5. The data protection principles

2017 ◽  
Author(s):  
Ian J. Lloyd
Keyword(s):  
Data Protection ◽  
Data Use ◽  
Personal Data ◽  
Third Party ◽  
Security Measures ◽  
Data Controller

This chapter focuses on the data protection principles under the Data Protection Act 1998. It considers to what extent and under what conditions a data controller may lawfully process personal data. Use may take a variety of forms and will include disclosure of data to a third party. It also looks at the operation of the principle requiring users to adopt appropriate security measures.

Mobile Commerce Security and Its Prevention

2018 ◽  
pp. 433-449
Author(s):  
Mona Adlakha
Keyword(s):  
Mobile Devices ◽  
Best Practice ◽  
Personal Data ◽  
Mobile Commerce ◽  
Mitigation Strategies ◽  
Risk Prevention ◽  
Third Party ◽  
Security Measures ◽  
Security Risk ◽  
Security Standards

Mobile commerce is the next generation of e-commerce, where payments and financial transactions can be carried out with utmost ease using handheld mobile devices. Mobile devices are at a higher security risk due to the large amount of critical financial and personal data available on it. The cause or consequence of these threats could be - malware and spyware attacks; multiple or incorrect m-Commerce payments; breaches due to unauthorized access or disclosure, unauthenticated transactions and risk due to the use of third party networks. This chapter discusses how to manage security risks in m-commerce by first identifying them and then discussing preventive measures for their mitigation. A continuous approach for risk prevention needs to be followed, reviewing the strategy according to the latest challenges. Various risk prevention and mitigation strategies can be adopted. Service providers must follow physical and digital security measures to protect consumer's business information. Independent auditing should ensure compliance with best practice security standards.

International Transfers of Personal Data

2011 ◽  
pp. 292-315
Author(s):  
Sam De Silva
Keyword(s):  
Data Protection ◽  
Explicit Knowledge ◽  
Personal Information ◽  
Personal Data ◽  
Legal Compliance ◽  
Global Nature ◽  
The Individual ◽  
The Uk ◽  
Data Controller ◽  
International Transfers

Developments in technology and the global nature of business means that personal information about individuals in the UK may often be processed overseas, frequently without the explicit knowledge or consent of those individuals. This raises issues such as the security of such data, who may have access to it and for what purposes and what rights the individual may have to object. The Data Protection Act 1998 provides a standard of protection for personal data, including in respect of personal data that is being transferred outside of the UK. Chapter 18 focus on how a UK data controller (the organisation that controls how and why personal data is processed and is therefore legally responsible for compliance) can fulfil its business and operational requirements in transferring personal data outside the EEA, whilst ensuring legal compliance.

The legal and ethical aspects of telemedicine. 2: Data protection, security and European law

1998 ◽  
Vol 4 (1) ◽  
pp. 18-24 ◽  
Author(s):  
Ben Stanberry
Keyword(s):  
Data Protection ◽  
Large Scale ◽  
Medical Officer ◽  
Electronic Record ◽  
Original Data ◽  
Security Measures ◽  
Wide Range ◽  
Data Controller ◽  
Geographical Locations ◽  
Great Damage

The electronic record may be subject to abuses that can be carried out on a large scale and cause great damage. A wide range of data protection and information security measures will need to be taken to ensure the quality and integrity of such records. A European Union directive was formally adopted in 1995 which sets the obligations of those responsible for data processing as well as a number of important rights for individuals. The responsible teleconsultant or medical officer, as the data controller, must make sure these measures are enforced. In the case of the transmission of medical records to another location, the original data controller may remain liable for abuses. But as different elements of the records are spread throughout the different departments of a hospital or across different geographical locations, it may become difficult to ascertain who is responsible for protecting and controlling what. To this end, the designation of liability by contractual means, between the hospitals and remote users of a telemedicine network, would be the clearest and most straightforward way of achieving uniformity and predictability in terms of the distribution of responsibility for data protection and security.

scholarly journals Delegation-Based Personal Data Processing Request Notarization Framework for GDPR Based on Private Blockchain

2021 ◽  
Vol 11 (22) ◽  
pp. 10574
Author(s):  
Sung-Soo Jung ◽  
Sang-Joon Lee ◽  
Ieck-Chae Euom
Keyword(s):  
Data Processing ◽  
Data Protection ◽  
Data Privacy ◽  
Personal Data ◽  
General Data Protection Regulation ◽  
Personal Data Protection ◽  
Compliance Audit ◽  
General Data ◽  
Data Controller ◽  
Data Subject

With the growing awareness regarding the importance of personal data protection, many countries have established laws and regulations to ensure data privacy and are supervising managements to comply with them. Although various studies have suggested compliance methods of the general data protection regulation (GDPR) for personal data, no method exists that can ensure the reliability and integrity of the personal data processing request records of a data subject to enable its utilization as a GDPR compliance audit proof for an auditor. In this paper, we propose a delegation-based personal data processing request notarization framework for GDPR using a private blockchain. The proposed notarization framework allows the data subject to delegate requests to process of personal data; the framework makes the requests to the data controller, which performs the processing. The generated data processing request and processing result data are stored in the blockchain ledger and notarized via a trusted institution of the blockchain network. The Hypderledger Fabric implementation of the framework demonstrates the fulfillment of system requirements and feasibility of implementing a GDPR compliance audit for the processing of personal data. The analysis results with comparisons among the related works indicate that the proposed framework provides better reliability and feasibility for the GDPR audit of personal data processing request than extant methods.

scholarly journals Addressing Anticompetitive Data Aggregation: a Comment to Bundeskartellamt Decision B6-22/16

2019 ◽  
Vol 12 (19) ◽  
pp. 139-171
Author(s):  
Laura Skopowska
Keyword(s):  
Data Protection ◽  
Mobile Applications ◽  
Data Aggregation ◽  
Personal Data ◽  
Third Party ◽  
Competition Authority ◽  
German Market ◽  
Dominant Position ◽  
Combining Data ◽  
Barrier To Entry

Data aggregation, understood as the process of gathering and combining data in order to prepare datasets that might be useful for specific business or other purposes, is not per se forbidden. However, some forms of it can be considered anticompetitive. In the Decision B6-22/16 of the German Federal Cartel Office (Bundeskartellamt) data aggregation, which included the collection of data from sources outside of Facebook’s social network (from Facebook-owned services such as WhatsApp and Instagram and from third party websites or mobile applications) and their combination with the information connected with a particular Facebook user account without that user’s consent, constituted an abuse of Facebook’s dominant position on the German market for social networks. The Bundeskartellamt found that the processing of user’s personal data by Facebook has, to some extent, been carried out in a way which infringed GDPR provisions. In the same decision, the Bundeskartellamt also identified the exclusionary nature of Facebook’s anticompetitive behaviour. According to the Bundeskartellamt, the illegal data aggregation formed a barrier to entry for Facebook’s competitors which, through compliance with data protection standards, found themselves in a worst position. Facebook, through its inappropriate data aggregation gained a competitive advantage. The Bundeskartellamt’s decision is, therefore, reflecting the anticompetitive dangers that data aggregation might pose. Nevertheless, it is debated whether the Bundeskartellamt, as a competition authority, is competent to determine the compliance or lack of compliance of business terms with the provisions of the GDPR. This paper analyzes the Bundeskartellamt’s decision as to where an anticompetitive nature of data processing has been identified, and tries to answer the question why it is problematic that it was the Bundeskartellamt and not a data protection supervisory authority that has issued such a decision.

scholarly journals Data Protection and Competition Law Enforcement in the Digital Economy: Why a Coherent and Consistent Approach is Necessary

2021 ◽  
Author(s):  
Klaus Wiedemann
Keyword(s):  
Data Protection ◽  
Consumer Choice ◽  
Business Models ◽  
Online Advertising ◽  
Personal Data ◽  
Competition Law ◽  
Third Party ◽  
Starting Point ◽  
Recent Developments ◽  
Consumer Autonomy

AbstractThis contribution argues that a coherent and consistent interpretation of data protection and competition law is both possible and adequate. To illustrate this need, the ongoing abuse-of-dominance investigation by the French Autorité de la Concurrence against Apple is analysed. Representatives of the online advertising industry lodged a complaint against the introduction of Apple’s “App Tracking Transparency framework”. The latter includes a de facto obstacle to third-party tracking which shuts down advertisers’ access to those precious personal data that can be used for online advertising. With the Apple case in mind and by way of example, this paper argues that the regulation of consent to the processing of personal data under the GDPR serves as a dogmatic link between data protection and competition law, as this legal basis is at the heart of many digital business models. The GDPR provides a normative framework to determine when consent has been “freely given”. This can be a fruitful starting point for a competitive assessment, too, as both legal regimes pursue the objective of protecting consumer autonomy and consumer choice. The paper finishes by finding that its dogmatic approach corresponds to recent developments within competition law legislation and enforcement.

scholarly journals EXTRATERRITORIAL APPLICATION OF THE EU GENERAL DATA PROTECTION REGULATION: AN INTERNATIONAL LAW PERSPECTIVE

2021 ◽  
Vol 28 (2) ◽  
pp. 531-565
Author(s):  
Md. Toriqul Islam ◽  
Mohammad Ershadul Karim
Keyword(s):  
International Law ◽  
Data Protection ◽  
Personal Data ◽  
The European Union ◽  
General Data Protection Regulation ◽  
Foreign Companies ◽  
General Data ◽  
Business Entities ◽  
Data Controller ◽  
The Eu

The General Data Protection Regulation (the GDPR) of the European Union (EU) emerges as a hot-button issue in contemporary global politics, policies, and business. Based on an omnibus legal substance, extensive extraterritorial scope and influential market powers, it appears as a standard for global data protection regulations as can be witnessed by the growing tendency of adopting, or adjusting relevant national laws following the instrument across the globe. Under Article 3, of the GDPR applies against any data controller or processor within and outside the EU, who process the personal data of EU residents. Therefore, the long arm of the GDPR is extended to cover the whole world, including Malaysia. This gives rise to tension worldwide, as non-compliance thereof leads to severe fines of up to €20 million or 4% of annual turnover. This is not a hypothetical possibility, rather a reality, as a huge amount of fines are already imposed on many foreign companies, such as Google, Facebook, Uber, and Equifax to name a few. Such a scenario, due to the existence of state sovereignty principles under international law, has made the researchers around the world curious about some questions, why does the EU adopt an instrument having the extraterritorial application; whether the extraterritorial scope is legitimate under normative international law; how the provisions of this instrument can be enforced, and how these are justified. This article attempts to search for answers to those questions by analyzing the relevant rules and norms of international law and the techniques of the EU employed. The article concludes with the findings that the extraterritorial scope of the GDPR is justified under international law in a changed global context. The findings of this article will enlighten the relevant stakeholders, including Malaysian policymakers and business entities, to realise the theoretical aspects of inclusion of the extraterritorial feature of the GDPR, and this understanding may facilitate them to map their future strategies.

scholarly journals THE EFFECTIVENESS OF THE MINISTER OF COMMUNICATION AND INFORMATICS REGULATION NUMBER 20 OF 2016 ON THE PROTECTION OF PERSONAL DATA IN ELECTRONIC SYSTEMS

2019 ◽  
Vol 8 (1) ◽  
pp. 119
Author(s):  
Fadhilah Pijar Ash Shiddiq ◽  
Sinta Dewi Rosadi ◽  
Rika Ratna Permata
Keyword(s):  
International Law ◽  
Data Protection ◽  
Personal Data ◽  
Information Privacy ◽  
Third Party ◽  
Electronic Systems ◽  
Personal Data Protection ◽  
Positive Law ◽  
Sim Card ◽  
The Right

<p>Privacy, as a part of Human Rights, is the right of freedom of private matters. The basic concept of privacy is “the right to be let alone” which state that every individual have the right to have his own solitude without intervention. One of the most important information which also can be associated with Information Privacy is Personal Data that shall be protected as a form of protection to the privacy itself. Some of the personal data has been used as the requirements of the SIM Card Registration, thus making new problems regarding its personal data protection since the comprehensive regulation still covered only by the Ministral Regulation. Research method used in this paper is Descriptive Analytic in which the writer analyze the research object by explaining the situation and the condition of the personal data protection obtained from literatures on the facts that can be associated with the implementation of SIM Card Registration Policy according to Indonesia’s Positive Law and International Law. According to the result of the study, the Ministral Regulation already covered most of the basic data protection needed in the SIM card registration policy, however the protection provided by the Ministral Regulation still has not covered the third party involved. The Involvement of this third party is inevitable and should be protected immediatelyin order to prevent any abuse of personal data.</p>

scholarly journals Respecting the GDPR in Online Interviewed Focus Groups

2021 ◽  
Vol 4 (2) ◽  
Author(s):  
Carolina Goberna Caride
Keyword(s):  
Focus Groups ◽  
Data Protection ◽  
Personal Data ◽  
Security Measures ◽  
National Data ◽  
Legal Requirements ◽  
Legal Reason ◽  
Social Distancing ◽  
Research Procedure ◽  
Group Interviews

Since March 2020 the Corona virus has limited personal encounters due to social distancing measures. Thus, many data collection techniques relying on face-to-face interaction, like interviews or Focus Groups (FG), are now being practised in online environments. Such change requires the implementation of innovative measures to comply with Regulation EU 2016/679 (GDPR) and obey national data protection laws. Processing personal data of voluntary participants has to have a lawful ground and a clear purpose behind it. Moreover, the researcher has to respect legal requirements and principles for processing personal data, provide the participants with information about the research procedure and apply security measures to avoid risks to the rights and freedoms of individuals. This process has to apply to any interaction mediated by Web-Conferencing Systems (WCS). The purpose of this paper is to describe the legal requirements for conducting online interviews or FG under social distancing conditions. The project of reference for the application of these requirements is the EU Horizon2020 HELIOS project consisting of the development of a decentralised social media platform. Lay summary At universities or in industry researchers can interview people personally to test, for instance, the use of a specific technology. The objective is to collect data for future improvements. In 2020 people all over the world found themselves in a pandemic. The Covid-19 limited social meetings with beloved ones and also restricted the work of scientific researchers. Individual or group interviews could not take place in presence. Thus, a solution was seen in online conferencing platforms such as Zoom. Modifying the space and the way in which an interview takes place poses some legal challenges regarding data protection. Such conversations with individuals always have to apply European and national data protection laws. Among other things, this means that there needs to be a specific legal reason to process personal data and a specific purpose behind the interview. Additionally, the researcher has to inform participants about all the legal terms, legal guarantees and research procedure. All this applies as well if online conferencing platforms are used. In this article, you can find a description of the necessary legal steps to develop online interviews with individuals or focus groups and fulfil European data protection requirements.

Sign in / Sign up

Export Citation Format

Share Document