf |date=17 February 2021 }}. Judy Schmitt, Florian Stahl. 11 October 2012. Retrieved 3 January 2013.</ref>
If consent to processing was already provided under the Data Protection Directive, a data controller does not have to re-obtain consent if the processing is documented and obtained in compliance with the GDPR's requirements (Recital 171).<ref name="guardian-unneeded"/><ref>{{Cite journal|last1=Kamleitner|first1=Bernadette|last2=Mitchell|first2=Vince|date=2019-10-01|title=Your Data Is My Data: A Framework for Addressing Interdependent Privacy Infringements|journal=Journal of Public Policy & Marketing|language=en|volume=38|issue=4|pages=433–450|doi=10.1177/0743915619858924|s2cid=201343307|issn=0743-9156|doi-access=free}}</ref>
Line 167 ⟶ 169:
* International data transfers.
The GDPR certification also contributes to reduce the legal and financial risks of applicants, as well as of data controllers using certified data processing services.<ref>{{Cite web |date=2022-10-17 |title=Europrivacy: the first certification mechanism to ensure compliance with GDPR {{!}} Shaping
The adoption of the European Data Protection Seals is under the responsibility of the [[European Data Protection Board]] (EDPB) and is recognized across all EU and EEA [[Member state of the European Union|Member States]].<ref>{{Cite web |title=EDPB document on the procedure for the approval of certification criteria by the EDPB resulting in a common certification, the European Data Protection Seal {{!}} European Data Protection Board |url=https://www.edpb.europa.eu/our-work-tools/our-documents/procedure/edpb-document-procedure-approval-certification-criteria-edpb_en |access-date=2024-11-03 |website=www.edpb.europa.eu}}</ref>
Line 273 ⟶ 275:
The deluge of GDPR-related notices also inspired [[internet meme|memes]], including those surrounding privacy policy notices being delivered by atypical means (such as a [[Ouija]] board or [[Star Wars opening crawl|''Star Wars'' opening crawl]]), suggesting that [[Santa Claus]]'s "naughty or nice" list was a violation, and a recording of excerpts from the regulation by a former [[BBC Radio 4]] [[Shipping Forecast]] announcer. A blog, ''GDPR Hall of Shame'', was also created to showcase unusual delivery of GDPR notices, and attempts at compliance that contained egregious violations of the regulation's requirements. Its author remarked that the regulation "has a lot of nitty gritty, in-the-weeds details, but not a lot of information about how to comply", but also acknowledged that businesses had two years to comply, making some of its responses unjustified.<ref>{{Cite news|url=https://www.theverge.com/2018/6/3/17413390/gdpr-legislation-asleep-in-seconds-listening-meditation-app-peter-jefferson|title=Fall asleep in seconds by listening to a soothing voice read the EU's new GDPR legislation|work=The Verge|access-date=16 June 2018|archive-url=https://web.archive.org/web/20180617015346/https://www.theverge.com/2018/6/3/17413390/gdpr-legislation-asleep-in-seconds-listening-meditation-app-peter-jefferson|archive-date=17 June 2018|url-status=live}}</ref><ref>{{Cite news|url=https://www.wired.com/story/gdpr-memes/|title=How Europe's GDPR Regulations Became a Meme|magazine=Wired|access-date=17 June 2018|archive-url=https://web.archive.org/web/20180618002541/https://www.wired.com/story/gdpr-memes/|archive-date=18 June 2018|url-status=live}}</ref><ref>{{Cite news|url=https://www.adweek.com/digital/the-internet-created-a-gdpr-inspired-meme-using-privacy-policies/|title=The Internet Created a GDPR-Inspired Meme Using Privacy Policies|work=Adweek|access-date=17 June 2018|archive-url=https://web.archive.org/web/20180617221720/https://www.adweek.com/digital/the-internet-created-a-gdpr-inspired-meme-using-privacy-policies/|archive-date=17 June 2018|url-status=live}}</ref><ref>{{Cite news|url=https://www.wired.co.uk/article/happy-gdpr-day-gdpr-hall-of-shame|title=Help, my lightbulbs are dead! How GDPR became bigger than Beyonce|work=Wired.co.uk|last=Burgess|first=Matt|access-date=17 June 2018|archive-url=https://web.archive.org/web/20180619193137/https://www.wired.co.uk/article/happy-gdpr-day-gdpr-hall-of-shame|archive-date=19 June 2018|url-status=live}}</ref><ref>{{Cite news|url=https://www.vice.com/en/article/gdpr-compliance-companies-different-rules/|title=Here Are Some of the Worst Attempts At Complying with GDPR|date=25 May 2018|work=Motherboard|access-date=17 June 2018|archive-url=https://web.archive.org/web/20180618002725/https://motherboard.vice.com/en_us/article/qvnv9x/gdpr-compliance-companies-different-rules|archive-date=18 June 2018|url-status=live}}</ref>
Research indicates that approximately 25% of software vulnerabilities have GDPR implications.<ref>{{cite web|url=https://www.hackerone.com/sites/default/files/2018-01/GDPR%20Implications-ebook.pdf|title=What Percentage of Your Software Vulnerabilities Have GDPR Implications?|date=16 January 2018|publisher=HackerOne|access-date=6 July 2018|archive-url=https://web.archive.org/web/20180706162027/https://www.hackerone.com/sites/default/files/2018-01/GDPR%20Implications-ebook.pdf|archive-date=6 July 2018|url-status=live}}</ref> Since Article 33 emphasizes breaches, not bugs, security experts advise companies to invest in processes and capabilities to identify vulnerabilities before they can be exploited, including [[Application security#Coordinated vulnerability disclosure|coordinated vulnerability disclosure processes]].<ref>{{cite web|url=https://www.slideshare.net/hacker0x01/everything-you-need-to-know-about-the-data-protection-officer-role|title=The Data Protection Officer (DPO): Everything You Need to Know|date=20 March 2018|publisher=Cranium and HackerOne|access-date=6 July 2018|archive-url=https://web.archive.org/web/20180831165003/https://www.slideshare.net/hacker0x01/everything-you-need-to-know-about-the-data-protection-officer-role|archive-date=31 August 2018|url-status=live}}</ref><ref>{{cite web|url=https://iapp.org/news/a/what-might-bug-bounty-programs-look-like-under-the-gdpr/|title=What might bug bounty programs look like under the GDPR?|date=27 March 2018|publisher=The International Association of Privacy Professionals (IAPP)|access-date=6 July 2018|archive-url=https://web.archive.org/web/20180706165037/https://iapp.org/news/a/what-might-bug-bounty-programs-look-like-under-the-gdpr/|archive-date=6 July 2018|url-status=live}}</ref> An investigation of Android apps' privacy policies, data access capabilities, and data access behaviour has shown that numerous apps display a somewhat privacy-friendlier behaviour since the GDPR was implemented, although they still retain most of their data access privileges in their code.<ref>{{Cite journal|last1=Momen|first1=N.|last2=Hatamian|first2=M.|last3=Fritsch|first3=L.|date=November 2019|title=Did App Privacy Improve After the GDPR?|journal=IEEE Security & Privacy|volume=17|issue=6|pages=10–20|doi=10.1109/MSEC.2019.2938445|s2cid=203699369|issn=1558-4046|url=http://urn.kb.se/resolve?urn=urn:nbn:se:kau:diva-75508}}</ref><ref>{{Citation|last1=Hatamian|first1=Majid|title=A Multilateral Privacy Impact Analysis Method for Android Apps|date=2019|work=Privacy Technologies and Policy|volume=11498|pages=87–106|editor-last=Naldi|editor-first=Maurizio|publisher=Springer International Publishing|doi=10.1007/978-3-030-21752-5_7|isbn=978-3-030-21751-8|last2=Momen|first2=Nurul|last3=Fritsch|first3=Lothar|last4=Rannenberg|first4=Kai|series=Lecture Notes in Computer Science |s2cid=184483219|url=https://zenodo.org/record/3248889|editor2-last=Italiano|editor2-first=Giuseppe F.|editor3-last=Rannenberg|editor3-first=Kai|editor4-last=Medina|editor4-first=Manel|access-date=3 June 2020|archive-date=12 July 2020|archive-url=https://web.archive.org/web/20200712060716/https://zenodo.org/record/3248889|url-status=live}}</ref> An investigation of the [[Norwegian Consumer Council]] into the post-GDPR data subject dashboards on social media platforms (such as [[Google Dashboard|Google dashboard]]) has concluded that large social media firms deploy deceptive tactics in order to discourage their customers from sharpening their privacy settings.<ref>Moen, Gro Mette, Ailo Krogh Ravna, and Finn Myrstad. [https://fil.forbrukerradet.no/wp-content/uploads/2018/06/2018-06-27-deceived-by-design-final.pdf "Deceived by design - How tech companies use dark patterns to discourage us from exercising our rights to privacy"] {{Webarchive|url=https://web.archive.org/web/20191220000426/https://fil.forbrukerradet.no/wp-content/uploads/2018/06/2018-06-27-deceived-by-design-final.pdf |date=20 December 2019 }}. 2018. Report by the Norwegian Consumer Council.</ref>
On the effective date, some websites began to block visitors from EU countries entirely (including [[Instapaper]],<ref>{{Cite news|url=https://www.theverge.com/2018/5/23/17387146/instapaper-gdpr-europe-access-shut-down-privacy-changes|title=Instapaper is temporarily shutting off access for European users due to GDPR|work=The Verge|access-date=24 May 2018|archive-url=https://web.archive.org/web/20180524013709/https://www.theverge.com/2018/5/23/17387146/instapaper-gdpr-europe-access-shut-down-privacy-changes|archive-date=24 May 2018|url-status=live}}</ref> Unroll.me,<ref>{{Cite web|url=https://techcrunch.com/2018/05/05/unroll-me-to-close-to-eu-users-saying-it-cant-comply-with-gdpr/|title=Unroll.me to close to EU users saying it can't comply with GDPR|website=TechCrunch|date=5 May 2018 |access-date=29 May 2018|archive-url=https://web.archive.org/web/20180530035124/https://techcrunch.com/2018/05/05/unroll-me-to-close-to-eu-users-saying-it-cant-comply-with-gdpr/|archive-date=30 May 2018|url-status=live}}</ref> and [[Tribune Publishing]]-owned newspapers, such as the ''[[Chicago Tribune]]'' and the ''[[Los Angeles Times]]'') or redirect them to stripped-down versions of their services (in the case of [[National Public Radio]] and ''[[USA Today]]'') with limited functionality and/or no advertising so that they will not be liable.<ref>{{Cite news|url=https://www.theguardian.com/technology/2018/may/24/sites-block-eu-users-before-gdpr-takes-effect|title=Sites block users, shut down activities and flood inboxes as GDPR rules loom|last1=Hern|first1=Alex|date=24 May 2018|work=The Guardian|access-date=25 May 2018|last2=Waterson|first2=Jim|archive-url=https://web.archive.org/web/20180524222426/https://www.theguardian.com/technology/2018/may/24/sites-block-eu-users-before-gdpr-takes-effect|archive-date=24 May 2018|url-status=live}}</ref><ref>{{Cite news|url=https://www.bloomberg.com/news/articles/2018-05-25/blocking-500-million-users-is-easier-than-complying-with-gdpr|title=Blocking 500 Million Users Is Easier Than Complying With Europe's New Rules|date=25 May 2018|publisher=Bloomberg L.P.|access-date=26 May 2018|archive-url=https://web.archive.org/web/20180525235055/https://www.bloomberg.com/news/articles/2018-05-25/blocking-500-million-users-is-easier-than-complying-with-gdpr|archive-date=25 May 2018|url-status=live}}</ref><ref>{{Cite news|url=https://www.nytimes.com/2018/05/25/business/media/europe-privacy-gdpr-us.html|title=U.S. News Outlets Block European Readers Over New Privacy Rules|date=25 May 2018|work=The New York Times|access-date=26 May 2018|issn=0362-4331|archive-url=https://web.archive.org/web/20180526025851/https://www.nytimes.com/2018/05/25/business/media/europe-privacy-gdpr-us.html|archive-date=26 May 2018|url-status=live}}</ref><ref>{{Cite news|url=http://adage.com/article/digital/eu-citizens-gdpr-day/313655/|title=Look: Here's what EU citizens see now that GDPR has landed|work=Advertising Age|access-date=26 May 2018|archive-url=https://web.archive.org/web/20180525220203/http://adage.com/article/digital/eu-citizens-gdpr-day/313655/|archive-date=25 May 2018|url-status=live}}</ref> Some companies, such as [[Klout]], and several online video games, ceased operations entirely to coincide with its implementation, citing the GDPR as a burden on their continued operations, especially due to the business model of the former.<ref>{{Cite news|url=https://www.wired.com/story/how-a-new-era-of-privacy-took-over-your-email-inbox/|title=Why Your Inbox Is Crammed Full of Privacy Policies|last=Tiku|first=Nitasha|date=24 May 2018|magazine=Wired|access-date=25 May 2018|archive-url=https://web.archive.org/web/20180524214938/https://www.wired.com/story/how-a-new-era-of-privacy-took-over-your-email-inbox/|archive-date=24 May 2018|url-status=live}}</ref><ref>{{Cite news|url=https://www.nytimes.com/2018/05/23/technology/personaltech/what-you-should-look-for-europe-data-law.html|title=Getting a Flood of G.D.P.R.-Related Privacy Policy Updates? Read Them|last=Chen|first=Brian X.|date=23 May 2018|work=The New York Times|access-date=25 May 2018|issn=0362-4331|archive-url=https://web.archive.org/web/20180524194430/https://www.nytimes.com/2018/05/23/technology/personaltech/what-you-should-look-for-europe-data-law.html|archive-date=24 May 2018|url-status=live}}</ref><ref>{{Cite news|url=https://www.bloomberg.com/news/articles/2018-05-25/blocking-500-million-users-is-easier-than-complying-with-gdpr|title=Blocking 500 Million Users Is Easier Than Complying With Europe's New Rules|last=Lanxon|first=Nate|date=25 May 2018|work=Bloomberg|access-date=25 May 2018|archive-url=https://web.archive.org/web/20180525125509/https://www.bloomberg.com/news/articles/2018-05-25/blocking-500-million-users-is-easier-than-complying-with-gdpr|archive-date=25 May 2018|url-status=live}}</ref> The volume of online [[behavioural advertising]] placements in Europe fell 25–40% on 25 May 2018.<ref>{{Cite news|url=https://digiday.com/media/gdpr-mayhem-programmatic-ad-buying-plummets-europe/|title=GDPR mayhem: Programmatic ad buying plummets in Europe|date=25 May 2018|work=[[Digiday]]|access-date=26 May 2018|archive-url=https://web.archive.org/web/20180525213159/https://digiday.com/media/gdpr-mayhem-programmatic-ad-buying-plummets-europe/|archive-date=25 May 2018|url-status=live}}</ref><ref>{{Cite book|last1=Skiera|first1=Bernd|last2= Miller|first2=Klaus Matthias|last3=Jin|first3=Yuxi|last4=Kraft|first4=Lennart|last5=Laub|first5=René|last6=Schmitt|first6=Julia|date=5 July 2022
In 2020, two years after the GDPR began its implementation, the European Commission assessed that users across the EU had increased their knowledge about their rights, stating that "69% of the population above the age of 16 in the EU have heard about the GDPR and 71% of people heard about their national data protection authority."<ref name=":9">{{Cite web|title=Press corner|url=https://ec.europa.eu/commission/presscorner/home/en|access-date=18 September 2020|website=European Commission - European Commission|language=en|archive-date=27 December 2020|archive-url=https://web.archive.org/web/20201227193856/https://ec.europa.eu/commission/presscorner/home/en|url-status=live}}</ref><ref>{{Cite web|date=12 June 2020|title=Your rights matter: Data protection and privacy - Fundamental Rights Survey|url=https://fra.europa.eu/en/publication/2020/fundamental-rights-survey-data-protection|access-date=18 September 2020|website=European Union Agency for Fundamental Rights|language=en|archive-date=25 September 2020|archive-url=https://web.archive.org/web/20200925141211/https://fra.europa.eu/en/publication/2020/fundamental-rights-survey-data-protection|url-status=live}}</ref> The commission also found that privacy has become a competitive quality for companies which consumers are taking into account in their decisionmaking processes.<ref name=":9" />
Line 289 ⟶ 291:
In November 2021, Irish Council for Civil Liberties lodged a formal complaint of the Commission that it is in breach of its obligation under EU Law to carefully monitor how Ireland applies the GDPR.<ref name=":10">{{Cite web |last=Ryan |first=Johnny |date=2023-01-31 |title=Europe-wide overhaul of GDPR monitoring triggered by ICCL |url=https://www.iccl.ie/digital-data/europe-wide-overhaul-of-gdpr-monitoring-triggered-by-iccl/ |access-date=2023-04-08 |website=Irish Council for Civil Liberties |language=en-GB |archive-date=6 April 2023 |archive-url=https://web.archive.org/web/20230406075809/https://www.iccl.ie/digital-data/europe-wide-overhaul-of-gdpr-monitoring-triggered-by-iccl/ |url-status=live }}</ref> Until January 2023, the Commission published a new commitment based on the complaint of ICCL.<ref name=":10" />
While companies are now subject to legal obligations, there are still various inconsistencies in the practical and technical implementation of GDPR.<ref>{{Cite book|last1=Alizadeh|first1=Fatemeh|last2=Jakobi|first2=Timo|last3=Boldt|first3=Jens|last4=Stevens|first4=Gunnar|title=Proceedings of Mensch und Computer 2019 |chapter=GDPR-Reality Check on the Right to Access Data |date=2019|pages=811–814|___location=New York|publisher=ACM Press|doi=10.1145/3340764.3344913|isbn=978-1-4503-7198-8|s2cid=202159324}}</ref> As an example, according to the GDPR's right to access, the companies are obliged to provide data subjects with the data they gather about them. However, in a study on loyalty cards in Germany, companies did not provide the data subjects with the exact information of the purchased articles.<ref name=":7">{{Cite journal|last1=Alizadeh|first1=Fatemeh|last2=Jakobi|first2=Timo|last3=Boden|first3=Alexander|last4=Stevens|first4=Gunnar|last5=Boldt|first5=Jens|date=2020|title=GDPR Reality Check–Claiming and Investigating Personally Identifiable Data from Companies|url=https://eusec20.cs.uchicago.edu/eusec20-Alizadeh.pdf|journal=EuroUSEC|access-date=17 June 2020|archive-date=17 June 2020|archive-url=https://web.archive.org/web/20200617145507/https://eusec20.cs.uchicago.edu/eusec20-Alizadeh.pdf|url-status=live}}</ref> One might argue that such companies do not collect the information of the purchased articles, which does not conform with their business models. Therefore, data subjects tend to see that as a GDPR violation. As a result, studies have suggested for a better control through authorities.<ref>{{Cite journal |
According to the GDPR, end-users' [[consent]] should be valid, freely given, specific, informed and active.<ref name=":8">{{Cite book|last1=Human|first1=Soheil|last2=Cech|first2=Florian|title=Human Centred Intelligent Systems |chapter=A Human-Centric Perspective on Digital Consenting: The Case of GAFAM |date=2021|editor-last=Zimmermann|editor-first=Alfred|editor2-last=Howlett|editor2-first=Robert J.|editor3-last=Jain|editor3-first=Lakhmi C.|series=Smart Innovation, Systems and Technologies|volume=189|language=en|___location=Singapore|publisher=Springer|pages=139–159|doi=10.1007/978-981-15-5784-2_12|isbn=978-981-15-5784-2|s2cid=214699040|chapter-url=https://epub.wu.ac.at/7523/1/HCIS2020_A%20Human-centric%20Perspective%20on%20Digital%20Consenting_The%20Case%20of%20GAFAM_Soheil%20Human_Florian%20Cech.pdf|access-date=23 August 2020|archive-date=14 April 2021|archive-url=https://web.archive.org/web/20210414233129/https://epub.wu.ac.at/7523/1/HCIS2020_A%20Human-centric%20Perspective%20on%20Digital%20Consenting_The%20Case%20of%20GAFAM_Soheil%20Human_Florian%20Cech.pdf|url-status=live}}</ref> However, the lack of enforceability regarding obtaining lawful consents has been a challenge. As an example, a 2020 study, showed that the [[Big Tech]], i.e. [[Google]], [[Amazon (company)|Amazon]], [[Facebook]], [[Apple Inc.|Apple]], and [[Microsoft]] (GAFAM), use [[dark pattern]]s in their consent obtaining mechanisms, which raises doubts regarding the lawfulness of the acquired consent.<ref name=":8" />
Line 312 ⟶ 314:
Switzerland will also adopt a new data protection law that largely follows EU's GDPR.<ref>{{Cite web |last=Portal |first=S. M. E. |title=New Federal Act on Data Protection (nFADP) |url=https://www.kmu.admin.ch/kmu/en/home/fakten-und-trends/digitalisierung/datenschutz/neues-datenschutzgesetz-revdsg.html |access-date=2023-03-25 |website=www.kmu.admin.ch |language=en |archive-date=25 March 2023 |archive-url=https://web.archive.org/web/20230325204902/https://www.kmu.admin.ch/kmu/en/home/fakten-und-trends/digitalisierung/datenschutz/neues-datenschutzgesetz-revdsg.html |url-status=live }}</ref>
With the addition of overseas regions of the European Union joining non-governmental organsational (NGO) bodies in the Caribbean region such as the [[Organisation of Eastern Caribbean States]], the GDPR rules have become necessary to consider in the lack of any current legislation found in the region concerning privacy rights and maintaining compliance of the laws of those outer regions.<ref>{{cite web |author=Staff writer |author-link1= |date=23 January 2020 |___location= |title=The European Union (EU) General Data Protection Regulation (GDPR) in the Caribbean Context |script-title= |title-link= |url=https://www.carib-export.com/news/the-european-union-eu-general-data-protection-regulation-gdpr-in-the-caribbean-context/ |url-access= |trans-title= |format= |department= |website=www.carib-export.com |script-website= |trans-website= |type=Press Release |language= |edition= |agency=Carib-Export |arxiv= |asin= |asin-tld= |bibcode= |bibcode-access= |biorxiv= |citeseerx= |doi= |doi-access
The [[CLOUD Act]], enacted in 2018, is seen by the [[European Data Protection Supervisor]] (EDPS) as a law in possible conflict with the GDPR.<ref>{{cite web |author=European Data Protection Supervisor |date=10 July 2019 |title=EDPB-EDPS Joint Response on the US Cloud Act |url=https://edps.europa.eu/sites/edp/files/publication/19-07-10_edpb_edps_cloudact_annex_en.pdf}}</ref><ref name=":02">{{cite web |last=Christakis |first=Theodore |date=October 17, 2019 |title=21 Thoughts and Questions about the UK-US CLOUD Act Agreement: (and an Explanation of How it Works – with Charts) |url=https://europeanlawblog.eu/2019/10/17/21-thoughts-and-questions-about-the-uk-us-cloud-act-agreement-and-an-explanation-of-how-it-works-with-charts/ |accessdate=July 20, 2020 |work=blog |archive-date=21 July 2020 |archive-url=https://web.archive.org/web/20200721122020/https://europeanlawblog.eu/2019/10/17/21-thoughts-and-questions-about-the-uk-us-cloud-act-agreement-and-an-explanation-of-how-it-works-with-charts/ |url-status=dead }}</ref><ref>{{Cite web |last=Whitworth |first=Martin |date=2018 |title=Don't Get Spooked by the CLOUD Act |url=https://d1.awsstatic.com/whitepapers/compliance/IDC_Cloud_Act_Analysis.pdf |publisher=International Data Corporation}}</ref>
=== Website views and revenue ===
Line 353 ⟶ 357:
* [[European Health Data Space]]
* [[Privacy and Electronic Communications Directive 2002]] (ePrivacy Directive, ePD)
* [[Transparency and targeting of political advertising]]
Related concepts:
* [[Budapest Convention on Cybercrime]]
| |||