Page 218 - ITU KALEIDOSCOPE, ATLANTA 2019
P. 218
2019 ITU Kaleidoscope Academic Conference
[30] Case C-101/01 Criminal proceedings against Bodil [39] C. Cava et al., Bioinformatics clouds for high-
Lindqvist [2015] ECLI:EU:C:2003:596. In the throughput technologies, in: Handbook of research
Lindqvist case one of the question was whether there on cloud infrastructures for big data analytics, 2014,
was ‘transfer of data’ when personal data is loaded p. 489 – 507.
onto an Internet page which is stored on an Internet
site on which the page can be consulted, thereby [40] J. Bossi Malafosse et. al., Introductory report for
making the data accessible to anyone who connects updating recommendation R (97) 5 of the Council of
to the Internet, including people in a third country. Europe on the protection of medical data, 2015, T-
As regards the technical nature of the operations, the PD (2015)07, available at
Court concluded that the Internet pages in question https://rm.coe.int/introductory-report-for-updating-
did not contain the technical means to send recommendation-r-97-5-of-the-council-
information automatically to people who did not /168073510c.
intentionally seek access to those pages. Internet
users would have to connect to the Internet and [41] Article 29 Data Protection Working Party, Opinion
personally carry out the necessary actions to consult 8/2010 on applicable law, WP179, p. 23, available
those pages. As such, the data was not directly at: https://ec.europa.eu/justice/article-
transferred between the person uploading the 29/documentation/opinion-
information to the website and persons entering the recommendation/files/2010/wp179_en.pdf.
website. The CJEU refers to the provisions on
transfer in Chapter IV of Directive 95/46/EC, which [42] The concept of ‘transfer’ of data under European
has been replaced by Chapter V of the GDPR. data protection law – in the context of transborder
data flows, Faculty of Law – University of Oslo, 01-
[31] Convention for the protection of individuals with 12-2015, available at:
regard to automatic processing of personal data https://www.duo.uio.no/bitstream/handle/10852/497
[1981] ETS No. 108. 22/8026_The-concept-of-transfer-of-data-under-
European-data-protection-law---In-the-context-of-
[32] Convention for the protection of individuals with transborder-data-
regard to automatic processing of personal data flows.pdf?sequence=1&isAllowed=y.
[1981] ETS No. 108, Article 12.
[43] T. Mulder, M. Tudorica, Privacy policies, cross-
[33] Council of Europe, “Explanatory report to the border health data and the GDPR, Information &
Convention for the protection of individuals with Communications Technology Law (2019) 28,3.
regard to automatic processing of personal data”
(ETS No 108), para. 62, 63. [44] F. Pasquale, ‘Redescribing Health Privacy: the
Importance of Information Policy’ (2014) 103
[34] Council of Europe, “Explanatory report to the HJHLP 127.
Convention for the protection of individuals with
regard to automatic processing of personal data” [45] See for example: A M McDonald and L F Cranor,
(ETS No 108), para. 63. ‘The Cost of Reading Privacy Policies’ (2008) 4 A
Journal of Law and Policy for the Information
[35] Article 4 (9) GDPR. Society 543; F Schaub and os, ‘Designing Effective
Privacy Notices and Controls’ (2017) 99 IEEE
[36] Council of Europe, “Explanatory report to the Internet Computing 70.
Protocol amending the Convention for the protection
of individuals with regard to automatic processing of
personal data” (ETS No 223), para. 23.
[37] Doan, A., Halevy, A, Ives, Z., Principles of data
integration, Elsevier: Morgan Kaufman, 2012, p.
276.
[38] J. Bossi Malafosse et. al., Introductory report for
updating recommendation R (97) 5 of the Council of
Europe on the protection of medical data, 2015, T-
PD(2015)07, available at:
https://rm.coe.int/introductory-report-for-updating-
recommendation-r-97-5-of-the-council-
/168073510c.
– 198 –
