Cover of book: The Principle of Purpose Limitation in Data Protection Laws
Book Titles Open Access Full access

The Principle of Purpose Limitation in Data Protection Laws

The Risk-based Approach, Principles, and Private Standards as Elements for Regulating Innovation
Authors:
Publisher:
 2018

Summary

Die Arbeit untersucht das datenschutzrechtliche Zweckbindungsprinzip aus der Perspektive der rechtswissenschaftlichen Innovationsforschung. Danach schützt das Zweckbindungsprinzip nicht nur die Autonomie der Betroffenen, sondern lässt zugleich den Verarbeitern ausreichend Spielraum, um im Rahmen ihrer Innovationsprozesse den Schutz optimal umzusetzen. In diesem Sinne stellt sich die Pflicht des Verarbeiters, die Zwecke der Verarbeitung zu spezifizieren, als ein Instrument des Vorsorgeschutzes dar. Es zielt darauf ab, spezifische Risiken, die sich aus der Datenverarbeitung für die Grundrechtsausübung des Betroffenen ergeben, frühzeitig zu erkennen. Demgegenüber zielt das Erfordernis, dass die spätere Verarbeitung nicht unvereinbar mit der ursprünglichen Zweckangabe sein darf, auf eine Kontrolle der zusätzlichen Risiken, die sich aus der späteren Verarbeitung ergeben. Dieser Interpretationsansatz zeigt eine Möglichkeit auf, wie nicht nur die Betroffenen effektiv vor den Risiken der Datenverarbeitung geschützt, sondern auch die Verarbeiter befähigt werden können, die Einhaltung der rechtlichen Vorschriften als innovationsfördernden Wettbewerbsvorteil zu nutzen.

Bibliographic data

Copyright year
2018
ISBN-Print
978-3-8487-4897-6
ISBN-Online
978-3-8452-9084-3
Publisher
Nomos, Baden-Baden
Series
Schriften zur rechtswissenschaftlichen Innovationsforschung
Volume
12
Language
English
Pages
676
Product type
Book Titles

Table of contents

ChapterPages
  1. Titelei/Inhaltsverzeichnis 1 - 30 Download chapter (PDF)
  2. Download chapter (PDF)
      1. 1. Innovation as an economic driver for public welfare
      2. 2. Protection against the risks of innovation
      3. 3. Uncertainty about the meaning and extent of the principle of purpose limitation
        1. a) Coming from a practical observation: Startups and non-linear innovation processes
          1. aa) The unpredictable outcome of entrepreneurial processes
          2. bb) Excursus: In which circumstances do data controllers actually need “old” data?
          1. aa) No foreseeable negative impact on individuals
          2. bb) Negative impact foreseeable on the individuals
      5. 5. Interim conclusion: Uncertainty about the concept of protection and its legal effects
      1. 1. Legal research about innovation
      2. 2. The regulator’s perspective
      3. 3. Possible pitfalls taking the effects of regulation instruments into account
    3. III. Course of examination
  3. Download chapter (PDF)
        1. a) Key Elements for the entrepreneurial process
        2. b) Business Opportunities: Discovery and creation
        3. c) Strategic management: Causation and effectuation
        4. d) Entrepreneurial contexts: The Law as one influencing factor in innovation processes amongst others
        1. a) Do laws simply shift societal costs either protecting against or being open to innovation?
          1. aa) Legal (un)certainty as a factor that mediates the regulatory burden
          2. bb) Conditioning further legal certainty as a promoting factor for entrepreneurial activity
        3. c) Interim conclusion with respect to the principle of purpose limitation
      1. 1. Risk terminology oscillating between “prevention” and “precaution”
      2. 2. Sociological approaches defining “dangers” and “risks”
        1. a) Protection pursuant to the degree of probability
        2. b) Protection pursuant to the available knowledge in linear-causal and non-linear environments
        3. c) Interim conclusion: Fundamental rights determining the appropriateness of protection
      4. 4. Searching for a scale in order to determine the potential impact of data protection risks
      1. 1. The individual’s autonomy and the private/public dichotomy
      2. 2. Criticism: From factual to conceptual changes
      3. 3. Nissenbaum’s framework of “contextual integrity”
      4. 4. Clarifying the relationship between “context” and “purpose”
      5. 5. Values as a normative scale in order to determine the “contexts” and “purposes”
  4. Download chapter (PDF)
        1. a) The interplay between European Convention for Human Rights, European Charter of Fundamental Rights and German Basic Rights
              1. (a) Positive obligations with respect to Article 8 ECHR
              2. (b) Right to respect for private life under Article 8 ECHR
              1. (a) Market freedoms and fundamental rights
              2. (b) The right to data protection under Article 8 ECFR and/or the right to private life under Article 7 ECFR
              1. (a) Protection function of the right to informational self-determination
              2. (b) Priority of contractual agreements and the imbalance of powers
              3. (c) Balancing the colliding constitutional positions
            1. (1) The 3-Step-Test: Assessing the defensive and protection function
              1. (a) Which instruments actually protect which object of protection?
              2. (b) Example: “Commercialized” consent threatening the object of protection including…
              3. (c) … individuality?
              4. (d) … solidarity?
              5. (e) … democracy?
          3. cc) Equal or equivalent level of protection compared to state data processing?
        3. c) Interim conclusion: Interdisciplinary research on the precise object and concept of protection
        1. a) Genesis and interplay with co-related basic rights
        2. b) Autonomous substantial guarantee
        3. c) Right to control disclosure and usage of personal data as protection instrument?
        4. d) Infringement by ‘insight into personality’ and ‘particularity of state interest’
            1. (1) Principles of clarity of law and purpose limitation referring to the moment when data is collected
            2. (2) The proportionality test also takes the use of data at a later stage into account
          2. bb) In the private sector: The contract as an essential link for legal evaluation
        6. f) Interim conclusion: Conceptual link between ‘privacy’ and ‘data processing’
        1. a) Genesis and interplay of both rights
          1. aa) Substantial guarantee of “private life”: Trust in confidentiality and unbiased behavior
          2. bb) Criteria established for certain cases: Context of collection, nature of data, way of usage, and results obtained
            1. (1) ‘Intrusion into privacy’
            2. (2) Public situations: ‘Systematic or permanent storage’ vs. ‘passer-by situations’
            3. (3) ‘Data relating to private or public matters’, ‘limited use’ and/or ‘made available to the general public’
            4. (4) ‘Unexpected use’ pursuant to the purpose perceptible by the individual concerned
          4. dd) Consent: Are individuals given a choice to avoid the processing altogether?
          5. ee) Conclusion: Assessment of ‘reasonable expectations’ on a case-by-case basis
            1. (1) General definition of the term ‘personal data’ under Article 7 and 8 ECFR instead of case-by-case approach
              1. (a) Protection against first publication and profiles based on public data
              2. (b) Protection against collection, storage, and subsequent risk of abuse
              1. (a) Which right is used to discuss other fundamental rights?
              2. (b) The answer depends on the type of threat posed
            4. (4) Protection in (semi)-public spheres irrespective of ‘reasonable expectations’?
            5. (5) Going beyond the requirement of consent provided for under Article 8 ECHR
            1. (1) Location of protection instruments under Article 8 ECFR
            2. (2) Protection going beyond Article 8 ECHR
            3. (3) Remaining uncertainty about the interplay between Article 7 and 8 ECFR
            1. (1) The reason for why the scope is too vague: Difference between data and information
            2. (2) The reason for why the scope is too broad: Increasing digitization in society
            3. (3) Advantages and challenges: ‘Personal data’ as legal link for a subjective right
            4. (4) Possible consequence: A legal scale provided for by all fundamental rights which determine the regulation instruments under Art. 8 ECFR
        1. a) ECtHR and ECJ: Almost no criteria
              1. (a) ‘All the means reasonably likely to be used’
              2. (b) Example: IP addresses as ‘personal data’?
              3. (c) The case of “Breyer vs. Germany”
            2. (2) Liability for ‘data processing’: ‘Controller’ and ‘processor’
            3. (3) Further legal provisions referring to the purpose
            1. (1) Preliminary note: Clarifying conceptual (mis)understandings
            2. (2) Legal opinion on the function of the specification of a purpose
            3. (3) Legal opinion on the function of ‘making a specified purpose explicit’
            4. (4) Legal opinion on the reconstruction of a purpose and its legitimacy
          3. cc) Purposes of processing specified when consent is given
            1. (1) ePrivacy Directive
              1. (a) Preliminary note: Clarifying conceptual (mis)understandings
              2. (b) Legal opinion on ‘performance of a contract’
              3. (c) Legal opinion on ‘legal obligation’, ‘vital interests’, and ‘public task’
              4. (d) Legal opinion on ‘legitimate interests’
          1. aa) Purposes of processing authorized by the Telecommunication Law
          2. bb) Purposes of processing authorized by the Telemedia Law
            1. (1) Three basic legitimate grounds
            2. (2) ‘Performance of a contract’, Article 28 sect. 1 sent. 1 no. 1 BDSG
            3. (3) ‘Justified interests of the controller’, Art. 28 sect. 1 sent. 1 no. 2 BDSG
            4. (4) ‘Generally accessible data’, Art. 28 sect. 1 sent. 1 no. 3 BDSG
            5. (5) Privileges and restrictions pursuant to the purpose
            1. (1) Not a waiver but execution of right to informational self-determination
            2. (2) Requirements for consent and consequences of its failure
            3. (3) Discussion on the degree of precision of a specified purpose
              1. (a) Function of purpose specification (basic conditions)
              2. (b) Examples for specific purposes: Certain areas of life or explicitly listed crimes
              3. (c) Examples for unspecific purposes: Abstract dangers or unknown purposes
              4. (d) Liberalization of the strict requirement by referring to the object of protection
            2. (2) Private sector: ‘Self-control of legitimacy’
          1. aa) Data processing for undisputed ‘marketing purposes’ authorized by law
          2. bb) Disputed ‘marketing purposes’ specified by data controllers
          3. cc) Further examples for different scales applied in order to specify the purpose
          4. dd) Can the context help interpret a specified purpose?
          5. ee) A different scale for ‘purpose specification’ pursuant to the German concept of protection
          6. ff) Interim conclusion: Do regulation instruments dictate the scale for ‘purpose specification’?
          1. aa) Common understanding about the function of ‘purpose specification’
          2. bb) Ambiguous understanding regarding the functions of ‘making specified purpose explicit’
          3. cc) Arguable focus on data collection for legal evaluation in the private sector
          4. dd) Arguable legal consequences surrounding the validity of the consent
          1. aa) No legal system providing for ‘objectives’ of data processing in the private sector
            1. (1) ‘Interests’ protected by the controller’s fundamental rights
            2. (2) Is the ‘purpose’ determined by the individual’s fundamental rights?
            1. (1) Present interests vs. future interests
            2. (2) Purpose specification pursuant to the type of threat?
        4. d) Summary of conceptual ambiguities
            1. (1) Different functions of rights (opacity and transparency)
            2. (2) Disconnecting the exclusive link between data protection to privacy
            3. (3) Data protection for all rights to privacy, freedom, and equality
              1. (a) Challenges of bridging risks to rights
              2. (b) Example: German White Paper on DPIA
              3. (c) Criticism: Incoherence of current risk criteria
              1. (a) Pooling different actions together in order to create meaning
              2. (b) Separating unspecific from specific risks (first reason why data protection is indispensable)
              3. (c) Central function with respect to all fundamental rights (second reason why data protection is indispensable of data protection)
            3. (3) Function of making specified purposes explicit
            1. (1) Tying into the Courts’ decisions and European legislation
              1. (a) Effectiveness and efficiency of protection instruments
              2. (b) Appropriate concept for innovation processes
              3. (c) Excursus: Objective vs. subjective risks
              1. (a) At home: Protection of ‘haven of retreat’
              2. (b) Using communications: Protection against ‘filtering opinions’
              3. (c) “Privacy in (semi)-public spheres”: Protection against the risks of later usage of data
            2. (2) Necessity requirement, irrespective of inconvenience
              1. (a) Research on the individual’s decision making process (consent)
              2. (b) First example: The legislature’s considerations on the use of ‘cookies’
              3. (c) Second example: Considerations surrounding ‘unsolicited communications’
            1. (1) Clarification of substantial guarantees
              1. (a) Necessity of publication
              2. (b) Strict requirements for consent
              1. (a) Misconceptions in the decision of “Mr. González vs. Google Spain”
              2. (b) Excursus: Case law provided for by the German Constitutional Court
              3. (c) Conclusion in regards to the decision of “Mr. González vs. Google Spain”
            1. (1) Does the German right to informational self-determination provide for such a guarantee?
            2. (2) Discussion on such a substantial guarantee
            3. (3) Articles 7 and/or 8 ECFR: Information pursuant to insights into personality and possibilities of manipulation
              1. (a) Considerations of the Courts with respect to the freedom of expression and the individuals risk of being unreasonably suspected by the State
              2. (b) Considerations on further rights of freedom
            2. (2) Focus on the later usage of data or information: Restriction or hindrance of exercise of rights of freedom through usage of data or information
              1. (a) Specific contexts of collection of personal data
              2. (b) Later use of personal data in the same context
              3. (c) Protection instruments enabling the individual to adapt to or protect him or herself against the informational measure
            1. (1) In the public sector: Criteria for intensity of infringement
            2. (2) In the private sector: ‘Tool of opacity’ vs. private autonomy?
            3. (3) Interim conclusion: Additional legitimacy requirement for the data-based decision-making process
        3. c) Conclusion: Purpose specification during innovation processes
            1. (1) ECtHR: ‘Reasonable expectations’ as a main criteria
              1. (a) Are the terms ‘necessity’, ‘adequacy’ and ‘relevance’ used as objective criteria for the compatibility assessment?
              2. (b) Purpose identity for the consent
            1. (1) Preliminary analysis: Pre-conditions and consequences
            2. (2) Example: The expectations of a customer purchasing a vegetable box online
              1. (a) First criteria: ‘Distance between purposes’
              2. (b) Second criteria: ‘Context and reasonable expectations’
              3. (c) Third criteria: ‘Nature of data and impact on data subjects’
              4. (d) Fourth criteria: ‘Safeguards ensuring fairness and preventing undue impact’
              1. (a) Specification of the compatibility assessment (even prohibiting positive effects)
              2. (b) Safeguards corresponding to the characteristics of the purposes
              3. (c) Hierarchy of safeguards: From anonymization to functional separation
            1. (1) Strict purpose identity for the processing of ‘communication data’, ‘traffic data’ and ‘location data other than traffic data’
            2. (2) The individual’s consent as an exclusive legal basis for a change of purpose
          4. dd) Interim conclusion: A lack in the legal scale for compatibility assessment
            1. (1) Strict purpose identity required by Telemedia Law and Telecommunication Law
            2. (2) The more nuanced approach established by the Federal Data Protection Law
            1. (1) Strict requirement of purpose identity limiting the intensity of the infringement
            2. (2) Proportionate change of purpose
            3. (3) Identification marks as a control-enhancing mechanism
              1. (a) Purpose specification by the individual instead of the controller
              2. (b) Principle of purpose limitation and informational separation of powers
              3. (c) Example of re-registration: Collection and transfer of data on the citizen’s request
              1. (a) Criticism of the “subjective” purpose approach
              2. (b) Compatibility instead of identity of purposes
              3. (c) Supplementing protection instruments
              1. (a) Criticism of purpose compatibility
              2. (b) Specification, identity and change of purpose as equivalent regulation instruments
              3. (c) The opposing fundamental rights providing for the objective legal scale
          4. dd) Interim conclusion: Right to control data causing a ‘flood of regulation’
            1. (1) Purpose compatibility as an “umbrella assessment”
            2. (2) Custer’s and Ursic’s taxonomy: “Data recycling, repurposing, and recontextualization”
            3. (3) Clarification of an objective scale: “Same risk, higher risk, and another risk”
              1. (a) “Purpose identity” forbidding additional risks (than specified before)
              2. (b) Further protection instruments that can avoid purpose incompatibility
              3. (c) Systemizing the criteria for the compatibility assessment
            2. (2) Right to private life under Article 8 ECHR and the right to informational self-determination
          3. cc) Applying a ‘non-linear perspective’
          1. aa) Right of ‘being left alone’: ‘Reasonable expectations’ determined by risks
          2. bb) Self-representation in the public: A balancing exercise instead of purpose determination
          3. cc) Internal freedom of development: Specific instead of preliminary information
          4. dd) External freedoms of behavior: Purpose identity as one potential element amongst several protection instruments
          5. ee) Equality and non-discrimination: Specifying incompatible purposes in the course of social life
        3. c) Conclusion: Purpose limitation in decentralized data networks
          1. aa) How data may be related to an individual
          2. bb) Anonymization of personal data
          3. cc) Again: The problem of a “yes-or-no-protection” solution
            1. (1) Pro and cons for precautionary protection against abstract dangers
            2. (2) Abstract precautionary protection only in cases of special danger
            3. (3) Advantages of a nuanced approach
            1. (1) General scope of protection enabling specification of purpose (aka risk)
              1. (a) Rights to privacy
              2. (b) Right of self-representation in the public
              3. (c) Internal freedom of behavior
              4. (d) Rights to freedom and non-discrimination
            3. (3) Again: General scope of protection requiring data security (against unspecific risks)
          1. (1) Cumulative responsibility for precautionary protection
          2. (2) Cooperative responsibility for preventative protection
          1. aa) Different risks in the public and private sector
          2. bb) Example: Requirements to specify the purpose and limit the processing at a later stage
          3. cc) Legal-technical constraints surrounding the prohibition rule
          1. aa) Classic instruments: Specific legal provisions, broad legal provisions, and/or consent
          2. bb) Conceptual shift: From a legal basis to ‘legitimacy assessment’
          3. cc) Side note: State regulated self-regulation increasing legal certainty
          4. dd) Interplay of consent and legal provisions
        3. c) Interim conclusion: Balancing the colliding fundamental rights
          1. aa) Classic discussion regarding current data protection laws
          2. bb) Further approaches considered by the legislator and Constitutional Courts
          3. cc) Requirements illustrated so far, with respect to different guarantees
            1. (1) Risks as object of consent (not data)
            2. (2) Extent of consent limiting the later use of data (instead of being illegal as a whole)
            3. (3) Change of purpose: Opt-out procedures for higher and opt-in procedures for other risk
            1. (1) Arg. ex contrario: Is an incompatible purpose legal on a separate legal basis?
            2. (2) Differentiating between “not compatible” and “incompatible” purposes
            3. (3) Assessment of safeguards that ensure that purposes do not (definitely) become incompatible
            1. (1) Opt-out: A risk-reducing protection instrument
            2. (2) Examples: New risks not covered by consent (in light of the specified purpose)
            3. (3) Examples: New risks not covered by a former applicable provision
              1. (a) Data collection: Customizing information in relation to daily decision-making processes
              2. (b) Change of purpose: Interpreting information duties regarding specific risks
              3. (c) Profiling and automated decision-making
            2. (2) Individual’s right to rectification
        3. c) Conclusion: Specifying the decision-making process (Art. 24 and 25 GDPR)
  5. Download chapter (PDF)
        1. a) Risk-based approach of purpose specification and limitation (Art. 5 sect. 1 lit. b GDPR)
        2. b) Data Protection Impact Assessment (Art. 35 GDPR)
        3. c) Further methodologies (technology assessment and surveillance impact assessment)
        1. a) Examining abstract constitutional positions from a social science perspective
        2. b) Pre-structuring interests through multiple-stakeholder and expert participation
        3. c) Specifying ‘decision-making process’ by user-centered development of data protection-by-design
      3. 3. Interim conclusion: Unfolding complexity
      1. 1. Reason for the case study approach
      2. 2. Generalizing the non-representative cases
      3. 3. Designing the case studies
        1. a) Enabling data controllers to increase legal certainty
        2. b) Enhancing competition on the “data protection” market
        3. c) Remaining questions in relation to the effects of legal standards
            1. (1) Initial product and business model: Internal freedom of development
            2. (2) Change of product and business model: No substantive change of purpose
            1. (1) Standardization of “personalized marketing” purpose
            2. (2) Competitive advantage
            1. (1) Processing of public personal data: Self-determination in public
            2. (2) The taxi driver: Attributing anonymized data to passengers
            1. (1) Standardization of “statistical” or “scientific” purposes
            2. (2) Competitive advantage
            1. (1) Re-publication of personal data: fair balance instead of a priority rule
            2. (2) Freedom to find an occupation: Participation instruments
            1. (1) Standardization of “profiling potential employees”
            2. (2) Signaling legal certainty (to the “workers’ council”)
      3. 5. Summary: Standardizing “purposes” of data processing
  6. E. Final conclusion: The principle of purpose limitation can not only be open towards but also enhancing innovation 649 - 654 Download chapter (PDF)
  7. Bibliography 655 - 676 Download chapter (PDF)

Bibliography (215)

  1. Acquisti, Alessandro / Grossklags, Jens: What Can Behavioral Economics Teach Us about Privacy?, in: Sabrina De Capitani di Vimercati / Stefanos Gritzalis / Costas Lambrinoudakis / Alessandro Acquisti (eds.), Digital Privacy – Theory, Technologies, and Practices, New York i.a.: Auerbach, 2008, pp. 363–377, quoted as: Acquisti and Grossklags, What Can Behavioral Economics Teach Us about Privacy?, p. Open Google Scholar
  2. Albers, Marion: Informationelle Selbstbestimmung, Baden-Baden: Nomos, 2005, quoted as: Albers, Informational Self-Determination, p. Open Google Scholar doi.org/10.5771/9783845258638
  3. Id.: § 22 – Umgang mit personenbezogenen Informationen und Daten, in: Wolfgang Hoffmann-Riem / Eberhard Schmidt-Aßmann / Andreas Voßkuhle (eds.), Grundlagen des Verwaltungsrechts, Band 2 – „Informationsordnung, Verwaltungsverfahren, Handlungsformen“, 2nd edition, München: C.H. Beck, 2012, quoted as: Albers, Treatment of Personal Information and Data, cip. Open Google Scholar
  4. Alvarez, Sharon / Barney, Jay B.: Discovery and Creation: Alternative Theories of Entrepreneurial Action, in: Strategic Entrepreneurship Journal 1 (1-2) (2007), pp. 11–26, quoted as: Alvarez and Barney, Discovery and Creation: Alternative Theories of Entrepreneurial Action, p. Open Google Scholar
  5. Appel, Ivo: Aufgaben und Verfahren der Innovationsfolgenabschätzung, in: Innovation und Recht III – Innovationsverantwortung, Berlin: Duncker & Humblot, 2009, pp. 147–181, quoted as: Appel, Tasks and Procedures of the Innovation Impact Assessment, p. Open Google Scholar
  6. Article 29 Data Protection Working Party (set up under Article 29 of Directive 95/46/EC): Statement on the role of a risk-based approach in data protection legal frameworks, 30 May 2014, 14/EN, WP 218, URL: http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2014/wp218_en.pdf, quoted as: Article 29 Data Protection Group, Statement on the role of a risk-based approach in data protection legal frameworks, p. Open Google Scholar
  7. Id.: Opinion 03/0213 on purpose limitation, 2 April 2013, 00569/13/EN, WP 203, URL: http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2013/wp203_en.pdf, quoted as: Article 29 Data Protection Working Group, Opinion 03/0213 on purpose limitation, p. Open Google Scholar
  8. Id.: Opinion 4/2007 on the concept of personal data, 20 June 2007, 01248/07/EN, WP 136, URL: http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2007/wp136_en.pdf, quoted as: Article 29 Data Protection Working Group, Opinion 4/2007 on the concept of personal data, p. Open Google Scholar
  9. Id.: Opinion 05/2014 on Anonymisation Techniques, 10 April 2014, 0829/14/EN WP216, URL: http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2014/wp216_en.pdf, quoted as: Article 29 Data Protection Working Group, Opinion 05/2014 on Anonymisation Techniques, p. Open Google Scholar
  10. Id.: Opinion 15/2011 on the definition of consent, 13 July 2011, 01197/11/EN, WP187, URL: http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2011/wp187_en.pdf, quoted as: Article 29 Data Protection Working Group, Opinion 15/2011 on the definition of consent, p. Open Google Scholar
  11. Id.: Opinion 06/2014 on the notion of legitimate interests of the data controller under Article 7 of Directive 95/46/EC, 9 April 2014, 844/14/EN, WP 217, URL: http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2014/wp217_en.pdf, quoted as: Article 29 Data Protection Working Group, Opinion 06/2014 on the notion of legitimate interests of the data controller under Article 7 of Directive 95/46/EC, p. Open Google Scholar
  12. Id.: Opinion 3/2010 on the principle of accountability, 13 July 2010, 00062/10/EN, WP 173, URL: http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2010/wp173_en.pdf, quoted as: Article 29 Data Protection Working Group, Opinion 3/2010 on the principle of accountability, p. Open Google Scholar
  13. Balboni, Paolo / Cooper, Daniel / Imperiali, Rosario / Macenaite, Milda: Legitimate interest of the data controller New data protection paradigm: legitimacy grounded on appropriate protection, in: International Data Privacy Law 3 (4) (2013), pp. 244–261, quoted as: Balboni et al., Legitimate interest of the data controller New data protection paradigm: legitimacy grounded on appropriate protection, p. Open Google Scholar
  14. Baldwin, Robert / Cave, Martin / Lodge, Martin: Understanding Regulation – Theory, Strategy and Practice, 2nd edition, Oxford: Oxford University Press, 2013, quoted as: Baldwin and Cave, Understanding Regulation – Theory, Strategy and Practice, p. Open Google Scholar
  15. Baxter, Pamela / Jack, Susan: Qualitative Case Study Methodology: Study Design and Implementation for Novice Researchers, in: The Qualitative Report 13 (4) (2008), pp. 544–559, quoted as: Baxter and Jack, Qualitative Case Study Methodology: Study Design and Implementation for Novice Researchers, p. Open Google Scholar
  16. Bäcker, Matthias: Grundrechtlicher Informationsschutz gegen Private, in: Der Staat 51 (1) (2012), pp. 91–116, quoted as: Bäcker, Constitutional Protection of Information regarding Private Parties, p. Open Google Scholar
  17. Bechler, Lars: Informationseingriffe durch intransparenten Umgang mit personenbezogenen Daten, Halle an der Saale: Universitätsverlag Halle-Wittenberg, 2010, quoted as: Bechler, Informational Harm by Intransparent Treatment of Personal Data, p. Open Google Scholar
  18. Belli, Luca: A heterostakeholder cooperation for sustainable internet policymaking, in: Internet Policy Review 4 (2) (2015), pp. 1–21, quoted as: Belli, A Heterostakeholder Cooperation for Sustainable Internet Policymaking. Open Google Scholar
  19. Bergmann, Dr. Lutz / Möhrle, Roland / Herb, Prof. Dr. Armin: Datenschutzrecht, Loseblattsammlung, 53th edition, Berlin: Boorberg , 2017, quoted as: Bergmann/Möhrle/Herb, BDSG Open Google Scholar
  20. Bergt, Matthias: Die Bestimmbarkeit als Grundproblem des Datenschutzrechts – Überblick über den Theorienstreit und Lösungsvorschlag, in: Zeitschrift für Datenschutz 5 (8) (2015), pp. 365–371, quoted as: Bergt, The question on „identifiable persons“ as main problem of data protection, p. Open Google Scholar
  21. Bernsdorff, Norbert: Art. 8, in: Jürgen Meyer (ed.), Charta der Grundrechte der Europäischen Union, 3rd edition, Baden-Baden: Nomos, 2011, quoted as: Bernsdorff, European Charter of Fundamental Rights, Art. 8 cip. Open Google Scholar
  22. Bethge, Herbert: Grundrechtskollisionen, in: Detlef Merten / Hans-Jürgen Papier (eds.), Handbuch der Grundrechte in Deutschland und Europa – Band III „Allgemeine Lehren II“, Heidelberg: C.F. Müller Verlag, 2009, § 72, quoted as: Bethge, § 72 – Collision of Basic Rights, cip. Open Google Scholar
  23. Blank, Steve: Why the Lean Start-Up Changes Everything, Harvard Business Review 2013, URL: https://hbr.org/2013/05/why-the-lean-start-up-changes-everything , quoted as: Blank, Why the Lean Start-up Changes Everything, p. Open Google Scholar
  24. Id.: Four Steps to the Epiphany – Successful Strategies for Products that Win, 2nd edition, 2006, URL: http://web.stanford.edu/group/e145/cgi-bin/winter/drupal/upload/handouts/Four_Steps.pdf, quoted as: Blank, Four Steps to Epiphany, p. Open Google Scholar
  25. Blind, Knut: The Impact of Standardization and Standards on Innovation, in: Manchester Institute of Innovation Research (ed.), Compendium of Evidence on the Effectiveness of Innovation Policy Intervention, 2013, URL: http://www.innovation-policy.org.uk/compendium/section/Default.aspx?topicid=30, quoted as: Blind, The Impact of Standardization and Standards on Innovation, p. Open Google Scholar
  26. Blume, Peter: An alternative model for data protection law: changing the roles of controller and processor, in: International Data Privacy Law 5 (4) (2015), pp. 292–297, quoted as: Blume, An alternative model for data protection law: changing the roles of controller and processor, p. Open Google Scholar
  27. Boos, Carina / Kroschwald, Steffen /Wicker, Magda: Datenschutz bei Cloud Computing zwischen TKG, TMG und BDSG – Datenkategorien bei der Nutzung von Cloud-Diensten, in: Zeitschrift für Datenschutz 3 (5) (2013), 205–209, quoted as: Boos et al., Data protection and cloud computing pursuant to the Telecommunication Law, Telemedia Law, and Federal Data Protection Law, p. Open Google Scholar
  28. Boyd, Danah / Crawford, Kate: Critical Questions for Big Data, in: Information, Communication and Society 15 (5) (2012), pp. 662–679, quoted as: Boyd and Crawford, Critical Questions For Big Data, p. Open Google Scholar
  29. Braithwaite, John / Coglianese, Cary / Levi-Faur, David: Can regulation and governance make a difference?, in: Regulation and Governance 1 (1) (2007), pp. 1–7, quoted as: Braithwaite et al., Can regulation and governance make a difference?, p. Open Google Scholar
  30. Britz, Gabriele: Informationelle Selbstbestimmung zwischen rechtswissenschaftlicher Grundsatzkritik und Beharren des Bundesverfassungsgerichts, in: Edmund Brandt / Martin Eifert / Bernd Holznagel i.a. (eds.), Offene Rechtswissenschaft, Tübingen: Mohr Siebeck, 2010, quoted as: Britz, Informational Self-Determination between Legal Doctrine and Constitutional Case Law, p. Open Google Scholar doi.org/10.5771/9783845226439-63
  31. Id.: Europäisierung des grundrechtlichen Datenschutzes?, in: Europäische Grundrechte-Zeitschrift 36 (1-4) (2009), pp. 1–11, quoted as: Britz, Europeanisation of Data Protection Provided for by Fundamental Rights?, p. Open Google Scholar
  32. Id.: Das Grundrecht auf Datenschutz in Art. 8 der Grundrechtecharta, in: Der Hessische Datenschutzbeauftragte (ed.), Dokumentation der Fachtagung „Datenschutz in Deutschland nach dem Vertrag von Lissabon“ am 9. Dezember 2008, URL: https://www.datenschutz.hessen.de/download.php?download_ID=188, quoted as: Britz, The Fundamental Right to Data Protection in Article 8 ECFR, p. Open Google Scholar
  33. Id.: Einzelfallgerechtigkeit versus Generalisierung: Verfassungsrechtliche Grenzen statistischer Diskriminierung, Tübingen: Mohr Siebeck, 2008, quoted as: Britz, Justice in the individual case versus generalization: limits of constitutional law for statistical discrimination, p. Open Google Scholar
  34. Brownsword, Roger: Regulating Technologies: Tools, Targets, and Thematics, in: Roger Brownsword / Karen Yeung (eds.), Regulating technologies: legal futures, regulatory frames and technological fixes, Oxford: Hart, 2008, pp. 3-22, quoted as: Brownsword and Yeung, Regulating Technologies: Tools, Targets, and Thematics, p. Open Google Scholar
  35. Id.: Consent in Data Protection Law: Privacy, Fair Processing and Confidentiality, in: Serge Gutwirth / Yves Poullet / Paul de Hert / Cecile de Terwangne / Sjaak Nouwt (eds.), Reinventing Data Protection?, New York i.a.: Springer, 2009, pp. 83–110, quoted as: Brownsword, Consent in Data Protection Law: Privacy, Fair Processing and Confidentiality, p. Open Google Scholar doi.org/10.1007/978-1-4020-9498-9_4
  36. Buchmann, Erik: Wie kann man Privatheit messen? Privatheitsmaße aus der Wissenschaft, in: Datenschutz und Datensicherheit 39 (8) (2015), pp. 510–514, quoted as: Buchmann, How can privacy be measured?, p. Open Google Scholar
  37. Buchner, Benedikt: Informationelle Selbstbestimmung im Privatrecht, Tübingen: Mohr Siebeck, 2006, quoted as: Buchner, Informational self-determination in the private sector, p. Open Google Scholar
  38. Burgkardt, Felix: Grundrechtlicher Datenschutz zwischen Grundgesetz und Europarecht, Hamburg: Dr. Kovac, 2013, quoted as: Burgkardt, Data Protection between German Basic Law und Union Law, p. Open Google Scholar
  39. Bygrave, Lee A.: Data Privacy Law – An International Perspective, Oxford: Oxford University Press, 2014, quoted as: Bygrave, Data Privacy Law, p. Open Google Scholar doi.org/10.1093/acprof:oso/9780199675555.003.0006
  40. Callies, Christian: Schutzpflichten, in: Detlef Merten / Hans-Jürgen Papier (eds.), Handbuch der Grundrechte in Deutschland und Europa – Band II „Grundrechte in Deutschland – Allgemeine Lehren I“, Heidelberg: C. F. Müller, 2006, § 44, quoted as: Callies, Duties of Protection, cip. Open Google Scholar
  41. Cate, Fred H. / Cullon, Peter / Mayer-Schönberger, Viktor: Data Protection Principles for the 21st Century – Revising the 1980 OECD Guidelines, Oxford Internet Institute 2014, URL: https://www.oii.ox.ac.uk/archive/downloads/publications/Data_Protection_Principles_for_the_21st_Century.pdf, quoted as: Cate/Cullon/Viktor Mayer-Schönberger, Data Protection Principles for the 21st Century, p. Open Google Scholar
  42. Center for Information Policy Leadership: The Role of Risk Management in Data Protection – Paper 2 of the Project on Privacy Risk Framework and Risk-based Approach to Privacy, 2014, URL: https://www.informationpolicycentre.com/files/Uploads/Documents/Centre/The_Role_of_Risk_Management_in_Data_Protection_FINAL_Paper.PDF, quoted as: Center for Information Policy Leadership, The Role of Risk Management in Data Protection – Paper 2 of the Project on Privacy Risk Framework and Risk-based Approach to Privacy, p. Open Google Scholar
  43. Christl, Wolfie: Kommerzielle Digitale Überwachung im Alltag, Studie im Auftrag der Bundesarbeitskammer Wien, 2014, URL: http://crackedlabs.org/dl/Studie_Digitale_Ueberwachung.pdf, quoted as: Christl, Commercial Digital Surveillance in Daily Life. Open Google Scholar
  44. Costa, Luiz: Privacy and the precautionary principle, in: Computer Law & Security Review 28 (2012), pp. 14–24, quoted as: Costa, Privacy and the precautionary principle, p. Open Google Scholar
  45. Custer, Bart / Ursic, Helena: Big data and data reuse: a taxonomy of data reuse for balancing big data benefits and personal data protection, in: International Data Privacy Law 6 (1) (2016), pp. 1–12, quoted as: Custer and Ursic, Big data and data reuse: a taxonomy of data reuse for balancing big data benefits and personal data protection, p. Open Google Scholar
  46. Dammann, Ulrich / Simitis, Spiros: EG-Datenschutzrichtlinie, Baden-Baden: Nomos, 1997, quoted as: Dammann/Spirits, EU Data Protection Directive, ‚Chapter’, cip. Open Google Scholar
  47. Danwitz, Thomas von: Die Grundrechte auf Achtung der Privatsphäre und auf Schutz personenbezogener Daten – Die jüngere Rechtsprechung des Gerichtshofes der Europäischen Union, in: Datenschutz und Datensicherheit 39 (9) 2015, pp. 581–585, quoted as: v. Danwitz, The Fundamental Rights to Private Life and to data Protection, p. Open Google Scholar
  48. De Hert, Paul / Gutwirth, Serge: Data Protection in the Case Law of Strasbourg and Luxemburg: Constitutionalisation in Action, in: Serge Gutwirth / Yves Poullet / Paul de Hert / Cecile de Terwangne / Sjaak Nouwt (eds.), Reinventing Data Protection?, New York i.a.: Springer, 2009, pp. 3–44, quoted as: De Hert and Gutwirth, Data Protection in the Case Law of Strasbourg and Luxemburg: Constitutionalisation in Action, p. Open Google Scholar doi.org/10.1007/978-1-4020-9498-9_1
  49. Id.: Privacy, data protection and law enforcement. Opacity of the individual and transparency of power, in: Erik Claes / Antony Duff / Serge Gutwirth (eds.), Privacy and the criminal law, Antwerp/Oxford: Intersentia, 2006, pp. 61–104, quoted as: De Hert and Gutwirth, Privacy, data protection and law enforcement. Opacity of the individual and transparency of power, p. Open Google Scholar
  50. Dietlein, Johannes: Die Lehre von den grundrechtlichen Schutzpflichten, Berlin: Duncker & Humblot, 2005, quoted as: Dietlein, The Doctrine of Duties of Protection of Basic Rights, p. Open Google Scholar
  51. Dijk, Niels van / Gellert, Raphaël / Rommetveit, Kjetil: A risk to a right? Beyond data protection risk assessments, in: Computer Law & Security Review 32 (2) (2016), pp. 286–306, quoted as: van Dijk, Gellert and Rommetveit, A risk to a right? Beyond data protection risk assessments, p. Open Google Scholar
  52. Dopfer, Martina / von Grafenstein, Maximilian / Richter, Nancy / Schildhauer, Thomas / Tech, Robin / Trifonov, Stefan / Wrobel, Martin: Working Paper „Fördernde Und Hindernde Faktoren Für Internet-Enabled Startups. (Supporting and Hindering Factors for Internet-Enabled Startups.), 2015, URL: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2759911, Open Google Scholar doi.org/10.2139/ssrn.2759911
  53. quoted as: Dopfer et al., Supporting and hindering factors for internet-enabled startups, p. Open Google Scholar
  54. Drucker, Peter F.: The Discipline of Innovation, in: Harvard Business Review, Reprint 98604 (1998), first published in 1985, URL: https://hbr.org/2002/08/the-discipline-of-innovation, quoted as: Drucker, The Discipline of Innovation, p. Open Google Scholar
  55. Duhigg, Charles: Die Macht der Gewohnheit – Warum wir tun was wir tun (English original title: The Power of Habit), Berlin: Berlin Verlag, 2012, quoted as: Duhigg, The Power of Habit, p. Open Google Scholar
  56. Eckhoff, Rolf: Der Grundrechtseingriff, Köln i.a.: Carl Heymanns, 1992, quoted as: Eckhoff, The Infringement of Fundamental Rights, p. Open Google Scholar
  57. EDRi / access / Privacy International / Fundacja Panoptykon: Data Protection Broken Badly, 2015, URL: https://edri.org/files/DP_BrokenBadly.pdf, quoted as: EDRi / access / Privacy International / Fundacja Panoptykon: Data Protection Broken Badly. Open Google Scholar
  58. El Emam, Khaled / Álvarez, Cecilia: A critical appraisal of the Article 29 Working Party Opinion 05/2014 on data anonymization techniques, in: International Data Privacy Law 5 (1) (2015), pp. 73–87, quoted as: El Emam and Álvarez, A critical appraisal of the Article 29 Working Party Opinion 05/2014 on data anonymization techniques, p. Open Google Scholar
  59. Ehmann, Eugen / Helfrich, Markus: EG Datenschutzrichtlinie, Köln: Otto Schmidt, 1999, quoted as: Ehmann/Helfrich, EU Data Protection Directive, „Chapter“, cip. Open Google Scholar
  60. Eichenhofer, Johannes: Privatheit im Internet als Vertrauensschutz, in: Der Staat 55 (1) (2016), pp. 41–67, quoted as: Eichenhofer, Privacy in the Internet as Protection of Trust, p. Open Google Scholar
  61. Eifert, Martin: Zweckvereinbarkeit statt Zweckbindung als Baustein eines modernisierten Datenschutzrechts, in: Walter Gropp / Martin Lipp / Heinhard Steiger (eds.), Rechtswissenschaft im Wandel – Festschrift des Fachbereichs Rechtswissenschaft zum 400jährigen Gründungsjubiläum der Justus-Liebig-Universität Gießen, Tübingen: Mohr Siebeck, 2007, pp. 139–152, quoted as: Eifert, Purpose Compatibility instead of Purpose Limitation, p. Open Google Scholar
  62. Id.: Regulierungsstrategien, in: Wolfgang Hoffmann-Riem / Eberhard Schmidt-Aßmann / Andreas Voßkuhle (eds.), Grundlagen des Verwaltungsrechts – Band I „Methoden – Maßstäbe – Aufgaben – Organisation“, 2nd edition, München: C.H. Beck, 2012, § 19, quoted as: Eifert, Regulation Strategies, p. Open Google Scholar
  63. Id.: Innovationsfördernde Regulierung, in: Martin Eifert / Wolfgang Hoffmann-Riem (eds.), Innovation und Recht II – Innovationsfördernde Regulierung, Berlin: Duncker & Humblot, 2009, pp. 11–19, quoted as: Eifert, Innovation-enhancing Regulation, p. Open Google Scholar
  64. Eisenhardt, Kathleen M. / Graebner, Melissa E.: Theory Building From Cases: Opportunities and Challenges, in: Academy of Management Journal 50 (1) (2007), pp. 25–32, quoted as: Eisenhardt and Graebner, Theory Building From Cases: Opportunities and Challenges, p. Open Google Scholar
  65. Eßer, Martin: § 31, in: Martin Eßer / Philip Kramer / Kai von Lewinski (eds.), Auernhammer – Bundesdatenschutzgesetz, 4th edition, Köln: Carl Heymanns, 2014, quoted as: Eßer, Federal Data Protection Law and further Provisions, cip. Open Google Scholar
  66. European Union Agency for Fundamental Rights / European Court of Human Rights / Council of Europe: Handbook on European data protection law, Luxembourg: Publications Office of the European Union, 2014, quoted as: Handbook on European data protection law, p. Open Google Scholar
  67. Eurobarometer: Entrepreneurship in the EU and beyond, Flash EB Series #283, 2010, URL: http://ec.europa.eu/public_opinion/flash/fl_283_en.pdf, quoted as: Eurobarometer: Entrepreneurship in the EU and beyond. Open Google Scholar
  68. Expert Group on Fundamental Rights: Affirming Fundamental Rights in the European Union, Time to Act, Luxembourg: Office for Official Publications of the European Communities, 1999, URL: http://bookshop.europa.eu/en/affirming-fundamental-rights-in-the-european-union-pbCE2199181/downloads/CE-21-99-181-EN-C/CE2199181ENC_001.pdf;pgid=y8dIS7GUWMdSR0EAlMEUUsWb00008BR_Mmdd;sid=q4ng-7rouAbg__TN3ld-XNjN5ur-ib07rVo=?FileName=CE2199181ENC_001.pdf&SKU=CE2199181ENC_PDF&CatalogueNumber=CE-21-99-181-EN-C, quoted as: Expert Group on Fundamental Rights, p. Open Google Scholar
  69. Fagerberg, Jan: Innovation: A Guide to the Literature, in: Jan Fagerberg / David C. Mowery (eds.), The Oxford Handbook of Innovation, Oxford: Oxford University Press, 2004, pp. 1–26, quoted as: Fagerberg, Innovation: A Guide to the Literature, p. Open Google Scholar
  70. Federal Communications Commission: Internet Protocol Version 6: IPv6 for Consumers, 25 October 2016, URL: https://www.fcc.gov/consumers/guides/internet-protocol-version-6-ipv6-consumers, quoted as: Federal Communications Commission: Internet Protocol Version 6: IPv6 for Consumers. Open Google Scholar
  71. Folz, Hans-Peter, Artikels 3, 15, 16, and 21 EU-GR Charta, in: Christoph Vedder / Heintschel von Heinegg, Wolff (eds.), Europäisches Unionsrecht – EUV / AEUV / Grundrechte-Charta, Baden-Baden: Nomos Verlag, 2012, quoted as: Folz, Articles 3, 15, 16, and 21 ECFR – Freedom to Conduct a Business, cip. Open Google Scholar
  72. Forgó, Nikolaus / Krügel, Tina / Rapp, Stefan: Zwecksetzung und informationelle Gewaltenteilung, Baden-Baden: Nomos Verlag, 2006, quoted as: Forgó et al., Purpose Specification and Informational Separation of Powers, p. Open Google Scholar
  73. Forgó, Nikolaus / Krügel, Tina: Die Subjektivierung der Zweckbindung: Datenschutz – Bremsblock oder Motor des E-Government, in: Datenschutz und Datensicherheit 29 (12) (2005), pp. 732–735, quoted as: Forgó and Krügel, Subjective purpose limitation: Data protection – Brake or motor of E-Government?, p. Open Google Scholar
  74. Forum Privatheit: White Paper, Datenschutz-Folgenabschätzung: Ein Werkzeug für einen besseren Datenschutz, 2016, URL: https://www.forum-privatheit.de/forum-privatheit-de/texte/veroeffentlichungen-des-forums/themenpapiere-white-paper/Forum_Privatheit_White_Paper_Datenschutz-Folgenabschaetzung_2016.pdf, quoted as: Forum Privatheit, White Paper – Data Protection Impact Assessment, p. Open Google Scholar
  75. Franzius, Claudio: Modalitäten und Wirkungsfaktoren der Steuerung durch Recht, in: Wolfgang Hoffmann-Riem / Eberhard Schmidt-Aßmann / Andreas Voßkuhle (eds.), Grundlagen des Verwaltungsrechts – Band I „Methoden – Maßstäbe – Aufgaben – Organisation“, 2nd edition, München: C.H. Beck, 2012, § 4, quoted as: Franzius, Modes and Impact Factors for the Control through Law, cip. Open Google Scholar
  76. Fueglistaller, Urs / Müller, Christoph / Müller, Susan / Volery, Thierry / assisted by Röschke, Arik: Basics, in: Fueglistaller, Urs / Müller, Christoph / Müller, Susan / Volery, Thierry (eds.), Entrepreneurship – Modelle, Umsetzung, Perspektiven, 4th edition, Wiesbaden: Springer Gabler , 2016, Grundlagen, quoted as: Fueglistaller et al., Entrepreneurship – Basics, p. Open Google Scholar doi.org/10.1007/978-3-8349-4770-3_6
  77. Fueglistaller, Urs / Müller, Christoph / Müller, Susan / Volery, Thierry / assisted by Fust, Alexander: Basics, in: Fueglistaller, Urs / Müller, Christoph / Müller, Susan / Volery, Thierry (eds.), Entrepreneurship – Modelle, Umsetzung, Perspektiven, 4th edition, Wiesbaden: Springer Gabler , 2016, Innovation und Entrepreneurship, quoted as: Fueglistaller et al., Entrepreneurship – Innovation and Entrepreneurship, p. Open Google Scholar doi.org/10.1007/978-3-8349-4770-3_6
  78. Müller, Christoph / Fueglistaller, Urs / Müller, Susan / Volery, Thierry, in: Fueglistaller, Urs / Müller, Christoph / Müller, Susan / Volery, Thierry (eds.), Strategie und Geschäftsmodell, in: Entrepreneurship – Modelle, Umsetzung, Perspektiven, 4th edition, Wiesbaden: Springer Gabler , 2016, Grundlagen, quoted as: Müller et al., Entrepreneurship – Strategy and business model, p. Open Google Scholar doi.org/10.1007/978-3-8349-4770-3_5
  79. Gartner, William B.: What are we talking about when we talk about entrepreneurship?, in: Journal of Business Venturing 5 (1) (1990), pp. 15–28, quoted as: Gartner, What are we talking about when we talk about entrepreneurship?, p. Open Google Scholar
  80. Id.: A Conceptual Framework for Describing the Phenomenon of New Venture Creation, in: The Academy of Management Review 10 (4) (1985), pp. 696–706, quoted as: Gartner, A Conceptual Framework for Describing the Phenomenon of New Venture Creation, p. Open Google Scholar doi.org/10.2307/258039
  81. Gasser, Urs: Cloud Innovation and the Law: Issues, Approaches, and Interplay, Berkman Center Research Publication No. 2014-7, URL: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2410271, quoted as: Gasser, Cloud Innovation and the Law: Issues, Approaches, and Interplay, p. Open Google Scholar doi.org/10.2139/ssrn.2410271
  82. Gellert, Raphaël: Data protection: a risk regulation? Between the risk regulation of everything and the precautionary alternative, in: International Data Privacy Law 5 (1) (2015), pp. 3–19, quoted as: Gellert, Data protection: a risk regulation? Between the risk regulation of everything and the precautionary alternative, p. Open Google Scholar
  83. Gola, Peter / Schomerus, Rudolf: Bundesdatenschutzgesetz, Kommentar, 12th edition, München: C.H.Beck, 2015, quoted as: Gola/Schomerus, Federal Data Protection Law, § 28 BDSG cip. Open Google Scholar
  84. González-Fuster, Gloria: The Emergence of Data Protection as a Fundamental Right of the EU, Cham i.a.: Springer, 2014, quoted as: González-Fuster, The Emergence of Data Protection as a Fundamental Right of the EU, p. Open Google Scholar
  85. Globig, Klaus: Der Auskunftsanspruch des Betroffenen als Grundrecht, in: Hans-Wolfgang Arndt (ed.) Völkerrecht und deutsches Recht – Festschrift für Walter Rudolf zum 70. Geburtstag, München: C.H. Beck, 2001, pp. 441–465, quoted as: Globig, Basic Right to Information, p. Open Google Scholar
  86. Grafenstein, Maximilian von / Schulz, Wolfgang: The right to be forgotten in data protection law: a search for the concept of protection, in: International Journal for Public Law and Policy 5 (3) (2015), pp. 249–269, quoted as: v. Grafenstein and Schulz, The right to be forgotten in data protection law: a search for the concept of protection, p. Open Google Scholar
  87. Id.: Das Zweckbindungsprinzip zwischen Innovationsoffenheit und Rechtssicherheit – Zur mangelnden Differenzierung der Rechtsgüterbetroffenheit in der Datenschutzgrund-VO, in: Datenschutz und Datensicherheit 39 (12) (2015), pp. 789–795, quoted as: v. Grafenstein, The Principle of Purpose Limitation between Openness toward Innovation and the Rule of Law, p. Open Google Scholar
  88. Greve, Dr. Holger : § 40, in: Martin Eßer / Philip Kramer / Kai von Lewinski (eds.), Auernhammer – Bundesdatenschutzgesetz, 4th edition, Köln: Carl Heymanns, 2014, quoted as: Greve (Auernhammer), cip. Open Google Scholar
  89. Grimm, Dieter: Der Datenschutz vor einer Neuorientierung, in: JuristenZeitung 68 (12) (2013), pp. 585–592, quoted as: Grimm, Data protection before its refinement, p. Open Google Scholar
  90. Gusy, Christoph: Informationelle Selbstbestimmung und Datenschutz: Fortführung oder Neuanfang?, in: Kritische Vierteljahresschrift für Gesetzgebung und Rechtswissenschaft 83 (1) (2000), pp. 52–64, quoted as: Gusy, Informational Self-Determination and Data Protection: Continuing or New Beginning?, p. Open Google Scholar
  91. Härting, Niko: Zweckbindung und Zweckänderung im Datenschutzrecht, in: Neue Juristische Wochenschrift 68 (45) (2015), pp. 3284–3288, quoted as: Härting, Purpose limitation and change of purpose in data protection law, p. Open Google Scholar
  92. Id.: Datenschutz-Grundverordnung: Das neue Datenschutzrecht in der betrieblichen Praxis, Köln: Otto Schmidt, 2016, quoted as: Härting, General Data Protection Regulation: The new data protection law in business practice, cip. Open Google Scholar doi.org/10.9785/9783504385330-prf
  93. Id.: Profiling: Vorschläge für eine intelligente Regulierung – Was aus der Zweistufigkeit des Profiling für die Regelung des nicht öffentlichen Datenschutzbereichs folgt, in: Computer und Recht 30 (8) (2014), pp. 528–536, quoted as: Härting, Profiling: a proposal for an intelligent regulation, p. Open Google Scholar doi.org/10.9785/cr-2014-0808
  94. Härting, Niko / Schneider, Jochen: Data Protection in Europe: An Alternative Draft for a General Data Protection Regulation – Alternatives to the European Commission’s Proposal of 25 January 2012, Computer Law Review International 14 (2013) Supplement 1, pp. 1-38, quoted as: Härting and Schneider, Data Protection in Europe: An Alternative Draft for a General Data Protection Regulation, p. Open Google Scholar
  95. Hallinan, Dara / Friedewald, Michael: Public Perception of the Data Environment and Information Transactions – A selected-survey analysis of the European public’s views on the data environment and data transactions, in: Communications & Strategies 88 (4) (2012), pp. 61–78, quoted as: Hallinan and Friedewald, Public Perception of the Data Environment and Information Transactions – A selected-survey analysis of the European public’s views on the data environment and data transactions, p. Open Google Scholar
  96. Vested-Hansen, Jens: Article 7 – Respect for Private and Family Life, in: Steve Peers / Tamara Hervey / Jeff Kenner / Angela Ward (eds.), The EU Charter of Fundamental Rights, A Commentary, Oxford i.a.: Hart 2014, pp. 196-225, quoted as: Vested-Hansen, EU Charter of Fundamental Rights, cip. Open Google Scholar doi.org/10.5771/9783845259055_196
  97. Hartog, Chantal / van Stel, André / Storey, David J.: Institutions and Entrepreneurship: The Role of the Rule of Law, 2010, URL: http://ondernemerschap.panteia.nl/main/publication/bestelnummer/h201003, quoted as: Hartog et al., Institutions and Entrepreneurship: The Role of the Rule of Law, p. Open Google Scholar
  98. Herberger, Marie: “Ausnahmen sind eng auszulegen” – Die Ansichten beim Gerichtshof der Europäischen Union, Berlin: Duncker & Humblot, 2017, quoted as: Herberger, “Exceptions have to be interpretetd narrowly” – The considerations by the European Court of Justice, p. Open Google Scholar doi.org/10.3790/978-3-428-55120-0
  99. Heun, Sven-Erik: §§ 88, 95, 96 TKG, in: Martin Eßer / Philip Kramer / Kai von Lewinski (eds.), Auernhammer – Bundesdatenschutzgesetz, 4th edition, Köln: Carl Heymanns, 2014, quoted as: Heun, Federal Data Protection Law and further Provisions, ‚Chapter’, cip. Open Google Scholar
  100. Hoffmann-Riem, Wolfgang: Informationelle Selbstbestimmung in der Informationsgesellschaft – Auf dem Wege zu einem neuen Konzept des Datenschutzrechts, in: Archiv des öffentlichen Rechts 123 (4) (1998), pp. 513–540, quoted as: Hofmann-Riem, New Concept of Data Protection, p. Open Google Scholar
  101. Id.: Rechtswissenschaftliche Innovationsforschung als Reaktion auf gesellschaftlichen Innovationsbedarf, in: Martin Eifert / Wolfgang Hoffmann-Riem (eds.), Innovation und rechtliche Regulierung, Baden-Baden: Nomos, 2002, pp. 26–47, quoted as: Hoffmann-Riem, Jurisprudential Research on Innovation as Reaction to a Societal Need for Innovation, p. Open Google Scholar
  102. Id.: Innovationsoffenheit und Innovationsverantwortung durch Recht – Aufgaben rechtswissenschaftlicher Innovationsforschung, in: Archiv des öffentlichen Rechts 131 (2) (2006), pp. 255–277, quoted as: Hoffmann-Riem, Openness toward Innovation and Responsibility for Innovation by means of Law, p. Open Google Scholar doi.org/10.1628/000389106780282097
  103. Id.: Der grundrechtliche Schutz der Vertraulichkeit und Integrität eigengenutzter informationstechnischer Systeme, JuristenZeitung 63 (21) (2008), pp. 1009–1022, quoted as: Hoffmann-Riem, Protection of the Confidentiality and Integrity of Information Technological Systems, p. Open Google Scholar doi.org/10.1628/002268808786375406
  104. Hoffmann-Riem, Wolfgang / Fritzsche, Saskia: Innovationsverantwortung – Zur Einleitung, in: Martin Eifert / Wolfgang Hoffmann-Riem (eds.), Innovation und Recht III – Innovationsverantwortung, Berlin: Duncker & Humblot, 2009, pp. 11–41, quoted as: Hoffmann-Riem, Innovation Responsibility, p. Open Google Scholar doi.org/10.3790/978-3-428-53151-6
  105. Hofmann, Bernhard: Zweckbindung als Kernpunkt eines prozeduralen Datenschutzansatzes, Baden-Baden: Nomos, 1991, quoted as: Hofmann, Purpose Limitation as Anchor Point for a Procedural Approach in Data Protection, p. Open Google Scholar
  106. Hofmann, Jeanette / Katzenbach, Christian / Gollatz, Kirsten: Between coordination and regulation: Finding the governance in Internet governance, in: New Media & Society 2016, pp. 1–18, quoted as: Hofmann, Katzenbach and Gollatz, Between coordination and regulation: Finding the governance in Internet governance, p. Open Google Scholar doi.org/10.1177/1461444816639975
  107. Hon, W Kuan / Millard, Christopher / Walden, Ian: Who is responsible for ‘personal data’ in cloud computing? The cloud of unknowing, Part 2, in: International Data Privacy Law 2 (1) (2012), pp. 3–18, quoted as: Hon, Millard, and Walden, Who is responsible for ‘personal data’ in cloud computing?, p. Open Google Scholar
  108. Hood, Christopher / Rothstein, Henry / Baldwin, Robert: The Government of Risk – Understanding Risk Regulation Regimes, Oxford: Oxford University Press, 2001, quoted as: Hood, Rothstein, and Baldwin, The Government of Risk – Understanding Risk Regulation Regimes, p. Open Google Scholar doi.org/10.1093/0199243638.003.0002
  109. Hoofnagle, Chris Jay, The Potemkinism of Privacy Pragmatism: Civil liberties are too important to be left to the technologists, 2014, URL: http://www.slate.com/articles/technology/future_tense/2014/09/data_use_regulation_the_libertarian_push_behind_a_new_take_on_privacy.html, quoted as: Hoofnagle, The Potemkinism of Privacy Pragmatism: Civil liberties are too important to be left to the technologists. Open Google Scholar
  110. Hornung, Gerrit / Hartl, Korbinian: Datenschutz durch Marktanreize – auch in Europa? Stand der Diskussion zu Datenschutzzertifizierung und Datenschutzaudit, in: Zeitschrift für Datenschutz 4 (5) (2014), pp. 219–225, quoted as: Hornung and Hartl, Data Protection through Market Incentives – in Europe, too?, ZD May 2014, p. Open Google Scholar
  111. Jaeckel, Liv: Gefahrenabwehrrecht und Risikodogmatik – Moderne Technologien im Spiegel des Verwaltungsrechts, Tübingen: Mohr Siebeck, 2010, quoted as: Jaeckel, Prevention of Danger through Law and Legal Conceptualization of Risk, p. Open Google Scholar
  112. Id.: Risiko-Signaturen im Recht – Zur Unterscheidbarkeit von Gefahr und Risiko, JuristenZeitung 66 (3) (2011), pp. 116–124, quoted as: Jaeckel, Differentiating between Danger and Risk, p. Open Google Scholar
  113. Id.: Schutzpflichten im deutschen und europäischen Recht – Eine Untersuchung der deutschen Grundrechte, der Menschenrechte und Grundfreiheiten der EMRK sowie der Grundrechte und Grundfreiheiten der Europäischen Gemeinschaft, Baden-Baden: Nomos, 2001, quoted as: Jaeckel, Duties of Protection in German and European Law, p. Open Google Scholar
  114. Jandt, Silke / Roßnagel, Alexander: Datenschutz in Social Networks – Kollektive Verantwortlichkeit für die Datenverarbeitung, Zeitschrift für Datenschutz 1 (4) (2011), pp. 160–166, quoted as: Jandt and Roßnagel, Data protection in social networks – Collective responsibility for data processing, p. Open Google Scholar
  115. Jarass, Hans D.: Vor Art. 1, Art. 1 GG, in: Jarass, Hans D. / Pieroth, Bodo (eds.), Grundgesetz für die Bundesrepublik Deutschland – Kommentar, München: C.H. Beck, 2012, quoted as: Jarass in: Jarass/Pieroth, GG, Art. Open Google Scholar
  116. Jarchow, Thomas / Estermann, Beat: Big Data: Chancen, Risiken und Handlungsbedarf des Bundes – Ergebnisse einer Studie im Auftrag des Bundesamts für Kommunikation, 26 Oktober 2015, URL: https://www.uvek.admin.ch/dam/uvek/de/dokumente/anlaesse/2015-ab-juli/BFH%20Big%20Data%20Studie.pdf.download.pdf/BFH_Big-Data-Studie.pdf, quoted as: Jarchow and Estermann, Big Data: Chances, Risks and Need for Action of the Swiss Confederation, p. Open Google Scholar
  117. Kamp, Meike / Rost, Martin: Kritik an der Einwilligung – Ein Zwischenruf zu einer fiktiven Rechtsgrundlage in asymmetrischen Machtverhältnissen, in: Datenschutz und Datensicherheit 37 (2) (2013), pp. 80–84, quoted as: Kamp and Rost, Criticism of the individual’s consent – An interjection on a ficticious legal basis in asyymetric power relations, p. Open Google Scholar
  118. Karg, Moritz: Die Rechtsfigur des personenbezogenen Datums – Ein Anachronismus des Datenschutzes?, in: Zeitschrift für Datenschutz 2 (6) (2012), pp. 255–260, quoted as: Karg, The personal datum as a legal link for regulation – An anachronism of data protection?, p. Open Google Scholar
  119. Id.: Die Renaissance des Verbotsprinzips im Datenschutz, in: Datenschutz und Datensicherheit 37 (2) (2013), pp. 75–79, quoted as: Karg, The renaissance of the prohibition principle in data protection, p. Open Google Scholar doi.org/10.1007/s11623-013-0021-5
  120. Kift, Paula: Bridging the transatlantic divide in privacy, in: Internet Policy Review 2 (3) (2013), pp. 1–7, quoted as: Kift, Bridging the transatlantic divide, at fn. Open Google Scholar
  121. Kirby, Michael: The history, achievement and future of the 1980 OECD guidelines on privacy, in: International Data Privacy Law 1 (1) (2011), pp. 6–14, quoted as: Kirby, The history, achievement and future of the 1980 OECD guidelines on privacy, p. Open Google Scholar
  122. Kloepfer, Michael: Recht ermöglicht Technik – Zu einer wenig beachteten Funktion des Umwelt- und Technikrechts, in: Natur und Recht 1997, pp. 417–418, quoted as: Kloepfer, Law enables Technology – About an understimated function of environmental and technology law, p. Open Google Scholar
  123. Kokott, Juliane / Sobotta, Christoph: The distinction between privacy and data protection in the jurisprudence of the CJEU and the ECtHR, in: International Data Privacy Law 3 (4) (2013), pp. 222–228, quoted as: Kokott and Sobotta, The distinction between privacy and data protection in the jurisprudence of the CJEU and the ECtHR, p. Open Google Scholar
  124. Kollmann, Tobias / Stöckmann, Christoph / Linstaedt, Jana / Kensbock, Julia: European Startup Monitor 2015, URL: http://europeanstartupmonitor.com/fileadmin/presse/download/esm_2015.pdf, quoted as: Kollmann et al., European Startup Monitor 2015, p. Open Google Scholar
  125. Kosta, Eleni: Construing the Meaning of „Opt-Out“ – An Analysis of the European, U.K. and German Data Protection Legislation, in: European Data Protection Law Review 1 (1) (2015), pp. 16–31, quoted as: Kosta, Construing the Meaning of „Opt-Out“ – An Analysis of the European, U.K. and German Data Protection Legislation, p. Open Google Scholar
  126. Kramer, Philip: §§ 4a, 28 BDSG, in: Martin Eßer / Philip Kramer / Kai von Lewinski (eds.), Auernhammer – Bundesdatenschutzgesetz, 4th edition, Köln: Carl Heymanns, 2014, quoted as: Kramer, Federal Data Protection Law and further Provisions, ‚Chapter’, cip. Open Google Scholar
  127. Kranenborg, Herke: Article 8 – Protection of Personal Data, in: Steve Peers / Tamara Hervey / Jeff Kenner / Angela Ward (eds.), The EU Charter of Fundamental Rights, A Commentary, Oxford i.a.: Hart 2014, quoted as: Kranenborg, Article 8 – Protection of Personal Data, cip. Open Google Scholar doi.org/10.5771/9783845259055_266
  128. Kühling, Jürgen: Datenschutz in einer künftigen Welt allgegenwärtiger Datenverarbeitung – Aufgabe des Rechts?, in: Die Verwaltung 40 (2) (2007), pp. 153–172, quoted as: Kühling, Data protection in a future world of ubiquitous data processing, p. Open Google Scholar
  129. Kuner, Christopher / Cate, Fred H. / Millard, Christopher / Svantesson, Dan Jerker B. / Lynskey, Orla: Editorial – Risk management in data protection, in: International Data Privacy Law 5 (2) (2015), pp. 95–98, quoted as: Kuner et al., Risk management in data protection, p. Open Google Scholar
  130. Id.: Editorial – The data protection credibility crisis, in: International Data Privacy Law 5 (3) (2015), pp. 161–162, quoted as: Kuner et al., The Data Protection Credibility Crisis, IDPL 2015 Vol. 5 no. 3, p. Open Google Scholar doi.org/10.1093/idpl/ipv012
  131. Kutscha, Martin: Datenschutz durch Zweckbindung – Ein Auslaufmodell?, in: Zeitschrift für Rechtspolitik 32 (4) (1999), pp. 156–160, quoted as: Kutscha, ZRP, vol. 4, 1999, pp. 156–160, Data Protection through Purpose Limitation – An Obsolescent Model?, p. Open Google Scholar
  132. Ladeur, Karl-Heinz: Das Umweltrecht der Wissensgesellschaft: Von der Gefahrenabwehr zum Risikomanagement, Berlin: Duncker & Humblot, 2005, pp. 209–233, quoted as: Ladeur, The Environmental Law of the Knowledge Society: From the protection against dangers to the management of risks, p. Open Google Scholar
  133. Lenaerts, Koen / Gutiérrez-Fons, José Antonio: The Charter in the EU Constitutional Edifice, in: Steve Peers / Tamara Hervey / Jeff Kenner / Angela Ward (eds.), The EU Charter of Fundamental Rights, A Commentary, Oxford i.a.: Hart 2014, pp. 1600–1637, quoted as: Lenaerts and Gutiérrez-Fons, The Charter in the EU Constitutional Edifice, p. Open Google Scholar doi.org/10.5771/9783845259055_1600
  134. Levie, Jonathan / Autio, Erkko: Regulatory Burden, Rule of Law, and Entry of Strategic Entrepreneurs: An International Panel Study, in: Journal of Management Studies 48 (6) (2011), pp. 1392–1419, quoted as: Levie and Autio, Regulatory Burden, Rule of Law, and Entry of Strategic Entrepreneurs: An International Panel Study, p. Open Google Scholar
  135. Lewinski, Kai von: § 1 BDSG, Vorb. § 88 TKG, in: Martin Eßer / Philip Kramer / Kai von Lewinski (eds.), Auernhammer – Bundesdatenschutzgesetz, 4th edition, Köln: Carl Heymanns, 2014, quoted as: v. Lewinski, Federal Data Protection Law and further Provisions, ‚Chapter’, cip. Open Google Scholar
  136. Id.: Die Matrix des Datenschutzes, Tübingen: Mohr Siebeck, 2014, quoted as: v. Lewinski, The Matrix of Data Protection, p. Open Google Scholar
  137. Lindner, Josef Franz: Datenschutzrecht in Bund und Ländern, Kommentar, München: C.H. Beck, 2013, quoted as: Lindner, Data protection in the Federal State and the Länder, cip. Open Google Scholar
  138. Lipshaw, Jeffrey M.: Why the Law of Entrepreneurship Barely Matters, in: Western New England Law Review 31 (3/7) 2009, pp. 701-715, quoted as: Lipshaw, Why the Law of Entrepreneurship Barely Matters. Open Google Scholar
  139. Luhmann, Niklas: Zweckbegriff und Systemrationalität, Tübingen: Mohr Siebeck, 1968, quoted as: Luhmann, The Concept of Purpose and System Rationality, p. Open Google Scholar
  140. Lynskey, Orla: The Foundations of EU Data Protection Law, Oxford: Oxford University Press, 2015, quoted as: Lynskey, The Foundations of EU Data Protection Law, p. Open Google Scholar
  141. Mantelero, Alessandro / Vaciago, Giuseppe: The „Dark Side“ of Big Data: Private and Public Interaction in Social Surveillance – How data collections by private entities affect governmental social control and how the EU reform an data protection responds, in: Computer Law Review International 14 (6) (2013), pp. 161–169, quoted as: Mantelero and Vaciago, The „Dark Side“ of Big Data: Private and Public Interaction in Social Surveillance, p. Open Google Scholar
  142. Margraf, Marian / Pfeiffer, Stefan: Benutzerzentrierte Entwicklung für das Internet der Dinge, in: Datenschutz und Datensicherheit 39 (4) (2015), pp. 246–249, quoted as: Margraf and Pfeiffer, User-centric development for the Internet of Things, p. Open Google Scholar
  143. Matscher, Franz: Methods of Interpretation of the Convention, in: Ronald St. J. Macdonald / Franz Matscher / Herbert Petzold (eds.), The European System for the protection of human rights, Dordrecht i.a.: Kluwer Academic, 1993, pp. 63–81, quoted as: Matscher, Methods of Interpretation of the Convention, p. Open Google Scholar
  144. Masing, Johannes: Herausforderungen des Datenschutzes, Neue Juristische Wochenschrift 65 (32) (2012), pp. 2305–2311, quoted as: Masing, Challenges of data protection, p. Open Google Scholar
  145. Mayer-Schönberger, Viktor: The Law as Stimulus: The Role of Law in Fostering Innovative Entrepreneurship, in: Journal of Law and Policy for the Information Society 6 (2) (2010) pp. 153–188, quoted as: Mayer-Schönberger, The Law a s Stimulus: The Role of Law in Fostering Innovative Entrepreneurship, p. Open Google Scholar
  146. Mayer-Schönberger, Viktor / Cukier, Kenneth: Big Data: A Revolution That Will Transform How We Live, Work, and Think, New York: Houghton Mifflin Harcourt, 2013, quoted as: Mayer-Schönberger and Cukier, Big Data: A Revolution That Will Transform How We Live, Work, and Think, p. Open Google Scholar
  147. Maxwell, Winston J.: Principles-based regulation of personal data: the case of ‚fair processing’, in: International Data Privacy Law 5 (3) (2015), pp. 205–216, quoted as: Maxwell, Principles-based regulation of personal data: the case of ‚fair processing’, p. Open Google Scholar
  148. Mehde, Veith: Datenschutz, in: Sebastian F. Heselhaus / Carsten Nowak (eds.), Handbuch der Europäischen Grundrechte, München: C.H. Beck, 2006, § 21, quoted as: Mehde, Handbook of European Fundamental Rights, cip. Open Google Scholar
  149. Miller, Arthur R.: Personal Privacy in the Computer Age: The Challenge of a New Technology in an Information-Oriented Society, in: Michigan Law Review 67 (6) (1969), pp. 1089–1246, quoted as: Miller, Personal Privacy in the Computer Age: The Challenge of a New Technology in an Information-Oriented Society, p. Open Google Scholar
  150. Moroz, Peter W. / Hindle, Kevin: Entreneurship as a Process: Toward Harmonizing Multiple Perspectives, in: Entrepreneurship Theory and Practice 36 (4) (2012), pp. 781–818, quoted as: Moroz and Hindle, Entreneurship as a Process: Toward Harmonizing Multiple Perspectives, p. Open Google Scholar
  151. Murray, Andrew D.: Conceptualising the Post-Regulatory (Cyber)state, in: Roger Brownsword / Karen Yeung (eds.), Regulating Technologies – Legal Futures, Regulatory Frames and Technological Fixes, Oxford i.a.: Hart Publishing, 2008, pp. 287–316, quoted as: Murray, Conceptualising the Post-Regulatory (Cyber)state, p. Open Google Scholar
  152. Id.: The Regulation of Cyberspace – Control in the Online Environment, Abingdon i.a.: Routledge–Cavendish, 2007, quoted as: Murray, The Regulation of Cyberspace – Control in the Online Environment, p. Open Google Scholar
  153. Neumann, Robert: Libertärer Paternalismus – Theorie und Empirie staatlicher Entscheidungsarchitektur, Tübingen: Mohr Siebeck, 2013, quoted as: Neumann, Libertarian Paternalism – Theory and empiricism with respect to decision-making architectures designed by the State, p. Open Google Scholar
  154. Neveling, Stefanie / Bumke, Susanne / Dietrich, Jan-Hendrik: Ansätze wirtschaftswissenschaftlicher und soziologischer Innovationsforschung, in: Martin Eifert / Wolfgang Hoffmann-Riem (eds.), Innovation und rechtliche Regulierung. Schlüsselbegriffe und Anwendungsbeispiele rechtswissenschaftlicher Innovationsforschung, Baden-Baden: Nomos, 2002, pp. 364–413 quoted as: Neveling et alt., Economic and Sociological Approaches of Innovation Research, p. Open Google Scholar
  155. Niedobitek, Matthias: Entwicklung und allgemeine Grundsätze, in: Detlef Merten / Jürgen Papier (eds.), Handbuch der Grundrechte in Deutschland und Europa – Band VI/1 „Europäische Grundrechte I“, Heidelberg i.a.: C.F. Müller, 2010, § 159, quoted as: Niedobitek, Development and General Principles, cip. Open Google Scholar
  156. Nissenbaum, Helen: Privacy in Context – Technology, Policy, and the Integrity of Social Life, Stanford: Stanford University Press, 2010, quoted as: Nissenbaum, Privacy in Context, p. Open Google Scholar
  157. Id.: Respect for Context as a Benchmark, in: Beate Roessler / Dorothea Mokrosinska (eds.), Social Dimensions of Privacy – Interdisciplinary Perspectives, Cambridge: Cambridge University Press, 2015, pp. 278–302, quoted as: Nissenbaum, Respect for Context as a Benchmark, p. Open Google Scholar doi.org/10.1017/CBO9781107280557.016
  158. Id.: Privacy as Contextual Integrity, in: Washington Law Review 97 (1) (2004), pp. 101–139, quoted as: Nissenbaum, Privacy as Contextual Integrity, p. Open Google Scholar
  159. OECD: Data-Driven Innovation for Growth and Well-Being. What Implications for Governments and Businesses?, Directorate for Science, Technology and Innovation Policy Note, October 2015, URL: http://www.oecd.org/sti/ieconomy/PolicyNote-DDI.pdf, quoted as: OECD: Data-Driven Innovation for Growth and Well-Being. Open Google Scholar
  160. Id.: OECD Science, Technology and Industry Outlook 2014, URL: http://www.oecd.org/sti/oecd-science-technology-and-industry-outlook-19991428.htm, quoted as: OECD: Science, Technology and Industry Outlook 2014, p. Open Google Scholar doi.org/10.1787/sti_outlook-2014-82-en
  161. Id.: The OECD Privacy Framework, 2013, URL: http://www.oecd.org/sti/ieconomy/oecd_privacy_framework.pdf, quoted as: The OECD Privacy Framework, p. Open Google Scholar
  162. Pahlen-Brandt, Ingrid: Datenschutz braucht scharfe Instrumente – Beitrag zur Diskussion um „personenbezogene Daten“, in: Datenschutz und Datensicherheit 32 (1) (2008), pp. 34–40, quoted as: Pahlen-Brandt, Contribution to the discussion aon „personal data“, p. Open Google Scholar
  163. Papier, Hans-Jürgen: Drittwirkung der Grundrechte, in: Detlef Merten / Hans-Jürgen Papier (eds.), Handbuch der Grundrechte in Deutschland und Europa – Band II „Allgemeine Lehren I“, Heidelberg: C.F. Müller, 2006, § 55, quoted as: Papier, Third-Party Effect of German Basic Rights, cip. Open Google Scholar
  164. Peters, Emma: Wirksamer Grundrechtsschutz und effektive Strafverfolgung beim Zugriff auf elektronische Daten in Speichern privater Dritter (im Kontext der Grundrechte des Datenbetroffenen) (working title, manuscript, forthcoming 2017), quoted as: Peters, Effective protection of fundamental rights and efficient criminal prosecution in relation to acess to electronic data stored by private third parties, p. Open Google Scholar
  165. Plath, Dr. Kai-Uwe, Kommentar zum BDSG und zur DSGVO sowie den Datenschutzbestimmungen von TMG und TKG, 2nd edition, Köln: Verlag Dr. Otto Schidt KG, 2016, quoted as Plath, § cip. Open Google Scholar doi.org/10.9785/9783504384951
  166. Pohle, Jörg: Zweckbindung revisited, in: Datenschutz Nachrichten 38 (3) (2015), pp. 141–145, quoted as: Pohle, Purpose limitation revisited, p. Open Google Scholar
  167. Id.: Personal Data Not Found: Personenbezogene Entscheidungen als überfällige Neuausrichtung im Datenschutz, in: Datenschutz Nachrichten 39 (1) (2016), pp. 14–19, quoted as: Pohle, Personal Data Not Found: Person-related decisions as an over-due refinement of data protection, p. Open Google Scholar
  168. Pombriant, Denis: Data, Information and Knowledge – Transformation of data is key, in: Computer Law Review International 14 (4) (2013), pp. 97–102, quoted as: Pombriant, Data, Information and Knowledge – Transformation of data is key, p. Open Google Scholar
  169. Raab, Charles D. / De Hert, Charles: Tools for Technology Regulation: Seeking Analytical Approaches Beyond Lessig and Hood, in: Roger Brownsword / Karen Yeung (eds.) Regulating Technologies – Legal Futures, Regulatory Frames and Technological Fixes, Oxford i.a.: Hart Publishing, 2008, pp. 263–285, quoted as: Raab and De Hert, Tools for Technology Regulation, p. Open Google Scholar
  170. Radlanski, Philip: Das Konzept der Einwilligung in der datenschutzrechtlichen Realität, Tübingen: Mohr Siebeck, 2016, quoted as: Radlanski, The concept of consent in the reality of data protection law, p. Open Google Scholar
  171. Rauhofer, Judith: Of men and mice: Should the EU data protection authorities’ reaction to Google’s new privacy policy raise concern for the future of the purpose limitation principle?, in: European Data Protection Law Review 1 (1) (2015), pp. 5–15, quoted as: Rauhofer, Of men and mice: Should the EU data protection authorities’ reaction to Google’s new privacy policy raise concern for the future of the purpose limitation principle?, p. Open Google Scholar
  172. Ries, Eric: The Lean Startup: How Today's Entrepreneurs Use Continuous Innovation to Create Radically Successful Businesses, New York: Random House, 2011, quoted as: Ries, The Lean Startup, p. Open Google Scholar
  173. Rouvroy, Antoinette / Poullet, Yves: The Right to Informational Self-Determination and the Value of Self-Development: Reassessing the Importance of Privacy for Democracy, in: Serge Gutwirth / Yves Poullet / Paul de Hert / Cecile de Terwangne / Sjaak Nouwt (eds.), Reinventing Data Protection?, New York i.a.: Springer, 2009, pp. 45–76, quoted as: Rouvroy and Poullet, The Right to Informational Self-Determination and the Value of Self-Development: Reassessing the Importance of Privacy for Democracy, p. Open Google Scholar doi.org/10.1007/978-1-4020-9498-9_2
  174. Roßnagel, Alexander: Das Gebot der Datenvermeidung und -sparsamkeit als Ansatz wirksamen technikbasierten Persönlichkeitsschutzes?, in: Martin Eifert / Wolfgang Hofmann-Riem (eds.), Innovation, Recht und öffentliche Kommunikation – Innovation und Recht IV, Berlin: Duncker & Humblot, 2011, pp. 41–66, quoted as: Roßnagel, The Requirement of Data Minimization, p. Open Google Scholar
  175. Id.: Datenschutz in einem informatisierten Alltag – Gutachten im Auftrag der Friedrich-Ebert-Stiftung, 2007, URL: http://library.fes.de/pdf-files/stabsabteilung/04548.pdf, quoted as: Roßnagel, Data protection in computerized everyday life, p. Open Google Scholar
  176. Id.: Rechtswissenschaftliche Technikfolgenforschung – Umrisse einer Forschungsdisziplin, Baden-Baden: Nomos, 1993, quoted as: Roßnagel, Technology assessment as a legal research discipline, p. Open Google Scholar
  177. Roßnagel, Alexander / Pfitzmann, Andreas / Garstka, Hansjürgen: Modernisierung des Datenschutzrechts – Gutachten im Auftrag des Bundesinnenministeriums des Innern, Bundesinnenministerium des Innern, 2001, URL: https://www.bfdi.bund.de/SharedDocs/VortraegeUndArbeitspapiere/2001GutachtenModernisierungDSRecht.pdf?__blob=publicationFile, quoted as: Roßnagel, Garstka and Pfitzmann, Modernization of data protection law – report on behalf of the Federal Ministry of the Interior (2001), p. Open Google Scholar
  178. Rost, Martin: Standardisierte Datenschutzmodellierung, in: Datenschutz und Datensicherheit 35 (6) (2012), pp. 433–438, quoted as: Rost, Standardized Modeling of Data Protection, p. Open Google Scholar
  179. Rost, Martin / Bock, Kirstin: Privacy by Design und die Neuen Schutzziele: Grundsätze, Ziele und Anforderungen, in: Datenschutz und Datensicherheit 35 (1) (2011), pp. 30–35, quoted as: Rost and Bock, Privacy by Design and the New Protection Goals: Principles, objectives, and requirements, p. Open Google Scholar
  180. Rost, Martin / Pfitzmann, Andreas: Datenschutz-Schutzziele—revisited, in: Datenschutz und Datensicherheit 33 (6) (2009), pp. 353–358, quoted as: Rost and Pfitzmann, Data Protection Goals – revisited, p. Open Google Scholar
  181. Rudolf, Walter: Recht auf informationelle Selbstbestimmung, in: Detlef Merten / Hans-Jürgen Papier (eds.), Handbuch der Grundrechte in Deutschland und Europa – Band IV „Einzelgrundrechte I“, Heidelberg: C.F. Müller, 2011, § 90, quoted as: Rudolf, Right to Informational Self-Determination, cip. Open Google Scholar
  182. Ruiz-Miguel, Carlos: El derecho a la protección de los datos personales en la Carta de Derechos Fundamentales de Unión Europea: Análisis crítico, in: Revista de Derecho Comunitario Europeo 7 (14) (2003), pp. 7–43, quoted: Ruiz-Miguel, El derecho a la protección de los datos personales en la Carta de Derechos Fundamentales de Unión Europea: Análisis crítico, p. Open Google Scholar
  183. Rupp, Martin: Die grundrechtliche Schutzpflicht des Staates für das Recht auf informationelle Selbstbestimmung im Pressesektor, Saarbrücken: Alma Mater, 2013, quoted as: Rupp, The State Duty of Protection for the Right to Informational Self-Determination in the Press Sector, p. Open Google Scholar
  184. Sandfuchs, Barbara: Privatheit wider Willen?, Tübingen: Mohr Siebeck, 2015, quoted as: Sandfuchs, Privacy against one’s will?, p. Open Google Scholar doi.org/10.1628/9783161557583
  185. Sarasvathy, Saras D.: Causation and Effectuation: Toward a Theoretical Shift from Economic Inevitability to Entrepreneurial Contingency, in: Academy of Management Review 26 (2) (2001), pp. 243–263, quoted as: Sarasvathy, Causation and Effectuation, p. Open Google Scholar
  186. Schneider, Jens-Peter: Stand und Perspektiven des europäischen Datenverkehrs- und Datenschutzrechts, in: Die Verwaltung 44 (4) (2011), pp. 499–524, quoted as: Schneider, Status of and Perspectives for the European Data Traffic and Data Protection Law, p. Open Google Scholar
  187. Schneider, Jochen: Die Datensicherheit – eine vergessene Regelungsmaterie? Ein Plädoyer für Aufwertung, stärkere Integration und Modernisierung des § 9 BDSG, in: Zeitschrift für Datenschutz 1 (1) (2011), pp. 6–12, quoted as: Schneider, Data security – a forgotten area of regulation?, p. Open Google Scholar
  188. Schreibauer, Marcus: Vorb. § 11, §§ 11, 12 TMG, in: Martin Eßer / Philip Kramer / Kai von Lewinski (eds.), Auernhammer – Bundesdatenschutzgesetz, 4th edition, Köln: Carl Heymanns, 2014, quoted as: Schreibauer, Federal Data Protection Law and further Provisions, cip. Open Google Scholar
  189. Schulz, Wolfgang / Dankert, Kevin: Governance by Things’ as a challenge to regulation by law, in: Internet Policy Review 5 (2) (2016), pp. 1–19, quoted as: Schulz and Dankert, ‚Governance by Things’ as a challenge to regulation by law. Open Google Scholar
  190. Schumpeter, Joseph: Capitalism, Socialism & Democracy, 5th edition, London i.a.: Routledge, 2003, quoted as: Schumpeter, Capitalism, Socialism & Democracy, p. Open Google Scholar
  191. Schweizer, Rainer J.: Allgemeine Grundsätze, in: Detlef Merten / Hans-Jürgen Papier (eds.), Handbuch der Grundrechte in Deutschland und Europa – Band VI/I „Europäische Grundrechte I“, Heidelberg i.a.: C. F. Müller, 2010, § 138, quoted as: Schweizer in: Handbook of Basic Rights – Europe I, §; Open Google Scholar
  192. Id.: Die Rechtsprechung des Europäischen Gerichtshofs für Menschenrechte zum Persönlichkeits- und Datenschutz, in: Datenschutz und Datensicherheit 33 (8) (2009), pp. 462–468, quoted as: Schweizer, European Convention and Data Protection, p. Open Google Scholar doi.org/10.1007/s11623-009-0119-y
  193. Simitis, Spiros: Die informationelle Selbstbestimmung – Grundbedingungen einer verfassungsrechtlichen Kommunikationsordnung, in: Neue Juristische Wochenschrift 37 (8) (1984), pp. 398–405, quoted as: Simitis, NJW 1984, p. Open Google Scholar
  194. Id.: Bundesdatenschutzgesetz, Baden-Baden: Nomos, 2014, quoted as: Simitis, Federal Data Protection Law, cip. Open Google Scholar
  195. Singer, Slavica / Amorós, José Ernesto / Moska Arreola, Daniel: Global Entrepreneurship Monitor – 2014 Global Report, URL: http://www.gemconsortium.org/report, quoted as: Singer et al., Global Entrepreneurship Monitor – 2014 Global Report. Open Google Scholar
  196. Skistims, Hendrik / Voigtmann, Christian / David, Klaus / Roßnagel, Alexander: Datenschutzgerechte Gestaltung von kontextvorhersagenden Algorithmen, in: Datenschutz und Datensicherheit 36 (1) (2012), pp. 31–36, quoted as: Skistims et al., Data Protection Compliance of Context-Predicting Algorithms, p. Open Google Scholar
  197. Solove, Daniel J.: Understanding Privacy, Cambridge, Massachusetts: Harvard University Press, 2008, quoted as: Solove, Understanding Privacy, p. Open Google Scholar
  198. Stentzel, Rainer: Das Grundrecht auf ...? Auf der Suche nach dem Schutzgut des Datenschutzes in der Europäischen Union, in: Privacy in Germany 3 (5) (2015), pp. 185–190, Union quoted as: Stentzel, The Fundamental Right to ...? The Search of the Object of Protection of Data Protection in the European Union, PinG 05.15, p. Open Google Scholar
  199. Streinz, Rudolf / Michl, Walther: Art. 4 EUV, Art. 6 AEUV, Art. 51 GRCh, in: Streinz (ed.), EUV/AEUV Kommentar, 2nd edition, München: C.H. Beck, 2012, quoted as: Streinz/Michl, in: Streinz, EUV/AEUV, cip. Open Google Scholar
  200. Thaler, Richard H. / Sunstein, Cass R.: Nudge – Improving Decisions About Health, Wealth, and Happiness, New Haven i.a.: Yale University Press, 2008, quoted as: Thaler and Sunstein, Nudge – Improving Decisions About Health, Wealth, and Happiness, p. Open Google Scholar
  201. Thierer, Adam: Privacy Law’s Precautionary Principle Problem, in: Maine Law Review 66 (2) (2014), pp. 467–486, quoted as: Thierer, Privacy Law’s Precautionary Principle Problem, p. Open Google Scholar
  202. Trute, Hans-Heinrich: Der Schutz personenbezogener Informationen in der Informationsgesellschaft, in: JuristenZeitung 53 (17) (1998), pp. 822–831, quoted as: Trute, JZ 1998, p. Open Google Scholar
  203. Tzanou, Maria: Data protection as a fundamental right next to privacy? ‘Reconstructing’ a not so new right, in: International Data Privacy Law 3 (2) (2013), pp. 88–99, quoted as: Tzanou, Data protection as a fundamental right next to privacy? ‘Reconstructing’ a not so new right, p. Open Google Scholar
  204. Veil, Winfried: DS-GVO: Risikobasierter Ansatz statt rigides Verbotsprinzip – Eine erste Bestandsaufnahme, in: Zeitschrift für Datenschutz 5 (8) (2015), pp. 347–353, quoted as: GDPR: Risk-based approach instead of rigid principle of prohibition, p. Open Google Scholar
  205. Vodafone Institute for Society and Communications: Big Data – A European Survey on the Opportunities and Risks of Data Analytics, 2016, URL: http://www.vodafone-institut.de/wp-content/uploads/2016/01/VodafoneInstitute-Survey-BigData-en.pdf, quoted as: Vodafone Institute for Society and Communications: Big Data – A European Survey on the Opportunities and Risks of Data Analytics, p. Open Google Scholar
  206. Voßkuhle, Andreas: Neue Verwaltungsrechtswissenschaft, in: Wolfgang Hoffmann-Riem / Eberhard Schmidt-Aßmann / Andreas Voßkuhle (eds.), Grundlagen des Verwaltungsrechts – Band I „Methoden – Maßstäbe – Aufgaben – Organisation“, 2nd edition, München: C.H. Beck, 2012, pp. 1–63, quoted as: Voßkuhle, New Regulatory Approach of Administrative Law, p. Open Google Scholar
  207. Wegner, Gerhard: Nachhaltige Innovationsoffenheit dynamischer Märkte, in: Martin Eifert / Wolfgang Hoffmann-Riem (eds.), Innovationsfördernde Regulierung – Innovation und Recht II, Berlin: Duncker & Humblot, 2009, pp. 71–91, quoted as: Wegner, Dynamic Markets and their Persistent Openness to Innovation, p. Open Google Scholar
  208. Weichert, Thilo: Informationstechnische Arbeitsteilung und datenschutzrechtliche Verantwortung – Plädoyer für eine Mitverantwortlichkeit bei der Verarbeitung von Nutzungsdaten, in: Zeitschrift für Datenschutz 4 (12) (2014), pp. 605–610, quoted as: Weichert, Information-technological collaboration and data protection responsibility, p. Open Google Scholar
  209. Welter, Friederike: Contextualizing Entrepreneurship – Conceptual Challenges and Ways Forward, in: Entrepreneurship Theory and Practice 35 (1) (2011), pp. 165–184, quoted as: Welter, Contextualizing Entrepreneurship, p. Open Google Scholar
  210. Wente, Jürgen: Informationelles Selbstbestimmungsrecht und absolute Drittwirkung der Grundrechte, in: Neue Juristische Wochenschrift 37 (25) (1984), pp. 1446–1447, quoted as: Wente, NJW 1984, p. Open Google Scholar
  211. Westin, Alan F.: Privacy & Freedom, New York: Atheneum, 1967, quoted as: Westin, Privacy and Freedom, p. Open Google Scholar
  212. Wolff, Heinrich Amadeus: § 28 BDSG, in: Heinrich Amadeus Wolff / Stefan Brink (eds.), Datenschutzrecht in Bund und Ländern – Kommentar, München: C.H. Beck, 2013, quoted as: Wolff, § 28 BDSG, cip. Open Google Scholar
  213. World Economic Forum: Insight Report: Enhancing Europe's Competitiveness – Fostering Innovation-Driven Entrepreneurship in Europe, January 2014, URL: http://www3.weforum.org/docs/WEF_EuropeCompetitiveness_InnovationDrivenEntrepreneurship_Report_2014.pdf, quoted as: World Economic Forum: Insight Report: Enhancing Europe's Competitiveness – Fostering Innovation-Driven Entrepreneurship in Europe. Open Google Scholar
  214. Wright, David / Friedewald, Michael / Gellert, Raphaël: Developing and testing a surveillance impact assessment methodology, in: International Data Privacy Law 5 (1) (2015), pp. 40–53, quoted as: Wright, Freidewald and Gellert, Developing and testing a surveillance impact assessment methodology, p. Open Google Scholar
  215. Zezschwitz, Friedrich von: Konzept der normativen Zweckbegrenzung, in: Alexander Roßnagel (ed.), Handbuch Datenschutzrecht: Die neuen Grundlagen für Wirtschaft und Verwaltung, München: C.H. Beck, 2003, pp. 219–268, quoted as: v. Zezschwitz, Concept of Normative Purpose Limitation, cip. Open Google Scholar

Similar publications

from the topics "Data Protection Law & Information Law & Digital Law"
Cover of book: Data Act und Datenschutz
Book Titles No access
Marc-Philipp Geiselmann
Data Act und Datenschutz
Cover of book: Data Access and Portability
Book Titles No access
Yannic Duller
Data Access and Portability
Cover of book: Perspektiven des Datenschutz- und Cybersicherheitsrechts
Edited Book Full access
Lukas Staffler, Jakob Ebbinghaus
Perspektiven des Datenschutz- und Cybersicherheitsrechts
Cover of book: Bürokratieabbau im Datenschutz
Edited Book No access
Alexander Roßnagel, Astrid Wallmann
Bürokratieabbau im Datenschutz
Cover of book: Personal Data Breaches
Book Titles No access
Steffen Sundermann
Personal Data Breaches

Notice

This work is protected by copyright and may only be used in accordance with the provisions of the Terms of Use and License Agreement. Any use of the work beyond this is expressly prohibited and will be prosecuted.

Give feedback

We welcome your feedback on content and features. Your message helps us to continuously improve our service.

Rating
Attach images
or drag and drop
PNG or JPG (max. 3 MB)

Login

Forgotten your password?
Login via Open Athens
Don't have an account yet?
Register now

Cite publication

Download: RIS BibTex