scholarly journals An Example of Privacy and Data Protection Best Practices for Biometrics Data Processing in Border Control: Lesson Learned from SMILE

2021 ◽  
pp. 344-358
Author(s):  
Mohamed Abomhara ◽  
Sule Yildirim Yayilgan
Keyword(s):  
Best Practices ◽  
Data Processing ◽  
Data Protection ◽  
Border Control

scholarly journals Record linkage of routine data with cohorts’ data of infants under European and Portuguese law

2020 ◽  
Vol 30 (Supplement_5) ◽  
Author(s):  
J Doetsch ◽  
I Lopes ◽  
R Redinha ◽  
H Barros
Keyword(s):  
Big Data ◽  
Data Processing ◽  
Data Protection ◽  
Record Linkage ◽  
Data Science ◽  
Personal Data ◽  
Routine Data ◽  
Cohort Data ◽  
Education Data ◽  
Explicit Consent

Abstract The usage and exchange of “big data” is at the forefront of the data science agenda where Record Linkage plays a prominent role in biomedical research. In an era of ubiquitous data exchange and big data, Record Linkage is almost inevitable, but raises ethical and legal problems, namely personal data and privacy protection. Record Linkage refers to the general merging of data information to consolidate facts about an individual or an event that are not available in a separate record. This article provides an overview of ethical challenges and research opportunities in linking routine data on health and education with cohort data from very preterm (VPT) infants in Portugal. Portuguese, European and International law has been reviewed on data processing, protection and privacy. A three-stage analysis was carried out: i) interplay of threefold law-levelling for Record Linkage at different levels; ii) impact of data protection and privacy rights for data processing, iii) data linkage process' challenges and opportunities for research. A framework to discuss the process and its implications for data protection and privacy was created. The GDPR functions as utmost substantial legal basis for the protection of personal data in Record Linkage, and explicit written consent is considered the appropriate basis for the processing sensitive data. In Portugal, retrospective access to routine data is permitted if anonymised; for health data if it meets data processing requirements declared with an explicit consent; for education data if the data processing rules are complied. Routine health and education data can be linked to cohort data if rights of the data subject and requirements and duties of processors and controllers are respected. A strong ethical context through the application of the GDPR in all phases of research need to be established to achieve Record Linkage between cohort and routine collected records for health and education data of VPT infants in Portugal. Key messages GDPR is the most important legal framework for the protection of personal data, however, its uniform approach granting freedom to its Member states hampers Record Linkage processes among EU countries. The question remains whether the gap between data protection and privacy is adequately balanced at three legal levels to guarantee freedom for research and the improvement of health of data subjects.

scholarly journals Reconciliation of anti-money laundering instruments and European data protection requirements in permissionless blockchain spaces

2021 ◽  
Vol 7 (1) ◽  
Author(s):  
Iwona Karasek-Wojciechowicz
Keyword(s):  
Data Processing ◽  
Money Laundering ◽  
Data Protection ◽  
Task Force ◽  
Policy Instruments ◽  
Personal Data ◽  
General Data Protection Regulation ◽  
Terrorist Financing ◽  
The Government ◽  
High Level

AbstractThis article is an attempt to reconcile the requirements of the EU General Data Protection Regulation (GDPR) and anti-money laundering and combat terrorist financing (AML/CFT) instruments used in permissionless ecosystems based on distributed ledger technology (DLT). Usually, analysis is focused only on one of these regulations. Covering by this research the interplay between both regulations reveals their incoherencies in relation to permissionless DLT. The GDPR requirements force permissionless blockchain communities to use anonymization or, at the very least, strong pseudonymization technologies to ensure compliance of data processing with the GDPR. At the same time, instruments of global AML/CFT policy that are presently being implemented in many countries following the recommendations of the Financial Action Task Force, counteract the anonymity-enhanced technologies built into blockchain protocols. Solutions suggested in this article aim to induce the shaping of permissionless DLT-based networks in ways that at the same time would secure the protection of personal data according to the GDPR rules, while also addressing the money laundering and terrorist financing risks created by transactions in anonymous blockchain spaces or those with strong pseudonyms. Searching for new policy instruments is necessary to ensure that governments do not combat the development of all privacy-blockchains so as to enable a high level of privacy protection and GDPR-compliant data processing. This article indicates two AML/CFT tools which may be helpful for shaping privacy-blockchains that can enable the feasibility of such tools. The first tool is exceptional government access to transactional data written on non-transparent ledgers, obfuscated by advanced anonymization cryptography. The tool should be optional for networks as long as another effective AML/CFT measures are accessible for the intermediaries or for the government in relation to a given network. If these other measures are not available and the network does not grant exceptional access, the regulations should allow governments to combat the development of those networks. Effective tools in that scope should target the value of privacy-cryptocurrency, not its users. Such tools could include, as a tool of last resort, state attacks which would undermine the trust of the community in a specific network.

Software-defined data protection

2021 ◽  
Vol 14 (7) ◽  
pp. 1167-1174
Author(s):  
Zsolt István ◽  
Soujanya Ponnapalli ◽  
Vijay Chidambaram
Keyword(s):  
Data Processing ◽  
Data Protection ◽  
Distributed Storage ◽  
Hardware Design ◽  
Large Data ◽  
Hardware Interface ◽  
Future Data ◽  
Specialized Hardware

Most modern data processing pipelines run on top of a distributed storage layer, and securing the whole system, and the storage layer in particular, against accidental or malicious misuse is crucial to ensuring compliance to rules and regulations. Enforcing data protection and privacy rules, however, stands at odds with the requirement to achieve higher and higher access bandwidths and processing rates in large data processing pipelines. In this work we describe our proposal for the path forward that reconciles the two goals. We call our approach "Software-Defined Data Protection" (SDP). Its premise is simple, yet powerful: decoupling often changing policies from request-level enforcement allows distributed smart storage nodes to implement the latter at line-rate. Existing and future data protection frameworks can be translated to the same hardware interface which allows storage nodes to offload enforcement efficiently both for company-specific rules and regulations, such as GDPR or CCPA. While SDP is a promising approach, there are several remaining challenges to making this vision reality. As we explain in the paper, overcoming these will require collaboration across several domains, including security, databases and specialized hardware design.

Responding to Disinformation

2021 ◽  
pp. 195-220
Author(s):  
Chris Marsden ◽  
Ian Brown ◽  
Michael Veale
Keyword(s):  
Best Practices ◽  
Data Protection ◽  
Best Practice ◽  
Online Advertising ◽  
State Regulation ◽  
Mass Communications ◽  
Media Law ◽  
Electoral Laws ◽  
Legal Frameworks ◽  
Democratic Elections

This chapter elaborates on challenges and emerging best practices for state regulation of electoral disinformation throughout the electoral cycle. It is based on research for three studies during 2018–2020: into election cybersecurity for the Commonwealth; on the use of artificial intelligence (AI) to regulate disinformation for the European Parliament; and for UNESCO, the United Nations body responsible for education. The research covers more than half the world’s nations, and substantially more than half that population, and in 2019 the two largest democratic elections in history: India’s general election and the European Parliamentary elections. Regulating digital dominance in electoral disinformation presents specific challenges in three very distinctive fields: election law, media law, and mass communications regulation, and targeted online advertising, including data protection law. Implementing best practices against electoral disinformation will require action by EMBs, data protection agencies, communications and media regulators, parliamentary authorities, and ministries of justice and equivalent Neither effective implementation, nor a disinterested assessment of best practice, can be guaranteed. Electoral laws are—like much history—written by the winners, often immediately after their victory. Legal frameworks need to be updated as a response to disinformation challenges discovered during electoral processes, as well as encompassing international best practice. Our ten recommendations for policymakers take account of these imperatives and uncertainties.

scholarly journals Changing Mobility Lifestyle

2021 ◽  
Vol 10 (2) ◽  
pp. 66-79
Author(s):  
Vít Pászto ◽  
Jaroslav Burian ◽  
Karel Macků
Keyword(s):  
Data Processing ◽  
Data Protection ◽  
Personal Data ◽  
Detailed Data ◽  
Real Motion ◽  
The Real ◽  
Location Service ◽  
Motion Data ◽  
Personal Data Protection ◽  
Analytical Processing

The article is focused on a detailed micro-study describing changes in the behaviour of the authors in three months before and during the COVID-19 pandemic. The study is based on data from Google Location Service. Despite the fact it evaluates only three people and the study cannot be sufficiently representative, it is a unique example of possible data processing at such a level of accuracy. The most significant changes in the behaviour of authors before and during the COVID-19 quarantine are described and interpreted in detail. Another purpose of the article is to point out the possibilities of analytical processing of Google Location while being aware of personal data protection issues. The authors recognize that by visualizing the real motion data, one partially discloses their privacy, but one considers it very valuable to show how detailed data Google collects about the population and how such data can be used effectively.

scholarly journals Data Protection Impact Assessments as rule of law governance mechanisms

Data & Policy ◽  
2020 ◽  
Vol 2 ◽  
Author(s):  
Swee Leng Harris
Keyword(s):  
Human Rights ◽  
Comparative Analysis ◽  
Data Processing ◽  
Case Studies ◽  
Rule Of Law ◽  
Data Protection ◽  
Environmental Law ◽  
Administrative Law ◽  
Automated Data Processing ◽  
Just Society

Abstract Rule of law principles are essential for a fair and just society and apply to government activities regardless of whether those activities are undertaken by a human or automated data processing. This article explores how Data Protection Impact Assessments (DPIAs) could provide a mechanism for improved rule of law governance of data processing systems developed and used by government for public purposes in civil and administrative areas. Applying rule of law principles to two case studies provides a sketch of the issues and concerns that this article’s proposals for DPIAs seek to address. The article undertakes comparative analysis to find relevant principles and concepts for governance of data processing systems, looking at human rights impact assessments, administrative law, and process rights in environmental law. Drawing on this comparative analysis to identify specific recommendations for DPIAs, the article offers guidance on how DPIAs could be used to strengthen the governance of data processing by government in rule of law terms.

Sign in / Sign up

Export Citation Format

Share Document