PricingBlogAbout Us

Global Investigations: EU GDPR Data Production and Transfer Report

Verified

Added on  2023/04/08

|9
|1606
|300
Report
AI Summary
This report, prepared for a course on Global Forensic Investigations, addresses the complexities of data production and transfer within the framework of the EU's General Data Protection Regulation (GDPR). It outlines the actions investigators must take to comply with GDPR directives when requesting and transferring data, especially in cross-border scenarios involving the United States. The report details factors considered by U.S. courts when deciding whether to order the production of data, considering legal basics under GDPR for personal data processing, including the role of consent, public interest, and vital interests. The report also covers the legal basis for conducting personal data processing, explaining key terms such as consent, legitimate interests, public interest, contractual necessity, legal obligations, and vital interests to provide a comprehensive overview of the interplay between international investigations and data privacy regulations, emphasizing the importance of adhering to GDPR guidelines to ensure the protection of personal data during investigations. The report uses references from various sources and provides a detailed analysis of the legal and practical implications of GDPR in the context of global investigations, emphasizing the need for compliance with the EU regulations.
Document Page
Running head: INFORMATION TECHNOLOGY
Information Technology
(GLOBAL FORENSIC INVESTIGATIONS/COMPUTER INVESTIGATIONS)
Name of the Student
Name of the Student
Author Note:
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
1INFORMATION TECHNOLOGY
Table of Contents
Introduction..........................................................................................................................2
Discussion............................................................................................................................2
Action taken by investigator for production and transfer of data within EU GDPR
directives......................................................................................................................................2
Factors taken by U.S for deciding the production of Data..............................................3
Legal basics under GDPR for personal data processing..................................................4
Consent............................................................................................................................5
Public Interest..................................................................................................................5
Vital Interest....................................................................................................................5
Conclusion...........................................................................................................................6
References............................................................................................................................7
Document Page
2INFORMATION TECHNOLOGY
Introduction
General Data Protection Regulation (GDPR) is one significant law that has been
introduced till date in the whole EU history. The resultant of the whole discussion is all about
privacy arrangement (Ferrari, 2018). Successor of GDPR aims to provide good interpretation and
implementation so that it can meet the requirement. Privacy is known to be as one of the major
areas of concern both in the past, present and also in the coming days. Within GDPR, EU
resident has gained huge amount of control on the personal data.
In the coming pages, a list of action taken by investigator for both production and transfer
of data with EU GDPR directives has been discussed in details. After that, a list of factors has
been discussed which can be taken by U.S for understanding the production of data. Legal basics
under GDPR for processing of personal data has been provided in details.
Discussion
Action was taken by investigator for production and transfer of data within
EU GDPR directives
GDPR aims to lay down various kind of rules which is needed for data protection and
rules for easy movement of personal data within the union. Data under GDPR is considered to be
part of cross-boundary delivery (Goddard, 2017). There is list of derogation which helps in this
kind of processing. Transfer of data is considered to be challenging when dealing at the time of
cross-border discovery requiring the involvement of European Union and United States. It is
totally deemed by European Union like a country that has inadequate mechanism for protecting
personal data. If there is absence of adequacy, then will be transfer of data in united states which

This is a preview!

Do you want full access?

icon

Trusted by 1+ million students worldwide

Document Page
3INFORMATION TECHNOLOGY
can take place if only if there are appropriate safeguard. The investigator needs to abide by
Article 26 and Recital 108 of GDPR outline for the data transfer from Union to United States. It
is mainly required for proper protection of personal data. It comes up with huge number of
mechanism the most popular one is privacy shield (Albrecht, 2016). It is required for data
protection clauses along with collecting corporate rules. EU-US privacy shield data protection
framework is a well-known self-certification mechanism which is required by various
organization to transfer data to any organization. Under the privacy shield framework, there is
organization who have the ability to move personal data which is covered by GDPR from EU to
US. The given data should stay within the protection of this framework.
Binding Corporate Rules (BCR) is a similar kind of function which is there in privacy
shield for binding agreement (Sousa et al., 2018). It is mainly needed for binding agreements
which can be used for protection of personal data and subjects. It mainly tends to highlight rights
when data is covered by GDPR for proper transfer within the jurisdiction like United States. It
does not offer any kind adequate protection of data.
Factors taken by U.S for deciding the production of Data
As per the article 49, when none of the transfer mechanism is applied. Then the transfer
of data to third country or international organization is allowed if one of the factors is applied
(Team, 2017). U.S court needs to check the below list of parameters for ordering the production
of data:
In general data is subject of consent to propose the transfer, after understanding
the possible risk of such transfer of data. It is mainly seen as a result of transfer
of data due to absence of any adequacy decision and its safeguarding.
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
4INFORMATION TECHNOLOGY
Transfer is known to be an proper part of performance which is there between
subject of data and implementation of pre-contractual based measures.
Transfer is an important criterion for both conclusion or even performance of
contract which is a part of data subject that is between controller and legal
person.
Transfer is known to be an important reason for public interest.
Transfer is necessary for establishing, exercise and defense of legal claims.
Transfer is mandatory for the protection of required information of data subject
of another person(Giannopoulou & Ferrari, 2018). Data subject is required for
physical or legal incapability for providing consent.
Legal basics under GDPR for personal data processing
GDPR aims to provide six scenes where data processing is considered to be legal like:
Data subject has provided us consent for processing of individual data for one or
more purpose.
Processing is important for performance of contract to which data is subjected to
party (Wachter, Mittelstadt & Floridi, 2017). It is mainly done so that they can
necessary steps for request of data before entering into the contract.
Processing of data is vital for compliance with the legal obligations which is
given to the controller.
Processing is an important point for protection of vital interest of data subject.
Processing is vital for the given task which is done for the given public interest.
Document Page
5INFORMATION TECHNOLOGY
Processing is required by the legitimate interest which is totally pursued by third
party.
Consent
As per (Recitals 32, 42, 43; Article 6(1)(a)) data controllers are left with last kind of
resort that is the permission obtained for processing of personal data. Consent needs to be very
much exclusive that is the data subject discretionary action (Kotsios et al., 2019). It aims to
provide positive and free response to good structure, description for processing activity. As per
the principle “opt-in”, no kind of processing can occur until and unless consent is assured. Data
controller is needed for demonstrating the consent and understanding the presence of audit trail
(Giannopoulou & Ferrari, 2018). It is mandatory for age verification of child which ensures
consent for data processing activity.
Public Interest
According to Recital 45 of Article 6(1)(e) of GDPR, the task is performed in the public
interest or even with exercise of authority that is controller vested. It is required for proper
processing of data of GDPR (Goodman, 2016). In most cases, permission is granted by default
and processing is carried out on the subject of data. It is recognized for full review of specifics of
the given situation. It provides an idea regarding the data control subjects of public interest
(Wachter, Mittelstadt & Floridi, 2017). The object may depend on the situation but it needs to be
acknowledged and reply in timely way.
Vital Interest

This is a preview!

Do you want full access?

icon

Trusted by 1+ million students worldwide

Document Page
6INFORMATION TECHNOLOGY
As stated by Recital 46, Article 6(1) d, there is some situation which is not covered by
any particular law. In the absence of contract, processing is totally permitted if and only if it is
important to protection of vital interest (Voss, 2017). This particular condition can be extended
or transmitted to individuals. One can easily apply this, on the basis of vital interest which can be
applied to life or death cases.
Conclusion
From the above pages, the point can be concluded that this report is all about GDPR data.
The main function of GDPR is to enhance the overall rights to data subject and aims too much
responsibility on both processor and controller of personal data. In the report, binding corporate
rules, data protection clauses are needed for providing facility and access for the movement of
data of EU. It will ultimately help in application of technologies and diversification of resources
for analyzing and filtering data. Organization will be held responsible for the data processed by
them. They will require explicit consent from resident so that they can process it. Within a month
or two, GDPR compliance will be one of major areas of focus for various areas around the globe.
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
7INFORMATION TECHNOLOGY
References
Albrecht, J. P. (2016). How the GDPR will change the world. Eur. Data Prot. L. Rev., 2, 287.
Ferrari, V. (2018). EU Blockchain Observatory and Forum Workshop on GDPR, Data Policy
and Compliance. Institute for Information Law Research Paper, (2018-04).
Giannopoulou, A., & Ferrari, V. (2018). Distributed Data Protection And Liability On
Blockchains. In INTERNET SCIENCE. 5th International Conference, INSCI (pp. 24-26).
Goddard, M. (2017). The EU General Data Protection Regulation (GDPR): European regulation
that has a global impact. International Journal of Market Research, 59(6), 703-705.
Goodman, B. W. (2016). A step towards accountable algorithms? algorithmic discrimination and
the european union general data protection. In 29th Conference on Neural Information
Processing Systems (NIPS 2016), Barcelona. NIPS Foundation.
Kotsios, A., Magnani, M., Rossi, L., Shklovski, I., & Vega, D. (2019). An Analysis of the
Consequences of the General Data Protection Regulation (GDPR) on Social Network
Research. arXiv preprint arXiv:1903.03196.
Sousa, M., Ferreira, D. N. G., Pereira, C. S., Bacelar, G., Frade, S., Pestana, O., & Correia, R. C.
(2018). OpenEHR Based Systems and the General Data Protection Regulation (GDPR).
Building Continents of Knowledge in Oceans of Data: The Future of Co-Created
eHealth.
Team, I. P. (2017). EU general data protection regulation (GDPR): an implementation and
compliance guide. IT Governance Ltd.
Document Page
8INFORMATION TECHNOLOGY
Voss, W. G. (2017). European Union data privacy law reform: General Data Protection
Regulation, privacy shield, and the right to delisting.
Wachter, S., Mittelstadt, B., & Floridi, L. (2017). Why a right to explanation of automated
decision-making does not exist in the general data protection regulation. International
Data Privacy Law, 7(2), 76-99.

This is a preview!

Do you want full access?

icon

Trusted by 1+ million students worldwide

chevron_up_icon
1 out of 9
circle_padding
hide_on_mobile
zoom_out_icon
logo.png

Your All-in-One AI-Powered Toolkit for Academic Success.

  +13062052269
info@desklib.com

Available 24*7 on WhatsApp / Email

[object Object]
Unlock your academic potential

Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.