scholarly journals Governance of collection, use and storage of RWD in the view of data protection concerns

2019 ◽  
Vol 29 (Supplement_4) ◽  
Author(s):  
M Shabani
Keyword(s):  
Data Collection ◽  
Data Protection ◽  
Human Subjects ◽  
Personal Data ◽  
Privacy Rights ◽  
Human Subjects Research ◽  
Personal Data Protection ◽  
Duration Of Storage ◽  
General Data ◽  
Access To Data

Abstract Issue/problem Collection, storage and sharing RWD raise concerns regarding the privacy, data protection and governance of access. To date, the concerns related to consent and adequate safeguards for data protection in conventional research and health care settings are being discussed in details in the literature. However, collection of RWD from individuals fuels questions regarding the applicability of the regulations for human subjects’ research and personal data protection. Description of the problem The data collected in the framework of RWD need to be protected in line with the overarching principles of human subjects research and personal data protection regulations such as the EU General Data Protection Regulations (GDPR). In particular, the purposes of data collection, potential further uses, duration of storage of data and the authorized users’ access to data should be managed in compliance with applicable data protection regulations. In addition, the adequate models for de-identifications of data should be used in compliance with the applicable data protection regulations. Ethical oversight on the process of data collection, storage and use should also be scrutinized. Effects/changes In order to respect the privacy rights of the patients, it is essential to first identify the potential risks and assess the adequacy of the existing safeguards in protecting the privacy of the patients. Lessons The effectiveness of the current access governance in the context of RWD should be assessed and the required safeguards to be proposed.

scholarly journals Data Sharing Under the General Data Protection Regulation

Hypertension ◽  
2021 ◽  
Vol 77 (4) ◽  
pp. 1029-1035
Author(s):  
Antonia Vlahou ◽  
Dara Hallinan ◽  
Rolf Apweiler ◽  
Angel Argiles ◽  
Joachim Beige ◽  
...  
Keyword(s):  
European Union ◽  
Data Protection ◽  
Personal Data ◽  
Research Approach ◽  
The European Union ◽  
General Data Protection Regulation ◽  
Personal Data Protection ◽  
Protection Legislation ◽  
General Data ◽  
Almost All

The General Data Protection Regulation (GDPR) became binding law in the European Union Member States in 2018, as a step toward harmonizing personal data protection legislation in the European Union. The Regulation governs almost all types of personal data processing, hence, also, those pertaining to biomedical research. The purpose of this article is to highlight the main practical issues related to data and biological sample sharing that biomedical researchers face regularly, and to specify how these are addressed in the context of GDPR, after consulting with ethics/legal experts. We identify areas in which clarifications of the GDPR are needed, particularly those related to consent requirements by study participants. Amendments should target the following: (1) restricting exceptions based on national laws and increasing harmonization, (2) confirming the concept of broad consent, and (3) defining a roadmap for secondary use of data. These changes will be achieved by acknowledged learned societies in the field taking the lead in preparing a document giving guidance for the optimal interpretation of the GDPR, which will be finalized following a period of commenting by a broad multistakeholder audience. In parallel, promoting engagement and education of the public in the relevant issues (such as different consent types or residual risk for re-identification), on both local/national and international levels, is considered critical for advancement. We hope that this article will open this broad discussion involving all major stakeholders, toward optimizing the GDPR and allowing a harmonized transnational research approach.

scholarly journals LEGAL CONSTRUCTION AND IMPLICATIONS RELATED TO PROTECTION OF MAKING SEX TAPE WITH A COUPLE

2021 ◽  
Vol 14 (2) ◽  
pp. 139-148
Author(s):  
Mriya Afifah Furqania ◽  
Tomy Michael
Keyword(s):  
Data Protection ◽  
Government Regulation ◽  
Personal Data ◽  
The State ◽  
Human Being ◽  
Privacy Rights ◽  
Information Communication ◽  
Personal Data Protection ◽  
The Government ◽  
Video Makers

This study aims to analyze the Indonesian laws and regulations concerning the protection of intimate video makers. The research was conducted by analyzing the Pornography Law, the Information and Electronic Transaction Law, the Government Regulation on the Implementation of Electronic Transaction Systems, and the Regulation of the Minister of Information Communication on Personal Data Protection. This research found that data/documents that are made for oneself and for their own interests which are not prohibited by law and included to one of the privacy rights that must be protected by every human being and by the state. The making of this intimate video is included in the privacy rights to enjoy life and should not be contested. Activities contained in the video can range from holding hands, hugging, kissing to having sex with consent. Therefore, if there are those who oppose rights such as acquisition and distribution without consent, the owner of the personal data can file a lawsuit for damages and have a right to erase their electronic documents.Keywords: intimate video; protection; sexual lawAbstrakPenelitian ini bertujuan untuk menganalisis peraturan perundang-undangan Indonesia yang memuat tentang perlindungan terhadap pembuat video mesra. Penelitian dilakukan dengan menganalisis Undang-Undang Pornografi, Undang-Undang Informasi dan Transaksi Elektronik, Peraturan Pemerintah tentang Penyelenggaraan Sistem Transaksi Elektronik serta Peraturan Menteri Komunikasi dan Informasi tentang Perlindungan Data Pribadi. Penelitian ini menemukan bahwa data/dokumen yang dibuat untuk diri sendiri dan kepentingan sendiri bukanlah hal yang dilarang oleh undang-undang dan justru harus dilindungi baik oleh tiap manusia maupun negara. Pembuatan video mesra ini termasuk dalam hak pribadi untuk menikmati hidup dan tidak boleh diganggu gugat. Aktivitas yang termuat dalam video tersebut bisa dari bergandengan tangan, berpelukan, berciuman hingga berhubungan badan yang dilakukan atas persetujuan. Oleh sebab itu jika terdapat pelanggaran terhadap hak seperti perolehan dan penyebarluasan tanpa persetujuan, pemilik data pribadi dapat mengajukan gugatan kerugian dan mengajukan permohonan untuk menghapus data tersebut.

scholarly journals GDPR implementation as the main reason for the regional fragmentation in the online mediasphere

2021 ◽  
Vol 273 ◽  
pp. 08099
Author(s):  
Mikhail Smolenskiy ◽  
Nikolay Levshin
Keyword(s):  
European Union ◽  
Data Protection ◽  
Personal Data ◽  
Main Role ◽  
The European Union ◽  
Protection Measures ◽  
General Data Protection Regulation ◽  
Personal Data Protection ◽  
The Usa ◽  
General Data

The EU’s General Data Protection Regulation (GDPR) applies not only to the territory of the European Union, but also to all information systems containing data of EU’s citizens around the world. Misusing or carelessly handling personal data bring fines of up to 20 million euros or 4% of the annual turnover of the offending company. This article analyzes the main trends in the global implementation of the GDPR. Authors considered and analyzed results of personal data protection measures in nineteen regions: The USA, Canada, China, France, Germany, India, Kazakhstan, Nigeria, Russia, South Korea and Thailand, as well as the European Union and a handful of other. This allowed identifying a direct pattern between the global tightening of EU’s citizens personal data protection and the fragmentation of the global mediasphere into separate national segments. As a result of the study, the authors conclude that GDPR has finally slowed down the globalization of the online mediasphere, playing a main role in its regional fragmentation.

scholarly journals Credit-Based Insurance Scores: some Observations in the Light of the European General Data Protection Regulation

2020 ◽  
pp. 155-186
Author(s):  
María Dolores Mas Badia
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Insurance Companies ◽  
The European Union ◽  
History Data ◽  
General Data Protection Regulation ◽  
Personal Data Protection ◽  
Credit History ◽  
Automated Processing ◽  
General Data

Despite the differences between credit risk and insurance risk, in many countries large insurance companies include credit history amongst the information to be taken into account when assigning consumers to risk pools and deciding whether or not to offer them an auto or homeowner insurance policy, or to determine the premium that they should pay. In this study, I will try to establish some conclusions concerning the requirements and limits that the use of credit history data by insurers in the European Union should be subject to. In order to do this, I shall focus my attention primarily on Regulation (EU) 2016/679. This regulation, that came into force on 24 May 2018, not only forms the backbone of personal data protection in the EU, but is also set to become a model for regulation beyond the borders of the Union. This article will concentrate on two main aspects: the lawful basis for the processing of credit history data by insurers, and the rules that should apply to decisions based solely on automated processing, including profiling.Received: 30 December 2019Accepted: 07 February 2020Published online: 02 April 2020

scholarly journals Delegation-Based Personal Data Processing Request Notarization Framework for GDPR Based on Private Blockchain

2021 ◽  
Vol 11 (22) ◽  
pp. 10574
Author(s):  
Sung-Soo Jung ◽  
Sang-Joon Lee ◽  
Ieck-Chae Euom
Keyword(s):  
Data Processing ◽  
Data Protection ◽  
Data Privacy ◽  
Personal Data ◽  
General Data Protection Regulation ◽  
Personal Data Protection ◽  
Compliance Audit ◽  
General Data ◽  
Data Controller ◽  
Data Subject

With the growing awareness regarding the importance of personal data protection, many countries have established laws and regulations to ensure data privacy and are supervising managements to comply with them. Although various studies have suggested compliance methods of the general data protection regulation (GDPR) for personal data, no method exists that can ensure the reliability and integrity of the personal data processing request records of a data subject to enable its utilization as a GDPR compliance audit proof for an auditor. In this paper, we propose a delegation-based personal data processing request notarization framework for GDPR using a private blockchain. The proposed notarization framework allows the data subject to delegate requests to process of personal data; the framework makes the requests to the data controller, which performs the processing. The generated data processing request and processing result data are stored in the blockchain ledger and notarized via a trusted institution of the blockchain network. The Hypderledger Fabric implementation of the framework demonstrates the fulfillment of system requirements and feasibility of implementing a GDPR compliance audit for the processing of personal data. The analysis results with comparisons among the related works indicate that the proposed framework provides better reliability and feasibility for the GDPR audit of personal data processing request than extant methods.

scholarly journals Uchybienie przepisom o ochronie danych osobowych jako naruszenie dobra osobistego – analiza na przykładzie orzecznictwa Sądu Najwyższego

2019 ◽  
pp. 245-259
Author(s):  
Bernard Łukanko
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Right To Privacy ◽  
Professional Literature ◽  
General Data Protection Regulation ◽  
Personal Data Protection ◽  
The Right To Privacy ◽  
General Data ◽  
The Right ◽  
Personal Interests

The study is concerned with the issue of mutual relationship between the failure to comply with the laws on personal data protection and regulations relating to the protection of personal interests, including in particular the right to privacy. The article presents the views held by the Supreme Court with respect to the possibility of considering acts infringing upon the provisions of the Personal Data Protection Act of 1997 (after 24 May 2018) and of the General Data Protection Regulation (after 25 May 2018) as violation of personal interests, such as the right to privacy. The author shared the view of the case law stating that, if in specifc circumstances the processing of personal data violates the right to privacy, the party concerned may seek remedy on the grounds of Articles 23 and 24 of the Polish Civil Code. This position isalso relevant after the entry into force of the GDPR which, in a comprehensive and exhaustive manner, directly applicable in all Member States, regulates the issue of liability under civil law for infringements of the provisions of the Regulation, however, according to the position expressed in professional literature, it does not exclude the concurrence of claims and violation of the provisions on the protection of personal interests caused by a specifc event. In case of improper processing of personal data, the remedies available under domestic law on the protection of personal interests may be of particular importance outside the subject matter scope of the GDPR applicability. 

scholarly journals OS BIG DATA E OS DADOS PESSOAIS ENTRE OS PRINCÍPIOS DA PROTEÇÃO E DA INOVAÇÃO

2020 ◽  
Vol 12 (1) ◽  
pp. 225-245
Author(s):  
Célia Zolynski
Keyword(s):  
Big Data ◽  
Latin American ◽  
Data Protection ◽  
Personal Data ◽  
European Union Law ◽  
General Data Protection Regulation ◽  
Personal Data Protection ◽  
Internet Regulation ◽  
New Type ◽  
General Data

Objective ”“ The article contrasts the problem of Big Data with the possibilities and limits of personal data protection. It is an original contribution to the academic discussion about the regulation of the Internet and the management of algorithms, focusing on Big Data. Methodology/approach/design ”“ The article provides bibliographic research on the opposition between Big Data and personal data protection, focusing on European Union law and French law. From the research is possible to identify regulatory alternatives do Big Data, whether legal-administrative nature or technological nature. Findings ”“ The article enlightens that, in addition to the traditional regulatory options, based on the law, there are technological options for regulating Big Data and algorithms. The article goes through an analysis of administrative performance, such as France’s CNIL (Commission nationale informatique et libertés, CNIL), to show that it has limits. Thus, the article concludes that there is a need to build a new type of regulation, one that is open to the inputs of regulated parties and civil society, in the form of new co-regulatory arrangements. Practical implications ”“ The article has an obvious application since the production of legal solutions for Internet regulation requires combining them with technological solutions. Brazil and several Latin American countries are experiencing this agenda, as they are building institutions and solutions to solve the dilemma of personal data protection. Originality/value ”“ The article clarifies several parts of the General Data Protection Regulation (EU Regulation 2016/679) and its applicability to Big Data. These new types of data processing impose several legal and regulatory challenges, whose solutions cannot be trivial and will rely on new theories and practices.

scholarly journals OpenEHR and General Data Protection Regulation: Evaluation of Principles and Requirements (Preprint)

2018 ◽  
Author(s):  
Duarte Gonçalves-Ferreira ◽  
Mariana Sousa ◽  
Gustavo M Bacelar-Silva ◽  
Samuel Frade ◽  
Luís Filipe Antunes ◽  
...  
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Design Principles ◽  
Security And Privacy ◽  
The European Union ◽  
Health Records ◽  
General Data Protection Regulation ◽  
Personal Data Protection ◽  
General Data ◽  
The Common

BACKGROUND Concerns about privacy and personal data protection resulted in reforms of the existing legislation in the European Union (EU). The General Data Protection Regulation (GDPR) aims to reform the existing directive on the topic of personal data protection of EU citizens with a strong emphasis on more control of the citizens over their data and in the establishment of rules for the processing of personal data. OpenEHR is a standard that embodies many principles of interoperable and secure software for electronic health records (EHRs) and has been advocated as the best approach for the development of hospital information systems. OBJECTIVE This study aimed to understand to what extent the openEHR standard can help in the compliance of EHR systems to the GDPR requirements. METHODS A list of requirements for an EHR to support GDPR compliance and also a list of the openEHR design principles were made. The requirements were categorized and compared with the principles by experts on openEHR and GDPR. RESULTS A total of 50 GDPR requirements and 8 openEHR design principles were identified. The openEHR principles conformed to 30% (15/50) of GDPR requirements. All the openEHR principles were aligned with GDPR requirements. CONCLUSIONS This study showed that the openEHR principles conform well to GDPR, underlining the common wisdom that truly realizing security and privacy requires it to be built in from the start. By using an openEHR-based EHR, the institutions are closer to becoming compliant with GDPR while safeguarding the medical data.

scholarly journals A Review of Personal Data Protection Law in Indonesia

2020 ◽  
Author(s):  
Muhammad Firdaus
Keyword(s):  
Data Protection ◽  
House Of Representatives ◽  
Personal Data ◽  
Privacy Rights ◽  
Legal Rules ◽  
Personal Data Protection ◽  
Personal Dignity ◽  
Data Protection Authority ◽  
Individual Ability ◽  
Protection Authority

The importance of protecting personal data issue starts strengthened along with the increasing number of telephone user mobile and internet in Indonesia. Several cases were sticking out, especially those that have a connection with the leak of personal data and leads to fraud or crime, strengthen the discourse on the importance of making legal rules to protect personal data. In Indonesia, the protection of personal data is related to the concept of privacy, which is the idea of safeguarding the integrity and personal dignity. Privacy rights are also an individual ability to determine who is holding their information and how the information is used. Currently, Indonesia’s long-awaited comprehensive draft Law on the Protection of Personal Data has been submitted by President Joko Widodo to the Chairperson of the Indonesian House of Representatives on January 24th, 2020. When passed, it will be the first framework legislation on personal data protection in Indonesia. This paper discusses and summarizes the progress of personal data protection based on the law and the regulatory authority in Indonesia. The result shows that there is a lack of explanation of the term data protection authority (DPA) in the final Bill submitted.

scholarly journals URGENCY OF THE PERSONAL DATA PROTECTION BILL ON PRIVACY RIGHTS IN INDONESIA

Jurnal Hukum ◽  
2021 ◽  
Vol 37 (1) ◽  
pp. 1
Author(s):  
Giosita Kumalaratri ◽  
Yunanto Yunanto
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Business Environment ◽  
Privacy Rights ◽  
The Public ◽  
Protection Scheme ◽  
Personal Data Protection ◽  
The Government ◽  
The Right ◽  
The Impact

The development of information technology in the era of globalization makes it easier for people to carry out their daily activities, apart from socializing, it can also be a channel for work. Behind the simplicity coveted by technological developments opens up loopholes related to personal data that is easily misused. Indonesia does not yet have specific laws governing the protection of personal data as a whole. So that the author will examine the urgency of the draft personal data law in Indonesia, personal data protection schemes, to the impact of the implementation of the personal data protection bill. This study uses a normative juridical research method. The results of the study point to a privacy rights protection scheme in which everyone has the right to publish personal data or the right not to publish personal data to the public. The weakness of personal data protection regulations in Indonesia that have not been specifically regulated increases the potential for crimes against the right to privacy, but the drafting of the Personal Data Protection Bill brings fresh air not only to the public but to the government sector to the international business environment.

Sign in / Sign up

Export Citation Format

Share Document