The Principle of Purpose Limitation in Data Protection Laws
The Risk-based Approach, Principles, and Private Standards as Elements for Regulating Innovation
Zusammenfassung
Die Arbeit untersucht das datenschutzrechtliche Zweckbindungsprinzip aus der Perspektive der rechtswissenschaftlichen Innovationsforschung. Danach schützt das Zweckbindungsprinzip nicht nur die Autonomie der Betroffenen, sondern lässt zugleich den Verarbeitern ausreichend Spielraum, um im Rahmen ihrer Innovationsprozesse den Schutz optimal umzusetzen. In diesem Sinne stellt sich die Pflicht des Verarbeiters, die Zwecke der Verarbeitung zu spezifizieren, als ein Instrument des Vorsorgeschutzes dar. Es zielt darauf ab, spezifische Risiken, die sich aus der Datenverarbeitung für die Grundrechtsausübung des Betroffenen ergeben, frühzeitig zu erkennen. Demgegenüber zielt das Erfordernis, dass die spätere Verarbeitung nicht unvereinbar mit der ursprünglichen Zweckangabe sein darf, auf eine Kontrolle der zusätzlichen Risiken, die sich aus der späteren Verarbeitung ergeben. Dieser Interpretationsansatz zeigt eine Möglichkeit auf, wie nicht nur die Betroffenen effektiv vor den Risiken der Datenverarbeitung geschützt, sondern auch die Verarbeiter befähigt werden können, die Einhaltung der rechtlichen Vorschriften als innovationsfördernden Wettbewerbsvorteil zu nutzen.
Abstract
Die Arbeit untersucht das datenschutzrechtliche Zweckbindungsprinzip aus der Perspektive der rechtswissenschaftlichen Innovationsforschung. Danach schützt das Zweckbindungsprinzip nicht nur die Autonomie der Betroffenen, sondern lässt zugleich den Verarbeitern ausreichend Spielraum, um im Rahmen ihrer Innovationsprozesse den Schutz optimal umzusetzen. In diesem Sinne stellt sich die Pflicht des Verarbeiters, die Zwecke der Verarbeitung zu spezifizieren, als ein Instrument des Vorsorgeschutzes dar. Es zielt darauf ab, spezifische Risiken, die sich aus der Datenverarbeitung für die Grundrechtsausübung des Betroffenen ergeben, frühzeitig zu erkennen. Demgegenüber zielt das Erfordernis, dass die spätere Verarbeitung nicht unvereinbar mit der ursprünglichen Zweckangabe sein darf, auf eine Kontrolle der zusätzlichen Risiken, die sich aus der späteren Verarbeitung ergeben. Dieser Interpretationsansatz zeigt eine Möglichkeit auf, wie nicht nur die Betroffenen effektiv vor den Risiken der Datenverarbeitung geschützt, sondern auch die Verarbeiter befähigt werden können, die Einhaltung der rechtlichen Vorschriften als innovationsfördernden Wettbewerbsvorteil zu nutzen.
- Kapitel Ausklappen | EinklappenSeiten
- 31–60 A. Introduction 31–60
- 655–676 Bibliography 655–676
- Acquisti, Alessandro / Grossklags, Jens: What Can Behavioral Economics Teach Us about Privacy?, in: Sabrina De Capitani di Vimercati / Stefanos Gritzalis / Costas Lambrinoudakis / Alessandro Acquisti (eds.), Digital Privacy – Theory, Technologies, and Practices, New York i.a.: Auerbach, 2008, pp. 363–377, quoted as: Acquisti and Grossklags, What Can Behavioral Economics Teach Us about Privacy?, p.
- Albers, Marion: Informationelle Selbstbestimmung, Baden-Baden: Nomos, 2005, quoted as: Albers, Informational Self-Determination, p. doi.org/10.5771/9783845258638
- Id.: § 22 – Umgang mit personenbezogenen Informationen und Daten, in: Wolfgang Hoffmann-Riem / Eberhard Schmidt-Aßmann / Andreas Voßkuhle (eds.), Grundlagen des Verwaltungsrechts, Band 2 – „Informationsordnung, Verwaltungsverfahren, Handlungsformen“, 2nd edition, München: C.H. Beck, 2012, quoted as: Albers, Treatment of Personal Information and Data, cip.
- Alvarez, Sharon / Barney, Jay B.: Discovery and Creation: Alternative Theories of Entrepreneurial Action, in: Strategic Entrepreneurship Journal 1 (1-2) (2007), pp. 11–26, quoted as: Alvarez and Barney, Discovery and Creation: Alternative Theories of Entrepreneurial Action, p.
- Appel, Ivo: Aufgaben und Verfahren der Innovationsfolgenabschätzung, in: Innovation und Recht III – Innovationsverantwortung, Berlin: Duncker & Humblot, 2009, pp. 147–181, quoted as: Appel, Tasks and Procedures of the Innovation Impact Assessment, p.
- Article 29 Data Protection Working Party (set up under Article 29 of Directive 95/46/EC): Statement on the role of a risk-based approach in data protection legal frameworks, 30 May 2014, 14/EN, WP 218, URL: http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2014/wp218_en.pdf, quoted as: Article 29 Data Protection Group, Statement on the role of a risk-based approach in data protection legal frameworks, p.
- Id.: Opinion 03/0213 on purpose limitation, 2 April 2013, 00569/13/EN, WP 203, URL: http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2013/wp203_en.pdf, quoted as: Article 29 Data Protection Working Group, Opinion 03/0213 on purpose limitation, p.
- Id.: Opinion 4/2007 on the concept of personal data, 20 June 2007, 01248/07/EN, WP 136, URL: http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2007/wp136_en.pdf, quoted as: Article 29 Data Protection Working Group, Opinion 4/2007 on the concept of personal data, p.
- Id.: Opinion 05/2014 on Anonymisation Techniques, 10 April 2014, 0829/14/EN WP216, URL: http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2014/wp216_en.pdf, quoted as: Article 29 Data Protection Working Group, Opinion 05/2014 on Anonymisation Techniques, p.
- Id.: Opinion 15/2011 on the definition of consent, 13 July 2011, 01197/11/EN, WP187, URL: http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2011/wp187_en.pdf, quoted as: Article 29 Data Protection Working Group, Opinion 15/2011 on the definition of consent, p.
- Id.: Opinion 06/2014 on the notion of legitimate interests of the data controller under Article 7 of Directive 95/46/EC, 9 April 2014, 844/14/EN, WP 217, URL: http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2014/wp217_en.pdf, quoted as: Article 29 Data Protection Working Group, Opinion 06/2014 on the notion of legitimate interests of the data controller under Article 7 of Directive 95/46/EC, p.
- Id.: Opinion 3/2010 on the principle of accountability, 13 July 2010, 00062/10/EN, WP 173, URL: http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2010/wp173_en.pdf, quoted as: Article 29 Data Protection Working Group, Opinion 3/2010 on the principle of accountability, p.
- Balboni, Paolo / Cooper, Daniel / Imperiali, Rosario / Macenaite, Milda: Legitimate interest of the data controller New data protection paradigm: legitimacy grounded on appropriate protection, in: International Data Privacy Law 3 (4) (2013), pp. 244–261, quoted as: Balboni et al., Legitimate interest of the data controller New data protection paradigm: legitimacy grounded on appropriate protection, p.
- Baldwin, Robert / Cave, Martin / Lodge, Martin: Understanding Regulation – Theory, Strategy and Practice, 2nd edition, Oxford: Oxford University Press, 2013, quoted as: Baldwin and Cave, Understanding Regulation – Theory, Strategy and Practice, p.
- Baxter, Pamela / Jack, Susan: Qualitative Case Study Methodology: Study Design and Implementation for Novice Researchers, in: The Qualitative Report 13 (4) (2008), pp. 544–559, quoted as: Baxter and Jack, Qualitative Case Study Methodology: Study Design and Implementation for Novice Researchers, p.
- Bäcker, Matthias: Grundrechtlicher Informationsschutz gegen Private, in: Der Staat 51 (1) (2012), pp. 91–116, quoted as: Bäcker, Constitutional Protection of Information regarding Private Parties, p.
- Bechler, Lars: Informationseingriffe durch intransparenten Umgang mit personenbezogenen Daten, Halle an der Saale: Universitätsverlag Halle-Wittenberg, 2010, quoted as: Bechler, Informational Harm by Intransparent Treatment of Personal Data, p.
- Belli, Luca: A heterostakeholder cooperation for sustainable internet policymaking, in: Internet Policy Review 4 (2) (2015), pp. 1–21, quoted as: Belli, A Heterostakeholder Cooperation for Sustainable Internet Policymaking.
- Bergmann, Dr. Lutz / Möhrle, Roland / Herb, Prof. Dr. Armin: Datenschutzrecht, Loseblattsammlung, 53th edition, Berlin: Boorberg , 2017, quoted as: Bergmann/Möhrle/Herb, BDSG
- Bergt, Matthias: Die Bestimmbarkeit als Grundproblem des Datenschutzrechts – Überblick über den Theorienstreit und Lösungsvorschlag, in: Zeitschrift für Datenschutz 5 (8) (2015), pp. 365–371, quoted as: Bergt, The question on „identifiable persons“ as main problem of data protection, p.
- Bernsdorff, Norbert: Art. 8, in: Jürgen Meyer (ed.), Charta der Grundrechte der Europäischen Union, 3rd edition, Baden-Baden: Nomos, 2011, quoted as: Bernsdorff, European Charter of Fundamental Rights, Art. 8 cip.
- Bethge, Herbert: Grundrechtskollisionen, in: Detlef Merten / Hans-Jürgen Papier (eds.), Handbuch der Grundrechte in Deutschland und Europa – Band III „Allgemeine Lehren II“, Heidelberg: C.F. Müller Verlag, 2009, § 72, quoted as: Bethge, § 72 – Collision of Basic Rights, cip.
- Blank, Steve: Why the Lean Start-Up Changes Everything, Harvard Business Review 2013, URL: https://hbr.org/2013/05/why-the-lean-start-up-changes-everything , quoted as: Blank, Why the Lean Start-up Changes Everything, p.
- Id.: Four Steps to the Epiphany – Successful Strategies for Products that Win, 2nd edition, 2006, URL: http://web.stanford.edu/group/e145/cgi-bin/winter/drupal/upload/handouts/Four_Steps.pdf, quoted as: Blank, Four Steps to Epiphany, p.
- Blind, Knut: The Impact of Standardization and Standards on Innovation, in: Manchester Institute of Innovation Research (ed.), Compendium of Evidence on the Effectiveness of Innovation Policy Intervention, 2013, URL: http://www.innovation-policy.org.uk/compendium/section/Default.aspx?topicid=30, quoted as: Blind, The Impact of Standardization and Standards on Innovation, p.
- Blume, Peter: An alternative model for data protection law: changing the roles of controller and processor, in: International Data Privacy Law 5 (4) (2015), pp. 292–297, quoted as: Blume, An alternative model for data protection law: changing the roles of controller and processor, p.
- Boos, Carina / Kroschwald, Steffen /Wicker, Magda: Datenschutz bei Cloud Computing zwischen TKG, TMG und BDSG – Datenkategorien bei der Nutzung von Cloud-Diensten, in: Zeitschrift für Datenschutz 3 (5) (2013), 205–209, quoted as: Boos et al., Data protection and cloud computing pursuant to the Telecommunication Law, Telemedia Law, and Federal Data Protection Law, p.
- Boyd, Danah / Crawford, Kate: Critical Questions for Big Data, in: Information, Communication and Society 15 (5) (2012), pp. 662–679, quoted as: Boyd and Crawford, Critical Questions For Big Data, p.
- Braithwaite, John / Coglianese, Cary / Levi-Faur, David: Can regulation and governance make a difference?, in: Regulation and Governance 1 (1) (2007), pp. 1–7, quoted as: Braithwaite et al., Can regulation and governance make a difference?, p.
- Britz, Gabriele: Informationelle Selbstbestimmung zwischen rechtswissenschaftlicher Grundsatzkritik und Beharren des Bundesverfassungsgerichts, in: Edmund Brandt / Martin Eifert / Bernd Holznagel i.a. (eds.), Offene Rechtswissenschaft, Tübingen: Mohr Siebeck, 2010, quoted as: Britz, Informational Self-Determination between Legal Doctrine and Constitutional Case Law, p. doi.org/10.5771/9783845226439-63
- Id.: Europäisierung des grundrechtlichen Datenschutzes?, in: Europäische Grundrechte-Zeitschrift 36 (1-4) (2009), pp. 1–11, quoted as: Britz, Europeanisation of Data Protection Provided for by Fundamental Rights?, p.
- Id.: Das Grundrecht auf Datenschutz in Art. 8 der Grundrechtecharta, in: Der Hessische Datenschutzbeauftragte (ed.), Dokumentation der Fachtagung „Datenschutz in Deutschland nach dem Vertrag von Lissabon“ am 9. Dezember 2008, URL: https://www.datenschutz.hessen.de/download.php?download_ID=188, quoted as: Britz, The Fundamental Right to Data Protection in Article 8 ECFR, p.
- Id.: Einzelfallgerechtigkeit versus Generalisierung: Verfassungsrechtliche Grenzen statistischer Diskriminierung, Tübingen: Mohr Siebeck, 2008, quoted as: Britz, Justice in the individual case versus generalization: limits of constitutional law for statistical discrimination, p.
- Brownsword, Roger: Regulating Technologies: Tools, Targets, and Thematics, in: Roger Brownsword / Karen Yeung (eds.), Regulating technologies: legal futures, regulatory frames and technological fixes, Oxford: Hart, 2008, pp. 3-22, quoted as: Brownsword and Yeung, Regulating Technologies: Tools, Targets, and Thematics, p.
- Id.: Consent in Data Protection Law: Privacy, Fair Processing and Confidentiality, in: Serge Gutwirth / Yves Poullet / Paul de Hert / Cecile de Terwangne / Sjaak Nouwt (eds.), Reinventing Data Protection?, New York i.a.: Springer, 2009, pp. 83–110, quoted as: Brownsword, Consent in Data Protection Law: Privacy, Fair Processing and Confidentiality, p. doi.org/10.1007/978-1-4020-9498-9_4
- Buchmann, Erik: Wie kann man Privatheit messen? Privatheitsmaße aus der Wissenschaft, in: Datenschutz und Datensicherheit 39 (8) (2015), pp. 510–514, quoted as: Buchmann, How can privacy be measured?, p.
- Buchner, Benedikt: Informationelle Selbstbestimmung im Privatrecht, Tübingen: Mohr Siebeck, 2006, quoted as: Buchner, Informational self-determination in the private sector, p.
- Burgkardt, Felix: Grundrechtlicher Datenschutz zwischen Grundgesetz und Europarecht, Hamburg: Dr. Kovac, 2013, quoted as: Burgkardt, Data Protection between German Basic Law und Union Law, p.
- Bygrave, Lee A.: Data Privacy Law – An International Perspective, Oxford: Oxford University Press, 2014, quoted as: Bygrave, Data Privacy Law, p. doi.org/10.1093/acprof:oso/9780199675555.003.0006
- Callies, Christian: Schutzpflichten, in: Detlef Merten / Hans-Jürgen Papier (eds.), Handbuch der Grundrechte in Deutschland und Europa – Band II „Grundrechte in Deutschland – Allgemeine Lehren I“, Heidelberg: C. F. Müller, 2006, § 44, quoted as: Callies, Duties of Protection, cip.
- Cate, Fred H. / Cullon, Peter / Mayer-Schönberger, Viktor: Data Protection Principles for the 21st Century – Revising the 1980 OECD Guidelines, Oxford Internet Institute 2014, URL: https://www.oii.ox.ac.uk/archive/downloads/publications/Data_Protection_Principles_for_the_21st_Century.pdf, quoted as: Cate/Cullon/Viktor Mayer-Schönberger, Data Protection Principles for the 21st Century, p.
- Center for Information Policy Leadership: The Role of Risk Management in Data Protection – Paper 2 of the Project on Privacy Risk Framework and Risk-based Approach to Privacy, 2014, URL: https://www.informationpolicycentre.com/files/Uploads/Documents/Centre/The_Role_of_Risk_Management_in_Data_Protection_FINAL_Paper.PDF, quoted as: Center for Information Policy Leadership, The Role of Risk Management in Data Protection – Paper 2 of the Project on Privacy Risk Framework and Risk-based Approach to Privacy, p.
- Christl, Wolfie: Kommerzielle Digitale Überwachung im Alltag, Studie im Auftrag der Bundesarbeitskammer Wien, 2014, URL: http://crackedlabs.org/dl/Studie_Digitale_Ueberwachung.pdf, quoted as: Christl, Commercial Digital Surveillance in Daily Life.
- Costa, Luiz: Privacy and the precautionary principle, in: Computer Law & Security Review 28 (2012), pp. 14–24, quoted as: Costa, Privacy and the precautionary principle, p.
- Custer, Bart / Ursic, Helena: Big data and data reuse: a taxonomy of data reuse for balancing big data benefits and personal data protection, in: International Data Privacy Law 6 (1) (2016), pp. 1–12, quoted as: Custer and Ursic, Big data and data reuse: a taxonomy of data reuse for balancing big data benefits and personal data protection, p.
- Dammann, Ulrich / Simitis, Spiros: EG-Datenschutzrichtlinie, Baden-Baden: Nomos, 1997, quoted as: Dammann/Spirits, EU Data Protection Directive, ‚Chapter’, cip.
- Danwitz, Thomas von: Die Grundrechte auf Achtung der Privatsphäre und auf Schutz personenbezogener Daten – Die jüngere Rechtsprechung des Gerichtshofes der Europäischen Union, in: Datenschutz und Datensicherheit 39 (9) 2015, pp. 581–585, quoted as: v. Danwitz, The Fundamental Rights to Private Life and to data Protection, p.
- De Hert, Paul / Gutwirth, Serge: Data Protection in the Case Law of Strasbourg and Luxemburg: Constitutionalisation in Action, in: Serge Gutwirth / Yves Poullet / Paul de Hert / Cecile de Terwangne / Sjaak Nouwt (eds.), Reinventing Data Protection?, New York i.a.: Springer, 2009, pp. 3–44, quoted as: De Hert and Gutwirth, Data Protection in the Case Law of Strasbourg and Luxemburg: Constitutionalisation in Action, p. doi.org/10.1007/978-1-4020-9498-9_1
- Id.: Privacy, data protection and law enforcement. Opacity of the individual and transparency of power, in: Erik Claes / Antony Duff / Serge Gutwirth (eds.), Privacy and the criminal law, Antwerp/Oxford: Intersentia, 2006, pp. 61–104, quoted as: De Hert and Gutwirth, Privacy, data protection and law enforcement. Opacity of the individual and transparency of power, p.
- Dietlein, Johannes: Die Lehre von den grundrechtlichen Schutzpflichten, Berlin: Duncker & Humblot, 2005, quoted as: Dietlein, The Doctrine of Duties of Protection of Basic Rights, p.
- Dijk, Niels van / Gellert, Raphaël / Rommetveit, Kjetil: A risk to a right? Beyond data protection risk assessments, in: Computer Law & Security Review 32 (2) (2016), pp. 286–306, quoted as: van Dijk, Gellert and Rommetveit, A risk to a right? Beyond data protection risk assessments, p.
- Dopfer, Martina / von Grafenstein, Maximilian / Richter, Nancy / Schildhauer, Thomas / Tech, Robin / Trifonov, Stefan / Wrobel, Martin: Working Paper „Fördernde Und Hindernde Faktoren Für Internet-Enabled Startups. (Supporting and Hindering Factors for Internet-Enabled Startups.), 2015, URL: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2759911, doi.org/10.2139/ssrn.2759911
- quoted as: Dopfer et al., Supporting and hindering factors for internet-enabled startups, p.
- Drucker, Peter F.: The Discipline of Innovation, in: Harvard Business Review, Reprint 98604 (1998), first published in 1985, URL: https://hbr.org/2002/08/the-discipline-of-innovation, quoted as: Drucker, The Discipline of Innovation, p.
- Duhigg, Charles: Die Macht der Gewohnheit – Warum wir tun was wir tun (English original title: The Power of Habit), Berlin: Berlin Verlag, 2012, quoted as: Duhigg, The Power of Habit, p.
- Eckhoff, Rolf: Der Grundrechtseingriff, Köln i.a.: Carl Heymanns, 1992, quoted as: Eckhoff, The Infringement of Fundamental Rights, p.
- EDRi / access / Privacy International / Fundacja Panoptykon: Data Protection Broken Badly, 2015, URL: https://edri.org/files/DP_BrokenBadly.pdf, quoted as: EDRi / access / Privacy International / Fundacja Panoptykon: Data Protection Broken Badly.
- El Emam, Khaled / Álvarez, Cecilia: A critical appraisal of the Article 29 Working Party Opinion 05/2014 on data anonymization techniques, in: International Data Privacy Law 5 (1) (2015), pp. 73–87, quoted as: El Emam and Álvarez, A critical appraisal of the Article 29 Working Party Opinion 05/2014 on data anonymization techniques, p.
- Ehmann, Eugen / Helfrich, Markus: EG Datenschutzrichtlinie, Köln: Otto Schmidt, 1999, quoted as: Ehmann/Helfrich, EU Data Protection Directive, „Chapter“, cip.
- Eichenhofer, Johannes: Privatheit im Internet als Vertrauensschutz, in: Der Staat 55 (1) (2016), pp. 41–67, quoted as: Eichenhofer, Privacy in the Internet as Protection of Trust, p.
- Eifert, Martin: Zweckvereinbarkeit statt Zweckbindung als Baustein eines modernisierten Datenschutzrechts, in: Walter Gropp / Martin Lipp / Heinhard Steiger (eds.), Rechtswissenschaft im Wandel – Festschrift des Fachbereichs Rechtswissenschaft zum 400jährigen Gründungsjubiläum der Justus-Liebig-Universität Gießen, Tübingen: Mohr Siebeck, 2007, pp. 139–152, quoted as: Eifert, Purpose Compatibility instead of Purpose Limitation, p.
- Id.: Regulierungsstrategien, in: Wolfgang Hoffmann-Riem / Eberhard Schmidt-Aßmann / Andreas Voßkuhle (eds.), Grundlagen des Verwaltungsrechts – Band I „Methoden – Maßstäbe – Aufgaben – Organisation“, 2nd edition, München: C.H. Beck, 2012, § 19, quoted as: Eifert, Regulation Strategies, p.
- Id.: Innovationsfördernde Regulierung, in: Martin Eifert / Wolfgang Hoffmann-Riem (eds.), Innovation und Recht II – Innovationsfördernde Regulierung, Berlin: Duncker & Humblot, 2009, pp. 11–19, quoted as: Eifert, Innovation-enhancing Regulation, p.
- Eisenhardt, Kathleen M. / Graebner, Melissa E.: Theory Building From Cases: Opportunities and Challenges, in: Academy of Management Journal 50 (1) (2007), pp. 25–32, quoted as: Eisenhardt and Graebner, Theory Building From Cases: Opportunities and Challenges, p.
- Eßer, Martin: § 31, in: Martin Eßer / Philip Kramer / Kai von Lewinski (eds.), Auernhammer – Bundesdatenschutzgesetz, 4th edition, Köln: Carl Heymanns, 2014, quoted as: Eßer, Federal Data Protection Law and further Provisions, cip.
- European Union Agency for Fundamental Rights / European Court of Human Rights / Council of Europe: Handbook on European data protection law, Luxembourg: Publications Office of the European Union, 2014, quoted as: Handbook on European data protection law, p.
- Eurobarometer: Entrepreneurship in the EU and beyond, Flash EB Series #283, 2010, URL: http://ec.europa.eu/public_opinion/flash/fl_283_en.pdf, quoted as: Eurobarometer: Entrepreneurship in the EU and beyond.
- Expert Group on Fundamental Rights: Affirming Fundamental Rights in the European Union, Time to Act, Luxembourg: Office for Official Publications of the European Communities, 1999, URL: http://bookshop.europa.eu/en/affirming-fundamental-rights-in-the-european-union-pbCE2199181/downloads/CE-21-99-181-EN-C/CE2199181ENC_001.pdf;pgid=y8dIS7GUWMdSR0EAlMEUUsWb00008BR_Mmdd;sid=q4ng-7rouAbg__TN3ld-XNjN5ur-ib07rVo=?FileName=CE2199181ENC_001.pdf&SKU=CE2199181ENC_PDF&CatalogueNumber=CE-21-99-181-EN-C, quoted as: Expert Group on Fundamental Rights, p.
- Fagerberg, Jan: Innovation: A Guide to the Literature, in: Jan Fagerberg / David C. Mowery (eds.), The Oxford Handbook of Innovation, Oxford: Oxford University Press, 2004, pp. 1–26, quoted as: Fagerberg, Innovation: A Guide to the Literature, p.
- Federal Communications Commission: Internet Protocol Version 6: IPv6 for Consumers, 25 October 2016, URL: https://www.fcc.gov/consumers/guides/internet-protocol-version-6-ipv6-consumers, quoted as: Federal Communications Commission: Internet Protocol Version 6: IPv6 for Consumers.
- Folz, Hans-Peter, Artikels 3, 15, 16, and 21 EU-GR Charta, in: Christoph Vedder / Heintschel von Heinegg, Wolff (eds.), Europäisches Unionsrecht – EUV / AEUV / Grundrechte-Charta, Baden-Baden: Nomos Verlag, 2012, quoted as: Folz, Articles 3, 15, 16, and 21 ECFR – Freedom to Conduct a Business, cip.
- Forgó, Nikolaus / Krügel, Tina / Rapp, Stefan: Zwecksetzung und informationelle Gewaltenteilung, Baden-Baden: Nomos Verlag, 2006, quoted as: Forgó et al., Purpose Specification and Informational Separation of Powers, p.
- Forgó, Nikolaus / Krügel, Tina: Die Subjektivierung der Zweckbindung: Datenschutz – Bremsblock oder Motor des E-Government, in: Datenschutz und Datensicherheit 29 (12) (2005), pp. 732–735, quoted as: Forgó and Krügel, Subjective purpose limitation: Data protection – Brake or motor of E-Government?, p.
- Forum Privatheit: White Paper, Datenschutz-Folgenabschätzung: Ein Werkzeug für einen besseren Datenschutz, 2016, URL: https://www.forum-privatheit.de/forum-privatheit-de/texte/veroeffentlichungen-des-forums/themenpapiere-white-paper/Forum_Privatheit_White_Paper_Datenschutz-Folgenabschaetzung_2016.pdf, quoted as: Forum Privatheit, White Paper – Data Protection Impact Assessment, p.
- Franzius, Claudio: Modalitäten und Wirkungsfaktoren der Steuerung durch Recht, in: Wolfgang Hoffmann-Riem / Eberhard Schmidt-Aßmann / Andreas Voßkuhle (eds.), Grundlagen des Verwaltungsrechts – Band I „Methoden – Maßstäbe – Aufgaben – Organisation“, 2nd edition, München: C.H. Beck, 2012, § 4, quoted as: Franzius, Modes and Impact Factors for the Control through Law, cip.
- Fueglistaller, Urs / Müller, Christoph / Müller, Susan / Volery, Thierry / assisted by Röschke, Arik: Basics, in: Fueglistaller, Urs / Müller, Christoph / Müller, Susan / Volery, Thierry (eds.), Entrepreneurship – Modelle, Umsetzung, Perspektiven, 4th edition, Wiesbaden: Springer Gabler , 2016, Grundlagen, quoted as: Fueglistaller et al., Entrepreneurship – Basics, p. doi.org/10.1007/978-3-8349-4770-3_6
- Fueglistaller, Urs / Müller, Christoph / Müller, Susan / Volery, Thierry / assisted by Fust, Alexander: Basics, in: Fueglistaller, Urs / Müller, Christoph / Müller, Susan / Volery, Thierry (eds.), Entrepreneurship – Modelle, Umsetzung, Perspektiven, 4th edition, Wiesbaden: Springer Gabler , 2016, Innovation und Entrepreneurship, quoted as: Fueglistaller et al., Entrepreneurship – Innovation and Entrepreneurship, p. doi.org/10.1007/978-3-8349-4770-3_6
- Müller, Christoph / Fueglistaller, Urs / Müller, Susan / Volery, Thierry, in: Fueglistaller, Urs / Müller, Christoph / Müller, Susan / Volery, Thierry (eds.), Strategie und Geschäftsmodell, in: Entrepreneurship – Modelle, Umsetzung, Perspektiven, 4th edition, Wiesbaden: Springer Gabler , 2016, Grundlagen, quoted as: Müller et al., Entrepreneurship – Strategy and business model, p. doi.org/10.1007/978-3-8349-4770-3_5
- Gartner, William B.: What are we talking about when we talk about entrepreneurship?, in: Journal of Business Venturing 5 (1) (1990), pp. 15–28, quoted as: Gartner, What are we talking about when we talk about entrepreneurship?, p.
- Id.: A Conceptual Framework for Describing the Phenomenon of New Venture Creation, in: The Academy of Management Review 10 (4) (1985), pp. 696–706, quoted as: Gartner, A Conceptual Framework for Describing the Phenomenon of New Venture Creation, p. doi.org/10.2307/258039
- Gasser, Urs: Cloud Innovation and the Law: Issues, Approaches, and Interplay, Berkman Center Research Publication No. 2014-7, URL: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2410271, quoted as: Gasser, Cloud Innovation and the Law: Issues, Approaches, and Interplay, p. doi.org/10.2139/ssrn.2410271
- Gellert, Raphaël: Data protection: a risk regulation? Between the risk regulation of everything and the precautionary alternative, in: International Data Privacy Law 5 (1) (2015), pp. 3–19, quoted as: Gellert, Data protection: a risk regulation? Between the risk regulation of everything and the precautionary alternative, p.
- Gola, Peter / Schomerus, Rudolf: Bundesdatenschutzgesetz, Kommentar, 12th edition, München: C.H.Beck, 2015, quoted as: Gola/Schomerus, Federal Data Protection Law, § 28 BDSG cip.
- González-Fuster, Gloria: The Emergence of Data Protection as a Fundamental Right of the EU, Cham i.a.: Springer, 2014, quoted as: González-Fuster, The Emergence of Data Protection as a Fundamental Right of the EU, p.
- Globig, Klaus: Der Auskunftsanspruch des Betroffenen als Grundrecht, in: Hans-Wolfgang Arndt (ed.) Völkerrecht und deutsches Recht – Festschrift für Walter Rudolf zum 70. Geburtstag, München: C.H. Beck, 2001, pp. 441–465, quoted as: Globig, Basic Right to Information, p.
- Grafenstein, Maximilian von / Schulz, Wolfgang: The right to be forgotten in data protection law: a search for the concept of protection, in: International Journal for Public Law and Policy 5 (3) (2015), pp. 249–269, quoted as: v. Grafenstein and Schulz, The right to be forgotten in data protection law: a search for the concept of protection, p.
- Id.: Das Zweckbindungsprinzip zwischen Innovationsoffenheit und Rechtssicherheit – Zur mangelnden Differenzierung der Rechtsgüterbetroffenheit in der Datenschutzgrund-VO, in: Datenschutz und Datensicherheit 39 (12) (2015), pp. 789–795, quoted as: v. Grafenstein, The Principle of Purpose Limitation between Openness toward Innovation and the Rule of Law, p.
- Greve, Dr. Holger : § 40, in: Martin Eßer / Philip Kramer / Kai von Lewinski (eds.), Auernhammer – Bundesdatenschutzgesetz, 4th edition, Köln: Carl Heymanns, 2014, quoted as: Greve (Auernhammer), cip.
- Grimm, Dieter: Der Datenschutz vor einer Neuorientierung, in: JuristenZeitung 68 (12) (2013), pp. 585–592, quoted as: Grimm, Data protection before its refinement, p.
- Gusy, Christoph: Informationelle Selbstbestimmung und Datenschutz: Fortführung oder Neuanfang?, in: Kritische Vierteljahresschrift für Gesetzgebung und Rechtswissenschaft 83 (1) (2000), pp. 52–64, quoted as: Gusy, Informational Self-Determination and Data Protection: Continuing or New Beginning?, p.
- Härting, Niko: Zweckbindung und Zweckänderung im Datenschutzrecht, in: Neue Juristische Wochenschrift 68 (45) (2015), pp. 3284–3288, quoted as: Härting, Purpose limitation and change of purpose in data protection law, p.
- Id.: Datenschutz-Grundverordnung: Das neue Datenschutzrecht in der betrieblichen Praxis, Köln: Otto Schmidt, 2016, quoted as: Härting, General Data Protection Regulation: The new data protection law in business practice, cip. doi.org/10.9785/9783504385330-prf
- Id.: Profiling: Vorschläge für eine intelligente Regulierung – Was aus der Zweistufigkeit des Profiling für die Regelung des nicht öffentlichen Datenschutzbereichs folgt, in: Computer und Recht 30 (8) (2014), pp. 528–536, quoted as: Härting, Profiling: a proposal for an intelligent regulation, p. doi.org/10.9785/cr-2014-0808
- Härting, Niko / Schneider, Jochen: Data Protection in Europe: An Alternative Draft for a General Data Protection Regulation – Alternatives to the European Commission’s Proposal of 25 January 2012, Computer Law Review International 14 (2013) Supplement 1, pp. 1-38, quoted as: Härting and Schneider, Data Protection in Europe: An Alternative Draft for a General Data Protection Regulation, p.
- Hallinan, Dara / Friedewald, Michael: Public Perception of the Data Environment and Information Transactions – A selected-survey analysis of the European public’s views on the data environment and data transactions, in: Communications & Strategies 88 (4) (2012), pp. 61–78, quoted as: Hallinan and Friedewald, Public Perception of the Data Environment and Information Transactions – A selected-survey analysis of the European public’s views on the data environment and data transactions, p.
- Vested-Hansen, Jens: Article 7 – Respect for Private and Family Life, in: Steve Peers / Tamara Hervey / Jeff Kenner / Angela Ward (eds.), The EU Charter of Fundamental Rights, A Commentary, Oxford i.a.: Hart 2014, pp. 196-225, quoted as: Vested-Hansen, EU Charter of Fundamental Rights, cip. doi.org/10.5771/9783845259055_196
- Hartog, Chantal / van Stel, André / Storey, David J.: Institutions and Entrepreneurship: The Role of the Rule of Law, 2010, URL: http://ondernemerschap.panteia.nl/main/publication/bestelnummer/h201003, quoted as: Hartog et al., Institutions and Entrepreneurship: The Role of the Rule of Law, p.
- Herberger, Marie: “Ausnahmen sind eng auszulegen” – Die Ansichten beim Gerichtshof der Europäischen Union, Berlin: Duncker & Humblot, 2017, quoted as: Herberger, “Exceptions have to be interpretetd narrowly” – The considerations by the European Court of Justice, p. doi.org/10.3790/978-3-428-55120-0
- Heun, Sven-Erik: §§ 88, 95, 96 TKG, in: Martin Eßer / Philip Kramer / Kai von Lewinski (eds.), Auernhammer – Bundesdatenschutzgesetz, 4th edition, Köln: Carl Heymanns, 2014, quoted as: Heun, Federal Data Protection Law and further Provisions, ‚Chapter’, cip.
- Hoffmann-Riem, Wolfgang: Informationelle Selbstbestimmung in der Informationsgesellschaft – Auf dem Wege zu einem neuen Konzept des Datenschutzrechts, in: Archiv des öffentlichen Rechts 123 (4) (1998), pp. 513–540, quoted as: Hofmann-Riem, New Concept of Data Protection, p.
- Id.: Rechtswissenschaftliche Innovationsforschung als Reaktion auf gesellschaftlichen Innovationsbedarf, in: Martin Eifert / Wolfgang Hoffmann-Riem (eds.), Innovation und rechtliche Regulierung, Baden-Baden: Nomos, 2002, pp. 26–47, quoted as: Hoffmann-Riem, Jurisprudential Research on Innovation as Reaction to a Societal Need for Innovation, p.
- Id.: Innovationsoffenheit und Innovationsverantwortung durch Recht – Aufgaben rechtswissenschaftlicher Innovationsforschung, in: Archiv des öffentlichen Rechts 131 (2) (2006), pp. 255–277, quoted as: Hoffmann-Riem, Openness toward Innovation and Responsibility for Innovation by means of Law, p. doi.org/10.1628/000389106780282097
- Id.: Der grundrechtliche Schutz der Vertraulichkeit und Integrität eigengenutzter informationstechnischer Systeme, JuristenZeitung 63 (21) (2008), pp. 1009–1022, quoted as: Hoffmann-Riem, Protection of the Confidentiality and Integrity of Information Technological Systems, p. doi.org/10.1628/002268808786375406
- Hoffmann-Riem, Wolfgang / Fritzsche, Saskia: Innovationsverantwortung – Zur Einleitung, in: Martin Eifert / Wolfgang Hoffmann-Riem (eds.), Innovation und Recht III – Innovationsverantwortung, Berlin: Duncker & Humblot, 2009, pp. 11–41, quoted as: Hoffmann-Riem, Innovation Responsibility, p. doi.org/10.3790/978-3-428-53151-6
- Hofmann, Bernhard: Zweckbindung als Kernpunkt eines prozeduralen Datenschutzansatzes, Baden-Baden: Nomos, 1991, quoted as: Hofmann, Purpose Limitation as Anchor Point for a Procedural Approach in Data Protection, p.
- Hofmann, Jeanette / Katzenbach, Christian / Gollatz, Kirsten: Between coordination and regulation: Finding the governance in Internet governance, in: New Media & Society 2016, pp. 1–18, quoted as: Hofmann, Katzenbach and Gollatz, Between coordination and regulation: Finding the governance in Internet governance, p. doi.org/10.1177/1461444816639975
- Hon, W Kuan / Millard, Christopher / Walden, Ian: Who is responsible for ‘personal data’ in cloud computing? The cloud of unknowing, Part 2, in: International Data Privacy Law 2 (1) (2012), pp. 3–18, quoted as: Hon, Millard, and Walden, Who is responsible for ‘personal data’ in cloud computing?, p.
- Hood, Christopher / Rothstein, Henry / Baldwin, Robert: The Government of Risk – Understanding Risk Regulation Regimes, Oxford: Oxford University Press, 2001, quoted as: Hood, Rothstein, and Baldwin, The Government of Risk – Understanding Risk Regulation Regimes, p. doi.org/10.1093/0199243638.003.0002
- Hoofnagle, Chris Jay, The Potemkinism of Privacy Pragmatism: Civil liberties are too important to be left to the technologists, 2014, URL: http://www.slate.com/articles/technology/future_tense/2014/09/data_use_regulation_the_libertarian_push_behind_a_new_take_on_privacy.html, quoted as: Hoofnagle, The Potemkinism of Privacy Pragmatism: Civil liberties are too important to be left to the technologists.
- Hornung, Gerrit / Hartl, Korbinian: Datenschutz durch Marktanreize – auch in Europa? Stand der Diskussion zu Datenschutzzertifizierung und Datenschutzaudit, in: Zeitschrift für Datenschutz 4 (5) (2014), pp. 219–225, quoted as: Hornung and Hartl, Data Protection through Market Incentives – in Europe, too?, ZD May 2014, p.
- Jaeckel, Liv: Gefahrenabwehrrecht und Risikodogmatik – Moderne Technologien im Spiegel des Verwaltungsrechts, Tübingen: Mohr Siebeck, 2010, quoted as: Jaeckel, Prevention of Danger through Law and Legal Conceptualization of Risk, p.
- Id.: Risiko-Signaturen im Recht – Zur Unterscheidbarkeit von Gefahr und Risiko, JuristenZeitung 66 (3) (2011), pp. 116–124, quoted as: Jaeckel, Differentiating between Danger and Risk, p.
- Id.: Schutzpflichten im deutschen und europäischen Recht – Eine Untersuchung der deutschen Grundrechte, der Menschenrechte und Grundfreiheiten der EMRK sowie der Grundrechte und Grundfreiheiten der Europäischen Gemeinschaft, Baden-Baden: Nomos, 2001, quoted as: Jaeckel, Duties of Protection in German and European Law, p.
- Jandt, Silke / Roßnagel, Alexander: Datenschutz in Social Networks – Kollektive Verantwortlichkeit für die Datenverarbeitung, Zeitschrift für Datenschutz 1 (4) (2011), pp. 160–166, quoted as: Jandt and Roßnagel, Data protection in social networks – Collective responsibility for data processing, p.
- Jarass, Hans D.: Vor Art. 1, Art. 1 GG, in: Jarass, Hans D. / Pieroth, Bodo (eds.), Grundgesetz für die Bundesrepublik Deutschland – Kommentar, München: C.H. Beck, 2012, quoted as: Jarass in: Jarass/Pieroth, GG, Art.
- Jarchow, Thomas / Estermann, Beat: Big Data: Chancen, Risiken und Handlungsbedarf des Bundes – Ergebnisse einer Studie im Auftrag des Bundesamts für Kommunikation, 26 Oktober 2015, URL: https://www.uvek.admin.ch/dam/uvek/de/dokumente/anlaesse/2015-ab-juli/BFH%20Big%20Data%20Studie.pdf.download.pdf/BFH_Big-Data-Studie.pdf, quoted as: Jarchow and Estermann, Big Data: Chances, Risks and Need for Action of the Swiss Confederation, p.
- Kamp, Meike / Rost, Martin: Kritik an der Einwilligung – Ein Zwischenruf zu einer fiktiven Rechtsgrundlage in asymmetrischen Machtverhältnissen, in: Datenschutz und Datensicherheit 37 (2) (2013), pp. 80–84, quoted as: Kamp and Rost, Criticism of the individual’s consent – An interjection on a ficticious legal basis in asyymetric power relations, p.
- Karg, Moritz: Die Rechtsfigur des personenbezogenen Datums – Ein Anachronismus des Datenschutzes?, in: Zeitschrift für Datenschutz 2 (6) (2012), pp. 255–260, quoted as: Karg, The personal datum as a legal link for regulation – An anachronism of data protection?, p.
- Id.: Die Renaissance des Verbotsprinzips im Datenschutz, in: Datenschutz und Datensicherheit 37 (2) (2013), pp. 75–79, quoted as: Karg, The renaissance of the prohibition principle in data protection, p. doi.org/10.1007/s11623-013-0021-5
- Kift, Paula: Bridging the transatlantic divide in privacy, in: Internet Policy Review 2 (3) (2013), pp. 1–7, quoted as: Kift, Bridging the transatlantic divide, at fn.
- Kirby, Michael: The history, achievement and future of the 1980 OECD guidelines on privacy, in: International Data Privacy Law 1 (1) (2011), pp. 6–14, quoted as: Kirby, The history, achievement and future of the 1980 OECD guidelines on privacy, p.
- Kloepfer, Michael: Recht ermöglicht Technik – Zu einer wenig beachteten Funktion des Umwelt- und Technikrechts, in: Natur und Recht 1997, pp. 417–418, quoted as: Kloepfer, Law enables Technology – About an understimated function of environmental and technology law, p.
- Kokott, Juliane / Sobotta, Christoph: The distinction between privacy and data protection in the jurisprudence of the CJEU and the ECtHR, in: International Data Privacy Law 3 (4) (2013), pp. 222–228, quoted as: Kokott and Sobotta, The distinction between privacy and data protection in the jurisprudence of the CJEU and the ECtHR, p.
- Kollmann, Tobias / Stöckmann, Christoph / Linstaedt, Jana / Kensbock, Julia: European Startup Monitor 2015, URL: http://europeanstartupmonitor.com/fileadmin/presse/download/esm_2015.pdf, quoted as: Kollmann et al., European Startup Monitor 2015, p.
- Kosta, Eleni: Construing the Meaning of „Opt-Out“ – An Analysis of the European, U.K. and German Data Protection Legislation, in: European Data Protection Law Review 1 (1) (2015), pp. 16–31, quoted as: Kosta, Construing the Meaning of „Opt-Out“ – An Analysis of the European, U.K. and German Data Protection Legislation, p.
- Kramer, Philip: §§ 4a, 28 BDSG, in: Martin Eßer / Philip Kramer / Kai von Lewinski (eds.), Auernhammer – Bundesdatenschutzgesetz, 4th edition, Köln: Carl Heymanns, 2014, quoted as: Kramer, Federal Data Protection Law and further Provisions, ‚Chapter’, cip.
- Kranenborg, Herke: Article 8 – Protection of Personal Data, in: Steve Peers / Tamara Hervey / Jeff Kenner / Angela Ward (eds.), The EU Charter of Fundamental Rights, A Commentary, Oxford i.a.: Hart 2014, quoted as: Kranenborg, Article 8 – Protection of Personal Data, cip. doi.org/10.5771/9783845259055_266
- Kühling, Jürgen: Datenschutz in einer künftigen Welt allgegenwärtiger Datenverarbeitung – Aufgabe des Rechts?, in: Die Verwaltung 40 (2) (2007), pp. 153–172, quoted as: Kühling, Data protection in a future world of ubiquitous data processing, p.
- Kuner, Christopher / Cate, Fred H. / Millard, Christopher / Svantesson, Dan Jerker B. / Lynskey, Orla: Editorial – Risk management in data protection, in: International Data Privacy Law 5 (2) (2015), pp. 95–98, quoted as: Kuner et al., Risk management in data protection, p.
- Id.: Editorial – The data protection credibility crisis, in: International Data Privacy Law 5 (3) (2015), pp. 161–162, quoted as: Kuner et al., The Data Protection Credibility Crisis, IDPL 2015 Vol. 5 no. 3, p. doi.org/10.1093/idpl/ipv012
- Kutscha, Martin: Datenschutz durch Zweckbindung – Ein Auslaufmodell?, in: Zeitschrift für Rechtspolitik 32 (4) (1999), pp. 156–160, quoted as: Kutscha, ZRP, vol. 4, 1999, pp. 156–160, Data Protection through Purpose Limitation – An Obsolescent Model?, p.
- Ladeur, Karl-Heinz: Das Umweltrecht der Wissensgesellschaft: Von der Gefahrenabwehr zum Risikomanagement, Berlin: Duncker & Humblot, 2005, pp. 209–233, quoted as: Ladeur, The Environmental Law of the Knowledge Society: From the protection against dangers to the management of risks, p.
- Lenaerts, Koen / Gutiérrez-Fons, José Antonio: The Charter in the EU Constitutional Edifice, in: Steve Peers / Tamara Hervey / Jeff Kenner / Angela Ward (eds.), The EU Charter of Fundamental Rights, A Commentary, Oxford i.a.: Hart 2014, pp. 1600–1637, quoted as: Lenaerts and Gutiérrez-Fons, The Charter in the EU Constitutional Edifice, p. doi.org/10.5771/9783845259055_1600
- Levie, Jonathan / Autio, Erkko: Regulatory Burden, Rule of Law, and Entry of Strategic Entrepreneurs: An International Panel Study, in: Journal of Management Studies 48 (6) (2011), pp. 1392–1419, quoted as: Levie and Autio, Regulatory Burden, Rule of Law, and Entry of Strategic Entrepreneurs: An International Panel Study, p.
- Lewinski, Kai von: § 1 BDSG, Vorb. § 88 TKG, in: Martin Eßer / Philip Kramer / Kai von Lewinski (eds.), Auernhammer – Bundesdatenschutzgesetz, 4th edition, Köln: Carl Heymanns, 2014, quoted as: v. Lewinski, Federal Data Protection Law and further Provisions, ‚Chapter’, cip.
- Id.: Die Matrix des Datenschutzes, Tübingen: Mohr Siebeck, 2014, quoted as: v. Lewinski, The Matrix of Data Protection, p.
- Lindner, Josef Franz: Datenschutzrecht in Bund und Ländern, Kommentar, München: C.H. Beck, 2013, quoted as: Lindner, Data protection in the Federal State and the Länder, cip.
- Lipshaw, Jeffrey M.: Why the Law of Entrepreneurship Barely Matters, in: Western New England Law Review 31 (3/7) 2009, pp. 701-715, quoted as: Lipshaw, Why the Law of Entrepreneurship Barely Matters.
- Luhmann, Niklas: Zweckbegriff und Systemrationalität, Tübingen: Mohr Siebeck, 1968, quoted as: Luhmann, The Concept of Purpose and System Rationality, p.
- Lynskey, Orla: The Foundations of EU Data Protection Law, Oxford: Oxford University Press, 2015, quoted as: Lynskey, The Foundations of EU Data Protection Law, p.
- Mantelero, Alessandro / Vaciago, Giuseppe: The „Dark Side“ of Big Data: Private and Public Interaction in Social Surveillance – How data collections by private entities affect governmental social control and how the EU reform an data protection responds, in: Computer Law Review International 14 (6) (2013), pp. 161–169, quoted as: Mantelero and Vaciago, The „Dark Side“ of Big Data: Private and Public Interaction in Social Surveillance, p.
- Margraf, Marian / Pfeiffer, Stefan: Benutzerzentrierte Entwicklung für das Internet der Dinge, in: Datenschutz und Datensicherheit 39 (4) (2015), pp. 246–249, quoted as: Margraf and Pfeiffer, User-centric development for the Internet of Things, p.
- Matscher, Franz: Methods of Interpretation of the Convention, in: Ronald St. J. Macdonald / Franz Matscher / Herbert Petzold (eds.), The European System for the protection of human rights, Dordrecht i.a.: Kluwer Academic, 1993, pp. 63–81, quoted as: Matscher, Methods of Interpretation of the Convention, p.
- Masing, Johannes: Herausforderungen des Datenschutzes, Neue Juristische Wochenschrift 65 (32) (2012), pp. 2305–2311, quoted as: Masing, Challenges of data protection, p.
- Mayer-Schönberger, Viktor: The Law as Stimulus: The Role of Law in Fostering Innovative Entrepreneurship, in: Journal of Law and Policy for the Information Society 6 (2) (2010) pp. 153–188, quoted as: Mayer-Schönberger, The Law a s Stimulus: The Role of Law in Fostering Innovative Entrepreneurship, p.
- Mayer-Schönberger, Viktor / Cukier, Kenneth: Big Data: A Revolution That Will Transform How We Live, Work, and Think, New York: Houghton Mifflin Harcourt, 2013, quoted as: Mayer-Schönberger and Cukier, Big Data: A Revolution That Will Transform How We Live, Work, and Think, p.
- Maxwell, Winston J.: Principles-based regulation of personal data: the case of ‚fair processing’, in: International Data Privacy Law 5 (3) (2015), pp. 205–216, quoted as: Maxwell, Principles-based regulation of personal data: the case of ‚fair processing’, p.
- Mehde, Veith: Datenschutz, in: Sebastian F. Heselhaus / Carsten Nowak (eds.), Handbuch der Europäischen Grundrechte, München: C.H. Beck, 2006, § 21, quoted as: Mehde, Handbook of European Fundamental Rights, cip.
- Miller, Arthur R.: Personal Privacy in the Computer Age: The Challenge of a New Technology in an Information-Oriented Society, in: Michigan Law Review 67 (6) (1969), pp. 1089–1246, quoted as: Miller, Personal Privacy in the Computer Age: The Challenge of a New Technology in an Information-Oriented Society, p.
- Moroz, Peter W. / Hindle, Kevin: Entreneurship as a Process: Toward Harmonizing Multiple Perspectives, in: Entrepreneurship Theory and Practice 36 (4) (2012), pp. 781–818, quoted as: Moroz and Hindle, Entreneurship as a Process: Toward Harmonizing Multiple Perspectives, p.
- Murray, Andrew D.: Conceptualising the Post-Regulatory (Cyber)state, in: Roger Brownsword / Karen Yeung (eds.), Regulating Technologies – Legal Futures, Regulatory Frames and Technological Fixes, Oxford i.a.: Hart Publishing, 2008, pp. 287–316, quoted as: Murray, Conceptualising the Post-Regulatory (Cyber)state, p.
- Id.: The Regulation of Cyberspace – Control in the Online Environment, Abingdon i.a.: Routledge–Cavendish, 2007, quoted as: Murray, The Regulation of Cyberspace – Control in the Online Environment, p.
- Neumann, Robert: Libertärer Paternalismus – Theorie und Empirie staatlicher Entscheidungsarchitektur, Tübingen: Mohr Siebeck, 2013, quoted as: Neumann, Libertarian Paternalism – Theory and empiricism with respect to decision-making architectures designed by the State, p.
- Neveling, Stefanie / Bumke, Susanne / Dietrich, Jan-Hendrik: Ansätze wirtschaftswissenschaftlicher und soziologischer Innovationsforschung, in: Martin Eifert / Wolfgang Hoffmann-Riem (eds.), Innovation und rechtliche Regulierung. Schlüsselbegriffe und Anwendungsbeispiele rechtswissenschaftlicher Innovationsforschung, Baden-Baden: Nomos, 2002, pp. 364–413 quoted as: Neveling et alt., Economic and Sociological Approaches of Innovation Research, p.
- Niedobitek, Matthias: Entwicklung und allgemeine Grundsätze, in: Detlef Merten / Jürgen Papier (eds.), Handbuch der Grundrechte in Deutschland und Europa – Band VI/1 „Europäische Grundrechte I“, Heidelberg i.a.: C.F. Müller, 2010, § 159, quoted as: Niedobitek, Development and General Principles, cip.
- Nissenbaum, Helen: Privacy in Context – Technology, Policy, and the Integrity of Social Life, Stanford: Stanford University Press, 2010, quoted as: Nissenbaum, Privacy in Context, p.
- Id.: Respect for Context as a Benchmark, in: Beate Roessler / Dorothea Mokrosinska (eds.), Social Dimensions of Privacy – Interdisciplinary Perspectives, Cambridge: Cambridge University Press, 2015, pp. 278–302, quoted as: Nissenbaum, Respect for Context as a Benchmark, p. doi.org/10.1017/CBO9781107280557.016
- Id.: Privacy as Contextual Integrity, in: Washington Law Review 97 (1) (2004), pp. 101–139, quoted as: Nissenbaum, Privacy as Contextual Integrity, p.
- OECD: Data-Driven Innovation for Growth and Well-Being. What Implications for Governments and Businesses?, Directorate for Science, Technology and Innovation Policy Note, October 2015, URL: http://www.oecd.org/sti/ieconomy/PolicyNote-DDI.pdf, quoted as: OECD: Data-Driven Innovation for Growth and Well-Being.
- Id.: OECD Science, Technology and Industry Outlook 2014, URL: http://www.oecd.org/sti/oecd-science-technology-and-industry-outlook-19991428.htm, quoted as: OECD: Science, Technology and Industry Outlook 2014, p. doi.org/10.1787/sti_outlook-2014-82-en
- Id.: The OECD Privacy Framework, 2013, URL: http://www.oecd.org/sti/ieconomy/oecd_privacy_framework.pdf, quoted as: The OECD Privacy Framework, p.
- Pahlen-Brandt, Ingrid: Datenschutz braucht scharfe Instrumente – Beitrag zur Diskussion um „personenbezogene Daten“, in: Datenschutz und Datensicherheit 32 (1) (2008), pp. 34–40, quoted as: Pahlen-Brandt, Contribution to the discussion aon „personal data“, p.
- Papier, Hans-Jürgen: Drittwirkung der Grundrechte, in: Detlef Merten / Hans-Jürgen Papier (eds.), Handbuch der Grundrechte in Deutschland und Europa – Band II „Allgemeine Lehren I“, Heidelberg: C.F. Müller, 2006, § 55, quoted as: Papier, Third-Party Effect of German Basic Rights, cip.
- Peters, Emma: Wirksamer Grundrechtsschutz und effektive Strafverfolgung beim Zugriff auf elektronische Daten in Speichern privater Dritter (im Kontext der Grundrechte des Datenbetroffenen) (working title, manuscript, forthcoming 2017), quoted as: Peters, Effective protection of fundamental rights and efficient criminal prosecution in relation to acess to electronic data stored by private third parties, p.
- Plath, Dr. Kai-Uwe, Kommentar zum BDSG und zur DSGVO sowie den Datenschutzbestimmungen von TMG und TKG, 2nd edition, Köln: Verlag Dr. Otto Schidt KG, 2016, quoted as Plath, § cip. doi.org/10.9785/9783504384951
- Pohle, Jörg: Zweckbindung revisited, in: Datenschutz Nachrichten 38 (3) (2015), pp. 141–145, quoted as: Pohle, Purpose limitation revisited, p.
- Id.: Personal Data Not Found: Personenbezogene Entscheidungen als überfällige Neuausrichtung im Datenschutz, in: Datenschutz Nachrichten 39 (1) (2016), pp. 14–19, quoted as: Pohle, Personal Data Not Found: Person-related decisions as an over-due refinement of data protection, p.
- Pombriant, Denis: Data, Information and Knowledge – Transformation of data is key, in: Computer Law Review International 14 (4) (2013), pp. 97–102, quoted as: Pombriant, Data, Information and Knowledge – Transformation of data is key, p.
- Raab, Charles D. / De Hert, Charles: Tools for Technology Regulation: Seeking Analytical Approaches Beyond Lessig and Hood, in: Roger Brownsword / Karen Yeung (eds.) Regulating Technologies – Legal Futures, Regulatory Frames and Technological Fixes, Oxford i.a.: Hart Publishing, 2008, pp. 263–285, quoted as: Raab and De Hert, Tools for Technology Regulation, p.
- Radlanski, Philip: Das Konzept der Einwilligung in der datenschutzrechtlichen Realität, Tübingen: Mohr Siebeck, 2016, quoted as: Radlanski, The concept of consent in the reality of data protection law, p.
- Rauhofer, Judith: Of men and mice: Should the EU data protection authorities’ reaction to Google’s new privacy policy raise concern for the future of the purpose limitation principle?, in: European Data Protection Law Review 1 (1) (2015), pp. 5–15, quoted as: Rauhofer, Of men and mice: Should the EU data protection authorities’ reaction to Google’s new privacy policy raise concern for the future of the purpose limitation principle?, p.
- Ries, Eric: The Lean Startup: How Today's Entrepreneurs Use Continuous Innovation to Create Radically Successful Businesses, New York: Random House, 2011, quoted as: Ries, The Lean Startup, p.
- Rouvroy, Antoinette / Poullet, Yves: The Right to Informational Self-Determination and the Value of Self-Development: Reassessing the Importance of Privacy for Democracy, in: Serge Gutwirth / Yves Poullet / Paul de Hert / Cecile de Terwangne / Sjaak Nouwt (eds.), Reinventing Data Protection?, New York i.a.: Springer, 2009, pp. 45–76, quoted as: Rouvroy and Poullet, The Right to Informational Self-Determination and the Value of Self-Development: Reassessing the Importance of Privacy for Democracy, p. doi.org/10.1007/978-1-4020-9498-9_2
- Roßnagel, Alexander: Das Gebot der Datenvermeidung und -sparsamkeit als Ansatz wirksamen technikbasierten Persönlichkeitsschutzes?, in: Martin Eifert / Wolfgang Hofmann-Riem (eds.), Innovation, Recht und öffentliche Kommunikation – Innovation und Recht IV, Berlin: Duncker & Humblot, 2011, pp. 41–66, quoted as: Roßnagel, The Requirement of Data Minimization, p.
- Id.: Datenschutz in einem informatisierten Alltag – Gutachten im Auftrag der Friedrich-Ebert-Stiftung, 2007, URL: http://library.fes.de/pdf-files/stabsabteilung/04548.pdf, quoted as: Roßnagel, Data protection in computerized everyday life, p.
- Id.: Rechtswissenschaftliche Technikfolgenforschung – Umrisse einer Forschungsdisziplin, Baden-Baden: Nomos, 1993, quoted as: Roßnagel, Technology assessment as a legal research discipline, p.
- Roßnagel, Alexander / Pfitzmann, Andreas / Garstka, Hansjürgen: Modernisierung des Datenschutzrechts – Gutachten im Auftrag des Bundesinnenministeriums des Innern, Bundesinnenministerium des Innern, 2001, URL: https://www.bfdi.bund.de/SharedDocs/VortraegeUndArbeitspapiere/2001GutachtenModernisierungDSRecht.pdf?__blob=publicationFile, quoted as: Roßnagel, Garstka and Pfitzmann, Modernization of data protection law – report on behalf of the Federal Ministry of the Interior (2001), p.
- Rost, Martin: Standardisierte Datenschutzmodellierung, in: Datenschutz und Datensicherheit 35 (6) (2012), pp. 433–438, quoted as: Rost, Standardized Modeling of Data Protection, p.
- Rost, Martin / Bock, Kirstin: Privacy by Design und die Neuen Schutzziele: Grundsätze, Ziele und Anforderungen, in: Datenschutz und Datensicherheit 35 (1) (2011), pp. 30–35, quoted as: Rost and Bock, Privacy by Design and the New Protection Goals: Principles, objectives, and requirements, p.
- Rost, Martin / Pfitzmann, Andreas: Datenschutz-Schutzziele—revisited, in: Datenschutz und Datensicherheit 33 (6) (2009), pp. 353–358, quoted as: Rost and Pfitzmann, Data Protection Goals – revisited, p.
- Rudolf, Walter: Recht auf informationelle Selbstbestimmung, in: Detlef Merten / Hans-Jürgen Papier (eds.), Handbuch der Grundrechte in Deutschland und Europa – Band IV „Einzelgrundrechte I“, Heidelberg: C.F. Müller, 2011, § 90, quoted as: Rudolf, Right to Informational Self-Determination, cip.
- Ruiz-Miguel, Carlos: El derecho a la protección de los datos personales en la Carta de Derechos Fundamentales de Unión Europea: Análisis crítico, in: Revista de Derecho Comunitario Europeo 7 (14) (2003), pp. 7–43, quoted: Ruiz-Miguel, El derecho a la protección de los datos personales en la Carta de Derechos Fundamentales de Unión Europea: Análisis crítico, p.
- Rupp, Martin: Die grundrechtliche Schutzpflicht des Staates für das Recht auf informationelle Selbstbestimmung im Pressesektor, Saarbrücken: Alma Mater, 2013, quoted as: Rupp, The State Duty of Protection for the Right to Informational Self-Determination in the Press Sector, p.
- Sandfuchs, Barbara: Privatheit wider Willen?, Tübingen: Mohr Siebeck, 2015, quoted as: Sandfuchs, Privacy against one’s will?, p. doi.org/10.1628/9783161557583
- Sarasvathy, Saras D.: Causation and Effectuation: Toward a Theoretical Shift from Economic Inevitability to Entrepreneurial Contingency, in: Academy of Management Review 26 (2) (2001), pp. 243–263, quoted as: Sarasvathy, Causation and Effectuation, p.
- Schneider, Jens-Peter: Stand und Perspektiven des europäischen Datenverkehrs- und Datenschutzrechts, in: Die Verwaltung 44 (4) (2011), pp. 499–524, quoted as: Schneider, Status of and Perspectives for the European Data Traffic and Data Protection Law, p.
- Schneider, Jochen: Die Datensicherheit – eine vergessene Regelungsmaterie? Ein Plädoyer für Aufwertung, stärkere Integration und Modernisierung des § 9 BDSG, in: Zeitschrift für Datenschutz 1 (1) (2011), pp. 6–12, quoted as: Schneider, Data security – a forgotten area of regulation?, p.
- Schreibauer, Marcus: Vorb. § 11, §§ 11, 12 TMG, in: Martin Eßer / Philip Kramer / Kai von Lewinski (eds.), Auernhammer – Bundesdatenschutzgesetz, 4th edition, Köln: Carl Heymanns, 2014, quoted as: Schreibauer, Federal Data Protection Law and further Provisions, cip.
- Schulz, Wolfgang / Dankert, Kevin: Governance by Things’ as a challenge to regulation by law, in: Internet Policy Review 5 (2) (2016), pp. 1–19, quoted as: Schulz and Dankert, ‚Governance by Things’ as a challenge to regulation by law.
- Schumpeter, Joseph: Capitalism, Socialism & Democracy, 5th edition, London i.a.: Routledge, 2003, quoted as: Schumpeter, Capitalism, Socialism & Democracy, p.
- Schweizer, Rainer J.: Allgemeine Grundsätze, in: Detlef Merten / Hans-Jürgen Papier (eds.), Handbuch der Grundrechte in Deutschland und Europa – Band VI/I „Europäische Grundrechte I“, Heidelberg i.a.: C. F. Müller, 2010, § 138, quoted as: Schweizer in: Handbook of Basic Rights – Europe I, §;
- Id.: Die Rechtsprechung des Europäischen Gerichtshofs für Menschenrechte zum Persönlichkeits- und Datenschutz, in: Datenschutz und Datensicherheit 33 (8) (2009), pp. 462–468, quoted as: Schweizer, European Convention and Data Protection, p. doi.org/10.1007/s11623-009-0119-y
- Simitis, Spiros: Die informationelle Selbstbestimmung – Grundbedingungen einer verfassungsrechtlichen Kommunikationsordnung, in: Neue Juristische Wochenschrift 37 (8) (1984), pp. 398–405, quoted as: Simitis, NJW 1984, p.
- Id.: Bundesdatenschutzgesetz, Baden-Baden: Nomos, 2014, quoted as: Simitis, Federal Data Protection Law, cip.
- Singer, Slavica / Amorós, José Ernesto / Moska Arreola, Daniel: Global Entrepreneurship Monitor – 2014 Global Report, URL: http://www.gemconsortium.org/report, quoted as: Singer et al., Global Entrepreneurship Monitor – 2014 Global Report.
- Skistims, Hendrik / Voigtmann, Christian / David, Klaus / Roßnagel, Alexander: Datenschutzgerechte Gestaltung von kontextvorhersagenden Algorithmen, in: Datenschutz und Datensicherheit 36 (1) (2012), pp. 31–36, quoted as: Skistims et al., Data Protection Compliance of Context-Predicting Algorithms, p.
- Solove, Daniel J.: Understanding Privacy, Cambridge, Massachusetts: Harvard University Press, 2008, quoted as: Solove, Understanding Privacy, p.
- Stentzel, Rainer: Das Grundrecht auf ...? Auf der Suche nach dem Schutzgut des Datenschutzes in der Europäischen Union, in: Privacy in Germany 3 (5) (2015), pp. 185–190, Union quoted as: Stentzel, The Fundamental Right to ...? The Search of the Object of Protection of Data Protection in the European Union, PinG 05.15, p.
- Streinz, Rudolf / Michl, Walther: Art. 4 EUV, Art. 6 AEUV, Art. 51 GRCh, in: Streinz (ed.), EUV/AEUV Kommentar, 2nd edition, München: C.H. Beck, 2012, quoted as: Streinz/Michl, in: Streinz, EUV/AEUV, cip.
- Thaler, Richard H. / Sunstein, Cass R.: Nudge – Improving Decisions About Health, Wealth, and Happiness, New Haven i.a.: Yale University Press, 2008, quoted as: Thaler and Sunstein, Nudge – Improving Decisions About Health, Wealth, and Happiness, p.
- Thierer, Adam: Privacy Law’s Precautionary Principle Problem, in: Maine Law Review 66 (2) (2014), pp. 467–486, quoted as: Thierer, Privacy Law’s Precautionary Principle Problem, p.
- Trute, Hans-Heinrich: Der Schutz personenbezogener Informationen in der Informationsgesellschaft, in: JuristenZeitung 53 (17) (1998), pp. 822–831, quoted as: Trute, JZ 1998, p.
- Tzanou, Maria: Data protection as a fundamental right next to privacy? ‘Reconstructing’ a not so new right, in: International Data Privacy Law 3 (2) (2013), pp. 88–99, quoted as: Tzanou, Data protection as a fundamental right next to privacy? ‘Reconstructing’ a not so new right, p.
- Veil, Winfried: DS-GVO: Risikobasierter Ansatz statt rigides Verbotsprinzip – Eine erste Bestandsaufnahme, in: Zeitschrift für Datenschutz 5 (8) (2015), pp. 347–353, quoted as: GDPR: Risk-based approach instead of rigid principle of prohibition, p.
- Vodafone Institute for Society and Communications: Big Data – A European Survey on the Opportunities and Risks of Data Analytics, 2016, URL: http://www.vodafone-institut.de/wp-content/uploads/2016/01/VodafoneInstitute-Survey-BigData-en.pdf, quoted as: Vodafone Institute for Society and Communications: Big Data – A European Survey on the Opportunities and Risks of Data Analytics, p.
- Voßkuhle, Andreas: Neue Verwaltungsrechtswissenschaft, in: Wolfgang Hoffmann-Riem / Eberhard Schmidt-Aßmann / Andreas Voßkuhle (eds.), Grundlagen des Verwaltungsrechts – Band I „Methoden – Maßstäbe – Aufgaben – Organisation“, 2nd edition, München: C.H. Beck, 2012, pp. 1–63, quoted as: Voßkuhle, New Regulatory Approach of Administrative Law, p.
- Wegner, Gerhard: Nachhaltige Innovationsoffenheit dynamischer Märkte, in: Martin Eifert / Wolfgang Hoffmann-Riem (eds.), Innovationsfördernde Regulierung – Innovation und Recht II, Berlin: Duncker & Humblot, 2009, pp. 71–91, quoted as: Wegner, Dynamic Markets and their Persistent Openness to Innovation, p.
- Weichert, Thilo: Informationstechnische Arbeitsteilung und datenschutzrechtliche Verantwortung – Plädoyer für eine Mitverantwortlichkeit bei der Verarbeitung von Nutzungsdaten, in: Zeitschrift für Datenschutz 4 (12) (2014), pp. 605–610, quoted as: Weichert, Information-technological collaboration and data protection responsibility, p.
- Welter, Friederike: Contextualizing Entrepreneurship – Conceptual Challenges and Ways Forward, in: Entrepreneurship Theory and Practice 35 (1) (2011), pp. 165–184, quoted as: Welter, Contextualizing Entrepreneurship, p.
- Wente, Jürgen: Informationelles Selbstbestimmungsrecht und absolute Drittwirkung der Grundrechte, in: Neue Juristische Wochenschrift 37 (25) (1984), pp. 1446–1447, quoted as: Wente, NJW 1984, p.
- Westin, Alan F.: Privacy & Freedom, New York: Atheneum, 1967, quoted as: Westin, Privacy and Freedom, p.
- Wolff, Heinrich Amadeus: § 28 BDSG, in: Heinrich Amadeus Wolff / Stefan Brink (eds.), Datenschutzrecht in Bund und Ländern – Kommentar, München: C.H. Beck, 2013, quoted as: Wolff, § 28 BDSG, cip.
- World Economic Forum: Insight Report: Enhancing Europe's Competitiveness – Fostering Innovation-Driven Entrepreneurship in Europe, January 2014, URL: http://www3.weforum.org/docs/WEF_EuropeCompetitiveness_InnovationDrivenEntrepreneurship_Report_2014.pdf, quoted as: World Economic Forum: Insight Report: Enhancing Europe's Competitiveness – Fostering Innovation-Driven Entrepreneurship in Europe.
- Wright, David / Friedewald, Michael / Gellert, Raphaël: Developing and testing a surveillance impact assessment methodology, in: International Data Privacy Law 5 (1) (2015), pp. 40–53, quoted as: Wright, Freidewald and Gellert, Developing and testing a surveillance impact assessment methodology, p.
- Zezschwitz, Friedrich von: Konzept der normativen Zweckbegrenzung, in: Alexander Roßnagel (ed.), Handbuch Datenschutzrecht: Die neuen Grundlagen für Wirtschaft und Verwaltung, München: C.H. Beck, 2003, pp. 219–268, quoted as: v. Zezschwitz, Concept of Normative Purpose Limitation, cip.