Cover of book: Big Data and Law
, to see if you have full access to this publication.
Book Titles No access

Big Data and Law

A Practitioner's Guide
Authors:
Publisher:
 2021

Summary

Caldarola/Schrey

Big Data and Law “Big Data” refers to large amounts of data originating from various sources which are stored, processed and analysed with specific applications to obtain all kind of (inter-) dependency analyses, environmental and trend research, and for system and production control purposes. As in data mining, knowledge discovery is a priority for Big Data applications. Big Data is now seen as a new source and a “reserve” of additional revenue. When dealing with Big Data, it is not enough to have the necessary technical expertise and infrastructure. Rather, the legal scope must also be observed. As a result of the applicability of the EU General Data Protection Regulation since 25 May 2018 and the associated potentially substantial fines for data protection infringements, data protection supervisory authorities in particular will intensify their supervisory measures and also focus their attention on Big Data applications. With numerous guidelines and graphics, this book is a practical legal guide to gathering, storing and analysing personal and other types of data in Big Data applications. It provides comprehensive, practice-oriented assistance and reliability for planning everyday business in a Big Data environment.

Bibliographic data

Copyright year
2021
ISBN-Print
978-3-406-74393-1
ISBN-Online
978-3-406-77936-7
Publisher
C.H.BECK Recht - Wirtschaft - Steuern, München
Series
Beck International
Language
English
Pages
178
Product type
Book Titles

Table of contents

ChapterPages
  1. Titelei/Inhaltsverzeichnis No access I - XXIII
    1. I. Why Big Data? No access
      1. 1. General principles No access
      2. 2. Companies established in the EU (Art. 3 (1) GDPR) No access
      3. 3. Companies not established in the EU (Art. 3 (2) GDPR) No access
      4. 4. Offering of goods or services to data subjects in the EU No access
      5. 5. Monitoring the behaviour of subjects in the EU No access
      6. 6. Data processing facilities in a place where Member State law applies (Art. 3 (3) GDPR) No access
      7. 7. Limits of the scope of application – opening clauses No access
        1. a) Data processing in employment contexts (Art. 88 GDPR) No access
        2. b) Designation of a data protection officer in cases other than Art. 37 (1) GDPR No access
        3. c) Processing carried out in the public interest or in compliance with a legal obligation No access
      9. 9. Summary No access
    3. III. Which data are affected? No access
    4. IV. What are the differences between the data types? No access
    5. V. Which verification steps need to be considered for a Big Data application? No access
      1. 1. Definition of “personal data” pursuant to Art. 4 (1) GDPR No access
        1. a) Dynamic IP addresses No access
        2. b) Personnel or customer numbers No access
        3. c) VIN/Vehicle registration numbers No access
        4. d) Special categories of personal data No access
        5. e) Location, traffic and usage data No access
        6. f) Characteristics of specific data sources No access
    2. II. Non-personal data No access
      1. 1. Collections of works, data or other independent elements, § 4 German Copyright Act No access
      2. 2. Database protection rights No access
        1. a) Database model No access
        2. b) Data format No access
        3. c) Interface No access
    4. IV. Protection as business or trade secret No access
    5. V. Householder’s right with regard to the collection of factual data No access
    6. VI. Virtual householder’s right No access
    7. VII. Factual data linked to IP addresses or other identifying characteristics No access
    8. VIII. No data ownership No access
      1. 1. Controller-to-processor agreement (C2P) No access
      2. 2. Obligation to separate the databases No access
      3. 3. Other obligations of the processor No access
        1. a) Selection and prior checking No access
        2. b) C2P agreement No access
      1. 1. Internal relationship between the joint controllers No access
      2. 2. Provision of the internal agreement No access
      3. 3. External Relationship Between the Joint Controllers and the Data Subject No access
      1. 1. Participation in projects of multiple responsible entities No access
      2. 2. Employee secondment/supply of temporary staff No access
      3. 3. Joint controllers within the meaning of Art. 26 GDPR with regard to project participations No access
      1. 1. Storing in your own cloud No access
      2. 2. Use of third-Party cloud storage No access
    1. I. Specialist knowledge No access
    2. II. Organizational and operational involvement of the data protection officer No access
    3. III. Communication with data subjects No access
    4. IV. Information and monitoring obligations No access
    5. V. Cooperation and control obligations No access
    6. VI. Internal procedure in the event of a data protection violation No access
      1. 1. Performance of a contract No access
      2. 2. Balance of interests No access
      3. 3. Works council agreements No access
        1. a) Declaration of consent No access
        2. b) Formal requirements No access
        3. c) Free Will No access
        4. d) Indication of the purpose of the collection and processing No access
        5. e) Transmission to third parties, in particular to countries outside the EU No access
        6. f) Right to withdraw consent No access
        7. g) Opt-in and opt-out solutions No access
      1. 1. Processing of factual data No access
      2. 2. Obtaining data from data collections/databases No access
      3. 3. Obtaining data from Open Data projects No access
      4. 4. Data from publicly available sources No access
    1. I. Data processing No access
    2. II. Life cycle of data No access
      1. 1. The purpose of data collection and processing No access
      2. 2. The “purpose” of contracts for the supply and use of data No access
        1. a) The link between the original and new purpose No access
        2. b) The context of data collection No access
        3. c) The type of personal data No access
        4. d) Possible consequences of the intended subsequent processing for the data subjects No access
        5. e) The existence of appropriate guarantees No access
  8. G. Third country transfer/Applicable law (Level of applicable law) No access 79 - 82
    1. I. Collection of data No access
      1. 1. Legality of the collecting data provided by a data supplier No access
      2. 2. Legitimacy of data acquisition from third parties No access
      3. 3. Rectifying deficiencies No access
      1. 1. Lawfulness of combining different data categories at the level of data retrieval No access
      2. 2. Combining personal data from different data sources No access
      3. 3. Combining personal data with factual data or anonymous data No access
      4. 4. Combination of personal data from different countries of origin No access
      5. 5. Combining different personal data collected for different purposes No access
      6. 6. Rectifying deficiencies No access
      1. 1. Pseudonymization (Art. 4 No. 5 GDPR) No access
      2. 2. Anonymization No access
      3. 3. Encryption and secrecy No access
      4. 4. De-anonymization for large amounts of data that allow re-identification No access
        1. a) Requirements for a data trustee No access
        2. b) Contractual penalty for breach of duties or for overcoming joint management controls No access
    5. V. Transmission of data from several controllers to a central Big Data application No access
      1. 1. Lawful grounds for the evaluation and analysis of personal data No access
        1. a) Applicant analysis No access
        2. b) Employee analysis No access
        3. c) Stress and mood analyses No access
        4. d) Databases for project analysis No access
        5. e) Prohibition of completely automatically generated individual decisions No access
      3. 3. Collective agreements No access
      4. 4. Rights of the works council to participate (in Germany § 87 (1) No. 6 BetrVG) No access
        1. a) Scoring No access
        2. b) User profile No access
      1. 1. Analysis of personal data records insofar as personal references still exist or can be restored No access
      2. 2. Evaluation of pseudonymized data records No access
      3. 3. Evaluation of non-personal data, factual data or anonymized data No access
    8. VIII. Use of personal data or person-related evaluation/analysis results No access
    1. I. Development of an erasure concept No access
    2. II. Implementation of a data erasure concept No access
      1. 1. Description of retention and erasure obligations No access
      2. 2. What is the relevant law for determining retention and erasure obligations? No access
      3. 3. Legal retention obligations No access
      4. 4. Erasure periods for archiving data on the basis of consent No access
      5. 5. Determining erasure periods from the purpose of use, the applicable statutory provisions and the business process reference of the processed data No access
        1. a) Determining a purpose and associated lawful ground for personal data No access
        2. b) Purpose and retention of non-personal data No access
    4. IV. Start times of retention and erasure obligations No access
    5. V. Assignment of data types to erasure classes No access
    6. VI. Resolution of conflicts when using one data type in different databases No access
    7. VII. What does “erasure” of data mean in contrast to its “blocking”, “masking”, “pseudonymization” or “anonymization”? No access
        1. a) Personal data No access
        2. b) Non-personal data No access
      2. 2. Date No access
      3. 3. Reasons for exclusion No access
      4. 4. Right to be forgotten No access
      5. 5. Right to limitation of processing No access
    9. IX. Erasure obligations towards licensors, data suppliers etc. independent of the data content No access
    10. X. Uniform erasure period for all documents and data No access
    11. XI. Erasure obligations for cross-border data processing No access
    12. XII. Storage locations and erasure obligations No access
    13. XIII. Four-eyes principle and documentation No access
    1. I. Information obligations according to Art. 13, 14 GDPR No access
      1. 1. Right to access No access
      2. 2. Right to rectification No access
      3. 3. Right to erasure and to be forgotten No access
      4. 4. Right to restriction of processing No access
      5. 5. Right to data portability No access
      6. 6. Right to lodge a complaint No access
    3. III. Records of processing activities according to Art. 30 GDPR No access
      1. 1. Access control No access
      2. 2. (Virtual) Access control No access
      3. 3. Admission control No access
      4. 4. Data medium control No access
      5. 5. Access and user control No access
      6. 6. Control of disclosure, transmission and transport No access
      7. 7. Input and storage control No access
      8. 8. Contract control No access
      9. 9. Availability control No access
      10. 10. Separation control No access
      11. 11. Recoverability No access
      12. 12. Reliability No access
      13. 13. Data integrity No access
      14. 14. Sanction for non-existent or inadequate technical and organizational measures No access
      1. 1. General principles for the processing of personal data No access
      2. 2. Principle of accountability (Art. 5 (2) GDPR) No access
      3. 3. Sanctioning a breach of these principles No access
  12. K. Data protection impact assessment No access 147 - 148
      1. 1. Fundamental right to informational self-determination No access
      2. 2. The fundamental right to ensure the integrity and confidentiality of information technology systems No access
      3. 3. Indirect effect of fundamental rights between private individuals; Interpretation of guidelines No access
      4. 4. Ensuring confidentiality through technical and organizational measures No access
    2. II. System data protection for non-personal data only in a Big Data Application No access
    1. I. Technical and organizational measures No access
    2. II. Protection of the algorithms underlying the Big Data application No access
    3. III. Compliance management system No access
    4. IV. Aspects of copyright contract law in the database management system No access
      1. 1. Administrative fines No access
      2. 2. Material and non-material damages supplemented by power to bring collective actions No access
      3. 3. Misdemeanours No access
      4. 4. Entry in central trade register (loss of entitlement to participate in public tenders) No access
      5. 5. Penalties according to the BDSG No access
      6. 6. Supervisory intervention rights of the data protection supervisory authorities No access
      1. 1. Injunctive relief No access
      2. 2. Damages claim No access
      3. 3. Enforcement of copyright claims No access
      4. 4. Destruction claim No access
      5. 5. Liability of the controller No access
      6. 6. Right to information No access
      7. 7. Criminal offences No access
      1. 1. Injunctive relief No access
      2. 2. Damage claims No access
      3. 3. Subordinate claims No access
      4. 4. Relevance under criminal law No access
      1. 1. Criminal offences No access
      2. 2. Civil law Claims under the German Trade Secrets Act No access
    5. V. Contractual claims No access
  16. O. Big Data Applications as a service No access 169 - 174
  17. P. Recommended Actions No access 175 - 176
  18. Index of keywords No access 177 - 178

Bibliography (56)

  1. Bibliography Open Google Scholar
  2. Ahlberg, Hartwig/Götting, Horst-Peter (eds.) Beck’scher Online-Kommentar Urheberrecht, 17th edition, 1.4.2017 Open Google Scholar
  3. Artikel-29-Working Party Working Paper 4/2007, WP 136, “Personal Data� Open Google Scholar
  4. Artikel-29-Working Party Working Paper 5/2014 re Anonymization Techniques, WP 216, from 10.4.2014 Open Google Scholar
  5. Artikel-29- Working Party Working Paper 5/2012 re Cloud Computing, WP 196, from 1.7.2012 Open Google Scholar
  6. Auer-Reinsdorff, Astrid/Conrad, Isabell (eds.) Beck’sches Mandatshandbuch IT-Recht, 2011 Open Google Scholar
  7. Auer-Reinsdorff, Astrid/Conrad, Isabell (eds.) Handbuch IT- und Datenschutzrecht, 2nd edition 2016 Open Google Scholar
  8. Bitkom Potenziale und Einsatz von Big Data, Ergebnisse einer repräsentativen Befragung von Unternehmen in Deutschland, 5.5.2014, https://www.bitkom.org/Publikationen/2014/Studien/Studie-Big-Data-in-deutschen-Unternehmen/Studienbericht-Big-Data-in-deutschen-Unternehmen. pdf (cited: https://www.bitkom.org/Publikationen/2014/Studien/Studie-Big-Data-in-deutschen-Unternehmen/Studienbericht-Big-Data-in-deutschen-Unternehmen.pdf) Open Google Scholar
  9. Conrad, Isabell/Grützmacher, Malte (eds.) Recht der Daten und Datenbanken in Unternehmen, 2014 Open Google Scholar
  10. Conraths, Timo/Krüger, Stefan Das virtuelle Hausrecht des Online-Spiel-Betreibers, Wirksame Rechtsschutzmöglichkeiten für Online-Spiel-Anbieter abseits des Vertragsrechts, MMR 2016, 310 et seq. Open Google Scholar
  11. Däubler, Wolfgang Gläserne Belegschaften, Das Handbuch zum Beschäftigtendatenschutz, 7th edition 2017 Open Google Scholar
  12. Dierks Bohle Rechtsanwälte Rechtsgutachten zur elektronischen Datentreuhänderschaft im Auftrag der Telematikplattform für Medizinische Forschungsnetze, 2008 (cited: Dierks, in: Telematikplattform für Medizinische Forschungsnetze, Rechtsgutachten zur elektronischen Datentreuhänderschaft) Open Google Scholar
  13. Dzida, Boris Big Data und Arbeitsrecht, NZA 2017, 541 et seq. Open Google Scholar
  14. Ehmann, Eugen/Selmayr, Martin (eds.) Datenschutz-Grundverordnung Kommentar, 2nd edition 2018 Open Google Scholar
  15. Engels, Thomas Datenschutz in der Cloud-Ist hierbei immer eine Auftragsdatenverarbeitung anzunehmen?, K&R 2011, 548 et seq. Open Google Scholar
  16. Ernst, Stefan Die Einwilligung nach der Datenschutzgrundverordnung, Anmerkungen zur Definition nach Art. 4 Nr. 11 GDPR, ZD 2017, 110 et seq. Open Google Scholar
  17. Forst, Gerrit Bewerberauswahl über soziale Netzwerke im Internet?, NZA 2010, 427 et seq. Open Google Scholar
  18. Geppert, Martin/Schütz, Raimund (eds.) Beck’scher TKG-Kommentar, 4th edition, 2013 Open Google Scholar
  19. Gersdorf, Hubertus/Paal, Boris P. (eds.) Beck’scher Online-Kommentar Informations- und Medienrecht, 17th edition, 1.8.2018 Open Google Scholar
  20. Gola, Peter/Pötters, Stephan/Wronka, Georg Handbuch Arbeitnehmerdatenschutz unter Berücksichtigung der Datenschutz-Grundverordnung, 7th edition, 2016 Open Google Scholar
  21. Gola, Peter/Schomerus, Rudolf (eds.) Bundesdatenschutzgesetz Kommentar, 12th edition, 2015 Open Google Scholar
  22. Grünwald, Andreas/Nüßing, Christoph Machine To Machine (M2M)-Kommunikation, Regulatorische Fragen bei der Kommunikation im Internet der Dinge, MMR 2015, 378 et seq. Open Google Scholar
  23. Hoeren, Thomas/Sieber, Ulrich/Holznagel, Bernd (eds.) Handbuch Multimedia-Recht, Rechtsfragen des elektronischen Geschäftsverkehrs, 46th update, January 2018 Open Google Scholar
  24. Hofmann, Johanna M., Anforderungen aus GDPR und NIS-RL an das Cloud Computing, ZD-Aktuell 2017, 05488 Open Google Scholar
  25. Höinghaus, Christoph Daten: Das Öl des 21. Jahrhunderts, Big Data wirtschaftlich sinnvoll einsetzen, CIO, 28.8.2015, https://www.cio.de/a/big-data-wirtschaftlich-sinnvoll-einsetzen,3246278 (cited: https://www.cio.de/a/big-data-wirtschaftlich-sinnvoll-einsetzen,3246278) Open Google Scholar
  26. IDC/DELL EMC Studie “Das digitale Universum�, Bericht für 2014, http://germany.emc.com/leadership/digital-universe/index.htm (cited: http://germany.emc.com/leadership/digital-universe/index.htm) Open Google Scholar
  27. Katko, Peter/Babaei-Beigi, Ayda Accountability statt Einwilligung? Führt Big Data zum Paradigmenwechsel im Datenschutz?, MMR 2014, 360 et seq. Open Google Scholar
  28. Kilian, Wolfgang/Heussen, Benno (eds.) Computerrechts-Handbuch, Informationstechnologie in der Rechts- und Wirtschaftspraxis, 33rd update, February 2017 Open Google Scholar
  29. Kinast, Karsten/Kühnl, Christina Telematik und Bordelektronik-Erhebung und Nutzung von Daten zum Fahrverhalten, NJW 2014, 3057 et seq. Open Google Scholar
  30. Klug, Christoph Der Datenschutzbeauftragte in der EU, Maßgaben der Datenschutzgrundverordnung, ZD 2016, 315 et seq. Open Google Scholar
  31. Konferenz der unabhängigen Datenschutzbehörden des Bundes und der Länder “Zur Anwendbarkeit des TMG für nicht-öffentliche Stellen ab dem 25. Mai 2018� from 26.4.2018 Open Google Scholar
  32. Kühling, Jürgen/Buchner, Benedikt (eds.) Datenschutz-Grundverordnung Kommentar, 2nd edition 2018 Open Google Scholar
  33. Leistner, Matthias Die Landkarte als Datenbank, Überlegungen zum Datenbankschutz für topografische Karten und geografische Daten, GRUR 2014, 528 et seq. Open Google Scholar
  34. Leistner, Matthias Was lange währt …: EuGH entscheidet zur Schutzfähigkeit geografischer Karten als Datenbanken, GRUR 2016, 42 et seq. Open Google Scholar
  35. Lindell, Yehuda/Pinkas, Benny Secure Multiparty Computation for Privacy-Preserving Data Mining, Journal of Privacy and Confidentiality 2009, 59 et seq. (cited: Lindell/Pinkas, in: The Journal of Privacy and Confidentiality, 2009, 59 et seq.) Open Google Scholar
  36. Mantz, Reto/Spittka, Jan Anmerkung zu EuGH from19.10.2016-C-582/14, NJW 2016, 3582 Open Google Scholar
  37. Metschke, Rainer/Wellbrock, Rita Berliner Beauftragter für Datenschutz und Informationsfreiheit, Hessischer Datenschutzbeauftragter, Datenschutz in Wirtschaft und Forschung Open Google Scholar
  38. Paal, Boris P./Pauly, Daniel A. (eds.) Datenschutz-Grundverordnung, Beck’sche Kompakt-Kommentare, 2nd edition 2018 Open Google Scholar
  39. Plath, Kai-Uwe (ed.) Kommentar zum BDSG und zur DSGVO sowie den Datenschutzbestimmungen von TMG und TKG, 3rd edition, 2018 (cited: editor, in: Plath, BDSG/DSGVO, 3rd edition 2018) Open Google Scholar
  40. Rebmann/Säcker (eds.), Münchener Kommentar zum BGB, 7th edition 2017, to § 1004 BGB (cited: author, in: Rebmann/Säcker, MüKo, …). Open Google Scholar
  41. Roßnagel, Alexander Fahrzeugdaten – wer darf über sie entscheiden?, SVR 2014, 281 et seq. (cited.: Roßnagel, 52. Verkehrsgerichtstag 2014, p. 282.) Open Google Scholar
  42. Roßnagel, Alexander/Scholz, Philip Datenschutz durch Anonymität und Pseudonymität, Rechtsfolgen der Verwendung anonymer und pseudonymer Daten, MMR 2000, 721 et seq. Open Google Scholar
  43. Säcker, Franz Jürgen/Rixecker, Roland/Oetker, Hartmut/Limpberg, Bettina (eds.) Münchener Kommentar zum BGB, 7th edition, 2017 Open Google Scholar
  44. Schaffland, Hans-Jürgen/Wiltfang, Noeme (eds.) Datenschutz-Grundverordnung, Bundesdatenschutzgesetz Kommentar, update 4/17, Februar 2017 (cited: eauthor, in: Schaffland/Wiltfang, GDPR/BDSG) Open Google Scholar
  45. Schild, Hans-Hermann (eds.) Praxis der Kommunalverwaltung, November 2015 (cited.: Schild/Ronellenfitsch/Arlt/Dembowski/Müller/Piendl/Rydzy/Schriever-Steinberg/Topp/Wehrmann/Wellbrock, in: Praxis der Kommunalverwaltung, Amendment November 2015) Open Google Scholar
  46. Simitis, Spiros (ed.) Bundesdatenschutzgesetz Kommentar, 8th edition, 2014 Open Google Scholar
  47. Spindler, Gerald Text und Data Mining – urheber- und datenschutzrechtliche Fragen, GRUR 2016, 1112 et seq. Open Google Scholar
  48. Thalhofer, Thomas Recht an Daten in der Smart Factory, GRUR-Prax 2017, 225 et seq. Open Google Scholar
  49. Weisser, Ralf/Färber, Claus Rechtliche Rahmenbedingungen bei Connected Car, Überblick über die Rechtsprobleme der automobilen Zukunft, MMR 2015, 506 et seq. Open Google Scholar
  50. Werkmeister, Christoph/Brandt, Ella Datenschutzrechtliche Herausforderungen für Big Data, CR 2016, 233 et seq. Open Google Scholar
  51. Wójtowicz, Monika/Cebulla, Manuel Anonymisierung nach der DSGVO, PinG 2017, 186 et seq. Open Google Scholar
  52. Wolff, Heinrich Amadeus/Brink, Stefan (eds.) Beck’scher Online-Kommentar Datenschutzrecht, 25th edition, 1.8.2018 Open Google Scholar
  53. Wybitul, Tim/Rauer, Nils EU-Datenschutz-Grundverordnung und Beschäftigtendatenschutz, Was bedeuten die Regelungen für Unternehmen und Arbeitgeber in Deutschland?, ZD 2012, 160 et seq. Open Google Scholar
  54. Wybitul, Tim/Ströbel, Lukas/Ruess, Marian Übermittlung personenbezogener Daten in Drittländer, Überblick und Checkliste für die Prüfung nach der GDPR, ZD 2017, 503 et seq. Open Google Scholar
  55. Zieger, Christoph/Smirra, Nikolas Fallstricke bei Big Data-Anwendungen, Rechtliche Gesichtspunkte bei der Analyse fremder Datenbestände, MMR 2013, 418 et seq. Open Google Scholar
  56. Zoebisch, Michael Stimmungsanalyse durch Call-Center, Datenschutzrechtliche Zulässigkeit der Analyse der emotionalen Verfassung anhand der Stimme, DuD 2011, 394 et seq. Open Google Scholar

Similar publications

from the topics "European Law & International Law & Comparative Law"
Cover of book: Unbeabsichtigte Normenkonflikte zwischen EU-Recht und nationalem Recht
Book Titles No access
Yannis Ockernahl
Unbeabsichtigte Normenkonflikte zwischen EU-Recht und nationalem Recht
Cover of book: Der Volkseinwand
Book Titles No access
Florian Feigl
Der Volkseinwand
Cover of book: Wie fördert die EU Menschenrechte in Drittstaaten?
Book Titles No access
Dennis Traudt
Wie fördert die EU Menschenrechte in Drittstaaten?
Cover of book: Future-Proofing in Public Law
Edited Book No access
Nicole Koblenz LL.M., Nicholas Otto, Gernot Sydow
Future-Proofing in Public Law
Cover of book: Das Weltraumrecht und seine Eignung für den Rohstoffabbau durch Privatakteure
Book Titles No access
Justus Schmidt
Das Weltraumrecht und seine Eignung für den Rohstoffabbau durch Privatakteure

Notice

This work is protected by copyright and may only be used in accordance with the provisions of the Terms of Use and License Agreement. Any use of the work beyond this is expressly prohibited and will be prosecuted.

Give feedback

We welcome your feedback on content and features. Your message helps us to continuously improve our service.

Rating
Attach images
or drag and drop
PNG or JPG (max. 3 MB)

Login

Forgotten your password?
Login via Open Athens
Don't have an account yet?
Register now

Cite publication

Download: RIS BibTex