scholarly journals Reporting, recording, and communication of COVID-19 cases in workplace: data protection as a moving target

2020 ◽  
Vol 7 (1) ◽  
Author(s):  
Mahsa Shabani ◽  
Tom Goffin ◽  
Heidi Mertes
Keyword(s):  
Data Collection ◽  
Data Protection ◽  
Personal Data ◽  
Privacy Preserving ◽  
Moving Target ◽  
National Data ◽  
Risks And Benefits ◽  
Guidelines And Recommendations

Abstract In response to concerns related to privacy in the context of coronavirus disease 2019 (COVID-19), recently European and national Data Protection Authorities (DPAs) issued guidelines and recommendations addressing a variety of issues related to the processing of personal data for preventive purposes. One of the recurring questions in these guidelines is related to the rights and responsibilities of employers and employees in reporting, recording, and communicating COVID-19 cases in workplace. National DPAs in some cases adopted different approaches regarding duties in reporting and communicating the COVID-19 cases; however, they unanimously stressed the importance of adopting privacy-preserving approaches to avoid raising concerns about surveillance and stigmatization. We stress that in view of the increasing use of new data collection and sharing tools such as ‘tracing and warning’ apps, the associated privacy-related risks should be evaluated on an ongoing manner. In addition, the intricacies of different settings where such apps may be used should be taken into consideration when assessing the associated risks and benefits.

Processing employees’ personal data during the Covid-19 pandemic

2020 ◽  
pp. 203195252097899
Author(s):  
Seili Suder
Keyword(s):  
Data Protection ◽  
Health And Safety ◽  
Personal Data ◽  
Health Data ◽  
Body Temperatures ◽  
National Data ◽  
Pragmatic Approach ◽  
General Data Protection Regulation ◽  
Nation States ◽  
General Data

While needing to ensure the health and safety of their employees during the Covid-19 pandemic, employers face many burning data protection questions, including under what conditions they can process employees’ personal data (in particular health data) and whether gathering personal data concerning employees’ medical history, trips and contacts with infected persons, is allowed. This article focuses on issues that are problematic, based on the analysis of guidance issued by the European Data Protection Board, as well as national data protection authorities and practitioners from 20 countries in response to these concerns. The first section of the article analyses concepts of personal data and health data in the context of Covid-19. Then the article proceeds with exploring what possible legal bases employers can use to process employees’ personal data in general, and health data in particular, under the General Data Protection Regulation when applying different measures to combat Covid-19. In the latter part of the article two practical questions raised by employers – concerning the checking of employees’ body temperatures and informing them of possible infection – are discussed. The analysis indicates that national data protection authorities seem to look for a reasonable and pragmatic approach regarding compliance with the GDPR in light of the Covid-19 emergency. However, their guidance differs in several areas and the views in between nation states are not always aligned. A more specific, clear and uniform pan-European vision concerning the processing of employees’ data in times of emergency is needed to better protect employees and limit the spread of the virus.

scholarly journals Is the European Data Protection Regulation sufficient to deal with emerging data concerns relating to neurotechnology?

2020 ◽  
Author(s):  
Stephen Rainey ◽  
Kevin McGillivray ◽  
Simi Akintoye ◽  
Tyr Fothergill ◽  
Christoph Bublitz ◽  
...  
Keyword(s):  
Data Collection ◽  
Data Protection ◽  
Technology Development ◽  
Brain Activity ◽  
Personal Data ◽  
Medical Treatments ◽  
European Data ◽  
Consumer Markets ◽  
Highly Sensitive ◽  
Brain Data

Abstract Research-driven technology development in the fields of the neurosciences presents interesting and potentially complicated issues around data in general and brain data specifically. The data produced from brain recordings are unlike names and addresses in that it may result from the processing of largely involuntarily brain activity, it can be processed and reprocessed for different aims, and it is highly sensitive. Consenting for brain recordings of a specific type, or for a specific purpose, is complicated by these factors. Brain data collection, retention, processing, storage, and destruction are each of high ethical importance. This leads us to ask: Is the present European Data Protection Regulation sufficient to deal with emerging data concerns relating to neurotechnology? This is pressing especially in a context of rapid advancement in the fields of brain computer interfaces (BCIs), where devices that can function via recorded brain signals are expanding from research labs, through medical treatments, and beyond into consumer markets for recreational uses. One notion we develop herein is that there may be no trivial data collection when it comes to brain recording, especially where algorithmic processing is involved. This article provides analysis and discussion of some specific data protection questions related to neurotechnology, especially BCIs. In particular, whether and how brain data used in BCI-driven applications might count as personal data in a way relevant to data protection regulations. It also investigates how the nature of BCI data, as it appears in various applications, may require different interpretations of data protection concepts. Importantly, we consider brain recordings to raise questions about data sensitivity, regardless of the purpose for which they were recorded. This has data protection implications.

scholarly journals The GDPR at the Organizational Level: A Comparative Study of Eight European Countries

2021 ◽  
Vol 24 (2) ◽  
pp. 207-222
Author(s):  
Marek Zanker ◽  
Vladimír Bureš ◽  
Anna Cierniak-Emerych ◽  
Martin Nehéz
Keyword(s):  
Data Collection ◽  
Data Protection ◽  
Subjective Evaluation ◽  
Personal Data ◽  
Subjective Assessment ◽  
Organizational Level ◽  
Correct Identification ◽  
The European Union ◽  
General Data Protection Regulation ◽  
Personal Data Protection

The General Data Protection Regulation, also known as the ‘gold standard’ or the ‘Magna Carta’ of cyber laws, is a European regulation that deals with rights in the area of privacy and focuses on data collection, storage and data processing. This manuscript presents the results of investigation in the business sphere from eight countries of the European Union. The research focused on awareness of the GDPR, costs associated with the GDPR, number of trainings, how data are secured and subjective evaluation. The questionnaire was used for data collection. The results show that the majority of employees concerned about the GDPR are able to define the GDPR correctly (64%). The correct identification of personal data is in 95% of cases. The vast majority of respondents (94%) assign the right to personal data protection to the GDPR. Most employees are trained in the GDPR once (46%) or twice (45%). Subsequently, the differences between these countries in some areas of the questionnaire survey were examined. For this purpose, Welch ANOVA with post-test Tukey HSD or Kruskal-Wallis test were used. As a result, knowledge about the personal data do not vary significantly between the countries. In the area of rights, the countries are not again statistically different. As for the number of security countries, statistics do not differ significantly. The subjective assessment of the GDPR is different across the countries. The GDPR is rated worst by companies in the Czech Republic and Slovakia. On the contrary, the GDPR is best perceived by companies in France and the United Kingdom.

scholarly journals Respecting the GDPR in Online Interviewed Focus Groups

2021 ◽  
Vol 4 (2) ◽  
Author(s):  
Carolina Goberna Caride
Keyword(s):  
Focus Groups ◽  
Data Protection ◽  
Personal Data ◽  
Security Measures ◽  
National Data ◽  
Legal Requirements ◽  
Legal Reason ◽  
Social Distancing ◽  
Research Procedure ◽  
Group Interviews

Since March 2020 the Corona virus has limited personal encounters due to social distancing measures. Thus, many data collection techniques relying on face-to-face interaction, like interviews or Focus Groups (FG), are now being practised in online environments. Such change requires the implementation of innovative measures to comply with Regulation EU 2016/679 (GDPR) and obey national data protection laws. Processing personal data of voluntary participants has to have a lawful ground and a clear purpose behind it. Moreover, the researcher has to respect legal requirements and principles for processing personal data, provide the participants with information about the research procedure and apply security measures to avoid risks to the rights and freedoms of individuals. This process has to apply to any interaction mediated by Web-Conferencing Systems (WCS). The purpose of this paper is to describe the legal requirements for conducting online interviews or FG under social distancing conditions. The project of reference for the application of these requirements is the EU Horizon2020 HELIOS project consisting of the development of a decentralised social media platform. Lay summary At universities or in industry researchers can interview people personally to test, for instance, the use of a specific technology. The objective is to collect data for future improvements. In 2020 people all over the world found themselves in a pandemic. The Covid-19 limited social meetings with beloved ones and also restricted the work of scientific researchers. Individual or group interviews could not take place in presence. Thus, a solution was seen in online conferencing platforms such as Zoom. Modifying the space and the way in which an interview takes place poses some legal challenges regarding data protection. Such conversations with individuals always have to apply European and national data protection laws. Among other things, this means that there needs to be a specific legal reason to process personal data and a specific purpose behind the interview. Additionally, the researcher has to inform participants about all the legal terms, legal guarantees and research procedure. All this applies as well if online conferencing platforms are used. In this article, you can find a description of the necessary legal steps to develop online interviews with individuals or focus groups and fulfil European data protection requirements.

scholarly journals The Impact of the New European Union General Data Protection Regulation (GDPR) on Data Collection at Mass Gatherings

2019 ◽  
Vol 34 (s1) ◽  
pp. s138-s138
Author(s):  
Annelies Scholliers ◽  
Dimitri De Fré ◽  
Inge D’haese ◽  
Stefan Gogaert
Keyword(s):  
European Union ◽  
Data Collection ◽  
Data Protection ◽  
Scientific Research ◽  
Personal Data ◽  
The European Union ◽  
General Data Protection Regulation ◽  
Mass Gatherings ◽  
General Data ◽  
The Law

Introduction:As of May 2018, a new European privacy law called the General Data Protection Regulation (GDPR) is in order. With this law, every organization operating in the European Union (EU), needs to adhere to a strict set of rules concerning collection and processing of personal data.Aim:To explore the consequences of the GDPR for data collection at mass gatherings in the European Union.Methods:Since the law was published on April 27, 2016, a thorough reading of the law was conducted by 4 persons with a background in mass gathering health. The GDPR consists of 99 articles organized into 11 chapters. There are also 173 recitals to further explain certain ambiguities. Key articles and recitals relating to healthcare and scientific research were identified. Possible pitfalls and opportunities for data collection and processing at mass gatherings were noted.Discussion:Under article 4, key definitions are noted. There is a clear definition of “data concerning health”. According to the GDPR, health data is a special category of personal data which should not be processed according to article 9(1). However, there is an exception for scientific research (article 9(2)(j)). There are a few safeguards in place, as laid out in article 89. One interesting point is that according to article 89(2), certain derogations can take place if the law interferes with scientific research. The GDPR has major consequences for data collection and processing in the EU. However, with the use of certain safeguards (e.g., pseudonymization) there are still ample opportunities for scientific research. It is important to review one’s method of data collection to make sure it complies with the GDPR.

scholarly journals Web Tracking Under the New Data Protection Law: Design Potentials at the Intersection of Jurisprudence and HCI

i-com ◽  
2020 ◽  
Vol 19 (1) ◽  
pp. 31-45 ◽  
Author(s):  
Timo Jakobi ◽  
Gunnar Stevens ◽  
Anna-Magdalena Seufert ◽  
Max Becker ◽  
Max von Grafenstein
Keyword(s):  
Data Collection ◽  
Data Protection ◽  
Personal Data ◽  
Practical Relevance ◽  
Member States ◽  
Eu Member States ◽  
Great Uncertainty ◽  
Data Protection Law ◽  
The Web

AbstractThe GDPR regulates at present the handling with personal data fundamentally new and thereby opens new leeway. At the same time, it creates great uncertainty among those affected. One example of this is web tracking: It helps designers to improve the utility and usability of their websites based on, in part, extensive (personal) data collection, or enable operators to finance them. Against this background, in this article we first show the practical relevance of web tracking by collecting the web trackers of the 100 most popular pages of each of the 28 EU member states. Building on this, we show which data these trackers collect and analyze their legal bases. Finally, we discuss possible consequences in design and architecture for fulfilling the legally outlined requirements, taking into account a user’s perspective.

scholarly journals Regulatory Environment for Biobanking in Estonia

2021 ◽  
pp. 227-242
Author(s):  
Kärt Pormeister
Keyword(s):  
Data Protection ◽  
Genetic Research ◽  
Personal Data ◽  
Regulatory Framework ◽  
Regulatory Environment ◽  
Research Use ◽  
National Data ◽  
Open Research ◽  
Open Consent ◽  
Data Protection Law

AbstractThe regulatory framework for biobanking in Estonia is fragmented. Whilst a specific law applies to the population-wide biobank, other entities engaged in biobanking are subject to rules stemming from various legal sources. In the case of the population biobank, participants give open consent for their data and tissue to be used in genetic research. Most other entities do not have the possibility to obtain open research consent for the use of personal data. However, national data protection law enables the use of personal data in research without the consent of individuals.In contrast, since no stricter requirements are set, open consent can be used when tissue is obtained directly from individuals for research purposes. However, if tissue is initially obtained for other (research) purposes, further research use requires written consent in the case of blood, while due notification will suffice for most other types of tissue.

scholarly journals PERSONAL DATA PROTECTION LAW USED IN MOBILE PHONE SIM CARD REGISTRATION IN INDONESIA

Notaire ◽  
2019 ◽  
Vol 1 (2) ◽  
pp. 267
Author(s):  
Mahendri Putri Sholichah ◽  
Dewi Rumaisa
Keyword(s):  
Data Collection ◽  
Mobile Phone ◽  
Data Protection ◽  
Data Transfer ◽  
Personal Information ◽  
Personal Data ◽  
Sensitive Data ◽  
Personal Data Protection ◽  
Sim Card ◽  
Data Protection Law

The growths of technology make the privacy of personal information become an important issue in most countries, including Indonesia. Utilization of personal data is common things in most of our activity within the cyberspace and in this case, even the advancement of technology cannot neglect the privacy of personal information. The abusing of the data record, especially the data that belongs to the personal data category, the information that exists within this data could go to the public when it is leaked. One of the cases related to the personal data abuse is registration of thirty mobile phone SIM cards using one person’s personal information without the consent of personal information owner. This paper explains about personal data cases related to the mobile phone SIM card registration, and from this case, some issues about the abusing of personal data will be taken as an example to give consideration for legislating personal data protection. Moreover, this paper also explores the purpose of personal data collection, sensitive data collection, limitation of data collection, storage of collected personal data, transfer of collected personal data, and deletion of collected personal data. This paper convinces the urgency drafting of personal data protection law for country likes Indonesia. Therefore it is hoped that this paper will become one of many considerations for the Indonesian government to include personal data protection law into their national legislation program and legislate the personal data protection law in recent times.

scholarly journals Tokenized Ecosystem of Personal Data — Exemplified on the Context of the Smart City

2017 ◽  
Vol 9 (2) ◽  
pp. 110-133 ◽  
Author(s):  
Jan Thomas Frecè ◽  
Thomas Selzam
Keyword(s):  
Data Protection ◽  
Smart City ◽  
Smart Cities ◽  
Personal Data ◽  
Privacy Preserving ◽  
Data Sources ◽  
Data Driven ◽  
Access To Data

Data driven businesses, services, and even smart cities of tomorrow depend on access to data not only from machines, but also personal data of consumers, clients, citizens. Sustain-able utilization of such data must base on legal compliancy, ethical soundness, and consent. Data subjects nowadays largely lack empowerment over utilization and monetization of their personal data. To change this, we propose a tokenized ecosystem of personal data (TokPD), combining anonymization, referencing, encryption, decentralization, and functional layering to establish a privacy preserving solution for processing of personal data. This tokenized ecosys-tem is a more generalized variant of the smart city ecosystem described in the preceding publi-cation "Smart Cities of Self-Determined Data Subjects" (Frecè & Selzam 2017) with focus to-wards further options of decentralization. We use the example of a smart city to demonstrate, how TokPD ensures the data subjects’ privacy, grants the smart city access to a high number of new data sources, and simultaneously handles the user-consent to ensure compliance with mod-ern data protection regulation.

Sign in / Sign up

Export Citation Format

Share Document