Data Privacy and Security Law

Mapping Intimacies ◽

10.1093/oxfordhb/9780198800682.013.20 ◽

2021 ◽

pp. 327-347

Author(s):

Fred Cate ◽

Rachel Dockery

Keyword(s):

Data Protection ◽

Data Privacy ◽

Critical Infrastructure ◽

Government Information ◽

Economic Data ◽

Privacy And Security ◽

Practical Matter ◽

Personally Identifiable Information ◽

Protection Legislation ◽

New Challenges

This chapter discusses cybersecurity laws. Many measures employed to enhance cybersecurity pose a risk to privacy. In addition, data protection laws focus only on personally identifiable information, while cybersecurity is also concerned with securing economic data such as trade secrets and company databases, government information, and the systems that transmit and process information. As a practical matter, despite the prominence of security obligations in data protection legislation, these were often downplayed or ignored entirely until recent years. Only as cybersecurity threats became more pressing did regulators begin actively enforcing the security obligations found in most data protection laws. More recently, legislative bodies and regulators have begun adopting cybersecurity-specific obligations. However, even these have often mirrored or been combined with privacy protections, sometimes to the detriment of effective cybersecurity. The chapter describes major categories of cybersecurity law, including unfair or deceptive practices legislation, breach notification laws, and data destruction laws. It also considers the new focus on critical infrastructure and information sharing, the China Cybersecurity Law, and the new challenges to data privacy and security law.

Download Full-text

CETA, TTIP, TiSA, and Data Protection

10.1093/oso/9780198808893.003.0007 ◽

2017 ◽

Cited By ~ 1

Author(s):

Walter Berka

Keyword(s):

Data Protection ◽

Data Privacy ◽

Trade Agreements ◽

Safe Harbor ◽

Digital Services ◽

Data Flows ◽

The Us ◽

Protection Legislation ◽

European Side ◽

The Eu

Trade agreements cannot avoid dealing with digital services and data sharing. In the cases of TTIP, CETA, and TiSA, different concepts of data protection collide and it is the fear of the European side that the EU’s acquis on data privacy could get compromised through the liberalization of data flows. This chapter analyses the possible impact of these agreements on data protection. It refers to the European Parliament’s call to include a horizontal self-standing clause in TTIP to exclude the current and future EU data protection legislation from being traded in TTIP, a claim which is based on Article XIV of the GATS. In dealing with these issues, it will be considered further that the EU and the US are discussing data transfers and data protection in other fora as well, namely on the tracks of the new Safe Harbor Agreement and the Data Protection Umbrella Agreement.

Download Full-text

Computerized cancer registries solutions - a systematic review (Preprint)

10.2196/preprints.18254 ◽

2020 ◽

Author(s):

Cátia Santos-Pereira ◽

Alexandre B. Augusto ◽

Ricardo Cruz-Correia ◽

Manuel E. Correia

Keyword(s):

Systematic Review ◽

Quality Control ◽

Data Protection ◽

Data Privacy ◽

Cancer Registries ◽

Population Based ◽

Data Quality Control ◽

Inclusion Criteria ◽

Privacy And Security ◽

General Data Protection Regulation

BACKGROUND A cancer registry (CR) is typically a standardized tool to produce population-based data on cancer incidence and survival. Cancer registries aim to retrieve and store information on all cancer cases occurring in a defined population. The main sources of data on cancer cases usually include treatment, diagnostic facilities (oncology centres or hospital departments, pathology laboratories, or imaging facilities etc.) and the official territorial death registry. OBJECTIVE The aim of this study is to assess the actual solutions for cancer registries and determine and understand its main requirements. METHODS To achieve this goal, we have made a systematic review based on a comprehensive qualitative research, following the PRISMA statement framework. Four distinct databases were searched: Medline; ISI Web of Knowledge, IEEE Xplore and Scopus with the query “cancer registries” [All Fields] AND computerized [All Fields]. The inclusion criteria include references from five key-concepts: data collection; standards; quality control, data protection and data exploration. For the process final review, we have involved the participation of three medical informatics professionals. RESULTS From a total of 54 articles, 10 accomplished the inclusion criteria and were included in the analysis. Cancer registries systems had in general problems related to the lack of a fully automatic integration of data from different sources, difficulty in automatize data quality control routines and a lack of harmonization in terms of standards (both communication and terminologies standards). Many tasks are still performed manually implying an extra effort from the human resources team that results in a substantial delay in survival and incidence reports production and more data inconsistencies and errors. CONCLUSIONS It is essential to automatize the data linking integration between different healthcare institutions. However, it is important to consider a balance between the preservation of data integrity and the patient’s privacy, whilst enabling meaningful state of the art continuous research to improve people’s health and the general quality of care. Healthcare institutions must abide and comply with the changes imposed by the much more stringent data privacy protection regulations imposed by the GDPR (General Data Protection Regulation), resulting on new rigorous compliance obligations on privacy and security that all CRs across Europe must be ready to comply.

Download Full-text

Mobile Research Applications and State Data Protection Statutes

The Journal of Law Medicine & Ethics ◽

10.1177/1073110520917033 ◽

2020 ◽

Vol 48 (S1) ◽

pp. 87-93

Author(s):

Stacey A. Tovino

Keyword(s):

Data Protection ◽

Data Security ◽

Health Research ◽

Data Privacy ◽

District Of Columbia ◽

Research Data ◽

Mobile App ◽

Data Breach ◽

Privacy And Security ◽

State Data

This article focuses on state privacy, security, and data breach regulation of mobile-app mediated health research, concentrating in particular on research studies conducted or participated in by independent scientists, citizen scientists, and patient researchers. Prior scholarship addressing these issues tends to focus on the lack of application of the HIPAA Privacy and Security Rules and other sources of federal regulation. One article, however, mentions state law as a possible source of privacy and security protections for individuals in the particular context of mobile app-mediated health research. This Article builds on this prior scholarship by: (1) assessing state data protection statutes that are potentially applicable to mobile app-mediated health researchers; and (2) suggesting statutory amendments that could better protect the privacy and security of mobile health research data. As discussed in more detail below, all fifty states and the District of Columbia have potentially applicable data breach notification statutes that require the notification of data subjects of certain informational breaches in certain contexts. In addition, more than two-thirds of jurisdictions have potentially applicable data security statutes and almost one-third of jurisdictions have potentially applicable data privacy statutes. Because all jurisdictions have data breach notification statutes, these statutes will be assessed first.

Download Full-text

Intelligent Cyber-Security System for IoT-Aided Drones Using Voting Classifier

Electronics ◽

10.3390/electronics10232926 ◽

2021 ◽

Vol 10 (23) ◽

pp. 2926

Author(s):

Rizwan Majeed ◽

Nurul Azma Abdullah ◽

Muhammad Faheem Mushtaq ◽

Muhammad Umer ◽

Michele Nappi

Keyword(s):

Cyber Security ◽

Data Privacy ◽

Security And Privacy ◽

The Internet ◽

Security Threats ◽

Privacy And Security ◽

Proposed Model ◽

New Challenges ◽

Secure Network ◽

The Internet Of Things

Developments in drones have opened new trends and opportunities in different fields, particularly in small drones. Drones provide interlocation services for navigation, and this interlink is provided by the Internet of Things (IoT). However, architectural issues make drone networks vulnerable to privacy and security threats. It is critical to provide a safe and secure network to acquire desired performance. Small drones are finding new paths for progress in the civil and defense industries, but also posing new challenges for security and privacy as well. The basic design of the small drone requires a modification in its data transformation and data privacy mechanisms, and it is not yet fulfilling domain requirements. This paper aims to investigate recent privacy and security trends that are affecting the Internet of Drones (IoD). This study also highlights the need for a safe and secure drone network that is free from interceptions and intrusions. The proposed framework mitigates the cyber security threats by employing intelligent machine learning models in the design of IoT-aided drones by making them secure and adaptable. Finally, the proposed model is evaluated on a benchmark dataset and shows robust results.

Download Full-text

New Challenges to Data Protection Study - Country Report: United Kingdom

SSRN Electronic Journal ◽

10.2139/ssrn.1638938 ◽

2010 ◽

Author(s):

Douwe Korff

Keyword(s):

United Kingdom ◽

Data Protection ◽

Country Report ◽

Study Country ◽

New Challenges

Download Full-text

International Law and New Challenges to Democracy in the Digital Age: Big Data, Privacy and Interferences with the Political Process

SSRN Electronic Journal ◽

10.2139/ssrn.3430035 ◽

2019 ◽

Author(s):

Dominik Steiger

Keyword(s):

Big Data ◽

International Law ◽

Data Privacy ◽

Political Process ◽

Digital Age ◽

The Political ◽

Big Data Privacy ◽

New Challenges

Download Full-text

A Layered Approach to Jurisdiction

10.1093/oso/9780198795674.003.0010 ◽

2017 ◽

Author(s):

Dan Jerker B. Svantesson

Keyword(s):

Data Protection ◽

Data Privacy ◽

General Data Protection Regulation ◽

Legal Rules ◽

Privacy Laws ◽

Scope Of Application ◽

General Data ◽

Layered Approach ◽

Substantive Law

This chapter observes how it may be inappropriate to apply a single jurisdictional threshold to diverse instruments such as data privacy laws. In the light of this observation, a proposal is outlined for a ‘layered approach’ under which the substantive law rules of such instruments are broken up into different layers, with different jurisdictional thresholds applied to each such layer. This layered approach is discussed primarily as a technique to be utilized in legal drafting, but it may also be applied in the interpretation and application of legal rules. Article 3 of the European Union’s General Data Protection Regulation, which determines that regulation’s scope of application in a territorial sense, provides a particularly useful lens through which to approach this topic and, thus, the discussion is largely centred around that Article.

Download Full-text

Data-driven sector coupling in 5G-based smart networks

Competition and Regulation in Network Industries ◽

10.1177/1783591721992762 ◽

2021 ◽

Vol 22 (1) ◽

pp. 53-68

Author(s):

Guenter Knieps

Keyword(s):

Data Privacy ◽

Service Providers ◽

Policy Implications ◽

Network Industries ◽

5G Networks ◽

Privacy And Security ◽

Open Set ◽

Application Service ◽

Downstream Application

5G attains the role of a GPT for an open set of downstream IoT applications in various network industries and within the app economy more generally. Traditionally, sector coupling has been a rather narrow concept focusing on the horizontal synergies of urban system integration in terms of transport, energy, and waste systems, or else the creation of new intermodal markets. The transition toward 5G has fundamentally changed the framing of sector coupling in network industries by underscoring the relevance of differentiating between horizontal and vertical sector coupling. Due to the fixed mobile convergence and the large open set of complementary use cases, 5G has taken on the characteristics of a generalized purpose technology (GPT) in its role as the enabler of a large variety of smart network applications. Due to this vertical relationship, characterized by pervasiveness and innovational complementarities between upstream 5G networks and downstream application sectors, vertical sector coupling between the provider of an upstream GPT and different downstream application industries has acquired particular relevance. In contrast to horizontal sector coupling among different application sectors, the driver of vertical sector coupling is that each of the heterogeneous application sectors requires a critical input from the upstream 5G network provider and combines this with its own downstream technology. Of particular relevance for vertical sector coupling are the innovational complementarities between upstream GPT and downstream application sectors. The focus on vertical sector coupling also has important policy implications. Although the evolution of 5G networks strongly depends on the entrepreneurial, market-driven activities of broadband network operators and application service providers, the future of 5G as a GPT is heavily contingent on the role of frequency management authorities and European regulatory policy with regard to data privacy and security regulations.

Download Full-text