Data Privacy and GDPR Handbook
1st Edition
Published on 26. November 2019
496 pages
978-1-119-59425-3 (ISBN)
Description
The definitive guide for ensuring data privacy and GDPR compliance
Privacy regulation is increasingly rigorous around the world and has become a serious concern for senior management of companies regardless of industry, size, scope, and geographic area. The Global Data Protection Regulation (GDPR) imposes complex, elaborate, and stringent requirements for any organization or individuals conducting business in the European Union (EU) and the European Economic Area (EEA)--while also addressing the export of personal data outside of the EU and EEA. This recently-enacted law allows the imposition of fines of up to 5% of global revenue for privacy and data protection violations. Despite the massive potential for steep fines and regulatory penalties, there is a distressing lack of awareness of the GDPR within the business community. A recent survey conducted in the UK suggests that only 40% of firms are even aware of the new law and their responsibilities to maintain compliance.
The Data Privacy and GDPR Handbook helps organizations strictly adhere to data privacy laws in the EU, the USA, and governments around the world. This authoritative and comprehensive guide includes the history and foundation of data privacy, the framework for ensuring data privacy across major global jurisdictions, a detailed framework for complying with the GDPR, and perspectives on the future of data collection and privacy practices.
* Comply with the latest data privacy regulations in the EU, EEA, US, and others
* Avoid hefty fines, damage to your reputation, and losing your customers
* Keep pace with the latest privacy policies, guidelines, and legislation
* Understand the framework necessary to ensure data privacy today and gain insights on future privacy practices
The Data Privacy and GDPR Handbook is an indispensable resource for Chief Data Officers, Chief Technology Officers, legal counsel, C-Level Executives, regulators and legislators, data privacy consultants, compliance officers, and audit managers.
Privacy regulation is increasingly rigorous around the world and has become a serious concern for senior management of companies regardless of industry, size, scope, and geographic area. The Global Data Protection Regulation (GDPR) imposes complex, elaborate, and stringent requirements for any organization or individuals conducting business in the European Union (EU) and the European Economic Area (EEA)--while also addressing the export of personal data outside of the EU and EEA. This recently-enacted law allows the imposition of fines of up to 5% of global revenue for privacy and data protection violations. Despite the massive potential for steep fines and regulatory penalties, there is a distressing lack of awareness of the GDPR within the business community. A recent survey conducted in the UK suggests that only 40% of firms are even aware of the new law and their responsibilities to maintain compliance.
The Data Privacy and GDPR Handbook helps organizations strictly adhere to data privacy laws in the EU, the USA, and governments around the world. This authoritative and comprehensive guide includes the history and foundation of data privacy, the framework for ensuring data privacy across major global jurisdictions, a detailed framework for complying with the GDPR, and perspectives on the future of data collection and privacy practices.
* Comply with the latest data privacy regulations in the EU, EEA, US, and others
* Avoid hefty fines, damage to your reputation, and losing your customers
* Keep pace with the latest privacy policies, guidelines, and legislation
* Understand the framework necessary to ensure data privacy today and gain insights on future privacy practices
The Data Privacy and GDPR Handbook is an indispensable resource for Chief Data Officers, Chief Technology Officers, legal counsel, C-Level Executives, regulators and legislators, data privacy consultants, compliance officers, and audit managers.
More details
Other editions
Additional editions
Sanjay Sharma
Data Privacy and Gdpr Handbook
Book
11/2019
1st Edition
Wiley
€74.50
Article not available at the moment
Person
SANJAY SHARMA, PHD, is the founder and chairman of GreenPoint Global - a data privacy, risk advisory, education, and technology services firm headquartered in New York with over 350 employees and a global footprint.
Sanjay is a 30-year veteran of the financial services industry and has held C-level positions in banking, technology, and risk management at firms including Royal Bank of Canada, Goldman Sachs, Merrill Lynch, Citigroup, Moody's, and Natixis. He teaches graduate courses at four universities in New York City, London, and Nice, France. He has extensive experience in data privacy and management of risk associated with large data frameworks.
He holds a PHD in finance and international business from New York University and an MBA from the Wharton School of Business, and has undergraduate degrees in physics and marine engineering. He lives with his family in Rye, New York.
Sanjay is a 30-year veteran of the financial services industry and has held C-level positions in banking, technology, and risk management at firms including Royal Bank of Canada, Goldman Sachs, Merrill Lynch, Citigroup, Moody's, and Natixis. He teaches graduate courses at four universities in New York City, London, and Nice, France. He has extensive experience in data privacy and management of risk associated with large data frameworks.
He holds a PHD in finance and international business from New York University and an MBA from the Wharton School of Business, and has undergraduate degrees in physics and marine engineering. He lives with his family in Rye, New York.
Content
- Intro
- Data Privacy and GDPR Handbook
- Contents
- 1 Origins and Concepts of Data Privacy
- 1.1 Questions and Challenges of Data Privacy
- 1.1.1 But Cupid Turned Out to Be Not OK
- 1.2 The Conundrum of Voluntary Information
- 1.3 What Is Data Privacy?
- 1.3.1 Physical Privacy
- 1.3.2 Social Privacy Norms
- 1.3.3 Privacy in a Technology-Driven Society
- 1.4 Doctrine of Information Privacy
- 1.4.1 Information Sharing Empowers the Recipient
- 1.4.2 Monetary Value of Individual Privacy
- 1.4.3 "Digital Public Spaces"
- 1.4.4 A Model Data Economy
- 1.5 Notice-and-Choice versus Privacy-as-Trust
- 1.6 Notice-and-Choice in the US
- 1.7 Enforcement of Notice-and-Choice Privacy Laws
- 1.7.1 Broken Trust and FTC Enforcement
- 1.7.2 The Notice-and-Choice Model Falls Short
- 1.8 Privacy-as-Trust: An Alternative Model
- 1.9 Applying Privacy-as-Trust in Practice: The US Federal Trade Commission
- 1.9.1 Facebook as an Example
- 1.10 Additional Challenges in the Era of Big Data and Social Robots
- 1.10.1 What Is a Social Robot?
- 1.10.2 Trust and Privacy
- 1.10.3 Legal Framework for Governing Social Robots
- 1.11 The General Data Protection Regulation (GDPR)
- 1.12 Chapter Overview
- Notes
- 2 A Brief History of Data Privacy
- 2.1 Privacy as One's Castle
- 2.1.1 Individuals' "Castles" Were Not Enough
- 2.2 Extending Beyond the "Castle"
- 2.3 Formation of Privacy Tort Laws
- 2.3.1 A Privacy Tort Framework
- 2.4 The Roots of Privacy in Europe and the Commonwealth
- 2.5 Privacy Encroachment in the Digital Age
- 2.5.1 Early Digital Privacy Laws Were Organic
- 2.5.2 Growth in Commercial Value of Individual Data
- 2.6 The Gramm-Leach-Bliley Act Tilted the Dynamic against Privacy
- 2.7 Emergence of Economic Value of Individual Data for Digital Businesses
- 2.7.1 The Shock of the 9/11 Attacks Affected Privacy Protection Initiatives
- 2.7.2 Surveillance and Data Collection Was Rapidly Commercialized
- 2.7.3 Easing of Privacy Standards by the NSA Set the Tone at the Top
- 2.8 Legislative Initiatives to Protect Individuals' Data Privacy
- 2.9 The EU Path
- 2.9.1 The Internet Rights Revolution
- 2.9.2 Social Revolutions
- 2.10 End of the Wild West?
- 2.11 Data as an Extension of Personal Privacy
- 2.12 Cambridge Analytica: A Step Too Far
- 2.13 The Context of Privacy in Law Enforcement
- Summary
- Notes
- 3 GDPR's Scope of Application
- 3.1 When Does GDPR Apply?
- 3.1.1 "Processing" of Data
- 3.1.1.1 Manual Processing
- 3.1.2 "Personal Data"
- 3.1.2.1 Relative Criteria for Identifiability
- 3.1.2.2 Individual Circumstances
- 3.1.2.3 Special Cases
- 3.1.2.4 Anonymization
- 3.1.2.5 Pseudonymization
- 3.1.3 Exempted Activities under GDPR
- 3.2 The Key Players under GDPR
- 3.3 Territorial Scope of GDPR
- 3.3.1 Physical Presence in the EU
- 3.3.2 Processing Done in the Context of the Activities
- 3.3.3 Users Based in the EU
- 3.3.4 "Time of Stay" Standard
- 3.4 Operation of Public International Law
- Notes
- 4 Technical and Organizational Requirements under GDPR
- 4.1 Accountability
- 4.2 The Data Controller
- 4.2.1 Responsibilities of the Controller
- 4.2.1.1 Demonstration
- 4.2.1.2 Data Protection Policies
- 4.2.1.3 Adherence
- 4.2.2 Joint Controllers and Allocating Liability
- 4.2.2.1 Additional Obligations Placed on Joint Controllers
- 4.2.2.2 Joint and Several Liabilities
- 4.2.2.3 Controllers Outside of the EU
- 4.2.3 The Duty to Cooperate with the SA
- 4.3 Technical and Organizational Measures
- 4.3.1 Maintain a Data-Protection Level
- 4.3.2 Minimum Requirements for Holding a Data Protection Level
- 4.3.3 Weighing the Risks
- 4.3.3.1 Risk to the Business
- 4.3.3.2 Risk to Consumers
- 4.3.3.3 Risks Caused by Third Parties
- 4.3.4 The Network and Information Systems Directive
- 4.4 Duty to Maintain Records of Processing Activities
- 4.4.1 Content of Controller's Records
- 4.4.2 Content of Processor's Records
- 4.4.3 Exceptions to the Duty
- 4.5 Data Protection Impact Assessments
- 4.5.1 Types of Processing That Require DPIA
- 4.5.2 Scope of Assessment
- 4.5.2.1 Determining the Risk
- 4.5.2.2 Contents of the DPIA
- 4.5.2.3 Involvement of the DPO
- 4.5.2.4 Prior Consultation
- 4.5.3 Business Plan Oversight
- 4.6 The Data Protection Officer
- 4.6.1 Designation of DPO
- 4.6.2 Qualifications and Hiring a DPO
- 4.6.3 Position of the DPO
- 4.6.4 Tasks of the DPO
- 4.6.5 An Inherent Conflict of Interest?
- 4.6.6 DPO Liability
- 4.7 Data Protection by Design and Default
- 4.7.1 Data Protection at the Outset
- 4.7.2 Balancing the Amount of Protection
- 4.7.3 Applying Data Protection by Design
- 4.7.4 Special Case: Blockchain Technology and GDPR
- 4.8 Data Security during Processing
- 4.8.1 Data Security Measures
- 4.8.2 Determining the Risk Posed
- 4.8.3 Data Protection Management Systems: A "Technical and Organizational Measure"
- 4.9 Personal Data Breaches
- 4.9.1 Overview of Data Breaches
- 4.9.1.1 Types of Data Breaches
- 4.9.1.2 Damage Caused by Data Breaches
- 4.9.1.3 Degrees of Data Breaches
- 4.9.1.4 Types of Cyber-Threats
- 4.9.1.5 Practically Implementing Cyber-Security
- 4.9.1.6 Combating Cyber-Security Threats
- 4.9.1.7 Breach Response Plan
- 4.9.1.8 Manual versus Automated Cyber-Security
- 4.9.1.9 Cyber-Security Insurance
- 4.9.2 The Controller's Duty to Notify
- 4.9.2.1 Excusable Delays
- 4.9.2.2 Contents of Notification
- 4.9.2.3 Exception
- 4.9.3 Controller's Duty to Communicate the Breach to Data Subjects
- 4.9.3.1 A Timely Communication
- 4.9.3.2 Contents of the Communication
- 4.9.3.3 Exceptions
- 4.10 Codes of Conduct and Certifications
- 4.10.1 Purpose and Relationship under GDPR
- 4.10.2 Codes of Conduct
- 4.10.2.1 Codes of Conduct by Associations
- 4.10.2.2 Monitoring Approved Codes of Conduct
- 4.10.3 Certification
- 4.10.3.1 Certification Bodies
- 4.10.3.2 Factors for Granting Accreditation to Certification Bodies
- 4.10.3.3 Responsibilities of Certification Bodies
- 4.10.3.4 The Certification Mechanisms
- 4.11 The Data Processor
- 4.11.1 Relationship between Processor and Controller
- 4.11.2 Responsibilities of Controller in Selecting a Processor
- 4.11.2.1 Sufficient Guarantees
- 4.11.2.2 Maintaining Processing Contracts
- 4.11.2.3 Standard Contractual Clauses
- 4.11.3 Duties of the Processor
- 4.11.4 Subprocessors
- Notes
- 5 Material Requisites for Processing under GDPR
- 5.1 The Central Principles of Processing
- 5.1.1 Lawful, Fair, and Transparent Processing of Data
- 5.1.2 Processing Limited to a "Purpose"
- 5.1.2.1 Restriction on Processing and Exceeding the Purpose
- 5.1.2.2 The "Compatibility" Test
- 5.1.2.3 Processing That Does Not Require Identification
- 5.1.3 Data Minimization and Accuracy
- 5.1.4 Storage of Data
- 5.1.5 Integrity and Confidentiality of the Operation
- 5.2 Legal Grounds for Data Processing
- 5.2.1 Processing Based on Consent
- 5.2.1.1 What Constitutes Consent?
- 5.2.1.2 Consent of a Child
- 5.2.1.3 NYOB.eu versus Google, Facebook, Whatsapp, and Instagram: A Case Study on Consent
- 5.2.2 Processing Based on Legal Sanction
- 5.2.2.1 Formation or Performance of a Contract
- 5.2.2.2 Compliance with a Legal Obligation
- 5.2.2.3 Protection of Vital Interests
- 5.2.2.4 Public Interest and Exercise of Official Authority
- 5.2.2.5 Exercising Legitimate Interests
- 5.2.3 Changing the Processing "Purpose"
- 5.2.4 Special Categories of Data
- 5.2.4.1 What Is "Special" Data?
- 5.2.4.2 Location and Behavioral Data
- 5.2.4.3 Processing Data Relating to Criminal Convictions
- 5.2.4.4 The Exceptions to the Rule
- 5.2.4.5 New Technologies Involving Special Data
- 5.2.4.6 Developing the Law Further
- 5.3 International Data Transfers
- 5.3.1 Adequacy Decisions and "Safe" Countries
- 5.3.1.1 Determining Adequacy
- 5.3.1.2 Application of the Factors
- 5.3.1.3 Revocation of the Adequacy Decision
- 5.3.2 Explicit Consent
- 5.3.3 Standard Contractual Clauses
- 5.3.3.1 Overview of Commission Decisions
- 5.3.3.2 Content of SCCs
- 5.3.3.3 Consequences of Breaching the Conditions of SCCs
- 5.3.4 The EU-US Privacy Shield
- 5.3.5 Binding Corporate Rules
- 5.3.5.1 Legally Mandated Clauses
- 5.3.5.2 Conditions for Approval
- 5.3.6 Transfers Made with or without Authorization
- 5.3.6.1 International Data Transfers without the SA's Authorization
- 5.3.6.2 International Data Transfers with SA's Authorization
- 5.3.6.3 Implementing Appropriate Safeguards
- 5.3.7 Derogations
- 5.3.7.1 Permitted Derogations
- 5.3.7.2 Unauthorized Derogations
- 5.3.7.3 Transfers Not Authorized by EU
- 5.3.8 Controllers Outside of the EU
- 5.4 Intragroup Processing Privileges
- 5.5 Cooperation Obligation on EU Bodies
- 5.6 Foreign Law in Conflict with GDPR
- Notes
- 6 Data Subjects' Rights
- 6.1 The Controller's Duty of Transparency
- 6.1.1 Creating the Modalities
- 6.1.2 Facilitating Information Requests
- 6.1.3 Providing Information to Data Subjects
- 6.1.4 The Notification Obligation
- 6.2 The Digital Miranda Rights
- 6.2.1 Accountability Information
- 6.2.2 Transparency Information
- 6.2.3 Timing
- 6.2.4 Defenses for Not Providing Information
- 6.3 The Right of Access
- 6.3.1 Accessing Personal Data
- 6.3.2 Charging a "Reasonable Fee"
- 6.4 Right of Rectification
- 6.4.1 Inaccurate Personal Data
- 6.4.2 Incomplete Personal Data
- 6.4.3 Handling Requests
- 6.5 Right of Erasure
- 6.5.1 Development of the Right
- 6.5.2 The Philosophical Debate
- 6.5.3 Circumstances for Erasure under GDPR
- 6.5.4 Erasure of Personal Data Which Has Been Made Public
- 6.5.5 What Is "Erasure" of Personal Data?
- 6.5.6 Exceptions to Erasure
- 6.6 Right to Restriction
- 6.6.1 Granting Restriction
- 6.6.2 Exceptions to Restriction
- 6.7 Right to Data Portability
- 6.7.1 The Format of Data and Requirements for Portability
- 6.7.2 Business Competition Issues
- 6.7.3 Intellectual Property Issues
- 6.7.4 Restrictions on Data Portability
- 6.8 Rights Relating to Automated Decision Making
- 6.8.1 The Right to Object
- 6.8.2 Right to Explanation
- 6.8.3 Profiling
- 6.8.4 Exceptions
- 6.8.5 Special Categories of Data
- 6.9 Restrictions on Data Subject Rights
- 6.9.1 Nature of Restrictions Placed
- 6.9.2 The Basis of Restrictions
- Notes
- 7 GDPR Enforcement
- 7.1 In-House Mechanisms
- 7.1.1 A Quick Review
- 7.1.2 Implementing an Internal Rights Enforcement Mechanism
- 7.1.2.1 Step 1: Getting the Information Across
- 7.1.2.2 Step 2: The Privacy Policy
- 7.1.2.3 Step 3: Create the "Technical" Measures
- 7.1.2.4 Step 4: Implement the "Organizational" Measures 2
- 7.1.2.5 Step 5: Create a Dispute Resolution Policy
- 7.2 Data Subject Representation
- 7.2.1 Standing of NPOs to Represent Data Subjects
- 7.2.2 Digital Rights Activism
- 7.3 The Supervisory Authorities
- 7.3.1 Role of Supervisory Authority
- 7.3.2 The Members of the Supervisory Authority
- 7.3.3 An Independent Body
- 7.3.4 Professional Secrecy
- 7.3.5 Competence of the Supervisory Authority
- 7.3.5.1 The Lead Supervisory Authority
- 7.3.5.2 Local Competence
- 7.3.6 Tasks of the Supervisory Authority
- 7.3.6.1 Advisory Duties
- 7.3.6.2 Promoting Knowledge and Compliance
- 7.3.6.3 Investigative Duties
- 7.3.6.4 Cooperation
- 7.3.6.5 Regulating Compliance
- 7.3.6.6 Internal Responsibilities
- 7.3.7 Powers of the SA
- 7.3.7.1 Investigative Powers
- 7.3.7.2 Corrective Powers
- 7.3.7.3 Authorization and Advisory Powers
- 7.3.7.4 Appropriate Safeguards
- 7.3.8 Cooperation and Consistency Mechanism
- 7.3.8.1 EU Data Protection Board
- 7.3.8.2 The Cooperation Mechanism
- 7.3.8.3 The Consistency Mechanism
- 7.3.9 GDPR Enforcement by Supervisory Authorities
- 7.4 Judicial Remedies
- 7.4.1 Judicial Action against the Controller or Processor
- 7.4.2 Courts versus SA
- Which Is Better for GDPR Enforcement?
- 7.4.3 Judicial Action against the Supervisory Authority
- 7.4.4 Controller Suing the Data Subject?
- 7.4.5 Suspending the Proceedings
- 7.5 Alternate Dispute Resolution
- 7.5.1 Is an ADR Arrangement Allowed under GDPR?
- 7.5.2 ADR Arrangements
- 7.5.3 Key Hurdles of Applying ADR to GDPR
- 7.5.4 Suggestions for Implementing ADR Mechanisms
- 7.6 Forum Selection Clauses
- 7.7 Challenging the Existing Law
- Notes
- 8 Remedies
- 8.1 Allocating Liability
- 8.1.1 Controller Alone Liable
- 8.1.2 Processor Alone Liable
- 8.1.3 Joint and Several Liabilities
- 8.2 Compensation
- 8.2.1 Quantifying "Full Compensation"
- 8.2.2 Conflict in the Scope of "Standing" in Court
- 8.3 Administrative Fines
- 8.3.1 Fines for Regulatory Infringements
- 8.3.2 Fines for Grave Infringements
- 8.3.3 Determining the Quantum of the Fine
- 8.4 Processing Injunctions
- 8.4.1 Domestic Law
- 8.4.2 The EU Injunction Directive
- 8.4.3 The SA's Power to Restrain Processing
- 8.5 Specific Performance
- Notes
- 9 Governmental Use of Data
- 9.1 Member State Legislations
- 9.2 Processing in the "Public Interest"
- 9.2.1 What Is Public Interest?
- 9.2.2 Public Interest as a "Legal Basis" for Processing
- 9.2.3 State Use of "Special" Data
- 9.2.4 Processing Relating to Criminal Record Data
- 9.3 Public Interest and the Rights of a Data Subject
- 9.3.1 Erasure and Restriction of Data Processing
- 9.3.2 Data Portability
- 9.3.3 Right to Object
- 9.3.4 Right to Explanation
- 9.4 Organizational Exemptions and Responsibilities
- 9.4.1 Representatives for Controllers Not within the EU
- 9.4.2 General Impact Assessments in Lieu of a Data Protection Impact Assessment (DPIA)
- 9.4.3 Designation of a Data Protection Office (DPO)
- 9.4.4 Monitoring of Approved Codes of Conduct
- 9.4.5 Third-Country Transfers
- 9.5 Public Documents and Data
- 9.5.1 The Network and Information Systems Directive
- 9.5.2 Telemedia Data Protection
- 9.5.3 National Identification Numbers
- 9.6 Archiving
- 9.7 Handling Government Subpoenas
- 9.8 Public Interest Restrictions on GDPR
- 9.9 Processing and Freedom of Information and Expression
- 9.9.1 Journalism and Expression under GDPR
- 9.9.2 Combating "Fake News" in the Modern Age
- 9.10 State Use of Encrypted Data
- 9.11 Employee Data Protection
- 9.11.1 The Opening Clause
- 9.11.2 Employment Agreements
- 9.11.3 The German Betriebsrat
- 9.11.4 The French "Comité d'enterprise"
- Notes
- 10 Creating a GDPR Compliance Department
- 10.1 Step 1: Establish a "Point Person"
- 10.2 Step 2: Internal Data Audit
- 10.3 Step 3: Budgeting
- 10.4 Step 4: Levels of Compliance Needed
- 10.4.1 Local Legal Standards
- 10.4.2 Enhanced Legal Standards for International Data Transfers
- 10.4.3 International Legal Standards
- 10.4.4 Regulatory Standards
- 10.4.5 Contractual Obligations
- 10.4.6 Groups of Undertakings
- 10.5 Step 5: Sizing Up the Compliance Department
- 10.6 Step 6: Curating the Department to Your Needs
- 10.6.1 "In-House" Employees
- 10.6.2 External Industry Operators
- 10.6.3 Combining the Resources
- 10.7 Step 7: Bring Processor Partners into Compliance
- 10.8 Step 8: Bring Affiliates into Compliance
- 10.9 Step 9: The Security of Processing
- 10.10 Step 10: Revamping Confidentiality Procedures
- 10.11 Step 11: Record Keeping
- 10.12 Step 12: Educate Employees on New Protocols
- 10.13 Step 13: Privacy Policies and User Consent
- 10.14 Step 14: Get Certified
- 10.15 Step 15: Plan for the Worst Case Scenario
- 10.16 Conclusion
- Notes
- 11 Facebook: A Perennial Abuser of Data Privacy
- 11.1 Social Networking as an Explosive Global Phenomenon
- 11.2 Facebook Is Being Disparaged for Its Data Privacy Practices
- 11.3 Facebook Has Consistently Been in Violation of GDPR Standards
- 11.4 The Charges against Facebook
- 11.5 What Is Facebook?
- 11.6 A Network within the Social Network
- 11.7 No Shortage of "Code of Conduct" Policies
- 11.8 Indisputable Ownership of Online Human Interaction
- 11.9 Social Networking as a Mission
- 11.10 Underlying Business Model
- 11.11 The Apex of Sharing and Customizability
- 11.12 Bundling of Privacy Policies
- 11.13 Covering All Privacy Policy Bases
- 11.14 Claims of Philanthropy
- 11.15 Mechanisms for Personal Data Collection
- 11.16 Advertising: The Big Revenue Kahuna
- 11.17 And Then There Is Direct Marketing
- 11.18 Our Big (Advertiser) Brother
- 11.19 A Method to Snooping on Our Clicks
- 11.20 What Do We Control (or Think We Do)?
- 11.20.1 Ads Based on Data from FB Partners
- 11.20.2 Ads Based on Activity on FB That Is Seen Elsewhere
- 11.20.3 Ads That Include Your Social Actions
- 11.20.4 "Hiding" Advertisements
- 11.21 Even Our Notifications Can Produce Revenue
- 11.22 Extent of Data Sharing
- 11.23 Unlike Celebrities, We Endorse without Compensation
- 11.24 Whatever Happened to Trust
- 11.25 And to Security of How We Live
- 11.26 Who Is Responsible for Security of Our Life Data?
- 11.27 And Then There Were More
- 11.28 Who Is Responsible for Content?
- 11.29 Why Should Content Be Moderated?
- 11.30 There Are Community Standards
- 11.31 Process for Content Moderation
- 11.31.1 Identifying and Determining Content Removal Requests
- 11.32 Prospective Content Moderation "Supreme Court"
- 11.33 Working with Governmental Regimes
- 11.34 "Live" Censorship
- 11.35 Disinformation and "Fake" News
- 11.35.1 "Disinformation"
- 11.35.2 False News Policy
- 11.35.3 Fixing the "Fake News" Problem
- 11.36 Conclusion
- Notes
- 12 Facebook and GDPR
- 12.1 The Lead Supervisory Authority
- 12.2 Facebook nicht spricht Deutsch
- 12.3 Where Is the Beef? Fulfilling the Information Obligation
- 12.4 Data Processing Purpose Limitation
- 12.5 Legitimate Interests Commercial "Restraint" Needed
- 12.6 Privacy by Design?
- 12.7 Public Endorsement of Personalized Shopping
- 12.8 Customizing Data Protection
- 12.9 User Rights versus Facebook's Obligations
- 12.10 A Digital Blueprint and a GDPR Loophole
- 12.11 Investigations Ahead
- 12.12 Future Projects
- Notes
- 13 The Future of Data Privacy
- 13.1 Our Second Brain
- 13.2 Utopian or Dystopian?
- 13.3 Digital Empowerment: Leveling the Playing Field
- Notes
- Appendix: Compendium of Data Breaches
- About the Authors
- Index
- EULA
