Gloria González Fuster

• Prof. Dr.
• Professor at Vrije Universiteit Brussel

‘Feminist data protection’ is not an established term or field of study: Data protection discourse is dominated by doctrinal legal and economic positions, and feminist perspectives are few and far between. This editorial introduction summarises a number of recent interventions in the broader fields of data sciences and surveillance studies, then tu...

This study, commissioned by the European Parliament’s Policy Department for Citizens’ Rights and Constitutional Affairs at the request of the LIBE Committee, examines the impact on fundamental rights of Artificial Intelligence in the field of law enforcement and criminal justice, from a European Union perspective. It presents the applicable legal f...

Article 4(3) (Definition of ‘restriction of processing’); Article 5(1)(d) (Principle of accuracy); Article 16 (Right to rectification); Article 5(1)(a) (Principle of lawfulness); Article 17(1)(d) (Right to erasure based on unlawful processing); Article 5(1)(c) (Principle of data minimisation); Article 17(3)(e) (Limitations to the right to erasure);...

This new book provides an article-by-article commentary on the new EU General Data Protection Regulation. Adopted in April 2016 and applicable from May 2018, the GDPR is the centrepiece of the recent reform of the EU regulatory framework for protection of personal data. It replaces the 1995 EU Data Protection Directive and has become the most signi...

Article 4(9) (Definition of ‘recipient’); Article 12 (Transparent information, communication and modalities for the exercise of the rights of the data subject); Article 16 (Right to rectification), Article 17(1) (Right to erasure (‘right to be forgotten’)); Article 18 (Right to restriction of processing); Article 58(2)(g) (Powers of supervisory aut...

This new book provides an article-by-article commentary on the new EU General Data Protection Regulation. Adopted in April 2016 and applicable from May 2018, the GDPR is the centrepiece of the recent reform of the EU regulatory framework for protection of personal data. It replaces the 1995 EU Data Protection Directive and has become the most signi...

This chapter provides an overview of the European Union (EU) policies and legislative measures developed in an attempt to regulate cybersecurity. By invoking a historical perspective, policy developments that have shaped the cybersecurity landscape of the EU are highlighted. More concretely, this contribution investigates how the EU has been delimi...

This paper aims at situating the policy discourse accompanying current European Union (EU) initiatives on facilitating access by public authorities to data held by private companies, including in scenarios regarded as crossing jurisdictional borders. More concretely, it contextualises these initiatives in light of the absence of publicly available...

Book review of Data Justice and COVID-19: Global Perspectives, by Linnet Taylor, Gargi Sharma, Aaron Martin and Shazade Jameson (eds.)

Making sense of digital security practice requires grasping how data are put to use to compose the governing of individuals. Data need to be understood in their becoming, and in their becoming something across diverse practices. To do this, we suggest embracing two conceptual tropes that jointly articulate the being together of, and in, data compos...

The rights to privacy and to personal data protection, enshrined respectively in Art. 7 and 8 of the Charter of Fundamental Rights of the European Union (EU) (hereafter, the ‘EU Charter’), have been particularly powerful in determining the evolution of EU law and policy over the last years. On their basis, the Court of Justice of the EU (CJEU) decl...

‘Oh, I see’, said the data subject.

In the digital age, access to data sought in the framework of a criminal investigation often entails the exercise of prosecuting powers over individuals and material that fall under another jurisdiction. Mutual legal assistance treaties, and the European Investigation Order allow for the lawful collection of electronic information in cross-border p...

This document presents the Bonn PRINTEGER Consensus Statement: Working with Research Integrity—Guidance for research performing organisations. The aim of the statement is to complement existing instruments by focusing specifically on institutional responsibilities for strengthening integrity. It takes into account the daily challenges and organisat...

This paper describes the IsITethical? Exchange, a European knowledge and service hub we are developing with and for diverse parties involved in crisis and disaster risk management. Their commitment to European values and fundamental rights underpins the rationale of the initiative, which is to support European societies' need for high quality innov...

This report relates to the empirical work conducted under the Promoting Integrity as an Integral Dimension of Excellence in Research (PRINTEGER) research project on research integrity and scientific misconduct.1 It briefly presents the general requirements of fairness in procedures (Section 1), introduces the variety of structures in place for the...

The present deliverable combines a study of relevant legal requirements, codes and legislation (Section 1), in particular searching for remarkable commonalities and salient frictions, with a discussion on some of the upcoming regulatory challenges in the area of research integrity and scientific misconduct (Section 2). The selection of analysed ins...

A l’aune de la mise en œuvre du Règlement Général de Protection des Données (RGPD) en mai 2018, le débat sur la propriété de l’information et le ownership of data bat son plein. Les discussions sur le contrôle des données se déroulent passionnément, et elles ont, du moins pour des vétérans de la recherche en matière de protection des données à cara...

Surveillance Studies often look at cultural products as pedagogical or heuristic devices, as if they were windows into the popular representation of surveillance practices. However, artworks may also be the (by-)products of consumers' surveillance. Online platforms like Netflix harvest vast amounts of data about clients' behaviour, so to predict th...

Review of: Simone Browne, Dark Matters: On the Surveillance of Blackness (Durham, NC and London: Duke University Press, 2015). ix+213pp., £70.00 hb., £19.99 pb., 978 0 82235 919 7 hb., 978 0 82235 938 8 pb.

Data protection law is nowadays a relatively popular subject. The countdown to May 2018, when the General Data Protection Regulation (GDPR) will become applicable, is generating more and more attention. In the meantime, many other connected issues keep triggering intense policy debates, and attracting curious and eager researchers: from the future...

This White Paper explores the legal dimensions of the European Union (EU)’s value-driven cybersecurity, investigating the notions of ‘value-driven’ and ‘cybersecurity’ from the perspective of EU law. It starts with a general overview of legal issues in current value-driven cybersecurity debates (Chapter 2), showing how values embedded within the fr...

Participants’ Hand-out prepared for the Workshop on Scientific Research & Data Protection organised on 9 December 2016 by the Brussels Privacy Hub (BPH), in the context of the BPH GDPR Workshop Series.

Case of Dragojević v Croatia, App no 68955/11, ECtHR, 15 January 2015 Prior judicial scrutiny of secret surveillance measures cannot be circumvented by allowing courts to justify measures retrospectively. In a case about the tapping of telephone conversations of a drug-trafficking suspect, the European Court of Human Rights found that the Croatian...

This handbook offers practical guidance and tools to teach privacy and personal data protection to children and teenagers at schools in Europe. It covers issues such as individual rights, online safety, digital identity, behavioural advertising, cyber bullying and parental surveillance, addressing them in a clear and sound manner. Teachers and educ...

European data protection law channels data processing in many ways: it fabricates spaces within which personal data can move freely, circumscribes borders that personal data shall not cross unless following ad-hoc paths and erects legal routes through which personal data might move. These seemingly discordant gestures of personal data liberation an...

With the second Payment Services Directive, the European Union embraces new payment services by tackling some of the legal challenges they trigger. Personal data protection is one of the most critical of such challenges, and it is itself in a crucial transition period. A General Data Protection Regulation is indeed to replace the current Data Prote...

This deliverable is part of Work Package II of the Promoting Integrity as an Integral Dimension of Excellence in Research (PRINTEGER) research project. Titled What is integrity? Multidisciplinary Reconnaissance, Work Package II is devoted to the analytic reconnaissance of research integrity and scientific misconduct. This report contributes to such...

Full report can be downloaded from https://www.democraticmedia.org/CDD-Wearable-Devices-Big-Data-Report

Privacy education is already a reality in some schools in Europe. Strengthening this trend is a priority for many actors in the field. This contribution explores why this is so and investigates what can be learnt from the review of current practices. Therefore it first examines the reasons for teaching about privacy at schools and subsequently over...

Priročnik vsebuje praktične nasvete in orodja za poučevanje otrok in najstnikov v šolah po celotni Evropi o zasebnosti in varstvu osebnih podatkov. Jasno in temeljito obravnava teme, kot so pravice posameznikov, varnost na spletu, digitalna identiteta, vedenjsko oglaševanje, spletno trpinčenje in nadlegovanje ter nadzor s strani staršev. Učitelji i...

Niniejszy poradnik oferuje praktyczne wskazówki oraz narzędzia do nauczania dzieci i młodzieży uczęszczających do szkół w Europie o ochronie danych osobowych i prywatności. W jasny i przystępny sposób porusza on kwestie takie jak prawa podmiotowe osób, których dane dotyczą, bezpieczeństwo cyfrowe, tożsamość cyfrowa, reklama behawioralna, cyberbully...

A kézikönyv gyakorlati útmutatóul és eszközül szolgál az európai iskolák részére annak érdekében, hogy a gyerekekhez és tizenévesekhez közelebb hozzák a magánélet és az adatvédelem kérdéseit. A könyv egyszerű és józan megközelítéssel foglalkozik a személyhez fűződő jogokkal, az internetes biztonsággal, a digitalis személyazonossággal, a viselkedés...

As the adoption of the General Data Protection Regulation (GDPR) by the European Council and the European Parliament seems to be approaching fast, there are some good news to report: the Court of Justice of the European Union (CJEU) has in the meantime taken advantage of the lengthy discussions surrounding it to firmly assert the fundamental rights...

Moving away from the traditional framing of surveillance in terms of in/visibility, this article proposes a conceptual journey that investigates the potential of the notions of dis-appearance and ob-scene as alternative theoretical tools. In particular, it explores how these different perspectives can help bringing politics back into the study and...

Moving away from the traditional framing of surveillance in terms of in/visibility, this article proposes a conceptual journey that investigates the potential of the notions of dis-appearance and ob-scene as alternative theoretical tools. In particular, it explores how these different perspectives can help bringing politics back into the study and...

This study examines the challenges to European law posed by third-country access to data held by private companies for purposes of law-enforcement investigations in criminal proceedings. The proliferation of electronic communications is putting cloud-computing companies under severe strain from multiple demands from the authorities to acquire acces...

Numerous science, technology and engineering developments are perceived as raising privacy concerns. As such, privacy repeatedly finds itself addressed through the mixed lens of an 'ethical-legal' (if not 'ethical-legal-social') perspective. The aim of this contribution is to dispute the validity of this indistinctive approach, to stress its shortc...

This chapter focuses on the construction of personal data protection as a fundamental right of the European Union (EU) by studying the surfacing of the notion of EU fundamental rights, and by exploring how could the right to the protection of personal appear among them. First, the chapter reviews the historical involvement of the EU in the field of...

In the 1970s surfaced in various European countries provisions regulating the automated processing of data. They were either ad-hoc legal instruments, or constitutional-level provisions, and each of them advanced a particular legal approach to the protection of individuals in the face of automated data processing, typically engaging disparate termi...

The European Union (EU) started to get involved in the regulation of data processing at the beginning of the 1970s. This chapter describes the initial steps of its involvement, and studies the crystallisation of EU legislation on (personal) data protection, up to the adoption of the EU Charter of Fundamental Rights in 2000. Chronologically, these d...

This chapter provides the background needed for the exploration of the emergence of the right to the protection of personal data as a fundamental right in European Union (EU) law by focusing on the notion of privacy. First, it offers an overview of divergent approaches to this multifaceted notion, noting inter alia how concurring views can be class...

This chapter chronicles the integration in the law of the European Union (EU) of the fundamental right to personal data protection as advanced by the Charter of Fundamental Rights of the EU. It first explores a transitional period inaugurated by the solemn proclamation of the EU Charter in 2000 and closed with the entry into force of the Lisbon Tre...

By the end of the 1970s, two important international organisations started to prepare international instruments on the processing of information about individuals: the Organisation for Economic Co-operation and Development (OECD) and the Council of Europe. This chapter considers their early involvement, and examines in detail how OECD’s 1980 Guidel...

p>Information obligations have always been crucial in personal data protection law. Reinforcing these obligations is one of the priorities of the legislative package introduced in 2012 by the European Commission to redefine the personal data protection legal landscape of the European Union (EU). Those responsible for processing personal data (the d...

The European Union (EU) is actively involved in promoting personal data processing practices for security purposes. It is also responsible for delineating the legal regime safeguarding individuals against such data processing. Two rights collide: the right to privacy and the right to personal data protection. Both are recognised as distinct in the...

The existence of a fundamental right to the protection of personal data in European Union (EU) law is nowadays undisputed. Established in the EU Charter of Fundamental Rights in 2000, it is increasingly permeating EU secondary law, and is expected to play a key role in the future EU personal data protection landscape. The right's reinforced visibil...

In 2008, debates over the deployment of body scanners in EU airports gave rise to imbroglios of technologies, bodies, law, and policies. Eventually, these entanglements appeared to be undone and resolved by the concealment of bodies from the screens of the machines—which had, meanwhile, been renamed security scanners. Using the concept of setting,...

Les autoritats nacionals que imposen un processament sistematic de dades personals a subministradors de serveis d'internet en nom de la proteccio de la propietat intel·lectual no troben un equilibri just entre l'interes dels titulars dels drets d'autor a l'hora d'assegurar el seu dret a la propietat intel·lectual amb la proteccio de dades personals...

Since it first appeared in the 1960s, the legal notion of personal data protection has been living in the shade of the term privacy. Whereas in the United States (US) the regulation of the processing of information related to individuals was solidly framed under the privacy tag as early as the beginning of the1970s, European legal orders were witne...

The entry into force of the EU Charter of Fundamental Rights and the ensuing introduction of the right to data protection as a new fundamental right in the legal order of the EU has raised some challenges. This article is an attempt to bring clarity on some of these questions. We will therefore try to address the issue of the place of the right to...

There is no doubt that EU measures on the automated processing of data on individuals have an impact on fundamental rights. But which fundamental rights are more deeply affected by them? And how should these rights be safeguarded to ensure the effective protection of individuals and democratic societies? This Policy Brief highlights a series of ele...

The right to respect for private life is developed in European legal frameworks through different legal notions and instruments. One of such mechanisms for privacy protection, constantly backed up by the European Union (EU) legislator for already more than a decade, is the regulation of so-called unsolicited communications. This contribution explor...

The accuracy principle is one of the key standards of informational privacy. It epitomises the obligation for those processing personal data to keep their records accurate and up-to-date, with the aim of protecting individuals from unfair decisions. Currently, however, different practices being put in place in order to enhance the protection of ind...

The right to respect for private life is developed in European legal frameworks through different legal notions and instruments. One of such mechanisms for privacy protection, constantly backed up by the European Union (EU) legislator for already more than a decade, is the regulation of so-called unsolicited communications. This contribution explor...

To get the maximum benefit from ambient intelligence (AmI), we need to anticipate and react to possible drawbacks and threats emerging from the new technologies in order to devise appropriate safeguards. The SWAMI project took a precautionary approach in its exploration of the privacy risks in AmI and sought ways to reduce them. It constructed four...

The ‘SWIFT affair’ eloquently illustrates the complexities of the protection of personal data in the context of global privacy-invading counterterrorist efforts. At the core of the issue there is not only the possibility for US authorities to secretly (and legally) access information on financial transactions taking place in the European Union (EU)...

Les différentes pratiques qui sont généralement regroupées sous le terme « web 2.0 » représentent sans aucun doute un défi majeur pour la protection de la vie privée et la protection de données personnelles. Ce défi ne découle cependant pas que des traits particuliers du phénomène « web 2.0 » en tant que tel, c’est-à-dire, en tant que phénomène rep...

The Council of Europe adopted its Convention on Cybercrime in 2001. Four years later, Council Framework Decision 2005/222/JHA of 24 February 2005 on attacks against information systems saw the light. What is the added value of this text? How should it be judged in the context of the EU and the global fight against cybercrime? This paper examines th...

The European Union (EU) has been powerfully supporting over the last decades the construction of so-called ‘digital borders’, composed of large-scale databases massively processing information on third-country nationals on the move, focusing on the examination of who crosses, wishes or needs to cross its external borders. Simultaneously, the EU has...

The proliferation of large-scale databases containing personal information, and the multiple uses to which they can be put, can be highly problematic from the perspective of fundamental rights and freedoms. This paper discusses two landmark decisions that illustrate some of the risks linked to these developments and point to a better framing of suc...

Profiling through predictive data mining is already a reality worldwide, including in the European Union. This modern technique relies on the massive processing of personal data in order to identify patterns that allow for the automatic categorisation of individuals. Yet no satisfactory debate is taking place on how the use of profiling in this par...

Profiling through predictive data mining is already a reality worldwide, including in the European Union. This modern technique relies on the massive processing of personal data in order to identify patterns that allow for the automatic categorisation of individuals. Yet no satisfactory debate is taking place on how the use of profiling in this par...

The proliferation of large-scale databases containing personal information, and the multiple uses to which they can be put, can be highly problematic from the perspective of fundamental rights and freedoms. This paper discusses two landmark decisions that illustrate some of the risks linked to these developments and point to a better framing of suc...