Research Handbook on EU Data Protection Law

Edited by Eleni Kosta, Professor of Technology Law and Human Rights and Ronald Leenes, Professor in Regulation by Technology, Tilburg Institute for Law, Technology, and Society (TILT), Tilburg University, the Netherlands with Assistant Editor Irene Kamara, Assistant Professor of Cybersecurity Governance, Tilburg Institute for Law, Technology, and Society (TILT), Tilburg University, the Netherlands

Contents

Preface xvii
Introduction to Research Handbook on EU Data Protection Law 1
Ronald Leenes, Eleni Kosta and Irene Kamara
1 Two decades of Article 8 CFR: A critical exploration of the
fundamental right to personal data protection in EU law 11
Plixavra Vogiatzoglou and Peggy Valcke
2 Data protection as performance-based regulation 50
Jakub Míšek
3 A divided European data protection framework: a critical reflection on
the choices of the European legislator post-Lisbon 68
Eleni Kosta
4 A critical reflection on the material scope of the application of the
Law Enforcement Directive and its boundaries with the General Data
Protection Regulation 91
Magdalena Brewczyńska
5 Government-to-Business (G2B) research data sharing and the GDPR:
reconciling the ‘public’ with the ‘private’? 115
Stergios Aidinlis
6 Conceptualising the interrelation between data protection regulation and
competition law 143
Alessia Sophia D’Amico
7 The intersection of data protection rights and trade secret privileges in
‘algorithmic transparency’ 163
Katarina Foss-Solbrekk and Ann Kristin Glenster
8 ‘Paying’ with personal data in digital business to consumer contracts:
Bringing successfully together two worlds apart? 184
Thalia Prastitou Merdi
9 Data-driven business models – privacy and marketing 206
Jan Trzaskowski
10 ‘Dark patterns’: The case for regulatory pluralism between the
European Union's consumer and data protection regimes 240
M.R. Leiser
11 Data protection and judicial automation 270
Marco Almada and Maria Dymitruk
12 Reaching beyond its territory – an analysis of the extraterritorial scope
of European data protection law 290
Simon Henseler and Aurelia Tamò-Larrieux
13 Essential equivalence as a benchmark for international data transfers
after Schrems II 313
Laura Drechsler and Irene Kamara
14 The radical reframing of the purpose limitation principle – Why the
Dutch delegation uprooted data protection 352
Tijmen H.A. Wisman and Rein J.L. Tijm
15 Context as key: The protection of personal integrity by means of the
purpose limitation principle 380
Heidi Beate Bentzen
16 Scoping risk assessment of ADM systems using AI 404
Michelle Seng Ah Lee, Jennifer Cobbe, Heleen Janssen and Jatinder Singh
17 Understanding the legal bases for automated decision-making under the GDPR 434
Maja Nišević, Bart Custers, Eduard Fosch-Villaronga and Alan M. Sears
18 The role of consent in an algorithmic society – Its evolution, scope,
failings, and re-conceptualization 454
Bart H. M. Custers, Eduard Fosch-Villaronga, Simone van der Hof, Bart
Schermer, Alan M. Sears and Aurelia Tamò-Larrieux
19 Explicit consent and alternative data protection processing grounds for
health research 473
Jiahong Chen, Edward S. Dove and Himani Bhakuni
20 Data protection, control and participation beyond consent – ‘seeking the
views’ of data subjects in data protection impact assessments 502
Athena Christofi, Jonas Breuer, Ellen Wauters, Peggy Valcke and Jo Pierson
21 Meaningful transparency through data rights: A multidimensional analysis 529
Laurens Naudts, Pierre Dewitte and Jef Ausloos
22 Between incrementalism and revolution: How the GDPR right to data
portability is revamped by the EU and the UK post Brexit 570
Wenlong Li
23 Data protection enforcement in the era of the Directive on
Whistleblowers: towards a collective approach? 598
Amélie Lachapelle

Index