The Principle of Purpose Limitation in Data Protection Laws

RA Dr. Maximilian von Grafenstein

doi:10.5771/9783845290843

Zusammenfassung

Die Arbeit untersucht das datenschutzrechtliche Zweckbindungsprinzip aus der Perspektive der rechtswissenschaftlichen Innovationsforschung. Danach schützt das Zweckbindungsprinzip nicht nur die Autonomie der Betroffenen, sondern lässt zugleich den Verarbeitern ausreichend Spielraum, um im Rahmen ihrer Innovationsprozesse den Schutz optimal umzusetzen. In diesem Sinne stellt sich die Pflicht des Verarbeiters, die Zwecke der Verarbeitung zu spezifizieren, als ein Instrument des Vorsorgeschutzes dar. Es zielt darauf ab, spezifische Risiken, die sich aus der Datenverarbeitung für die Grundrechtsausübung des Betroffenen ergeben, frühzeitig zu erkennen. Demgegenüber zielt das Erfordernis, dass die spätere Verarbeitung nicht unvereinbar mit der ursprünglichen Zweckangabe sein darf, auf eine Kontrolle der zusätzlichen Risiken, die sich aus der späteren Verarbeitung ergeben. Dieser Interpretationsansatz zeigt eine Möglichkeit auf, wie nicht nur die Betroffenen effektiv vor den Risiken der Datenverarbeitung geschützt, sondern auch die Verarbeiter befähigt werden können, die Einhaltung der rechtlichen Vorschriften als innovationsfördernden Wettbewerbsvorteil zu nutzen.

Publikation durchsuchen

Bibliographische Angaben

Copyrightjahr: 2018
ISBN-Print: 978-3-8487-4897-6
ISBN-Online: 978-3-8452-9084-3
Verlag: Nomos, Baden-Baden
Reihe: Schriften zur rechtswissenschaftlichen Innovationsforschung
Band: 12
Sprache: Englisch
Seiten: 676
Produkttyp: Monographie

Inhaltsverzeichnis

KapitelSeiten

Titelei/InhaltsverzeichnisSeiten 1 - 30 Download Kapitel (PDF)
Download Kapitel (PDF)
1. 1. 1. Innovation as an economic driver for public welfare
  2. 2. Protection against the risks of innovation
  3. 3. Uncertainty about the meaning and extent of the principle of purpose limitation
  4. 1. a) Coming from a practical observation: Startups and non-linear innovation processes
    2. 1. aa) The unpredictable outcome of entrepreneurial processes
      2. bb) Excursus: In which circumstances do data controllers actually need “old” data?
    3. 1. aa) No foreseeable negative impact on individuals
      2. bb) Negative impact foreseeable on the individuals
  5. 5. Interim conclusion: Uncertainty about the concept of protection and its legal effects
2. 1. 1. Legal research about innovation
  2. 2. The regulator’s perspective
  3. 3. Possible pitfalls taking the effects of regulation instruments into account
3. III. Course of examination
Download Kapitel (PDF)
1. 1. 1. a) Key Elements for the entrepreneurial process
    2. b) Business Opportunities: Discovery and creation
    3. c) Strategic management: Causation and effectuation
    4. d) Entrepreneurial contexts: The Law as one influencing factor in innovation processes amongst others
  2. 1. a) Do laws simply shift societal costs either protecting against or being open to innovation?
    2. 1. aa) Legal (un)certainty as a factor that mediates the regulatory burden
      2. bb) Conditioning further legal certainty as a promoting factor for entrepreneurial activity
    3. c) Interim conclusion with respect to the principle of purpose limitation
2. 1. 1. Risk terminology oscillating between “prevention” and “precaution”
  2. 2. Sociological approaches defining “dangers” and “risks”
  3. 1. a) Protection pursuant to the degree of probability
    2. b) Protection pursuant to the available knowledge in linear-causal and non-linear environments
    3. c) Interim conclusion: Fundamental rights determining the appropriateness of protection
  4. 4. Searching for a scale in order to determine the potential impact of data protection risks
3. 1. 1. The individual’s autonomy and the private/public dichotomy
  2. 2. Criticism: From factual to conceptual changes
  3. 3. Nissenbaum’s framework of “contextual integrity”
  4. 4. Clarifying the relationship between “context” and “purpose”
  5. 5. Values as a normative scale in order to determine the “contexts” and “purposes”
Download Kapitel (PDF)
1. 1. 1. a) The interplay between European Convention for Human Rights, European Charter of Fundamental Rights and German Basic Rights
    2. 1. (a) Positive obligations with respect to Article 8 ECHR
        (b) Right to respect for private life under Article 8 ECHR
        (a) Market freedoms and fundamental rights
        (b) The right to data protection under Article 8 ECFR and/or the right to private life under Article 7 ECFR
        (a) Protection function of the right to informational self-determination
        (b) Priority of contractual agreements and the imbalance of powers
        (c) Balancing the colliding constitutional positions
      2. (1) The 3-Step-Test: Assessing the defensive and protection function
        (a) Which instruments actually protect which object of protection?
        (b) Example: “Commercialized” consent threatening the object of protection including…
        (c) … individuality?
        (d) … solidarity?
        (e) … democracy?
      3. cc) Equal or equivalent level of protection compared to state data processing?
    3. c) Interim conclusion: Interdisciplinary research on the precise object and concept of protection
  2. 1. a) Genesis and interplay with co-related basic rights
    2. b) Autonomous substantial guarantee
    3. c) Right to control disclosure and usage of personal data as protection instrument?
    4. d) Infringement by ‘insight into personality’ and ‘particularity of state interest’
    5. 1. (1) Principles of clarity of law and purpose limitation referring to the moment when data is collected
        (2) The proportionality test also takes the use of data at a later stage into account
      2. bb) In the private sector: The contract as an essential link for legal evaluation
    6. f) Interim conclusion: Conceptual link between ‘privacy’ and ‘data processing’
  3. 1. a) Genesis and interplay of both rights
    2. 1. aa) Substantial guarantee of “private life”: Trust in confidentiality and unbiased behavior
      2. bb) Criteria established for certain cases: Context of collection, nature of data, way of usage, and results obtained
      3. (1) ‘Intrusion into privacy’
        (2) Public situations: ‘Systematic or permanent storage’ vs. ‘passer-by situations’
        (3) ‘Data relating to private or public matters’, ‘limited use’ and/or ‘made available to the general public’
        (4) ‘Unexpected use’ pursuant to the purpose perceptible by the individual concerned
      4. dd) Consent: Are individuals given a choice to avoid the processing altogether?
      5. ee) Conclusion: Assessment of ‘reasonable expectations’ on a case-by-case basis
    3. 1. (1) General definition of the term ‘personal data’ under Article 7 and 8 ECFR instead of case-by-case approach
        (a) Protection against first publication and profiles based on public data
        (b) Protection against collection, storage, and subsequent risk of abuse
        (a) Which right is used to discuss other fundamental rights?
        (b) The answer depends on the type of threat posed
        (4) Protection in (semi)-public spheres irrespective of ‘reasonable expectations’?
        (5) Going beyond the requirement of consent provided for under Article 8 ECHR
      2. (1) Location of protection instruments under Article 8 ECFR
        (2) Protection going beyond Article 8 ECHR
        (3) Remaining uncertainty about the interplay between Article 7 and 8 ECFR
      3. (1) The reason for why the scope is too vague: Difference between data and information
        (2) The reason for why the scope is too broad: Increasing digitization in society
        (3) Advantages and challenges: ‘Personal data’ as legal link for a subjective right
        (4) Possible consequence: A legal scale provided for by all fundamental rights which determine the regulation instruments under Art. 8 ECFR
2. 1. 1. a) ECtHR and ECJ: Almost no criteria
    2. 1. (a) ‘All the means reasonably likely to be used’
        (b) Example: IP addresses as ‘personal data’?
        (c) The case of “Breyer vs. Germany”
        (2) Liability for ‘data processing’: ‘Controller’ and ‘processor’
        (3) Further legal provisions referring to the purpose
      2. (1) Preliminary note: Clarifying conceptual (mis)understandings
        (2) Legal opinion on the function of the specification of a purpose
        (3) Legal opinion on the function of ‘making a specified purpose explicit’
        (4) Legal opinion on the reconstruction of a purpose and its legitimacy
      3. cc) Purposes of processing specified when consent is given
      4. (1) ePrivacy Directive
        (a) Preliminary note: Clarifying conceptual (mis)understandings
        (b) Legal opinion on ‘performance of a contract’
        (c) Legal opinion on ‘legal obligation’, ‘vital interests’, and ‘public task’
        (d) Legal opinion on ‘legitimate interests’
    3. 1. aa) Purposes of processing authorized by the Telecommunication Law
      2. bb) Purposes of processing authorized by the Telemedia Law
      3. (1) Three basic legitimate grounds
        (2) ‘Performance of a contract’, Article 28 sect. 1 sent. 1 no. 1 BDSG
        (3) ‘Justified interests of the controller’, Art. 28 sect. 1 sent. 1 no. 2 BDSG
        (4) ‘Generally accessible data’, Art. 28 sect. 1 sent. 1 no. 3 BDSG
        (5) Privileges and restrictions pursuant to the purpose
      4. (1) Not a waiver but execution of right to informational self-determination
        (2) Requirements for consent and consequences of its failure
        (3) Discussion on the degree of precision of a specified purpose
      5. (a) Function of purpose specification (basic conditions)
        (b) Examples for specific purposes: Certain areas of life or explicitly listed crimes
        (c) Examples for unspecific purposes: Abstract dangers or unknown purposes
        (d) Liberalization of the strict requirement by referring to the object of protection
        (2) Private sector: ‘Self-control of legitimacy’
  2. 1. 1. aa) Data processing for undisputed ‘marketing purposes’ authorized by law
      2. bb) Disputed ‘marketing purposes’ specified by data controllers
      3. cc) Further examples for different scales applied in order to specify the purpose
      4. dd) Can the context help interpret a specified purpose?
      5. ee) A different scale for ‘purpose specification’ pursuant to the German concept of protection
      6. ff) Interim conclusion: Do regulation instruments dictate the scale for ‘purpose specification’?
    2. 1. aa) Common understanding about the function of ‘purpose specification’
      2. bb) Ambiguous understanding regarding the functions of ‘making specified purpose explicit’
      3. cc) Arguable focus on data collection for legal evaluation in the private sector
      4. dd) Arguable legal consequences surrounding the validity of the consent
    3. 1. aa) No legal system providing for ‘objectives’ of data processing in the private sector
      2. (1) ‘Interests’ protected by the controller’s fundamental rights
        (2) Is the ‘purpose’ determined by the individual’s fundamental rights?
      3. (1) Present interests vs. future interests
        (2) Purpose specification pursuant to the type of threat?
    4. d) Summary of conceptual ambiguities
  3. 1. 1. (1) Different functions of rights (opacity and transparency)
        (2) Disconnecting the exclusive link between data protection to privacy
        (3) Data protection for all rights to privacy, freedom, and equality
      2. (a) Challenges of bridging risks to rights
        (b) Example: German White Paper on DPIA
        (c) Criticism: Incoherence of current risk criteria
        (a) Pooling different actions together in order to create meaning
        (b) Separating unspecific from specific risks (first reason why data protection is indispensable)
        (c) Central function with respect to all fundamental rights (second reason why data protection is indispensable of data protection)
        (3) Function of making specified purposes explicit
      3. (1) Tying into the Courts’ decisions and European legislation
        (a) Effectiveness and efficiency of protection instruments
        (b) Appropriate concept for innovation processes
        (c) Excursus: Objective vs. subjective risks
    2. 1. (a) At home: Protection of ‘haven of retreat’
        (b) Using communications: Protection against ‘filtering opinions’
        (c) “Privacy in (semi)-public spheres”: Protection against the risks of later usage of data
        (2) Necessity requirement, irrespective of inconvenience
        (a) Research on the individual’s decision making process (consent)
        (b) First example: The legislature’s considerations on the use of ‘cookies’
        (c) Second example: Considerations surrounding ‘unsolicited communications’
      2. (1) Clarification of substantial guarantees
        (a) Necessity of publication
        (b) Strict requirements for consent
        (a) Misconceptions in the decision of “Mr. González vs. Google Spain”
        (b) Excursus: Case law provided for by the German Constitutional Court
        (c) Conclusion in regards to the decision of “Mr. González vs. Google Spain”
      3. (1) Does the German right to informational self-determination provide for such a guarantee?
        (2) Discussion on such a substantial guarantee
        (3) Articles 7 and/or 8 ECFR: Information pursuant to insights into personality and possibilities of manipulation
      4. (a) Considerations of the Courts with respect to the freedom of expression and the individuals risk of being unreasonably suspected by the State
        (b) Considerations on further rights of freedom
        (2) Focus on the later usage of data or information: Restriction or hindrance of exercise of rights of freedom through usage of data or information
        (a) Specific contexts of collection of personal data
        (b) Later use of personal data in the same context
        (c) Protection instruments enabling the individual to adapt to or protect him or herself against the informational measure
      5. (1) In the public sector: Criteria for intensity of infringement
        (2) In the private sector: ‘Tool of opacity’ vs. private autonomy?
        (3) Interim conclusion: Additional legitimacy requirement for the data-based decision-making process
    3. c) Conclusion: Purpose specification during innovation processes
3. 1. 1. 1. (1) ECtHR: ‘Reasonable expectations’ as a main criteria
        (a) Are the terms ‘necessity’, ‘adequacy’ and ‘relevance’ used as objective criteria for the compatibility assessment?
        (b) Purpose identity for the consent
      2. (1) Preliminary analysis: Pre-conditions and consequences
        (2) Example: The expectations of a customer purchasing a vegetable box online
        (a) First criteria: ‘Distance between purposes’
        (b) Second criteria: ‘Context and reasonable expectations’
        (c) Third criteria: ‘Nature of data and impact on data subjects’
        (d) Fourth criteria: ‘Safeguards ensuring fairness and preventing undue impact’
        (a) Specification of the compatibility assessment (even prohibiting positive effects)
        (b) Safeguards corresponding to the characteristics of the purposes
        (c) Hierarchy of safeguards: From anonymization to functional separation
      3. (1) Strict purpose identity for the processing of ‘communication data’, ‘traffic data’ and ‘location data other than traffic data’
        (2) The individual’s consent as an exclusive legal basis for a change of purpose
      4. dd) Interim conclusion: A lack in the legal scale for compatibility assessment
    2. 1. (1) Strict purpose identity required by Telemedia Law and Telecommunication Law
        (2) The more nuanced approach established by the Federal Data Protection Law
      2. (1) Strict requirement of purpose identity limiting the intensity of the infringement
        (2) Proportionate change of purpose
        (3) Identification marks as a control-enhancing mechanism
      3. (a) Purpose specification by the individual instead of the controller
        (b) Principle of purpose limitation and informational separation of powers
        (c) Example of re-registration: Collection and transfer of data on the citizen’s request
        (a) Criticism of the “subjective” purpose approach
        (b) Compatibility instead of identity of purposes
        (c) Supplementing protection instruments
        (a) Criticism of purpose compatibility
        (b) Specification, identity and change of purpose as equivalent regulation instruments
        (c) The opposing fundamental rights providing for the objective legal scale
      4. dd) Interim conclusion: Right to control data causing a ‘flood of regulation’
  2. 1. 1. (1) Purpose compatibility as an “umbrella assessment”
        (2) Custer’s and Ursic’s taxonomy: “Data recycling, repurposing, and recontextualization”
        (3) Clarification of an objective scale: “Same risk, higher risk, and another risk”
      2. (a) “Purpose identity” forbidding additional risks (than specified before)
        (b) Further protection instruments that can avoid purpose incompatibility
        (c) Systemizing the criteria for the compatibility assessment
        (2) Right to private life under Article 8 ECHR and the right to informational self-determination
      3. cc) Applying a ‘non-linear perspective’
    2. 1. aa) Right of ‘being left alone’: ‘Reasonable expectations’ determined by risks
      2. bb) Self-representation in the public: A balancing exercise instead of purpose determination
      3. cc) Internal freedom of development: Specific instead of preliminary information
      4. dd) External freedoms of behavior: Purpose identity as one potential element amongst several protection instruments
      5. ee) Equality and non-discrimination: Specifying incompatible purposes in the course of social life
    3. c) Conclusion: Purpose limitation in decentralized data networks
4. 1. 1. 1. aa) How data may be related to an individual
      2. bb) Anonymization of personal data
      3. cc) Again: The problem of a “yes-or-no-protection” solution
    2. 1. (1) Pro and cons for precautionary protection against abstract dangers
        (2) Abstract precautionary protection only in cases of special danger
        (3) Advantages of a nuanced approach
      2. (1) General scope of protection enabling specification of purpose (aka risk)
        (a) Rights to privacy
        (b) Right of self-representation in the public
        (c) Internal freedom of behavior
        (d) Rights to freedom and non-discrimination
        (3) Again: General scope of protection requiring data security (against unspecific risks)
    3. 1. (1) Cumulative responsibility for precautionary protection
      2. (2) Cooperative responsibility for preventative protection
  2. 1. 1. aa) Different risks in the public and private sector
      2. bb) Example: Requirements to specify the purpose and limit the processing at a later stage
      3. cc) Legal-technical constraints surrounding the prohibition rule
    2. 1. aa) Classic instruments: Specific legal provisions, broad legal provisions, and/or consent
      2. bb) Conceptual shift: From a legal basis to ‘legitimacy assessment’
      3. cc) Side note: State regulated self-regulation increasing legal certainty
      4. dd) Interplay of consent and legal provisions
    3. c) Interim conclusion: Balancing the colliding fundamental rights
  3. 1. 1. aa) Classic discussion regarding current data protection laws
      2. bb) Further approaches considered by the legislator and Constitutional Courts
      3. cc) Requirements illustrated so far, with respect to different guarantees
    2. 1. (1) Risks as object of consent (not data)
        (2) Extent of consent limiting the later use of data (instead of being illegal as a whole)
        (3) Change of purpose: Opt-out procedures for higher and opt-in procedures for other risk
      2. (1) Arg. ex contrario: Is an incompatible purpose legal on a separate legal basis?
        (2) Differentiating between “not compatible” and “incompatible” purposes
        (3) Assessment of safeguards that ensure that purposes do not (definitely) become incompatible
      3. (1) Opt-out: A risk-reducing protection instrument
        (2) Examples: New risks not covered by consent (in light of the specified purpose)
        (3) Examples: New risks not covered by a former applicable provision
      4. (a) Data collection: Customizing information in relation to daily decision-making processes
        (b) Change of purpose: Interpreting information duties regarding specific risks
        (c) Profiling and automated decision-making
        (2) Individual’s right to rectification
    3. c) Conclusion: Specifying the decision-making process (Art. 24 and 25 GDPR)
Download Kapitel (PDF)
1. 1. 1. a) Risk-based approach of purpose specification and limitation (Art. 5 sect. 1 lit. b GDPR)
    2. b) Data Protection Impact Assessment (Art. 35 GDPR)
    3. c) Further methodologies (technology assessment and surveillance impact assessment)
  2. 1. a) Examining abstract constitutional positions from a social science perspective
    2. b) Pre-structuring interests through multiple-stakeholder and expert participation
    3. c) Specifying ‘decision-making process’ by user-centered development of data protection-by-design
  3. 3. Interim conclusion: Unfolding complexity
2. 1. 1. Reason for the case study approach
  2. 2. Generalizing the non-representative cases
  3. 3. Designing the case studies
3. 1. 1. a) Enabling data controllers to increase legal certainty
    2. b) Enhancing competition on the “data protection” market
    3. c) Remaining questions in relation to the effects of legal standards
  2. 1. 1. (1) Initial product and business model: Internal freedom of development
        (2) Change of product and business model: No substantive change of purpose
      2. (1) Standardization of “personalized marketing” purpose
        (2) Competitive advantage
    2. 1. (1) Processing of public personal data: Self-determination in public
        (2) The taxi driver: Attributing anonymized data to passengers
      2. (1) Standardization of “statistical” or “scientific” purposes
        (2) Competitive advantage
    3. 1. (1) Re-publication of personal data: fair balance instead of a priority rule
        (2) Freedom to find an occupation: Participation instruments
      2. (1) Standardization of “profiling potential employees”
        (2) Signaling legal certainty (to the “workers’ council”)
  3. 5. Summary: Standardizing “purposes” of data processing
E. Final conclusion: The principle of purpose limitation can not only be open towards but also enhancing innovationSeiten 649 - 654 Download Kapitel (PDF)
BibliographySeiten 655 - 676 Download Kapitel (PDF)

Literaturverzeichnis (215 Einträge)

Acquisti, Alessandro / Grossklags, Jens: What Can Behavioral Economics Teach Us about Privacy?, in: Sabrina De Capitani di Vimercati / Stefanos Gritzalis / Costas Lambrinoudakis / Alessandro Acquisti (eds.), Digital Privacy – Theory, Technologies, and Practices, New York i.a.: Auerbach, 2008, pp. 363–377, quoted as: Acquisti and Grossklags, What Can Behavioral Economics Teach Us about Privacy?, p. Google Scholar öffnen
Albers, Marion: Informationelle Selbstbestimmung, Baden-Baden: Nomos, 2005, quoted as: Albers, Informational Self-Determination, p. Google Scholar öffnen doi.org/10.5771/9783845258638
Id.: § 22 – Umgang mit personenbezogenen Informationen und Daten, in: Wolfgang Hoffmann-Riem / Eberhard Schmidt-Aßmann / Andreas Voßkuhle (eds.), Grundlagen des Verwaltungsrechts, Band 2 – „Informationsordnung, Verwaltungsverfahren, Handlungsformen“, 2nd edition, München: C.H. Beck, 2012, quoted as: Albers, Treatment of Personal Information and Data, cip. Google Scholar öffnen
Alvarez, Sharon / Barney, Jay B.: Discovery and Creation: Alternative Theories of Entrepreneurial Action, in: Strategic Entrepreneurship Journal 1 (1-2) (2007), pp. 11–26, quoted as: Alvarez and Barney, Discovery and Creation: Alternative Theories of Entrepreneurial Action, p. Google Scholar öffnen
Appel, Ivo: Aufgaben und Verfahren der Innovationsfolgenabschätzung, in: Innovation und Recht III – Innovationsverantwortung, Berlin: Duncker & Humblot, 2009, pp. 147–181, quoted as: Appel, Tasks and Procedures of the Innovation Impact Assessment, p. Google Scholar öffnen
Article 29 Data Protection Working Party (set up under Article 29 of Directive 95/46/EC): Statement on the role of a risk-based approach in data protection legal frameworks, 30 May 2014, 14/EN, WP 218, URL: http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2014/wp218_en.pdf, quoted as: Article 29 Data Protection Group, Statement on the role of a risk-based approach in data protection legal frameworks, p. Google Scholar öffnen
Id.: Opinion 03/0213 on purpose limitation, 2 April 2013, 00569/13/EN, WP 203, URL: http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2013/wp203_en.pdf, quoted as: Article 29 Data Protection Working Group, Opinion 03/0213 on purpose limitation, p. Google Scholar öffnen
Id.: Opinion 4/2007 on the concept of personal data, 20 June 2007, 01248/07/EN, WP 136, URL: http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2007/wp136_en.pdf, quoted as: Article 29 Data Protection Working Group, Opinion 4/2007 on the concept of personal data, p. Google Scholar öffnen
Id.: Opinion 05/2014 on Anonymisation Techniques, 10 April 2014, 0829/14/EN WP216, URL: http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2014/wp216_en.pdf, quoted as: Article 29 Data Protection Working Group, Opinion 05/2014 on Anonymisation Techniques, p. Google Scholar öffnen
Id.: Opinion 15/2011 on the definition of consent, 13 July 2011, 01197/11/EN, WP187, URL: http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2011/wp187_en.pdf, quoted as: Article 29 Data Protection Working Group, Opinion 15/2011 on the definition of consent, p. Google Scholar öffnen
Id.: Opinion 06/2014 on the notion of legitimate interests of the data controller under Article 7 of Directive 95/46/EC, 9 April 2014, 844/14/EN, WP 217, URL: http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2014/wp217_en.pdf, quoted as: Article 29 Data Protection Working Group, Opinion 06/2014 on the notion of legitimate interests of the data controller under Article 7 of Directive 95/46/EC, p. Google Scholar öffnen
Id.: Opinion 3/2010 on the principle of accountability, 13 July 2010, 00062/10/EN, WP 173, URL: http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2010/wp173_en.pdf, quoted as: Article 29 Data Protection Working Group, Opinion 3/2010 on the principle of accountability, p. Google Scholar öffnen
Balboni, Paolo / Cooper, Daniel / Imperiali, Rosario / Macenaite, Milda: Legitimate interest of the data controller New data protection paradigm: legitimacy grounded on appropriate protection, in: International Data Privacy Law 3 (4) (2013), pp. 244–261, quoted as: Balboni et al., Legitimate interest of the data controller New data protection paradigm: legitimacy grounded on appropriate protection, p. Google Scholar öffnen
Baldwin, Robert / Cave, Martin / Lodge, Martin: Understanding Regulation – Theory, Strategy and Practice, 2nd edition, Oxford: Oxford University Press, 2013, quoted as: Baldwin and Cave, Understanding Regulation – Theory, Strategy and Practice, p. Google Scholar öffnen
Baxter, Pamela / Jack, Susan: Qualitative Case Study Methodology: Study Design and Implementation for Novice Researchers, in: The Qualitative Report 13 (4) (2008), pp. 544–559, quoted as: Baxter and Jack, Qualitative Case Study Methodology: Study Design and Implementation for Novice Researchers, p. Google Scholar öffnen
Bäcker, Matthias: Grundrechtlicher Informationsschutz gegen Private, in: Der Staat 51 (1) (2012), pp. 91–116, quoted as: Bäcker, Constitutional Protection of Information regarding Private Parties, p. Google Scholar öffnen
Bechler, Lars: Informationseingriffe durch intransparenten Umgang mit personenbezogenen Daten, Halle an der Saale: Universitätsverlag Halle-Wittenberg, 2010, quoted as: Bechler, Informational Harm by Intransparent Treatment of Personal Data, p. Google Scholar öffnen
Belli, Luca: A heterostakeholder cooperation for sustainable internet policymaking, in: Internet Policy Review 4 (2) (2015), pp. 1–21, quoted as: Belli, A Heterostakeholder Cooperation for Sustainable Internet Policymaking. Google Scholar öffnen
Bergmann, Dr. Lutz / Möhrle, Roland / Herb, Prof. Dr. Armin: Datenschutzrecht, Loseblattsammlung, 53th edition, Berlin: Boorberg , 2017, quoted as: Bergmann/Möhrle/Herb, BDSG Google Scholar öffnen
Bergt, Matthias: Die Bestimmbarkeit als Grundproblem des Datenschutzrechts – Überblick über den Theorienstreit und Lösungsvorschlag, in: Zeitschrift für Datenschutz 5 (8) (2015), pp. 365–371, quoted as: Bergt, The question on „identifiable persons“ as main problem of data protection, p. Google Scholar öffnen
Bernsdorff, Norbert: Art. 8, in: Jürgen Meyer (ed.), Charta der Grundrechte der Europäischen Union, 3rd edition, Baden-Baden: Nomos, 2011, quoted as: Bernsdorff, European Charter of Fundamental Rights, Art. 8 cip. Google Scholar öffnen
Bethge, Herbert: Grundrechtskollisionen, in: Detlef Merten / Hans-Jürgen Papier (eds.), Handbuch der Grundrechte in Deutschland und Europa – Band III „Allgemeine Lehren II“, Heidelberg: C.F. Müller Verlag, 2009, § 72, quoted as: Bethge, § 72 – Collision of Basic Rights, cip. Google Scholar öffnen
Blank, Steve: Why the Lean Start-Up Changes Everything, Harvard Business Review 2013, URL: https://hbr.org/2013/05/why-the-lean-start-up-changes-everything , quoted as: Blank, Why the Lean Start-up Changes Everything, p. Google Scholar öffnen
Id.: Four Steps to the Epiphany – Successful Strategies for Products that Win, 2nd edition, 2006, URL: http://web.stanford.edu/group/e145/cgi-bin/winter/drupal/upload/handouts/Four_Steps.pdf, quoted as: Blank, Four Steps to Epiphany, p. Google Scholar öffnen
Blind, Knut: The Impact of Standardization and Standards on Innovation, in: Manchester Institute of Innovation Research (ed.), Compendium of Evidence on the Effectiveness of Innovation Policy Intervention, 2013, URL: http://www.innovation-policy.org.uk/compendium/section/Default.aspx?topicid=30, quoted as: Blind, The Impact of Standardization and Standards on Innovation, p. Google Scholar öffnen
Blume, Peter: An alternative model for data protection law: changing the roles of controller and processor, in: International Data Privacy Law 5 (4) (2015), pp. 292–297, quoted as: Blume, An alternative model for data protection law: changing the roles of controller and processor, p. Google Scholar öffnen
Boos, Carina / Kroschwald, Steffen /Wicker, Magda: Datenschutz bei Cloud Computing zwischen TKG, TMG und BDSG – Datenkategorien bei der Nutzung von Cloud-Diensten, in: Zeitschrift für Datenschutz 3 (5) (2013), 205–209, quoted as: Boos et al., Data protection and cloud computing pursuant to the Telecommunication Law, Telemedia Law, and Federal Data Protection Law, p. Google Scholar öffnen
Boyd, Danah / Crawford, Kate: Critical Questions for Big Data, in: Information, Communication and Society 15 (5) (2012), pp. 662–679, quoted as: Boyd and Crawford, Critical Questions For Big Data, p. Google Scholar öffnen
Braithwaite, John / Coglianese, Cary / Levi-Faur, David: Can regulation and governance make a difference?, in: Regulation and Governance 1 (1) (2007), pp. 1–7, quoted as: Braithwaite et al., Can regulation and governance make a difference?, p. Google Scholar öffnen
Britz, Gabriele: Informationelle Selbstbestimmung zwischen rechtswissenschaftlicher Grundsatzkritik und Beharren des Bundesverfassungsgerichts, in: Edmund Brandt / Martin Eifert / Bernd Holznagel i.a. (eds.), Offene Rechtswissenschaft, Tübingen: Mohr Siebeck, 2010, quoted as: Britz, Informational Self-Determination between Legal Doctrine and Constitutional Case Law, p. Google Scholar öffnen doi.org/10.5771/9783845226439-63
Id.: Europäisierung des grundrechtlichen Datenschutzes?, in: Europäische Grundrechte-Zeitschrift 36 (1-4) (2009), pp. 1–11, quoted as: Britz, Europeanisation of Data Protection Provided for by Fundamental Rights?, p. Google Scholar öffnen
Id.: Das Grundrecht auf Datenschutz in Art. 8 der Grundrechtecharta, in: Der Hessische Datenschutzbeauftragte (ed.), Dokumentation der Fachtagung „Datenschutz in Deutschland nach dem Vertrag von Lissabon“ am 9. Dezember 2008, URL: https://www.datenschutz.hessen.de/download.php?download_ID=188, quoted as: Britz, The Fundamental Right to Data Protection in Article 8 ECFR, p. Google Scholar öffnen
Id.: Einzelfallgerechtigkeit versus Generalisierung: Verfassungsrechtliche Grenzen statistischer Diskriminierung, Tübingen: Mohr Siebeck, 2008, quoted as: Britz, Justice in the individual case versus generalization: limits of constitutional law for statistical discrimination, p. Google Scholar öffnen
Brownsword, Roger: Regulating Technologies: Tools, Targets, and Thematics, in: Roger Brownsword / Karen Yeung (eds.), Regulating technologies: legal futures, regulatory frames and technological fixes, Oxford: Hart, 2008, pp. 3-22, quoted as: Brownsword and Yeung, Regulating Technologies: Tools, Targets, and Thematics, p. Google Scholar öffnen
Id.: Consent in Data Protection Law: Privacy, Fair Processing and Confidentiality, in: Serge Gutwirth / Yves Poullet / Paul de Hert / Cecile de Terwangne / Sjaak Nouwt (eds.), Reinventing Data Protection?, New York i.a.: Springer, 2009, pp. 83–110, quoted as: Brownsword, Consent in Data Protection Law: Privacy, Fair Processing and Confidentiality, p. Google Scholar öffnen doi.org/10.1007/978-1-4020-9498-9_4
Buchmann, Erik: Wie kann man Privatheit messen? Privatheitsmaße aus der Wissenschaft, in: Datenschutz und Datensicherheit 39 (8) (2015), pp. 510–514, quoted as: Buchmann, How can privacy be measured?, p. Google Scholar öffnen
Buchner, Benedikt: Informationelle Selbstbestimmung im Privatrecht, Tübingen: Mohr Siebeck, 2006, quoted as: Buchner, Informational self-determination in the private sector, p. Google Scholar öffnen
Burgkardt, Felix: Grundrechtlicher Datenschutz zwischen Grundgesetz und Europarecht, Hamburg: Dr. Kovac, 2013, quoted as: Burgkardt, Data Protection between German Basic Law und Union Law, p. Google Scholar öffnen
Bygrave, Lee A.: Data Privacy Law – An International Perspective, Oxford: Oxford University Press, 2014, quoted as: Bygrave, Data Privacy Law, p. Google Scholar öffnen doi.org/10.1093/acprof:oso/9780199675555.003.0006
Callies, Christian: Schutzpflichten, in: Detlef Merten / Hans-Jürgen Papier (eds.), Handbuch der Grundrechte in Deutschland und Europa – Band II „Grundrechte in Deutschland – Allgemeine Lehren I“, Heidelberg: C. F. Müller, 2006, § 44, quoted as: Callies, Duties of Protection, cip. Google Scholar öffnen
Cate, Fred H. / Cullon, Peter / Mayer-Schönberger, Viktor: Data Protection Principles for the 21st Century – Revising the 1980 OECD Guidelines, Oxford Internet Institute 2014, URL: https://www.oii.ox.ac.uk/archive/downloads/publications/Data_Protection_Principles_for_the_21st_Century.pdf, quoted as: Cate/Cullon/Viktor Mayer-Schönberger, Data Protection Principles for the 21st Century, p. Google Scholar öffnen
Center for Information Policy Leadership: The Role of Risk Management in Data Protection – Paper 2 of the Project on Privacy Risk Framework and Risk-based Approach to Privacy, 2014, URL: https://www.informationpolicycentre.com/files/Uploads/Documents/Centre/The_Role_of_Risk_Management_in_Data_Protection_FINAL_Paper.PDF, quoted as: Center for Information Policy Leadership, The Role of Risk Management in Data Protection – Paper 2 of the Project on Privacy Risk Framework and Risk-based Approach to Privacy, p. Google Scholar öffnen
Christl, Wolfie: Kommerzielle Digitale Überwachung im Alltag, Studie im Auftrag der Bundesarbeitskammer Wien, 2014, URL: http://crackedlabs.org/dl/Studie_Digitale_Ueberwachung.pdf, quoted as: Christl, Commercial Digital Surveillance in Daily Life. Google Scholar öffnen
Costa, Luiz: Privacy and the precautionary principle, in: Computer Law & Security Review 28 (2012), pp. 14–24, quoted as: Costa, Privacy and the precautionary principle, p. Google Scholar öffnen
Custer, Bart / Ursic, Helena: Big data and data reuse: a taxonomy of data reuse for balancing big data benefits and personal data protection, in: International Data Privacy Law 6 (1) (2016), pp. 1–12, quoted as: Custer and Ursic, Big data and data reuse: a taxonomy of data reuse for balancing big data benefits and personal data protection, p. Google Scholar öffnen
Dammann, Ulrich / Simitis, Spiros: EG-Datenschutzrichtlinie, Baden-Baden: Nomos, 1997, quoted as: Dammann/Spirits, EU Data Protection Directive, ‚Chapter’, cip. Google Scholar öffnen
Danwitz, Thomas von: Die Grundrechte auf Achtung der Privatsphäre und auf Schutz personenbezogener Daten – Die jüngere Rechtsprechung des Gerichtshofes der Europäischen Union, in: Datenschutz und Datensicherheit 39 (9) 2015, pp. 581–585, quoted as: v. Danwitz, The Fundamental Rights to Private Life and to data Protection, p. Google Scholar öffnen
De Hert, Paul / Gutwirth, Serge: Data Protection in the Case Law of Strasbourg and Luxemburg: Constitutionalisation in Action, in: Serge Gutwirth / Yves Poullet / Paul de Hert / Cecile de Terwangne / Sjaak Nouwt (eds.), Reinventing Data Protection?, New York i.a.: Springer, 2009, pp. 3–44, quoted as: De Hert and Gutwirth, Data Protection in the Case Law of Strasbourg and Luxemburg: Constitutionalisation in Action, p. Google Scholar öffnen doi.org/10.1007/978-1-4020-9498-9_1
Id.: Privacy, data protection and law enforcement. Opacity of the individual and transparency of power, in: Erik Claes / Antony Duff / Serge Gutwirth (eds.), Privacy and the criminal law, Antwerp/Oxford: Intersentia, 2006, pp. 61–104, quoted as: De Hert and Gutwirth, Privacy, data protection and law enforcement. Opacity of the individual and transparency of power, p. Google Scholar öffnen
Dietlein, Johannes: Die Lehre von den grundrechtlichen Schutzpflichten, Berlin: Duncker & Humblot, 2005, quoted as: Dietlein, The Doctrine of Duties of Protection of Basic Rights, p. Google Scholar öffnen
Dijk, Niels van / Gellert, Raphaël / Rommetveit, Kjetil: A risk to a right? Beyond data protection risk assessments, in: Computer Law & Security Review 32 (2) (2016), pp. 286–306, quoted as: van Dijk, Gellert and Rommetveit, A risk to a right? Beyond data protection risk assessments, p. Google Scholar öffnen
Dopfer, Martina / von Grafenstein, Maximilian / Richter, Nancy / Schildhauer, Thomas / Tech, Robin / Trifonov, Stefan / Wrobel, Martin: Working Paper „Fördernde Und Hindernde Faktoren Für Internet-Enabled Startups. (Supporting and Hindering Factors for Internet-Enabled Startups.), 2015, URL: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2759911, Google Scholar öffnen doi.org/10.2139/ssrn.2759911
quoted as: Dopfer et al., Supporting and hindering factors for internet-enabled startups, p. Google Scholar öffnen
Drucker, Peter F.: The Discipline of Innovation, in: Harvard Business Review, Reprint 98604 (1998), first published in 1985, URL: https://hbr.org/2002/08/the-discipline-of-innovation, quoted as: Drucker, The Discipline of Innovation, p. Google Scholar öffnen
Duhigg, Charles: Die Macht der Gewohnheit – Warum wir tun was wir tun (English original title: The Power of Habit), Berlin: Berlin Verlag, 2012, quoted as: Duhigg, The Power of Habit, p. Google Scholar öffnen
Eckhoff, Rolf: Der Grundrechtseingriff, Köln i.a.: Carl Heymanns, 1992, quoted as: Eckhoff, The Infringement of Fundamental Rights, p. Google Scholar öffnen
EDRi / access / Privacy International / Fundacja Panoptykon: Data Protection Broken Badly, 2015, URL: https://edri.org/files/DP_BrokenBadly.pdf, quoted as: EDRi / access / Privacy International / Fundacja Panoptykon: Data Protection Broken Badly. Google Scholar öffnen
El Emam, Khaled / Álvarez, Cecilia: A critical appraisal of the Article 29 Working Party Opinion 05/2014 on data anonymization techniques, in: International Data Privacy Law 5 (1) (2015), pp. 73–87, quoted as: El Emam and Álvarez, A critical appraisal of the Article 29 Working Party Opinion 05/2014 on data anonymization techniques, p. Google Scholar öffnen
Ehmann, Eugen / Helfrich, Markus: EG Datenschutzrichtlinie, Köln: Otto Schmidt, 1999, quoted as: Ehmann/Helfrich, EU Data Protection Directive, „Chapter“, cip. Google Scholar öffnen
Eichenhofer, Johannes: Privatheit im Internet als Vertrauensschutz, in: Der Staat 55 (1) (2016), pp. 41–67, quoted as: Eichenhofer, Privacy in the Internet as Protection of Trust, p. Google Scholar öffnen
Eifert, Martin: Zweckvereinbarkeit statt Zweckbindung als Baustein eines modernisierten Datenschutzrechts, in: Walter Gropp / Martin Lipp / Heinhard Steiger (eds.), Rechtswissenschaft im Wandel – Festschrift des Fachbereichs Rechtswissenschaft zum 400jährigen Gründungsjubiläum der Justus-Liebig-Universität Gießen, Tübingen: Mohr Siebeck, 2007, pp. 139–152, quoted as: Eifert, Purpose Compatibility instead of Purpose Limitation, p. Google Scholar öffnen
Id.: Regulierungsstrategien, in: Wolfgang Hoffmann-Riem / Eberhard Schmidt-Aßmann / Andreas Voßkuhle (eds.), Grundlagen des Verwaltungsrechts – Band I „Methoden – Maßstäbe – Aufgaben – Organisation“, 2nd edition, München: C.H. Beck, 2012, § 19, quoted as: Eifert, Regulation Strategies, p. Google Scholar öffnen
Id.: Innovationsfördernde Regulierung, in: Martin Eifert / Wolfgang Hoffmann-Riem (eds.), Innovation und Recht II – Innovationsfördernde Regulierung, Berlin: Duncker & Humblot, 2009, pp. 11–19, quoted as: Eifert, Innovation-enhancing Regulation, p. Google Scholar öffnen
Eisenhardt, Kathleen M. / Graebner, Melissa E.: Theory Building From Cases: Opportunities and Challenges, in: Academy of Management Journal 50 (1) (2007), pp. 25–32, quoted as: Eisenhardt and Graebner, Theory Building From Cases: Opportunities and Challenges, p. Google Scholar öffnen
Eßer, Martin: § 31, in: Martin Eßer / Philip Kramer / Kai von Lewinski (eds.), Auernhammer – Bundesdatenschutzgesetz, 4th edition, Köln: Carl Heymanns, 2014, quoted as: Eßer, Federal Data Protection Law and further Provisions, cip. Google Scholar öffnen
European Union Agency for Fundamental Rights / European Court of Human Rights / Council of Europe: Handbook on European data protection law, Luxembourg: Publications Office of the European Union, 2014, quoted as: Handbook on European data protection law, p. Google Scholar öffnen
Eurobarometer: Entrepreneurship in the EU and beyond, Flash EB Series #283, 2010, URL: http://ec.europa.eu/public_opinion/flash/fl_283_en.pdf, quoted as: Eurobarometer: Entrepreneurship in the EU and beyond. Google Scholar öffnen
Expert Group on Fundamental Rights: Affirming Fundamental Rights in the European Union, Time to Act, Luxembourg: Office for Official Publications of the European Communities, 1999, URL: http://bookshop.europa.eu/en/affirming-fundamental-rights-in-the-european-union-pbCE2199181/downloads/CE-21-99-181-EN-C/CE2199181ENC_001.pdf;pgid=y8dIS7GUWMdSR0EAlMEUUsWb00008BR_Mmdd;sid=q4ng-7rouAbg__TN3ld-XNjN5ur-ib07rVo=?FileName=CE2199181ENC_001.pdf&SKU=CE2199181ENC_PDF&CatalogueNumber=CE-21-99-181-EN-C, quoted as: Expert Group on Fundamental Rights, p. Google Scholar öffnen
Fagerberg, Jan: Innovation: A Guide to the Literature, in: Jan Fagerberg / David C. Mowery (eds.), The Oxford Handbook of Innovation, Oxford: Oxford University Press, 2004, pp. 1–26, quoted as: Fagerberg, Innovation: A Guide to the Literature, p. Google Scholar öffnen
Federal Communications Commission: Internet Protocol Version 6: IPv6 for Consumers, 25 October 2016, URL: https://www.fcc.gov/consumers/guides/internet-protocol-version-6-ipv6-consumers, quoted as: Federal Communications Commission: Internet Protocol Version 6: IPv6 for Consumers. Google Scholar öffnen
Folz, Hans-Peter, Artikels 3, 15, 16, and 21 EU-GR Charta, in: Christoph Vedder / Heintschel von Heinegg, Wolff (eds.), Europäisches Unionsrecht – EUV / AEUV / Grundrechte-Charta, Baden-Baden: Nomos Verlag, 2012, quoted as: Folz, Articles 3, 15, 16, and 21 ECFR – Freedom to Conduct a Business, cip. Google Scholar öffnen
Forgó, Nikolaus / Krügel, Tina / Rapp, Stefan: Zwecksetzung und informationelle Gewaltenteilung, Baden-Baden: Nomos Verlag, 2006, quoted as: Forgó et al., Purpose Specification and Informational Separation of Powers, p. Google Scholar öffnen
Forgó, Nikolaus / Krügel, Tina: Die Subjektivierung der Zweckbindung: Datenschutz – Bremsblock oder Motor des E-Government, in: Datenschutz und Datensicherheit 29 (12) (2005), pp. 732–735, quoted as: Forgó and Krügel, Subjective purpose limitation: Data protection – Brake or motor of E-Government?, p. Google Scholar öffnen
Forum Privatheit: White Paper, Datenschutz-Folgenabschätzung: Ein Werkzeug für einen besseren Datenschutz, 2016, URL: https://www.forum-privatheit.de/forum-privatheit-de/texte/veroeffentlichungen-des-forums/themenpapiere-white-paper/Forum_Privatheit_White_Paper_Datenschutz-Folgenabschaetzung_2016.pdf, quoted as: Forum Privatheit, White Paper – Data Protection Impact Assessment, p. Google Scholar öffnen
Franzius, Claudio: Modalitäten und Wirkungsfaktoren der Steuerung durch Recht, in: Wolfgang Hoffmann-Riem / Eberhard Schmidt-Aßmann / Andreas Voßkuhle (eds.), Grundlagen des Verwaltungsrechts – Band I „Methoden – Maßstäbe – Aufgaben – Organisation“, 2nd edition, München: C.H. Beck, 2012, § 4, quoted as: Franzius, Modes and Impact Factors for the Control through Law, cip. Google Scholar öffnen
Fueglistaller, Urs / Müller, Christoph / Müller, Susan / Volery, Thierry / assisted by Röschke, Arik: Basics, in: Fueglistaller, Urs / Müller, Christoph / Müller, Susan / Volery, Thierry (eds.), Entrepreneurship – Modelle, Umsetzung, Perspektiven, 4th edition, Wiesbaden: Springer Gabler , 2016, Grundlagen, quoted as: Fueglistaller et al., Entrepreneurship – Basics, p. Google Scholar öffnen doi.org/10.1007/978-3-8349-4770-3_6
Fueglistaller, Urs / Müller, Christoph / Müller, Susan / Volery, Thierry / assisted by Fust, Alexander: Basics, in: Fueglistaller, Urs / Müller, Christoph / Müller, Susan / Volery, Thierry (eds.), Entrepreneurship – Modelle, Umsetzung, Perspektiven, 4th edition, Wiesbaden: Springer Gabler , 2016, Innovation und Entrepreneurship, quoted as: Fueglistaller et al., Entrepreneurship – Innovation and Entrepreneurship, p. Google Scholar öffnen doi.org/10.1007/978-3-8349-4770-3_6
Müller, Christoph / Fueglistaller, Urs / Müller, Susan / Volery, Thierry, in: Fueglistaller, Urs / Müller, Christoph / Müller, Susan / Volery, Thierry (eds.), Strategie und Geschäftsmodell, in: Entrepreneurship – Modelle, Umsetzung, Perspektiven, 4th edition, Wiesbaden: Springer Gabler , 2016, Grundlagen, quoted as: Müller et al., Entrepreneurship – Strategy and business model, p. Google Scholar öffnen doi.org/10.1007/978-3-8349-4770-3_5
Gartner, William B.: What are we talking about when we talk about entrepreneurship?, in: Journal of Business Venturing 5 (1) (1990), pp. 15–28, quoted as: Gartner, What are we talking about when we talk about entrepreneurship?, p. Google Scholar öffnen
Id.: A Conceptual Framework for Describing the Phenomenon of New Venture Creation, in: The Academy of Management Review 10 (4) (1985), pp. 696–706, quoted as: Gartner, A Conceptual Framework for Describing the Phenomenon of New Venture Creation, p. Google Scholar öffnen doi.org/10.2307/258039
Gasser, Urs: Cloud Innovation and the Law: Issues, Approaches, and Interplay, Berkman Center Research Publication No. 2014-7, URL: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2410271, quoted as: Gasser, Cloud Innovation and the Law: Issues, Approaches, and Interplay, p. Google Scholar öffnen doi.org/10.2139/ssrn.2410271
Gellert, Raphaël: Data protection: a risk regulation? Between the risk regulation of everything and the precautionary alternative, in: International Data Privacy Law 5 (1) (2015), pp. 3–19, quoted as: Gellert, Data protection: a risk regulation? Between the risk regulation of everything and the precautionary alternative, p. Google Scholar öffnen
Gola, Peter / Schomerus, Rudolf: Bundesdatenschutzgesetz, Kommentar, 12th edition, München: C.H.Beck, 2015, quoted as: Gola/Schomerus, Federal Data Protection Law, § 28 BDSG cip. Google Scholar öffnen
González-Fuster, Gloria: The Emergence of Data Protection as a Fundamental Right of the EU, Cham i.a.: Springer, 2014, quoted as: González-Fuster, The Emergence of Data Protection as a Fundamental Right of the EU, p. Google Scholar öffnen
Globig, Klaus: Der Auskunftsanspruch des Betroffenen als Grundrecht, in: Hans-Wolfgang Arndt (ed.) Völkerrecht und deutsches Recht – Festschrift für Walter Rudolf zum 70. Geburtstag, München: C.H. Beck, 2001, pp. 441–465, quoted as: Globig, Basic Right to Information, p. Google Scholar öffnen
Grafenstein, Maximilian von / Schulz, Wolfgang: The right to be forgotten in data protection law: a search for the concept of protection, in: International Journal for Public Law and Policy 5 (3) (2015), pp. 249–269, quoted as: v. Grafenstein and Schulz, The right to be forgotten in data protection law: a search for the concept of protection, p. Google Scholar öffnen
Id.: Das Zweckbindungsprinzip zwischen Innovationsoffenheit und Rechtssicherheit – Zur mangelnden Differenzierung der Rechtsgüterbetroffenheit in der Datenschutzgrund-VO, in: Datenschutz und Datensicherheit 39 (12) (2015), pp. 789–795, quoted as: v. Grafenstein, The Principle of Purpose Limitation between Openness toward Innovation and the Rule of Law, p. Google Scholar öffnen
Greve, Dr. Holger : § 40, in: Martin Eßer / Philip Kramer / Kai von Lewinski (eds.), Auernhammer – Bundesdatenschutzgesetz, 4th edition, Köln: Carl Heymanns, 2014, quoted as: Greve (Auernhammer), cip. Google Scholar öffnen
Grimm, Dieter: Der Datenschutz vor einer Neuorientierung, in: JuristenZeitung 68 (12) (2013), pp. 585–592, quoted as: Grimm, Data protection before its refinement, p. Google Scholar öffnen
Gusy, Christoph: Informationelle Selbstbestimmung und Datenschutz: Fortführung oder Neuanfang?, in: Kritische Vierteljahresschrift für Gesetzgebung und Rechtswissenschaft 83 (1) (2000), pp. 52–64, quoted as: Gusy, Informational Self-Determination and Data Protection: Continuing or New Beginning?, p. Google Scholar öffnen
Härting, Niko: Zweckbindung und Zweckänderung im Datenschutzrecht, in: Neue Juristische Wochenschrift 68 (45) (2015), pp. 3284–3288, quoted as: Härting, Purpose limitation and change of purpose in data protection law, p. Google Scholar öffnen
Id.: Datenschutz-Grundverordnung: Das neue Datenschutzrecht in der betrieblichen Praxis, Köln: Otto Schmidt, 2016, quoted as: Härting, General Data Protection Regulation: The new data protection law in business practice, cip. Google Scholar öffnen doi.org/10.9785/9783504385330-prf
Id.: Profiling: Vorschläge für eine intelligente Regulierung – Was aus der Zweistufigkeit des Profiling für die Regelung des nicht öffentlichen Datenschutzbereichs folgt, in: Computer und Recht 30 (8) (2014), pp. 528–536, quoted as: Härting, Profiling: a proposal for an intelligent regulation, p. Google Scholar öffnen doi.org/10.9785/cr-2014-0808
Härting, Niko / Schneider, Jochen: Data Protection in Europe: An Alternative Draft for a General Data Protection Regulation – Alternatives to the European Commission’s Proposal of 25 January 2012, Computer Law Review International 14 (2013) Supplement 1, pp. 1-38, quoted as: Härting and Schneider, Data Protection in Europe: An Alternative Draft for a General Data Protection Regulation, p. Google Scholar öffnen
Hallinan, Dara / Friedewald, Michael: Public Perception of the Data Environment and Information Transactions – A selected-survey analysis of the European public’s views on the data environment and data transactions, in: Communications & Strategies 88 (4) (2012), pp. 61–78, quoted as: Hallinan and Friedewald, Public Perception of the Data Environment and Information Transactions – A selected-survey analysis of the European public’s views on the data environment and data transactions, p. Google Scholar öffnen
Vested-Hansen, Jens: Article 7 – Respect for Private and Family Life, in: Steve Peers / Tamara Hervey / Jeff Kenner / Angela Ward (eds.), The EU Charter of Fundamental Rights, A Commentary, Oxford i.a.: Hart 2014, pp. 196-225, quoted as: Vested-Hansen, EU Charter of Fundamental Rights, cip. Google Scholar öffnen doi.org/10.5771/9783845259055_196
Hartog, Chantal / van Stel, André / Storey, David J.: Institutions and Entrepreneurship: The Role of the Rule of Law, 2010, URL: http://ondernemerschap.panteia.nl/main/publication/bestelnummer/h201003, quoted as: Hartog et al., Institutions and Entrepreneurship: The Role of the Rule of Law, p. Google Scholar öffnen
Herberger, Marie: “Ausnahmen sind eng auszulegen” – Die Ansichten beim Gerichtshof der Europäischen Union, Berlin: Duncker & Humblot, 2017, quoted as: Herberger, “Exceptions have to be interpretetd narrowly” – The considerations by the European Court of Justice, p. Google Scholar öffnen doi.org/10.3790/978-3-428-55120-0
Heun, Sven-Erik: §§ 88, 95, 96 TKG, in: Martin Eßer / Philip Kramer / Kai von Lewinski (eds.), Auernhammer – Bundesdatenschutzgesetz, 4th edition, Köln: Carl Heymanns, 2014, quoted as: Heun, Federal Data Protection Law and further Provisions, ‚Chapter’, cip. Google Scholar öffnen
Hoffmann-Riem, Wolfgang: Informationelle Selbstbestimmung in der Informationsgesellschaft – Auf dem Wege zu einem neuen Konzept des Datenschutzrechts, in: Archiv des öffentlichen Rechts 123 (4) (1998), pp. 513–540, quoted as: Hofmann-Riem, New Concept of Data Protection, p. Google Scholar öffnen
Id.: Rechtswissenschaftliche Innovationsforschung als Reaktion auf gesellschaftlichen Innovationsbedarf, in: Martin Eifert / Wolfgang Hoffmann-Riem (eds.), Innovation und rechtliche Regulierung, Baden-Baden: Nomos, 2002, pp. 26–47, quoted as: Hoffmann-Riem, Jurisprudential Research on Innovation as Reaction to a Societal Need for Innovation, p. Google Scholar öffnen
Id.: Innovationsoffenheit und Innovationsverantwortung durch Recht – Aufgaben rechtswissenschaftlicher Innovationsforschung, in: Archiv des öffentlichen Rechts 131 (2) (2006), pp. 255–277, quoted as: Hoffmann-Riem, Openness toward Innovation and Responsibility for Innovation by means of Law, p. Google Scholar öffnen doi.org/10.1628/000389106780282097
Id.: Der grundrechtliche Schutz der Vertraulichkeit und Integrität eigengenutzter informationstechnischer Systeme, JuristenZeitung 63 (21) (2008), pp. 1009–1022, quoted as: Hoffmann-Riem, Protection of the Confidentiality and Integrity of Information Technological Systems, p. Google Scholar öffnen doi.org/10.1628/002268808786375406
Hoffmann-Riem, Wolfgang / Fritzsche, Saskia: Innovationsverantwortung – Zur Einleitung, in: Martin Eifert / Wolfgang Hoffmann-Riem (eds.), Innovation und Recht III – Innovationsverantwortung, Berlin: Duncker & Humblot, 2009, pp. 11–41, quoted as: Hoffmann-Riem, Innovation Responsibility, p. Google Scholar öffnen doi.org/10.3790/978-3-428-53151-6
Hofmann, Bernhard: Zweckbindung als Kernpunkt eines prozeduralen Datenschutzansatzes, Baden-Baden: Nomos, 1991, quoted as: Hofmann, Purpose Limitation as Anchor Point for a Procedural Approach in Data Protection, p. Google Scholar öffnen
Hofmann, Jeanette / Katzenbach, Christian / Gollatz, Kirsten: Between coordination and regulation: Finding the governance in Internet governance, in: New Media & Society 2016, pp. 1–18, quoted as: Hofmann, Katzenbach and Gollatz, Between coordination and regulation: Finding the governance in Internet governance, p. Google Scholar öffnen doi.org/10.1177/1461444816639975
Hon, W Kuan / Millard, Christopher / Walden, Ian: Who is responsible for ‘personal data’ in cloud computing? The cloud of unknowing, Part 2, in: International Data Privacy Law 2 (1) (2012), pp. 3–18, quoted as: Hon, Millard, and Walden, Who is responsible for ‘personal data’ in cloud computing?, p. Google Scholar öffnen
Hood, Christopher / Rothstein, Henry / Baldwin, Robert: The Government of Risk – Understanding Risk Regulation Regimes, Oxford: Oxford University Press, 2001, quoted as: Hood, Rothstein, and Baldwin, The Government of Risk – Understanding Risk Regulation Regimes, p. Google Scholar öffnen doi.org/10.1093/0199243638.003.0002
Hoofnagle, Chris Jay, The Potemkinism of Privacy Pragmatism: Civil liberties are too important to be left to the technologists, 2014, URL: http://www.slate.com/articles/technology/future_tense/2014/09/data_use_regulation_the_libertarian_push_behind_a_new_take_on_privacy.html, quoted as: Hoofnagle, The Potemkinism of Privacy Pragmatism: Civil liberties are too important to be left to the technologists. Google Scholar öffnen
Hornung, Gerrit / Hartl, Korbinian: Datenschutz durch Marktanreize – auch in Europa? Stand der Diskussion zu Datenschutzzertifizierung und Datenschutzaudit, in: Zeitschrift für Datenschutz 4 (5) (2014), pp. 219–225, quoted as: Hornung and Hartl, Data Protection through Market Incentives – in Europe, too?, ZD May 2014, p. Google Scholar öffnen
Jaeckel, Liv: Gefahrenabwehrrecht und Risikodogmatik – Moderne Technologien im Spiegel des Verwaltungsrechts, Tübingen: Mohr Siebeck, 2010, quoted as: Jaeckel, Prevention of Danger through Law and Legal Conceptualization of Risk, p. Google Scholar öffnen
Id.: Risiko-Signaturen im Recht – Zur Unterscheidbarkeit von Gefahr und Risiko, JuristenZeitung 66 (3) (2011), pp. 116–124, quoted as: Jaeckel, Differentiating between Danger and Risk, p. Google Scholar öffnen
Id.: Schutzpflichten im deutschen und europäischen Recht – Eine Untersuchung der deutschen Grundrechte, der Menschenrechte und Grundfreiheiten der EMRK sowie der Grundrechte und Grundfreiheiten der Europäischen Gemeinschaft, Baden-Baden: Nomos, 2001, quoted as: Jaeckel, Duties of Protection in German and European Law, p. Google Scholar öffnen
Jandt, Silke / Roßnagel, Alexander: Datenschutz in Social Networks – Kollektive Verantwortlichkeit für die Datenverarbeitung, Zeitschrift für Datenschutz 1 (4) (2011), pp. 160–166, quoted as: Jandt and Roßnagel, Data protection in social networks – Collective responsibility for data processing, p. Google Scholar öffnen
Jarass, Hans D.: Vor Art. 1, Art. 1 GG, in: Jarass, Hans D. / Pieroth, Bodo (eds.), Grundgesetz für die Bundesrepublik Deutschland – Kommentar, München: C.H. Beck, 2012, quoted as: Jarass in: Jarass/Pieroth, GG, Art. Google Scholar öffnen
Jarchow, Thomas / Estermann, Beat: Big Data: Chancen, Risiken und Handlungsbedarf des Bundes – Ergebnisse einer Studie im Auftrag des Bundesamts für Kommunikation, 26 Oktober 2015, URL: https://www.uvek.admin.ch/dam/uvek/de/dokumente/anlaesse/2015-ab-juli/BFH%20Big%20Data%20Studie.pdf.download.pdf/BFH_Big-Data-Studie.pdf, quoted as: Jarchow and Estermann, Big Data: Chances, Risks and Need for Action of the Swiss Confederation, p. Google Scholar öffnen
Kamp, Meike / Rost, Martin: Kritik an der Einwilligung – Ein Zwischenruf zu einer fiktiven Rechtsgrundlage in asymmetrischen Machtverhältnissen, in: Datenschutz und Datensicherheit 37 (2) (2013), pp. 80–84, quoted as: Kamp and Rost, Criticism of the individual’s consent – An interjection on a ficticious legal basis in asyymetric power relations, p. Google Scholar öffnen
Karg, Moritz: Die Rechtsfigur des personenbezogenen Datums – Ein Anachronismus des Datenschutzes?, in: Zeitschrift für Datenschutz 2 (6) (2012), pp. 255–260, quoted as: Karg, The personal datum as a legal link for regulation – An anachronism of data protection?, p. Google Scholar öffnen
Id.: Die Renaissance des Verbotsprinzips im Datenschutz, in: Datenschutz und Datensicherheit 37 (2) (2013), pp. 75–79, quoted as: Karg, The renaissance of the prohibition principle in data protection, p. Google Scholar öffnen doi.org/10.1007/s11623-013-0021-5
Kift, Paula: Bridging the transatlantic divide in privacy, in: Internet Policy Review 2 (3) (2013), pp. 1–7, quoted as: Kift, Bridging the transatlantic divide, at fn. Google Scholar öffnen
Kirby, Michael: The history, achievement and future of the 1980 OECD guidelines on privacy, in: International Data Privacy Law 1 (1) (2011), pp. 6–14, quoted as: Kirby, The history, achievement and future of the 1980 OECD guidelines on privacy, p. Google Scholar öffnen
Kloepfer, Michael: Recht ermöglicht Technik – Zu einer wenig beachteten Funktion des Umwelt- und Technikrechts, in: Natur und Recht 1997, pp. 417–418, quoted as: Kloepfer, Law enables Technology – About an understimated function of environmental and technology law, p. Google Scholar öffnen
Kokott, Juliane / Sobotta, Christoph: The distinction between privacy and data protection in the jurisprudence of the CJEU and the ECtHR, in: International Data Privacy Law 3 (4) (2013), pp. 222–228, quoted as: Kokott and Sobotta, The distinction between privacy and data protection in the jurisprudence of the CJEU and the ECtHR, p. Google Scholar öffnen
Kollmann, Tobias / Stöckmann, Christoph / Linstaedt, Jana / Kensbock, Julia: European Startup Monitor 2015, URL: http://europeanstartupmonitor.com/fileadmin/presse/download/esm_2015.pdf, quoted as: Kollmann et al., European Startup Monitor 2015, p. Google Scholar öffnen
Kosta, Eleni: Construing the Meaning of „Opt-Out“ – An Analysis of the European, U.K. and German Data Protection Legislation, in: European Data Protection Law Review 1 (1) (2015), pp. 16–31, quoted as: Kosta, Construing the Meaning of „Opt-Out“ – An Analysis of the European, U.K. and German Data Protection Legislation, p. Google Scholar öffnen
Kramer, Philip: §§ 4a, 28 BDSG, in: Martin Eßer / Philip Kramer / Kai von Lewinski (eds.), Auernhammer – Bundesdatenschutzgesetz, 4th edition, Köln: Carl Heymanns, 2014, quoted as: Kramer, Federal Data Protection Law and further Provisions, ‚Chapter’, cip. Google Scholar öffnen
Kranenborg, Herke: Article 8 – Protection of Personal Data, in: Steve Peers / Tamara Hervey / Jeff Kenner / Angela Ward (eds.), The EU Charter of Fundamental Rights, A Commentary, Oxford i.a.: Hart 2014, quoted as: Kranenborg, Article 8 – Protection of Personal Data, cip. Google Scholar öffnen doi.org/10.5771/9783845259055_266
Kühling, Jürgen: Datenschutz in einer künftigen Welt allgegenwärtiger Datenverarbeitung – Aufgabe des Rechts?, in: Die Verwaltung 40 (2) (2007), pp. 153–172, quoted as: Kühling, Data protection in a future world of ubiquitous data processing, p. Google Scholar öffnen
Kuner, Christopher / Cate, Fred H. / Millard, Christopher / Svantesson, Dan Jerker B. / Lynskey, Orla: Editorial – Risk management in data protection, in: International Data Privacy Law 5 (2) (2015), pp. 95–98, quoted as: Kuner et al., Risk management in data protection, p. Google Scholar öffnen
Id.: Editorial – The data protection credibility crisis, in: International Data Privacy Law 5 (3) (2015), pp. 161–162, quoted as: Kuner et al., The Data Protection Credibility Crisis, IDPL 2015 Vol. 5 no. 3, p. Google Scholar öffnen doi.org/10.1093/idpl/ipv012
Kutscha, Martin: Datenschutz durch Zweckbindung – Ein Auslaufmodell?, in: Zeitschrift für Rechtspolitik 32 (4) (1999), pp. 156–160, quoted as: Kutscha, ZRP, vol. 4, 1999, pp. 156–160, Data Protection through Purpose Limitation – An Obsolescent Model?, p. Google Scholar öffnen
Ladeur, Karl-Heinz: Das Umweltrecht der Wissensgesellschaft: Von der Gefahrenabwehr zum Risikomanagement, Berlin: Duncker & Humblot, 2005, pp. 209–233, quoted as: Ladeur, The Environmental Law of the Knowledge Society: From the protection against dangers to the management of risks, p. Google Scholar öffnen
Lenaerts, Koen / Gutiérrez-Fons, José Antonio: The Charter in the EU Constitutional Edifice, in: Steve Peers / Tamara Hervey / Jeff Kenner / Angela Ward (eds.), The EU Charter of Fundamental Rights, A Commentary, Oxford i.a.: Hart 2014, pp. 1600–1637, quoted as: Lenaerts and Gutiérrez-Fons, The Charter in the EU Constitutional Edifice, p. Google Scholar öffnen doi.org/10.5771/9783845259055_1600
Levie, Jonathan / Autio, Erkko: Regulatory Burden, Rule of Law, and Entry of Strategic Entrepreneurs: An International Panel Study, in: Journal of Management Studies 48 (6) (2011), pp. 1392–1419, quoted as: Levie and Autio, Regulatory Burden, Rule of Law, and Entry of Strategic Entrepreneurs: An International Panel Study, p. Google Scholar öffnen
Lewinski, Kai von: § 1 BDSG, Vorb. § 88 TKG, in: Martin Eßer / Philip Kramer / Kai von Lewinski (eds.), Auernhammer – Bundesdatenschutzgesetz, 4th edition, Köln: Carl Heymanns, 2014, quoted as: v. Lewinski, Federal Data Protection Law and further Provisions, ‚Chapter’, cip. Google Scholar öffnen
Id.: Die Matrix des Datenschutzes, Tübingen: Mohr Siebeck, 2014, quoted as: v. Lewinski, The Matrix of Data Protection, p. Google Scholar öffnen
Lindner, Josef Franz: Datenschutzrecht in Bund und Ländern, Kommentar, München: C.H. Beck, 2013, quoted as: Lindner, Data protection in the Federal State and the Länder, cip. Google Scholar öffnen
Lipshaw, Jeffrey M.: Why the Law of Entrepreneurship Barely Matters, in: Western New England Law Review 31 (3/7) 2009, pp. 701-715, quoted as: Lipshaw, Why the Law of Entrepreneurship Barely Matters. Google Scholar öffnen
Luhmann, Niklas: Zweckbegriff und Systemrationalität, Tübingen: Mohr Siebeck, 1968, quoted as: Luhmann, The Concept of Purpose and System Rationality, p. Google Scholar öffnen
Lynskey, Orla: The Foundations of EU Data Protection Law, Oxford: Oxford University Press, 2015, quoted as: Lynskey, The Foundations of EU Data Protection Law, p. Google Scholar öffnen
Mantelero, Alessandro / Vaciago, Giuseppe: The „Dark Side“ of Big Data: Private and Public Interaction in Social Surveillance – How data collections by private entities affect governmental social control and how the EU reform an data protection responds, in: Computer Law Review International 14 (6) (2013), pp. 161–169, quoted as: Mantelero and Vaciago, The „Dark Side“ of Big Data: Private and Public Interaction in Social Surveillance, p. Google Scholar öffnen
Margraf, Marian / Pfeiffer, Stefan: Benutzerzentrierte Entwicklung für das Internet der Dinge, in: Datenschutz und Datensicherheit 39 (4) (2015), pp. 246–249, quoted as: Margraf and Pfeiffer, User-centric development for the Internet of Things, p. Google Scholar öffnen
Matscher, Franz: Methods of Interpretation of the Convention, in: Ronald St. J. Macdonald / Franz Matscher / Herbert Petzold (eds.), The European System for the protection of human rights, Dordrecht i.a.: Kluwer Academic, 1993, pp. 63–81, quoted as: Matscher, Methods of Interpretation of the Convention, p. Google Scholar öffnen
Masing, Johannes: Herausforderungen des Datenschutzes, Neue Juristische Wochenschrift 65 (32) (2012), pp. 2305–2311, quoted as: Masing, Challenges of data protection, p. Google Scholar öffnen
Mayer-Schönberger, Viktor: The Law as Stimulus: The Role of Law in Fostering Innovative Entrepreneurship, in: Journal of Law and Policy for the Information Society 6 (2) (2010) pp. 153–188, quoted as: Mayer-Schönberger, The Law a s Stimulus: The Role of Law in Fostering Innovative Entrepreneurship, p. Google Scholar öffnen
Mayer-Schönberger, Viktor / Cukier, Kenneth: Big Data: A Revolution That Will Transform How We Live, Work, and Think, New York: Houghton Mifflin Harcourt, 2013, quoted as: Mayer-Schönberger and Cukier, Big Data: A Revolution That Will Transform How We Live, Work, and Think, p. Google Scholar öffnen
Maxwell, Winston J.: Principles-based regulation of personal data: the case of ‚fair processing’, in: International Data Privacy Law 5 (3) (2015), pp. 205–216, quoted as: Maxwell, Principles-based regulation of personal data: the case of ‚fair processing’, p. Google Scholar öffnen
Mehde, Veith: Datenschutz, in: Sebastian F. Heselhaus / Carsten Nowak (eds.), Handbuch der Europäischen Grundrechte, München: C.H. Beck, 2006, § 21, quoted as: Mehde, Handbook of European Fundamental Rights, cip. Google Scholar öffnen
Miller, Arthur R.: Personal Privacy in the Computer Age: The Challenge of a New Technology in an Information-Oriented Society, in: Michigan Law Review 67 (6) (1969), pp. 1089–1246, quoted as: Miller, Personal Privacy in the Computer Age: The Challenge of a New Technology in an Information-Oriented Society, p. Google Scholar öffnen
Moroz, Peter W. / Hindle, Kevin: Entreneurship as a Process: Toward Harmonizing Multiple Perspectives, in: Entrepreneurship Theory and Practice 36 (4) (2012), pp. 781–818, quoted as: Moroz and Hindle, Entreneurship as a Process: Toward Harmonizing Multiple Perspectives, p. Google Scholar öffnen
Murray, Andrew D.: Conceptualising the Post-Regulatory (Cyber)state, in: Roger Brownsword / Karen Yeung (eds.), Regulating Technologies – Legal Futures, Regulatory Frames and Technological Fixes, Oxford i.a.: Hart Publishing, 2008, pp. 287–316, quoted as: Murray, Conceptualising the Post-Regulatory (Cyber)state, p. Google Scholar öffnen
Id.: The Regulation of Cyberspace – Control in the Online Environment, Abingdon i.a.: Routledge–Cavendish, 2007, quoted as: Murray, The Regulation of Cyberspace – Control in the Online Environment, p. Google Scholar öffnen
Neumann, Robert: Libertärer Paternalismus – Theorie und Empirie staatlicher Entscheidungsarchitektur, Tübingen: Mohr Siebeck, 2013, quoted as: Neumann, Libertarian Paternalism – Theory and empiricism with respect to decision-making architectures designed by the State, p. Google Scholar öffnen
Neveling, Stefanie / Bumke, Susanne / Dietrich, Jan-Hendrik: Ansätze wirtschaftswissenschaftlicher und soziologischer Innovationsforschung, in: Martin Eifert / Wolfgang Hoffmann-Riem (eds.), Innovation und rechtliche Regulierung. Schlüsselbegriffe und Anwendungsbeispiele rechtswissenschaftlicher Innovationsforschung, Baden-Baden: Nomos, 2002, pp. 364–413 quoted as: Neveling et alt., Economic and Sociological Approaches of Innovation Research, p. Google Scholar öffnen
Niedobitek, Matthias: Entwicklung und allgemeine Grundsätze, in: Detlef Merten / Jürgen Papier (eds.), Handbuch der Grundrechte in Deutschland und Europa – Band VI/1 „Europäische Grundrechte I“, Heidelberg i.a.: C.F. Müller, 2010, § 159, quoted as: Niedobitek, Development and General Principles, cip. Google Scholar öffnen
Nissenbaum, Helen: Privacy in Context – Technology, Policy, and the Integrity of Social Life, Stanford: Stanford University Press, 2010, quoted as: Nissenbaum, Privacy in Context, p. Google Scholar öffnen
Id.: Respect for Context as a Benchmark, in: Beate Roessler / Dorothea Mokrosinska (eds.), Social Dimensions of Privacy – Interdisciplinary Perspectives, Cambridge: Cambridge University Press, 2015, pp. 278–302, quoted as: Nissenbaum, Respect for Context as a Benchmark, p. Google Scholar öffnen doi.org/10.1017/CBO9781107280557.016
Id.: Privacy as Contextual Integrity, in: Washington Law Review 97 (1) (2004), pp. 101–139, quoted as: Nissenbaum, Privacy as Contextual Integrity, p. Google Scholar öffnen
OECD: Data-Driven Innovation for Growth and Well-Being. What Implications for Governments and Businesses?, Directorate for Science, Technology and Innovation Policy Note, October 2015, URL: http://www.oecd.org/sti/ieconomy/PolicyNote-DDI.pdf, quoted as: OECD: Data-Driven Innovation for Growth and Well-Being. Google Scholar öffnen
Id.: OECD Science, Technology and Industry Outlook 2014, URL: http://www.oecd.org/sti/oecd-science-technology-and-industry-outlook-19991428.htm, quoted as: OECD: Science, Technology and Industry Outlook 2014, p. Google Scholar öffnen doi.org/10.1787/sti_outlook-2014-82-en
Id.: The OECD Privacy Framework, 2013, URL: http://www.oecd.org/sti/ieconomy/oecd_privacy_framework.pdf, quoted as: The OECD Privacy Framework, p. Google Scholar öffnen
Pahlen-Brandt, Ingrid: Datenschutz braucht scharfe Instrumente – Beitrag zur Diskussion um „personenbezogene Daten“, in: Datenschutz und Datensicherheit 32 (1) (2008), pp. 34–40, quoted as: Pahlen-Brandt, Contribution to the discussion aon „personal data“, p. Google Scholar öffnen
Papier, Hans-Jürgen: Drittwirkung der Grundrechte, in: Detlef Merten / Hans-Jürgen Papier (eds.), Handbuch der Grundrechte in Deutschland und Europa – Band II „Allgemeine Lehren I“, Heidelberg: C.F. Müller, 2006, § 55, quoted as: Papier, Third-Party Effect of German Basic Rights, cip. Google Scholar öffnen
Peters, Emma: Wirksamer Grundrechtsschutz und effektive Strafverfolgung beim Zugriff auf elektronische Daten in Speichern privater Dritter (im Kontext der Grundrechte des Datenbetroffenen) (working title, manuscript, forthcoming 2017), quoted as: Peters, Effective protection of fundamental rights and efficient criminal prosecution in relation to acess to electronic data stored by private third parties, p. Google Scholar öffnen
Plath, Dr. Kai-Uwe, Kommentar zum BDSG und zur DSGVO sowie den Datenschutzbestimmungen von TMG und TKG, 2nd edition, Köln: Verlag Dr. Otto Schidt KG, 2016, quoted as Plath, § cip. Google Scholar öffnen doi.org/10.9785/9783504384951
Pohle, Jörg: Zweckbindung revisited, in: Datenschutz Nachrichten 38 (3) (2015), pp. 141–145, quoted as: Pohle, Purpose limitation revisited, p. Google Scholar öffnen
Id.: Personal Data Not Found: Personenbezogene Entscheidungen als überfällige Neuausrichtung im Datenschutz, in: Datenschutz Nachrichten 39 (1) (2016), pp. 14–19, quoted as: Pohle, Personal Data Not Found: Person-related decisions as an over-due refinement of data protection, p. Google Scholar öffnen
Pombriant, Denis: Data, Information and Knowledge – Transformation of data is key, in: Computer Law Review International 14 (4) (2013), pp. 97–102, quoted as: Pombriant, Data, Information and Knowledge – Transformation of data is key, p. Google Scholar öffnen
Raab, Charles D. / De Hert, Charles: Tools for Technology Regulation: Seeking Analytical Approaches Beyond Lessig and Hood, in: Roger Brownsword / Karen Yeung (eds.) Regulating Technologies – Legal Futures, Regulatory Frames and Technological Fixes, Oxford i.a.: Hart Publishing, 2008, pp. 263–285, quoted as: Raab and De Hert, Tools for Technology Regulation, p. Google Scholar öffnen
Radlanski, Philip: Das Konzept der Einwilligung in der datenschutzrechtlichen Realität, Tübingen: Mohr Siebeck, 2016, quoted as: Radlanski, The concept of consent in the reality of data protection law, p. Google Scholar öffnen
Rauhofer, Judith: Of men and mice: Should the EU data protection authorities’ reaction to Google’s new privacy policy raise concern for the future of the purpose limitation principle?, in: European Data Protection Law Review 1 (1) (2015), pp. 5–15, quoted as: Rauhofer, Of men and mice: Should the EU data protection authorities’ reaction to Google’s new privacy policy raise concern for the future of the purpose limitation principle?, p. Google Scholar öffnen
Ries, Eric: The Lean Startup: How Today's Entrepreneurs Use Continuous Innovation to Create Radically Successful Businesses, New York: Random House, 2011, quoted as: Ries, The Lean Startup, p. Google Scholar öffnen
Rouvroy, Antoinette / Poullet, Yves: The Right to Informational Self-Determination and the Value of Self-Development: Reassessing the Importance of Privacy for Democracy, in: Serge Gutwirth / Yves Poullet / Paul de Hert / Cecile de Terwangne / Sjaak Nouwt (eds.), Reinventing Data Protection?, New York i.a.: Springer, 2009, pp. 45–76, quoted as: Rouvroy and Poullet, The Right to Informational Self-Determination and the Value of Self-Development: Reassessing the Importance of Privacy for Democracy, p. Google Scholar öffnen doi.org/10.1007/978-1-4020-9498-9_2
Roßnagel, Alexander: Das Gebot der Datenvermeidung und -sparsamkeit als Ansatz wirksamen technikbasierten Persönlichkeitsschutzes?, in: Martin Eifert / Wolfgang Hofmann-Riem (eds.), Innovation, Recht und öffentliche Kommunikation – Innovation und Recht IV, Berlin: Duncker & Humblot, 2011, pp. 41–66, quoted as: Roßnagel, The Requirement of Data Minimization, p. Google Scholar öffnen
Id.: Datenschutz in einem informatisierten Alltag – Gutachten im Auftrag der Friedrich-Ebert-Stiftung, 2007, URL: http://library.fes.de/pdf-files/stabsabteilung/04548.pdf, quoted as: Roßnagel, Data protection in computerized everyday life, p. Google Scholar öffnen
Id.: Rechtswissenschaftliche Technikfolgenforschung – Umrisse einer Forschungsdisziplin, Baden-Baden: Nomos, 1993, quoted as: Roßnagel, Technology assessment as a legal research discipline, p. Google Scholar öffnen
Roßnagel, Alexander / Pfitzmann, Andreas / Garstka, Hansjürgen: Modernisierung des Datenschutzrechts – Gutachten im Auftrag des Bundesinnenministeriums des Innern, Bundesinnenministerium des Innern, 2001, URL: https://www.bfdi.bund.de/SharedDocs/VortraegeUndArbeitspapiere/2001GutachtenModernisierungDSRecht.pdf?__blob=publicationFile, quoted as: Roßnagel, Garstka and Pfitzmann, Modernization of data protection law – report on behalf of the Federal Ministry of the Interior (2001), p. Google Scholar öffnen
Rost, Martin: Standardisierte Datenschutzmodellierung, in: Datenschutz und Datensicherheit 35 (6) (2012), pp. 433–438, quoted as: Rost, Standardized Modeling of Data Protection, p. Google Scholar öffnen
Rost, Martin / Bock, Kirstin: Privacy by Design und die Neuen Schutzziele: Grundsätze, Ziele und Anforderungen, in: Datenschutz und Datensicherheit 35 (1) (2011), pp. 30–35, quoted as: Rost and Bock, Privacy by Design and the New Protection Goals: Principles, objectives, and requirements, p. Google Scholar öffnen
Rost, Martin / Pfitzmann, Andreas: Datenschutz-Schutzziele—revisited, in: Datenschutz und Datensicherheit 33 (6) (2009), pp. 353–358, quoted as: Rost and Pfitzmann, Data Protection Goals – revisited, p. Google Scholar öffnen
Rudolf, Walter: Recht auf informationelle Selbstbestimmung, in: Detlef Merten / Hans-Jürgen Papier (eds.), Handbuch der Grundrechte in Deutschland und Europa – Band IV „Einzelgrundrechte I“, Heidelberg: C.F. Müller, 2011, § 90, quoted as: Rudolf, Right to Informational Self-Determination, cip. Google Scholar öffnen
Ruiz-Miguel, Carlos: El derecho a la protección de los datos personales en la Carta de Derechos Fundamentales de Unión Europea: Análisis crítico, in: Revista de Derecho Comunitario Europeo 7 (14) (2003), pp. 7–43, quoted: Ruiz-Miguel, El derecho a la protección de los datos personales en la Carta de Derechos Fundamentales de Unión Europea: Análisis crítico, p. Google Scholar öffnen
Rupp, Martin: Die grundrechtliche Schutzpflicht des Staates für das Recht auf informationelle Selbstbestimmung im Pressesektor, Saarbrücken: Alma Mater, 2013, quoted as: Rupp, The State Duty of Protection for the Right to Informational Self-Determination in the Press Sector, p. Google Scholar öffnen
Sandfuchs, Barbara: Privatheit wider Willen?, Tübingen: Mohr Siebeck, 2015, quoted as: Sandfuchs, Privacy against one’s will?, p. Google Scholar öffnen doi.org/10.1628/9783161557583
Sarasvathy, Saras D.: Causation and Effectuation: Toward a Theoretical Shift from Economic Inevitability to Entrepreneurial Contingency, in: Academy of Management Review 26 (2) (2001), pp. 243–263, quoted as: Sarasvathy, Causation and Effectuation, p. Google Scholar öffnen
Schneider, Jens-Peter: Stand und Perspektiven des europäischen Datenverkehrs- und Datenschutzrechts, in: Die Verwaltung 44 (4) (2011), pp. 499–524, quoted as: Schneider, Status of and Perspectives for the European Data Traffic and Data Protection Law, p. Google Scholar öffnen
Schneider, Jochen: Die Datensicherheit – eine vergessene Regelungsmaterie? Ein Plädoyer für Aufwertung, stärkere Integration und Modernisierung des § 9 BDSG, in: Zeitschrift für Datenschutz 1 (1) (2011), pp. 6–12, quoted as: Schneider, Data security – a forgotten area of regulation?, p. Google Scholar öffnen
Schreibauer, Marcus: Vorb. § 11, §§ 11, 12 TMG, in: Martin Eßer / Philip Kramer / Kai von Lewinski (eds.), Auernhammer – Bundesdatenschutzgesetz, 4th edition, Köln: Carl Heymanns, 2014, quoted as: Schreibauer, Federal Data Protection Law and further Provisions, cip. Google Scholar öffnen
Schulz, Wolfgang / Dankert, Kevin: Governance by Things’ as a challenge to regulation by law, in: Internet Policy Review 5 (2) (2016), pp. 1–19, quoted as: Schulz and Dankert, ‚Governance by Things’ as a challenge to regulation by law. Google Scholar öffnen
Schumpeter, Joseph: Capitalism, Socialism & Democracy, 5th edition, London i.a.: Routledge, 2003, quoted as: Schumpeter, Capitalism, Socialism & Democracy, p. Google Scholar öffnen
Schweizer, Rainer J.: Allgemeine Grundsätze, in: Detlef Merten / Hans-Jürgen Papier (eds.), Handbuch der Grundrechte in Deutschland und Europa – Band VI/I „Europäische Grundrechte I“, Heidelberg i.a.: C. F. Müller, 2010, § 138, quoted as: Schweizer in: Handbook of Basic Rights – Europe I, §; Google Scholar öffnen
Id.: Die Rechtsprechung des Europäischen Gerichtshofs für Menschenrechte zum Persönlichkeits- und Datenschutz, in: Datenschutz und Datensicherheit 33 (8) (2009), pp. 462–468, quoted as: Schweizer, European Convention and Data Protection, p. Google Scholar öffnen doi.org/10.1007/s11623-009-0119-y
Simitis, Spiros: Die informationelle Selbstbestimmung – Grundbedingungen einer verfassungsrechtlichen Kommunikationsordnung, in: Neue Juristische Wochenschrift 37 (8) (1984), pp. 398–405, quoted as: Simitis, NJW 1984, p. Google Scholar öffnen
Id.: Bundesdatenschutzgesetz, Baden-Baden: Nomos, 2014, quoted as: Simitis, Federal Data Protection Law, cip. Google Scholar öffnen
Singer, Slavica / Amorós, José Ernesto / Moska Arreola, Daniel: Global Entrepreneurship Monitor – 2014 Global Report, URL: http://www.gemconsortium.org/report, quoted as: Singer et al., Global Entrepreneurship Monitor – 2014 Global Report. Google Scholar öffnen
Skistims, Hendrik / Voigtmann, Christian / David, Klaus / Roßnagel, Alexander: Datenschutzgerechte Gestaltung von kontextvorhersagenden Algorithmen, in: Datenschutz und Datensicherheit 36 (1) (2012), pp. 31–36, quoted as: Skistims et al., Data Protection Compliance of Context-Predicting Algorithms, p. Google Scholar öffnen
Solove, Daniel J.: Understanding Privacy, Cambridge, Massachusetts: Harvard University Press, 2008, quoted as: Solove, Understanding Privacy, p. Google Scholar öffnen
Stentzel, Rainer: Das Grundrecht auf ...? Auf der Suche nach dem Schutzgut des Datenschutzes in der Europäischen Union, in: Privacy in Germany 3 (5) (2015), pp. 185–190, Union quoted as: Stentzel, The Fundamental Right to ...? The Search of the Object of Protection of Data Protection in the European Union, PinG 05.15, p. Google Scholar öffnen
Streinz, Rudolf / Michl, Walther: Art. 4 EUV, Art. 6 AEUV, Art. 51 GRCh, in: Streinz (ed.), EUV/AEUV Kommentar, 2nd edition, München: C.H. Beck, 2012, quoted as: Streinz/Michl, in: Streinz, EUV/AEUV, cip. Google Scholar öffnen
Thaler, Richard H. / Sunstein, Cass R.: Nudge – Improving Decisions About Health, Wealth, and Happiness, New Haven i.a.: Yale University Press, 2008, quoted as: Thaler and Sunstein, Nudge – Improving Decisions About Health, Wealth, and Happiness, p. Google Scholar öffnen
Thierer, Adam: Privacy Law’s Precautionary Principle Problem, in: Maine Law Review 66 (2) (2014), pp. 467–486, quoted as: Thierer, Privacy Law’s Precautionary Principle Problem, p. Google Scholar öffnen
Trute, Hans-Heinrich: Der Schutz personenbezogener Informationen in der Informationsgesellschaft, in: JuristenZeitung 53 (17) (1998), pp. 822–831, quoted as: Trute, JZ 1998, p. Google Scholar öffnen
Tzanou, Maria: Data protection as a fundamental right next to privacy? ‘Reconstructing’ a not so new right, in: International Data Privacy Law 3 (2) (2013), pp. 88–99, quoted as: Tzanou, Data protection as a fundamental right next to privacy? ‘Reconstructing’ a not so new right, p. Google Scholar öffnen
Veil, Winfried: DS-GVO: Risikobasierter Ansatz statt rigides Verbotsprinzip – Eine erste Bestandsaufnahme, in: Zeitschrift für Datenschutz 5 (8) (2015), pp. 347–353, quoted as: GDPR: Risk-based approach instead of rigid principle of prohibition, p. Google Scholar öffnen
Vodafone Institute for Society and Communications: Big Data – A European Survey on the Opportunities and Risks of Data Analytics, 2016, URL: http://www.vodafone-institut.de/wp-content/uploads/2016/01/VodafoneInstitute-Survey-BigData-en.pdf, quoted as: Vodafone Institute for Society and Communications: Big Data – A European Survey on the Opportunities and Risks of Data Analytics, p. Google Scholar öffnen
Voßkuhle, Andreas: Neue Verwaltungsrechtswissenschaft, in: Wolfgang Hoffmann-Riem / Eberhard Schmidt-Aßmann / Andreas Voßkuhle (eds.), Grundlagen des Verwaltungsrechts – Band I „Methoden – Maßstäbe – Aufgaben – Organisation“, 2nd edition, München: C.H. Beck, 2012, pp. 1–63, quoted as: Voßkuhle, New Regulatory Approach of Administrative Law, p. Google Scholar öffnen
Wegner, Gerhard: Nachhaltige Innovationsoffenheit dynamischer Märkte, in: Martin Eifert / Wolfgang Hoffmann-Riem (eds.), Innovationsfördernde Regulierung – Innovation und Recht II, Berlin: Duncker & Humblot, 2009, pp. 71–91, quoted as: Wegner, Dynamic Markets and their Persistent Openness to Innovation, p. Google Scholar öffnen
Weichert, Thilo: Informationstechnische Arbeitsteilung und datenschutzrechtliche Verantwortung – Plädoyer für eine Mitverantwortlichkeit bei der Verarbeitung von Nutzungsdaten, in: Zeitschrift für Datenschutz 4 (12) (2014), pp. 605–610, quoted as: Weichert, Information-technological collaboration and data protection responsibility, p. Google Scholar öffnen
Welter, Friederike: Contextualizing Entrepreneurship – Conceptual Challenges and Ways Forward, in: Entrepreneurship Theory and Practice 35 (1) (2011), pp. 165–184, quoted as: Welter, Contextualizing Entrepreneurship, p. Google Scholar öffnen
Wente, Jürgen: Informationelles Selbstbestimmungsrecht und absolute Drittwirkung der Grundrechte, in: Neue Juristische Wochenschrift 37 (25) (1984), pp. 1446–1447, quoted as: Wente, NJW 1984, p. Google Scholar öffnen
Westin, Alan F.: Privacy & Freedom, New York: Atheneum, 1967, quoted as: Westin, Privacy and Freedom, p. Google Scholar öffnen
Wolff, Heinrich Amadeus: § 28 BDSG, in: Heinrich Amadeus Wolff / Stefan Brink (eds.), Datenschutzrecht in Bund und Ländern – Kommentar, München: C.H. Beck, 2013, quoted as: Wolff, § 28 BDSG, cip. Google Scholar öffnen
World Economic Forum: Insight Report: Enhancing Europe's Competitiveness – Fostering Innovation-Driven Entrepreneurship in Europe, January 2014, URL: http://www3.weforum.org/docs/WEF_EuropeCompetitiveness_InnovationDrivenEntrepreneurship_Report_2014.pdf, quoted as: World Economic Forum: Insight Report: Enhancing Europe's Competitiveness – Fostering Innovation-Driven Entrepreneurship in Europe. Google Scholar öffnen
Wright, David / Friedewald, Michael / Gellert, Raphaël: Developing and testing a surveillance impact assessment methodology, in: International Data Privacy Law 5 (1) (2015), pp. 40–53, quoted as: Wright, Freidewald and Gellert, Developing and testing a surveillance impact assessment methodology, p. Google Scholar öffnen
Zezschwitz, Friedrich von: Konzept der normativen Zweckbegrenzung, in: Alexander Roßnagel (ed.), Handbuch Datenschutzrecht: Die neuen Grundlagen für Wirtschaft und Verwaltung, München: C.H. Beck, 2003, pp. 219–268, quoted as: v. Zezschwitz, Concept of Normative Purpose Limitation, cip. Google Scholar öffnen