New Technology User Liability for Data Loss and Damages
Keywords:
Liability, Security measures for information technology, Data subject, Sensitive data, Grid technology, Cloud data storageAbstract
Information technology is spreading in all fields of our lives. We use new technologies for many purposes, but many of us are not willing to learn more than necessary basics. The author elaborates some of the legal cases that were discussed in courts, and that show the responsibility of the technology user for not applying essential security measures. Jurisprudence has determined that the level of security should be different for various types of data, depending on how sensitive information the subject is processing. It is hard, but needed, to elaborate the cost and benefit analysis in accordance for application of advanced information technology. Nevertheless, security of data could be expensive; it is always cheaper than damage reparation. The imminent risks are those of data loss and modification, but also of data steeling by interested subjects. New instruments give a great input in health and education services, but also the data they are elaborating are of great interest for predators, but also for data subjects. The use of cloud and grid technology is very productive for these fields, but, considering the risks, those should be used wisely and with great with. Goal of the paper is to examine the legal obligations of personal data storage in EU and general conditions of cloud storage services. The legal texts are going to be examined and analysed and correlated with legal obligations.
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
References
Bianca, C.M., Busnelli, F.D. (2007) “La protezione dei dati personali” [“Protection of personal data”], CEDAM, Padova
Case law (2003) “Bodil Lindqvist, C-101/01”, 6 November 2003.
Council of Europe Convention of 28 January 1981 for the Protection of Individuals with regard to Automatic Processing of Personal Data
Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (Official Journal L 281, 23/11/1995, P. 0031-0050)
Gorenc, V. et al. (2014) “Komentar Zakona o obveznim odnosima” [“Commentary on the Obligation Law”], Narodne Novine, Zagreb
Hammond, T. (2015) “Research: 68% report cost is biggest data storage pain point”, available at: http://www.techproresearch.com/article/research-68-report-cost-is-biggest-data-storage-pain-point/ (accessed July 5th 2015)
Kesan, J. P., Hayes, C. M., Bashir, M. N. (2013) “Information Privacy and Data Control in Cloud Computing: Consumers, Privacy Preferences, and Market Efficiency”, Washington & Lee Law Review, Vol. 70, pp. 341-472.
Korff, D., Brown, I. (2010) “Comparative study on different approaches to new privacy challenges, in particular in the light of technological developments”, European Commission, available at: http://ssrn.com/abstract=1636706 (accessed July 5th 2015)
Kuner, C. (2007), “European Data Protection Law, Corporate Compliance and Regulation”, second edition, Oxford University Press.
Modesti, G. (2003), “La responsabilità oggettiva e lo svolgimento delle attività pericolose ai sensi dell’art. 2050 Codice civile, con particolare riferimento al trattamento dei dati personali alla luce del decreto legislativo n. 196/2003”, [“Strict liability and the execution of dangerous activities in aspects of art. 2050 of the Civil code, with the particular aspects of processing of personal data in accordance of legislative decret n. 196/2003”], available at: http://www.diritto.it/docs/22176-la-responsabilit-oggettiva-e-lo-svolgimento-delle-attivit-pericolose-ai-sensi-dell-art-2050-codice-civile-con-particolare-riferimento-al-trattamento-dei-dati-personali-alla-luce-del-decreto-legis (accessed May 15th 2015).
Mystral, E. (2015), “HIPAA Does not Apply To ESPN, You Freaking Idiots, Above The Law, Redline”, available at: http://www.atlredline.com/hipaa-does-not-apply-to-espn-you-freaking-idiots-1716847857 (accessed July 8th 2015).
Simitis, C. (2006), “Bundesdatenshutzgesetz”, [“Federal Data Protection Law”], Frankfurt, Nomos.
Solve, D.J., Rotenberg, M., Schwanrtz, P.M. (2005), “Information Privacy Law”, New York, Aspen Publishers.
