scholarly journals Personal data protection and liability of internet service provider: a comparative approach

2019 ◽  
Vol 9 (4) ◽  
pp. 3175
Author(s):  
Ni Ketut Supasti Dharmawan ◽  
Desak Putu Dewi Kasih ◽  
Deris Stiawan
Keyword(s):  
Cloud Computing ◽  
Data Protection ◽  
Service Provider ◽  
Personal Data ◽  
Comparative Approach ◽  
Internet Services ◽  
The European Union ◽  
Security Attacks ◽  
Personal Data Protection ◽  
Electronic Service

The users of electronic service provider often suffered losses caused by internet services did not work properly including losses due to leakage of personal data protection stored in cloud computing.  The study aims to examine electronic service provider liability upon their failure performing internet services properly and security attacks on cloud computing. This study was normative legal research by examining national and international legal materials. The finding shows that the electronic provider shall be responsible based on right and obligation agreed under the agreement.  Related to cloud computing, providing adequate security to avoid security attacks and misuse of private data that caused losses to the users becoming the liability of service provider. Based on the Federal Trade Commission Act, the liability arises on the grounds of deceptive and unfair trade practices.  Under the General Data Protection Regulation of the European Union, the liability arises on the basis as the controller then provider liable for compensation for user’s suffered damage. In Indonesia, based on the Electronic Information and Transaction Law Amendment, the liability to the owner of personal data whose rights are violated and suffered losses arises due to a failure of ISP protect the data security. For better protection in Indonesia, the protection of big data and clear territorial scope of protection become necessary to consider.

scholarly journals Data Protection Impact Assessment (DPIA) for Cloud-Based Health Organizations

2021 ◽  
Vol 13 (3) ◽  
pp. 66
Author(s):  
Dimitra Georgiou ◽  
Costas Lambrinoudakis
Keyword(s):  
Impact Assessment ◽  
Data Protection ◽  
Gap Analysis ◽  
Health Care Organization ◽  
Personal Data ◽  
Care Organization ◽  
The European Union ◽  
General Data Protection Regulation ◽  
Personal Data Protection ◽  
Compliance Level

The General Data Protection Regulation (GDPR) harmonizes personal data protection laws across the European Union, affecting all sectors including the healthcare industry. For processing operations that pose a high risk for data subjects, a Data Protection Impact Assessment (DPIA) is mandatory from May 2018. Taking into account the criticality of the process and the importance of its results, for the protection of the patients’ health data, as well as the complexity involved and the lack of past experience in applying such methodologies in healthcare environments, this paper presents the main steps of a DPIA study and provides guidelines on how to carry them out effectively. To this respect, the Privacy Impact Assessment, Commission Nationale de l’Informatique et des Libertés (PIA-CNIL) methodology has been employed, which is also compliant with the privacy impact assessment tasks described in ISO/IEC 29134:2017. The work presented in this paper focuses on the first two steps of the DPIA methodology and more specifically on the identification of the Purposes of Processing and of the data categories involved in each of them, as well as on the evaluation of the organization’s GDPR compliance level and of the gaps (Gap Analysis) that must be filled-in. The main contribution of this work is the identification of the main organizational and legal requirements that must be fulfilled by the health care organization. This research sets the legal grounds for data processing, according to the GDPR and is highly relevant to any processing of personal data, as it helps to structure the process, as well as be aware of data protection issues and the relevant legislation.

scholarly journals Data Sharing Under the General Data Protection Regulation

Hypertension ◽  
2021 ◽  
Vol 77 (4) ◽  
pp. 1029-1035
Author(s):  
Antonia Vlahou ◽  
Dara Hallinan ◽  
Rolf Apweiler ◽  
Angel Argiles ◽  
Joachim Beige ◽  
...  
Keyword(s):  
European Union ◽  
Data Protection ◽  
Personal Data ◽  
Research Approach ◽  
The European Union ◽  
General Data Protection Regulation ◽  
Personal Data Protection ◽  
Protection Legislation ◽  
General Data ◽  
Almost All

The General Data Protection Regulation (GDPR) became binding law in the European Union Member States in 2018, as a step toward harmonizing personal data protection legislation in the European Union. The Regulation governs almost all types of personal data processing, hence, also, those pertaining to biomedical research. The purpose of this article is to highlight the main practical issues related to data and biological sample sharing that biomedical researchers face regularly, and to specify how these are addressed in the context of GDPR, after consulting with ethics/legal experts. We identify areas in which clarifications of the GDPR are needed, particularly those related to consent requirements by study participants. Amendments should target the following: (1) restricting exceptions based on national laws and increasing harmonization, (2) confirming the concept of broad consent, and (3) defining a roadmap for secondary use of data. These changes will be achieved by acknowledged learned societies in the field taking the lead in preparing a document giving guidance for the optimal interpretation of the GDPR, which will be finalized following a period of commenting by a broad multistakeholder audience. In parallel, promoting engagement and education of the public in the relevant issues (such as different consent types or residual risk for re-identification), on both local/national and international levels, is considered critical for advancement. We hope that this article will open this broad discussion involving all major stakeholders, toward optimizing the GDPR and allowing a harmonized transnational research approach.

scholarly journals The European Union’s Passenger Name Record Data Directive 2016/681: Is it Fit for Purpose?

2017 ◽  
Vol 17 (1) ◽  
pp. 78-106 ◽  
Author(s):  
David Lowe
Keyword(s):  
European Union ◽  
Data Protection ◽  
Personal Data ◽  
The European Union ◽  
Personal Data Protection ◽  
Serious Crime ◽  
Court Of Justice ◽  
Record Data ◽  
Fit For Purpose

In 2016 the European Union (eu) introduced a Passenger Name Record Data (pnr) Directive. There has been controversy in the eu over the acquisition and sharing of pnr data, related mainly to the lack of safeguards and protection of personal data protection. This article examines these issues related to earlier eu pnr agreements with third countries and why previous eu attempts to legislate in this area failed. By drawing a comparison with the 2011 pnr Directive proposal, the article argues that by meeting the strict eu law on data protection as well as being necessary to assist in preventing and detecting acts of terrorism and serious crime it is submitted the 2016 Directive is fit for purpose and able to withstand scrutiny by the Court of Justice of the European Union.

scholarly journals ESTUDO SOBRE A REALIZAÇÃO DO DIREITO DA PROTECÇÃO DE DADOS PESSOAIS ATRAVÉS DA JURISPRUDÊNCIA DO TRIBUNAL DE JUSTIÇA DA UNIÃO EUROPEIA

2020 ◽  
Vol 29 (1) ◽  
Author(s):  
Rita De Sousa Costa
Keyword(s):  
European Union ◽  
Data Protection ◽  
Personal Data ◽  
Case Law ◽  
Legal Framework ◽  
The European Union ◽  
Personal Data Protection ◽  
Court Of Justice ◽  
European Data ◽  
Data Protection Law

[PT]No presente texto, apresentamos as grandes linhas de aplicação do direito europeu da protecção de dados conforme gizadas pela jurisprudência do TJUE, com o objectivo de demonstrar como e em que medida este Tribunal modelou – e continua a modelar – o quadro jurídico em vigor, na certeza de que aquela jurisprudência impõe um conjunto de desafios determinantes para a realização material do direito europeu da protecção de dados pessoais. [ESP]Este texto presenta las líneas generales de la aplicación de la legislación europea de protección de datos tal como se establece en la jurisprudencia del TJUE, con el objetivo de demostrar cómo y en qué medida este Tribunal ha configurado -y sigue configurando- el marco jurídico vigente, con la certeza de que la dicha jurisprudencia plantea una serie de retos cruciales para la aplicación material del derecho europeo de la protección de datos personales. [ENG]This text outlines the implementation of the European data protection law as laid down in the case-law of the Court of Justice of the European Union, with the aim of demonstrating how and to what extent the Court has shaped – and continues to shape – the current legal framework. The case-law analysed points out a plethora of challenges which are key to the implementation of the European personal data protection law.

scholarly journals GDPR implementation as the main reason for the regional fragmentation in the online mediasphere

2021 ◽  
Vol 273 ◽  
pp. 08099
Author(s):  
Mikhail Smolenskiy ◽  
Nikolay Levshin
Keyword(s):  
European Union ◽  
Data Protection ◽  
Personal Data ◽  
Main Role ◽  
The European Union ◽  
Protection Measures ◽  
General Data Protection Regulation ◽  
Personal Data Protection ◽  
The Usa ◽  
General Data

The EU’s General Data Protection Regulation (GDPR) applies not only to the territory of the European Union, but also to all information systems containing data of EU’s citizens around the world. Misusing or carelessly handling personal data bring fines of up to 20 million euros or 4% of the annual turnover of the offending company. This article analyzes the main trends in the global implementation of the GDPR. Authors considered and analyzed results of personal data protection measures in nineteen regions: The USA, Canada, China, France, Germany, India, Kazakhstan, Nigeria, Russia, South Korea and Thailand, as well as the European Union and a handful of other. This allowed identifying a direct pattern between the global tightening of EU’s citizens personal data protection and the fragmentation of the global mediasphere into separate national segments. As a result of the study, the authors conclude that GDPR has finally slowed down the globalization of the online mediasphere, playing a main role in its regional fragmentation.

scholarly journals Credit-Based Insurance Scores: some Observations in the Light of the European General Data Protection Regulation

2020 ◽  
pp. 155-186
Author(s):  
María Dolores Mas Badia
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Insurance Companies ◽  
The European Union ◽  
History Data ◽  
General Data Protection Regulation ◽  
Personal Data Protection ◽  
Credit History ◽  
Automated Processing ◽  
General Data

Despite the differences between credit risk and insurance risk, in many countries large insurance companies include credit history amongst the information to be taken into account when assigning consumers to risk pools and deciding whether or not to offer them an auto or homeowner insurance policy, or to determine the premium that they should pay. In this study, I will try to establish some conclusions concerning the requirements and limits that the use of credit history data by insurers in the European Union should be subject to. In order to do this, I shall focus my attention primarily on Regulation (EU) 2016/679. This regulation, that came into force on 24 May 2018, not only forms the backbone of personal data protection in the EU, but is also set to become a model for regulation beyond the borders of the Union. This article will concentrate on two main aspects: the lawful basis for the processing of credit history data by insurers, and the rules that should apply to decisions based solely on automated processing, including profiling.Received: 30 December 2019Accepted: 07 February 2020Published online: 02 April 2020

scholarly journals OpenEHR and General Data Protection Regulation: Evaluation of Principles and Requirements (Preprint)

2018 ◽  
Author(s):  
Duarte Gonçalves-Ferreira ◽  
Mariana Sousa ◽  
Gustavo M Bacelar-Silva ◽  
Samuel Frade ◽  
Luís Filipe Antunes ◽  
...  
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Design Principles ◽  
Security And Privacy ◽  
The European Union ◽  
Health Records ◽  
General Data Protection Regulation ◽  
Personal Data Protection ◽  
General Data ◽  
The Common

BACKGROUND Concerns about privacy and personal data protection resulted in reforms of the existing legislation in the European Union (EU). The General Data Protection Regulation (GDPR) aims to reform the existing directive on the topic of personal data protection of EU citizens with a strong emphasis on more control of the citizens over their data and in the establishment of rules for the processing of personal data. OpenEHR is a standard that embodies many principles of interoperable and secure software for electronic health records (EHRs) and has been advocated as the best approach for the development of hospital information systems. OBJECTIVE This study aimed to understand to what extent the openEHR standard can help in the compliance of EHR systems to the GDPR requirements. METHODS A list of requirements for an EHR to support GDPR compliance and also a list of the openEHR design principles were made. The requirements were categorized and compared with the principles by experts on openEHR and GDPR. RESULTS A total of 50 GDPR requirements and 8 openEHR design principles were identified. The openEHR principles conformed to 30% (15/50) of GDPR requirements. All the openEHR principles were aligned with GDPR requirements. CONCLUSIONS This study showed that the openEHR principles conform well to GDPR, underlining the common wisdom that truly realizing security and privacy requires it to be built in from the start. By using an openEHR-based EHR, the institutions are closer to becoming compliant with GDPR while safeguarding the medical data.

scholarly journals Compatibility of the EU and Georgian Personal Data Protection Regimes and Data Transfer

Law and World ◽  
2021 ◽  
Vol 7 (5) ◽  
pp. 40-46
Keyword(s):  
European Union ◽  
Data Protection ◽  
Data Transfer ◽  
Personal Data ◽  
Data System ◽  
Protection System ◽  
The European Union ◽  
Great Opportunity ◽  
Association Agreement ◽  
Personal Data Protection

The work discusses Personal Data Protection system under the European Union law, also Personal Data Protection in Georgia and the compatibility of those two regimes. Moreover, there were men- tioned ways how Georgia can adopt regulations and harmonize its legislation, to be compatible with the European Union Personal Data Protection regime. The work emphasized efforts of Georgia on the path of developing its Personal Data Protection system. The many citizens of Georgia don’t even have a knowledge that their Personal Data has to be defended. Although, the court practice of Georgia revealed good developing signs in this field. If before there were not any cases concerning personal data protection, today we have some good decisions regarding the personal data protection. The data transfer between the European Union and Georgia, is also implemented in the Association Agreement between the European Union and Georgia. Here as well has to be mentioned that the Association Agreement was the greatest step for Georgia, it was the great opportunity to harmonize Georgian Personal Data system with a European. Step by step, Georgia is straining to become a member of the European Union. Thus, this work is a look through past and future of Georgian and EU relations in the field of Personal Data system.

Sign in / Sign up

Export Citation Format

Share Document