Journal №1 (2024)
Dear Reader, We are pleased to present the third edition of the Journal of Personal Data Protection Law, dedicated to the enactment of new law of Georgia “On Personal Data Protection." See in ...
2024-11-05
Welcome Letter
∘ Lela Janashvili ∘
.
Dear Reader, We are pleased to present the third edition of the Journal of Personal Data Protection Law, dedicated to the enactment of new law of Georgia “On Personal Data Protection." See in ...
2024-11-05
Journal №1 (2024)
The new „Trans-Atlantic Data Privacy Shield Framework“-Agreement is the successor of the „EU-US Privacy Shield“-Agreement. The European Commission’s adequacy decision, which was based on the latter, was declared invalid bei the Court of Justice of the European Union in July 2020 in the sensational „Schrems II“ judgement. Prior to this, the judges in Luxembourg had already criticised the adequacy decision, which was based on the predecessor agreement known as „Safe Harbour“- Agreement. The reason in both cases was the far-reaching surveillance and intervention powers of the US security authorities with regard to the personal data of citizens of the European Union. These two judgements meant that, according to the Court of Justice, the level of data protection in the USA was not equivalent to that in the European Union. See in ...
2024-11-05
Transfer of Personal Data to Third Countries - "Safe Harbour", "EU-US Privacy Shield" and "Trans-Atlantic Data Privacy Framework"
∘ Norbert Bernsdorff ∘
Abstract
The new „Trans-Atlantic Data Privacy Shield Framework“-Agreement is the successor of the „EU-US Privacy Shield“-Agreement. The European Commission’s adequacy decision, which was based on the latter, was declared invalid bei the Court of Justice of the European Union in July 2020 in the sensational „Schrems II“ judgement. Prior to this, the judges in Luxembourg had already criticised the adequacy decision, which was based on the predecessor agreement known as „Safe Harbour“- Agreement. The reason in both cases was the far-reaching surveillance and intervention powers of the US security authorities with regard to the personal data of citizens of the European Union. These two judgements meant that, according to the Court of Justice, the level of data protection in the USA was not equivalent to that in the European Union. See in ...
2024-11-05
Journal №1 (2024)
In an increasingly digital world, the protection of personal data is paramount for individuals, organizations, and regulators. As data collection technologies evolve, so must methods for ensuring data privacy. This paper explores synthetic data as a promising privacy-enhancing technology (PET) for anonymization, focusing on legal, theoretical, and practical perspectives. Synthetic data, generated algorithmically, do not pertain to real individuals, making them valuable for data science and AI development while preserving privacy. We examine the regulatory context, particularly under the GDPR, and identify privacy risks and attacks that anonymization must defend against. We argue that synthetic data, when properly generated, can meet anonymization standards and provide deployment recommendations to mitigate privacy risks. Our findings contribute to a standardized framework for synthetic data privacy assurance, aligning with current and future data protection regulations. See in ...
2024-11-05
Legal and Regulatory Perspectives on Synthetic Data as an Anonymization Strategy
∘ Alexander Boudewijn ∘ Andrea F. Ferraris ∘
Abstract
In an increasingly digital world, the protection of personal data is paramount for individuals, organizations, and regulators. As data collection technologies evolve, so must methods for ensuring data privacy. This paper explores synthetic data as a promising privacy-enhancing technology (PET) for anonymization, focusing on legal, theoretical, and practical perspectives. Synthetic data, generated algorithmically, do not pertain to real individuals, making them valuable for data science and AI development while preserving privacy. We examine the regulatory context, particularly under the GDPR, and identify privacy risks and attacks that anonymization must defend against. We argue that synthetic data, when properly generated, can meet anonymization standards and provide deployment recommendations to mitigate privacy risks. Our findings contribute to a standardized framework for synthetic data privacy assurance, aligning with current and future data protection regulations. See in ...
2024-11-05
Journal №1 (2024)
Starting from March 1, 2024, with the implementation of the Law of Georgia “On Personal Data Protection,” the updated regulations governing database management and security have gained particular significance. Legislative and institutional developments emphasize the necessity of examining the operation of the notary electronic registry to determine the obligations of notaries in relation to personal data processing, as well as the potential legal consequences of breaches in data security. See in ...
2024-11-05
Notary Electronic Registry and Data Security
∘ Ekaterine Shengelia ∘ Irakli Leonidze ∘
Abstract
Starting from March 1, 2024, with the implementation of the Law of Georgia “On Personal Data Protection,” the updated regulations governing database management and security have gained particular significance. Legislative and institutional developments emphasize the necessity of examining the operation of the notary electronic registry to determine the obligations of notaries in relation to personal data processing, as well as the potential legal consequences of breaches in data security. See in ...
2024-11-05
Journal №1 (2024)
This article examines the current legal issues surrounding personal data protection in action logs (commonly referred to as “logs”). With the implementation of the new law in Georgia, “On Personal Data Protection,” the necessity for a balance between the effectiveness of action logs as an information security measure and the high standard of protection for the personal data they contain has become increasingly urgent. See in ...
2024-11-05
Protection of Personal Data in Action Logs
∘ Maka Nutsubidze ∘
Abstract
This article examines the current legal issues surrounding personal data protection in action logs (commonly referred to as “logs”). With the implementation of the new law in Georgia, “On Personal Data Protection,” the necessity for a balance between the effectiveness of action logs as an information security measure and the high standard of protection for the personal data they contain has become increasingly urgent. See in ...
2024-11-05
Journal №1 (2024)
The protection of children's personal data is a topical and problematic issue. The urgency of this issue is determined by the status of children as data subjects, their rights, and the peculiarities of legislative regulations regarding the expression of these rights. Particularly noteworthy is the impact of digital technologies on children's daily lives and their ability to exercise these rights. This article reviews national and international standards for the processing of children's personal data to identify the expected risks and challenges. See in ...
2024-11-05
Challenges in the Processing of Childrens Personal Data
∘ Nino Khubulia ∘
Abstract
The protection of children's personal data is a topical and problematic issue. The urgency of this issue is determined by the status of children as data subjects, their rights, and the peculiarities of legislative regulations regarding the expression of these rights. Particularly noteworthy is the impact of digital technologies on children's daily lives and their ability to exercise these rights. This article reviews national and international standards for the processing of children's personal data to identify the expected risks and challenges. See in ...
2024-11-05
Journal №1 (2024)
The cross-border transfer of personal data presents a complex challenge in both Georgian and international contexts. Notably, within the framework of international cooperation, substantial amounts of personal data are exchanged across various sectors. This reality necessitates effective regulation to ensure the protection of data subjects' rights. The article aims to explore the legal frameworks governing these transfers, focusing on both international standards and Georgia's national regulations. See in ...
2024-11-05
Legal Regulation of International Transfer of Personal Data (International and National Standards)
∘ Nino Tsagareishvili ∘
Abstract
The cross-border transfer of personal data presents a complex challenge in both Georgian and international contexts. Notably, within the framework of international cooperation, substantial amounts of personal data are exchanged across various sectors. This reality necessitates effective regulation to ensure the protection of data subjects' rights. The article aims to explore the legal frameworks governing these transfers, focusing on both international standards and Georgia's national regulations. See in ...
2024-11-05
Journal №1 (2024)
The inviolability of the private life of a child in conflict with the law presents a challenging issue, making it crucial to balance the legitimate objectives established by law. The state bears a number of obligations to provide sufficient guarantees for the protection of children's rights. In this regard, the provisions of the Juvenile Justice Code and the Law of Georgia “On Personal Data Protection” are particularly noteworthy. These laws emphasize the importance of shielding children in conflict with the law from stigmatization and ensuring their smooth reintegration into society. Achieving these goals requires the implementation of complex, practical measures that safeguard their rights while adhering to data protection standards. See in ...
2024-11-05
Inviolability of the Private Life of a Child in Conflict with the Law and the Protection of Their Personal Data
∘ Davit Kantaria ∘
Abstract
The inviolability of the private life of a child in conflict with the law presents a challenging issue, making it crucial to balance the legitimate objectives established by law. The state bears a number of obligations to provide sufficient guarantees for the protection of children's rights. In this regard, the provisions of the Juvenile Justice Code and the Law of Georgia “On Personal Data Protection” are particularly noteworthy. These laws emphasize the importance of shielding children in conflict with the law from stigmatization and ensuring their smooth reintegration into society. Achieving these goals requires the implementation of complex, practical measures that safeguard their rights while adhering to data protection standards. See in ...
2024-11-05
Journal №1 (2024)
The article examines the legality and oversight of personal data processing in the context of covert investigative activities, with a focus on evaluating the effectiveness and alignment of the current control mechanisms with international standards. Specifically, the article assesses the mandate and authority of the Personal Data Protection Service (hereafter - PDPS) in supervising and regulating such activities. This issue has gained particular significance following the enactment of Georgia's new law “On Personal Data Protection," which granted the PDPS the authority to assess the legality of data processing classified as a state secret. See in ...
2024-11-05
Supervision and Control of Covert Investigative Actions by the Personal Data Protection Service of Georgia
∘ Luka Pavlenishvili ∘
Abstract
The article examines the legality and oversight of personal data processing in the context of covert investigative activities, with a focus on evaluating the effectiveness and alignment of the current control mechanisms with international standards. Specifically, the article assesses the mandate and authority of the Personal Data Protection Service (hereafter - PDPS) in supervising and regulating such activities. This issue has gained particular significance following the enactment of Georgia's new law “On Personal Data Protection," which granted the PDPS the authority to assess the legality of data processing classified as a state secret. See in ...
2024-11-05
Journal №1 (2024)
In light of the development of modern trade relations, the refinement of trade relations has become an urgent necessity. This refinement is inconceivable without the implementation of high standards for consumer rights protection, a process that involves identifying the need for the processing of consumers' personal data. Such processing serves as the basis for both marketing activities and the establishment of rights and obligations outlined in consumer contracts. It is noteworthy that the state has enacted two new special laws aligned with European directives in both of these fields: the Law of Georgia “On the Protection of Consumer Rights” dated June 1, 2022, and the Law of Georgia “On Personal Data Protection” dated June 14, 2023. This article will examine the legal guarantees governing consumer relations established by the Law of Georgia “On Protection of Consumer Rights” and the Law of Georgia “On Personal Data Protection,” along ...
2024-11-05
Protection of Personal Data in Consumer Relations (Review of International and National Standards)
∘ Mariam Shaishmelashvili ∘
Abstract
In light of the development of modern trade relations, the refinement of trade relations has become an urgent necessity. This refinement is inconceivable without the implementation of high standards for consumer rights protection, a process that involves identifying the need for the processing of consumers' personal data. Such processing serves as the basis for both marketing activities and the establishment of rights and obligations outlined in consumer contracts. It is noteworthy that the state has enacted two new special laws aligned with European directives in both of these fields: the Law of Georgia “On the Protection of Consumer Rights” dated June 1, 2022, and the Law of Georgia “On Personal Data Protection” dated June 14, 2023. This article will examine the legal guarantees governing consumer relations established by the Law of Georgia “On Protection of Consumer Rights” and the Law of Georgia “On Personal Data Protection,” along ...
2024-11-05
Journal №1 (2024)
With the General Data Protection Regulation (GDPR), data protection law in the European Union (EU) was regulated in a largely uniform manner. The GDPR replaced the previously applicable Data Protection Directive 95/46/EC with a regulation that is directly applicable in all EU member states. In this way, it creates a uniform level of protection for the right of all EU citizens to the protection of their personal data. See in ...
2024-11-05
The New Data Protection Law in Georgia - A Brief Outline
∘ Norbert Bernsdorff ∘
Abstract
With the General Data Protection Regulation (GDPR), data protection law in the European Union (EU) was regulated in a largely uniform manner. The GDPR replaced the previously applicable Data Protection Directive 95/46/EC with a regulation that is directly applicable in all EU member states. In this way, it creates a uniform level of protection for the right of all EU citizens to the protection of their personal data. See in ...
2024-11-05
|
Contact Us  7, Vachnadze Str. 0105, Tbilisi, Georgia 2421000 office@pdps.ge
|
Social Network 
 
|