Book contents
- Frontmatter
- Dedication
- Preface
- Acknowledgements
- Contents
- List of Cases
- List of Legislation and International Instruments
- List of Tables, Figures and Schedules
- List of Abbreviations
- Chapter 1 Introduction
- PART I THE PROBLEM
- PART II PRIVACY MANAGEMENT AS A SOLUTION
- Chapter 4 How to Regulate Online Services
- Chapter 5 Economic Regulation of ‘Data Markets’
- Chapter 6 The Architecture of Privacy Management
- Chapter 7 How to Construct Laws for Privacy Management
- Schedules
- Bibliography
- Index
- About the Author
Chapter 7 - How to Construct Laws for Privacy Management
from PART II - PRIVACY MANAGEMENT AS A SOLUTION
Published online by Cambridge University Press: 15 November 2019
- Frontmatter
- Dedication
- Preface
- Acknowledgements
- Contents
- List of Cases
- List of Legislation and International Instruments
- List of Tables, Figures and Schedules
- List of Abbreviations
- Chapter 1 Introduction
- PART I THE PROBLEM
- PART II PRIVACY MANAGEMENT AS A SOLUTION
- Chapter 4 How to Regulate Online Services
- Chapter 5 Economic Regulation of ‘Data Markets’
- Chapter 6 The Architecture of Privacy Management
- Chapter 7 How to Construct Laws for Privacy Management
- Schedules
- Bibliography
- Index
- About the Author
Summary
The previous chapters have shown which market and technological regulations can implement effective privacy management. Now it is time to define the legal recipe for putting those tools in place.
To do this, first, section 1 marks the gaps in current privacy laws in European law, and in Australia, Canada and New Zealand; that is, it describes the origin and content of statutory level privacy laws, and verifies how they fit into privacy management. In doing so, it looks at so-called Fair Information Practice Principles (FIPPs), which form the operative core of the privacy laws in all the researched jurisdictions. The chapter examines early privacy recommendations to check how FIPPs were designed and what problems are inherent within them. It also describes national privacy laws built on the basis of those privacy principles and reflects on their capacity to implement privacy management. Additionally, it formulates some conclusions as to the deficiencies of a procedural approach to managing privacy processes.
Second, section 2 concentrates on closing the gaps that have just been identified. It describes in detail how privacy management should be applied on top of the most advanced privacy law - the EU General Data Protection Regulation (GDPR). It uses the evaluation criteria of the Privacy Management Model (PMM) presented in Chapter 4 as operational goals. For each goal (i.e. each functionality of controlling, organising and planning), it checks the GDPR's ability to achieve it and describes the additional legal measures necessary to do so. This is done in three steps, each of which relates to a core function of privacy management: controlling, organising and planning.
Section 3 finishes closing the gaps by describing the legal requirements of a more general character necessary to implement PMM. It presents a way in which the implementation of privacy management laws could be supported and secured by enacting an overarching legal principle of informational self-determination. It argues that such a principle containing a substantive, positive liberty needs to replace the FIPPs-based model and that this is possible in Europe or perhaps is even already being developed there. Furthermore, it shows how privacy management laws should cover services delivered from abroad.
- Type
- Chapter
- Information
- Publisher: IntersentiaPrint publication year: 2019