{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,10]],"date-time":"2025-10-10T18:18:38Z","timestamp":1760120318311,"version":"3.40.3"},"publisher-location":"Cham","reference-count":40,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030551957"},{"type":"electronic","value":"9783030551964"}],"license":[{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2020]]},"DOI":"10.1007\/978-3-030-55196-4_6","type":"book-chapter","created":{"date-parts":[[2020,10,14]],"date-time":"2020-10-14T23:11:38Z","timestamp":1602717098000},"page":"95-109","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":4,"title":["Preliminary Remarks and Practical Insights on How the Whistleblower Protection Directive Adopts the GDPR Principles"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-6752-3760","authenticated-orcid":false,"given":"Rita","family":"de Sousa Costa","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9776-8336","authenticated-orcid":false,"given":"In\u00eas","family":"de Castro Ruivo","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2020,10,15]]},"reference":[{"key":"6_CR1","unstructured":"Valero, J.: Vestager: we should thank the Luxleaks whistleblowers. Euractiv (2016). https:\/\/www.euractiv.com\/section\/digital\/interview\/vestager-we-should-thank-the-luxleaks-whistleblowers\/ . Accessed 15 Jan 2020"},{"key":"6_CR2","unstructured":"Fitzgibbon, F.: Panama Papers FAQ: all you need to know about the 2016 investigation. International Consortium of Investigative Journalists (2019). https:\/\/www.icij.org\/investigations\/panama-papers\/panama-papers-faq-all-you-need-to-know-about-the-2016-investigation\/ . Accessed 15 Jan 2020"},{"key":"6_CR3","unstructured":"European Parliament: Protecting whistle-blowers: new EU-wide rules approved (2019). https:\/\/www.europarl.europa.eu\/news\/en\/press-room\/20190410IPR37529\/protecting-whistle-blowers-new-eu-wide-rules-approved . Accessed 15 Jan 2020"},{"key":"6_CR4","unstructured":"European Commission: Whistleblowers protection \u2013 European Commission initiatives on the protection of persons reporting on breaches of Union law. https:\/\/ec.europa.eu\/info\/aid-development-cooperation-fundamental-rights\/your-rights-eu\/whistleblowers-protection_pt . Accessed 15 Jan 2020"},{"key":"6_CR5","first-page":"167","volume":"3","author":"S Stolowy","year":"2019","unstructured":"Stolowy, S., Paugam, L., Londero, A.: The whistle-blower: an important person in corporate life? An answer from comparative law. J. Bus. Law 3, 167\u2013184 (2019)","journal-title":"J. Bus. Law"},{"key":"6_CR6","unstructured":"Chalouat, I., Carri\u00f3n-Crespo, C., Licata, M.: Law and practice on protecting whistle-blowers in the public and financial services sectors. WP 328. International Labour Organization, Genova (2019). https:\/\/www.ilo.org\/wcmsp5\/groups\/public\/\u2014ed_dialogue\/\u2014sector\/documents\/publication\/wcms_718048.pdf . Accessed 15 Jan 2020"},{"key":"6_CR7","unstructured":"Explanatory Memorandum of the Proposal of Whistleblower Protection Directive COM(2018) 218 final, 2018\/0106(COD) (2018). https:\/\/www.europarl.europa.eu\/RegData\/docs_autres_institutions\/commission_europeenne\/com\/2018\/0218\/COM_COM(2018)0218_EN.pdf . Accessed 15 Jan 2020"},{"key":"6_CR8","unstructured":"Council: Better protection of whistle-blowers: new EU-wide rules to kick in 2021 (2019). https:\/\/www.consilium.europa.eu\/en\/press\/press-releases\/2019\/10\/07\/better-protection-of-whistle-blowers-new-eu-wide-rules-to-kick-in-in-2021\/ . Accessed 15 Jan 2020"},{"key":"6_CR9","unstructured":"Whistleblower protection in the EU: Commission welcomes adoption by the Council (2019). https:\/\/ec.europa.eu\/commission\/presscorner\/detail\/en\/MEX_19_6032 . Accessed 15 Jan 2020"},{"key":"6_CR10","doi-asserted-by":"crossref","unstructured":"Directive (EU) 2019\/1937 of the European Parliament and of the Council of 23 October 2019 on the protection of persons who report breaches of Union law. https:\/\/eur-lex.europa.eu\/legal-content\/en\/TXT\/?uri=CELEX%3A32019L1937 . Accessed 15 Jan 2020","DOI":"10.33226\/0032-6186.2020.2.1"},{"key":"6_CR11","doi-asserted-by":"crossref","unstructured":"Abazi, V.: Whistleblowing in Europe: a new era of legal protections. In: Czech, P., Heschl, L., Lukas, K., Nowak, M., Oberleitner, G. (eds.) European Yearbook on Human Rights, pp. 91\u2013110. Intersentia, Cambridge (2019)","DOI":"10.1017\/9781780689562.006"},{"key":"6_CR12","unstructured":"Council of Europe Recommendation CM\/Rec(2014)7 of the Committee of Ministers to member States on the protection of whistleblowers. https:\/\/search.coe.int\/cm\/Pages\/result_details.aspx?ObjectId=09000016805c5ea5 . Accessed 15 Jan 2020"},{"issue":"2","key":"6_CR13","doi-asserted-by":"publisher","first-page":"153","DOI":"10.1080\/12294659.2017.1315235","volume":"22","author":"H Jeon","year":"2017","unstructured":"Jeon, H.: Where to report wrongdoings? Exploring the determinants of internal versus external whistleblowing. Int. Rev. Public Adm. 22(2), 153\u2013171 (2017). https:\/\/doi.org\/10.1080\/12294659.2017.1315235","journal-title":"Int. Rev. Public Adm."},{"key":"6_CR14","unstructured":"Regulation (EU) 2016\/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95\/46\/EC (General Data Protection Regulation). https:\/\/eur-lex.europa.eu\/legal-content\/EN\/TXT\/PDF\/?uri=CELEX:32016R0679&from=en . Accessed 15 Jan 2020"},{"key":"6_CR15","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1515\/jetl.2011.1","volume":"2","author":"DB Lewis","year":"2011","unstructured":"Lewis, D.B.: Whistleblowing and data protection principles: is the road to reconciliation really that rocky? Eur. J. Law Technol. 2, 1 (2011)","journal-title":"Eur. J. Law Technol."},{"key":"6_CR16","unstructured":"Cavoukian, A.: Privacy by Design. The 7 Foundational Principles (2009). https:\/\/www.ipc.on.ca\/wp-content\/uploads\/resources\/7foundationalprinciples.pdf . Accessed 15 Jan 2020"},{"key":"6_CR17","unstructured":"ENISA: Privacy and Data Protection by Design \u2013 from policy to engineering (2014). https:\/\/www.enisa.europa.eu\/publications\/privacy-and-data-protection-by-design\/at_download\/fullReport . Accessed 15 Jan 2020"},{"key":"6_CR18","doi-asserted-by":"publisher","DOI":"10.1093\/idpl\/ipz019","author":"IS Rubinstein","year":"2019","unstructured":"Rubinstein, I.S., Good, N.: The trouble with Article 25 (and how to fix it): the future of data protection by design and default. Int. Data Priv. Law (2019). https:\/\/doi.org\/10.1093\/idpl\/ipz019","journal-title":"Int. Data Priv. Law"},{"key":"6_CR19","doi-asserted-by":"crossref","unstructured":"Spagnuelo, D., Ferreira, A., Lenzini, G.: Accomplishing transparency within the general data protection regulation. In: Proceedings of the 5th International Conference on Information Systems Security and Privacy, vol. 1. pp. 114\u2013125. ICISSP, Prague (2019)","DOI":"10.5220\/0007366501140125"},{"key":"6_CR20","unstructured":"WP29: Opinion 1\/2010 on the concepts of \u201ccontroller\u201d and \u201cprocessor\u201d. WP 169 (2010). https:\/\/ec.europa.eu\/justice\/article-29\/documentation\/opinion-recommendation\/files\/2010\/wp169_en.pdf . Accessed 15 Jan 2020"},{"key":"6_CR21","unstructured":"EDPS: EDPS Guidelines on the concepts of controller, processor and joint controllership under Regulation (EU) 2018\/1725 (2019). https:\/\/edps.europa.eu\/sites\/edp\/files\/publication\/19-11-07_edps_guidelines_on_controller_processor_and_jc_reg_2018_1725_en.pdf . Accessed 15 Jan 2020"},{"key":"6_CR22","unstructured":"Weiss, J.B. (ed.): Data Processing Agreements: Coordination, Drafting, and Negotiation. IAPP, Portsmouth (2019)"},{"key":"6_CR23","unstructured":"ICO: Examples of processing \u2018likely to result in high risk\u2019. https:\/\/ico.org.uk\/for-organisations\/guide-to-data-protection\/guide-to-the-general-data-protection-regulation-gdpr\/data-protection-impact-assessments-dpias\/examples-of-processing-likely-to-result-in-high-risk\/ . Accessed 15 Jan 2020"},{"key":"6_CR24","unstructured":"WP29: Guidelines on Data Protection Impact Assessment (DPIA) and determining whether processing is \u201clikely to result in a high risk\u201d for the purposes of Regulation 2016\/679. WP 248 rev.01 (2017). http:\/\/ec.europa.eu\/newsroom\/document.cfm?doc_id=47711 . Accessed 15 Jan 2020"},{"key":"6_CR25","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-57959-7","volume-title":"The EU General Data Protection Regulation (GDPR) A Practical Guide","author":"P Voigt","year":"2017","unstructured":"Voigt, P., von dem Bussche, A.: The EU General Data Protection Regulation (GDPR) A Practical Guide. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-57959-7"},{"key":"6_CR26","unstructured":"European Banking Authority: Guidelines on internal governance under Directive 2013\/36\/EU, EBA\/GL\/2017\/11, pp. 39\u201341 (2017). https:\/\/eba.europa.eu\/sites\/default\/documents\/files\/documents\/10180\/1972987\/eb859955-614a-4afb-bdcd-aaa664994889\/Final%20Guidelines%20on%20Internal%20Governance%20%28EBA-GL-2017-11%29.pdf?retry=1 . Accessed 15 Jan 2020"},{"key":"6_CR27","doi-asserted-by":"crossref","first-page":"250","DOI":"10.54648\/EUCL2012041","volume":"9","author":"H Fleischer","year":"2012","unstructured":"Fleischer, H., Schmolke, K.U.: Financial incentives for whistleblowers in European capital markets law. Eur. Company Law 9, 250 (2012)","journal-title":"Eur. Company Law"},{"key":"6_CR28","doi-asserted-by":"crossref","first-page":"6","DOI":"10.54648\/EULR2013038","volume":"24","author":"DG Szab\u00f3","year":"2013","unstructured":"Szab\u00f3, D.G., S\u00f8rensen, K.E.: Integrating Corporate Social Responsibility in Corporate Governance Codes in the EU. Eur. Bus. Law Rev. 24, 6 (2013)","journal-title":"Eur. Bus. Law Rev."},{"key":"6_CR29","unstructured":"ICO: Report bad practices as a whistleblower, Information Commissioner\u2019s Office. https:\/\/ico.org.uk\/global\/privacy-notice\/report-bad-practices-as-a-whistleblower\/ . Accessed 15 Jan 2020"},{"key":"6_CR30","unstructured":"CNPD: Delibera\u00e7\u00e3o n.\u00ba 765\/2009 Princ\u00edpios Aplic\u00e1veis aos Tratamentos de Dados Pessoais com a finalidade de Comunica\u00e7\u00e3o Interna de Actos de Gest\u00e3o Financeira Irregular (Linhas de \u00c9tica) (2009). https:\/\/www.cnpd.pt\/bin\/orientacoes\/DEL765-2009_LINHAS_ETICA.pdf . Accessed 15 Jan 2020. (in Portuguese)"},{"key":"6_CR31","doi-asserted-by":"publisher","first-page":"206","DOI":"10.1093\/he\/9780198714927.001.0001","volume-title":"EU Law: Texts, Cases and Materials","author":"P Craig","year":"2015","unstructured":"Craig, P., De Burca, G.: EU Law: Texts, Cases and Materials, pp. 206\u2013222. Oxford University Press, Oxford (2015)"},{"key":"6_CR32","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"153","DOI":"10.1007\/978-3-030-02547-2_9","volume-title":"Privacy Technologies and Policy","author":"W Seinen","year":"2018","unstructured":"Seinen, W., Walter, A., van Grondelle, S.: Compatibility as a mechanism for responsible further processing of personal data. In: Medina, M., Mitrakas, A., Rannenberg, K., Schweighofer, E., Tsouroulas, N. (eds.) APF 2018. LNCS, vol. 11079, pp. 153\u2013171. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-030-02547-2_9"},{"key":"6_CR33","unstructured":"CNIL: D\u00e9lib\u00e9ration n\u00b0 2019-139 du 18 juillet 2019 portant adoption d\u2019un r\u00e9f\u00e9rentiel relatif aux traitements de donn\u00e9es \u00e0 caract\u00e8re personnel destin\u00e9s \u00e0 la mise en \u0153uvre d\u2019un dispositif d\u2019alertes professionnelles. NOR: CNIL1935146X (2019). https:\/\/www.legifrance.gouv.fr\/affichCnil.do?oldAction=rechExpCnil&id=CNILTEXT000039470506&fastReqId=2024022847&fastPos=4 . Accessed 15 Jan 2020 (in French)"},{"key":"6_CR34","unstructured":"WP29: Opinion 3\/2010 on the principle of accountability, WP173 (2010). https:\/\/ec.europa.eu\/justice\/article-29\/documentation\/opinion-recommendation\/files\/2010\/wp173_en.pdf . Accessed 15 Jan 2020"},{"key":"6_CR35","unstructured":"WP29: Guidelines on transparency under Regulation 2016\/679, WP260 rev.01 (2018). https:\/\/ec.europa.eu\/newsroom\/article29\/document.cfm?action=display&doc_id=51025 . Accessed 15 Jan 2020"},{"key":"6_CR36","unstructured":"Ausloos, J.: GDPR transparency as a research method (2019). https:\/\/ssrn.com\/abstract=3465680 . Accessed 15 Jan 2020"},{"key":"6_CR37","doi-asserted-by":"publisher","DOI":"10.1093\/yel\/yey004","author":"D Clifford","year":"2018","unstructured":"Clifford, D., Ausloos, J.: Data Protection and the Role of Fairness. Yearb. Eur. Law (2018). https:\/\/doi.org\/10.1093\/yel\/yey004","journal-title":"Yearb. Eur. Law"},{"key":"6_CR38","unstructured":"WP29: Opinion 1\/2006 on the application of EU data protection rules to internal whistleblowing schemes in the fields of accounting, internal accounting controls, auditing matters, fight against bribery, banking and financial crime, WP117 (2006). https:\/\/ec.europa.eu\/justice\/article-29\/documentation\/opinion-recommendation\/files\/2006\/wp117_en.pdf . Accessed 15 Jan 2020"},{"key":"6_CR39","unstructured":"EDPS: Guidelines on processing personal information within a whistleblowing procedure (2019). https:\/\/edps.europa.eu\/sites\/edp\/files\/publication\/19-12-17_whisteblowing_guidelines_en.pdf . Accessed 15 Jan 2020"},{"key":"6_CR40","unstructured":"EDPB: Guidelines 4\/2019 on Article 25 Data Protection by Design and by Default (2019). https:\/\/edpb.europa.eu\/sites\/edpb\/files\/consultation\/edpb_guidelines_201904_dataprotection_by_design_and_by_default.pdf . Accessed 15 Jan 2020"}],"container-title":["Lecture Notes in Computer Science","Privacy Technologies and Policy"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-55196-4_6","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,8,15]],"date-time":"2024-08-15T22:46:36Z","timestamp":1723761996000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-030-55196-4_6"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020]]},"ISBN":["9783030551957","9783030551964"],"references-count":40,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-55196-4_6","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2020]]},"assertion":[{"value":"15 October 2020","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"APF","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Annual Privacy Forum","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Lisbon","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Portugal","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2020","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"4 June 2020","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"5 June 2020","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"8","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"apf2020","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/privacyforum.eu\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Easychair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"59","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"12","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"20% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"4","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"https:\/\/privacyforum.eu\/","order":10,"name":"additional_info_on_review_process","label":"Additional Info on Review Process","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}