Avrupa Birliği Genel Veri Koruma Tüzüğü Kapsamında Getirilen Yeni Teknik ve Yaptırım Mekanizmaları

Yıl 2020, Cilt: 20 Sayı: 2, 127 - 142, 25.06.2020

İpek Çimen Bulut

https://doi.org/10.18037/ausbd.758041

Öz

Özellikle 2000’li yıllarda, bilgi ve iletişim teknolojilerinde yaşanan gelişmeler, hayatımızın her alanının dijitalleşmesine yol açmıştır. Hızla dijitalleşen bu dünyada, bireyler için yeni iş fırsatları, çevirim içi işlem yapma ve bilgiye erişim kolaylıkları gibi pek çok fırsat barınsa da, dijitalleşme beraberinde, özellikle de dijital işlemlerin çevirim içi ortamda bıraktığı ayak izleri sebebiyle, kişisel verilerin korunması kapsamında önemli riskler de getirmiştir. Dijitalleşme ile ortaya çıkarak kişisel verilere yönelen bu yeni nesil risk ve tehditler ile bunlardan korunma yolları, Avrupa Birliği’nin zihnini uzun zamandır meşgul etmektedir. 25 Mayıs 2018 tarihinde yürürlüğe giren ve Birlik çapında uyumlulaştırılmış ve doğrudan uygulanabilir yasa hükümleri içeren “Avrupa Birliği Genel Veri Koruma Tüzüğü”, güçlendirilmiş Birlik yasaları kapsamında kişisel verilerin korunması ve serbest dolaşımlarının sağlanması bakımından atılmış önemli bir adımdır.

Bu çalışmada, “Avrupa Birliği Genel Veri Koruma Tüzüğü ile”, kişisel veri güvenliğinin sağlanması bağlamında getirilen yeni teknik ve yaptırım mekanizmaları, çeşitli Birlik belgelerinin de yardımı ile açıklanmaya çalışılmıştır.

Anahtar Kelimeler

Kişisel Verilerin Korunması, Avrupa Birliği 2016/679 Sayılı Genel Veri Koruma Tüzüğü, Tasarımla ve Varsayılan Ayarlarla Veri Koruma, Veri Koruma Etki Değerlendirmesi, Takma Ad

Kaynakça

• Albrecht, J.P. (2016). How the GDPR will change the world. European Data Protection Law Review, 2(3), 287-289.
• Alexe, I. (2018, Ocak-Haziran). Personal data protection, the sanctioning regime provided by regulation (EU) 20167679 on the protection of personal data, Law Review, VIII(1), 60-73.
• Başalp, N. (2015). Avrupa Birliği veri koruması genel regülasyonu’nun temel yenilikleri, Marmara Üniversitesi Hukuk Fakültesi Dergisi, 21(1), 77-105.
• Bieker, F., Fiedewald, M., Hansen, M., Obersteller, H. ve Rost, M. (2016). A process for data protection impact assessment under the European general data protection regulation. S.Schiffner ve diğerleri (Ed.), Privacy Technologies and policy (s.21-37) içinde. İsviçre, Springer, doi: 10.1007/978-3-319-44760-5.
• Cavoukian, A. (2010, Mayıs). Privacy by Design, The 7 Foundational Principles Implementation and Mapping of Fair Information Practices, PbD. Erişim adresi: http://www.ontla.on.ca/library/repository/mon/24005/301946.pdf
• Cavoukian, A. (2010, Ağustos). Privacy by Design: the Definitive Workshop. A Foreword by Ann Cavoukian. Identity in the Information Society (IDIS), 3(2), 247-251.
• Danezis, G., Domingo-Ferrer, J., Hansen, M., Hoepman, J., Le Métayer, D., Tirtea, R., Schiffner, S., (2014). Privacy and Data Protection by Design from Policy to Engineering. ENISA, Erişim adresi: https://www.enisa.europa.eu/publications/privacy-and-data-protection-by-design
• De Hert, P. ve Papakonstantinou, V. (2012). The Proposed Data Protection Regulation Replacing Directive 95/46/EC: A Sound System for the Protection of Individuals. Computer Law & Security Review, 28(2), 130-142.
• Diaz Diaz, E. (2016). The new European Union general regulation on data protection and the legal consequences for institutions. Church, Communication and Culture, 1(1), 206-239.
• Esayas, S.Y. (2015). The Role of Anonymisation and Pseudonymisation under the EU Data Privacy Rules: Beyond the “All or Nothing” Approach. European Journal of Law and Technology, 6(2), 1-23.
• Golla S.J. (2017). Is data protection law growing teeth? The current lack of sanctions in data protection law and administrative fines under the GDPR. Journal of Intellectıal Property, Information Technology and E-Commerce Law, 70(8/1), 70-78.
• Hofmann, H. C. (2013). The right to an ‘effective judicial remedy’ and the changing conditions of implementing eu law. Lüksemburg Üniversitesi, Hukuk Fakültesi, Çalışma Kağıdı Serisi, No.2, Lüksemburg. Erişim adresi: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2292542
• Mansfield-Devine, S. (2017). Meeting the needs of GDPR with Encryption. Computer Fraud and Security, 9, 16-20.
• Oxman, S.A. (2000). Exemptions to the European Union personal data privacy directive: Will they Swallow the directive?. Boston College International and Comparative Law Review, 24(1), 191-203.
• Parliament, E. (1995). Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. Official Journal of the European Communities, number L(281), 31-50.
• Regulation, G. D. P. (2016). Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46. Official Journal of the European Union (OJ), 59(1-88), 294.
• Sanchez, A. N. (2016). “Privacy by default” and active “informed consent” by layers: Essential measures to protect ICT users’ privacy. Journal of Information, Communication and Ethics in Society, 14(2), 124-138.
• Spataru-Negura, L.C. ve Lazar, C. (2018). Lifting the Veil of the GPPR to Data Subjects. Challenges of the Knowledge Society, Nicolae Titulescu Universitesi, Romanya. Erişim adresi: http://cks.univnt.ro/articles/12.html
• Spindler, G. ve Schmechel, P. (2016). Personal data and Encryption in the European general data protection regulation. Journal of Intellectual Property, Information Technology and E-Commerce Law, 7(2), 163-177.
• Tikkinen-Piri, C., Rohunen, A. ve Markkula, J. (2018). EU general data protection regulation: changes and implications for personal data collecting companies. Computer Law and Security Review: The International Journal of Technology Law and Practice, 34(1), 134-153.
• Voigt, P. ve Von Dem Bussche, A. (2017). The EU general data protection regulation (GDPR), A practical guide. İsviçre: Springer. Wachter, S. (2018). Normative challenges of identification in the internet of things: Privacy, profiling, discrimination and the GDPR. Computer Law and Security Review, 34(3), 436-449.
• Voss, W.G., (Winter 2016-2017). European Union data privacy law reform: General data protection regulation, privacy shield, and the right to delisting. The Business Lawyer, 72(1), 221-234.
• Article 29 Data Protection Working Party, (2017). Guidelines on Personal Data Breach Notification under Regulation 2016/679. Brüksel: WP250. Erişim adres: https://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612052
• Article 29 Data Protection Working Party, (2017). Guidelines on the Application and Setting of Administrative Fines for the Purposes of the Regulation 2016/679. Brüksel: WP 253. Erişim adresi: https://knowww.eu/search-tree?t=5ad7131ed39f5aa2bcbf0f34#
• Article 29 Data Protection Working Party, (2017). Guidelines on Data Protection Impact Assessment (DPIA) and Determining Whether Processing is ‘Likely to result in a High Risk’ for the Purposes of Regulation 2016/679. Brüksel: WP 248. Erişim adresi: https://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=611236
• Article 29 Data Protection Working Party, (2018). Statement of the WP29 on encryption and their impact on the protection of individuals with regard to the processing of their personal data in the EU. Brüksel. Erişim adresi: https://www.aepd.es/sites/default/files/2019-09/art29-statement.pdf
• European Commission, (2010). Communication from the Commission to the European Parliament, the Council, the Economic and Social Committee and the Committee of the Regions, A Comprehensive Approach on Personal Data Protection in the European Union, COM (2010) 609 final. Erişim adresi: https://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=COM:2010:0609:FIN:EN:PDF
• European Data Protection Supervisor, (2015). Opinion 8/2015, Dissemination and Use of Intrusive Surveillance Technologies. Erişim adresi: https://edps.europa.eu/sites/edp/files/publication/15-12-15_intrusive_surveillance_en.pdf
• European Union Agency for Fundamental Rights, (2018). Handbook on European Data Protection Law, Luxembourg. Erişim adresi: https://www.echr.coe.int/Documents/Handbook_data_protection_ENG.pdf
• UK Information Commissioner’s Office (ICO), (2019). Guide to the General Data Protection Regulation (GDPR), Data Protection by Design and Default. Erişim adresi: https://ico.org.uk/media/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr-1-0.pdf