Preface

摘要

The year 2016 saw a raft of advances in data protection regulation. Globally there were many questions raised about how to introduce and adopt data protection and data privacy legislation appropriately. In Europe, the General Data Protection Regulation (GDPR) poses challenges to organizations and businesses that provide services based on personal data. Adopted in April 2016, the regulation will come into force in May 2018. While it retains the main principles embedded in the former Data Protection Directive 95/46/EC, it introduces new measures and strengthens others. Major changes in areas to be regulated include data subjects' rights to be forgotten and data portability, the requirement for data controllers to enable privacy by design and default, and the introduction of potentially serious fines for non-compliance with the law for global players. These elements have the potential to improve privacy and data protection, but they also pose a number of difficulties regarding scope, feasibility, and implementation. Other forms of legislation also changed the regulatory scene, with their effects on privacy and identity. The 2015 Cyber Security Directive and the "Privacy Shield," which replaces the Safe Harbour Agreement, also raise new questions.