دراسة نقدية للائحة التنفيذية لقانون حماية البيانات الشخصية المصري: مشروعية التنظيم وكفاءته الوظيفية

أولاً: المراجع باللغة العربية (Arabic References)

الكتب (Books)

الصغير م، القانون الإداري بين التشريع المصري والسعودي (المركز القومي للإصدارات القانونية 2015).

المكاوي ع، العلوم الإدارية (مؤسسة طيبة للنشر والتوزيع 2012).

القوانين واللوائح (Laws & Regulations)

قانون رقم (63) لسنة 2004 المتعلق بحماية المعطيات الشخصية (تونس)

قانون رقم (30) لسنة 2018 بإصدار قانون حماية البيانات الشخصية (مملكة البحرين)

قانون رقم (175) لسنة 2018 بشأن مكافحة جرائم تقنية المعلومات (مصر)

قانون رقم (151) لسنة 2020 بإصدار قانون حماية البيانات الشخصية (مصر)

نظام حماية البيانات الشخصية بالمملكة العربية السعودية (المرسوم الملكي رقم م/19 وتاريخ 9/2/1443هـ وتعديلاته)

قرار رئيس مجلس الوزراء رقم (1699) لسنة 2020 باللائحة التنفيذية للقانون رقم (175) لسنة 2018 بشأن مكافحة جرائم تقنية المعلومات (مصر).

قرار وزير الاتصالات وتكنولوجيا المعلومات رقم (816) لسنة 2025 بإصدار اللائحة التنفيذية لقانون حماية البيانات الشخصية (مصر).

قرار وزير العدل والشئون الإسلامية والأوقاف رقم (43) لسنة 2021 بشأن شروط وإجراءات تعيين مراقب حماية البيانات الشخصية (مملكة البحرين).

اللائحة التنفيذية لنظام حماية البيانات الشخصية بالمملكة العربية السعودية (قرار رئيس مجلس إدارة سدايا رقم 798 وتاريخ 23/02/1445هـ).

ثانياً: المراجع باللغة الأجنبية (English References)

Books & Journal Articles

Crootof R, ‘International Cybertorts: Expanding State Accountability in Cyberspace’ (2018) 103 Cornell L Rev 565 https://scholarship.law.cornell.edu/clr/vol103/iss3/2 accessed 20 February 2026.

Hacker P, Engel A and Mauer M, ‘Regulating ChatGPT and Other Large Generative AI Models’ (2023) Proceedings of the 2023 ACM Conference on Fairness, Accountability, and Transparency.

Schwartz PM, ‘Global Data Privacy: The EU Way’ (2019) 94 NYU L Rev 771 https://www.nyulawreview.org/issues/volume-94-number-4/global-data-privacy-the-eu-way/ accessed 17 February 2026.

Trautmann K, ‘Cloud Computing Evolution and Regulation in the Financial Services Industry’ (2023) 2 ISACA Journal https://www.isaca.org/resources/isaca-journal/issues/2023/volume-2/cloud-computing-evolution-and-regulation-in-the-financial-services-industry accessed 18 February 2026.

Ustaran E and others, ‘Data Protection and Privacy in the Age of Federated Learning’ (2022) 14 Law, Innovation and Technology .

Veale M and Borgesius FZ, ‘Demystifying the Draft EU Artificial Intelligence Act — Analysing the Good, the Bad, and the Unclear Elements of the Proposed Approach’ (2021) 22 Computer Law & Security Review https://www.semanticscholar.org/reader/8b165eba2d0b9308682fdc4d775c00d1d3907a59 accessed 18 February 2026.

Wachter S and Mittelstadt B, ‘A Right to Reasonable Inferences: Re-Thinking Data Protection Law in the Age of Big Data and AI’ (2019) 2019 Columbia Business Law Review 494 https://doi.org/10.7916/cblr.v2019i2.3424 accessed 18 February 2026.

Reports, Working Papers & Institutional Guidance

Article 29 Data Protection Working Party, ‘Guidelines on Automated individual decision-making and Profiling for the purposes of Regulation 2016/679’ (WP251rev.01, 2018).

Article 29 Data Protection Working Party, ‘Guidelines on Data Protection Officers (DPOs)’ (WP 243 rev.01, 2017).

Article 29 Data Protection Working Party, ‘Statement on the role of a risk-based approach in data protection legal frameworks’ (WP 218, 2014).

Carugati C, ‘The interplay between the Digital Markets Act and the General Data Protection Regulation’ (2023) Bruegel Working Paper 06/2023 https://www.bruegel.org/working-paper/interplay-between-digital-markets-act-and-general-data-protection-regulation accessed 18 February 2026.

Centre for Information Policy Leadership (CIPL), ‘A Risk-based Approach to Privacy: Improving Effectiveness in Practice’ (Hunton & Williams LLP 2014).

Cloud Security Alliance (CSA), ‘Security Guidance for Critical Areas of Focus in Cloud Computing v4.0’ (2017).

CNIL, ‘Solutions for a responsible use of the blockchain in the context of the GDPR’ (2018).

de Streel A and others, ‘The European Proposal for a Digital Markets Act: A First Assessment’ (CERRE 2021) https://cerre.eu/publications/the-european-proposal-for-a-digital-markets-act-a-first-assessment/ accessed 17 February 2026.

EDPB & EDPS, ‘Digital Omnibus: EDPB and EDPS support simplification and competitiveness while raising key concerns’ (European Data Protection Board, 11 February 2026) https://www.edpb.europa.eu/news/news/2026/digital-omnibus-edpb-and-edps-support-simplification-and-competitiveness-while_en accessed 20 February 2026.

European Commission, ‘Digital Omnibus Regulation Proposal’ (Shaping Europe’s Digital Future, 19 November 2025) https://digital-strategy.ec.europa.eu/en/library/digital-omnibus-regulation-proposal accessed 18 February 2026.

European Commission, ‘SME Relief Package’ (COM(2023) 535 final, 2023).

European Data Protection Board (EDPB), ‘Guidelines 07/2020 on the concepts of controller and processor in the GDPR’ (Version 2.0, 2021).

European Data Protection Board (EDPB), ‘Guidelines 1/2018 on certification and identifying certification criteria in accordance with Articles 42 and 43 of the Regulation’ (Version 3.0, 2019).

European Data Protection Supervisor (EDPS), ‘Internet of behaviours’ (TechSonar) https://www.edps.europa.eu/data-protection/technology-monitoring/techsonar/internet-behaviours_en accessed 18 February 2026.

European Data Protection Supervisor (EDPS), ‘Machine Unlearning’ (TechSonar) https://www.edps.europa.eu/data-protection/technology-monitoring/techsonar/machine-unlearning_en accessed 20 February 2026.

ENISA, ‘Guidelines for SMEs on the security of personal data processing’ (2021).

ENISA, ‘Guidelines on assessing the security of personal data processing’ (2021) https://www.enisa.europa.eu/sites/default/files/publications/Online%20Platform%20for%20Security%20of%20Personal%20Data%20Processing.pdf accessed 20 February 2026.

ENISA, ‘Privacy and Data Protection by Design – from policy to engineering’ (2014) https://www.enisa.europa.eu/sites/default/files/publications/Privacy%20and%20Data%20Protection%20by%20Design.pdf accessed 20 February 2026.

Finck M, ‘Blockchain and the General Data Protection Regulation’ (European Parliamentary Research Service 2019).

Information Commissioner’s Office (ICO), ‘Direct Marketing Guidance’ (2018) https://ico.org.uk/for-organisations/direct-marketing-and-privacy-and-electronic-communications/direct-marketing-guidance/respect-peoples-preferences/#whatdowe1 accessed 20 February 2026.

Information Commissioner’s Office (ICO), ‘Security - Guide to the UK GDPR’ https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/security/a-guide-to-data-security/ accessed 20 February 2026.

Mell P and Grance T, ‘The NIST Definition of Cloud Computing’ (National Institute of Standards and Technology 2011) Special Publication 800-145.

NIST, ‘The NIST Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management’ (Version 1.0, 2020).

NIST, ‘NIST Big Data Interoperability Framework: Volume 1, Definitions’ (Special Publication 1500-1, 2015).

OECD, ‘Trade and Cross-Border Data Flows’ (OECD Trade Policy Papers No 220, 2019).

OECD, ‘Trade and Cross-Border Data Flows’ (OECD Trade Policy Papers No 237, 2020).

UNCTAD, ‘Digital Economy Report 2021: Cross-border data flows and development’ (United Nations Publications 2021).

World Economic Forum (WEF), ‘A Roadmap for Cross-Border Data Flows: Future-Proofing Readiness and Cooperation in the New Digital Economy’ (White Paper 2020).

Cases

Joined Cases C-293/12 and C-594/12 Digital Rights Ireland Ltd v Minister for Communications [2014] ECLI:EU:C:2014:238.

Legislation

Regulation (EU) 2016/679 (General Data Protection Regulation) [2016] OJ L 119/1.

Regulation (EU) 2022/1925 (Digital Markets Act) [2022] OJ L 265/1.

Regulation (EU) 2022/2065 (Digital Services Act) [2022] OJ L 277/1.

Regulation (EU) 2023/2854 (Data Act) [2023] OJ L 2023/2854.

Regulation (EU) 2024/1689 (Artificial Intelligence Act) [2024] OJ L 1689/1.

Regulation (EU) [2024] (European Health Data Space (EHDS) Regulation).