Keresés
Keresési eredmények
-
A jogszerű adatkezelés a GDPR rendelet után
Megtekintések száma:478Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), became effective on 25 May 2018. With the regulatory form the legislator raised the regulation of the right to the protection of personal data within the European Union to a higher level. The legislative act has a fundamental impact on the legal systems of the member states showing various differences from each other. Further, it can be stated as a general experience that the right to the protection of personal data and the nature of such right are less known either to those affected or to the data controllers. The new legislative act and the penalties with increased amounts [Article 84 of the GDPR] demand the elaboration of a study understandable for laics, too. Finally, as a result of the General Data Protection Regulation, the institution system ensuring the protection of personal data has fundamentally changed, so, therefore, it is also necessary to examine the authorities of the member states and the Union, as well.
The study primarily approaches the occurring problems from the practice side. Accordingly, the examination conducted by the Commission nationale de l’informatique et des libertés (CNIL) against Google is described, as the first significant penalty imposed based on the General Data Protection Regulation.
The first part of the study is intended to present the right to the general protection of personal data. The historical part addresses in details the major elements of the historical development of data protection and the development of its contents, with particular regard to the appearance of the right to information self-determination based on the so-called “census-judgement” of 1983 of the BVerfG (Federal Constitutional Court of Germany). Finally, this part touches upon the theories defined in connection with the historical generations of the right to the protection of personal data. After the historical part the study addresses the peculiarities of the right to the protection of personal data, paying particular attention to separation from the neighbouring legal areas.
The second part is intended to present the prevalence of the right to information self-determination according to the GDPR. It is the institution system protecting personal data that has undergone the most significant change. The Work Group under Article 29 has been replaced by the Data Protection Agency set up based on the GDPR. Setting up the Agency, enlarging its scope of authority and its stronger independence from the executive powers of the Union can, by all means, be evaluated positively. As regards the security of personal data, the practice, major directives and opinions of the Work Group under Article 29 have been examined. It is a significant step forward that the GDPR has made the sphere of special personal data more specific, promoting by this the increase of the extent of protection. It is important that, as a general rule, the Regulation forbids controlling special personal data. The definition of the concept of personal data is an essential condition for understanding the regulation. In addition to the principles of controlling personal data, the legal fundaments of data control have particular significance, with special regard to the consent and the data control necessary for performing the contract. In my view, the consent is a legal fundament of auxiliary nature for data control, which is also supported by the opinions of the Work Group, too. Granting the consent and the individual excluding circumstances occurring in connection with this, were examined on a case-by-case basis. In my opinion, the automated decision making process and the regulation of profile creation are one of the most cardinal issues of the GDPR. The way in which profiles are created, their use and the permissibility of such use are discussed in details. In my view, the regulation of the GDPR is deficient as regards the automated decision making process and the profile creation. The decision making necessary for performing the contract is not separated sharply enough, and it is not necessary for this. In my opinion, in respect of this latter sphere of cases the GDPR is not strict enough and may easily serve as a basis for misuse on the part of data controllers. In my view, granting the consent should be made stricter in respect of creating profiles and the introduction of the (contradictable) legal presumption of refusal would also be desirous.
-
Az üzemi tanács mint önálló adatkezelő
Megtekintések száma:416n most cases, the employer is the only one identified as a data controller in connection with employment relationships, even though other actors of employment such as the trade unions and the works councils also process data in relation to their activities carried out based on and in compliance with the Labour Code. Even so, while the data processing of the trade union does not raise any particular questions compared to other data controllers, issues do arise in connection with the works council. Works councils undeniably process the employees’ personal data in order to carry out their activities and fulfil their tasks, though without own assets and organisation separate from the employer’s, data processing of the works council could be attributed to the employer and considered as if it was the employer’s data processing, which would settle most of the possibly arising questions such as liability for infringing data protection rules. However, after the General Data Protection Regulation (GDPR) of the EU came into force in 2018, the definition of the data controller changed and includes now so-called “other bodies” as well, even if these bodies lack legal personality. Thus, the works council itself shall be considered as data controller which means that it must execute the obligations set in data protection rules. Despite the fact that based on the GDPR rules the works council shall be considered as data controller independent from other data controllers including the employer, this fact seems to be unknown for all relevant bodies, even for the data protection authority. Possibly because the works council is still thought to be a part of the employer’s organization and thus it is not obvious that the transfer of data between the employer and the works council is limited and conditional as they are two independent data controller, obliged to guard the employee’s relevant data even from one another. Hence, it is important to emphasize that the works council itself is an independent data controller in order to ensure a high level of protection for the employees. The aim of this paper therefore is to prove that the works council is clearly an independent data controller by analysing the relevant Hungarian and EU rules
-
A GDPR-ról – különös tekintettel a könyvtárakra és levéltárakra
63-75Megtekintések száma:185Nowadays data has become one of the most important value which raises the question of protecting personal data. The European Union responds to the challenge by legal instruments: since 25 May 2018 it has been obligatory for the member states to apply GDPR. In the article, first I study the novelties of GDPR. Then I examine to what extent the provisions apply to libraries and archives.
The novelties can be divided into several larger groups. Some of them belong to the data subjects (data portability, right to be forgotten, pseudonymisation), the other parts are principles like data protection by design and by default or the closely related accountability principle. The Regulation also introduces a new legal institution, the data-protection impact assessment and requires the notification of personal data breach. Concerning the expected impacts, it is clear that the Regulation strengthens the rights of the data subjects but imposes new obligations on data controllers and strengthens the role of control. GDPR is a determinative law for the undertakings and business life, and it must also be applied by libraries and archives. For archiving purposes in the public interest, however, the Regulation allows for exemptions concerning libraries and archives. The provisions require libraries and archives to identify the risks that may occur while processing personal data as well as to examine their regulations.
-
A személyes adatok és az adatvédelem szerepe a piaci versenyt érintő európai uniós platformjogszabályokban
205-227Megtekintések száma:84Az online platformok hatalmát a személyes adatok alapozták meg, amit először az általános adatvédelmi rendelet (GDPR) rendelkezéseivel, a természetes személyek védelme szempontjából igyekezett az Európai Unió fékezni, de úgy, hogy egyúttal ezen adatok szabad áramlását is céljai közé emelte. A platformok – kihasználva a GDPR alkalmazásával kapcsolatos bizonytalanságokat, a nem mindig hatékony betartatását – a big data kezelésével és a tisztességtelen piaci magatartással olyan erőfölényhez jutottak, amellyel képesek visszaélni, ezért a hagyományos versenyjogi vizsgálatok és az összefonódás-ellenőrzési vizsgálatok tapasztalatai arra késztették az Európai Uniót, hogy célzott rendeletekkel ex ante szabályozza ezeket. Valójában a személyes (és nem személyes) adatok kezelésének platformokra vonatkozó, piaci versenyt érintő szabályozási igénye hívta életre a platformjogszabályokat, amelyeknek számos rendelkezése a GDPR-ból nőtt ki. Jelen tanulmány a személyes adatok és az adatvédelem szerepét vizsgálja a platformjogszabályokban.
-
A személyiségi jogok védelme a reklámtörvény tükrében
Megtekintések száma:431There is a significant inconsistency within the domain of enforcement of inherent rights in the Hungarian regulation. The protection of the inherent rights is based on the section 75 of Act IV of 1959 (hereinafter: „Civil Code”), which provides that inherent rights shall be observed by everyone and inherent rights are protected by law.
The lack of consistency can be led back to the difference between the provisions of the Civil Code and Act LVIII of 1997 on Business Advertising Activity. Under Section 85 of the Civil Code inherent rights may only be enforced in person.
There are two exceptions to the above rule laid down in the Civil Code:
- The legal representative of an incompetent person, or the relative or conservator of a missing person whose whereabouts are unknown shall be entitled to proceed in the protection of that person's inherent rights.
- In the case of impairment to the memory of a deceased person, the relative and/or the person having been named as the heir apparent in the will of the deceased shall be entitled to file a court action. If conduct causing defamation to a deceased person (former legal person) infringes upon the public interest, the public prosecutor shall also be entitled to enforce this inherent right.
The Act on Business Advertising Activity provides for several general advertising prohibitions and restrictions. Under Section 4 of this act advertising may not be published if it infringes personal rights, respect for the deceased or rights related to the protection of personal data. Under Section 16 of this act advertising control proceedings may be initiated upon request or ex officio. Based on the regulation of the Act on Business Advertising Activity advertising control proceedings may be requested by any person whose rights or rightful interests, or legal status is injured by violation of any provisions relating to commercial advertising activity. If the aggrieved consumer cannot be identified, or if enforcement of the claims is inappropriate considering the number of consumers injured, administrative agencies or non-governmental organizations providing for consumer interests shall also be entitled to initiate proceedings.
When the regulations of the Civil Code on enforcement of inherent rights are compared with that of the Act on Business Advertising Activity, it can be established that provisions of the latter act are not in compliance with the provisions of the Civil Code. On the basis of the decision No. 1270/B/1997 of the Hungarian Constitutional Court, the inconsistency is not significant, the different regulatory of the mentioned acts is not unconstitutional. I take the view that in order to achieve consistent regulation the Act on Business Advertising Activity should be modified by prohibiting the advertising control proceedings initiated ex officio in relation to the advertisings which infringe personal rights.
-
Zárt ajtókról nyíltan Avagy vannak-e persona non grata-k a büntetőeljárás keretei között végzett igazságügyi pszichológiai szakértői vizsgálatokon?
73-78Megtekintések száma:230Authorities and courts are supported by various experts from a long time in the process ofdomestic criminal procedures, howeverlegalpsychologyis a pretty young profession in this field. Despite of its brief history it has achieved stability in the system of criminal sciences and has an outstanding role in influencingjudgementon cases. What happens when this specialty itself becomes the subject of an expert procedure? My article willtryto answer this question. I examine the mechanisms of hungarianlegal psychological expertingthrough personal features of the experting-examination within thecriminal legal procedures of law. At the same time I verify thepresumption that thesecomponents work unrealistically and dissimilarly to the actual practice due to thenatureof current legislations. My hypothesis is supported by four interviews with legalpsychological experts and relevant statistical data brought from the analysis of thirty-one cases from TheCourt of Law of Debrecen, between 1st Jan 2000 and 15th Jul 2016. In the last section of my work I propose individual recommendations and guides for the legislator in relation to the earlier highlighted defects.