Share these talks and lectures with your colleagues
Invite colleaguesResearch paper
Application of data protection laws with a proposal for a flexible regime for humanitarian organisations
Journal of Data Protection & Privacy,
7
(2),
196-210
(2025)
Abstract
Humanitarian organisations often operate in emergency contexts where strict compliance with data protection laws, such as the General Data Protection Regulation (GDPR), can pose significant practical challenges. This paper explores the need for a differentiated data protection regime tailored to the realities of humanitarian crises, balancing efficiency and the fundamental rights of data subjects. By analysing key European Court of Justice cases, including Schrems II (C-311/18), Nowak (C-434/16) and Pankki S (C-579/21), the paper highlights the importance of adapting core GDPR principles to crisis situations. It also examines the integration of human rights principles, emphasising the protection of dignity and autonomy during emergencies. Furthermore, it addresses regulatory challenges, proposing proactive engagement with authorities to ensure accountability and trust. Practical solutions are proposed such as simplified Data Protection Impact Assessments (DPIAs), the use of pseudonymisation, data minimisation and standardised Memorandums of Understanding (MOUs) to replace complex contractual requirements. These measures aim to ensure compliance while enabling rapid and effective responses in emergencies. The paper concludes by calling for the development of a flexible regulatory framework that integrates data protection into the operational needs of humanitarian organisations without compromising ethical and legal standards.
Keywords: GDPR; data protection; differentiated regime; humanitarian crises; humanitarian organisations
The full article is available to subscribers to the journal.
Author's Biography
Maria Beatriz Torquato Rego is a lawyer specialising in digital law and data protection. She is currently an LLM candidate at Maastricht University and holds a postgraduate degree in digital law from Rio de Janeiro State University (UERJ) in partnership with the Institute of Technology and Society (ITS). She also completed a postgraduate programme in constitutional law at the Brazilian Academy of Constitutional Law (ABDConst). Maria Beatriz served as President of the Commission on Digital Law and Applied Studies at the Brazilian Bar Association (OAB/RN) (2022–24) and serves as an adviser at the Digital Law Studies Group at the Federal University of Rio Grande do Norte (UFRN). Certified as a Data Protection Officer in Brazil (CDPO/BR) by the International Association of Privacy Professionals (IAPP), Maria Beatriz combines academic expertise with practical experience in data privacy and digital compliance. Her work involves guiding organisations in implementing data protection frameworks, ensuring compliance with the Brazilian General Data Protection Law (LGPD) and the General Data Protection Regulation (GDPR), and fostering innovative approaches in the field. With a foundation in both academic and professional spheres, Maria Beatriz contributes to the advancement of digital law through teaching, research and active participation in legal and regulatory discussions.
