Your search keyword '"general data protection regulation"' showing total 3,630 results

1. HIPAA: A Demand to Modernize Health Legislation

Author

Sadri, Mehri

Subjects

Health Insurance Portability and Accountability Act, HIPAA, data privacy, data security, The Security Rule, The Privacy Rule, General Data Protection Regulation, GDPR, cybersecurity risk, healthcare data breach, Vigil v. Muir Medical Group IPA, Inc

Abstract

In the 21st-century digital age, health data privacy remains a crucial concern. This paper evaluates the effectiveness of the Health Insurance Portability and Accountability Act, known as HIPAA. More specifically, it demonstrates a need for a unified federal framework in the U.S. that aligns with General Data Protection Regulation’s protections to address modern-day cybersecurity threats better. This article argues that in an era of increased globalization, the United States should confront the task of reforming its healthcare data protection law to align with current cybersecurity risks. We begin by examining landmark legislation across American states to reveal inconsistencies between state and federal protective rulings. Later, we uncover the reactive nature of HIPAA, in contrast to GDPR’s proactive and citizen-centric approach. Through evaluating past lawsuits related to patient protection noncompliance, this paper depicts significant differences in the purpose, coverage, and execution of data protection laws between the United States and the European Union. It highlights GDPR’s effectiveness in granting individuals greater control over their data. Furthermore, this article proposes the adoption of newfound systems for standardized risk analysis and enhanced security across healthcare providers.As healthcare becomes more accessible to the American public, the amount of data in this system increases. This nationwide surge in data underscores the critical need to assess whether privacy laws established in the 1990s remain sufficient. Therefore, updates to healthcare legislation are essential to establishing stringent patient protections in response to the significant rise in data breach incidents within the healthcare network.

Published

2024

2. Reconciling the conflicting goals of privacy protection and competition policy through making platform use data saleable – an institutional perspective on data markets

Author

Reimers, Kai and Guo, Xunhua

Published

2024

3. A Cross-Layer Secure and Energy-Efficient Framework for the Internet of Things: A Comprehensive Survey.

Author

Mustafa, Rashid, Sarkar, Nurul I., Mohaghegh, Mahsa, and Pervez, Shahbaz

Subjects

*INTERNET security, *GENERAL Data Protection Regulation, 2016, *SMART cities, *ARTIFICIAL intelligence, *TELECOMMUNICATION

Abstract

This survey delves into cross-layer energy-efficient solutions and cutting-edge security measures for Internet of Things (IoT) networks. The conventional security techniques are considered inadequate, leading to the suggestion of AI-powered intrusion detection systems and novel strategies such as blockchain integration. This research aims to promote the development of smart cities by enhancing sustainability, security, and efficiency in the industrial and agricultural sectors through the use of IoT, blockchain, AI, and new communication technologies like 5G. In this paper, we provide a comprehensive review and analysis of secure and energy-efficient cross-layer IoT frameworks based on survey of more than 100 published research articles. We highlight the significance of developing IoT security for robust and sustainable connected systems. We discuss multi-layered security approaches and ways to enhance the energy efficiency of resource-constrained devices in IoT networks. Finally, we identify open research issues and future research directions in the emerging field of cross-layer design for secure and energy-efficient IoT networks. In order to improve cybersecurity and efficiency in smart cities, the research also focuses on developing a secure, energy-efficient IoT framework integrating blockchain, artificial intelligence, and quantum-safe cryptography. [ABSTRACT FROM AUTHOR]

Published

2024

4. Data privacy regulation and cross-border e-commerce.

Author

Yan, Jing

Subjects

DATA privacy, CROSS-border e-commerce, GENERAL Data Protection Regulation, 2016, TRADE regulation, DIGITAL technology

Abstract

The rise of big data in the global economy has altered the ways in which firms do international business. The digital revolution has also changed how international business is regulated. Personal information protection is one of the new challenging regulatory issues. In this study, we build a framework to discuss how data privacy regulation affects cross-border e-commerce. We show that data privacy regulation has four effects: the web traffic effect, the data collection effect, the advertising effect and the data sharing effect, all of which negatively affect cross-border e-commerce. We also demonstrate the heterogenous effects of data privacy regulation. Specifically, we argue that data privacy regulation has a stronger cross-border e-commerce reduction effect on countries with higher labor cost and marketing cost, and data privacy regulation has a larger negative effect on cross-border e-commerce for differentiated products than homogenous products. By empirically testing the impact of General Data Protection Regulation on cross-border e-commerce between 183 countries and European Union countries from 2015 to 2020, we confirm all the proposed hypotheses. There are few studies exploring specifically how data privacy regulation affects cross-border e-commerce. We contribute to the literatures by filling this gap. Our research results provide new insights for multinational companies and public policymakers on this globally important issue in the digital age. [ABSTRACT FROM AUTHOR]

Published

2024

5. The GDPR-DMA Nexus: Is the GDPR an Achilles Heel for the DMA's Data-Related Obligations?

Author

WIERZBICKA, Aleksandra

Abstract

In the ever-expanding digital realm, a systematized and coherent legal framework regulating data-driven competition has emerged as a paramount concern in the European Union. At the heart of this intricate puzzle lie the General Data Protection Regulation (GDPR) and the Digital Markets Act (DMA) governing data protection and market contestability respectively. While the 'without prejudice' clause enshrined in the DMA seeks to harmonize their coexistence, the true extent of their compatibility and complementarity remains elusive. The juxtaposition of these two legislative pillars unveils nuanced conflicts and potential vulnerabilities at their intersection. If disregarded, these glaring blind spots might become an Achilles heel of the DMA and risk to weaken the DMA's data-related ambitions. [ABSTRACT FROM AUTHOR]

Published

2024

6. Smart Health Revolution: Exploring Artificial Intelligence of Internet of Medical Things

Author

Shafik, Wasswa, Xhafa, Fatos, Series Editor, Kumar, Pardeep, editor, Singh, Prabhishek, editor, Diwakar, Manoj, editor, and Garg, Deepak, editor

Published

2024

7. General Data Protection Regulation: Current Challenges and Future Directions

Author

Mesarčík, Matúš, Hamuľák, Ondrej, and Ramiro Troitiño, David, editor

Published

2024

8. Adoption of GDPR – In the Intermunicipal Community of Terras de Trás-os-Montes, Portugal

Author

Padrão, Pascoal, Lopes, Isabel, Ribeiro, Maria Isabel, Kacprzyk, Janusz, Series Editor, Gomide, Fernando, Advisory Editor, Kaynak, Okyay, Advisory Editor, Liu, Derong, Advisory Editor, Pedrycz, Witold, Advisory Editor, Polycarpou, Marios M., Advisory Editor, Rudas, Imre J., Advisory Editor, Wang, Jun, Advisory Editor, Rocha, Alvaro, editor, Adeli, Hojjat, editor, Dzemyda, Gintautas, editor, Moreira, Fernando, editor, and Colla, Valentina, editor

Published

2024

9. Enabling Secondary Use of Health Data for the Development of Medical Devices Based on Machine Learning

Author

Köttering, Lea, Kono, Toshiyuki, Series Editor, Corrales Compagnucci, Marcelo, editor, Minssen, Timo, editor, Fenwick, Mark, editor, Aboy, Mateo, editor, and Liddell, Kathleen, editor

Published

2024

10. Privacy Essentials.

Author

Taylor, James, Henriksen-Bulmer, Jane, and Yucel, Cagatay

Subjects

DATA privacy, PRIVACY

Abstract

Following a series of legislative changes around privacy over the past 25 years, this study highlights data protection regulations and the complexities of applying these frameworks. To address this, we created a privacy framework to guide organisations in what steps they need to undertake to achieve compliance with the UK GDPR, highlighting the existing privacy frameworks for best practice and the requirements from the Information Commissioners Office. We applied our framework to a UK charity sector; to account for the specific nuances that working in a charity brings, we worked closely with local charities to understand their requirements, and interviewed privacy experts to develop a framework that is readily accessible and provides genuine value. Feeding the results into our privacy framework, a decision tree artefact has been developed for compliance. The artefact has been tested against black-box tests, System Usability Tests and UX Honeycomb tests. Results show that Privacy Essentials! provides the foundation of a data protection management framework and offers organisations the catalyst to start, enhance, or even validate a solid and effective data privacy programme. [ABSTRACT FROM AUTHOR]

Published

2024

11. National standardisierter Broad Consent in der Praxis: erste Erfahrungen, aktuelle Entwicklungen und kritische Betrachtungen.

Author

Zenker, Sven, Strech, Daniel, Jahns, Roland, Müller, Gabriele, Prasser, Fabian, Schickhardt, Christoph, Schmidt, Georg, Semler, Sebastian C., Winkler, Eva, and Drepper, Johannes

Abstract

Copyright of Bundesgesundheitsblatt - Gesundheitsforschung - Gesundheitsschutz is the property of Springer Nature and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2024

12. Information security failures identified and measured – ISO/IEC 27001:2013 controls ranked based on GDPR penalty case analysis.

Author

Suorsa, M. and Helo, P.

Subjects

*INFORMATION technology security, *GENERAL Data Protection Regulation, 2016, *ROOT cause analysis, *FAILURE analysis

Abstract

This paper identifies the failures and impacts of information security, as well as the most effective controls to mitigate information security risks in organizations. Root cause analysis was conducted on all year 2020 GDPR penalty cases (n = 81) based on misconduct as defined in GDPR article 32: "security of processing." ISO/IEC 27001 controls were used as failure identifiers in the analysis. As a result, this study presents both the most frequent and most expensive information security failures and correspondingly ranks and presents the correlation of the controls observed in the analysis. From a theoretical perspective, our study contributes by bridging the gap between regulation and information security and introduces a statistical method to analyze the GDPR penalty cases, and provides previously unreported findings about information security failures and their respective solutions. From a practical perspective, the results of our study are useful for organizations which aspire to manage information security more effectively in order to prevent the most typical and expensive information security failures. Organizations, as well as auditors implementing and assuring the ISO 27001, may use our results as a guideline whereby controls should be applied and verified first in sequential order based on their impact and interdependence. [ABSTRACT FROM AUTHOR]

Published

2024

13. Identifying undefined risks: A risk model and a privacy risk identification measure in the privacy impact assessment process.

Author

Kuroda, Yuki, Yamamoto, Goshiro, and Kuroda, Tomohiro

Subjects

*PRIVACY, *IDENTIFICATION, *DATA privacy, *GENERAL Data Protection Regulation, 2016

Abstract

Privacy impact assessment (PIA) has attracted the attention of privacy watchdogs and researchers for decades. This study focuses on a risk model and risk identification method, which are two crucial elements of the risk identification step in the PIA process. As a preparatory work, this article reviews national and international organizations’ current templates and guidelines and finds that PIA guidance includes multiple domains but rarely provide a risk model or a systematic risk identification method. Based on the analysis, our study offers a risk model that can capture various privacy risk realization processes. It further proposes a combination of risk identification methods that correspond to the main target domains in the PIA and the proposed risk model. This combination consists of privacy principles of a given personal information or privacy rule to check compliance with the rule, and our suggested list of risk factors is useful in inductively finding potential risk scenarios that violate social expectations of privacy. [ABSTRACT FROM AUTHOR]

Published

2024

14. The impact of the EU General data protection regulation on product innovation.

Author

Blind, Knut, Niebel, Crispin, and Rammer, Christian

Subjects

GENERAL Data Protection Regulation, 2016, TECHNOLOGICAL innovations, DATA protection

Abstract

In May 2018, a new regulation, the General Data Protection Regulation (GDPR), on data protection came in the European Union into force. It requires firms to update their data protection strategy and may complicate the use of data related to individuals, with potentially adverse effects on product innovation. This study provides evidence on the likely impacts of the GDPR on innovation. We employ a conditional difference-in-differences research design and estimate firm fixed-effects models based on data from the German innovation survey. We find that the GDPR led to a substantial shift from radical to incremental product innovation. Our finding indicates that the GDPR stimulated firms to re-organise their data management in a more profound way than they would have done in the absence of the regulation, opening up opportunities for improving existing products. The additional resources needed for complying with the GDPR limited their capacity for developing entirely new products. [ABSTRACT FROM AUTHOR]

Published

2024

15. 欧盟精细化数据立法下的数据保护与流通.

Author

何润韬

Abstract

Copyright of Cyber Security & Data Governance is the property of Editorial Office of Information Technology & Network Security and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2024

16. How does the General Data Protection Regulation (GDPR) affect financial intelligence exchange with third countries?

Author

Haq, Md. Zahurul

Published

2024

17. Challenges and Enablers for GDPR Compliance: Systematic Literature Review and Future Research Directions

Author

Nemer Alberto Zaguir, Guilherme Henrique de Magalhaes, and Mauro de Mesquita Spinola

Subjects

Challenges, enablers, enterprise architecture management, GDPR, general data protection regulation, information governance, Electrical engineering. Electronics. Nuclear engineering, TK1-9971

Abstract

Compliance with the General Data Protection Regulation (GDPR) or related laws by organizations could require organizational and technological changes. This topic has gained significant attention from management and scholars alike. Although the literature presents some reviews and research articles discussing challenges and enablers for GDPR compliance, they are often scattered and fragmented. One particular challenge is the implementation roadmap gap that arises when using ISO-based standards for compliance in isolation. On the other hand, as enablers for compliance, it raises the potential use of information governance (IG) and enterprise architecture management (EAM) disciplines. This research aims to provide a systematic literature review of the challenges and enablers for GDPR compliance and address this gap. The findings include a categorized list of challenges and enablers, a strategy for bridging the roadmap gap using IG and EAM, and the development of five propositions based on some challenges and enablers around this gap. Moreover, the study proposes a research agenda that includes conceptual work to build an IG-EAM framework, empirical research to verify those propositions, and developing new hypotheses stemming from the review’s challenges and enablers. These contributions enhance the body of knowledge providing practical insights for organizations striving for GDPR compliance.

Published

2024

18. On the Evaluation of Privacy Impact Assessment and Privacy Risk Assessment Methodologies: A Systematic Literature Review

Author

Samuel Wairimu, Leonardo Horn Iwaya, Lothar Fritsch, and Stefan Lindskog

Subjects

Privacy impact assessment, data protection impact assessment, general data protection regulation, privacy by design, privacy, review, Electrical engineering. Electronics. Nuclear engineering, TK1-9971

Abstract

Assessing privacy risks and incorporating privacy measures from the onset requires a comprehensive understanding of potential impacts on data subjects. Privacy Impact Assessments (PIAs) offer a systematic methodology for such purposes, which are closely related to Data Protection Impact Assessments (DPIAs), particularly outlined in Article 35 of the General Data Protection Regulation (GDPR). The core of a PIA is a Privacy Risk Assessment (PRA). PRAs can be integrated as part of full-fledged PIAs or independently developed to support PIA processes. Although these methodologies have been identified as essential enablers of privacy by design, their effectiveness has been criticized because of the lack of evidence of their rigorous and systematic evaluation. Hence, we conducted a Systematic Literature Review (SLR) to identify published PIA and PRA methodologies and assess how and to what extent they have been scientifically validated or evaluated. We found that these methodologies are rarely evaluated for their performance in practice, and most of them have only been validated in limited studies. Most validation evidence is found with PRA methodologies. Of the evaluated methodologies, PIAs were the most evaluated, where case studies were the predominant evaluation method. These evaluated methodologies can be easily transferred to an industrial setting or used by practitioners, as they provide evidence of their use in practice. In addition, the findings in this study can be used to inform researchers of the current state-of-the-art, and practitioners can understand the benefits and current limitations of the methodologies and adopt evidence-based practices.

Published

2024

19. A Cross-Layer Secure and Energy-Efficient Framework for the Internet of Things: A Comprehensive Survey

Author

Rashid Mustafa, Nurul I. Sarkar, Mahsa Mohaghegh, and Shahbaz Pervez

Subjects

cross-layer framework, Internet of Things, secure IoT, general data protection regulation, energy efficient, Chemical technology, TP1-1185

Abstract

This survey delves into cross-layer energy-efficient solutions and cutting-edge security measures for Internet of Things (IoT) networks. The conventional security techniques are considered inadequate, leading to the suggestion of AI-powered intrusion detection systems and novel strategies such as blockchain integration. This research aims to promote the development of smart cities by enhancing sustainability, security, and efficiency in the industrial and agricultural sectors through the use of IoT, blockchain, AI, and new communication technologies like 5G. In this paper, we provide a comprehensive review and analysis of secure and energy-efficient cross-layer IoT frameworks based on survey of more than 100 published research articles. We highlight the significance of developing IoT security for robust and sustainable connected systems. We discuss multi-layered security approaches and ways to enhance the energy efficiency of resource-constrained devices in IoT networks. Finally, we identify open research issues and future research directions in the emerging field of cross-layer design for secure and energy-efficient IoT networks. In order to improve cybersecurity and efficiency in smart cities, the research also focuses on developing a secure, energy-efficient IoT framework integrating blockchain, artificial intelligence, and quantum-safe cryptography.

Published

2024

20. NAČELO ODGOVORNOSTI I ODGOVARAJUĆE I UČINKOVITE MJERE PREMA OPĆOJ UREDBI O ZAŠTITI PODATAKA.

Author

Lisičar, Hrvoje

Abstract

Copyright of Collected Papers of Zagreb Law Faculty / Zbornik Pravnog Fakulteta u Zagrebu is the property of Sveuciliste u Zagrebu, Pravni Fakultet and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2024

21. Towards a GDPR-compliant cloud architecture with data privacy controlled through sticky policies.

Author

Cambronero, M. Emilia, Martínez, Miguel A., Llana, Luis, Rodríguez, Ricardo J., and Russo, Alejandro

Subjects

DATA privacy, UNIFIED modeling language, GENERAL Data Protection Regulation, 2016, CLOUD computing, SYSTEMS design

Abstract

Data privacy is one of the biggest challenges facing system architects at the system design stage. Especially when certain laws, such as the General Data Protection Regulation (GDPR), have to be complied with by cloud environments. In this article, we want to help cloud providers comply with the GDPR by proposing a GDPR-compliant cloud architecture. To do this, we use model-driven engineering techniques to design cloud architecture and analyze cloud interactions. In particular, we develop a complete framework, called MDCT, which includes a Unified Modeling Language profile that allows us to define specific cloud scenarios and profile validation to ensure that certain required properties are met. The validation process is implemented through the Object Constraint Language (OCL) rules, which allow us to describe the constraints in these models. To comply with many GDPR articles, the proposed cloud architecture considers data privacy and data tracking, enabling safe and secure data management and tracking in the context of the cloud. For this purpose, sticky policies associated with the data are incorporated to define permission for third parties to access the data and track instances of data access. As a result, a cloud architecture designed with MDCT contains a set of OCL rules to validate it as a GDPR-compliant cloud architecture. Our tool models key GDPR points such as user consent/withdrawal, the purpose of access, and data transparency and auditing, and considers data privacy and data tracking with the help of sticky policies. [ABSTRACT FROM AUTHOR]

Published

2024

22. NFTs for the Issuance and Validation of Academic Information That Complies with the GDPR.

Author

Delgado-von-Eitzen, Christian, Anido-Rifón, Luis, and Fernández-Iglesias, Manuel J.

Subjects

NON-fungible tokens, GENERAL Data Protection Regulation, 2016, DIGITAL technology, BLOCKCHAINS

Abstract

The issuance and verification of academic certificates face significant challenges in the digital era. The proliferation of counterfeit credentials and the lack of a reliable, universally accepted system for issuing and validating them pose critical issues in the educational domain. Certificates, traditionally issued by centralized educational institutions using their proprietary systems, pose challenges for straightforward verification, generating uncertainty about the credibility of academic achievements. In addition to diplomas issued by academic entities, it is now necessary in virtually all professional fields to stay updated and obtain accreditation for certain skills or experiences, which is a determining factor in securing or enhancing employment. Yet, there is no platform available to consistently demonstrate these capabilities and experiences. This article introduces a novel model for issuing and verifying academic information using non-fungible tokens (NFTs) supported by blockchain technologies, focused on compliance with the General Data Protection Regulation (GDPR). It describes a model that grants control to the data subject, enabling the management of information access while adhering to key GDPR principles. Simultaneously, it remains compatible with existing systems within organizations, and is flexible in certifying various types of academic information. The implications of this model are discussed, emphasizing the importance of addressing privacy in blockchain-based applications. [ABSTRACT FROM AUTHOR]

Published

2024

23. RE-EXAMINING THE FUTURE PROSPECTS OF ARTIFICIAL INTELLIGENCE IN EDUCATION IN LIGHT OF THE GDPR AND ChatGPT.

Author

BAI, John Y. H., ZAWACKI-RICHTER, Olaf, and MUSKENS, Wolfgang

Abstract

Artificial intelligence in education (AIEd) is a fast-growing field of research. In previous work, we described efforts to explore the possible futures of AIEd by identifying key variables and their future prospects. This paper re-examines our discussions on the governance of data and the role of students and teachers by considering the implications of 1) a recent case related to the General Data Protection Regulation (GDPR) and 2) the release of ChatGPT, a generative AI model capable to producing 'human-like' text. These events raise questions for the future of AIEd and the underlying function of assessment, and highlight the importance of active student participation in the integration of AI in education. [ABSTRACT FROM AUTHOR]

Published

2024

24. A DELEUZIAN PERSPECTIVE ON THE RIGHT OF DATA PROTECTION ON SOCIAL MEDIA.

Author

Samardžić, Dušan

Subjects

GENERAL Data Protection Regulation, 2016, DATA protection, BIG data, DATA analysis, SOCIAL media, PERSONALLY identifiable information

Abstract

The goal of this article is to explore - from the given theoretical framework - the effectiveness of the European Union's data protection capabilities, namely through the General Data Protection Regulation. The first and second sections develop the theory of control societies - as well as its historical background - and connects it with the theory of surveillance capitalism as its essential component. The third section delas with some critiques that have arisen in the few years after the GDPR came into force. The conclusion of the paper is that, only a few years after the GDPR came into force, it is still too early to decisively say what effect will it have on the big data industry. However, from the problems that have been elaborated, it seems unlikely that the big data industry will be meaningfully challenged when it comes to data protection. [ABSTRACT FROM AUTHOR]

Published

2024

25. A DELEUZIAN PERSPECTIVE ON THE RIGHT OF DATA PROTECTION ON SOCIAL MEDIA

Author

Dušan Samardžić

Subjects

control societies, big data, Surveillance capitalism, general data protection regulation, data analysis, Law in general. Comparative and uniform law. Jurisprudence, K1-7720

Abstract

The goal of this article is to explore – from the given theoretical framework – the effectiveness of the European Union’s data protection capabilities, namely through the General Data Protection Regulation. The first and second sections develop the theory of control societies – as well as its historical background – and connects it with the theory of surveillance capitalism as its essential component. The third section delas with some critiques that have arisen in the few years after the GDPR came into force. The conclusion of the paper is that, only a few years after the GDPR came into force, it is still too early to decisively say what effect will it have on the big data industry. However, from the problems that have been elaborated, it seems unlikely that the big data industry will be meaningfully challenged when it comes to data protection.

Published

2024

26. Comparative Studying the Personal Data in the European Union and Iranian Legal System

Author

behnaz Ahmadvand and Artin Jahan shahi

Subjects

personal data, identification of a natural person, reasonableness of identification, general data protection regulation, e-commerce law, data protection bill, privacy in cyberspace, Law

Abstract

Personal data, as one of the key concepts in the field of personal data protection legislation, is defined in the General Data Protection Regulation as any information relating to an identified or identifiable natural person. Identifying a person directly or indirectly may be through data content or the purpose of data processing or the effect of data processing on the person. In EU law, to determine whether a natural person can be identified through data processing, all means that are reasonably likely to be used by the controller or processor must be taken into account, and to ensure whether there is a reasonable possibility to determine whether a natural person is present or not, all objective factors must be considered, such as the cost and time required for identification and the technology available at the time of processing. Based on the criterion of identifiability, data that may potentially lead to the identification of a person in the future is also covered by the law; such a standard can create the necessary dynamics in the laws. Iran's legislator has differentiated in the protection of private and non-private data and has limited compliance with processing rules to the first category, but the approach of the draft data protection bill has similarities with European Union and has provided broader protection, however, it needs to be amended by adding the criterion of identification to the legal definition, as well as the protection of the data of the deceased.

Published

2023

27. Technical and Legal Aspects Relating to the (Re)Use of Health Data When Repurposing Machine Learning Models in the EU

Author

El Mestari, Soumia Zohra, Doğan, Fatma Sümeyra, Maria Botes, Wilhelmina, Schiffner, Stefan, editor, Ziegler, Sébastien, editor, and Jensen, Meiko, editor

Published

2023

28. Blockchain and the General Data Protection Regulation: Healthcare Data Processing

Author

Perchinunno, Paola, Massari, Antonella, L’Abbate, Samuela, Crocetta, Corrado, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Gervasi, Osvaldo, editor, Murgante, Beniamino, editor, Rocha, Ana Maria A. C., editor, Garau, Chiara, editor, Scorza, Francesco, editor, Karaca, Yeliz, editor, and Torre, Carmelo M., editor

Published

2023

29. The DMA and the GDPR: Making Sense of Data Accumulation, Cross-Use and Data Sharing Provisions

Author

Demircan, Muhammed, Rannenberg, Kai, Editor-in-Chief, Soares Barbosa, Luís, Editorial Board Member, Goedicke, Michael, Editorial Board Member, Tatnall, Arthur, Editorial Board Member, Neuhold, Erich J., Editorial Board Member, Stiller, Burkhard, Editorial Board Member, Stettner, Lukasz, Editorial Board Member, Pries-Heje, Jan, Editorial Board Member, Kreps, David, Editorial Board Member, Rettberg, Achim, Editorial Board Member, Furnell, Steven, Editorial Board Member, Mercier-Laurent, Eunika, Editorial Board Member, Winckler, Marco, Editorial Board Member, Malaka, Rainer, Editorial Board Member, Dillon, Tharam, Series Editor, Murayama, Yuko, Series Editor, Gulliksen, Jan, Series Editor, Whitehouse, Diane, Series Editor, Rauterberg, Matthias, Series Editor, Pras, Aiko, Editorial Board Member, Sakarovitch, Jacques, Editorial Board Member, Furbach, Ulrich, Editorial Board Member, Bieker, Felix, editor, Meyer, Joachim, editor, Pape, Sebastian, editor, Schiering, Ina, editor, and Weich, Andreas, editor

Published

2023

30. Sport and Nutrition Digital Analysis: A Legal Assessment

Author

Juliussen, Bjørn Aslak, Rui, Jon Petter, Johansen, Dag, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Dang-Nguyen, Duc-Tien, editor, Gurrin, Cathal, editor, Larson, Martha, editor, Smeaton, Alan F., editor, Rudinac, Stevan, editor, Dao, Minh-Son, editor, Trattner, Christoph, editor, and Chen, Phoebe, editor

Published

2023

31. How U.S. Courts Handle GDPR in Discovery Process: An Examination of a U.S. Patent Infringement Case

Author

Chahoki, Azam Zare, Duruigbo, Emeka, editor, Chibueze, Remigius, editor, Gozie Ogbodo, Sunday, editor, and Nweze, Chima Centus, Foreword by

Published

2023

32. Handling of Personal Data by Smart Home Equipment: an Exploratory Analysis in the Context of LGPD

Author

Thiago Adriano Coleti, Renato Balancieri, André Menolli, Omar Ali Mahmoud, Victor Hugo Sotti, Michel Yvano, and Marcelo Morandini

Subjects

Smart Home, Personal Data, General Data Protection Regulation, Privacy and Security, Computer software, QA76.75-76.765, Computer engineering. Computer hardware, TK7885-7895

Abstract

This paper presents an exploratory research that analyzed the Privacy and Security Policies and the Instruction Manuals of 59 home automation equipment for Smart Home in order to verify which personal data was handled and how these documents were providing information about processes performed in personal data. The analysis was conducted with a quantitative approach followed by a qualitative analysis, using content analysis. The surveys identified the following types of personal data: Identification, Financial, Devices and Location. The results presented greater interest in identification data, although financial and location are also used in specific cases. We also concluded that the Privacy and Security Policies present several information that meets the LGPD’s guidelines, especially regarding the purpose of using the data and which personal data is used. However, there is a visible lack of information about the benefits provided to data subjects and about sharing data with third parties, such as recipient data and the legal basis for sharing data.

Published

2024

33. Towards a GDPR-compliant cloud architecture with data privacy controlled through sticky policies

Author

M. Emilia Cambronero, Miguel A. Martínez, Luis Llana, Ricardo J. Rodríguez, and Alejandro Russo

Subjects

General data protection regulation, Data privacy, Cloud computing, Sticky policies, Data tracking, Unified Modeling Language, Electronic computers. Computer science, QA75.5-76.95

Abstract

Data privacy is one of the biggest challenges facing system architects at the system design stage. Especially when certain laws, such as the General Data Protection Regulation (GDPR), have to be complied with by cloud environments. In this article, we want to help cloud providers comply with the GDPR by proposing a GDPR-compliant cloud architecture. To do this, we use model-driven engineering techniques to design cloud architecture and analyze cloud interactions. In particular, we develop a complete framework, called MDCT, which includes a Unified Modeling Language profile that allows us to define specific cloud scenarios and profile validation to ensure that certain required properties are met. The validation process is implemented through the Object Constraint Language (OCL) rules, which allow us to describe the constraints in these models. To comply with many GDPR articles, the proposed cloud architecture considers data privacy and data tracking, enabling safe and secure data management and tracking in the context of the cloud. For this purpose, sticky policies associated with the data are incorporated to define permission for third parties to access the data and track instances of data access. As a result, a cloud architecture designed with MDCT contains a set of OCL rules to validate it as a GDPR-compliant cloud architecture. Our tool models key GDPR points such as user consent/withdrawal, the purpose of access, and data transparency and auditing, and considers data privacy and data tracking with the help of sticky policies.

Published

2024

34. Enhancing Safety on Construction Sites: A UWB-Based Proximity Warning System Ensuring GDPR Compliance to Prevent Collision Hazards.

Author

Mastrolembo Ventura, Silvia, Bellagente, Paolo, Rinaldi, Stefano, Flammini, Alessandra, and Ciribini, Angelo L. C.

Subjects

*BUILDING sites, *GENERAL Data Protection Regulation, 2016, *INDUSTRIAL safety, *COLLISIONS at sea, *DATA protection, *HAZARDS

Abstract

Construction is known as one of the most dangerous industries in terms of worker safety. Collisions due the excessive proximity of workers to moving construction vehicles are one of the leading causes of fatal and non-fatal accidents on construction sites internationally. Proximity warning systems (PWS) have been proposed in the literature as a solution to detect the risk for collision and to alert workers and equipment operators in time to prevent collisions. Although the role of sensing technologies for situational awareness has been recognised in previous studies, several factors still need to be considered. This paper describes the design of a prototype sensor-based PWS, aimed mainly at small and medium-sized construction companies, to collect real-time data directly from construction sites and to warn workers of a potential risk of collision accidents. It considers, in an integrated manner, factors such as cost of deployment, the actual nature of a construction site as an operating environment and data protection. A low-cost, ultra-wideband (UWB)-based proximity detection system has been developed that can operate with or without fixed anchors. In addition, the PWS is compliant with the General Data Protection Regulation (GDPR) of the European Union. A privacy-by-design approach has been adopted and privacy mechanisms have been used for data protection. Future work could evaluate the PWS in real operational conditions and incorporate additional factors for its further development, such as studies on the timely interpretation of data. [ABSTRACT FROM AUTHOR]

Published

2023

35. Gaps, guesswork, and ghosts lurking in technology integration: Laws and policies applicable to student privacy.

Author

Sun, Jeffrey C.

Abstract

Technology integration and learning analytics offer insights to improve educational experiences and outcomes. In advancing these efforts, laws and policies govern these environments placing protections, standards, and developmental opportunities for higher education, students, faculty, and even the nation‐state. Nonetheless, evidence of educational restrictions, encumbered actions, and archaic approaches pervades the legal literature and case law demonstrating that these laws and policies do not always function well in evolving and emerging technology spaces. To examine these laws and policies of student privacy, the author employs the combination of a critical policy analysis, which derives from critical social research as a means to explore discourse and policy through drawing out the policy contexts, texts, and consequences, and Flood's liberating systems theory, which directs the analysis to a problem‐solving approach by examining the policy discourse from a systems‐thinking lens. Based on a review of 184 court cases, 74 policies from a diversified representation of US states/territories, and seven developed nations or multi‐nation consortia, this examination illuminates how context and text such as the type and setting of the privacy matter (eg, various freedom of information acts, educational records under the Family Educational Rights and Privacy Act, and General Data Protection Regulation in the European Union) presents opportunities for protections and standardization efforts; however, they also illustrate significant protection gaps, guesswork and insufficiency around the type and degree of data subject consent, and ghosting effects of data subjects' protections. While the extant literature already supports aspects of these findings, it does not account for this holistic view of these three privacy vulnerabilities—especially in light of the principles to which these laws purport to achieve. Moreover, the three identified privacy vulnerabilities suggest overlooked inclusion of two overarching privacy concepts—transparency and equity. This study recommends that key actors in the policy construction realm (ie, university leaders, policymakers, and judges) should engage in analyses, dialogue, and consideration about transparency and equity by considering contemporary privacy problems in the contexts of artificial intelligence, quantum computing, and cybersecurity as a way to improve transparent and equitable policies in these areas rather than exacerbating the privacy dilemmas already in place. Practitioner notesWhat is already known about this topic In the United States, the Family Educational Rights and Privacy Act of 1974 (FERPA) and the Health Insurance Portability and Accountability Act of 1996 (HIPAA) are well documented evidence of privacy protections for education and health records, but they fail to offer sufficient protections for students as data subjects with emerging technologies.Existing federal‐level laws in the United States do not offer a systematic or uniform approach in the manner that data users obtain consent, so data subjects are largely unaware of what is being consented.Other than matters of consent, policy strategies based on student privacy laws (ie, voluntary consensus standards, basic practices to maintain privacy, an ethics review board, data/record retention and destruction, and data sanitation of equipment) are significant and informative largely from the university‐perspective, not the students as data subjects.What this paper adds A new comprehensive examination of US laws including statutes, regulations, and cases as well as seven key nation‐state or national consortia laws—especially the EU's General Data Protection Regulation and selected state laws in the United States, which offer consistent and greater student privacy protections.Insights about the principles designed among the laws, which centre around their application, essentiality, consent, and security.Attention to areas in which student privacy laws still present privacy concerns, but specifically identifying issues of significant gaps, guesswork and insufficiency around levels and types of consent, and ghosting effects of data subjects' protections.Implications for practice and/or policy Data subject consent should be established and consistent– whether an opt‐out provision, opt‐in provision, or some extensive engagement.Student privacy policies should incorporate principles of transparency and equity for data subjects and data treatment.Policymakers should consider now how the intersections of data subject privacy matters shall be addressed in the context of artificial intelligence, quantum computing, and cybersecurity. [ABSTRACT FROM AUTHOR]

Published

2023

36. Contextualizing privacy with wearable data in higher education.

Author

Hagadone‐Bedir, Mariah, Voithofer, Rick, and Kulp, Jessica T.

Abstract

This conceptual study uses dynamic systems theory (DST) and phenomenology as lenses to examine data privacy implications surrounding wearable devices that incorporate stakeholder, contextual and technical factors. Wearable devices can impact people's behaviour and sense of self, and DST and phenomenology provide complementary approaches for emphasizing the subjective experiences of individuals that occur with the use of wearable data. Privacy is approached through phenomenology as an individual's lived bodily experience and DST emphasizes the self‐regulation and feedback loops of individuals and their uses of wearable data. The data collection, analysis and communication of wearable data to support learning systems alongside privacy implications for each are examined. The IoT, cloud computing, metadata and algorithms are discussed as they relate to wearable data, pointing out privacy risks and strategies to minimize harm. Practitioner notesWhat is already known about this topicData privacy is a complex topic and is approached through different perspectives, influencing the degree of an individual's data autonomy.Wearable technology is increasing in the consumer market and offers great potential to learning environments.What this paper addsExtends extant literature on dynamic systems theory and phenomenology, contributing these perspectives to educational research in the context of student data privacy and wearable technologies.Provides a framework to understand the complex and contingent ways that privacy can be understood in the collection, analysis, and communication of wearable data to support learning.Implications for practice and/or policyHigher education faculty and educational policymakers should consider various interactions in systems and among systems of how wearable data collection may be analysed, communicated and stored, potentially exposing students to privacy harms.Multiple actors in learning systems must engage in continuous and evolving feedback loops around data security, consent, ownership and control to determine who has access to student data, how it is used and for what purposes.The EU's General Data Protection and Regulation offers one of the most comprehensive frameworks for higher education institutions and faculty around the world to follow for protecting student data privacy. [ABSTRACT FROM AUTHOR]

Published

2023

37. Η ψηφιακή υγεία, η ηλεκτρονική συνταγογράφηση και η τήρηση του Γενικού Κανονισμού Προστασίας Δεδομένων

Author

Πετρής, Α., Αποστολάκης, Ι., and Σαράφης, Π.

Subjects

*GENERAL Data Protection Regulation, 2016, *MOBILE health, *INTERNET in public administration

Abstract

The rapidly developing Information and Communication Technologies (ICT) introduce a wide range of digital applications in the field of health, in the context of electronic health (e-health) and aim at the prolepsis, diagnosis and management of various diseases. Electronic prescribing is a basic e-health service. However, the digitalization, elaboration and data transfer relating to physical condition and health of citizens lurks the risk of their malicious use. Greek legislation has been harmonized with the General Data Protection Regulation (GDPR) established by the European Union to protect individuals against these risks. The present study describes the applications of e-health and attempts to highlight the improvements that electronic prescribing is amenable to the context of its evolution. In addition, it focuses on problems faced by Greek medical institutions in the implementation of the GDPR and classifies them in general issues, which concern organizational and institutional deficiencies and specifically refer to the need to develop consent forms. [ABSTRACT FROM AUTHOR]

Published

2023

38. Rechtliche Einordnung von künstlicher Intelligenz in der Inneren Medizin: Von Datenschutz und Regulatorik, Erstattungs- und Haftungsfragen.

Author

Haftenberger, Anna and Dierks, Christian

Abstract

Copyright of Innere Medizin (2731-7080) is the property of Springer Nature and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2023

39. Impact Assessment as a Legal Design Pattern—A “Timeless Way” of Managing Future Risks?

Author

Wernick, Alina

Published

2024

40. Identity as a service : an adaptive security infrastructure and privacy-preserving user identity for the cloud environment

Author

Vo, Hoang Tri

Subjects

004.67, Identity-as-a-Service, Purpose-based Encryption, Identity Management, General Data Protection Regulation, cloud adaptation, privacy-preserving

Abstract

In recent years, enterprise applications have begun to migrate from a local hosting to a cloud provider and may have established a business-to-business relationship with each other manually. Adaptation of existing applications requires substantial implementation changes in individual architectural components. Existing work has focused on migrating the applications with functional and non-functional aspects. However, none of them has focused so far on the adaptation of the required security infrastructure. On the other hand, users may store their Personal Identifiable Information (PII) in the cloud environment so that cloud services may access and use it on demand. Although cloud services specify their privacy policies, it is not possible to guarantee that they will follow their policies and will not (accidentally) transfer PII to another party. To solve the aforementioned issues, this thesis presents Identity-as-a-Service (IDaaS) as a trusted Identity and Access Management with two new requirements: Firstly, IDaaS adapts the required security infrastructures of cloud services to complete a business-to-business transaction on demand. The thesis decouples the security infrastructures from the business logic of the applications and models them as a security topology. When the business comes up with a new e-commerce scenario, IDaaS uses the security topology to adapt the security infrastructures of cloud services and propagate PII from the original caller via intermediaries to the end service on demand. Also, when cloud services migrate to other cloud providers, the trust relationship between them is adapted and preserved during the migration. As a result, developers do not need to re-implement their applications upon each change. The security infrastructure is portable across cloud providers as well as interoperable with the protected cloud services in the backend. Secondly, the thesis proposes a novel Purpose-based Encryption to protect the confidentiality of PII in federated security domains. Unlike prior research, the thesis involves the least user interaction to prevent identity theft via the human link. By using Purpose-based Encryption, users encrypt PII with their intended purposes and in a given period and disseminate the ciphertext in federated security domains. To complete a business transaction, cloud services can decrypt the ciphertext for the right purposes and in the given time, but nothing more. As a result, the encryption protects the disclosure of PII over intermediaries in a business transaction and against untrusted hosts. The solution is compliant with the General Data Protection Regulation of the European Union. The implementation can be easily adapted to existing Identity Management systems, and the performance is fast.

Published

2020

41. Castellum – eine datenschutzkonforme Webanwendung für das Management von Proband:innen der wissenschaftlichen Forschung

Author

Mader, Karolina Luisa, Harlos, Philipp, and Bengfort, Tobias

Subjects

castellum, general data protection regulation, data protection, open source software, subject management, study recruitment, medical research studies, Bibliography. Library science. Information resources, Medicine (General), R5-920

Abstract

Strict requirements apply to the administration of participants in regulated clinical trials. Depending on the study, medicines acts, the Medical Device Law Implementation Act as well as the guidelines and standards of good clinical practice must be complied with or implemented. Even outside the clinical research area, there are clear requirements regarding the administration of participants and the processing of their personal data, particularly in the human sciences, at the latest since the European Data Protection Regulation came into force in 2018. In order to meet these requirements, the Castellum software has been developed at the Max Planck Institute for Human Development since 2016 and has been used successfully since May 2020. Castellum is a turnkey open-source web application for the data protection-compliant management of participants and their data.The use of Castellum has so far been particularly successful for institutions conducting research in the humanities that carry out several studies in parallel, that want to proactively recruit participants from an internal pool of interested persons after they have given their consent (recruitment consent), and that generate data when dealing with these participants.The rules that apply to the clinical research area have not been a priority in the development of Castellum to date. The reason is that Castellum has not yet been used in the clinical research area and thus there was no need to adapt the system to the rules. However, medical research institutions have expressed interest in Castellum in the recent past. On the one hand, this may be due to the fact that no comparable open-source project exists. On the other hand, Castellum was explicitly designed to be flexible and expandable enough to be adaptable to the workflows and processes of other research institutions. Since Castellum is subject to the AGPL licence, the software may be used free of charge without restrictions.The main focus during development was on compliance with the General Data Protection Regulation and other aspects of general IT security. For this reason, we believe it is possible that Castellum is also suitable for contexts that work with highly sensitive data, such as medical research institutions. This opens up a new space for discussion: How can Castellum be used in the clinical regulated field? Which conditions of regulated research studies does Castellum currently fulfil and which not yet? What does Castellum need in order to implement the guidelines on good clinical practice? Which adaptations and extensions are necessary for Castellum to comply with the regulations, rules and laws of regulated studies?We are very interested in introducing Castellum in the clinical research field. From our point of view, it is important to examine within a cooperative process for which purposes Castellum is already qualified in the clinical research area and which adaptations still need to be implemented. We are striving to jointly identify suitable measures to validate Castellum, especially for regulated clinical research studies.This article first presents what Castellum is currently able to offer. It then focuses on a possible expansion of the software in the clinical research area.

Published

2023

42. The significance of general data protection regulation in the compliant data contribution to the European Society of Thoracic Surgeons database.

Author

Bertolaccini, Luca, Falcoz, Pierre-Emmanuel, Brunelli, Alessandro, Batirel, Hasan, Furak, Jozsef, Passani, Stefano, and Szanto, Zalan

Subjects

*GENERAL Data Protection Regulation, 2016, *DATABASES, *DATA protection, *RIGHT of privacy, *DATA management

Abstract

Open in new tab Download slide The General Data Protection Regulation (GDPR), enacted in the European Union in 2018, has significantly transformed the landscape of personal data management and protection. This article provides an overview of GDPR's impact, focusing on its applicability, fundamental principles and influence on data management practices, particularly within the European Society of Thoracic Surgeons (ESTS) database. GDPR's reach extends to all entities collecting and processing personal data of European Union residents, regardless of their location. It encompasses various data types, emphasizing meticulous handling and protection of identifiable information. Special categories of data, such as health and sensitive attributes, require even more stringent protection. The regulation sets legal, fair and transparent data processing principles, emphasizing accuracy, purpose limitation and data minimization. It also stresses accountability, leading to the appointment of Data Protection Officers and significant penalties for non-compliance. The ESTS database, designed to enhance thoracic surgical research and care, collects data on European procedures. It follows GDPR principles by pseudonymizing data, ensuring secure data transmission and providing clear instructions for data submission. The database contributes to research, policymaking and practice improvement in thoracic surgery by offering a comprehensive dataset for analysis. Here, we aim to shed light on the complexities of GDPR implementation and emphasize the need for comprehensive data management strategies to ensure compliance and enhance privacy protection with the contribution to the ESTS database. GDPR compliance comes with challenges, including potential human dignity and privacy rights violations. Data breaches can result in unauthorized disclosures, and non-compliance can lead to substantial fines and reputational damage. The implementation of GDPR encourages organizations to prioritize ethical data practices, security measures and transparent data handling. In conclusion, GDPR has revolutionized personal data protection by emphasizing accountability, transparency and individual rights. It has impacted organizations globally, promoting responsible data management practices. Adhering to GDPR ensures privacy protection, trust-building and overall enhancement of data management in today's data-driven environment. [ABSTRACT FROM AUTHOR]

Published

2023

43. Optimal CBDC design for Ukraine through the lens of privacy and security.

Author

Hudima, Tetіana, Kamyshanskyi, Vladyslav, Dmytrenko, Tetіana, and Shmyhov, Mykhailo

Subjects

PERSONALLY identifiable information, DATA privacy, DIGITAL currency, DATA protection laws, LITERATURE reviews, INTERNATIONAL banking industry

Abstract

Copyright of Amazonia Investiga is the property of PRIMMATE and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2023

44. Toward a taxonomy of corporate data protection malpractices and their causal mechanisms: A regulatory view.

Author

Haiping Zhao, Na Jiang, Zhao Cai, Lim, Eric T. K., and Chee-Wee Tan

Subjects

DATA protection, ORGANIZATION management, GENERAL Data Protection Regulation, 2016, DATA analysis

Abstract

Corporate data protection malpractices are not uncommon, especially in contemporary technological environments. Embracing a regulatory view, this study attempts to advance a taxonomy of prevailing corporate data protection practices and their causal mechanisms by analyzing cases where organizations were fined for violating data protection legislation. Selecting the General Data Protection Regulation (GDPR) enacted by the European Union (EU) as our benchmark, this study employs an iterative taxonomy development technique as guidance and conducts a thematic analysis on 875 cases of GDPR enforcement. In so doing, we derive a conceptual model comprising 6 focal categories and 28 subcategories of prevailing corporate data protection malpractices existing within organizations as well as 4 main categories and 22 subcategories of causal mechanisms underlying these identified malpractices. Empirical findings from this study not only reinforce corporate data protection malpractices established in prior research but also yield novel malpractices that have been neglected in previous work. From a pragmatic standpoint, this study yields invaluable insights into the prevention and resolution of corporate data protection malpractices for practitioners. [ABSTRACT FROM AUTHOR]

Published

2023

45. Secured Health Data Sharing System using IPFS and Blockchain with Beacon Proxy.

Author

Jayanthy, Dr. S., Arunkumar, A., Kovilpillai, Mr. J. Judeson Antony, Bhuvardhena, M., and Pandian, K. Dinesh

Subjects

CLOUD storage, INFORMATION sharing, BLOCKCHAINS, WEB-based user interfaces, DATA warehousing

Abstract

Transfer of data over the blockchain is significantly improved over the years. This proposed system gives a unique method of transferring patient health data to another hospital or to a peer, using a blockchain-based web application that places patient ownership and data security at the forefront. Patient data is stored in a decentralized and distributed manner using the Interplanetary File System (IPFS), eliminating the need for a central authority. Smart contracts written in Solidity facilitate transactions by checking for sufficient funds and managing the transaction process. A beacon proxy is used to automatically update patient ownership in the smart contract, reducing errors and inaccuracies resulting from manual intervention. The blockchain network offers a secure and decentralized solution for transferring patient health data, ensuring privacy and accessibility only to authorized individuals through advanced cryptographic techniques, distributed data storage, and smart contracts. [ABSTRACT FROM AUTHOR]

Published

2023

46. LIČNI ZDRAVSTVENI PODACI I ZNAČAJ NJIHOVE UPRAVNE ZAŠTITE.

Author

Mehmedović, Emir and Mehmedović, Amila

Abstract

The issue of personal data protection has been one of the focal points of attention in recent decades. This is because the protection of personal data is a form of realizing the right to privacy as a fundamental human right. Personal data refers to information about a specific individual's characteristics that serves as a means of their identification. Personal data protection in Bosnia and Herzegovina is regulated by the Law on Personal Data Protection. This law governs the principles of personal data processing, the obligations of data controllers and processors, the rights of data subjects, as well as sanctions for violations of the law. Since 2016, the protection of personal data in the European Union has been regulated by the General Data Protection Regulation (GDPR), which has significantly improved the system for protecting personal data. A particularly significant category of personal data is personal health data, which includes identification and identifying information about an individual's health and medical condition, their medical diagnosis, prognosis, and treatment, as well as information about substances that can identify that individual. Data related to an individual's health is a crucial and potentially vulnerable aspect of their life. These are the most intimate data about an individual, the unauthorized and unjustified disclosure of which can subject them to shame, ridicule, and stigmatization, causing them significant, primarily non-material, harm. Misuse of patient information not only violates their privacy but also undermines their dignity. Therefore, personal health data can only be processed for health-related purposes, i.e., for the benefit of the individual and society as a whole. Laws regulating patients' rights in the Federation of Bosnia and Herzegovina (the Law on Healthcare and the Law on the Rights, Obligations, and Responsibilities of Patients) guarantee patients the right to confidentiality of information and privacy, the right to data secrecy, and the right to access their medical records. The provisions of these laws significantly meet the standards for the protection of personal health data. However, in order to improve the situation in this area, there is a need to harmonize the provisions of the general data protection law, which is subsidiarily applied in the protection of personal health data, with the provisions of the General Data Protection Regulation. [ABSTRACT FROM AUTHOR]

Published

2023

47. Towards a readiness model derived from critical success factors, for the general data protection regulation implementation in higher education institutions

Author

Fernandes José, Machado Carolina Feliciana, and Amaral Luís

Subjects

general data protection regulation, critical success factors, design science research, readiness model, maturity model, higher education institutions, Production management. Operations management, TS155-194, Personnel management. Employment management, HF5549-5549.5

Abstract

Background: Present the relevance of the study and highlights the key points of literature overview. Purpose: As of May 25, 2018, General Data Protection Regulation (GDPR) has become mandatory for all organizations, public or private, that handle personal data of European citizens, regardless of their physical location. Higher education institutions (HEIs), namely public universities, are no exception to this requirement and, as in many other organizations, many HEIs begin the process of implementing the GDPR without meeting the minimum conditions necessary for implementation. The purpose of this study, therefore, is to present a model to determine the level of readiness of HEIs regarding the implementation of the GDPR. Study design/methodology/approach: With the objective of designing a new artefact as a readiness model for the implementation of the GDPR, this study follows Design Science Research as an approach to be used to build the readiness model, based on a set of 16 critical success factors (CSFs) previously determined. Findings/conclusions: A readiness model was designed, based on a set of 16 CSFs related to the implementation of GDPR in HEIs. Limitations/future research: This is a new area of study that needs further development, namely through the practical application of the model, allowing the improvement of the measurement levels of the different CSFs. Practical implications: The determined readiness model allows HEIs to realize a priori if they have the necessary conditions for the implementation of the GDPR, giving useful indications of the organizational dimensions and the CSFs that compose them where better performance is necessary to ensure a successful implementation. Originality/Value: As far as we know, this is the first model of readiness based on CSFs related to the implementation of GDPR in HEIs, being therefore a first contribution to the development of this area.

Published

2023

48. MEDIATING THE TENSION BETWEEN DATA SHARING AND PRIVACY: THE CASE OF DMA AND GDPR.

Author

Weigl, Linda, Barbereau, Tom, Sedlmeir, Johannes, and Zavolokina, Liudmila

Subjects

GENERAL Data Protection Regulation, 2016, INFORMATION sharing, DATA privacy, ANONYMITY, DECISION trees

Abstract

The Digital Markets Act (DMA) constitutes a crucial part of the European legislative framework addressing the dominance of 'Big Tech'. It intends to foster fairness and competition in Europe's digital platform economy by imposing obligations on 'gatekeepers' to share end-user-related information with business users. Yet, this may involve the processing of personal data subject to the General Data Protection Regulation (GDPR). The obligation to provide access to personal data in a GDPR-compliant manner poses a regulatory and technical challenge and can serve as a justification for gatekeepers to refrain from data sharing. In this research-in-progress paper, we analyze key tensions between the DMA and the GDPR through the paradox perspective. We argue through a task-technology fit approach how privacyenhancing technologies - particularly anonymization techniques - and portability could help mediate tensions between data sharing and privacy. Our contribution provides theoretical and practical insights to facilitate legal compliance. [ABSTRACT FROM AUTHOR]

Published

2023

49. GDPR PRIVACY TYPE CLUSTERING: MOTIVATIONAL FACTORS FOR CONSUMER DATA SHARING.

Author

Hanneke, Björn, Baum, Lorenz, and Hinz, Oliver

Subjects

GENERAL Data Protection Regulation, 2016, INFORMATION sharing, CONSUMER behavior, DATA management, INFORMATION storage & retrieval systems

Abstract

The GDPR introduced restrictive privacy-preserving measures, affecting the daily life of (online) consumers. Moreover, literature shows that privacy preferences are constantly evolving. This is the first study introducing a GDPR exercising-oriented approach to identify consumer privacy types. Based on a representative sample of the German online population, we cluster consumers according to their privacy importance ("intention to act") and GDPR knowledge ("ability to act") and derive four consumer privacy type clusters: fundamentalists, amateurs, pragmatists, and unconcerned. We investigate motivational factors for changing privacy settings and find significant differences between consumers' intentions and actions for selected factors. This provides evidence for the privacy paradox. Contrarily, intentions and actions align for other factors, which supports the hypothesis that actionbased consent might lower the privacy paradox. Finally, we suggest the development of standardized scales and corresponding clustering methodologies for consumer privacy type clustering to increase comparability over time and across populations. [ABSTRACT FROM AUTHOR]

Published

2023

50. From Data Exchanges to Data Markets: An Institutional Perspective.

Author

Reimers, Kai and Xunhua Guo

Subjects

ANTITRUST law, DATA protection, PROPERTY rights, DATA privacy, DATA analysis

Abstract

It becomes increasingly clear that the objectives of privacy and competition policy are in conflict with one another with regard to platform data. While privacy policies aim at limiting the use of platform data for purposes other than those for which the data were collected in order to protect the privacy of platform users, competition policy aims at making such data widely available in order to curb the power of platforms. We find that current control- and ownership-based approaches are ineffective with regard to their capacity to balance these conflicting objectives and propose an institutional approach which makes platform data saleable. We discuss this approach in view of its capacity to balance the conflicting objectives of privacy and competition policy and with regard to its effectiveness in supporting each separately. Our approach also clarifies the fundamental difference between data markets and other concepts such as data spaces. [ABSTRACT FROM AUTHOR]

Published

2023