Reflections Upon the Interaction between Domestic and European Personal Data Protection Legislation

Problem setting. In order to build an innovative society, it is necessary to develop legal norms and regulators aimed at protecting privacy and controlling personal data. In addition, the need to ensure effective and reliable protection of personal data in the conditions of rapid technological development, globalization and the growing threat of cybercrime is becoming more urgent. The need for the development of legal norms, the introduction of innovative technologies and the raising of public awareness become important tasks for ensuring privacy and protection of personal data. The study also aims to identify and analyze the main challenges facing the field of personal data protection, such as cybercrime, hacker attacks, globalization and cross borders. Legal norms and regulations aimed at protecting privacy are also analyzed, as well as the potential opportunities of new technologies that can increase the level of protection of personal data. Аnalysis of recent researches and publications. The problems of legal protection of personal data have recently become the subject of research by an increasing number of scientists, both lawyers and representatives of other fields of knowledge. In particular, such scientists as: S. Hlibko, T. Egorova-Lutchenko, K. Yefremova, O. Korvat, V. Kokhan, M. Haustova devote their attention to the study of these issues. etc. Purpose of the research is to develop possible ways of legal protection of personal data in view of today’s challenges related to this issue. The article aims to consider the development of technologies and the growth of the volume of personal data as the main factors affecting the need for effective protection of privacy and security of this data. The article is aimed at expanding the understanding of the problem and providing recommendations for improving the protection of privacy and security of personal data in the future. article’s main body. According to the preamble to the Agreement between Ukraine and the European Union on the participation of Ukraine in the European Union program “Digital Europe” (2021-2027), the important supporting role of digital infrastructure, including in the field of cyber security, is recognized to ensure inextricably linked transformation processes and digital leadership of the European Union. The purpose of concluding the Agreement is to establish mutually beneficial cooperation in order to strengthen and support the deployment of reliable and secure digital capabilities in the Union in the field, including cyber security. It is recognized that mutual participation in each other’s programs for the implementation of digital technologies should ensure mutual benefits for the Parties, while observing a high level of data protection, digital rights, etc. In accordance with paragraph 12 of Article 2 of Annex III to the Agreement, the exchange of information between the European Commission or OLAF and the competent state authorities of Ukraine must take place with due consideration of confidentiality requirements. Personal data included in the exchange of information must be transferred in accordance with the current legal norms on data protection of the Party making the transfer. According to paragraph 49 of the preamble of Regulation (EU) 2021/694 of the European Parliament and of the Council of April 29, 2021 on the establishment of the Digital Europe Program, digital transformation should allow citizens to access, use and securely manage their personal data across borders, regardless of their location or data location. According to point 60 of the preamble, by providing a single set of rules that are directly applicable in the legal systems of the Member States, Regulation (EU) 2016/679 guarantees the free flow of personal data between Member States and strengthens the trust and security of individuals, two indispensable elements of a true Digital Single Market . All actions taken within the framework of the Program, which involve the processing of personal data, must contribute to the smooth implementation of this Regulation, for example, in the field of artificial intelligence and distributed ledger technologies (for example, blockchain). These actions should support the development of digital technologies that meet data protection obligations both by design and by default. In addition, according to paragraph 69 of the preamble, this Regulation respects fundamental rights and adheres to the principles recognized in the Charter of Fundamental Rights of the European Union, in particular regarding the protection of personal data, etc. In the Charter of Fundamental Rights of the European Union (2016/C 202/02) dated June 7, 2016, Chapter II “Freedoms” contains Article 8, which is entitled “Protection of personal data”, according to which it is assumed that everyone has the right to the protection of personal data data concerning him. Such data must be processed fairly for specific purposes and on the basis of the consent of the person concerned or on another legal basis established by law. Everyone has the right to access the data that has been collected about him and the right to correct it. Compliance with these rules is subject to control by an independent body. In addition, Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data establishes rules relating to the protection of natural persons with regard to the processing of personal data, as well as rules, relating to the free movement of personal data, and protects the fundamental rights and freedoms of natural persons and, in particular, their right to protection of personal data. Today in Ukraine, the main legislative act in this area is the Law of June 1, 2010 No. 2997-VI “On the Protection of Personal Data”. Article 11 of the Law of Ukraine “On Information” specifies what information about a natural person (personal data) is. In turn, the legal and organizational bases for ensuring the protection of the vital interests of a person and citizen, society and the state, national interests of Ukraine in cyberspace, the main goals, directions and principles of state policy in the field of cyber security, the powers of state bodies, enterprises, institutions, organizations, individuals and citizens in this area, the basic principles of coordination of their cyber security activities are defined in the Law of Ukraine “On Basic Principles of Cyber Security of Ukraine”. In addition, relations in the field of information protection in information, electronic communication and information and communication systems are regulated by the Law of Ukraine “On the Protection of Information in Information and Communication Systems”. In turn, the Concept of the development of e-governance in Ukraine, as well as the Law of Ukraine “On the National Informatization Program” defines e-governance. In addition, in 2021, the Law of Ukraine “On Public Electronic Registers” was adopted, which defines the State electronic platform for maintaining public electronic registers. On April 18, 2023, by a resolution of the Cabinet of Ministers of Ukraine, the Regulation on the information system “Software platform for the deployment and support of state electronic registers” was approved, as well as the Procedure for using the software “Software platform for the deployment and support of state electronic registers”. conclusions and prospects for the development. The protection of digital personal data requires the development of appropriate technical and regulatory tools, as well as judicial practice of prosecution for violations of the order of their use. It is possible to create a database or registry for private electronic/digital platforms, with the help of which or which would control their activities, including regarding the protection of personal data. At the same time, at the regulatory and legal level, it is necessary to provide that a mandatory condition for the creation and functioning of an Internet platform is its registration in such a database / such a register, and a mandatory condition for registration is confirmation of technical capabilities to ensure the protection of personal data of platform users. It is necessary to define at the regulatory level the list and mechanisms of acquisition of digital rights, their implementation, protection, compensation and responsibility for their violation. The protection of personal data should be considered one of the digital rights of a person and a citizen. The development of digitalization in a legal state must inevitably be accompanied by the development of the legal framework, in particular, the emergence, consolidation, definition and protection of digital rights of individuals and legal entities. Digital rights are a multifaceted category, they become connected and interwoven with other rights defined and established in the norms of different branches of law. The multifaceted nature of the “digital rights” category implies the separation and delimitation of various categories of digital rights, their distribution into appropriate types, for example, “personal digital rights”, “financial digital rights”, etc. It should be quite natural to form a separate element in the general system of law, such as digital law, as a set of legal norms regulating social relations related to the circulation of (including personal) data in digital networks.

The article is devoted to the study of the organizational and legal mechanism of personal data protection. The concept of "personal data protection" is developed in detail in domestic jurisprudence. The law regulates legal relations related to the protection and processing of personal data, with the aim of protecting the fundamental rights and freedoms of a person and a citizen, and, first of all, the right to non-interference in personal life, in connection with the processing of personal data. However, the rapid development of information technologies, the digitization of society forces us to improve the organizational and legal mechanism of personal data protection every time, to search for more effective and reliable methods and means of their protection. The actual legal basis for the protection of personal data can be found in the Constitution of Ukraine, the Criminal Code of Ukraine, the Civil Code of Ukraine, the Law of Ukraine "On the Protection of Personal Data", decisions of the Constitutional Court of Ukraine, international legal acts, consent to the mandatory use of which was given by the Verkhovna Rada of Ukraine. It is substantiated that it is the state that acts as the guarantor of the protection of a person's personal data - its task is to create an organizational and legal mechanism that would effectively protect human rights related to personal data, etc. The organizational component of the personal data protection mechanism covers the vertical of state bodies and services, which, in accordance with the powers assigned to them, carry out personal data protection activities. On the basis of the conducted research, we came to the conclusion that the organizational and legal mechanism for the protection of personal data is a set of legal norms and a complex of preventive measures carried out by relevant state bodies and services aimed at protecting personal data, stopping offenses, applying coercion to offenders and restoring violated human rights related to personal data.

(The article is written in Romanian)This article aims to analyze, from two perspectives, the right to the protection of personal data, a right which had maybe the most dynamic evolution in the last three decades on a very narrow niche. Firstly, we will focus on the right’s content by analyzing thoroughly the provisions which enshrine it. Secondly, we are interested to reason whether it is a new fundamental right, distinct from the right to the protection of private life or not. The right to the protection of personal data was born out of the necessity to protect the individual from the avalanche-like development of a computerized human society. Personal data have been legally defined as,any information relating to an identified or identifiable natural person,” covering, therefore, a generous sphere of protection.Because it is a relatively new and less known right, we are interested in describing this generous sphere of protection. We will look upon the first important legal act which regulated distinctly and in detail the right to the protection of personal data – the 108 Convention of the Council of Europe from 1981 for the protection of individuals with regard to automatic processing of personal Data. Further, we will analyze Article 16 of the Treaty of Lisbon which enshrines the right to the protection of personal data. This provision was introduced for the first time in an EU treaty in Article 16, which became the central piece in the protection of personal data in the Member States of the EU. We will analyze the extent in which Article 16 may enjoy direct effect. Further we will concentrate on Article 8 of the Charter of Fundamental Rights of the European Union, which is exclusively dedicated to data protection.In the next section we will analyze the content of this right from the perspective of the provisions of Directive 95/46 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. We will look upon the criteria for making data processing legitimate, the special categories for processing and the scope of the independent supervisory authorities created in all EU Member States.In the last section we will analyze the possibility that the right to the protection of personal data is a new fundamental right from both a formal and a substantial point of view.

The issue of personal data protection has been one of the focal points of attention in recent decades. This is because the protection of personal data is a form of realizing the right to privacy as a fundamental human right. Personal data refers to information about a specific individual’s characteristics that serves as a means of their identification. Personal data protection in Bosnia and Herzegovina is regulated by the Law on Personal Data Protection. This law governs the principles of personal data processing, the obligations of data controllers and processors, the rights of data subjects, as well as sanctions for violations of the law. Since 2016, the protection of personal data in the European Union has been regulated by the General Data Protection Regulation (GDPR), which has significantly improved the system for protecting personal data. A particularly significant category of personal data is personal health data, which includes identification and identifying information about an individual’s health and medical condition, their medical diagnosis, prognosis, and treatment, as well as information about substances that can identify that individual. Data related to an individual’s health is a crucial and potentially vulnerable aspect of their life. These are the most intimate data about an individual, the unauthorized and unjustified disclosure of which can subject them to shame, ridicule, and stigmatization, causing them significant, primarily non-material, harm. Misuse of patient information not only violates their privacy but also undermines their dignity. Therefore, personal health data can only be processed for health-related purposes, i.e., for the benefit of the individual and society as a whole. Laws regulating patients’ rights in the Federation of Bosnia and Herzegovina (the Law on Healthcare and the Law on the Rights, Obligations, and Responsibilities of Patients) guarantee patients the right to confidentiality of information and privacy, the right to data secrecy, and the right to access their medical records. The provisions of these laws significantly meet the standards for the protection of personal health data. However, in order to improve the situation in this area, there is a need to harmonize the provisions of the general data protection law, which is subsidiarily applied in the protection of personal health data, with the provisions of the General Data Protection Regulation.

La actividad cotidiana de cualquier persona deja hoy “rastro digital”. Esto obliga a plantear: ?Que ocurre con nuestro “rastro digital” cuando morimos? ?Puede la persona prever algo al respecto? El hecho de que en el “rastro digital” puedan verse involucrados tanto aspectos de caracter neta­mente personal como patrimonial, determina que la aproximacion al “rastro digital” dejado por la per­sona al fallecer pueda hacerse: o bien desde una perspectiva eminentemente patrimonial-sucesoria, de la gestion y/o el destino del patrimonio digital; o bien desde una perspectiva eminentemente personal, de la proteccion post mortem de la intimidad/privacidad y/o de los datos personales tanto del fallecido como de terceros. Este doble enfoque se refleja en la practica y tambien en la legislacion comparada, europea y norteamericana. Mas concretamente, es esta una materia en la que confluyen cuestiones de Derecho de sucesiones, de Derecho contractual y de Derecho de la persona –en particular, relativas a la proteccion de datos personales y a la proteccion de la intimidad/privacidad postuma y de terceros–. Asi, por lo que respecta al punto de vista patrimonial, si bien en principio no es posible hablar de la “heren­cia digital” como algo distinto de la “herencia analogica”, ello no obsta a que deban tenerse en cuenta ciertas especificidades que rodean y/o afectan a ciertos “bienes digitales”, en algun caso tributarias del Derecho de contratos. En este contexto, la persona puede ordenar sus “voluntades digitales”, previendo disposiciones sucesorias (nombrando “sucesores digitales”) y/o no sucesorias (ya sea designando “albacea/s digital/ es” o bien quien va a poder actuar en relacion a la proteccion de sus datos personales y/o al ejercicio de las acciones de proteccion civil del honor, la intimidad o la imagen). Por lo que respecta a la legislacion espanola, la Ley catalana 10/2017, de 27 de junio, de las volun­tades digitales, adopta una perspectiva esencialmente patrimonial, previendo la posibilidad de designar un “albacea digital” para que actue ante los prestadores de servicios digitales con los que el causante tenga cuentas activas. El hecho de que la norma catalana se muestre plenamente respetuosa con el con­tenido del contrato suscrito entre el usuario fallecido y el prestador de servicios contrasta con las solu­ciones adoptadas al respecto en otros ordenamientos. Por otra parte, la regla por defecto de no acceso al “contenido” de las cuentas y archivos digitales, salvo que el causante lo haya establecido o se obtenga autorizacion judicial, aproxima la Ley catalana a lo previsto en otros sistemas. En la Ley Organica 3/2018, de 5 de diciembre, de Proteccion de Datos Personales y garantia de los derechos digitales, confluyen tanto el enfoque personal –de la proteccion de datos de las personas fallecidas–, como el patrimonial –relativo a los “contenidos digitales”– (en el mal llamado “testamento digital”). Esta ley parte de la regla de acceso por defecto a los contenidos digitales o a los datos perso­nales del fallecido, y establece una legitimacion muy amplia en cuanto a facultades y demasiado extensa en cuanto a personas legitimadas, sin establecer prelacion alguna entre ellas. Esto, que puede generar problemas en la practica, contrasta con lo previsto en la Ley catalana y en otras legislaciones de nuestro entorno. La Ley Organica 3/2018 se revela, asi, mas como una ley de desproteccion de datos y de con­tenidos digitales, que no de proteccion de los mismos.

Privacy as a legal concept is an unavoidable part of a modern democratic society and is recognized as one of the fundamental human rights of every citizen. The right to privacy and the protection of personal data are guaranteed by international human rights documents. In librarianship, the right to privacy and protection of personal data is also guaranteed in the documents of international library associations, which clearly emphasize that librarians are obliged in their work to protect the privacy and personal data of their users. Privacy and personal data are increasingly difficult to protect today, as access to data is simpler and easier due to the use of different and new information technologies, electronic communication, social networks, electronic databases, etc. Personal rights are guaranteed by international documents on protection of personal data and protected by national personal data protection laws. The main objectives of the paper are: to problematize the definition of the concept of privacy from several perspectives; problematize the importance of the right to privacy and protection of personal data in the context of the library profession; provide an overview of significant international documents in the field of human rights which also guarantee the right to privacy and protection of personal data; make a review of important international documents guaranteeing the right to protection and confidentiality of personal data; and finally, the paper will provide an overview of documents of international library associations that in their texts indicate the importance of privacy and protection of personal data in the library business.

The process of legislative settlement of issues related to the protection of personal data began in the European Union (EU) with the entry into force of Directive 95/46/EC of the European Parliament and of the Council on the protection of individuals regarding the processing of personal data and on the free movement of such data (Directive). After adoption the Charter of Fundamental Rights of the European Union (2000), which Article 8 defined the protection of personal data as a human right, establishment of the sufficient principles in the Lisbon Treaty (2009), there were amended two key EU acts: the Treaty on EU and the Treaty establishing the European Community. As a result, everyone in the EU was guaranteed the right to protect their personal data. In 2016 the EU adopted Regulation 2016/679/EC of the European Parliament and of the Council on the protection of natural persons regarding the processing of personal data and on the free movement of such data (Regulation), which radically updated the methods of collecting and processing personal data, and not only in the EU. As a result, to comply with its requirements, both EU-based companies and those operating in the EU or working with consumers from the EU market were forced to update their privacy/personal data policies. In turn, in Ukraine, significant progress in the development of legal regulation of personal data protection occurred later. As of 2010, public relations regarding collection, storage, use and dissemination of information about a person were regulated by more than two dozen uncoordinated laws and secondary legislation. To specify and define the mechanisms for implementing the provisions of Article 32, Constitution of Ukraine, which proclaimed the right of a person to non–interference in its personal life and established a ban on the collection, storage, use and dissemination of confidential information about a person without its consent, the Verkhovna Rada of Ukraine in 2010 adopted the law of Ukraine “On Personal Data Protection”. Having played a vital role in the legislative codification of the rules for processing personal data, the law, like the Directive, failed to respond to technological changes and the processes caused by this in society, despite numerous amendments made by MPs. Since the Association Agreement between EU and Ukraine came into power, there is noticeable arising necessity to harmonize the Ukrainian legislative framework with EU, as though contexts of adoption of the Regulation and the Law are different, so are the ways of resolving personal protection issues in Ukraine and the EU. Therefore, it is necessary to establish the new legislative amendments, the degree of compliance of personal data protection standards in Ukraine with the relevant standards in the EU. In this paper, as an outcome of estimations of relevant international research, further analytical and comparative analyses, there are some proposals to future institutional features of such modernization, affecting such issues as: clarification regarding material effects in order to limit legal regulation and avoid excessive legal burden on individuals, as well as in some cases on state authorities; providing new definitions of concepts that are not yet available in domestic regulation; establishment of fundamental guidelines for the processing of personal data in accordance with international standards; fostering more sustainable standards for the processing of sensitive personal data; in-depth structuring the issue of processing personal data for a different purpose than the one for which they were collected; regulating the implementation of the rights of personal data subjects, in particular, the right to information, the right to access, the right to correct personal data, the right to be forgotten, the right to personal data mobility, the right to restrict the processing of personal data, the right to protection from automated decision-making, the right of the data subject to protection of their rights and compensation for damage; clarifications regarding the definitions of the duties and responsibilities of the personal data controllers and operator; sustainable regulations concerning the issue of cross-border transfer of personal data.

This chapter looks at the provisions of Article 28 of Directive 2019/790, the European copyright directive in the Digital Single Market. It outlines the processing of personal data that is carried out within the framework of Directive 2019/790 and in compliance with Directive 2002/58/EC and Regulation (EU) 2016/679. It also demonstrates the processing of personal data that should respect fundamental rights, including the right to the protection of personal data. The chapter clarifies that the processing of personal data must be done in respect of the fundamental rights to private and family life and protection of personal data set out in Articles 7 and 8 of the EU Charter of Fundamental Rights. It discusses the protection of personal data pursuant to ePrivacy Directive 2002/58 and General Data Protection Regulation 2016/679.

The different approaches going near definitions «the personal data» and «personal data of worker», that is used in scientific researches, international law and Ukrainian legislation is studied in the article. It is found out, that in the current legislation the concept «the personal data of worker» and «protection of the personal data of worker» are absent, the same as norms that guarantee the protection of the marked data. As a result of the analysis, it was concluded that the employee’s personal data should be understood as any information related to a specific natural person working on the basis of an employment contract, and provided personally by such a person to the employer or collected by the latter in accordance with the law. The employee’s personal data should include information about the age, date and place of birth, citizenship, registration number of the taxpayer’s registration card, information on employment, health, level of education, proficiency in Ukrainian and foreign languages, marital status. And this list is not exhaustive. Attention is paid to the fact that the employee’s consent is the legal basis for providing the employer with and further processing of personal data. However, we note that this rule does not apply to labor relations. Every employer is forced to process the personal data of all its employees, because without this information, it will not be able to fulfill its obligations under the employment contract. At the same time, it should be borne in mind that the employer could process the employee’s personal data only in case of actual necessity and in the presence of legal grounds.It was emphasized that after the adoption by the European Parliament of the new Regulation on the protection of personal data (GDPR), the issue of compliance of the Ukrainian personal data protection system with EU standards has become even more urgent, since branches/representative offices of Ukrainian organizations/enterprises on the territory of the EU will need to be rebuilt in order to meet the new requirements work on the protection of personal data as well as make corrections. Therefore, after the entry into force of the Regulation, many companies faced with the problem of adapting the privacy policy to the provisions of this document. Unfortunately, the current Ukrainian legislation on personal data is outdated and inhibits, it creates obstacles in the implementation of innovative solutions both in the private (IT sector development) and in the public sphere (electronic democracy, digitization of administrative services, etc.).It was concluded that in the conditions of digitalization, it became necessary to systematize and codify national legislation in accordance with the norms of European legislation and to develop a single regulatory legal act that would regulate the collection, processing, and protection of personal data of employees at the legislative level.

1 Legislative Powers and Normative Instruments I. INTRODUCTION II. LEGISLATIVE POWERS AND NORMATIVE INSTRUMENTS UNDER THE CURRENT TREATIES III. SIMPLIFICATION OF THE UNION'S NORMATIVE INSTRUMENTS AND THE TRANSFORMATION OF EUROPEAN ADMINISTRATIVE LAW IV. NEW NORMATIVE INSTRUMENTS UNDER THE CONSTITUTIONAL TREATY 1. Legislative Level: European Law and Framework Law 2. Delegated European Regulations (a) On Requirements and Limits (b) Mechanisms of Control 3. Implementing Acts (a) Areas where Implementing Acts might be Used (b) The Form and Mechanism for the Control of Implementing Acts V. A THIRD TYPE OF EUROPEAN REGULATION 1. Competition Policy 2. State Aids 3. Economic and Monetary Policy 4. Area of Freedom, Security and Justice VI. THE CHOICE BETWEEN PRIMARY LAW AND SECONDARY LAW: CONSEQUENCES 2 Implications of a Binding European Charter of Fundamental Rights for the Individual Decisions Made by the European Public Administration I. INTRODUCTION II. THE RIGHT TO GOOD ADMINISTRATION 1. Origin of the Right to Good Administration in Community Law 2. Content of the Right to Good Administration 3. Implications of a Binding Right to Good Administration for the Community Administration III. THE RIGHT OF ACCESS TO DOCUMENTS 1. Origin of the Right of Access to Documents 2. The Current Meaning of the Right of Access to Documents (a) Which Bodies are under an Obligation to Provide Access to their Documents? (b) Who Can Access Institutions' and Bodies'Documents? (c) Judicial Protection of the Right of Access to Documents 3. Implications of a Binding European Charter of Fundamental Rights for the Right of Access to Documents IV. THE RIGHT TO PROTECTION OF PERSONAL DATA 1. Its Origins in EU Law 2. Scope of the Right to Protection of Personal Data (a) The Rundfunk Case (b) The Lundqvist Case (c) The PNR Case 3. Personal Data Protection in the Charter and in the Constitutional Treaty (a) Introduction (b) Implications 3 The Impact of the Charter of Fundamental Rights on Decisions Adopted by Member States I. FUNDAMENTAL RIGHTS OF THE UNION AND MEMBER STATES: WHAT DOES 'IMPLEMENT'MEAN? 1. General Considerations: The Relevance of the Topic 2. Subjecting National Administration to the Fundamental Rights of the Union (a) Case Law on the Application of Fundamental Rights of the Union to Member States (b) The Formula in Article 51 (1) of the Charter: Subjecting Member States to Community Fundamental Rights 'only when they are implementing Union law' 3. A Theory of the Concept of Implementing EU Law from the Perspective of the Protection of Fundamental Rights against the Acts of Member States II. THE RIGHTS TO GOOD ADMINISTRATION,ACCESS TO DOCUMENTS AND PROTECTION OF PERSONAL DATA: EFFECTS OF RECOGNITION IN NATIONAL LEGAL SYSTEMS 1. A Preliminary Question 2. The Field of Application of the Right to Protection of Personal Data, Access to Documents and Good Administration (a) The Right to Good Administration (b) The Right of Access to Documents (c) The Right to Protection of Personal Data III. FUNDAMENTAL RIGHTS OF THE EUROPEAN UNION AND MEMBER STATES: THE CASE OF STRUCTURAL FUNDS IV. CONCLUSION 4 Towards a Law on Administrative Procedure I. AN OLD ISSUE REVISITED:WHY NOW A EUROPEAN LAW ON A COMMON ADMINISTRATIVE PROCEDURE? 1. General Considerations 2. A Public Administration without a Law of Administrative Procedure (a) Separated Procedural Norms in Primary and Secondary Law (b) Shaping of the General Principles of Administrative Procedure by the Court of Justice 3. New Arguments for the Creation of a Law on Administrative Procedure II. CODIFYING EUROPEAN ADMINISTRATIVE PROCEDURE 1. Legal Foundation (a) Formal Basis: Article III-398 of the Treaty establishing a Constitution for Europe (b) Substantive Basis: The Right to Good Administration as a Binding Fundamental Right and the Principles of Democracy and Legality 2. Content: Putting the Individual at the Centre of Procedure (a) Prior Considerations: A Law of General Principles or a Law of Particulars? A Law on European Administrative Procedure or a Law of European Administrative Procedures? (b) General Considerations regarding the Content of the Law on European Administrative Procedure (c) The Development and Guarantee of the Rights of the Parties in Procedure (d) The Rise of Transparency, Impartiality, Equality and Legal Certainty (e) The Strengthening of Participation Rights: Towards a More Democratic and Open European Administration III. CONCLUSION 5 Judicial Protection I. INTRODUCTION II. THE RULE OF STANDING AND THE RIGHT TO EFFECTIVE JUDICIAL PROTECTION 1. Brief Description of the Current Rule of Standing found in Article 230(4) of the EC 2. UPA and Jego-Quere Cases and the Gaps in Judicial Protection in the Union 3. Modifications to the Rule of Standing of Private Parties Introduced by the Constitutional Treaty 4. Modificatio

The Quest for Information Privacy in Africa

The article analyzes the peculiarities of the development of legal regulation of personal data protection in the EU countries and Ukraine. It analyzes how the European legislator's approach to personal data protection has changed. The need for changes was due to the development of information technologies and, as a result, increased risk of their use to interfere in private life. As a result, European legislation on personal data protection has been strengthened, which has become particularly noticeable after the adoption of the General Data Protection Regulation (hereinafter - GDPR). Special attention is paid to the principles of lawful, fair and transparent processing of personal data concerning: limiting the target; data minimization; accurate and up-to-date processing; limiting the storage of personal data in a form that allows identification; confidentiality and security of data storage; accountability and responsibility. The current Ukrainian legislation on personal data protection is analyzed. Finally, the correlation between the categories "right to privacy" and "personal data protection" was studied.

The article analyzes a number of international normative legal acts and normative legal acts of the legislation of Ukraine in the field of personal data protection, their main content is analyzed. It was determined that the protection of personal data is inextricably linked to the protection of human and citizen rights and freedoms. In various international documents, the concept of «personal data» is defined almost identically, that is, information about an identified natural person or a person who can be identified. For many years, regulatory and legal work has been carried out aimed at creating an effective mechanism of regulatory and legal regulation of relations in the field of personal data protection both in the countries of the European Union and in Ukraine. If at the European level, issues of personal data protection were legislated in 1981 in Convention 108 of the Council of Europe on the Protection of Individuals with regard to Automated Processing of Personal Data, then in Ukraine the legal institution of personal data protection appeared in 2011 with adoption of the Law of Ukraine «On Personal Data Protection». Any actions with personal data are called their processing. During the processing of personal data, the law obliges to observe the principles enshrined in Art. 5 of Convention 108, Art. 6 Directive 95/46/EU, Art. 5 of Regulation 2016/679 and Art. 6 of the Law of Ukraine «On Personal Data Protection». For more effective protection of personal data, supervisory bodies have been established in the countries of the European Union and in Ukraine. Regarding the protection of personal data in the conditions of martial law in Ukraine, regulatory and legal acts have been adopted with the aim of ensuring the lives of citizens. It is noted that violation of the legislation on the protection of personal data entails responsibility in the form of sanctions, fines, administrative and criminal liability. Establishing responsibility for violations of this legislation at the legislative level is aimed at guaranteeing compliance with its provisions and creating an effective mechanism for the protection of personal data in practice.

-

Unlike conventional methods and technologies of collecting, processing and analysing the personal data of natural persons as part of law enforcement activities, the broader use of different artificial intelligence methods brings into focus the need for specific rules regulating the application of various artificial intelligence methods to protect two independent fundamental rights as regulated by EU Charter of Fundamental Rights, Art. 7 and 8 – data protection and privacy. Privacy, the protection of personal data and the security of their processing and transmission within law enforcement activities, whether it is non-automated, partially or fully automated, is prescribed by Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and the free movement of such data. When considering personal data protection in the context of Directive 2016/680 it is referred to the protection of information on the confirmed identity of a natural person (data protection) and the protection of all information by which identity can be confirmed (privacy). Thus, this information should not be part of the defined personal data category, and all methods and technologies that can be used for direct and indirect confirmation of the identity of a natural person should be taken into account. The paper aims to determine whether there is relationship between privacy and security and whether there are differences in the personal data collection, processing and analysis methods by law enforcement authorities, when used methods are conventional or artificial intelligence. The first hypothesis emphasises causality between privacy and security when collecting, processing and analysing their personal data by conventional methods and artificial intelligence methods for law enforcement purposes. The second hypothesis implies a statistically significant difference in making personal data available to law-enforcement bodies in cases they are collected, processed and analysed by conventional methods and in cases they are collected, processed or analysed by artificial intelligence methods. The methods used are: descriptive method for describing the process of collecting, processing and analysing personal data in law enforcement activities, as well as for describing the differences between conventional and artificial intelligence methods and evaluating hypotheses; induction for creating hypothesis; deduction for observing specific relations; content analysis and synthesis in the evaluation phase; survey method; statistical and comparative method in the testing phase and for determining the compliance with the hypotheses.