The Unbearable Ease of Processing of Personal Data by Public Administration Bodies
Vol.11,No.22(2020)
The Personal Data Processing Act introduced some specific rules for the processing of personal data by public authorities and public entities. One of these specifics is the impossibility of imposing an administrative sanction on these entities in the event of a breach of personal data protection rules. The authors of this article focused on the existence and current application of this exception to the sanctioning power by the Office for Personal Data Protection. They present an overview of the Office's current decision-making practice and subject it to critical analysis. They then place this analysis in a more general theoretical framework important for understanding the functioning of personal data protection regulation within the General Data Protection Regulation. Specifically, they address sanctions in regulation based on performance-based rules, as is the case with the General Data Protection Regulation. The authors derive specific negative consequences of the current legislation and its application in specific cases and come up with proposals for a solution consisting in legislative regulations and a change in the interpretation of the current wording of the law.
personal data; GDPR; public authority; administrative sanction
s. 145–174
[1] Böröcz, I. Risk to the Right to the Protection of Personal Data: An Analysis Through the Lenses of Hermagoras. European Data Protection Law Review. 2016, č. 4, s. 467–480. https://doi.org/10.21552/EDPL/2016/4/6
[2] Coglianese, C. The Limits of Performance-Based Regulation. University of Michigan Journal of Law Reform. 2017, č. 3, s. 525–564.
[3] Van Dijk, N., Gellert, R., Rommetveit, K. A risk to a right? Beyond data protection risk assessments. Computer Law & Security Review. 2016, č. 2, s. 286–306. https://doi.org/10.1016/j.clsr.2015.12.017
[4] Fuller, L. L. The morality of law. New Haven: Yale University Press, 1978.
[5] Hert, P. De. Gutwirth, S. Privacy, Data Protection and Law Enforcement. Opacity of the Individual and Transparency of the Power. In: Claes, E.; Duff, A.; Guthwirth, S., eds. Privacy and the criminal law. Antwerp: Intersentia, 2006, 199 s. ISBN 978-90-5095-545-4.
[6] Knapp, V. Teorie práva. Praha: C.H. Beck, 1995. Právnické učebnice.
[7] Lynskey, O. Deconstructing Data Protection: The ‘added-Value’ of a Right to Data Protection in the Eu Legal Order. International & Comparative Law Quarterly. 2014, č. 3, s. 569–597. https://doi.org/10.1017/S0020589314000244
[8] May, P. J. Performance-Based Regulation and Regulatory Regimes: The Saga of Leaky Buildings. Law & Policy. 2003, č. 4, s. 381. https://doi.org/10.1111/j.0265-8240.2003.00155.x
[9] Míšek, J. Osobní údaje v čase a prostoru [online]. Brno, 2020 [vid. 30. 10. 2020]. Dostupné z: <https://is.muni.cz/th/wpa9m/>. Disertační práce. Masarykova univerzita, Právnická fakulta.
[10] Moravec, M. Základní otázky zpracování osobních údajů ve veřejné správě. Právní rozhledy. 2020, č. 17, s. 576–583.
[11] Mulgan, R. ‘Accountability’: An Ever-Expanding Concept? Public Administration. 2000, č. 3, s. 555–573. https://doi.org/10.1111/1467-9299.00218
[12] Nulíček, M. et al. Zákon o zpracování osobních údajů. Praha: Wolters Kluwer ČR, 2019. In ASPI [právní informační systém].
[13] Nulíček, M. et al. GDPR - obecné nařízení o ochraně osobních údajů. Praha: Wolters Kluwer, 2017. In ASPI [právní informační systém].
[14] Polčák, R. Getting European Data Protection Off the Ground. International Data Privacy Law. 2014 [cit. 30. 10. 2020]. idpl.oxfordjournals.org
[15] Polčák, R. et al. Virtualizace právních vztahů a nové regulatorní metody v pozitivním právu. Právník. 2019, č. 1, s. 86–98.
[16] Quelle, C. Enhancing Compliance under the General Data Protection Regulation: The Risky Upshot of the Accountability and Risk-based Approach. European Journal of Risk Regulation. 2018, č. 3, s. 502–526. https://doi.org/10.1017/err.2018.47
[17] Vlachová, B., Maisner, M. Zákon o zpracování osobních údajů. 1. vydání. Praha: Nakladatelství C. H. Beck, 2019, 163 s. ISBN 978-80-7400-760-6.
[18] Organizace pro hospodářskou spolupráci a rozvoj. OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data. Oecd.org [online, vid. 30. 10. 2020]. Dostupné z: https://www.oecd.org/internet/ieconomy/oecdguidelinesontheprote cti- onofprivacyandtransborderflowsofpersonaldata.htm.
[19] Liability. The Law Dictionary [online, vid 30. 10. 2020]. Dostupné z: https://thelawdic- tionary.org/liability/.
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
Copyright © 2020 Jakub Míšek, Vojtěch Bartoš