Publicaties

The Right to Be Forgotten in the Internet Era

Especially after its appearance in the European Commission's recent proposal for a new Data Protection Regulation, the 'right to be forgotten' has provoked quite some criticism. Much of the opponents, however, seem uninformed on the actual scope and meaning of the proposed provision. Additionally, the concept is often confused with the much older 'droit a l'oubli', which finds its rationale in the protection of privacy as a fundamental human right. This text starts by giving an overview of the more traditional droit a l'oubli and how it is applied throughout Europe. Subsequently, the more modern 'right to be forgotten' is analyzed from a normative, market, technological and legal perspective. Finally, this text makes a thorough and critical analysis of the current proposal. Despite its laudable goal, some deficiencies should be resolved. But, in general, the right seems to restore the power balance by giving (back) effective control to individuals over their personal data.

Author:
Published in:

ICRI Research Paper No. 11, November 2012

Category:

Articles

Jaar:

2012

Download

Collection and Storage of Personal Data: A Critical View on Current Practices in the Transportation Sector

This paper is based on a 2011 ENISA study that aimed at the analysis of two core principles that can be considered as key manifestations of privacy by design: on the one hand the principle of minimal disclosure (which is also known as the data minimisation principle), and on the other the duration of the storage of personal data (which is also known as conservation principle). It focuses on the data collected for two specific application areas: online ticket booking and purchasing, and the collection and exchange of so-called Passenger Name Record (PNR) data in the European air travel sector and it provides a summary of its findings in relation to the transportation sector across the EU Member States. The analysis shows that it is worrisome to observe that so many systems deployed in real life do not follow a privacy by design approach, and insufficiently consider the data minimisation and data conservation principles. There is a need for these principles to be strengthened in practice, through legislation and governance mechanisms that favour privacy by design, including a clear assessment of privacy impacts and the identification of more privacy conscious implementation alternatives, in order to ensure that the personal data of European citizens is proactively protected, instead of having to modify operational systems only after privacy problems come to light.

Author:
Published in:

Privacy Technologies and Policy
First Annual Privacy Forum, APF 2012, Limassol, Cyprus, October 10-11, 2012, Revised Selected Papers
Editors: Bart Preneel and Demosthenes Ikonomou

Category:

Articles

Jaar:

2014

Buy here

Paying via a wearable device: the legal issues to consider

Time.lex lawyers Edwin Jacobs and Ruben Roex explore in this contribution, published in the October issue of E-Finance & Payments Law & Policy, several legal issues that arise in the context of wearables and especially where the wearable serves as an instrument to make payments. The market for wearables still shows quite a lot of growth potential, potential that thoroughly developed payments capabilities of a wearable may help realise. The authors concisely touch upon several legal themes which are highly relevant in this context, including data protection, payments law, cybercrime, etc. 

Author:
Published in:

E-Finance & Payments Law & Policy - October 2015

Category:

Articles

Jaar:

2015

Artikel

EU’s general cybersecurity legislation has arrived

At the beginning of the month, on the 6th of July 2016, the European Parliament voted in favor of what can be construed as the EU’s first ever piece of comprehensive cybersecurity legislation. This article is also published on our blog.

Author:
Published in:

The Paypers, Web Fraud Prevention and Online Authentication Market Guide 2016/2017

Category:

Articles

Jaar:

2016

Download this report

Eight misconceptions regarding the General Data Protection Regulation

The article Eight misconceptions regarding the General Data Protection Regulation by Edwin Jacobs is published on the website of The Paypers.

Author:
Published in:

Expert Opinion

Category:

Articles

Jaar:

2017

Read article

Breach notifications in the EU: the EBA adds to an already weighty list

Several EU rules and regulations impose on payment firms mandatory data breach notification to the regulator. But the conditions, timing and competent regulator(s) may vary. Of particular note are the European Banking Authority’s (‘EBA’) draft guidelines on major incident reporting under PSD2, set out in a consultation paper in December 2016, which have been the subject of some concern. In this article, Edwin Jacobs, Partner at time.lex, provides a brief overview of the applicable data breach notification requirements that may apply to payments firms, sometimes in combination.

Author:
Published in:

Payments & FinTech Lawyer, Volume: 11 Issue: 5 (May 2017)

Category:

Articles

Jaar:

2017

Click here

Artificial Intelligence and copyright: a difficult relationship

Geert Somers & Camille Vermosen from time.lex discuss the copyright law around artificial intelligence, considering the complex relationship the two have had since its creation.

Author:
Published in:

The Copyright Lawyer, October 2017

Category:

Articles

Jaar:

2017

Click to read

IPR strategy for industry 4.0: what can we learn from 3D printing?

Financier Worldwide published the article IPR strategy for industry 4.0: what can we learn from 3D printing? in their January 2018 magazine. Geert Somers is co-author of this article. 

Author:
Published in:

Financier Worldwide Magazine, January 2018 issue

Category:

Articles

Jaar:

2018

Read article

Study on Cloud Computing and challenges to Security, Privacy and Trust

In the past year, time.lex worked on a study on Cloud Computing and challenges to Security, Privacy and Trust, examining the legal challenges related to cloud computing. The study was commissioned by the European Commission - DG Information Society, and was executed by time.lex along with our colleagues from RAND Europe and the University of Warwick.

Author:
Published in:

Autonomous report

Category:

Reports

Jaar:

2011

PDF download

Study on the evaluation of the Action Plan for the implementation of the legal framework for electronic public procurement

This study contained an evaluation of the 2004 eProcurement Action Plan, including specifically a study of the state of eProcurement in all Member States, EEA countries and two candidate countries, along with a critical assessment of the impact and effectiveness of the Action Plan.

The study was conducted jointly by Siemens IT Solutions & Services and time.lex.

Author:
Published in:

Autonomous report

Category:

Reports

Jaar:

2010

PDF download

Study of case law on the circumstances in which IP addresses are considered personal data

This fact finding study for the European Commission - DG INFSO contains an overview of case law within the Member States on the legal qualification of IP addresses as being personal data under the European Data Protection Directive, along with a summary examination of the main deciding factors.

Author:
Published in:

Autonomous report

Category:

Reports

Jaar:

2011

PDF download

Study on data collection and storage in the EU

Given the clear contrast between the importance of the privacy by design principle on the one hand, and the reality of lax data protection practices with many online service providers on the other hand, this report presents an analysis of the relevant legal framework of European Member States on the principles of minimal disclosure and the minimum duration of the storage of personal data. Commissioned by ENISA, the focuses on a limited number of relevant use cases and tries to find out how the aforementioned principles are expressed in concrete legal or regulatory provisions applicable to these cases, and how they are observed in practice. It was drafted by Eleni Kosta, Jos Dumortier and Hans Graux on behalf of time.lex, with the support and guidance of Rodica Tirtea and Demosthenes Ikonomou (ENISA).

Author:
Published in:

Autonomous report

Category:

Reports

Jaar:

2012

PDF download

Security certification practice in the EU - Information Security Management Systems - A case study

The ENISA report aims at providing input for the adoption of a framework on privacy certifications, as well as for eGovernment certification in Europe. There are numerous IT security certification schemes across the European Member States that can serve as the basis for the drawing of recommendations on aspects of security certifications that could be applied to privacy and eGovernment services certification. This study addresses Information Security Management Systems (ISMS) certification.

Author:
Published in:

ENISA (European Union Agency for Network and Information Security), 21/11/2013

Category:

Reports

Jaar:

2013

Link

Securing personal data in the context of data retention

Data retention legislation has been adopted to address concerns related to national security and serious criminal activity. The legislation provides access to communication data for law enforcement purposes. However, according to the Data Retention Directive (DRD) personal data collected, stored or in any way processed in most European Union (EU) Member States (MSs) needs to be securely protected, to meet the requirements of data protection legislation. This study provides the results of (a) a survey on the national implementation of the DRD in six selected Member States on the requirements regarding technical and organisational security measures (in short ‘security measures’) and the implementation of the data security principles that are provided for in the Directive, and (b) a state-of-the-art analysis of the security measures proposed for the protection of personal data collected and stored in the context of the DRD. ENISA initiated this study following a request by the Directorate General Home Affairs (DG HOME) of the European Commission. This document aims at providing a set of recommendations for a common European approach on the security measures that should be taken in relation to retained data, taking into account existing specifications on security measures.

Author:
Published in:

ENISA (European Union Agency for Network and Information Security), 10/12/2013

Category:

Reports

Jaar:

2013

Link

Legal Regulation of Electronic Health Records: A Comparative Analysis of Europe and the US

Development of electronic health records is evolving quickly in the US and Europe. Various approaches have proven to be possible and they have resulted in different electronic health record solutions and regulatory instruments. In Europe governmental bodies have been the driving force behind the development and implementation of electronic health records. Consequently many European countries established a new legal framework simultaneously with the roll-out of government-initiated eHealth structures. In the US the driving force was -up to now- not so much the government, but rather the private sector, in particular insurance companies and healthcare organisations. This resulted in a strong focus on personal health records. In 2009 however, the US government issued the largest stimulus package ever in order to encourage the adoption of electronic health record solutions. In this review, Griet Verhenneman and Jos Dumortier of time.lex provide a critical analysis of the legal and regulatory framework for electronic health records in Europe and the US.

Author:
Published in:

Carlisle George, Diane Whitehouse and Penny Duquenoy eds. eHealth: Legal, Ethical and Governance Challenges, Springer-Verlag, Berlin, 2012, 398.

Category:

Books

Jaar:

2012

Link

L’influence sur la décision du consommateur dans l’appréciation du caractère trompeur d’une publicité

L’influence sur la décision du consommateur dans l’appréciation du caractère trompeur d’une publicité

Author:
Published in:

Marktpraktijken – Intellectuele eigendom – Mededinging | Pratiques du marché – Propriété intellectuelle – Concurrence, Wolters Kluwer, p. 182-227

Category:

Books

Jaar:

2014

Publication