2019
How can the experience of the data breach notification obligations in the law of the United States be beneficial for the interpretation of the new personal data breach notification obligations pursuant to GDPR?
KASL, FrantišekZákladní údaje
Originální název
How can the experience of the data breach notification obligations in the law of the United States be beneficial for the interpretation of the new personal data breach notification obligations pursuant to GDPR?
Autoři
KASL, František (203 Česká republika, garant, domácí)
Vydání
Tilting2019: Tilting Perspectives 2019 – Regulating a world in transition, 2019
Další údaje
Jazyk
angličtina
Typ výsledku
Prezentace na konferencích
Obor
50501 Law
Stát vydavatele
Nizozemské království
Utajení
není předmětem státního či obchodního tajemství
Odkazy
Kód RIV
RIV/00216224:14220/19:00109652
Organizační jednotka
Právnická fakulta
Klíčová slova anglicky
personal data breach; security breach; GDPR
Příznaky
Mezinárodní význam
Změněno: 12. 5. 2020 18:14, Mgr. Petra Georgala
Anotace
V originále
Following the enactment of the bill California S.B. 1386 in 2002, also known as California data security breach notification law, majority of US states adopted some form of mandatory data breach notification legislation. The experience with this type of legal instrument in the legal systems of the United States over the last decade and a half may therefore serve as a valuable case study for the general data breach notification obligation under Articles 33 and 34 of the General Data Protection Regulation 2016/679. The data breach notification obligation is for most data controllers a new obligatory requirement that presents a new challenge for monitoring of internal processes. Taking into consideration the proximity of the legal systems, similar economic realities, technological development and social values, the substantial record of data breach notification practice in the United States holds a sizeable potential for analysis and an opportunity for comparative transfer of relevant conclusion to help the implementation of the newly established GDPR general data breach notification obligation. There are on the other hand unavoidable differences in conceptual framework of this instrument between American and European approach as well as to some degree within the United States complex legal structure itself. Understanding these limitations is therefore an essential part of the analysis that is affecting the conclusion about the overall potential value of the lessons that can be learned. Beyond the historical developments of the institute, its interpretation and application are of special interest to the contribution the current challenges related to the boom of Internet of Things solutions and the influence this technological change has or may have on the purpose and function of the data breach notification obligation.
Návaznosti
| TL02000398, projekt VaV |
|