• No results found

On the Concept of Data: Safeguarding the Fundamental Right to the Protection of Personal Data – An Actor-Network Theory Analysis on Personal Data

N/A
N/A
Protected

Academic year: 2021

Share "On the Concept of Data: Safeguarding the Fundamental Right to the Protection of Personal Data – An Actor-Network Theory Analysis on Personal Data"

Copied!
67
0
0

Bezig met laden.... (Bekijk nu de volledige tekst)

Hele tekst

(1)

On the Concept of Data: Safeguarding the Fundamental Right to the Protection

of personal data – An Actor-Network Theory Analysis on Personal Data

Title: On the Concept of Data: Safeguarding the Fundamental Right to the Protection of Personal Data – An Actor-Network Theory Analysis on Personal Data

Final version: 2015-06-22

Thesis Master Information Science – Business Information Systems University of Amsterdam Faculty of

Science

Supervisor and Examiner:

Peter Weijland

Signature:

_____________________

Examiner 1:

_____________________

Signature:

_____________________

Examiner 2:

_____________________

Signature:

_____________________

Examiner 3:

_____________________

Signature:

_____________________

Mark Uijen de Kleijn

10645101

(2)

Abstract

The central research question of this master thesis project is:

What can Actor-Network Theory do to advance the concept of data, in order to safeguard the Fundamental Right to the Protection of personal data?

With this question the identified problems for the concept of data can be addressed. There is a high diversity in definitions in the information studies field, and in other fields as well, and the definitions of data are not transcendent to other fields. Furthermore, in the information studies field the concept of data has not been considered to be a problem, because their pragmatic approach works for their field. However, the concept of data is not applicable to one field of interest alone anymore, but data is practiced and understood differently in many fields. The concept of data as it is ‘materialized’ in the proposed General Data Protection Regulation is the focus of this research. If the concept of data in this Regulation is not practiced well, the chance of an effective safeguarding of the Fundamental Right to the Protection of personal data decreases. With Actor-Network Theory it is possible to analyze the concept of data from a different perspective, with a value-free and definition-free method. The answer to this central research question is that Actor-Network Theory is able to analyze, reassemble and hence advance the concept of data, to increase the chance of an effective safeguarding of the Fundamental Right to the Protection of personal data. Traceability should be added to the concept of data in the proposed General Data Protection Regulation when ‘reassembling’ (or redefining) the concept of data from an Actor-Network Theory perspective, especially when the term ‘information’ has been used. Furthermore, the reassembling should result in ‘attaching’ certain criteria to the actor-network where the personal data and the data subject are part of. As a consequence, the concept of personal data may be more clearly and less unambiguously defined and practiced, as it has been established that the concept of personal data is partially unclear and ambiguous currently.

The most important findings from this master thesis project are:

The concept of data in the proposed General Data Protection Regulation is a matter of delegation in Actor-Network Theory, just like the speed bump

With the concept of (personal) data in the proposed General Data Protection Regulation the meaning of personal data becomes clear, as well as the criteria for processing personal data and the obligations that are related to the processing. The Fundamental Right to the Protection of personal data is (partially) delegated, a term from Actor-Network Theory, to this concept of data, just like the speed bump is a delegation for the traffic regulations. However, there is a problem with this resemblance. Unlike the speed bump, which is a physical entity, the concept of data is an abstract notion, and, as such, may result in differences of interpretation and practice, and might not ‘force’ organizations to protect personal data like the speed bump does to protect the safety in traffic. The protection of personal data may never be realized properly through the ambiguity of the definition of personal data, and subsequently the practice of the concept of data in other fields based on this ambiguity. For the concept of data in the proposed General Data Protection Regulation to be as effective as the speed bump is for safety in traffic, the concept of data needs to be clear and unambiguous.

The concept of data in the proposed General Data Protection Regulation must be traceable and observable

The use of the term ‘information’ in the proposed General Data Protection Regulation conflicts with the Actor-Network Theory perspective. The term ‘information’ confuses in the official definitions, and is open to multiple interpretations. The definition is ambiguous and the term is not used correctly, because it is assumed that information is traceable, while according the Actor-Network Theory perspective it is something ‘within’ or ‘part of’ a person or human, and not traceable or observable. In the Regulation the term information is used as an equivalent of data, which is confusing because information is part of the definition of ‘personal data’. These issues decrease the chance for the concept of (personal) data to be effective in practice for practitioners, and risk the safeguarding of the Fundamental Right to the Protection of personal data. The concept of data in the proposed General Data Protection Regulation should be traceable and observable. The term ‘information’ should therefore be avoided in the official documents of this Regulation or be defined more clearly, because information is not traceable. Furthermore, the concept of data in the proposed General Data Protection Regulation should be about ‘attaching’ certain criteria to the actor-network where the personal data and the data subject are part of.

(3)

Preface

I am very happy to present my master thesis report, a result of hard and satisfied work. My main motivation to start with ‘data’ as my central topic is because I notice many different definitions and practices of data that do not gratify me. I could never denominate this exactly and explicitly, but it intrigued me immense. As I encountered in my work discussions about data protection for data analytics, my interest for data protection began. The combination of the ‘general’ subject of data and the more specific subject of data protection showed me that there is much unconsidered and the field of information studies and the legal field do not have the same understanding about these topics.

Therefore, I wanted to address the issues that I see by coming up with an ‘alternative’ definition of data, with the influence from another perspective: sociology. This naïve approach was thrown away quickly, because it was mentioned to me that an objectivistic solution such as an alternative definition might not be sufficient to solve the problems I see, because the solution would more likely be found with another perspective. Therefore, I again read the article that opened my eyes in my premaster (Huizing, 2007), and concluded that an alternative definition would not contribute to the problems I saw. A rose is not given ‘to a loved one because they have thorns, but because they are mutually understood as tokens of love’. Although my ‘alternative’ definition of data would of course be magnificent and comprehending, it would thus not contribute. The general perspective of ‘sociology’ also appeared to be too ambitious. My colleague Wim Bouman suggested, already before my initial idea began, to read some articles from Bruno Latour and especially his notion of ‘agency’, which aroused my interest. Although very difficult, this literature appeared to be excellent for me to develop another perspective on data. I could still use the proposed General Data Protection Regulation of the European Union to illustrate this other perspective. Not only my prior knowledge of this Regulation might be helpful, this Regulation is also very important for society, because it effectuates a fundamental right from the European Union Charter of Fundamental Rights. On top of that, my suspicion was that legislators and the legal field have consciously thought of their definitions.

Unfortunately, this master thesis report is not easy to read. The topics that I addressed are diverse, complicated, relatively new (partially) and interdisciplinary. It is not possible for me to write my results down more easily, without leaving important results behind. A possible complication is the lack of background that the readers from different disciplines have for the other disciplines that are addressed. As I have conducted this master thesis project for the information studies field, I hope this field can use the results relatively quickly. For Actor-Network Theory, hopefully I have opened a new topic to investigate further, because I think this perspective would be greatly beneficial for the topic of data. The legal field, and especially in the field of data protection, may benefit from the insights of this master thesis project, which should be addressed and researched further in the legal discipline (hopefully in an interdisciplinary form).

I would not be able to perform my master thesis project without the help of many people, in many different fields. First, I would like to thank my master thesis supervisor Peter Weijland. Not only for his dedication and being open to an unconventional topic, but also for his understanding and pragmatism, in which he often held me down to earth before I had yet another idea for an approach or a different angle. Second, Wim Bouman, my colleague and sociologist, helped me a lot during my master thesis project. Not only by helping me understand Actor-Network Theory, but also by asking the right questions and give feedback at my work during many parts of the project. Following, professor Zwenne helped me with the interpretation of the proposed General Data Protection Regulation and was prepared to examine my master thesis project. It is an honor for me to have a professor in the Telecom and Privacy law field to examine my work, which increases the value of my project to me. Furthermore, there were many anonymous participants that I interviewed for several parts of my project that I would like to thank. As well as many anonymous people, colleagues, supervisory authorities, lecturers and scientists that helped connecting me with the right people for the right subjects. Last but not least, I want to thank my girlfriend, family and friends for the patience and the understanding for my absence in many occasions because of my aspiration for an influential result and a high degree.

(4)

Table of contents

Abstract ... 2 Preface ... 3 1. Introduction ... 6 -1.1 Research Question ... 8 -1.2 Research Methods ... 9 -1.3 Report structure ... 11

2. What is the prevailing materialization of the concept of data in Data Protection Regulation? ... 11

-2.1 Introduction and approach ... 11

-2.2 Method of analyzing the Concept of Personal Data ... 12

-2.3 Materialized Concept of Personal Data in the Regulation ... 12

-2.4 ActorNetwork Theory analysis on Concept of Personal Data ... 13

-2.5 Conclusions for the Concept of Personal Data in the proposed General Data Protection Regulation ... 15

-2.6 Answer to the subquestion ... 16

-3. How does the materialization of the concept of data in five fields of interest relate to the concept of data in Data Protection Regulation, and what are the main differences? ... 16

-3.1 Introduction and approach ... 16

-3.2 Materialized Concept of Data in five fields of interest ... 16

-3.2.1 Information Systems. ... 17

-3.2.2 Ethnography. ... 18

-3.2.3 Data Quality. ... 19

-3.2.4 Information Security. ... 20

-3.2.5 Intellectual Property. ... 20

-3.3 Analysis Concept of Data in five fields of interest ... 21

-3.4 Comparison Concept of Data in five fields of interest and Data Protection Regulation ... 21

-3.5 Conclusions differences between the Concept of Data in five fields of interest and Concept of Data in Data Protection Regulation ... 22

-3.6 Answer to the subquestion ... 23

-4. What does the reassembling with Actor-Network Theory do to advance the concept of data in Data Protection Regulation? ... 23

-4.1 Introduction and approach ... 23

-4.2 ANT inspired view on data ... 24

-4.2.1 Data can be ‘attached’ and thus part of a (actor) network. ... 24

-4.2.2 Data can have agency. ... 25

-4.2.3 Data is (often) a mediator. ... 25

-4.2.4 There is no information, there is only transformation. ... 26

-4.2.5 Data is multiinterpretable ... 26

-4.3 Analysis Concept of Personal Data in proposed General Data Protection Regulation ... 28

(5)

-4.3.2 Data can have agency. ... 29

-4.3.3 Data is (often) a mediator ... 29

-4.3.4 There is no information, there is only transformation ... 30

-4.3.5 Data is multiinterpretable ... 31

-4.4 Conclusions Concept of Personal Data in proposed General Data Protection Regulation ... 31

-4.5 Reassembling of the Concept of Personal Data with the ANT inspired view on data ... 33

-4.6 Answer to the subquestion ... 33

5. Overall findings of this master thesis project ... 33

-5.1 Answer to central research question ... 33

-5.2 Findings from master thesis project ... 34

-5.2.1 The Concept of Personal Data is a matter of delegation in Actor-Network Theory, just like the speed bump. 34 -5.2.2 The Concept of Personal Data is more extensive, explicit and clear than the Concept of Data in the five fields of interest. ... 34

-5.2.3 The Concept of Personal Data in the Regulation must be traceable and observable. ... 34

-5.3 Findings for the disciplines that has been focused on ... 35

6. Reflection and future work ... 36

7. References ... 37

Appendix A: Selected documents for analysis proposed General Data Protection Regulation... 39

-Appendix B: Overview statements for validation interpretation proposed General Data Protection Regulation and results ... 41

Appendix C: Results validation initial literature sources definition of data Information Systems ... 44

-Appendix D: Results new sources from validation literature sources definition of data Information Systems- 46 Appendix E: Analytical Framework Information Systems ... 47

Appendix F: Analytical Framework Ethnography ... 48

Appendix G: Analytical Framework Data Quality ... 49

Appendix H: Analytical Framework Information Security ... 50

Appendix I: Analytical Framework Intellectual Property ... 51

(6)

-1. Introduction

With the Fundamental Right to the Protection of personal data1, as illustrated in Figure 1, and the effectuation of the proposed General Data Protection Regulation2 of the European Union, data has been3 permeated among the lives of European Union (EU) citizens. The processing of personal data is easier and ‘on an unprecedented scale by both privacy companies and public authorities’, which ‘increases the risks for individuals’ rights’ and this fact ‘challenges their capacity of keeping control over their own data’4. In this way the protection of personal data extends from the legal field to e.g. the

information studies5 field. Both disciplines engage themselves with the Concept of Data6 - its meaning will be elaborated subsequently in this report - as sufficiently elaborated or irrelevant to elaborate in much detail for their discipline, and they do not experience any issues with the definition and use of the Concept of Data. However, from the point of view beyond the individual disciplines, there are several problems with the Concept of Data as it is currently practiced, and these issues are not trivial. First, the diversity of definitions in information studies, as well as in other fields, is high and the definitions of data are not transcendent. The fact that Wikipedia needs two separate pages7 to explain the meaning of the term ‘data’ illustrates the complexity, ambiguity and intricacy of data. The diversity results in many interpretations about data or equivalents of data and subsequently the use and practice of data. A LinkedIn discussion about data and

information which came to my notice is the best way to illustrate this8. Whereas a discussion may contribute to

clarification of a subject, I cannot help feeling that in this particular case it only succeeds in obscuring the issue. Second, in the information studies field the Concept of Data is not considered as a problem, because their pragmatic approach works for this field. This lack of transcendence may not be sufficient to practice the Concept of Data in other fields similarly, and may not effectively safeguard the Fundamental Right to the Protection of personal data. In spite of the fact that both in information studies as in the legal field a lot of research has been done, surprisingly little effort has been made to research the complexity of the Concept of Data. Additionally, this research has been done most often only within their own discipline.

In this report these issues are addressed from both the legal discipline and the information studies discipline, because the issues transcend the individual perspectives. The legal discipline, the information studies discipline and the CIO’s - which are considered here as the practitioners of the information studies discipline - should address these issues, and therefore this report has been written for these groups. For the information studies field,

1 (2000/C 364/01) Charter of Fundamental Rights of the European Union, Article 8, http://www.europarl.europa.eu/charter/pdf/text_en.pdf

2 2012/0011 (COD) Proposal for a Regulation of the European Parliament and of the Council on the protection of

individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation), http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:52012PC0011&from=EN 3 The term ‘data’ is considered in singular form, following the proposed General Data Protection Regulation. 4 SEC(2012) 72 final, Commission Staff Working Paper Impact Assessment Accompanying the document, http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:52012SC0072&from=EN

5 ‘Information studies’ and ‘information systems’ are used interchangeably.

6 For the ‘concept of data’ capital letters are used for ‘Concept’ and ‘Data’ to distinguish the ‘concept of data’ that is

introduced here with the Fundamental Right to the Protection of personal data, that is written with lowercase letters.

7http://en.wikipedia.org/wiki/Data & http://en.wikipedia.org/wiki/Data_(computing) 8

https://www.linkedin.com/grp/post/36781-6006076238857330692#commentID_discussion%3A6006076238857330692%3Agroup%3A36781

Figure 1. European Union Charter of Fundamental Rights

(7)

the Concept of Data, and the Concept of Personal Data9 in specific, is new and trendy. Therefore, certainly not all issues and questions that relate to the Concept of Data in the information studies can be addressed, but this project certainly addresses some main issues and gives a starting point for further research.

With an Actor-Network Theory approach, I have found that the Concept of Personal Data resembles the speed bump, ‘that forces drivers to slow down’ (Latour, 1994, p. 38) through ‘force’. The goal of slowing drivers down is ‘delegated’ to the speed bump, in Latour’s terminology. What is delegated is regulated through traffic regulations. This example shows a resemblance to the Concept of Personal Data, because with the Concept of Personal Data the meaning of personal data in the proposed General Data Protection Regulation (from now on also referred to as: ‘Regulation’) becomes clear, as well as the criteria for processing it, which is a prerequisite for the enforcement of the protection of personal data.

However, unlike the speed bump, which is a physical entity, the Concept of Personal Data is an abstract notion, and, as such, more open to obfuscation. Resulting from a concept, you may expect differences of interpretation and practice, and a concept might not ‘force’ organizations to protect the personal data, like the speed bump does to protect the safety in traffic. Although the definition of personal data is clear for the legal field and its possible ambiguity has not been found relevant in this field, this implicit assumption that the definition of personal data is understandable for everyone and is interpreted similarly, is at least not certain. For other fields, like the information studies field, the Concept of Personal Data is relatively new, which may result in differences of interpretation and practice, and subsequently the protection of personal data may never be realized properly. For the Concept of Personal Data to be as effective as the speed bump is for safety in traffic, the definitions need to be clear and unambiguous, as the Concept of Personal Data is practiced in many fields.

The results of this master thesis project illustrate that the Concept of Personal Data in the Regulation is more explicit and more clearly defined than the Concept of Data in five fields of interest, including the information systems field. Its definition is more extensive and the (lawful) processing of the personal data (and more) is included in the Concept of Personal Data, while the Concept of Data in the five fields of interest is mainly about the data itself.

In this master thesis project I have used Actor-Network Theory (from now on also referred to as: ‘ANT’) to analyze and ‘reassemble’ the Concept of Personal Data in the Regulation. ANT enables the analysis of the Concept of Personal Data transcendent over different research fields and to ‘reassemble’ or redefine the Concept of Personal Data. This ANT analysis illustrates that the Concept of Personal Data is not simply transcendent to other fields of interest. The Concept of Personal Data reflects many aspects of th developed ‘ANT inspired view on data’, but the Regulation confuses practitioners with the use of the term ‘information’, which conflicts with this ANT inspired view on data. Additionally, the Regulation might be interpreted differently between member states. These issues decrease the chance for the Concept of Personal Data in the Regulation to be as effective in practice as the speed bump for safety in traffic, for the safeguarding of the Fundamental Right to the Protection of personal data. This conclusion may be different than you would expect and may surprise many of the readers, because in the individual fields the lack of transcendence is considered not relevant or is neglected. But this lack of transcendence should be addressed, because the practice of the Concept of Data in individual fields may affect the safeguarding of the Fundamental Right to the Protection of personal data.

To come up with these conclusions, I have conducted three steps in my research: the analysis of the Concept of (Personal) Data in the proposed Regulation, the comparison of this Concept of (Personal) Data to the Concept of Data in five fields of interest, and a ‘reassembling’ of the Concept of (Personal) Data in the Regulation with ANT to advance the Concept of (Personal) Data for the safeguarding of the Fundamental Right to the Protection of personal data. The main research methods that are used are literature review, content analysis, interviews and grounded theory, which are elaborated more extensively in paragraph 1.2.

Actor-Network Theory is not easy to grasp or explain in a few sentences, and it is for this reason I will give only a summary of relevant aspects for this master thesis project from Network Theory. Latour calls Actor-Network Theory a ‘theory of action’ (Latour, 2005, p. 217), which is different because Actor-Actor-Network Theory is interested in ‘mediators making other mediators do things’. Mediators are opposed to intermediaries, and the main difference is that mediators can make transformations, while intermediaries can not. A mediator is anything that can ‘transform, translate, distort, and modify the meaning of the elements they are supposed to carry’ (Latour, 2005, p. 39), including ‘non-humans’. Anything else than humans that is traceable, is a non-human actor or actant. If something is a mediator or an intermediary, it is part of the action, and has ‘agency’ according Latour. The

9 The Concept of Personal Data is the terminology that is used to depict the specific Concept of Data as it is used in the

proposed General Data Protection Regulation. For the ‘concept of personal data’ capital letters are used for ‘Concept’, ‘Personal’ and ‘Data’ to distinguish it from the ‘concept of personal data’ that is used by the Article 29 Working Party hereafter.

(8)

presumption that data can have agency too, gives an opportunity to have a different view on the Concept of Data, which may advance the Concept of Data, in this project to safeguard the Fundamental Right to the Protection of personal data.

As Actor-Network Theory is about following the ‘attachments’ between actors and actants in an actor-network, in this master thesis report I describe the results and the conclusions from my point of view, with my interpretation, as much as possible about the things that can be proven from the data and the analyses in this master thesis project. However, this writing style may be unconventional or unexpected for a master thesis report, because I have described many texts and elaborations from my point of view. In a master thesis project that uses Actor-Network Theory as the main literature, I think it is best to avoid generalizations and conceptualizations as much as possible, and stay close to the actor-network that I am part of myself, the actor-network wherein I have researched the Concept of Data. It is in this respect that I would like to take you along on my journey, my master thesis report, concerning the Concept of Data in the proposed Regulation.

1.1 Research Question

The Concept of Data is an umbrella term to depict the way data has been defined, thought of, practiced or conceptualized. Its practice in many fields, for this master thesis project especially for the legal field and the information studies field is adequate within these fields. The high diversity in the definitions in information studies, as well as in other fields, and the lack of transcendence of the Concept of Data in other fields may decrease the chance of an effective safeguarding of the Fundamental Right to the Protection of personal data, because the Concept of Data in the proposed General Data Protection Regulation may result in confusion for practitioners because of this lack of transcendence. Actor-Network Theory can be used to ‘reassemble’ - similar to ‘redefine’ - in Bruno Latour’s terminology, the Concept of Data. This may contribute to advance the Concept of Data, in order to safeguard the Fundamental Right to the Protection of personal data. The central research question in this master thesis project is:

What can Actor-Network Theory do to advance the concept of data, in order to safeguard the Fundamental Right to the Protection of personal data?

The object of research is the Concept of Data, and the focus is data protection, mainly in the legal field. The reason for asking this question is, among others, that data protection extends beyond the legal field, and is practiced and understood within each of these individual fields. I am interested in the differences between these fields, because these differences extend one single field. The focus is on the legal perspective of data protection and not on the scientific perspective.

The EU has many ways to safeguard the Fundamental Rights of EU citizens, such as legislation. One way of safeguarding the Fundamental Right to the Protection of personal data is the Concept of Data as it is used in the proposed General Data Protection Regulation, which I have called here the Concept of Personal Data to refer to specifically. However, this is not a trivial way of safeguarding, because an abstract notion, in this case ‘personal data’, has not often been a way to safeguard a fundamental right. The advancements are important for this master thesis project, because the advancements are about improving the Concept of (Personal) Data, in order to safeguard the fundamental right that is depicted. In the introduction section is already mentioned that there may be different interpretations that may affect the effectiveness of the safeguarding of this fundamental right. To be able to advance the Concept of Data, I have become interested in Actor-Network Theory, because I think the advancements will be reached with a different perspective. The Concept of Data is not trivial, its definitions are not generally accepted, it is practiced differently and its definitions are not transcendent. With ANT, which is free of values and definitions in solving problems, I have found an inspiring, fun and proven method that forced me to limit myself to a specific scope, the Concept of Personal Data in the Regulation. As Von Goethe said: ‘In der beschränkung zeigt sich erst der meister.’10 To answer this central research question, the following subquestions are answered:

1. What is the prevailing materialization of the concept of data in Data Protection Regulation?

With this question will be answered how the prevailed Concept of Data is materialized in Data Protection Regulation, in specific the proposed General Data Protection Regulation, to be able to advance the prevailing materialization in the third subquestion. Materialization brings the Concept of Data into prominence in a practical, understandable form that is able to comply with for the Regulation. The Concept of Data in the Regulation is

(9)

considered as the Concept of Personal Data, how personal data has been defined, thought of, practiced or conceptualized in this Regulation. The analysis of the prevailed materialization has been done with the help of a conceptual framework from literature (Beynon-Davies, 2010). ANT has been used to analyze the Concept of Personal Data in the Regulation and its relation with the Fundamental Right to the Protection of personal data.

2. How does the materialization of the concept of data in five fields of interest relate to the concept of data in Data Protection Regulation, and what are the main differences?

As a follow up, the materialization of the Concept of Data in the several fields of interest - information systems, ethnography, data quality, information security and intellectual property – has been elaborated. For the materialization of the Concept of Data in these fields the definitions that are used (implicit or explicit) are analyzed, again with the help of the conceptual framework from literature (Beynon-Davies, 2010). The differences have been analyzed by comparing the results from the previous subquestion about the Concept of Personal Data in the proposed General Data Protection Regulation and the materialization of the Concept of Data in the five fields of interest. This comparison may illustrate the diversity and the absence of transcendence for the Concept of Data in practice for the fields of interest.

3. What does the reassembling with Actor-Network Theory do to advance the concept of data in Data Protection Regulation?

As indicated previously, ANT is a method that is free of values and definitions in solving problems, and may be an interesting perspective to ‘reassemble’, in ANT terminology, or redefine the Concept of Personal Data in the proposed General Data Protection Regulation. The reassembling may advance the Concept of Personal Data, to be able to increase the chance of an effective safeguarding of the Fundamental Right to the Protection of personal data.

1.2 Research Methods

The object of research in this master thesis project is the Concept of Data in general. This is a broad topic, which is practiced diversified, as established previously. The area of

research are the five fields of interest that are depicted in the second subquestion. These fields of interest are interesting to study from an information studies perspective and are therefore chosen. The focus of the research is the Concept of Personal Data in the proposed General Data Protection Regulation, to investigate in depth how the Concept of Data has been materialized in this Regulation and how it is possible to advance the Concept of Personal Data. In Figure 2 the object, area and focus of research are graphically presented. The central research question and the diversified subquestions require a Mixed Method research. The main methods that are used are: literature review, content analysis, interview and grounded theory. Although the subquestions suggest that the methods are used

chronologically following the subquestions, they actually are used more interchangeably, because the exact steps that have been followed emerged iteratively. The methods that are used for each individual subquestion will be elaborated in the following.

(10)

1. What is the prevailing materialization of the concept of data in Data Protection Regulation?

To answer this subquestion a literature review is conducted on ANT, based on the articles from Bruno Latour that are selected. The literature of Bruno Latour has been

used to analyze the Concept of Data in the Regulation - the Concept of Personal Data - broadly and its relation with the Fundamental Right to the Protection of personal data. A content analysis has been done on the Regulation and its associated documents, to be able to depict the Concept of Data as it is materialized in the Regulation, with the help of a conceptual framework (Beynon-Davies, 2010). An interview with a legal expert is conducted to select the appropriate documents to do the content analysis, and in an interview with a professor on Telecom and Privacy law some unclarities were taken away. This subquestion has been answered by depicting the Concept of Data as it is materialized and how has been dealt with it in the Regulation, which I have called the ‘Concept of Personal Data’, and additional stating its

relation, in ANT terms, to the Fundamental Right to the Protection of personal data. The used methods for this subquestion are highlighted in grey in Figure 3.

2. How does the materialization of the concept of data in five fields of interest relate to the concept of data in Data Protection Regulation, and what are the main differences?

A literature review has been conducted for five fields of interest to describe the materialization of the Concept of Data in these fields. The fields of interest are: information

systems, ethnography, data quality, information security and intellectual property. A conceptual framework (Beynon-Davies, 2010) to analyze the definitions of data (or equivalents of data) has been used to standardize the analysis of the different fields. For the analysis of the Concept of Data in the field of information systems, interviews were conducted to validate the literature on the criteria that were determined beforehand: literature that is ‘foundational’ in the opinion of the interviewees for the field of information systems. The results of the first subquestion - the Concept of Personal Data in the Regulation - is compared to the Concept of Data in these fields of interest to appoint the main differences between the materialization of these concepts of (personal) data. The used methods for this subquestion are highlighted in grey in Figure 4.

3. What does the reassembling with Actor-Network Theory do to advance the concept of data in Data Protection Regulation?

To be able to ‘reassemble’, in Bruno Latour’s terminology, or redefine the Concept of Personal Data, grounded theory method, following Robson (2011), has been used. The data that has been collected for the development of the grounded theory - referred to as an ‘ANT inspired view on data’ - are derived from the articles of Bruno Latour about ANT, and an interview with a lecturer on information management that has wide knowledge of ANT, to validate and adapt the grounded theory. This ANT inspired view on data has further been used to conduct the content analysis on the Regulation. A coding scheme is developed based on the ANT inspired view on data, which has subsequently been used to assign codes to the relevant parts of the Regulation and associated documents, which are selected based on an interview with a

legal expert. The coded parts have been used to analyze the Regulation for the ANT inspired view on data, and Figure 3. Graphical representation

Mixed Methods subquestion 1

Figure 4. Graphical representation Mixed Methods subquestion 2

Figure 5. Graphical representation Mixed Methods subquestion 3

(11)

what commonalities and irregularities appear in the Regulation based on this grounded theory. Based on this analysis, a ‘reassembling’ of the Concept of Personal Data in the Regulation has been done to be able to advance the Concept of Personal Data, and to increase the chance of an effective safeguarding of the Fundamental Right to the Protection of personal data. The used methods for this subquestion are highlighted in grey in Figure 5.

1.3 Report structure

The main conclusions of this master thesis report are already depicted in the introduction, to guide the remaining of the report, because I realize the topics are difficult and diverse. The structure of the report is relatively easy: in chapter 2 the first subquestion will be answered and elaborated, in chapter 3 the second subquestion will be answered and elaborated and in chapter 4 the third subquestion will be answered and elaborated. Each of these chapters starts with an introduction on the subquestion and the approach that is taken to answer the subquestion, in more detail than in paragraph 1.2. The main results and analysis of each subquestion are given, as well as the conclusion to the analysis. The answer to the subquestion is given explicitly in a short and separate subparagraph. In chapter 5 the overall findings of the master thesis project are presented. In this chapter, first an answer is given to the central research question of this master thesis project and the overall findings and conclusions from the subquestions are summarized. Finally, the findings for the information studies and legal discipline are given, as my interpretation of the general findings for these disciplines. For the legal discipline my general findings are given, while for the information studies field my findings for both scholars and information professionals are given. Finally, in chapter 0 there has been reflected on the main findings from this master thesis project, and future work for these findings are suggested. Many of the analyses were extensive and did not fit to include in this report. These are separately appended to this master thesis report.

2. What is the prevailing materialization of the concept of data in Data Protection

Regulation?

This chapter answers the first subquestion on the prevailing materialization of the Concept of Personal Data in the Regulation.

2.1 Introduction and approach

The prevailed Concept of Data as materialized in the Regulation is the topic of this chapter. The Concept of Data in the Regulation is considered as the Concept of Personal Data, because it does not include all ‘data’. It is about the definition of personal data in specific, and how it is thought of, practiced or conceptualized in the Regulation. The Concept of Personal Data goes beyond solely a definition of personal data, but is also about other aspects, e.g. the processing of the personal data. Furthermore, the relation of the Concept of Personal Data with the Fundamental Right to the Protection of personal data is analyzed as well, to be able to understand what impact the Concept of Personal Data has for this fundamental right. I will illustrate that the Concept of Personal Data shows a resemblance to the speed bump and that there is more ANT terminology involved to analyze the Concept of Personal Data.

The literature review on ANT is based on many articles from Bruno Latour, from which several are used in this report. This literature review serves the ‘reassembling’ of the Concept of Data that is developed in the third subquestion in chapter 4, and the broad analysis of the Concept of Data in the Regulation and its relation with the Fundamental Right to the Protection of personal data. For the third subquestion the literature review has been done extensively, and with this literature review it was possible to answer this subquestion as well.

An extensive content analysis is done on the Regulation and its associated documents for two reasons. The first reason is to depict the Concept of Data as it is materialized in the Regulation for this subquestion. The second reason is to analyze in detail the Regulation and the associated documents with extensive coding, for the grounded theory that is developed in the third subquestion. For this reason, the content analysis has been done extensively, and its method is therefore elaborated in more detail in paragraph 4.1. The documents to analyze for the content analysis are selected based on an interview with a legal expert on data protection and privacy, who is experienced in privacy and data protection law, in a national (Netherlands) and international (EU) context, and are included in Appendix A: Selected documents for analysis proposed General Data Protection Regulation. The interview that was held with professor Zwenne11, a professor in Telecom and Privacy law, was primarily to validate my interpretations about the Regulation for the third subquestion, but also included open questions about unclarities in the Regulation, which are also used to answer this subquestion. The open questions to professor

11 In this report will be referred more often to the interview with professor Zwenne without explicitly referring to the

(12)

Zwenne, and the results from the questions that are asked, are included in Appendix B: Overview statements for validation interpretation proposed General Data Protection Regulation and results. In the Appendix only high level answers are included.

2.2 Method of analyzing the Concept of Personal Data

To analyze the conventional definition of data in the mentioned fields, the conceptual framework of Beynon-Davies (2010) will be used. Although the use of a conceptual framework seems to conflict with ANT, because conceptualizing would not be an appropriate term when using ANT in my view, the use of a conceptual framework does not conflict, because it is about a way of analyzing the Concept of Data, and not about conceptualizing the definitions. I

understand that ‘Concept’ of Data and ‘conceptual framework’ confuse this, but the term ‘conceptual framework’ is introduced by Beynon-Davies and is therefore adopted here.

The conceptual framework ‘revolves around the idea that data, information, information systems and IT are all located in the enactment of signs within various levels of system’ (Beynon-Davies, 2010). Semiotics, organizational systemics, soft systems theory, information theory and communication theory are the basis for this conceptual framework. A sign is anything that is significant, according Beynon-Davies (2010). He conducted research in the fields of e.g. prairie-dogs and the Inca’s to refer to signs in practice. As sign systems are ‘any organised

collection of signs and relations between signs’, spoken human language is probably the best example for a sign-system, according Beynon-Davies. In Figure 6 the conceptual framework is included. From branches in semiotics, ‘pragmatics’, ‘semantics’ and ‘syntactics’ are derived as important for types of relations. Within Beynon-Davies’ conceptual framework, pragmatics is concerned with the purpose of a sign and is about the relation between signs and actors. Semantics is about the relations between signs and objects and is concerned with the meaning of a message in communications. Syntactics is about the relations between signs and other signs and is thus concerned with the structure of signs within sign-systems. Finally, Beynon-Davies adds ‘empirics’ to the framework, ‘as the relation between signs and matter’, and is the study of the physical form or representation of a sign. The other parts of the conceptual framework are less interesting for the subsequent analysis.

This conceptual framework helps in analyzing the materializations of the Concept of Data in the area of research and the focus of research. The semiotics branches ‘pragmatics’, ‘semantics’, ‘syntactics’ and ‘empirics’ are used to divide the definitions and descriptions that are given about the Concept of Data and be able to analyze them.

2.3 Materialized Concept of Personal Data in the Regulation

Personal data is defined in the Regulation as ‘any information relating to an identified or identifiable natural person ('data subject'); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, unique identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social or gender identity of that person’12. In this sense, the definition of personal data can be seen as either ‘empirics’ and ‘semantics’ in the conceptual framework (Beynon-Davies, 2010). Empirics are the relation between signs and matter and are about the physical form or representation of a ‘sign’. Although there is no explicit mention that personal data is about the physical form or representation in the definition, personal data can be assumed to be in a physical form. The definition of ‘processing’, ‘any operation or set of operations which is performed upon personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or

12 Article 4-2 of the Regulation

Figure 6. Conceptual Framework of Beynon-Davies (2010)

(13)

otherwise making available, alignment or combination, erasure or destruction’13 implies that is should be physical to be processed. The definition of personal data is also about semantics, because it relates to an identified or identifiable data subject. In the conceptual framework semantics is about the relation between signs and ‘actors’, ‘objects’ and ‘other signs’14 (Beynon-Davies, 2010), and the relation between the personal data and the data subject can thus be seen as the relation between a sign and an actor.

In the Regulation there are more articles about the personal data, especially about the processing of personal data and the criteria that have been put to that. First, there is an article included about the lawful processing and collection of personal data15. This article is about criteria for: ‘lawfulness, fairness and transparency’, ‘purpose limitation’, ‘data minimisation’, ‘accuracy’, ‘storage minimisation’, ‘effectiveness’, ‘integrity’ and ‘accountability’. Additionally, there is included16 under which conditions the processing of personal data is lawful. Included is that the data subject ‘has given consent to the processing of their personal data for one or more specific purposes’. Furthermore, for specific types of personal data, e.g. the personal data of a child17 and special categories of personal data18, there are supplementary criteria depicted. On top of the criteria for the processing of personal data, the Regulation consists of rights for the data subjects about the processing, e.g. the right of access and to obtain data19 and the right to erasure20. For the data controller21, there are obligations about e.g. the documentation22 and data protection by design and by default23. The final parts worth mentioning are about the data security in section 2 of the Regulation24, in which criteria are depicted for the data security of the personal data and the processing.

All these examples indicate that on top of the empirics and semantics parts of the conceptual framework, data is also about the ‘pragmatics’ part, because it is about the purpose of the sign and the intentions of the actors ‘underlying communicative behaviour’ (Beynon-Davies, 2010). The processing of the personal data is much about the intentions with the personal data and the purpose there is with the processing of the personal data. In the Regulation, there are criteria for the purpose and the intentions for personal data, and subsequent obligations for the data controller when processing personal data, which implies that the Regulation is thus about pragmatics, and in particular about the ‘lawfulness’ of the purpose and intentions. In the interview with professor Zwenne came forward that the definition of data itself in the Regulation is not unambiguously defined, but that this ambiguity has not been relevant for the legal field25. On top of that, about the ‘any information’ part of the definition of personal data, professor Zwenne is tempted to say that it is an unconscious decision to use this terminology26, which amplifies that the Concept of Personal Data is ambiguous for other fields of interest.

2.4 Actor-Network Theory analysis on Concept of Personal Data

The Concept of Personal Data can be analyzed with a specific part of Bruno Latour’s Actor-Network Theory, ‘delegation’ in Latour’s article about ‘technical mediation’ (1994), to be able to interpret the Concept of Personal Data broader than the Regulation itself, and view the Concept of Personal Data from another perspective.

13 Article 4-3 of the Regulation

14 Important to note that Beynon-Davies describes actors as humans, while Latour, in the following, has a different

definition of ‘actor’

15 Article 5 of the Regulation 16 Article 6 of the Regulation 17 Article 8 of the Regulation 18 Article 9 of the Regulation 19 Article 15 of the Regulation 20 Article 17 of the Regulation

21 Article 4-5 of the Regulation: ‘the natural or legal person, public authority, agency or any other body which alone or

jointly with others determines the purposes, conditions and means of the processing of personal data; where the purposes, conditions and means of processing are determined by Union law or Member State law, the controller or the specific criteria for his nomination may be designated by Union law or by Member State law’.

22 Article 28 of the Regulation 23 Article 23 of the Regulation

24 Article 30, 31 and 32 of the Regulation

25 Appendix B: Overview statements for validation interpretation proposed General Data Protection Regulation and results, question 21

26 Appendix B: Overview statements for validation interpretation proposed General Data Protection Regulation and results, question 22

(14)

The speed bump is introduced as an example of ‘delegation’, ‘that forces drivers to slow down’ through ‘force’ (Latour, 1994, p. 38). The goal of slowing

drivers down is ‘delegated’ to the speed bump through this ‘inscription’, in Latour’s terminology. There is a general goal of ‘safety in traffic’ or similar terminology, which is regulated through traffic regulations, in order to achieve this goal. To enforce drivers to slow down, as speed limits are part of traffic regulations, a speed bump is constructed for that particular road.

This shows the resemblance with the Concept of Personal Data in the Regulation. To pursue the implementation of the rights and freedoms for citizens in the EU, the Charter of Fundamental Rights is in place, which includes the Protection of personal data as a Fundamental Right27. The rights and

freedoms of citizens and the Protection of personal data are the general goals, as safety in traffic is for the speed bump. Similarly to traffic regulations, the European Union has the proposed Data Protection Regulation, or the current Directive on Data Protection (from now on also referred to as: ‘Directive’)28, to regulate the protection of personal data. The Regulation will be used here to show the resemblance of the traffic regulations. The Concept of Personal Data in this Regulation is to enforce the protection of personal data, just as the speed bump is to enforce drivers to slow down, because with the Concept of Personal Data becomes clear what is meant with personal data in the Regulation, what criteria there are for processing it, and what obligations there are for data controllers related to the processing. Businesses or other parties must obey to these criteria for the processing of personal data, and can not do this without the Concept of Personal Data. Just like a car driver can not go around a speed bump. Therefore, to the Concept of Personal Data in the Regulation is delegated what is regulated to enforce protection of personal data, in order to increase an effective safeguarding of the Fundamental Right to the Protection of personal data, and in the end to pursue the implementation of rights and freedoms of EU citizens. For the criteria that are set for the Concept of Personal Data, there will be many more delegations to e.g. organizational and technical measures, which in the end also contribute to the safeguarding of the Fundamental Right to the Protection of personal data.

Important to note is that an individual speed bump naturally has not the same effect to the safety in traffic as the Concept of Personal Data for the Fundamental Right to the Protection of personal data, because the speed bump is about one road where it is constructed. However, the example is very useful, because Bruno Latour uses this example in the article about technical mediation (1994), and the analogy is easy to understand. Additionally, there are other ways to safeguard the Fundamental Right to the Protection of personal data, but these are out of the scope here.

The resemblance of the Concept of Personal Data with the speed bump of Latour (1994, p. 38) has one major issue. Unlike the speed bump, which is a physical entity (‘matter’ in Latour’s terminology), the Concept of Personal Data is an abstract notion. Latour confirms this in my view by stating ‘in artifacts and technologies we do not find the efficiency and obduracy of matter, imprinting chains of cause and effect onto malleable humans’ (1994, p. 41). Resulting from a concept, there may be differences of interpretation and practice. While the speed bump forces passenger cars to slow down because their car might break down, the Concept of Personal Data might not force organizations to protect the personal data. Especially because the Regulation itself is relatively immature, according professor Zwenne, and (at least) imperfections may appear. Although the definition of personal data is clear for the legal field, with its ‘wide notion of personal data’29, the assumption that the definition is understandable for everyone and is interpreted similarly is at least not certain. For information studies, where the Concept of Data is practiced very often, the Concept of Personal Data is relatively new. Consequently it is hard

27 European Union Charter of Fundamental Rights, Article 8

28 Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals

with regard to the processing of personal data and on the free movement of such data, http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:31995L0046&from=en

29 01248/07/EN WP 136, Opinion 4/2007 on the concept of personal data, http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2007/wp136_en.pdf

Figure 7. Resemblance speed bump <> Concept of Personal Data

(15)

to overlook the consequences of the actions outside the information studies perspective, because the Concept of Data as it is practiced in information studies seems suitable within its own field. On the other hand, the legal field neglects that possibility of many interpretations and practices is an issue for the Concept of Personal Data in other fields, because for the legal field itself these interpretations and practices are not relevant. Professor Zwenne confirmed in the interview that is held with him, that the definition of personal data and its possible ambiguities are not an issue for the legal field. However, the protection of personal data may never be realized properly through the possible ambiguities with the practice of the Concept of Personal Data in the information studies and other fields.

2.5 Conclusions for the Concept of Personal Data in the proposed General Data Protection Regulation

There are three main conclusions for the Concept of Data in the Regulation:

The Concept of Personal Data extends from solely the definition of personal data to the (lawful) processing of the data, the criteria for the processing and the obligations for the data controller. However, the definition in the Regulation is ambiguous.

The definition of personal data in the Regulation is about the empirics and semantics branches in the conceptual framework. Additionally, there are articles included about e.g. the lawful processing and the collection of personal data for specified, explicit and legitimate purposes30. These examples indicate that the Concept of Personal Data is about the processing of the personal data as well as the definition itself, including the criteria that are set for the processing and the obligations for the data controller. The Concept of Personal Data therefore extends from the definition of personal data only, to the related data processing, criteria for the processing and the obligations for the data controller related to the data processing. Because the term ‘data’ itself has not been defined in the Regulation, it is ambiguous, although this has not been relevant for the legal field.

The Fundamental Right to the Protection of personal data has (partially) been delegated to the Concept of Personal Data

Just like the speed bump is an example of ‘delegation’, ‘that forces drivers to slow down’ through ‘force’ (Latour, 1994, p. 38), the Concept of Personal Data in the Regulation is a delegation to enforce the protection of personal data. In the end this is done to pursue the implementation of rights and freedoms for citizens in the EU through the Fundamental Right to the Protection of personal data. With the Concept of Personal Data the meaning of personal data in the Regulation becomes clear, as well as the criteria for processing the personal data and the obligations that are related to the processing. The Concept of Personal Data is a prerequisite for the enforcement of the protection of personal data.

The Concept of Personal Data is not a physical entity, but an abstract notion, and therefore to effectively safeguard the Fundamental Right to the Protection of personal data is difficult

There is one major difference between the delegation to the speed bump and the delegation to the Concept of Personal Data. Unlike the speed bump, which is a physical entity, the Concept of Personal Data is an abstract notion. This may result in differences of interpretation and practice. The implicit assumption that the Concept of Personal Data is understandable for everyone and interpreted similarly is at least not certain, because it is hard to overlook the consequences from fields as information studies as the Concept of Personal Data is relatively new for the information studies field. For the legal field the ambiguities there are in the current Concept of Personal Data are not relevant, but the protection of personal data may never be realized properly with the practice of the Concept of Personal Data in the information studies and other fields. For the Concept of Personal Data to be as effective as the speed bump is for safety in traffic, the Concept of Personal Data needs to be clear and unambiguously, not only for the legal field but for other disciplines as well.

30 Article 5 of the Regulation

(16)

2.6 Answer to the subquestion

3. How does the materialization of the concept of data in five fields of interest relate to

the concept of data in Data Protection Regulation, and what are the main differences?

This chapter answers the second subquestion on the comparison of the prevailing materialization of the Concept of Personal Data in the Regulation and the prevailing materialization of the Concept of Data in the five fields of interest.

3.1 Introduction and approach

In the previous subquestion is established that the Concept of Personal Data in the Regulation needs to be clear and unambiguously. The materialization of the Concept of Data in the five fields of interest is interesting, to be able compare these five fields to the Concept of Personal Data in the Regulation. Based on the main differences can be determined whether the Concept of Data is clear and unambiguous in these fields, and whether there may be differences in interpretation and practice.

First, an extensive literature review is conducted to analyze the Concept of Data in five fields of interest: information systems, ethnography, data quality, information security and intellectual property. The conceptual framework (Beynon-Davies, 2010), as described in paragraph 2.2, is used again for the analysis of the materialization of the Concept of Data in these fields, and resulted in what I have named ‘analytical frameworks’. These analytical frameworks depict the summarized definitions in the five fields for the empirics, syntactics, semantics and pragmatics branches of the conceptual framework. In this way the analysis of the Concept of Data is more uniform for the different fields. The formation and the elaboration of the formation, of the analytical frameworks make clear how the different definitions relate to each other.

The literature sources for the fields of data quality and intellectual property were selected based on best effort and an extensive search for usable literature sources. The literature sources for ethnography were selected based on the results of an informal meeting with a researcher and lecturer on social cultural sciences, who has knowledge about ANT as well. For the literature sources for information security, I asked an information security manager in the utilities industry, who came up with several articles that could include a definition of data from an information security perspective. For the information studies or information systems Concept of Data, I had two interviews to validate my initial literature sources on the criteria of ‘foundational’ in the field of information systems, one with a lecturer in ‘gaming’ with a background in Artificial Intelligence (interviewee 1), and one with a researcher in ‘data mining’, Strategy Consultant for Big Data and Analytics, with a background in Artificial Intelligence (interviewee 2). The transcriptions and codifications of these interviews are separately appended to this master thesis report. In Appendix C: Results validation initial literature sources definition of data Information Systems the results for the validation of the initial literature sources are included, and in Appendix D: Results new sources from validation literature sources definition of data Information Systems the new literature sources that were added after the interviews are included.

A comparison is made between the results of the first subquestion, the Concept of Personal Data in the Regulation, and the results of the second subquestion, the Concept of Data in the five fields of interest. The main differences between the materialization of these concepts are depicted to be able to conclude whether there may be differences in interpretation or practice between these concepts of data.

3.2 Materialized Concept of Data in five fields of interest

For the definitions that are used and known, as the materialization of the Concept of Data, in the fields of information systems, ethnography, data quality, information security and intellectual property a literature review has been done, which is elaborated in the paragraphs below. I will call these definitions the ‘conventional’ definitions from these fields of interest, as a way to refer how I think these fields interpret the definition of data or equivalents of data, and I consider the definitions as the Concept of Data for the corresponding field of interest.

‘The Concept of Personal Data in the Regulation is a matter of delegation in Actor-Network Theory as illustrated by the speed bump metaphor. The Concept of Personal Data is the delegation of the Fundamental Right to the Protection of personal data to enforce the protection of personal data for EU citizens. The Concept of Personal Data extends from solely the definition of personal data to the (lawful) processing of the data, the criteria for the processing and the obligations for the data controller.’

Referenties

GERELATEERDE DOCUMENTEN

It covers the protection of natural persons with regard to the processing of personal data and rules relating to the free movement of personal data under the General Data

Specific managerial functions such as communication, advertising and research (such as the availability of data for the fashion industry to analyse to develop new

systemically investigated using synchrotron-based PES and NEXAFS, DFT, and MD simulations, from which we make the following observations: (i) the average tilt angles of the Fc

the kind of personal data processing that is necessary for cities to run, regardless of whether smart or not, nor curtail the rights, freedoms, and interests underlying open data,

In summary, we have demonstrated that it is possible to achieve catalytic asymmetric addition of organometallic reagents to stereochemically challenging

Article 29 Working Party guidelines and the case law of the CJEU facilitate a plausible argument that in the near future everything will be or will contain personal data, leading to

To be specific, the private interests that lie in the exercise of either rights concerned often relates to the most important policy objective that EU data protection law aims

“Whereas the principles of protection must apply to any information concerning an identified or identifiable person; whereas, to determine whether a person is identifia- ble,