Showing total 234 results

1. How does the General Data Protection Regulation (GDPR) affect financial intelligence exchange with third countries?

Author

Haq, Md. Zahurul

Published

2024

2. A multidisciplinary definition of privacy labels

Author

Johansen, Johanna, Pedersen, Tore, Fischer-Hübner, Simone, Johansen, Christian, Schneider, Gerardo, Roosendaal, Arnold, Zwingelberg, Harald, Sivesind, Anders Jakob, and Noll, Josef

Published

2022

3. Implementation of the personal data minimization principle in financial institutions: Lithuania’s case

Author

Laurinaitis, Marius, Štitilis, Darius, and Verenius, Egidijus

Published

2021

4. From ISO/IEC27001:2013 and ISO/IEC27002:2013 to GDPR compliance controls

Author

Diamantopoulou, Vasiliki, Tsohou, Aggeliki, and Karyda, Maria

Published

2020

5. Dude, where's my data? The GDPR in practice, from a consumer's point of view

Author

Sørum, Hanne and Presthus, Wanda

Published

2021

6. Institutional Rules and Policies for Sharing and Storing Research Data.

Author

Koščík, Michal

Subjects

DATA protection, INFORMATION policy, INFORMATION sharing, INFORMATION retrieval, CONFERENCE papers

Abstract

The paper aims to provide readers with a practical view on how to adapt the internal policies of research institutions to the upcoming General Data Protection Regulation. Since the Regulation enters force six months after the conference takes place, it can be expected that this issue of readjustment of internal processes to GDPR will be very important for majority of conference participants. With regard to the time and space limit, the paper will focus exclusively on the issues connected with archiving and sharing research data. Emphasis will be put on the rights of research subjects and the public interest in research as an entitlement to process of personal data without consent. This article is a result of the research funded by the Czech Science Foundation as the project GA15- 20763S Právni rámec sběru, zpracování, uchovávání a užívání výzkumných dat (Legal Framework for Collecting, Processing, Storing and Utilizing of Research Data). [ABSTRACT FROM AUTHOR]

Published

2018

7. Information security frameworks for assisting GDPR compliance in banking industry

Author

Serrado, João, Pereira, Ruben Filipe, Mira da Silva, Miguel, and Scalabrin Bianchi, Isaías

Published

2020

8. Comparing the protection and use of online personal information in South Africa and the United Kingdom in line with data protection requirements

Author

Da Veiga, Adéle, Vorster, Ruthea, Li, Fudong, Clarke, Nathan, and Furnell, Steven M.

Published

2020

9. NAČELO ODGOVORNOSTI I ODGOVARAJUĆE I UČINKOVITE MJERE PREMA OPĆOJ UREDBI O ZAŠTITI PODATAKA.

Author

Lisičar, Hrvoje

Abstract

Copyright of Collected Papers of Zagreb Law Faculty / Zbornik Pravnog Fakulteta u Zagrebu is the property of Sveuciliste u Zagrebu, Pravni Fakultet and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2024

10. Data behind mobile behavioural biometrics – a survey.

Author

Eglitis, Teodors, Guest, Richard, and Deravi, Farzin

Abstract

Behavioural biometrics is becoming more and more popular. It is hard to find a sensor that is embedded in a mobile/wearable device, which cannot be exploited to extract behavioural biometric data. In this study, the authors give the reader an overview of mobile device behavioural biometric data and how this data is used in experiments, especially examining papers that introduce new datasets. They will not examine performance accomplished by the algorithms used since a system's performance is enormously affected by the data used, its amount and quality. Altogether, 40 papers are examined, assessing how often they are cited, have databases published, what modality data are collected, and how the data is used. They offer a roadmap that should be taken into account when designing behavioural data collection and using collected data. They further look at the General Data Protection Regulation, and its significance to the scientific research in the field of biometrics. It is possible to conclude that there is a need for publicly available datasets with comprehensive experimental protocols, similarly established in facial recognition. [ABSTRACT FROM AUTHOR]

Published

2020

11. General Data Protection Regulation (GDPR) in Healthcare: Hot Topics and Research Fronts.

Author

FATEHI, Farhad, HASSANDOUST, Farkhondeh, KO, Ryan K. L., and AKHLAGHPOUR, Saeed

Abstract

General Data Protection Regulation came into effect across the European Union in May 2018 but its implications in healthcare are yet to be fully understood. The aim of this study was to identify the fronts and hot topics in research on GDPR in healthcare. We analyzed the relevant records in Scopus through bibliometric and scientometric approach and visualization techniques. A set of 155 records was obtained and processed for co-occurrence analysis of key terms and concept mapping. The number of published papers showed a steep rise in the past two years, mainly by European countries. Analysis of the abstract of the papers showed that data protection, privacy, and big data were the most frequently used terms. Three dominant research fronts of GDPR are 1) general implications of GDPR, 2) technology aspects of GDPR, and 3) GDPR in healthcare service. Blockchain and machine learning are among the remerging topics of GDPR research. [ABSTRACT FROM AUTHOR]

Published

2020

12. HIPAA: A Demand to Modernize Health Legislation

Author

Sadri, Mehri

Subjects

Health Insurance Portability and Accountability Act, HIPAA, data privacy, data security, The Security Rule, The Privacy Rule, General Data Protection Regulation, GDPR, cybersecurity risk, healthcare data breach, Vigil v. Muir Medical Group IPA, Inc

Abstract

In the 21st-century digital age, health data privacy remains a crucial concern. This paper evaluates the effectiveness of the Health Insurance Portability and Accountability Act, known as HIPAA. More specifically, it demonstrates a need for a unified federal framework in the U.S. that aligns with General Data Protection Regulation’s protections to address modern-day cybersecurity threats better. This article argues that in an era of increased globalization, the United States should confront the task of reforming its healthcare data protection law to align with current cybersecurity risks. We begin by examining landmark legislation across American states to reveal inconsistencies between state and federal protective rulings. Later, we uncover the reactive nature of HIPAA, in contrast to GDPR’s proactive and citizen-centric approach. Through evaluating past lawsuits related to patient protection noncompliance, this paper depicts significant differences in the purpose, coverage, and execution of data protection laws between the United States and the European Union. It highlights GDPR’s effectiveness in granting individuals greater control over their data. Furthermore, this article proposes the adoption of newfound systems for standardized risk analysis and enhanced security across healthcare providers.As healthcare becomes more accessible to the American public, the amount of data in this system increases. This nationwide surge in data underscores the critical need to assess whether privacy laws established in the 1990s remain sufficient. Therefore, updates to healthcare legislation are essential to establishing stringent patient protections in response to the significant rise in data breach incidents within the healthcare network.

Published

2024

13. Enterprise architecture management as a solution for addressing general data protection regulation requirements in a big data context: a systematic mapping study.

Author

Georgiadis, Georgios and Poels, Geert

Subjects

GENERAL Data Protection Regulation, 2016, THEMATIC analysis, BIG data, SCIENTIFIC literature, DATA protection, DATA security, DATA management

Abstract

Context: Big Data Analytics is a rapidly emerging IT practice whose applications offer benefits for a wide variety of business areas across an organisation. Given the wide scope of applications, the many types of processing involved, including those for purposes not yet foreseen, and the inherent privacy concerns resulting from collecting and storing personal data, the newly introduced General Data Protection Regulation (GDPR) poses specific challenges for safeguarding the security and protection of big data. These challenges are not limited to the IT function but extend across the entire organisation. This raises the question whether Enterprise Architecture Management (EAM), as an approach for ensuring the coherence, strategic alignment and focus on value creation of all organisational resources, offers guidance for addressing those challenges in a holistic manner, and thus provides a fruitful ground for developing an approach for complying to GDPR requirements in a Big Data context. Objective: This study surveys the state-of-the-art in research on security, privacy, and protection of big data. The focus is on investigating which specific issues and challenges have been identified and whether these have been linked to GDPR requirements. Further, it examines whether previous research has investigated the potential of EAM in addressing those challenges and what the main findings of those studies are. Method: We used Systematic Mapping Review (SMR), which is a methodology for literature review aimed at surveying the state-of-the-art in a research field as it is documented in the scientific literature. Further, we used Template Analysis, which is a thematic analysis technique, for coding the texts of the selected papers, classifying the research studies, and interpreting the different themes addressed in the literature. Results: Our study indicates that only few researchers have explored the use of EAM practices in relation to data security and protection in a Big Data context. We further identified seven trends within the areas under consideration that could be subjects for further research. Conclusions: Our study does not invalidate the potential of EAM to help addressing GDPR requirements in a Big Data context. However, how EAM practices may contribute to risk management and data governance in environments where big data are being processed, is still a huge research gap, which we intend to address in our future research. [ABSTRACT FROM AUTHOR]

Published

2021

14. Sci : An Inclusive, Multidisciplinary Scientific Journal.

Author

Abdin, Ahmad Yaman and Jacob, Claus

Subjects

ABSTRACTING & indexing services, MATERIALS science, BEACHES

Abstract

Sci (ISSN 2413-4155) is an international, open-access journal that covers most fields of scientific research. It has set out to challenge the conventional single- and double-blind peer review processes by adopting a post-publication public peer review (P4R) model. The model faced some difficulties with indexing and archiving services, prolongated the peer review process and its transparency received some opposition. It was therefore necessary to revisit the P4R model and modify it, resulting in the hybrid model (P4R hybrid) which is implemented in Sci today. Sci remains open to the whole scientific community as an inclusive and multidisciplinary scientific journal. In this context, we present you with six valuable contributions to the first Special Issue of Feature Papers Editors Collection 2020. The topics of the contributions address relevant and compelling issues ranging from data protection, material science, COVID-19 to the environment and climate change. [ABSTRACT FROM AUTHOR]

Published

2022

15. Applicability of ePrivacy Directive to national data retention measures following invalidation of the Data Retention Directive.

Author

GUMZEJ, Nina

Subjects

DATA protection, PERSONALLY identifiable information, RECORDS management, TELECOMMUNICATION, LAW enforcement, NATIONAL competency-based educational tests

Abstract

The paper analyses rules pertinent for examination of national data retention measures regulating data processing activities of providers of electronic communication services following invalidation of the Data Retention Directive in 2014, on which subject the CJEU issued a total of five judgments up until June 2021. Focus of this analysis is the issue of applicability of EU law as interpreted in the CJEU case law, most specifically Article 15, paragraph 1 of the ePrivacy Directive containing legal safeguards for the restrictions of rights and obligations in that directive on the confidentiality of communications as well as the processing of traffic and location data. Such restrictions are as a rule manifested in different national data retention measures, which may pursue law enforcement and public security, as well as national security objectives. This examination is supported also by analysis of rules on the scope of ePrivacy Directive and its relationship with the general personal data protection framework. Overall findings in the paper provide a frame for further detailed research on the topic of future regulation of retention measures at national/EU level (Proposal for ePrivacy Regulation, possible new EU data retention legislation) and a comparative assessment of relevant CJEU jurisprudence with that of the European Court of Human Rights in respect of compatibility of retention measures with the guarantees of fundamental rights and freedoms and allowed restrictions thereof in the European legal system. [ABSTRACT FROM AUTHOR]

Published

2021

16. Enhancing Safety on Construction Sites: A UWB-Based Proximity Warning System Ensuring GDPR Compliance to Prevent Collision Hazards.

Author

Mastrolembo Ventura, Silvia, Bellagente, Paolo, Rinaldi, Stefano, Flammini, Alessandra, and Ciribini, Angelo L. C.

Subjects

BUILDING sites, GENERAL Data Protection Regulation, 2016, INDUSTRIAL safety, COLLISIONS at sea, DATA protection, HAZARDS

Abstract

Construction is known as one of the most dangerous industries in terms of worker safety. Collisions due the excessive proximity of workers to moving construction vehicles are one of the leading causes of fatal and non-fatal accidents on construction sites internationally. Proximity warning systems (PWS) have been proposed in the literature as a solution to detect the risk for collision and to alert workers and equipment operators in time to prevent collisions. Although the role of sensing technologies for situational awareness has been recognised in previous studies, several factors still need to be considered. This paper describes the design of a prototype sensor-based PWS, aimed mainly at small and medium-sized construction companies, to collect real-time data directly from construction sites and to warn workers of a potential risk of collision accidents. It considers, in an integrated manner, factors such as cost of deployment, the actual nature of a construction site as an operating environment and data protection. A low-cost, ultra-wideband (UWB)-based proximity detection system has been developed that can operate with or without fixed anchors. In addition, the PWS is compliant with the General Data Protection Regulation (GDPR) of the European Union. A privacy-by-design approach has been adopted and privacy mechanisms have been used for data protection. Future work could evaluate the PWS in real operational conditions and incorporate additional factors for its further development, such as studies on the timely interpretation of data. [ABSTRACT FROM AUTHOR]

Published

2023

17. Rechtliche Einordnung von künstlicher Intelligenz in der Inneren Medizin: Von Datenschutz und Regulatorik, Erstattungs- und Haftungsfragen.

Author

Haftenberger, Anna and Dierks, Christian

Abstract

Copyright of Innere Medizin (2731-7080) is the property of Springer Nature and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2023

18. El conflicto entre la transparencia y la protección de datos tras la entrada en vigor del Reglamento General de Protección de Datos.

Author

Medina Guerrero, Manuel

Subjects

GENERAL Data Protection Regulation, 2016, CIVIL rights, PERSONALLY identifiable information

Abstract

Copyright of Revista Española de la Transparencia is the property of Asociacion de Profesionales de la Transparencia and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2023

19. Blockchain-Based Identity Management: A Survey From the Enterprise and Ecosystem Perspective.

Author

Kuperberg, Michael

Subjects

GENERAL Data Protection Regulation, 2016, STANDARDIZATION, ECOSYSTEMS, BLOCKCHAINS

Abstract

Identity management is a core building block for the majority of software solutions and landscapes. Competing with existing identity-managing solutions, blockchain-based concepts and products have evolved in the context of verified claims and self-sovereign identities. The contribution of this paper is a systematic, criteria-driven survey of the solutions and technologies for this growing field and their comparison with the capabilities of established solutions. By including an extensive set of requirements covering ecosystem aspects, end-user functionality, mobility and overhead aspects, compliance/liability, EU regulations, standardization, and integration, this paper shows the highlights and the deficits of a wide array of solutions. [ABSTRACT FROM AUTHOR]

Published

2020

20. National standardisierter Broad Consent in der Praxis: erste Erfahrungen, aktuelle Entwicklungen und kritische Betrachtungen

Author

Zenker, Sven, Strech, Daniel, Jahns, Roland, Müller, Gabriele, Prasser, Fabian, Schickhardt, Christoph, Schmidt, Georg, Semler, Sebastian C., Winkler, Eva, and Drepper, Johannes

Published

2024

21. The generic Informed Consent Service gICS®: implementation and benefits of a modular consent software tool to master the challenge of electronic consent management in research.

Author

Rau, Henriette, Geidel, Lars, Bialke, Martin, Blumentritt, Arne, Langanke, Martin, Liedtke, Wenke, Pasewald, Sandra, Stahl, Dana, Bahls, Thomas, Maier, Christian, Prokosch, Hans-Ulrich, and Hoffmann, Wolfgang

Subjects

INFORMED consent (Medical law), SOFTWARE development tools, HUMAN research subjects, GENERAL Data Protection Regulation, 2016

Abstract

Background: Defining and protecting participants' rights is the aim of several ethical codices and legal regulations. According to these regulations, the Informed Consent (IC) is an inevitable element of research with human subjects. In the era of "big data medicine", aspects of IC become even more relevant since research becomes more complex rendering compliance with legal and ethical regulations increasingly difficult.Methods: Based on literature research and practical experiences gathered by the Institute for Community Medicine (ICM), University Medicine Greifswald, requirements for digital consent management systems were identified.Results: To address the requirements, the free-of-charge, open-source software "generic Informed Consent Service" (gICS®) was developed by ICM to provide a tool to facilitate and enhance usage of digital ICs for the international research community covering various scenarios. gICS facilitates IC management based on IC modularisation and supports various workflows within research, including (1) electronic depiction of paper-based consents and (2) fully electronic consents. Numerous projects applied gICS and documented over 336,000 ICs and 2400 withdrawals since 2014.Discussion: Since the consent's content is a prerequisite for securing participants' rights, application of gICS is no guarantee for legal compliance. However, gICS supports fine-granular consents and accommodation of differentiated consent states, which can be directly exchanged between systems, allowing automated data processing.Conclusion: gICS simplifies and supports sustained IC management as a major key to successfully conduct studies and build trust in research with human subjects. Therefore, interested researchers are invited to use gICS and provide feedback for further improvements. [ABSTRACT FROM AUTHOR]

Published

2020

22. Controversies between regulations of research ethics and protection of personal data: informed consent at a cross-road.

Author

Gefenas, Eugenijus, Lekstutiene, J., Lukaseviciene, V., Hartlev, M., Mourby, M., and Cathaoir, K.Ó

Abstract

This paper explores some key discrepancies between two sets of normative requirements applicable to the research use of personal data and human biological materials: (a) the data protection regime which follows the application of the European Union General Data Protection Regulation (GDPR), and (b) the Declaration of Helsinki, CIOMS guidelines and other research ethics regulations. One source of this controversy is that the GDPR requires consent to process personal data to be clear, concise, specific and granular, freely given and revocable and therefore has challenged the concept of 'broad consent', which has been widely applied in the context of biobanking. Another source of controversy is the interplay between regulations of research ethics and protection of personal data related to the secondary use of personal data and biological materials. In this case, the GDPR 'research condition' provides an alternative to re-consent for the use of previously collected personal data and biological materials. Although the mentioned controversies have been raised in the legal literature, they have not been explicitly addressed from the research ethics perspective. Should consent be regarded as a priority legal basis for personal data processing in health data research? Can broad consent still be a suitable legal ground for biobanking? What should be the role of research ethics provisions that differ from the GDPR standards, and what should be the role and function of research ethics committees in the changing environment of health data research? These are the ongoing controversies to be explored in the paper. [ABSTRACT FROM AUTHOR]

Published

2022

23. Information security failures identified and measured – ISO/IEC 27001:2013 controls ranked based on GDPR penalty case analysis.

Author

Suorsa, M. and Helo, P.

Subjects

*INFORMATION technology security, *GENERAL Data Protection Regulation, 2016, *ROOT cause analysis, *FAILURE analysis

Abstract

This paper identifies the failures and impacts of information security, as well as the most effective controls to mitigate information security risks in organizations. Root cause analysis was conducted on all year 2020 GDPR penalty cases (n = 81) based on misconduct as defined in GDPR article 32: "security of processing." ISO/IEC 27001 controls were used as failure identifiers in the analysis. As a result, this study presents both the most frequent and most expensive information security failures and correspondingly ranks and presents the correlation of the controls observed in the analysis. From a theoretical perspective, our study contributes by bridging the gap between regulation and information security and introduces a statistical method to analyze the GDPR penalty cases, and provides previously unreported findings about information security failures and their respective solutions. From a practical perspective, the results of our study are useful for organizations which aspire to manage information security more effectively in order to prevent the most typical and expensive information security failures. Organizations, as well as auditors implementing and assuring the ISO 27001, may use our results as a guideline whereby controls should be applied and verified first in sequential order based on their impact and interdependence. [ABSTRACT FROM AUTHOR]

Published

2024

24. INDEPENDENŢA AUTORITĂŢILOR DE SUPRAVEGHERE A PRELUCRĂRII DATELOR CU CARACTER PERSONAL.

Author

SAVA, MIHAELA-RUXANDRA

Subjects

PERSONALLY identifiable information, DATA protection, GENERAL Data Protection Regulation, 2016, CIVIL rights, POLITICAL movements, JUDGE-made law, ELECTRONIC data processing

Abstract

According to the General Data Protection Regulation (hereinafter GDPR), in each Member State of the European Union, one or more independent supervisory authorities of personal data processing must operate under conditions of full independence. Therefore, by this article we aim to achieve two main objectives. A first objective is to explain the notion of „full independence“ and the second objective is to find and analyze some of the essential elements for guaranteeing full independence. The methodology used has focused on the study of the European and national legislation (the European treaties, the GDPR, the Romanian Constitution, the Administrative Code), on the study of doctrine and on the analysis of the case law of the Court of Justice of the European Union (hereinafter CJEU) on the issue of full independence of the supervisory authorities. This paper concludes that the notion of the independence of the supervisory authorities is a fragile notion that requires the full attention of the Member States. The fundamental human rights and freedoms must survive any political movements or commercial interests. The Member States, by the national law, must ensure adequate safeguards to ensure full independence of the supervisory authorities and must establish effective rules on the sanctioning of those who infringe on their independent status. As the notion of independence is a fragile notion, in the future, the Member States' actions to safeguard the independence of the supervisory authorities must increase in direct proportion to the degree of risk of the new technologies to privacy and to the other fundamental rights and freedoms. Regarding the structure of the paper, in the Introduction, we discussed the necessity of existence of some national data protection authorities. In Section II, we briefly presented certain general considerations about supervisory authorities. In Section III, we set out certain general considerations about the legal regime of the autonomous administrative authorities in Romania. In Section IV.A we analyzed and defined the notion of „full independence“, and in Section IV.B we extracted from the legislation, doctrine and case law a part of the essential elements for guaranteeing a full independence and we briefly explained these elements. [ABSTRACT FROM AUTHOR]

Published

2021

25. FACTORS DETERMINING THE EXTENT OF GDPR IMPLEMENTATION WITHIN ORGANIZATIONS: EMPIRICAL EVIDENCE FROM CZECH REPUBLIC.

Author

FAIFR, Adam and JANUŠKA, Martin

Subjects

GENERAL Data Protection Regulation, 2016, REGRESSION trees, CHI-squared test

Abstract

In this paper, the key factors that affect the extent of GDPR implementation in enterprises are analysed. Since 2018, all organizations operating in the European Union or processing personal data of EU citizens have had to incorporate a new regulation in their work. After three years of experience, possible key factors that significantly affect the cost of the entire project have been theoretically identified. However, a research gap remains whether the factors thus defined actually have a real impact on the implementation within organizations. Therefore, this study focuses on an empirical investigation of those characteristics using quantitative approach combining Chi-squared tests and the Classification and Regression Tree method. Based on a survey of organizations in the Czech Republic, this paper outlines that the size of the organization, the typology of personal data processed and the way GDPR is implemented determine the scope of the implementation project within organizations. On the other hand, there is no clear evidence that there is significant role in whether it is a public or private organization. [ABSTRACT FROM AUTHOR]

Published

2021

26. (Do not) remember my face: uses of facial recognition technology in light of the general data protection regulation.

Author

Raposo, Vera Lúcia

Subjects

HUMAN facial recognition software, GENERAL Data Protection Regulation, 2016, BIOMETRIC identification, DATA transmission systems, COMPUTER security

Abstract

Facial recognition technology is a state-of-the-art digital tool widely used by private and public entities. Its benefits are notable, but the challenges that it presents cannot be overlooked, as this paper will expose. In Europe, a major challenge is ensuring compliance with the General Data Protection Regulation, starting with the search of a proper legal ground for data processing and the identification of an adequate exception to allow the processing of biometric data. The implementation of security measures and the risks associated with data transfer to third countries must also be considered. A further issue is the reliability of facial recognition technology, which relates to data accuracy. These challenges are substantial, but they are not insurmountable. More comprehensive and in-depth knowledge of the legal intricacies of the General Data Protection Regulation, more secure and transparent data-processing procedures, and full acknowledgement of the technology's limitations might provide a liability shield. [ABSTRACT FROM AUTHOR]

Published

2023

27. A COMPARISON BETWEEN THE EUROPEAN AND THE AMERICAN APPROACHES TO PRIVACY.

Author

Buresh, Donald L.

Subjects

PRIVACY, GENERAL Data Protection Regulation, 2016, RIGHT of privacy

Abstract

This paper compares the European and the American approach to privacy. The essay argues that the European approach to privacy is rights-based, whereas the American tactic is expectation-based. The article discusses the European Union General Data Protection Regulation, as well as the newly-adopted California Consumer Privacy Act. The paper contends that the latter is an American response to the former. The paper concludes that if individuals prefer strict protection of their privacy rights, then the General Data Protection Regulation is the appropriate model. Otherwise, a reasonable expectation of privacy is sufficient. [ABSTRACT FROM AUTHOR]

Published

2019

28. Genetic research and consent: On the crossroads of human and data research.

Author

Pormeister, Kärt

Subjects

BLOOD testing, SALIVA analysis, COLLECTION & preservation of biological specimens, GENETIC research, INFORMED consent (Medical law), RESEARCH ethics, GENETIC testing, HUMAN research subjects, INDIVIDUALIZED medicine

Abstract

This paper explores the legal and ethical concept of human subject research in order to determine whether genetic research with already available biosamples and data falls within this concept. Although the ethical concept seems to have evolved to recognize research based on data as human research, from a supranational legal perspective this form of research is not considered human subject research. Thus human subject research regulations do not apply and therefore do not invoke the requirement of obtaining consent prior to using an individual's biosample or genetic data in research. Furthermore, it remains ambiguous in both the legal and ethical realm whether the use of biosamples or genetic data without additional links to the individual would invoke the same safeguards as research involving additional or specific identifiers. Seeing that research based on already available biosamples and genetic data is not governed by rules concerning human subject research, the second part of the paper analyses whether any consent requirements apply for the further use of already available bio‐samples or genetic data in research. Whereas further use of biosamples is subject to considerably lax consent requirements under Article 22 of the Oviedo Convention, under the General Data Protection Regulation further use of genetic data might not be subject to a prior consent requirement at all, unless it is stipulated in national laws. When it comes to clinical trials, however, sponsors will have the possibility under Article 28(2) of Regulation 536/2014 to obtain open consent for further use of data in any kind of future research. [ABSTRACT FROM AUTHOR]

Published

2019

29. General Data Protection Regulation (GDPR): Legal, Ethic and Other Issues, Especially in Covid-19 Time.

Author

Isabel Guerra, Ana, João Machado, Maria, Malta Fernandes, Maria, Anjos Azevedo, Patrícia, Tenreiro Tomás, Sérgio, and Sousa Machado, Susana

Subjects

GENERAL Data Protection Regulation, 2016, COVID-19, BODY temperature, COVID-19 pandemic, INDUSTRIAL relations, INFECTIOUS disease transmission, PERSONALLY identifiable information

Abstract

[Purpose] This paper intends to present an academic analysis about the legal, ethic and other issues raised by the General Data Protection Regulation, especially in Covid-19 time. In this context, we present the main legal aspects of networked privacy, online privacy literacy, transparency, data integrity and others. Besides, we present the employee's rights in the context of the Covid-19 pandemic, such as the right to erase data, temperature monitoring, the employee's consent, the legitimation of the processing of personal data and body temperature control. We also give a word about data protection and teleworking. Our purpose is to contribute for the evolution of law, regarding the challenges and all the changes in our daily-life, provoked by the Covid-19 pandemic. [Methodology] Our objectives are fundamentally achieved with a legal and doctrinal analysis, which is our methodology. The topics presented in this paper are linked between each other and this kind of joint treatment is our goal. [Findings] Privacy is a broad concept that includes a set of personal characteristics that go beyond a user's name and location. Personal data includes the fundamental rights that privacy helps to guarantee. The GDPR is a legal basis for the processing of personal data, which is directly applicable in the European Union and does not require national transpositions. Employers are facing increasingly complex challenges in the day-to-day of their companies, given the need to stop the spread of coronavirus. To respond to the growing threat of coronavirus, many employers are considering monitoring the he alth of their employees to minimize the risk of infection and contagion in the workplace. Consent as a free, informed and unequivocal manifestation, required by the GDPR, collides with the existing asymmetries in the employment relationship. Despite all the difficulties in framing consent, it is unequivocal that the employment relationship requires the collection and processing of numerous employee data. It is an inevitability. Teleworking, provided from the employee's home, was one of the first measures adopted in the context of the pandemic caused by the Covid-19 disease. This type of work provision raises a number of questions regarding the protection of employees' personal data, namely in terms of control by the employer. [ABSTRACT FROM AUTHOR]

Published

2021

30. IZAZOVI PRAVNOG UREĐENJA UPOTREBE OSOBNIH PODATAKA IZ GENSKIH TESTOVA U SVRHU OSIGURANJA.

Author

Puvača, Maja Bukovac and Belanić, Loris

Abstract

Copyright of Pravni Vjesnik is the property of Pravni fakultet Sveucilista J. J. Strossmayera u Osijeku and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2021

31. 欧盟精细化数据立法下的数据保护与流通.

Author

何润韬

Abstract

Copyright of Cyber Security & Data Governance is the property of Editorial Office of Information Technology & Network Security and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2024

32. Consimțământul: un ingredient esențial pentru cookie?

Author

RUSU, Ioana

Subjects

PERSONALLY identifiable information, FREEDOM of expression, FREEDOM of information, DATA protection, ECONOMIC liberty, CIVIL rights

Abstract

Copyright of Revista Română de Drept European is the property of Wolters Kluwer Romania and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2023

33. THE RIGHT TO INFORMATION DATA PRIVACY ON THE INTERNET.

Author

Raymond, Dai

Subjects

CONSTITUTIONAL law, WEB design, DATA privacy, ROE v. Wade, GENERAL Data Protection Regulation, 2016

Abstract

This paper examines why individuals lack data privacy on the Internet, and it does so by exploring the ways in which constitutional and statute law fail to provide adequate privacy protections - even when rights to privacy are intended. As the author argues, there are "three main reasons for the scarcity of Internet data privacy: first, the law lacks a sufficient definition of data privacy. Second, existing laws and statutes regarding the right to data privacy have inherent flaws and loopholes. Third, the modern era of web design is inconvenient for users and leads to an unfair engagement of contracts, which in turn, gives users little choice but to expose their data to third parties. [ABSTRACT FROM AUTHOR]

Published

2022

34. An analysis of violations and sanctions following the GDPR.

Author

Presthus, Wanda and Sønslien, Kaja Felix

Subjects

GENERAL Data Protection Regulation, 2016, DATA privacy, CIVIL rights

Abstract

This paper investigates the violations and sanctions that have occurred following the implementation of the General Data Protection Regulation (GDPR). The GDPR came into effect in May 2018 with the aim of strengthening the information privacy of European Union/European Economic Area citizens. Based on existing taxonomies of (i) potential consequences of violating the GDPR (including surveillance, discrimination), (ii) an analysis of 277 sanctions, and (iii) interviews with experts, we offer a mapping of the violations and sanctions almost two years after the regulation was implemented. The most typical complaints were, in descending order: unlawful processing and disclosure of personal information, failure to act on and secure subject rights and personal information, and insufficient cooperation with supervising authorities. Our analysis also indicates an increasing number of fines over time. Regarding size, the fines range from 50,000,000 euros to (symbolic?) 90 euros. While research on GDPR violations and sanctions is somewhat scarce, our study mainly confirms existing findings: that the GDPR is complex and challenging. However, our study provides insight on some of the challenges. Our contribution is mainly practical and aimed at managers in any organization whose goal is to protect information privacy and to learn from the mistakes made by other companies. We also welcome more research on the topic. [ABSTRACT FROM AUTHOR]

Published

2021

35. Data Protection Authorities and their Awareness-raising Duties under the GDPR: The Case for Engaging Umbrella Organisations to Disseminate Guidance for Small and Medium-size Enterprises.

Author

Cochrane, Leanne, Jasmontaite-Zaniewicz, Lina, and Barnard-Wills, David

Subjects

DATA protection, AWARENESS, BUSINESS enterprises, GENERAL Data Protection Regulation, 2016, DETERRENCE (Administrative law)

Abstract

In this paper we explore EU data protection authorities' (DPAs) role as leaders and educators, particularly in relation to awareness-raising efforts with Small and Medium-sized Enterprises (SMEs). The GDPR made awareness raising duties of DPAs explicit whilst SMEs face challenges complying with data protection law. We posit that DPAS should make better strategic use of collaboration with SME Associations as intermediaries to better access and understand the needs of SMEs. This collaboration could facilitate dissemination of guidance and information addressed to SMEs. It could also help to overcome concerns expressed by SME representatives about the existing guidance provided by DPAs as being overly generic, focused on legal theory, and in some states arriving too late for implementation. We suggest that by working together SME Associations and DPAs could increase their own working efficiency as well as the one of SMEs. We build our arguments on the findings of an online survey of 52-60 SMEs representatives and semi-structured qualitative interviews with 18 DPAs, 22 SME Association representatives and 11 SME representatives. [ABSTRACT FROM AUTHOR]

Published

2020

36. Elosztott mesterséges-intelligencia-fejlesztés blokklánc alapon az adatvédelem érvényesülése érdekében.

Author

DÁNIEL, ESZTERI

Abstract

Copyright of Pro Futuro is the property of University of Debrecen and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2020

37. RE-EXAMINING THE FUTURE PROSPECTS OF ARTIFICIAL INTELLIGENCE IN EDUCATION IN LIGHT OF THE GDPR AND ChatGPT.

Author

BAI, John Y. H., ZAWACKI-RICHTER, Olaf, and MUSKENS, Wolfgang

Abstract

Artificial intelligence in education (AIEd) is a fast-growing field of research. In previous work, we described efforts to explore the possible futures of AIEd by identifying key variables and their future prospects. This paper re-examines our discussions on the governance of data and the role of students and teachers by considering the implications of 1) a recent case related to the General Data Protection Regulation (GDPR) and 2) the release of ChatGPT, a generative AI model capable to producing 'human-like' text. These events raise questions for the future of AIEd and the underlying function of assessment, and highlight the importance of active student participation in the integration of AI in education. [ABSTRACT FROM AUTHOR]

Published

2024

38. Gaps, guesswork, and ghosts lurking in technology integration: Laws and policies applicable to student privacy.

Author

Sun, Jeffrey C.

Abstract

Technology integration and learning analytics offer insights to improve educational experiences and outcomes. In advancing these efforts, laws and policies govern these environments placing protections, standards, and developmental opportunities for higher education, students, faculty, and even the nation‐state. Nonetheless, evidence of educational restrictions, encumbered actions, and archaic approaches pervades the legal literature and case law demonstrating that these laws and policies do not always function well in evolving and emerging technology spaces. To examine these laws and policies of student privacy, the author employs the combination of a critical policy analysis, which derives from critical social research as a means to explore discourse and policy through drawing out the policy contexts, texts, and consequences, and Flood's liberating systems theory, which directs the analysis to a problem‐solving approach by examining the policy discourse from a systems‐thinking lens. Based on a review of 184 court cases, 74 policies from a diversified representation of US states/territories, and seven developed nations or multi‐nation consortia, this examination illuminates how context and text such as the type and setting of the privacy matter (eg, various freedom of information acts, educational records under the Family Educational Rights and Privacy Act, and General Data Protection Regulation in the European Union) presents opportunities for protections and standardization efforts; however, they also illustrate significant protection gaps, guesswork and insufficiency around the type and degree of data subject consent, and ghosting effects of data subjects' protections. While the extant literature already supports aspects of these findings, it does not account for this holistic view of these three privacy vulnerabilities—especially in light of the principles to which these laws purport to achieve. Moreover, the three identified privacy vulnerabilities suggest overlooked inclusion of two overarching privacy concepts—transparency and equity. This study recommends that key actors in the policy construction realm (ie, university leaders, policymakers, and judges) should engage in analyses, dialogue, and consideration about transparency and equity by considering contemporary privacy problems in the contexts of artificial intelligence, quantum computing, and cybersecurity as a way to improve transparent and equitable policies in these areas rather than exacerbating the privacy dilemmas already in place. Practitioner notesWhat is already known about this topic In the United States, the Family Educational Rights and Privacy Act of 1974 (FERPA) and the Health Insurance Portability and Accountability Act of 1996 (HIPAA) are well documented evidence of privacy protections for education and health records, but they fail to offer sufficient protections for students as data subjects with emerging technologies.Existing federal‐level laws in the United States do not offer a systematic or uniform approach in the manner that data users obtain consent, so data subjects are largely unaware of what is being consented.Other than matters of consent, policy strategies based on student privacy laws (ie, voluntary consensus standards, basic practices to maintain privacy, an ethics review board, data/record retention and destruction, and data sanitation of equipment) are significant and informative largely from the university‐perspective, not the students as data subjects.What this paper adds A new comprehensive examination of US laws including statutes, regulations, and cases as well as seven key nation‐state or national consortia laws—especially the EU's General Data Protection Regulation and selected state laws in the United States, which offer consistent and greater student privacy protections.Insights about the principles designed among the laws, which centre around their application, essentiality, consent, and security.Attention to areas in which student privacy laws still present privacy concerns, but specifically identifying issues of significant gaps, guesswork and insufficiency around levels and types of consent, and ghosting effects of data subjects' protections.Implications for practice and/or policy Data subject consent should be established and consistent– whether an opt‐out provision, opt‐in provision, or some extensive engagement.Student privacy policies should incorporate principles of transparency and equity for data subjects and data treatment.Policymakers should consider now how the intersections of data subject privacy matters shall be addressed in the context of artificial intelligence, quantum computing, and cybersecurity. [ABSTRACT FROM AUTHOR]

Published

2023

39. Contextualizing privacy with wearable data in higher education.

Author

Hagadone‐Bedir, Mariah, Voithofer, Rick, and Kulp, Jessica T.

Abstract

This conceptual study uses dynamic systems theory (DST) and phenomenology as lenses to examine data privacy implications surrounding wearable devices that incorporate stakeholder, contextual and technical factors. Wearable devices can impact people's behaviour and sense of self, and DST and phenomenology provide complementary approaches for emphasizing the subjective experiences of individuals that occur with the use of wearable data. Privacy is approached through phenomenology as an individual's lived bodily experience and DST emphasizes the self‐regulation and feedback loops of individuals and their uses of wearable data. The data collection, analysis and communication of wearable data to support learning systems alongside privacy implications for each are examined. The IoT, cloud computing, metadata and algorithms are discussed as they relate to wearable data, pointing out privacy risks and strategies to minimize harm. Practitioner notesWhat is already known about this topicData privacy is a complex topic and is approached through different perspectives, influencing the degree of an individual's data autonomy.Wearable technology is increasing in the consumer market and offers great potential to learning environments.What this paper addsExtends extant literature on dynamic systems theory and phenomenology, contributing these perspectives to educational research in the context of student data privacy and wearable technologies.Provides a framework to understand the complex and contingent ways that privacy can be understood in the collection, analysis, and communication of wearable data to support learning.Implications for practice and/or policyHigher education faculty and educational policymakers should consider various interactions in systems and among systems of how wearable data collection may be analysed, communicated and stored, potentially exposing students to privacy harms.Multiple actors in learning systems must engage in continuous and evolving feedback loops around data security, consent, ownership and control to determine who has access to student data, how it is used and for what purposes.The EU's General Data Protection and Regulation offers one of the most comprehensive frameworks for higher education institutions and faculty around the world to follow for protecting student data privacy. [ABSTRACT FROM AUTHOR]

Published

2023

40. Digital Biomarkers in Psychiatric Research: Data Protection Qualifications in a Complex Ecosystem.

Author

Parziale, Andrea and Mascalzoni, Deborah

Subjects

PSYCHIATRIC research, DATA protection, PEOPLE with mental illness, DATA protection laws, BIOMARKERS

Abstract

Psychiatric research traditionally relies on subjective observation, which is timeconsuming and labor-intensive. The widespread use of digital devices, such as smartphones and wearables, enables the collection and use of vast amounts of user-generated data as "digital biomarkers." These tools may also support increased participation of psychiatric patients in research and, as a result, the production of research results that are meaningful to them. However, sharing mental health data and research results may expose patients to discrimination and stigma risks, thus discouraging participation. To earn and maintain participants' trust, the first essential requirement is to implement an appropriate data governance system with a clear and transparent allocation of data protection duties and responsibilities among the actors involved in the process. These include sponsors, investigators, operators of digital tools, as well as healthcare service providers and biobanks/databanks. While previous works have proposed practical solutions to this end, there is a lack of consideration of positive data protection law issues in the extant literature. To start filling this gap, this paper discusses the GDPR legal qualifications of controller, processor, and joint controllers in the complex ecosystem unfolded by the integration of digital biomarkers in psychiatric research, considering their implications and proposing some general practical recommendations. [ABSTRACT FROM AUTHOR]

Published

2022

41. Online Price Discrimination and EU Data Privacy Law.

Author

Zuiderveen Borgesius, Frederik and Poort, Joost

Subjects

PRICE discrimination, ONLINE shopping, INTERNET privacy laws, ELECTRONIC commerce, DATA protection laws

Abstract

Online shops could offer each website customer a different price. Such personalized pricing can lead to advanced forms of price discrimination based on individual characteristics of consumers, which may be provided, obtained, or assumed. An online shop can recognize customers, for instance through cookies, and categorize them as price-sensitive or price-insensitive. Subsequently, it can charge (presumed) price-insensitive people higher prices. This paper explores personalized pricing from a legal and an economic perspective. From an economic perspective, there are valid arguments in favour of price discrimination, but its effect on total consumer welfare is ambiguous. Irrespectively, many people regard personalized pricing as unfair or manipulative. The paper analyses how this dislike of personalized pricing may be linked to economic analysis and to other norms or values. Next, the paper examines whether European data protection law applies to personalized pricing. Data protection law applies if personal data are processed, and this paper argues that that is generally the case when prices are personalized. Data protection law requires companies to be transparent about the purpose of personal data processing, which implies that they must inform customers if they personalize prices. Subsequently, consumers have to give consent. If enforced, data protection law could thereby play a significant role in mitigating any adverse effects of personalized pricing. It could help to unearth how prevalent personalized pricing is and how people respond to transparency about it. [ABSTRACT FROM AUTHOR]

Published

2017

42. Legal and Ethical Challenges for HR in Machine Learning.

Author

Hamilton, R. H. and Davison, H. Kristl

Subjects

COUNTERPRODUCTIVITY (Labor), MACHINE learning, DATA protection laws, GENERAL Data Protection Regulation, 2016, EMPLOYMENT discrimination, ARTIFICIAL intelligence

Abstract

The technology of machine learning, a type of artificial intelligence, will enable organizations to analyze their use and deployment of human resources (HR) in new ways that ultimately will allow them to manage more effectively, but it will also present challenges for HR managers who are unprepared. In this paper we discuss some of the legal and ethical concerns in the HR context that accompany machine learning. Legal concerns include possible violations of both US employment discrimination laws and the provisions of the European General Data Protection Regulation, while ethical concerns for HR revolve around employee desires for privacy and justice. We assess that some data analysis activities that are legal nonetheless might not be appropriate in some cases and might be demotivating to employees, resulting in lowered performance or even counterproductive behaviors if HR mishandles the context. We conclude by offering guidelines for HR managers to assess the appropriateness of machine learning projects. [ABSTRACT FROM AUTHOR]

Published

2022

43. Delimiting the concept of personal data after the GDPR.

Author

Wong, Benjamin

Subjects

PERSONALLY identifiable information, GENERAL Data Protection Regulation, 2016, DATA protection, JUDGE-made law

Abstract

This paper explains how the concept of personal data should be delimited. Certainty on this matter is crucial, as it determines the material scope of the data protection obligations. The primary boundary delimiting the scope of personal data is the requirement that personal data 'relate to' an individual. The courts of the UK and the EU have sought to delineate this boundary, but there are serious difficulties in the present approaches that have emerged thus far. Two possible ways forward are suggested, taking into account the implications of the direct application of the GDPR in the UK. [ABSTRACT FROM AUTHOR]

Published

2019

44. OPŠTA UREDBA O ZAŠTITI PODATAKA: ODNOS PRAVA NA PRIVATNOST I ZAŠTITE LIČNIH PODATAKA S OSVRTOM NA BOSNU I HERCEGOVINU.

Author

Murtezić, Arben

Subjects

RIGHT of privacy, CIVIL rights, PERSONALLY identifiable information, RIGHT to be forgotten, HUMAN rights, EUROPEAN Union law, LEGISLATION

Abstract

Copyright of Anali Pravnog Fakulteta Univerziteta u Zenici is the property of Anali Pravnog Fakulteta Univerziteta u Zenici and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2019

45. El Archivo Histórico Fotográfico de Repsol: Creación y Acceso al material fotográfico.

Author

de Castro Leal, Leticia

Subjects

GENERAL Data Protection Regulation, 2016, RECORDS management, HISTORICAL libraries, ACCESS to archives, PETROLEUM

Abstract

Copyright of Documentación de las Ciencias de la Información is the property of Universidad Complutense de Madrid and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2019

46. Optimal CBDC design for Ukraine through the lens of privacy and security.

Author

Hudima, Tetіana, Kamyshanskyi, Vladyslav, Dmytrenko, Tetіana, and Shmyhov, Mykhailo

Subjects

PERSONALLY identifiable information, DATA privacy, ELECTRONIC money, DATA protection laws, LITERATURE reviews, INTERNATIONAL banking industry

Abstract

Copyright of Amazonia Investiga is the property of PRIMMATE and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2023

47. The Issue of Data Protection in EU Trade Commitments: Cross-border Data Transfers in GATS and Bilateral Free Trade Agreements

Author

Federica Velli

Subjects

general data protection regulation, general agreement on trade in services, free trade agreements, cross-border personal data transfers, adequacy decisions, fundamental right to data protection, Law, Law of Europe, KJ-KKZ

Abstract

(Series Information) European Papers - A Journal on Law and Integration, 2019 4(3), 881-894 | European Forum Insight of 9 December 2019 | (Table of Contents) I. Introduction. - II. Cross-border data transfers in the GDPR. - III. The regime under GATS: MFN, NT and market access vs. adequacy decisions. - III.1. GATS, MFN, NT and market access obligations. - III.2. Justifications. - IV. How do bilateral FTAs address trade and privacy interests? - IV.1. Examples from EUKOR, CETA and EU-Japan FTA. - IV.2. Provisions on Cross-border Data Flows and the Protection of Personal Data and Privacy (2018). - V. Conclusions. | (Abstract) The rapid technological developments and the increasing data flows have not yet been addressed through global coordination. The WTO has so far played a minor role, failing to update its treaties to the new reality of digital trade. To reduce the uncertainty as to the economic and privacy-related impacts of cross-border data flows, governments as well as the European Union have started including this topic and data protection concerns in Free Trade Agreements. This Insight will first investigate how the General Data Protection Regulation rules on the transfer of personal data might conflict with GATS' main commitments, and then consider how the EU has addressed data protection in the context of Free Trade Agreements.

Published

2019

48. The curious case of automated decision-making in India: A comparative analysis of automated decision-making under the General Data Protection Regulation in the European Union and the Personal Data Protection Bill in India

Author

Ashok, Pratiksha

Published

2023

49. Enabling Analytics on Sensitive Medical Data with Secure Multi-Party Computation.

Author

VEENINGEN, Meilof, CHATTERJEA, Supriyo, HORVÁTH, Anna Zsófia, SPINDLER, Gerald, BOERSMA, Eric, van der SPEK, Peter, van der GALIËN, Onno, GUTTELING, Job, KRAAIJ, Wessel, and VEUGEN, Thijs

Abstract

While there is a clear need to apply data analytics in the healthcare sector, this is often difficult because it requires combining sensitive data from multiple data sources. In this paper, we show how the cryptographic technique of secure multiparty computation can enable such data analytics by performing analytics without the need to share the underlying data. We discuss the issue of compliance to European privacy legislation; report on three pilots bringing these techniques closer to practice; and discuss the main challenges ahead to make fully privacy-preserving data analytics in the medical sector commonplace. [ABSTRACT FROM AUTHOR]

Published

2018

50. Zasebnost v pametnih mestih ali zasebnost za pametne ljudi?

Author

Fujs, Damjan and Markelj, Blaž

Abstract

Copyright of Varstvoslovje: Journal of Criminal Justice & Security is the property of University of Maribor, Faculty of Criminal Justice & Security and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2018