3 Lender Liability for Money Laundering and Breach of Data Protection Legislation

Purpose – The University of York Library, part of its Information Directorate, has successfully run an annual user survey using LibQUAL+ since 2008. The tool has proven invaluable in understanding user needs and measuring improvements. The ability to benchmark performance has been well received by university senior managers. Following this positive experience, the Directorate piloted the TechQual+ survey to assess its technology services. TechQual+ is a total market-survey tool developed on the same principles as LibQUAL+. York was the first university in the UK to do this. The purpose of this paper is to reflect upon the experience and its relevance to information services. Design/methodology/approach – A team was established to co-ordinate the distribution of the survey, which was e-mailed to all university members. The survey was conducted over a period of three weeks in December 2011 using their web-based tool. The team worked with the survey providers to make amendments in order to comply with UK Data Protection legislation. Findings – The TechQual+ tool provided a rich set of data on the IT needs of University of York students and staff, including a wealth of comments. As the first use of the tool in the UK, a number of outcomes arose from the pilot: methods for running the survey in order to meet UK data protection requirements; feedback on the tool itself, with some questions not understood from a UK context; a rich set of results data, with some similarities (and several differences) to those available through LibQUAL+. Originality/value – The paper presents the first application of the TechQual+ survey in UK and discusses the issues faced when implementing it in a UK context. The case study will be of interest to libraries or converged services interested in assessing their IT provision.

Download Full-text

Reconciliation of anti-money laundering instruments and European data protection requirements in permissionless blockchain spaces

Journal of Cybersecurity ◽

10.1093/cybsec/tyab004 ◽

2021 ◽

Vol 7 (1) ◽

Author(s):

Iwona Karasek-Wojciechowicz

Keyword(s):

Data Processing ◽

Money Laundering ◽

Data Protection ◽

Task Force ◽

Policy Instruments ◽

Personal Data ◽

General Data Protection Regulation ◽

Terrorist Financing ◽

The Government ◽

High Level

AbstractThis article is an attempt to reconcile the requirements of the EU General Data Protection Regulation (GDPR) and anti-money laundering and combat terrorist financing (AML/CFT) instruments used in permissionless ecosystems based on distributed ledger technology (DLT). Usually, analysis is focused only on one of these regulations. Covering by this research the interplay between both regulations reveals their incoherencies in relation to permissionless DLT. The GDPR requirements force permissionless blockchain communities to use anonymization or, at the very least, strong pseudonymization technologies to ensure compliance of data processing with the GDPR. At the same time, instruments of global AML/CFT policy that are presently being implemented in many countries following the recommendations of the Financial Action Task Force, counteract the anonymity-enhanced technologies built into blockchain protocols. Solutions suggested in this article aim to induce the shaping of permissionless DLT-based networks in ways that at the same time would secure the protection of personal data according to the GDPR rules, while also addressing the money laundering and terrorist financing risks created by transactions in anonymous blockchain spaces or those with strong pseudonyms. Searching for new policy instruments is necessary to ensure that governments do not combat the development of all privacy-blockchains so as to enable a high level of privacy protection and GDPR-compliant data processing. This article indicates two AML/CFT tools which may be helpful for shaping privacy-blockchains that can enable the feasibility of such tools. The first tool is exceptional government access to transactional data written on non-transparent ledgers, obfuscated by advanced anonymization cryptography. The tool should be optional for networks as long as another effective AML/CFT measures are accessible for the intermediaries or for the government in relation to a given network. If these other measures are not available and the network does not grant exceptional access, the regulations should allow governments to combat the development of those networks. Effective tools in that scope should target the value of privacy-cryptocurrency, not its users. Such tools could include, as a tool of last resort, state attacks which would undermine the trust of the community in a specific network.

Download Full-text

Survey of National Data Protection Legislation

Computer Networks (1976) ◽

10.1016/0376-5075(79)90039-4 ◽

1979 ◽

Vol 3 (3) ◽

pp. 174-186

Author(s):

Godfrey Stadlen

Keyword(s):

Data Protection ◽

National Data ◽

Protection Legislation

Download Full-text

Data Sharing Under the General Data Protection Regulation

Hypertension ◽

10.1161/hypertensionaha.120.16340 ◽

2021 ◽

Vol 77 (4) ◽

pp. 1029-1035

Author(s):

Antonia Vlahou ◽

Dara Hallinan ◽

Rolf Apweiler ◽

Angel Argiles ◽

Joachim Beige ◽

...

Keyword(s):

European Union ◽

Data Protection ◽

Personal Data ◽

Research Approach ◽

The European Union ◽

General Data Protection Regulation ◽

Personal Data Protection ◽

Protection Legislation ◽

General Data ◽

Almost All

The General Data Protection Regulation (GDPR) became binding law in the European Union Member States in 2018, as a step toward harmonizing personal data protection legislation in the European Union. The Regulation governs almost all types of personal data processing, hence, also, those pertaining to biomedical research. The purpose of this article is to highlight the main practical issues related to data and biological sample sharing that biomedical researchers face regularly, and to specify how these are addressed in the context of GDPR, after consulting with ethics/legal experts. We identify areas in which clarifications of the GDPR are needed, particularly those related to consent requirements by study participants. Amendments should target the following: (1) restricting exceptions based on national laws and increasing harmonization, (2) confirming the concept of broad consent, and (3) defining a roadmap for secondary use of data. These changes will be achieved by acknowledged learned societies in the field taking the lead in preparing a document giving guidance for the optimal interpretation of the GDPR, which will be finalized following a period of commenting by a broad multistakeholder audience. In parallel, promoting engagement and education of the public in the relevant issues (such as different consent types or residual risk for re-identification), on both local/national and international levels, is considered critical for advancement. We hope that this article will open this broad discussion involving all major stakeholders, toward optimizing the GDPR and allowing a harmonized transnational research approach.

Download Full-text

The EU General Data Protection Regulation (GDPR)

10.1093/oso/9780198826491.001.0001 ◽

2020 ◽

Cited By ~ 1

Keyword(s):

Data Protection ◽

Personal Data ◽

Privacy Regulation ◽

General Data Protection Regulation ◽

Data Protection Directive ◽

Ongoing Work ◽

Protection Legislation ◽

Recent Reform ◽

General Data ◽

The Eu

This new book provides an article-by-article commentary on the new EU General Data Protection Regulation. Adopted in April 2016 and applicable from May 2018, the GDPR is the centrepiece of the recent reform of the EU regulatory framework for protection of personal data. It replaces the 1995 EU Data Protection Directive and has become the most significant piece of data protection legislation anywhere in the world. This book is edited by three leading authorities and written by a team of expert specialists in the field from around the EU and representing different sectors (including academia, the EU institutions, data protection authorities, and the private sector), thus providing a pan-European analysis of the GDPR. It examines each article of the GDPR in sequential order and explains how its provisions work, thus allowing the reader to easily and quickly elucidate the meaning of individual articles. An introductory chapter provides an overview of the background to the GDPR and its place in the greater structure of EU law and human rights law. Account is also taken of closely linked legal instruments, such as the Directive on Data Protection and Law Enforcement that was adopted concurrently with the GDPR, and of the ongoing work on the proposed new E-Privacy Regulation.

Download Full-text

Location Privacy in the Wake of the GDPR

10.20944/preprints201902.0227.v1 ◽

2019 ◽

Author(s):

Yola Georgiadou ◽

Rolf de By ◽

Ourania Kounadi

Keyword(s):

Data Protection ◽

Location Privacy ◽

Cultural Theory ◽

Personal Data ◽

The European Union ◽

General Data Protection Regulation ◽

Digital Ecosystem ◽

Protection Legislation ◽

General Data ◽

Conducting Research

The General Data Protection Regulation (GDPR) protects the personal data of natural persons and at the same time allows the free movement of such data within the European Union (EU). Hailed as majestic by admirers and dismissed as protectionist by critics, the Regulation is expected to have a profound impact around the world, including in the African Union (AU). For European–African consortia conducting research that may affect the privacy of African citizens, the question is ‘how to protect personal data of data subjects while at the same time ensuring a just distribution of the benefits of a global digital ecosystem?’ We use location privacy as a point of departure, because information about an individual’s location is different from other kinds of personally identifiable information. We analyse privacy at two levels, individual and cultural. Our perspective is interdisciplinary: we draw from computer science to describe three scenarios of transformation of volunteered/observed information to inferred information about a natural person and from cultural theory to distinguish four privacy cultures emerging within the EU in the wake of GDPR. We highlight recent data protection legislation in the AU and discuss factors that may accelerate or inhibit the alignment of data protection legislation in the AU with the GDPR.

Download Full-text

ON THE ISSUE OF MODERN DATA PROTECTION LEGISLATION SPECIFICITY (LEGAL EXPERT’S POINT OF VIEW)

Bulletin of the Moscow State Regional University (Jurisprudence) ◽

10.18384/2310-6794-2020-4-133-138 ◽

2020 ◽

pp. 133-138

Author(s):

Agnes Christian Chaves Faria Alexandrovna Dybova

Keyword(s):

Data Protection ◽

Point Of View ◽

Protection Legislation

Download Full-text

Der Begriff des wirtschaftlich Berechtigten im Rahmen der transparenzregisterrechtlichen Regelungen des Geldwäschegesetzes

10.5771/9783748930433 ◽

2021 ◽

Author(s):

Jens Klapdor

Keyword(s):

Money Laundering ◽

Data Protection ◽

Constitutional Law ◽

The Public ◽

Beneficial Ownership

Due to the implementation of the 4th EU Money Laundering Directive, numerous companies and legal arrangements have to report their beneficial owners to the German transparency register. In this context, the book analyses the concept of beneficial ownership against the background of international and European provisions. The author examines typical forms of indirect shareholdings with regard to their ability to establish beneficial ownership. The results found are subjected to a case-by-case examination of their appropriateness in terms of European constitutional law with special attention to data protection and business-related concerns. The focus of this examination is the public accessibility of the data held in the transparency register.

Download Full-text

Data Privacy and Security Law

10.1093/oxfordhb/9780198800682.013.20 ◽

2021 ◽

pp. 327-347

Author(s):

Fred Cate ◽

Rachel Dockery

Keyword(s):

Data Protection ◽

Data Privacy ◽

Critical Infrastructure ◽

Government Information ◽

Economic Data ◽

Privacy And Security ◽

Practical Matter ◽

Personally Identifiable Information ◽

Protection Legislation ◽

New Challenges

This chapter discusses cybersecurity laws. Many measures employed to enhance cybersecurity pose a risk to privacy. In addition, data protection laws focus only on personally identifiable information, while cybersecurity is also concerned with securing economic data such as trade secrets and company databases, government information, and the systems that transmit and process information. As a practical matter, despite the prominence of security obligations in data protection legislation, these were often downplayed or ignored entirely until recent years. Only as cybersecurity threats became more pressing did regulators begin actively enforcing the security obligations found in most data protection laws. More recently, legislative bodies and regulators have begun adopting cybersecurity-specific obligations. However, even these have often mirrored or been combined with privacy protections, sometimes to the detriment of effective cybersecurity. The chapter describes major categories of cybersecurity law, including unfair or deceptive practices legislation, breach notification laws, and data destruction laws. It also considers the new focus on critical infrastructure and information sharing, the China Cybersecurity Law, and the new challenges to data privacy and security law.

Download Full-text