Comparative Law Researches

Comparative Law Researches

Comparative Studying the Personal Data in the European Union and Iranian Legal System

Document Type : Brief Communication

Authors
behnaz Ahmadvand 1
Artin Jahan shahi 2
1 Assistant Professor in Public Law, Department of Theory-Oriented STI Studies, National Research Institute for Science Policy, Tehran, Iran
2 MA. in Private Law, Faculty of Law & Political Sciences, University of Shiraz, Shiraz, Iran
Abstract
Personal data, as one of the key concepts in the field of personal data protection legislation, is defined in the General Data Protection Regulation as any information relating to an identified or identifiable natural person. Identifying a person directly or indirectly may be through data content or the purpose of data processing or the effect of data processing on the person. In EU law, to determine whether a natural person can be identified through data processing, all means that are reasonably likely to be used by the controller or processor must be taken into account, and to ensure whether there is a reasonable possibility to determine whether a natural person is present or not, all objective factors must be considered, such as the cost and time required for identification and the technology available at the time of processing. Based on the criterion of identifiability, data that may potentially lead to the identification of a person in the future is also covered by the law; such a standard can create the necessary dynamics in the laws. Iran's legislator has differentiated in the protection of private and non-private data and has limited compliance with processing rules to the first category, but the approach of the draft data protection bill has similarities with European Union and has provided broader protection, however, it needs to be amended by adding the criterion of identification to the legal definition, as well as the protection of the data of the deceased.
Keywords
Personal Data
Identification of a Natural Person
Reasonableness of Identification
General Data Protection Regulation
E-Commerce Law
Data Protection Bill
Privacy in Cyberspace

Subjects

الف) کتب
1. انصاری، باقر (1386). حقوق حریم خصوصی، تهران، سمت.
2. انصاری، باقر (1400). حقوق داده‌ها و هوش مصنوعی، تهران، سمت.
3. انصاری، باقر (1401). مطالعه تطبیقی حمایت از داده‌های شخصی در اروپا، آمریکا، چین و ایران، تهران، شرکت سهامی انتشار.
ب) مقالات
3. حیدری، علی مراد و جعفری، علی (1399). «جرایم علیه داده‌پیام‌های شخصی در تجارت الکترونیکی»، پژوهشنامه حقوق کیفری، 11(1)، 74-51.
4. زینس، چیام و دیانی، محمد حسین (1390). «معنای سه مفهوم پرکاربرد داده، اطلاع و دانش»، کتابداری و اطلاع‌رسانی، 14(2)، 5-9.
5. قطبی راوندی، مریم و ابراهیمی السادات، معصومه و بنی اسدی، مریم (1399). «تحلیل اینترنت اشیاء و کلان داده‌ها»، دهمین کنگره سراسری فناوری های نوین در حوزه توسعه پایدار، ایران،تهران.
6. قناد، فاطمه و شریف، الهام (1400). «مطالعۀ اجمالی حمایت از داده‌‏های شخصی در نظام حقوقی ایران و سند مقررات عمومی حفاظت از داده‌‏های اتحادیۀ اروپا»، حقوق فناوری‌های نوین، (4)2، 1-22.
7. قناد، فاطمه و علیقلی، امیره (1399). «مفهوم و اهمیت داده‎ های شخصی و حریم خصوصی و انواع حمایت از آن در فضای مجازی»، حقوق فناوری‌های نوین، 1(1)، 297-322.
8. لطیف زاده، مهدیه و قبولی درافشان، سید محمد مهدی و محسنی، سعید و عابدی، محمد (1401). «شناسایی ماهیّت دادة شخصی و جستجوی بستر حقوقی مناسب جهت حمایت از آن در نظام حقوقی ایران»، فصلنامه مطالعات فقه و حقوق اسلامی، 14(27)، 361-394.
9. لطیف‌زاده، مهدیه و قبولی درافشان، سید محمدمهدی و محسنی، سعید و عابدی، محمد (1400). «تحلیل بستر قانونی حمایت از داده شخصی در اتحادیه اروپا»، پژوهشنامه پردازش و مدیریت اطلاعات، ۳۷(۲)،439-472.
ج) پایان‌نامه و رساله
10. لطیف‌زاده، مهدیه (1398). حمایت از داده‌های شخصی و محدودیت‌های آن در حقوق ایران و اتحادیه اروپا، پایان‌نامه برای اخذ مدرک دکترا، دانشکده حقوق و علوم سیاسی دانشگاه فردوسی مشهد.
2-3 منابع انگلیسی
A) Books
11. Bygrave, Lee (2014). Data Privacy Law—An International Perspective, Oxford, University Press.
European :union: Agency for Fundamental Rights and Council of Europe (2018). Handbook on European data protection law, Luxembourg, Publications Office of the European :union:.
12. Kubben, Pieter & Dumontier, Michel & Dekker, Andre (2019). Fundamentals of Clinical Data Science, Springer Nature.
13. Misek, Jakub (2018). “Is the Definition of Personal Data Flawed? Hyperlink as Personal Data (Processing)”, in: Svantesson, Dan Jerker & Kloza, Dariusz. (Eds.), Trans-Atlantic Data Privacy Relations as a Challenge for Democracy, Cambridge University Press.
14. Sperling, Daniel (2010). Posthumous interests: legal and ethical perspectives, Cambridge University Press.
B) Articles
15. Bygrave, Lee & Luca, Tosoni (2020). “Article 4(1). Personal data”, in: C. Kuner & L. Bygrave, C. Docksey & L. Drechsler (eds.), The EU General Data Protection Regulation (GDPR), Oxford University Press. pp. 103-115.
16. Finck, Michele & Pallas, Frank (2020). “They who must not be identified—distinguishing personal from non-personal data under the GDPR”, Max Planck Institute for Innovation and Competition Research Paper Series, 19-14, pp. 1-47.
17. Georgieva, Ludmila & Kuner, Christopher (2020). “Processing of special categories of personal data”, in: C. Kuner & L. Bygrave, C. Docksey & L. Drechsler (eds.), The EU General Data Protection Regulation (GDPR), Oxford University Press. pp. 365- 385.
18. Hamulak, O., & Kocharyan, H., & Kerikmäe, T (2021). “The Contemporary Issues Of Post-Mortem Personal Data Protection In The EU after GDPR Entering into Force”, EU Digital Sovereignty Hub, pp. 225-238.
19. Malgieri, Gianclaudio (2016). “Property and (Intellectual) Ownership of Consumers’ Information: A New Taxonomy for Personal Data”, Privacy in Germany, 2016(4), pp. 133-150.
20. Mehmood, Abid, Natgunanathan, Iynkaran, Xiang, Yong, Hua, Guang & Guo, Song (2016). “Protection of Big Data Privacy”, IEEE Access, 4, pp. 1821–1834.
21. Poritskiy, Nazar, Oliveira, Flávio & Almeida, Fernando (2019). “The benefits and challenges of general data protection regulation for the information technology sector”, Digital Policy, Regulation and Governance, 21(5), pp. 510–524.
22. Purtova, Nadezhda (2018). “The law of everything. Broad concept of personal data and future of EU data protection law”, Law, Innovation and Technology, 10(1), pp. 40–81.
23. Schwartz, Paul & Solove, Daniel (2011). “The PII Problem: Privacy and a New Concept of Personally Identifiable Information”, New York University Law Review, Vol. 86, pp. 1814-1894.
24. Schwartz, Paul (2019). “Global Data Privacy: The EU Way”, New York University Law Review, 94(4), pp. 772-818.
25. Tene, Omer, & Polonetsky, Jules (2013). “Big Data for All: Privacy and User Control in the Age of Analytics”, Northwestern Journal of Technology and Intellectual Property, 11(5), pp. 239-273.
26. van der Sloot, Bart (2015). “Do privacy and data protection rules apply to legal persons and should they? A proposal for a two-tiered system”, Computer Law & Security Review, 31(1), 26–45.
27. Wong, Benjamin (2019). “Delimiting the concept of personal data after the GDPR”, Legal Studies, 39(3), pp. 517–532.
D) Reports & Opinions
29. International Association of Privacy Professionals, Global Comprehensive Privacy Law Mapping Chart, 2022.
30. OECD. 2010. The economics of personal data and privacy: 30 years after the OECD guidelines. At:http://www.oecd.org/internet/ieconomy/theeconomicsofpersonaldataandprivacy30yearsaftertheoecd privacyguidelines.htm
31. Article 29 Data Protection Working Party, Opinion 4/2007 on the concept of personal data, 2007.
32. The Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, Council of Europe, 1981 and 2018 amendment.Explanatory report
E) Cases
33. AMANN v. SWITZERLAND 2000
34. ECJ Case C-434/16 Peter Nowak [2017]
35. European Court of Human Rights, Case Drelon v France 2022
F) Legislation & Regulations
36. Regulation(EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) .
37. Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data
38. The Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, Council of Europe, 1981 and 2018 amendment
39. Charter of Fundamental Rights of the European :union: Article 2000