Data regulation

ideally, the legal system should prioritise the protection and rights of citizens over corporate and government power

this does not mean that citizens have unlimited protection and rights! Corporations and governments also have various rights to data.

The challenge is to reconcile these different interests and rights in the regulatory environment.

citizen's rights

government's right

corporate's rights

right to know

business rights

right to know

privacy

invasion vs. protection

right to know

state interest

(state's right)

government's =(state's) rights related to data

systematic and periodical statistical data collection about its citizens - for governance, planning
surveillance for protection, self defence
prohibit the public disclosure of certain data

limitations

linking certain datasets
surveillance of citizens, abusing their privacy
withhold information of public interest or prohibit the disclosure of information in the public interest

corporations', businesses' rights related to data

using statistical data collected by the state
using certain consumer data based on contractual agreement and individual consent
protecting their own data for business reasons

limitations

using or selling consumer privacy data without consent

citizens' rights related to data

using statistical data collected by the state
being protected of governmental and business abuses
privacy
request and obtain information about the operations of the state/government, its budget, contracts, decisions
"right to be forgotten"

limitations

prohibiting the release of certain public/governmental data is reasonable and justifiable
access to private company data is significantly limited

Because the relationship between citizens, governments and corporations is asymmetric, this data-related relationship is governed by international regulatory frameworks, conventions, transnational, multilateral and local laws and self-regulatory mechanisms.

General criticisms of the regulations

Regulation is a slow process, and by the time a framework is in place it is already outdated, especially in the digital space
Strict regulation, originally designed to protect and extend citizens' rights, is being softened in the process by government and corporate lobbying interests (GDPR)
While regulations are primarily for the benefit of citizens, their "floating" nature means that they are often abused by companies (Hell vs. Forbes)
There are no real consequences for government and corporate non-compliance or abuse (FOI requests)

Business criticism

The relationship between corporations and citizens should be governed only by contracts between the two parties
Any regulation on data management and use by companies is in fact a serious interference with the freedom to conduct a business and the free market
Self-regulation by the industry would be more than enough, as misuse of data is already penalised by consumers
citizens do not really care about this issue as much as the regulations want to be strict

Government criticism

Freedom of information is often abused by citizens (and the media), and the burden on the administration to comply with requests is disproportionate and pointless
The legislation ignores the interests of the state (raison d'état), opening the door to hostile intelligence activities, terrorism, criminal organisations, destabilising anti-state conspiracies
citizens do not really care about this issue as much as the regulations want to be strict

Phylosophical criticism

Raison d'état/etatism: "the state above all". the state has not only the right but also the duty to make authoritative decisions about who has access to certain data and to what extent, and to what extent it grants itself access to citizens' data, in order to protect the well-being of its citizens and the state.

Libertarian "contractualism": The relationship between the state, corporations and the individual is not governed by lofty ideals, but - rightly - by win-win contracts based on interests. Individuals should not be protected, but encouraged not to accept contracts that run counter to their interests.

Recent tendencies

Citizens' privacy rights are declining worldwide, even in democratic states
Meanwhile, governments (states) are increasingly expanding their access to their citizens' privacy and reducing citizens' access to data of public interest
Governments and corporations often do not even comply with existing regulations, without real sanctions, regulations have no deterrent effect

GDPR

- General Data Protection Regulation (EU and EEA), 2016-2018 15th May
- Original scope: giving individuals more control over their personal data. covers all forms of personal data, including names, email addresses, location data, IP addresses, and more.

Personal Data Rights:

Right to Access: Individuals can request access to their data and understand how it is being used.
Right to Rectification: Individuals can have inaccurate data corrected.
Right to Erasure (Right to be Forgotten): Individuals can request the deletion of their data under specific circumstances.
Right to Data Portability: Individuals can request their data in a portable format.
Right to Object: Individuals can object to data processing in certain cases, such as for direct marketing.

How does it work?

Experience so far shows that the results of the GDPR co-regulation are mixed

- many companies and government bodies do not comply with the obligations described in the GDPR, they do not respond to inquiries and requests.
- Administration is very slow
- GDPR regulations are often used by courts to protect corporate or criminal interests

Local regulatory frameworks (idealtypic cases)

- Data Protection Acts (Hungary: 1992, 2011, GDPR 2018)
- Freedom of Information Acts (Hungary: 1992, 2011, 2018)
- Üvegzseb (Glasspocket Law) - (Hungary: 2003)
- Statistical law (Hungary: 1993, 2016)
- National Security Act (Hungary: 1995, 2005, 2022)
- Property Protection Law (Hungary: 2005, 2019)

Supervision: courts, Data Protection Authority (ombudsman)

NGOs: Hungary: Hungarian Civil Liberties Union (TASZ), Amnesty, Transparency International, K-Monitor

Media:

Controversies

- RTBF (Right to be Forgotten) origin: Google Spain vs. Mario Costeja Gonzales (2014).
- Hell vs. Forbes Hungary ("the journalistic right to access business data is not the same as the right to publish it")
- "national strategic importance"

Data

By Attila Bátorfy

Data regulation

ideally, the legal system should prioritise the protection and rights of citizens over corporate and government power

this does not mean that citizens have unlimited protection and rights! Corporations and governments also have various rights to data.

The challenge is to reconcile these different interests and rights in the regulatory environment.

citizen's rights

government's right

corporate's rights

right to know

business rights

right to know

privacy

invasion vs. protection

invasion vs. protection

invasion vs. protection

right to know

state interest

(state's right)

government's =(state's) rights related to data

systematic and periodical statistical data collection about its citizens - for governance, planning

surveillance for protection, self defence

prohibit the public disclosure of certain data

limitations

linking certain datasets

surveillance of citizens, abusing their privacy

withhold information of public interest or prohibit the disclosure of information in the public interest

corporations', businesses' rights related to data

using statistical data collected by the state

using certain consumer data based on contractual agreement and individual consent

protecting their own data for business reasons

limitations

using or selling consumer privacy data without consent

citizens' rights related to data

using statistical data collected by the state

being protected of governmental and business abuses

privacy

request and obtain information about the operations of the state/government, its budget, contracts, decisions

"right to be forgotten"

limitations

prohibiting the release of certain public/governmental data is reasonable and justifiable

​access to private company data is significantly limited

Because the relationship between citizens, governments and corporations is asymmetric, this data-related relationship is governed by international regulatory frameworks, conventions, transnational, multilateral and local laws and self-regulatory mechanisms.

General criticisms of the regulations

Regulation is a slow process, and by the time a framework is in place it is already outdated, especially in the digital space

Strict regulation, originally designed to protect and extend citizens' rights, is being softened in the process by government and corporate lobbying interests (GDPR)

While regulations are primarily for the benefit of citizens, their "floating" nature means that they are often abused by companies (Hell vs. Forbes)

There are no real consequences for government and corporate non-compliance or abuse (FOI requests)

Business criticism

The relationship between corporations and citizens should be governed only by contracts between the two parties

Any regulation on data management and use by companies is in fact a serious interference with the freedom to conduct a business and the free market

​Self-regulation by the industry would be more than enough, as misuse of data is already penalised by consumers

​citizens do not really care about this issue as much as the regulations want to be strict

Government criticism

Freedom of information is often abused by citizens (and the media), and the burden on the administration to comply with requests is disproportionate and pointless

The legislation ignores the interests of the state (raison d'état), opening the door to hostile intelligence activities, terrorism, criminal organisations, destabilising anti-state conspiracies

citizens do not really care about this issue as much as the regulations want to be strict

Phylosophical criticism

Recent tendencies

Citizens' privacy rights are declining worldwide, even in democratic states

Meanwhile, governments (states) are increasingly expanding their access to their citizens' privacy and reducing citizens' access to data of public interest

Governments and corporations often do not even comply with existing regulations, without real sanctions, regulations have no deterrent effect

GDPR

- General Data Protection Regulation (EU and EEA), 2016-2018 15th May - Original scope: giving individuals more control over their personal data. covers all forms of personal data, including names, email addresses, location data, IP addresses, and more.

How does it work?

Local regulatory frameworks (idealtypic cases)

Supervision: courts, Data Protection Authority (ombudsman) NGOs: Hungary: Hungarian Civil Liberties Union (TASZ), Amnesty, Transparency International, K-Monitor Media:

Controversies

- RTBF (Right to be Forgotten) origin: Google Spain vs. Mario Costeja Gonzales (2014). - Hell vs. Forbes Hungary ("the journalistic right to access business data is not the same as the right to publish it") - "national strategic importance"

Data

More from Attila Bátorfy

access to private company data is significantly limited

Self-regulation by the industry would be more than enough, as misuse of data is already penalised by consumers

citizens do not really care about this issue as much as the regulations want to be strict

- General Data Protection Regulation (EU and EEA), 2016-2018 15th May
- Original scope: giving individuals more control over their personal data. covers all forms of personal data, including names, email addresses, location data, IP addresses, and more.

Supervision: courts, Data Protection Authority (ombudsman)

NGOs: Hungary: Hungarian Civil Liberties Union (TASZ), Amnesty, Transparency International, K-Monitor

Media:

- RTBF (Right to be Forgotten) origin: Google Spain vs. Mario Costeja Gonzales (2014).
- Hell vs. Forbes Hungary ("the journalistic right to access business data is not the same as the right to publish it")
- "national strategic importance"