Your search keyword '"DATA protection laws"' showing total 5,866 results

1. Attribute inference privacy protection for pre-trained models.

Author

Abedi Khorasgani, Hossein, Mohammed, Noman, and Wang, Yang

Subjects

*DATA privacy, *PRIVACY, *DATA protection laws, *VISUAL fields, *IMAGE processing, *COMPUTER vision, *MACHINE learning

Abstract

With the increasing popularity of machine learning (ML) in image processing, privacy concerns have emerged as a significant issue in deploying and using ML services. However, current privacy protection approaches often require computationally expensive training from scratch or extensive fine-tuning of models, posing significant barriers to the development of privacy-conscious models, particularly for smaller organizations seeking to comply with data privacy laws. In this paper, we address the privacy challenges in computer vision by investigating the effectiveness of two recent fine-tuning methods, Model Reprogramming and Low-Rank Adaptation. We adapt these techniques to provide attribute protection for pre-trained models, minimizing computational overhead and training time. Specifically, we modify the models to produce privacy-preserving latent representations of images that cannot be used to identify unintended attributes. We integrate these methods into an adversarial min–max framework, allowing us to conceal sensitive information from feature outputs without extensive modifications to the pre-trained model, but rather focusing on a small set of new parameters. We demonstrate the effectiveness of our methods by conducting experiments on the CelebA dataset, achieving state-of-the-art performance while significantly reducing computational complexity and cost. Our research provides a valuable contribution to the field of computer vision and privacy, offering practical solutions to enhance the privacy of machine learning services without compromising efficiency. [ABSTRACT FROM AUTHOR]

Published

2024

2. Cross-border data sharing through the lens of research ethics committee members in sub-Saharan Africa.

Author

Cengiz, Nezerith, Kabanda, Siti M., and Moodley, Keymanthri

Subjects

*DIGITAL technology, *INFORMATION sharing, *RESEARCH ethics, *ETHICS committees, *LEGAL ethics, *DATA protection laws

Abstract

Background: Several factors thwart successful data sharing—ambiguous or fragmented regulatory landscapes, conflicting institutional/researcher interests and varying levels of data science-related expertise are among these. Traditional ethics oversight mechanisms and practices may not be well placed to guarantee adequate research oversight given the unique challenges presented by digital technologies and artificial intelligence (AI). Data-intensive research has raised new, contextual ethics and legal challenges that are particularly relevant in an African research setting. Yet, no empirical research has been conducted to explore these challenges. Materials and methods: We explored REC members' views and experiences on data sharing by conducting 20 semi-structured interviews online between June 2022 and February 2023. Using purposive sampling and snowballing, we recruited representatives across sub-Saharan Africa (SSA). We transcribed verbatim and thematically analysed the data with Atlas.ti V22. Results: Three dominant themes were identified: (i) experiences in reviewing data sharing protocols, (ii) perceptions of data transfer tools and (iii) ethical, legal and social challenges of data sharing. Several sub-themes emerged as: (i.a) frequency of and approaches used in reviewing data sharing protocols, (i.b) practical/technical challenges, (i.c) training, (ii.a) ideal structure of data transfer tools, (ii.b) key elements of data transfer tools, (ii.c) implementation level, (ii.d) key stakeholders in developing and reviewing a data transfer agreement (DTA), (iii.a) confidentiality and anonymity, (iii.b) consent, (iii.c) regulatory frameworks, and (iii.d) stigmatisation and discrimination. Conclusions: Our results indicated variability in REC members' perceptions, suboptimal awareness of the existence of data protection laws and a unanimously expressed need for REC member training. To promote efficient data sharing within and across SSA, guidelines that incorporate ethical, legal and social elements need to be developed in consultation with relevant stakeholders and field experts, along with the training accreditation of REC members in the review of data-intensive protocols. [ABSTRACT FROM AUTHOR]

Published

2024

3. A comprehensive review of AI-enhanced smart grid integration for hydrogen energy: Advances, challenges, and future prospects.

Author

SaberiKamarposhti, Morteza, Kamyab, Hesam, Krishnan, Santhana, Yusuf, Mohammad, Rezania, Shahabaldin, Chelliapan, Shreeshivadasan, and Khorami, Masoud

Subjects

*DEEP learning, *DATA privacy, *MACHINE learning, *ENERGY infrastructure, *DATA protection laws, *ENERGY demand management, *HYDROGEN as fuel

Abstract

The convergence of hydrogen energy with artificial intelligence (AI) in smart infrastructure has significant potential to revolutionise the worldwide energy sector. This article thoroughly examines the progress, difficulties, and potential breakthroughs in the integration of AI technology with smart grids to enhance the use of hydrogen energy. The study focuses on utilising AI technologies such as deep learning and machine learning to optimise the processes of generating, distributing, and utilising energy. The discoveries stemming from this investigation facilitate prognostic maintenance, instantaneous decision-making, and effective demand-side management, augmenting the durability and eco-friendliness of energy systems. Nevertheless, this auspicious panorama is surrounded by significant obstacles. Significant issues develop regarding data privacy and security when sensitive information is sent over AI-powered grid systems. Interoperability difficulties necessitate standardising the communication protocols to enable smooth data flow. Additionally, further research is essential to tackle the technological limitations of AI in grid management. This article presents a forward-thinking viewpoint on the incorporation of AI-enhanced smart grid technologies, with a focus on future expectations. Autonomous energy management systems offer improved flexibility, proactive maintenance, and flexible energy distribution. Simultaneously, the combination of Edge AI and decentralisation facilitates the establishment of energy generating and storage facilities at local levels. This helps to make immediate decisions, minimises delays, and improves the durability of the power grid. The report emphasises the pivotal importance of governmental and regulatory factors in directing these advancements. The foundation for a safe and flexible power system is established by data privacy legislation, grid modernisation initiatives, and incentives for hydrogen energy. The essay promotes energy market reforms, technological neutrality, and measures that improve grid resilience as a means of achieving environmental sustainability. The integration of hydrogen energy into smart infrastructure is facilitated by AI, and strategic planning and collaborative design are crucial for achieving a resilient, sustainable, and efficient energy future. This article provides a strategic plan for efficiently handling complexities, leveraging advantageous situations, and collaboratively building an energy industry that is adaptable, productive, and environmentally aware. • Explore AI's role in optimising energy processes for enhanced grid resilience. • Address privacy, security, interoperability, and technical constraints as significant hurdles. • Envision autonomous energy management, edge AI, and decentralisation for adaptive, resilient grids. • Emphasise regulatory frameworks for data privacy, grid modernisation, and renewable energy adoption. [ABSTRACT FROM AUTHOR]

Published

2024

4. Ethics reviews in the European Union. Implications for the governance of scientific research in times of data science and Artificial Intelligence.

Author

Casiraghi, Simone and van Dijk, Niels

Subjects

*ARTIFICIAL intelligence, *DATA science, *DATA protection laws, *NETWORK governance, *ETHICS, *RESEARCH personnel

Abstract

This article builds on discussions on peer review in science and the role of ethics in the governance of technologies to achieve a two-fold goal. First, it shows the process of co-production of the European Commission's (EC's) standardised 'ethics appraisal process' with the development of the EC's Framework Programmes (FPs), by looking at the standardisation of the process and the mutual shaping of data protection law and risk-based discourses around Artificial Intelligence. Second, it investigates the political and epistemic implications arising from this process for the EU governance of scientific research regarding (1) sponsorship of science and technology by the EU and (2) how many limitations or constraints researchers have in practice when carrying out their research. After sketching the origins of the ethics appraisal process and its co-production with data protection law and risk-based jargon, the article outlines the implications for the governance of scientific research and draws recommendations. [ABSTRACT FROM AUTHOR]

Published

2024

5. Impressum.

Subjects

DATA protection laws, CORPORATION law, PERIODICAL publishing, PRICES, CONTRACTS, ALUMINUM alloys

Abstract

Copyright of Computer und Recht is the property of De Gruyter and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2024

6. Bereitstellung von Daten an Behörden nach dem Data Act.

Author

Redeker, Helmut

Subjects

DATA protection, PROTECTION of trade secrets, DATA protection laws, DATA security, PERSONALLY identifiable information, SCHOOL security

Abstract

Copyright of Computer und Recht is the property of De Gruyter and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2024

7. Internet of Things (IoT) of Smart Homes: Privacy and Security.

Author

Magara, Tinashe and Zhou, Yousheng

Subjects

*HUMAN activity recognition, *SMART homes, *INTERNET of things, *HOME security measures, *DATA protection laws, *SECURITY systems

Abstract

The Internet of Things (IoT) constitutes a sophisticated network that interconnects devices, optimizing functionality across various domains of human activity. Recent literature projections anticipate a significant increase, with estimates exceeding 50 billion connected devices by 2025. Despite its transformative potential, the IoT landscape confronts formidable privacy and security challenges, encompassing intricate issues such as data acquisition, anonymization, retention, sharing practices, and behavioural profiling. Effectively addressing these challenges mandates the development of scalable solutions, innovative management strategies, and adaptable policy frameworks. In this paper, we conduct an exhaustive examination of major IoT applications, alongside associated privacy and security concerns. We systematically categorize prevalent privacy, security, and interoperability issues within the context of the IoT layered architecture. The review highlights current research initiatives focused on developing energy-efficient devices, optimizing microprocessors, and fostering interdisciplinary collaborations to address the challenges in the IoT landscape. To efficaciously manage risks in this dynamic landscape, stakeholders must implement comprehensive strategies that span stringent data protection legislation, extensive user education initiatives, and the deployment of robust authorization and authentication frameworks. This paper aims to empower industry leaders, policymakers, and researchers by providing actionable solutions, not just insights, to navigate the complexities of the IoT landscape effectively. Future research initiatives should prioritize the fortification of security measures for large-scale IoT deployments, the formulation of user-centric privacy solutions, and the standardization of interoperability protocols. By establishing a robust foundational framework, our paper endeavours to spearhead the discourse on IoT applications, privacy paradigms, and security frameworks, paving the way towards a resilient and interconnected future. [ABSTRACT FROM AUTHOR]

Published

2024

8. Authoritarian Privacy.

Author

Jia, Mark

Subjects

*AUTHORITARIANISM, *RIGHT of privacy, *DESPOTISM, *DATA privacy, *DATA protection laws

Abstract

Privacy laws are traditionally associated with democracy. Yet autocracies increasingly have them. Why do governments that repress their citizens also protect their privacy? This Article answers this question through a study of China. China is a leading autocracy and the architect of a massive surveillance state. But China is also a major player in data protection, having enacted and enforced a number of laws on information privacy. To explain how this came to be, the Article first discusses several top-down objectives often said to motivate China's privacy laws: advancing its digital economy, expanding its global influence, and protecting its national security. Although each has been a factor in China's turn to privacy law, even together, they tell only a partial story. Central to China's privacy turn is the party-state's use of privacy law to shore up its legitimacy amid rampant digital abuse. China's whiplashed transition into the digital age has given rise to significant vulnerabilities and dependencies for ordinary citizens. Through privacy law, China's leaders have sought to interpose themselves as benevolent guardians of privacy rights against other intrusive actors--individuals, firms, and even state agencies and local governments. So framed, privacy law can enhance perceptions of state performance and potentially soften criticism of the center's own intrusions. The party-state did not enact privacy law despite its surveillance state; it embraced privacy law to maintain it. This Article adds to our understanding of privacy law, complicates the relationship between privacy and democracy, and points toward a general theory of authoritarian privacy. [ABSTRACT FROM AUTHOR]

Published

2024

9. Federated Learning Incentive Mechanism with Supervised Fuzzy Shapley Value.

Author

Yang, Xun, Xiang, Shuwen, Peng, Changgen, Tan, Weijie, Wang, Yue, Liu, Hai, and Ding, Hongfa

Subjects

*FEDERATED learning, *INCENTIVE (Psychology), *PARETO distribution, *DATA protection laws, *DATA privacy, *MACHINE learning

Abstract

The distributed training of federated machine learning, referred to as federated learning (FL), is discussed in models by multiple participants using local data without compromising data privacy and violating laws. In this paper, we consider the training of federated machine models with uncertain participation attitudes and uncertain benefits of each federated participant, and to encourage all participants to train the desired FL models, we design a fuzzy Shapley value incentive mechanism with supervision. In this incentive mechanism, if the supervision of the supervised mechanism detects that the payoffs of a federated participant reach a value that satisfies the Pareto optimality condition, the federated participant receives a distribution of federated payoffs. The results of numerical experiments demonstrate that the mechanism successfully achieves a fair and Pareto optimal distribution of payoffs. The contradiction between fairness and Pareto-efficient optimization is solved by introducing a supervised mechanism. [ABSTRACT FROM AUTHOR]

Published

2024

10. Legal Protection of Personal Data Privacy in the Kingdom of Saudi Arabia.

Author

Nusairat, Wael Mohammed

Subjects

DATA protection, DATA privacy, GENERAL Data Protection Regulation, 2016, DATA protection laws, PERSONALLY identifiable information, THIRD-party logistics

Abstract

The Kingdom of Saudi Arabia is one of the leading countries and the initiator of enacting systems that respect and preserve the sanctity of personal data and criminalise its violation in any illegal manner. Royal Decree No. (19) dated 2021 was issued to establish the personal data protection system in the Kingdom of Saudi Arabia, and to begin a new era in improving the handling of personal data. With personal data and the necessary legal guarantees to protect it and to preserve the privacy of individuals, protect their rights, and enhance responsibility among individuals and other entities. This article examines the criminal law protection of individual’s personal data in cyberspace by analysing the legal framework applied in Saudi Arabia. With the analysis of the nature of individuals’ personal data and the forms of abuse against it, this article pursues effective means of protection regarding service providers, processors, and third parties. Highlighting the most prominent efforts made by the Saudi Data and Artificial Intelligence Authority (SDAIA), which is represented by the National Data Management Office, in the protection of personal data, this article identifies shortcomings by comparing the Saudi personal data protection policy with the European Union’s General Data Protection Regulation (GDPR). The findings of this article are useful for legislators in Saudi Arabia to review the new Personal Data Protection Law and to develop a proactive policy in detecting and dealing with incidents and breaches of data before they occur. [ABSTRACT FROM AUTHOR]

Published

2024

11. UNTOUCHABLE HACKER GOD.

Author

BENNETT, DRAKE and Laikola, Leo

Subjects

COMPUTER hackers, DATA protection laws, PROSECUTORS, BUSINESSPEOPLE, CRIME suspects, COMPUTER software developers, HOUSING

Abstract

The article reports on the trial of Finnish cybercriminal Aleksanteri Kivimäki on alleged hacking and attempt to extort a nationwide chain of psychotherapy clinics in Finland, publishing patient data on the Internet and identity fraud. Information is provided on Kivimäki's swatting campaigns, harassment and attacks on individuals and his earlier conviction of money laundering, fraud, cyberbullying and data breaches. Details of Kivimäki's data extortion operations are provided.

Published

2024

12. Cybersecurity in Elder Law Practice.

Author

Schocklin, LeeAnne C.

Subjects

*PRACTICE of law, *ATTORNEY & client, *CLASS actions, *LEGAL procedure, *LEGAL education, *BUSINESSPEOPLE, *HEALTH Insurance Portability & Accountability Act, *DATA protection laws, *INFORMED consent (Medical law)

Abstract

The article titled "Class-Action Lawsuit Filed Against Founder of Special Needs Trust Fund" reports on a federal lawsuit seeking to recover $100 million from the founder of a special needs trust fund. The lawsuit alleges that the founder and his business partners engaged in a predatory scheme that depleted over 1,500 trust funds established for individuals with disabilities and complex medical needs. The lawsuit also criticizes the management of the trust funds by the Center for Special Needs Trust Administration, which has filed for bankruptcy, resulting in the depletion of many trust accounts. The summary provides an objective overview of the main points discussed in the article, without expressing any personal opinions or judgments. [Extracted from the article]

Published

2024

13. Forcing a square into a circle: why South Africa's draft revised material transfer agreement is not fit for purpose.

Author

Esselaar, Paul, Swales, Lee, Bellengère, Devarasi, Mhlongo, Banele, and Thaldar, Donrich

Subjects

BIOMATERIALS, DATA protection laws, LANDSCAPE changes, CIRCLE, RESEARCH ethics, DECOLONIZATION

Abstract

The South African National Health Research Ethics Council (NHREC) recently released a final draft revision of the standard material transfer agreement (MTA) that was promulgated into law in 2018. This new draft MTA raises pertinent questions about the NHREC's mandate, the way in which the draft MTA deals with data and with human biological material, and its avoidance of the concept of ownership. After South Africa's data protection legislation, the Protection of Personal Information Act (POPIA), became operational in mid 2021, the legal landscape changed and it is doubtful that the NHREC has a residual mandate to govern personal information in health research. Furthermore, data is dealt with in a superficial, throw-away fashion in the draft MTA. The position with human biological material is not substantially better, as the draft MTA fails to recognise that human biological material can contain pathogens, which has important legal and ethical ramifications that are not sufficiently addressed. A central problem with the draft MTA is its use of the term 'steward', and avoidance of the legal concept of 'ownership'. This is not only misaligned with the South African legal framework, but also fails to consider the ethical case for recognising ownership. Finally, a call to embrace decolonial thinking in health research underscores the importance of recognising ownership in order to foster the growth of the local bio-economy. Key recommendations to reshape the draft MTA include: Making use of the eventual revised MTA optional, and allowing it to evolve with input from scientific and legal communities; regulating the transfer of associated data in a separate data transfer agreement that can be incorporated by reference in the MTA; enhancing guidance on liability and risk management in respect of human biological material that contains pathogens; and, finally, adopting a decolonial approach in health research governance, which requires recognising the ownership rights of South African research institutions. [ABSTRACT FROM AUTHOR]

Published

2024

14. Chilean Supreme Court ruling on the protection of brain activity: neurorights, personal data protection, and neurodata.

Author

Isabel Cornejo-Plaza, María, Cippitani, Roberto, and Pasquino, Vincenzo

Subjects

DATA protection, LEGAL judgments, DATA protection laws, PERSONALLY identifiable information, RIGHT of privacy, CIVIL rights, INTERNET privacy, PRIVACY

Abstract

This paper discusses a landmark ruling by the Chilean Supreme Court of August 9, 2023 dealing with the right to mental privacy, originated with an action for constitutional protection filed on behalf of Guido Girardi Lavin against Emotiv Inc., a North American company based in San Francisco, California that is commercializing the device "Insight." This wireless device functions as a headset with sensors that collect information about the brain's electrical activity (i.e., neurodata). The discussion revolves around whether neurodata can be considered personal data and whether they could be classified into a special category. The application of the present legislation on data (the most obsolete, such as the Chilean law, and the most recent EU law) does not seem adequate to protect neurodata. The use of neurodata raises ethical and legal concerns that are not fully addressed by current regulations on personal data protection. Despite not being necessarily considered personal data, neurodata represent the most intimate aspects of human personality and should be protected in light of potential new risks. The unique characteristics of neurodata, including their interpretive nature and potential for revealing thoughts and intentions, pose challenges for regulation. Current data protection laws do not differentiate between different types of data based on their informational content, which is relevant for protecting individual rights. The development of new technologies involving neurodata requires particular attention and careful consideration to prevent possible harm to human dignity. The regulation of neurodata must account for their specific characteristics and the potential risks they pose to privacy, confidentiality, and individual rights. The answer lies in the reconfiguration of human rights known as "neurorights" that goes beyond the protection of personal data. [ABSTRACT FROM AUTHOR]

Published

2024

15. PRIVACY FOR SALE: HOW THE FTC CAN TAKE PRECISE LOCATION DATA OFF THE MARKET.

Author

Hanus, Andrea

Subjects

*RIGHT of privacy, *LAW enforcement, *DATA protection laws, *LEGISLATORS

Abstract

The Federal Trade Commission's ("FTC's") ability to protect consumers amidst the growing number of privacy invasions is at a crossroads. As consumer data is increasingly collected and commercialized, the question becomes whether the FTC's Section 5 enforcement authority is up to the challenge. A recent FTC complaint shed light on how the familiar issue of properly defining privacy harms impedes agency and lawmakers' abilities to protect consumers from privacy violations. And yet, the growing threat against personal autonomy and medical privacy has made the need for such protections more evident than ever. This Note will conceptualize the privacy harms caused by the sale of location data and argue that those harms are well within the FTC's Section 5 unfairness enforcement authority. It will conceptualize and define the privacy harms caused by the sale of location data by presenting examples of recent events in which data sales resulted in real-world harm. These harms will then be connected to precedent in various legal doctrines and FTC enforcement actions to argue that recognition of these less traditional harms is not really novel at all. All of which bolsters the claim that it is within the FTC's authority to enforce against these less traditional, but no less important, privacy harms. Arguably most importantly of all, this Note will suggest that an expanded definition of harm for FTC enforcement will not only protect consumers from sale of their location data, but will also protect against a much broader spectrum of privacy violations. [ABSTRACT FROM AUTHOR]

Published

2024

16. MURKY CONSENT: AN APPROACH TO THE FICTIONS OF CONSENT IN PRIVACY LAW.

Author

SOLOVE, DANIEL J.

Subjects

*RIGHT of privacy, *ACQUISITION of data, *INFORMATION storage & retrieval systems, *GENERAL Data Protection Regulation, 2016, *DATA protection laws

Abstract

Consent plays a profound role in nearly all privacy laws. As Professor Heidi Hurd aptly said, consent works "moral magic"--it transforms things that would be illegal and immoral into lawful and legitimate activities. As to privacy, consent authorizes and legitimizes a wide range of data collection and processing. There are generally two approaches to consent in privacy law. In the United States, the notice-and-choice approach predominates: organizations post a notice of their privacy practices and people are deemed to consent if they continue to do business with the organization or fail to opt out. In the European Union, the General Data Protection Regulation ("GDPR") uses the express consent approach, where people must voluntarily and affirmatively consent. Both approaches fail. The evidence of actual consent is nonexistent under the notice-and-choice approach. Individuals are often pressured or manipulated, undermining the validity of their consent. The express consent approach also suffers from these problems--people are ill-equipped to decide about their privacy, and even experts cannot fully understand what algorithms will do with personal data. Express consent also is highly impractical; it inundates individuals with consent requests from thousands of organizations. Express consent cannot scale. In this Article, I contend that most of the time, privacy consent is fictitious. Privacy law should take a new approach to consent that I call "murky consent." Traditionally, consent has been binary--an on/off switch--but murky consent exists in the shadowy middle ground between full consent and no consent. Murky consent embraces the fact that consent in privacy is largely a set of fictions and is at best highly dubious. Because it conceptualizes consent as mostly fictional, murky consent recognizes its lack of legitimacy. To return to Hurd's analogy, murky consent is consent without magic. Rather than provide extensive legitimacy and power, murky consent should authorize only a very restricted and weak license to use data. Murky consent should be subject to extensive regulatory oversight with an ever-present risk that it could be deemed invalid. Murky consent should rest on shaky ground. Because the law pretends people are consenting, the law's goal should be to ensure that what people are consenting to is good. Doing so promotes the integrity of the fictions of consent. I propose four duties to achieve this end: (1) duty to obtain consent appropriately; (2) duty to avoid thwarting reasonable expectations; (3) duty of loyalty; and (4) duty to avoid unreasonable risk. The law can't make the tale of privacy consent less fictional, but with these duties, the law can ensure the story ends well. [ABSTRACT FROM AUTHOR]

Published

2024

17. Steps Toward a Shared Infrastructure for Multi-Party Secure Private Computing in Official Statistics.

Author

Ricciato, Fabio

Subjects

*DATA integrity, *DATA protection, *DATA protection laws

Abstract

This document explores the potential use of Secure Private Computation (SPC) technologies in the production of official statistics. Eurostat is considering the development of a shared Multi-Party Secure Private Computation (MPSPC) system called MPSPC-as-a-Service (MPSPCaaS) for the European Statistical Systems (ESS). The system aims to enable collaborative processing of confidential data sets without disclosing input data, using a distributed multi-party core infrastructure. The text also discusses the use of privacy-enhancing technologies (PETs) in official statistics, aligning with the General Data Protection Regulation (GDPR). Eurostat is working on legislative enablers for the adoption of PETs, emphasizing the need for a balanced approach that protects individual privacy while producing accurate and timely statistics. [Extracted from the article]

Published

2024

18. The civic transformation of data privacy implementation in Europe.

Author

Mizarhi-Borohovich, Inbar, Newman, Abraham, and Sivan-Sevilla, Ido

Subjects

*DATA privacy, *PERSONALLY identifiable information, *DATA protection laws, *CIVIL rights, *NONGOVERNMENTAL organizations

Abstract

Recent data protection laws in the EU institutionalise NGO engagement with regulators and enable new mechanisms for bottom-up policy implementation. The article studies thirteen European NGOs and maps their contribution to policy implementation based on a novel typology for understanding their scope (national vs. transnational) and goals (direct vs. strategic) of actions. The article asks: (1) how do NGOs vary in their contribution to data privacy implementation in Europe? and (2) what are the implications of those variations for differentiated policy implementation? Through analyses of NGOs' informational activities and GDPR complaints, the article finds that NGOs converge towards privileging a transnational strategic civic-enforcement model, prioritising pan-European privacy cases to alter policy implementation, over individual citizen advocacy and empowerment at the national level. Civic engagement has served to mitigate cross-border policy implementation disparities, while preserving considerable regulatory discretion nationally. Integrating NGOs into the analysis of differential privacy policy implementation helps in highlighting the evolving nature of EU civil liberties. [ABSTRACT FROM AUTHOR]

Published

2024

19. APPLICATION OF CRIMINAL OFFENDERS MISUSE OF NATIONAL IDENTIFICATION NUMBERS FOR PHONE CARD REGISTRATION IN MAKASSAR CITY.

Author

Sri Buyung, Marilang, and Kahfi, Ashabul

Subjects

NATIONAL character, TELEPHONE numbers, PERSONALLY identifiable information, DATA protection laws, DATA protection, CRIME, INTERNET privacy

Abstract

Copyright of Alauddin Law Development Journal is the property of Alauddin Law Development Journal (ALDEV) and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2024

20. Building Compliance Resilience Amid a Patchwork of Data Protection and Privacy Laws.

Author

BARCLAY, CORLANE

Subjects

DATA privacy, DATA protection, RIGHT to be forgotten, DATA protection laws, RIGHT of privacy

Abstract

The article informs about the exponential growth in digital dependence leading to significant risks to individual privacy and security, highlighted by global data breaches. Topics include the transformative impact of regulations like the EU GDPR on the global data protection landscape and the resulting patchwork of privacy laws and regulations, encompassing diverse requirements and obligations within and across regions.s.

Published

2024

21. A Reference Design Model to Manage Consent in Data Subjects-Centered Internet of Things Devices.

Author

Khatiwada, Pankaj, Yang, Bian, Lin, Jia-Chun, Mugurusi, Godfrey, and Underbekken, Stian

Subjects

INTERNET of things, DATA privacy, GENERAL Data Protection Regulation, 2016, DATA protection laws, CUSTOMER relations

Abstract

Internet of Things (IoT) devices have changed how billions of people in the world connect and interact with each other. But, as more people use IoT devices, many questions arise about how these devices handle private data and whether they properly ask for permission when using it. Due to information privacy regulations such as the EU's General Data Protection Regulation (GDPR), which requires companies to seek permission from data subjects (DS) before using their data, it is crucial for IoT companies to obtain this permission correctly. However, this can be really challenging in the IoT world because people often find it difficult to interact with and manage multiple IoT devices under their control. Also, the rules about privacy are not always clear. As such, this paper proposes a new model to improve how consent is managed in the world of IoT. The model seeks to minimize "consent fatigue" (when people get tired of always being asked for permission) and give DS more control over how their data are shared. This includes having default permission settings, being able to compare similar devices, and, in the future, using AI to give personalized advice. The model allows users to easily review and change their IoT device permissions if previous conditions are not met. It also emphasizes the need for easily understandable privacy rules, clear communication with users, and robust tracking of consent for data usage. By using this model, companies that provide IoT services can do a better job of protecting user privacy and managing DS consent. In addition, companies can more easily comply with data protection laws and build stronger relationships with their customers. [ABSTRACT FROM AUTHOR]

Published

2024

22. Data sovereignty: The next frontier for internet policy?

Author

Hutchinson, Jonathon, Stilinovic, Milica, and Gray, Joanne E.

Subjects

SOVEREIGNTY, NETWORK governance, INTERNET, DATA protection laws, MAORI (New Zealand people), SUSTAINABLE development, INDIGENOUS children

Abstract

The article discusses the concept of data sovereignty and its implications for internet policy. Data sovereignty refers to the rights of nations or regions to govern the flow and management of data within their borders. It has far-reaching implications for sectors such as economics, law, security, privacy, and technology. Data sovereignty can enhance control, autonomy, and security over data, protect privacy rights, promote inclusivity and diversity, foster economic growth, and enhance trust and transparency in data governance. However, implementing data sovereignty poses challenges, such as balancing national sovereignty with the global nature of the internet and harmonizing regulations across jurisdictions. The article also highlights a case study in Aotearoa New Zealand, where data sovereignty is of concern to Indigenous users. The Te Mana Raraunga network advocates for Māori rights and interests in data and supports the development of Māori data infrastructure and digital businesses. The article concludes by discussing other articles in the issue that explore various aspects of infrastructure, policy, and participation in the digital realm. [Extracted from the article]

Published

2024

23. The SingHealth Perioperative and Anesthesia Subject Area Registry (PASAR), a large-scale perioperative data mart and registry.

Author

Abdullah, Hairil Rizal, Lim, Daniel Yan Zheng, Yuhe Ke, Salim, Nur Nasyitah Mohamed, Xiang Lan, Yizhi Dong, and Mengling Feng

Subjects

*SURGICAL emergencies, *ELECTRONIC health records, *DATA protection laws, *ANESTHESIA, *INTENSIVE care units

Abstract

Background: To enhance perioperative outcomes, a perioperative registry that integrates high-quality real-world data throughout the perioperative period is essential. Singapore General Hospital established the Perioperative and Anesthesia Subject Area Registry (PASAR) to unify data from the preoperative, intraoperative, and postoperative stages. This study presents the methodology employed to create this database. Methods: Since 2016, data from surgical patients have been collected from the hospital electronic medical record systems, de-identified, and stored securely in compliance with privacy and data protection laws. As a representative sample, data from initiation in 2016 to December 2022 were collected. Results: As of December 2022, PASAR data comprise 26 tables, encompassing 153,312 patient admissions and 168,977 operation sessions. For this period, the median age of the patients was 60.0 years, sex distribution was balanced, and the majority were Chinese. Hypertension and cardiovascular comorbidities were also prevalent. Information including operation type and time, intensive care unit (ICU) length of stay, and 30-day and 1-year mortality rates were collected. Emergency surgeries resulted in longer ICU stays, but shorter operation times than elective surgeries. Conclusions: The PASAR provides a comprehensive and automated approach to gathering high-quality perioperative patient data. [ABSTRACT FROM AUTHOR]

Published

2024

24. Legal and ethical aspects of deploying artificial intelligence in climate-smart agriculture.

Author

Uddin, Mahatab, Chowdhury, Ataharul, and Kabir, Muhammad Ashad

Subjects

*AGRICULTURAL technology, *ARTIFICIAL intelligence, *DATA protection laws, *AGRICULTURE, *LEGAL documents, *TORTS

Abstract

This study aims to identify artificial intelligence (AI) technologies that are applied in climate-smart agricultural practices and address ethical concerns of deploying those technologies from legal perspectives. As climate-smart agricultural AI, the study considers those AI-based technologies that are used for precision agriculture, monitoring peat lands, deforestation tracking, and improved forest management. The study utilized a systematic literature review approach to identify and analyze AI technologies employed in climate-smart agriculture and associated ethical and legal concerns. The study findings indicate several ethical concerns for deploying AI in climate-smart agricultural practices pertaining to data inaccuracy, other technical errors based on wrong recommendations or wrongful acts, data ownership and intellectual property issues, and economic issues resulting in digital division and privacy and security related issues. In this study, the ethical concerns were further examined based on criminal law, tort law, privacy and data protection law, and intellectual property law. In this regard, the study finds that the current tort law pattern is more suitable than the criminal law pattern to address some major ethical concerns, such as data inaccuracy and other technical errors based on wrong recommendations or wrongful acts. Finally, the study recommends that at the global level, all countries need to fill up the current gap of international law on climate-smart agriculture through agreeing on a standard set of legal provisions and enhancing collaboration in innovation and deployment of climate-smart agricultural AI. It further recommends that at the local level, countries need to adopt suitable regulations addressing multi-stakeholders' interests associated with the deployment of climate-smart agricultural AIs. [ABSTRACT FROM AUTHOR]

Published

2024

25. BGH: EuGH-Vorlage zu Unterlassungs‑, Löschungs- und -Schadensersatzanspruch wegen DSGVO-Verstoßes.

Subjects

GENERAL Data Protection Regulation, 2016, DATA protection laws, FEDERAL courts, PERSONALLY identifiable information, DISCLOSURE, EMOTIONS, ANGER, PRESUMPTION of innocence, DAMAGES (Law)

Abstract

The article focuses on legal questions regarding the interpretation of certain articles of the EU General Data Protection Regulation (GDPR) raised in a case before the European Court of Justice (ECJ). Topics include whether individuals have a right to demand cessation of unlawful data disclosure without requesting deletion, the presumption of repeated violations based on past breaches, and the assessment of immaterial damages under GDPR Article 82.

Published

2024

26. EuGH: Recht des Patienten auf Kopie seiner medizinischen Akte.

Subjects

PATIENTS' rights, MEDICAL records, DECISION making, GENERAL Data Protection Regulation, 2016, DENTISTS, OBLIGATIONS (Law), COURTS, DATA protection laws

Abstract

The article focuses on a European Court of Justice (EuGH) ruling regarding a patient's right to obtain a free copy of their medical records under the General Data Protection Regulation (DSGVO). Topics include the interpretation of DSGVO articles 12 and 15, emphasizing that the obligation of the data controller to provide a free initial copy of personal data extends to cases where the request is made for purposes other than those explicitly mentioned in the regulation.

Published

2024

27. EuGH: Reichweite des Datenschutzrechts für parlamentarische Untersuchungsausschüsse.

Subjects

DATA protection laws, GENERAL Data Protection Regulation, 2016, LEGISLATIVE committees, DATA security laws, POWER (Social sciences), COMMITTEES, AUTHORITARIANISM, INVESTIGATION reports

Abstract

The article focuses on a European Court of Justice (EuGH) ruling regarding the scope of data protection rights for parliamentary investigative committees. The three main topics covered include the interpretation of European Union (EU) law concerning the activities of such committees; the consideration of activities related to the investigation of a law; and scope of data protection law.

Published

2024

28. IT-Schnittstellen als Einfallstor datenschutzrechtlicher Non-Compliance — Grundlagen und Beispiele für die Auswahl technischer und organisatorischer Maßnahmen beim Einsatz von IT-Schnittstellen.

Author

Mertens, Timon

Subjects

APPLICATION program interfaces, DATA protection, INFORMATION technology, DATA protection laws, LEGAL literature, GENERAL Data Protection Regulation, 2016, PERSONALLY identifiable information, DATA security laws, NONCOMPLIANCE

Abstract

The article focuses on the significance of Information technology (IT) interfaces (APIs) in a digitized society, highlighting their importance for data exchange and business competitiveness. Topics include the technical nature of IT interfaces, potential risks, and the need for legal attention, especially in the context of data protection. The article also discusses the lack of consideration for IT interfaces in legal consultations and GDPR literature.

Published

2024

29. Cloud Switching gemäß Data Act: Die Abschaffung von Switching Charges — Was ist ein Wechselentgelt und welche Wechsel sind betroffen?

Author

Lagoni, Jacek

Subjects

DATA protection laws, SWITCHING costs, DATA extraction, DATA security laws, ADMINISTRATIVE fees, CLOUD computing, DISTRIBUTED computing, PAYMENT, DEFINITIONS, PROFESSIONALISM

Abstract

The article focuses on the implications of the Data Act regarding switching charges in cloud services. Topics include the detailed explanation of switching charges, including standard services, professional services, and early termination penalties, as well as the privileged position of On-Premise providers within the Data Act framework.

Published

2024

30. Der Data Act: Zwischen Markt- und Vertragsgestaltung — Auswirkungen auf die Ausgestaltung von Datenüberlassungsverträgen aus der Perspektive von Nutzern.

Author

Ehlen, Theresa and Sebulke, Philipp

Subjects

BIT rate, CONTRACTS, PROTECTION of trade secrets, DATA plans, DATA protection laws, INFORMATION technology, DATA security laws, LAW firms

Abstract

The article focuses on the implications of the Data Act on the design of data transfer contracts from the user's perspective. It discusses the act's market-shaping approach, aiming to create a "single market for data" and addressing challenges related to data access and usage. The article emphasizes the need for compliance with mandatory legal requirements for data access and highlights the importance of reviewing in the context of the Data Act's contractual framework.

Published

2024

31. Datenzugang im Spannungsfeld zwischen DSGVO, Geschäftsgeheimnisschutz und Datenbankherstellerrecht — Achillesferse des Data Act in der Praxis?

Author

Antoine, Lucie

Subjects

PROTECTION of trade secrets, TRADE secrets, DATA protection, GENERAL Data Protection Regulation, 2016, DATA protection laws, INFORMATION sharing, DATABASES

Abstract

The article focuses on the challenges arising from the interaction between the Data Act and data protection regulations, trade secret protection, and the rights of database producers. It discusses the potential difficulties in implementing the Data Act due to the broad applicability of the General Data Protection Regulation (GDPR), issues related to protecting data as trade secrets, and the resolution of conflicts with the sui generis right of database producers.

Published

2024

32. EU: Infringement of Data Protection Law By Trans–mission of Pseudonymous Data?

Subjects

DATA protection laws, CONSUMER behavior, INTERNET protocol address, COMPUTER laws, INTERNET service providers

Abstract

The article focuses on whether the transmission of pseudonymous data constitutes a violation of data protection laws, particularly when the receiver lacks the means to re-identify individuals. Topics discussed include the legal framework surrounding the transmission of pseudonymous data, the procedures followed by the Single Resolution Board in handling personal data during a consultation phase, and complaints raised regarding the disclosure of data to third parties without explicit consent.

Published

2024

33. Understanding Data Breach from a Global Perspective: Incident Visualization and Data Protection Law Review.

Author

Pimenta Rodrigues, Gabriel Arquelau, Marques Serrano, André Luiz, Lopes Espiñeira Lemos, Amanda Nunes, Canedo, Edna Dias, Mendonça, Fábio Lúcio Lopes de, de Oliveira Albuquerque, Robson, Sandoval Orozco, Ana Lucila, and García Villalba, Luis Javier

Subjects

DATA protection laws, DATA security failures, LAW reviews, DATA visualization, DATA protection

Abstract

Data breaches result in data loss, including personal, health, and financial information that are crucial, sensitive, and private. The breach is a security incident in which personal and sensitive data are exposed to unauthorized individuals, with the potential to incur several privacy concerns. As an example, the French newspaper Le Figaro breached approximately 7.4 billion records that included full names, passwords, and e-mail and physical addresses. To reduce the likelihood and impact of such breaches, it is fundamental to strengthen the security efforts against this type of incident and, for that, it is first necessary to identify patterns of its occurrence, primarily related to the number of data records leaked, the affected geographical region, and its regulatory aspects. To advance the discussion in this regard, we study a dataset comprising 428 worldwide data breaches between 2018 and 2019, providing a visualization of the related statistics, such as the most affected countries, the predominant economic sector targeted in different countries, and the median number of records leaked per incident in different countries, regions, and sectors. We then discuss the data protection regulation in effect in each country comprised in the dataset, correlating key elements of the legislation with the statistical findings. As a result, we have identified an extensive disclosure of medical records in India and government data in Brazil in the time range. Based on the analysis and visualization, we find some interesting insights that researchers seldom focus on before, and it is apparent that the real dangers of data leaks are beyond the ordinary imagination. Finally, this paper contributes to the discussion regarding data protection laws and compliance regarding data breaches, supporting, for example, the decision process of data storage location in the cloud. [ABSTRACT FROM AUTHOR]

Published

2024

34. A detailed database of sub-annual Spanish demographic statistics: 2005–2021.

Author

Lledó, Josep and Pavía, Jose M.

Subjects

DATABASES, DATA protection, DATA protection laws, RESEARCH questions, MOVING average process

Abstract

The big data revolution has made it possible to collect, transmit and exploit huge amounts of data. The potential this offer for data analysis, however, clashes with the limitations imposed by laws on protection of personal data. This paper details a new database (DEMOSPA0521) made after processing and summarising more than 868 million demographic records from Spain, corresponding to a period of seventeen years (2005–2021). DEMOSPA0521 is composed of fifteen files: a group of (monthly and daily moving averages) datasets derived from population stocks and a collection of (daily, monthly and quarterly) datasets obtained from population, death, migration and birth statistics. The intra-annual distributions were calculated by exploiting both the temporal dimensions of age and calendar. DEMOSPA0521 also includes eleven R-Code files that enables the summary datasets to be derived from the raw microdata. DEMOSPA0521 can be used to confirm established results and employed to answer new research questions. [ABSTRACT FROM AUTHOR]

Published

2024

35. How Should Legislation Be Made During the Digital Age? Indonesian Outlook.

Author

Al-Fatih, Sholahuddin

Subjects

DIGITAL technology, PERSONALLY identifiable information, DATA protection, ELECTRONIC money, DATA protection laws, SHARED virtual environments

Abstract

This article tries to explain how legislation should be made in the digital era. Because digitalization is something that cannot be rejected or avoided. Therefore, the dynamics of the digital era must also be responded to by law, especially in the study of legislation. Using normative research methods, this article found several important things, including 1) Indonesia does not yet have many legislative products regarding the digital era, there are only a few, for example, the IET Law, the Personal Data Protection Law, and the like. 2) Indonesia needs to respond to developments in the digital era by issuing special regulations, for example, the Metaverse Bill, the Digital Money Bill, AI Bill, and the like. 3) The method for establishing legislation in the digital era must also adapt to the times. So, it does not rule out the possibility that in the digital era, there is a known method for establishing statutory regulations other than the existing conventional methods, such as RIA or omnibus law. [ABSTRACT FROM AUTHOR]

Published

2024

36. The Chilling Effects of Obstacles to Accessing, Using, and Sharing In-Copyright Data for Quantitative Research.

Author

Aufderheide, Patricia, Butler, Brandon, and Anastacio, Kimberly

Subjects

*DATA mining, *PDF (Computer file format), *PUBLIC domain (Copyright law), *QUANTITATIVE research, *FAIR use (Copyright), *DATA protection laws, *INFORMATION sharing

Abstract

The article explores the challenges researchers face when conducting text and data mining (TDM) due to copyright restrictions. It highlights issues such as limited access to data, confusing license terms, and restrictions on data use and sharing. These obstacles can lead to changes in research design, limited scope and quality of research, and delays in obtaining data. The article suggests solutions such as deidentifying and sharing datasets, collaborating with data owners, and implementing policies that support TDM research. It emphasizes the need for governments to address restrictive copyright laws and expand open access to government databases to facilitate TDM research. [Extracted from the article]

Published

2024

37. DATA IS WHAT DATA DOES: REGULATING BASED ON HARM AND RISK INSTEAD OF SENSITIVE DATA.

Author

Solove, Daniel J.

Subjects

*DATA protection, *DATA privacy, *PERSONALLY identifiable information, *DATA protection laws, *RIGHT of privacy, *BIG data, *MACHINE learning

Abstract

Heightened protection for sensitive data is becoming quite trendy in privacy laws around the world. Originating in European Union (EU) data protection law and included in the EU's General Data Protection Regulation, sensitive data singles out certain categories of personal data for extra protection. Commonly recognized special categories of sensitive data include racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, sexual orientation and sex life, and biometric and genetic data. Although heightened protection for sensitive data appropriately recognizes that not all situations involving personal data should be protected uniformly, the sensitive data approach is a dead end. The sensitive data categories are arbitrary and lack any coherent theory for identifying them. The borderlines of many categories are so blurry that they are useless. Moreover, it is easy to use nonsensitive data as a proxy for certain types of sensitive data. Personal data is akin to a grand tapestry, with different types of data interwoven to a degree that makes it impossible to separate out the strands. With Big Data and powerful machine learning algorithms, most nonsensitive data give rise to inferences about sensitive data. In many privacy laws, data giving rise to inferences about sensitive data is also protected as sensitive data. Arguably, then, nearly all personal data can be sensitive, and the sensitive data categories can swallow up everything. As a result, most organizations are currently processing a vast amount of data in violation of the laws. This Article argues that the problems with the sensitive data approach make it unworkable and counterproductive as well as expose a deeper flaw at the root of many privacy laws. These laws make a fundamental conceptual mistake--they embrace the idea that the nature of personal data is a sufficiently useful focal point for the law. But nothing meaningful for regulation can be determined solely by looking at the data itself. Data is what data does. To be effective, privacy law must focus on harm and risk rather than on the nature of personal data. The implications of this point extend far beyond sensitive data provisions. In many elements of privacy laws, protections should be proportionate to the harm and risk involved with the data collection, use, and transfer. [ABSTRACT FROM AUTHOR]

Published

2024

38. Privacy preserving vaccinating‐ and testing‐pass for the European Union.

Author

Schrahe, Dominik and Städter, Thomas

Subjects

*COVID-19 pandemic, *DATA protection laws, *DIGITAL certificates, *PRIVACY, *DATA protection, *MEDICAL care costs, *TRANSPARENCY in government

Abstract

Physicians and scientists hope that health‐data will provide new insights into improving medical care and optimizing healthcare costs. However, data protection laws in Europe often place limits on the use of patient data. During the COVID‐19 pandemic, both digital immunity records and data on infections were needed for pandemic management. Using this example, the research project will develop a system concept for vaccination, testing, and recovery proof called privacy preserving pass for vaccination and testing (P3VT), that will make collected data available to research and policy pandemic management in real time and anonymized. P3VT consistently considers the goals of privacy‐by‐design, data minimization and transparency of the EU‐GDPR. Expert interviews validated the system from medical, technical, and privacy perspectives. P3VT offers several advantages compared to the EU digital COVID certificate such as pseudonymized proofing of vaccination, testing, and recovery for a reduction of misuse of sensitive personal data and transparency about the nature, timing, and purpose of the proof. Above that anonymized medical data are provided to improve pandemic management, and research. P3VT is thus an exemplary solution for the comprehensive provision of health‐data for research purposes combined with high‐level data protection. Further areas of application are conceivable. [ABSTRACT FROM AUTHOR]

Published

2024

39. Introduction: Re-Reading Francoism to Re-Read Post-1945 Europe.

Author

Graham, Helen

Subjects

*FRANCOISM, *TORTURE, *ACTIVISM, *GAZE, *POLITICAL persecution, *HUMAN trafficking, *RURAL-urban migration, *DATA protection laws, *COLONIES

Abstract

This article provides a comprehensive analysis of Francoism in Spain, challenging the common perception of it as a traditional authoritarian regime. It explores the historical context of the regime, highlighting the mass repression and forced migration that occurred during this period. The article also discusses the experiences of women under Francoism, emphasizing the gender-specific forms of abuse they faced. Additionally, it examines the role of the Catholic Church in implementing the regime's policies and its collaboration with Francoism. The text further explores the social and political dynamics of Francoist Spain, focusing on marginalized groups such as migrants and prisoners. It emphasizes the oppressive nature of the regime and its efforts to control dissent. The article concludes by highlighting the significance of Francoism in European history and its relevance to contemporary issues. [Extracted from the article]

Published

2024

40. Malta ∙ Data Protection and Scientific Research: A Focus on the Legal Regime in Malta.

Author

M Caruana, Mireille and Meilak Borg, Roxanne

Subjects

DATA protection laws, RESEARCH, GENERAL Data Protection Regulation, 2016, CONSENT (Law)

Abstract

The article focuses on the legal framework surrounding the use of personal data in scientific research, particularly under the GDPR . Topics include the conditions and justifications for processing special category data, challenges in relying on consent, and the implementation of research-related provisions in Maltese data protection legislation.

Published

2024

41. Practitioners' Corner ∙ Excessive Use of Data Access Rights in the Practice of Imposing Administrative Fines.

Author

Kuźnicka-Błaszkowska, Dominika

Subjects

GENERAL Data Protection Regulation, 2016, DATA protection laws, EUROPEAN Union membership, DATA security, ACCESS to information

Abstract

The article focuses on the implementation and potential misuse of data access rights under the GDPR, particularly how they may conflict with controllers' rights and complicate their activities. Topics include the scope and importance of the right of access, examples of its practical application in different Member States, and instances where the right may be restricted or abused, as demonstrated by cases from Spain and Germany.

Published

2024

42. France and Germany ∙ Amazon Fined by CNIL for Excessive Monitoring of Employees in France – Is the Situation in Germany Contrary to This?

Author

Braun, Sven

Subjects

FINES (Penalties), GENERAL Data Protection Regulation, 2016, DATA protection laws, EMPLOYEES, BAR codes

Abstract

The article focuses on the Commission Nationalede l'informatique etdes Libertés (CNIL) 32 million Euro fine on Amazon France Logistics for GDPR violations related to excessive employee monitoring, contrasting it with a similar case in Germany. Topics include the specifics of employee monitoring, violations found by the CNIL regarding the use of barcode scanners and video surveillance, and the differences in legal outcomes between France and Germany.

Published

2024

43. Practitioners' Corner ∙ How Effectively Do Consent Notices Inform Users About the Risks to Their Fundamental Rights?

Author

Grassl, Paul, Gerber, Nina, and von Grafenstein, Max

Subjects

GENERAL Data Protection Regulation, 2016, DATA protection laws, RIGHT of privacy, CONSENT (Law), CIVIL rights

Abstract

The article focuses on the prevalence of consent notices on websites following the implementation of legal regulations like the GDPR, raising questions about their effectiveness in informing users about privacy risks. Topics include the criticism of the 'notice and consent' system, challenges in users' understanding of data transactions, and proposing an interdisciplinary methodology to assess the effectiveness of consent notices in informing users about risks to their fundamental rights.

Published

2024

44. Comparative Analysis of Data Protection Laws and AI Privacy Risks in BRICS Nations: A Comprehensive Examination.

Author

Sharma, Animesh Kumar and Sharma, Rahul

Subjects

DATA protection, DATA privacy, DATA protection laws, ARTIFICIAL intelligence

Abstract

This comparative study delves into the intricate landscape of privacy and data protection risks associated with the integration of artificial intelligence (AI) applications within the framework of the BRICS nations—Brazil, Russia, India, China, and South Africa. As AI continues to revolutionize various sectors, concerns over the security of personal data have escalated, prompting the need for robust data protection regulations. This study critically analyzes the data protection bills of the BRICS nations, evaluating their effectiveness in mitigating privacy risks posed by AI technologies. By examining the distinct legal frameworks and policy approaches, the research highlights commonalities and divergences in addressing AI-related privacy challenges. Key factors explored encompass the scope of personal data, consent mechanisms, cross-border data transfers, data localization requirements, and the establishment of regulatory authorities. The analysis underscores the evolving nature of privacy and data protection laws within the dynamic landscape of AI. The research illuminates how each BRICS nation grapples with reconciling technological advancement and individual privacy rights. By identifying strengths and limitations, this study contributes to a deeper understanding of the global efforts to harness AI's potential while safeguarding personal data, offering insights valuable to policymakers, legal professionals, and stakeholders invested in the responsible development and deployment of AI technologies across diverse jurisdictions. [ABSTRACT FROM AUTHOR]

Published

2024

45. More Than an Enforcement Problem: The General Data Protection Regulation, Legal Fragmentation, and Transnational Data Governance.

Author

Yiran Lin

Subjects

DATA protection laws, DATA privacy, DATA security, INTERNATIONAL relations

Abstract

Transnational data governance has been a field of growing legislative development, emblematic of the increasing regulation of the digital economy. However, there are substantial challenges in governing cross-border data flows and activities while ensuring uniformity across borders and between jurisdictions. The General Data Protection Regulation (GDPR), a European Union (EU) regulation put into effect in 2018, is a transnational data governance regime that aims to create a golden data privacy standard with an extraterritorial reach. The GDPR is an emerging global standard that digital companies and nations will likely ultimately adhere to due to the significance of the European economy and to the EU's regulatory power. However, the GDPR's intra-EU implementation in the past five years has brought to light the inconsistencies in its application. This Note analyzes the obstacles confronted by the GDPR as a transnational data governance regime and the degree of legal fragmentation that has surfaced within its regional roll-out. The lack of consistency in implementing the GDPR will not only undermine the credibility and reliability of European regulatory power, but also create uncertainty for users and regulators across the world. To better understand the gap between the intended global reach of the GDPR and the current state of its uneven implementation, this Note discusses various factors that have contributed to the intra-EU divergence within national enforcement and corporate compliance. It then evaluates the strengths and deficiencies of suggested solutions to enhance the effective enforcement of the GDPR. By doing so, it links the GDPR's intra-EU legal fragmentation to the broader tension between Europe's right-based approach to data privacy, the United States' market-based approach, and China's state-based approach. Lastly, the Note sheds light on the importance of aligning these fundamental models in order to create a uniform and sustainable solution to transnational data governance and envision the future for global data privacy. [ABSTRACT FROM AUTHOR]

Published

2024

46. Lockert der EuGH durch sein FIN-Urteil den strengen „Personenbezug"? — Eine kritische Analyse der EuGH-Rechtsprechung anlässlich EuGH, Urt. v. 9.11.2023 – C-319/22, CR 2023, 798.

Author

Keppeler, Lutz, Poncza, Manuel, and Wölke, Annika

Subjects

GENERAL Data Protection Regulation, 2016, DATA protection laws, JUDGMENT (Psychology), AUTOMOBILE identification, INTERNET protocol address, LAW reports, digests, etc., LEGAL judgments, DEBATE, EUROPEAN law

Abstract

The article analyzes the European Court of Justice (ECJ) case law on the concept of "personal reference," focusing on the ECJ judgment of November 9, 2023, in the case C-319/22 related to FIN (Fahrzeugidentifikationsnummer or Vehicle Identification Number). It compares this ruling with the Breyer case from 2016, examining the evolution of the "personal reference" concept in data protection law. It emphasizes the ongoing debate between the absolute and relative approaches to personal reference.

Published

2024

47. A BLURRY LENS: ASSESSING THE COMPLICATED LEGAL LANDSCAPE OF BIOMETRIC PRIVACY THROUGH THE PERSPECTIVE OF MOBILE APPS.

Author

Mendolla, Mackenzie K.

Subjects

BIOMETRIC identification, MOBILE apps, RIGHT of privacy, ACCESS to information, DATA protection laws, DISCLOSURE

Published

2024

48. How does the General Data Protection Regulation (GDPR) affect financial intelligence exchange with third countries?

Author

Haq, Md. Zahurul

Subjects

GENERAL Data Protection Regulation, 2016, DATA protection laws, MONEY laundering

Abstract

Purpose: This paper aims to examine the probable effect of the General Data Protection Regulation of the European Union on the transfer of financial intelligence to a third country without an adequacy decision. Design/methodology/approach: This is an analytical study of the financial intelligence exchange mechanisms between the Bangladesh Financial Intelligence Unit (BFIU) and its foreign counterparts. The research analyses the key challenges this national agency faces in using the Egmont Group membership to import financial intelligence from jurisdictions with a superior data protection regime. Findings: Membership in the Egmont Group of Financial Intelligence Units does not guarantee unrestricted international intelligence exchange. Existing data protection regulations in Bangladesh are inadequate. This may forbid the transfer of the financial intelligence linked to European Union (EU) data subjects to Bangladesh. Research limitations/implications: This paper does not cover a thorough discussion on any specific alternative tools for data transfer from the EU to a third country except for "appropriate safeguards" options. Practical implications: The results of this study will help understand the existing legal and institutional limitations that may prevent intelligence exchange between the BFIU and its EU counterparts. Originality/value: The study helps ascertain the legislative reform necessary in Bangladesh, a third country, to facilitate the transfer of financial intelligence from the EU. [ABSTRACT FROM AUTHOR]

Published

2024

49. DATA CONTROLLERS AS DATA FIDUCIARIES: THEORY, DEFINITIONS & BURDENS OF PROOF.

Author

WILSON, NOELLE and REID, AMANDA

Subjects

DATA privacy, FIDUCIARY responsibility, BURDEN of proof, DATA protection, DATA protection laws, RIGHT of privacy, CONSUMERS

Abstract

As more U. S. states have begun to pass consumer privacy laws, there are growing calls for federal data privacy regulation to ease the burden of compliance with uarious, sometimes conflicting, state laws. However, scholars and lawmakers are divided on how best to balance robust priuacy protections with privacy laws to which businesses can realistically comply. Two prominent regulatory models haue emerged from scholarly debate. The Rights/Obligations Model grants consumers various rights and imposes obligations on businesses. This model has been trending in U.S. states, which have mirrored language from the European Union's General Data Protection Regulation (GDPR) by "imposing different obligations on data controllers" and "data" processors. However, there are shortcomings to this model that limit consumer rights and their ability to uindicate those rights. The Fiduciary Model has also received attention from lawmakers and scholars as an alternative model of regulation. The Fiduciary Model addresses gaps in the Rights/Obligations Model, but prominent critics have uoiced skepticism about the workability of the Fiduciary Model. This paper 's contributions are threefold. First, this paper examines the distinction between "data controllers" and "data processors" in the GDPR and whether those terms are likely to apply in a functionally similar way in new US. state consumer privacy laws. As companies strategize about how to comply with laws from a multitude of jurisdictions-and as states incorporate identical language into their own lawsunderstanding the similarities and differences between how such laws are applied will be crucial. Second, this puper furthers the debate about the workability of the Fiduciary Model by proposing that "data controllers," as defined in the GDPR and US. state laws, should be considered "data fiduciaries." This definition offers two benefits: (1) defining data fiduciaries as data controllers provides a workable definition that corresponds with fiduciary theory, and (2) harmonizing US. and GDPR law. Finally, this paper will argue that companies subject to state consumer priuacy laws should be considered "data controllers" by default and bear the burden of rebutting this presumption. This presumption reinforces the substantive policy behind consumer privacy law, accounts for the probability that parties violating consumer privacy laws will most likely be data controllers, and allocates the burden to the party with superior access to the euidence. [ABSTRACT FROM AUTHOR]

Published

2024

50. "GUARDING THE SANCTITY OF CHOICE AND PRIVACY": DATA PRIVACY AND ABORTION - THE NEXT FRONTIER OF THE FOURTH AMENDMENT.

Author

Houser, Ryan S.

Subjects

DATA privacy, DATA protection laws, TECHNOLOGICAL innovations, DIGITAL technology, RIGHT of privacy, TEXT messages

Abstract

In the wake of the Dobbs decision, a seismic shift reverberates through the landscape of reproductive rights. As investigations into private healthcare decisions surge, states wield increasingly sophisticated tools to probe into the private lives of pregnant individuals, igniting a contentious debate on privacy and data security. The United States is entering a looming era where internet search histories, emails, text messages, and GPS data become ammunition in the arsenal of state-led investigations. Dubbed as "dragnet criminal surveillance tools," these tactics will unleash a torrent of prosecutions, raising profound questions about the sanctity of personal information in the digital age. As the boundaries of privacy blur and the specter of Orwellian intrusion looms larger, the stage is set for a clash between legal precedent and technological innovation in the realm of reproductive justice. This Article investigates the way in which recent court rulings and laws concerning data and privacy offer safeguards for forthcoming legal challenges post-Dobbs. With the proliferation of abortion inquiries due to state-level bans, the Fourth Amendment and Stored Communications Act offer vital protections against potential misuse of investigative methods, ensuring data and privacy rights are upheld. This Article begins by analyzing the theoretical risks to data privacy and security post-Dobbs, illuminating potential issues through hypothetical scenarios and real-world examples. Additionally, this Article examines historical perspectives via pivotal court cases and policies on data privacy, contextualizing them within today's landscape of protection. Ultimately, this Article, leveraging insights from both historical and contemporary viewpoints, contends that the current protective framework, grounded in the Fourth Amendment and the Stored Communications Act, serves as a safeguard against Dobbs-related challenges, particularly concerning technology-driven infringements on abortion-related matters. [ABSTRACT FROM AUTHOR]

Published

2024