scholarly journals Can Visual Design Provide Legal Transparency? The Challenges for Successful Implementation of Icons for Data Protection

Design Issues ◽  
2020 ◽  
Vol 36 (3) ◽  
pp. 82-96
Author(s):  
Arianna Rossi ◽  
Monica Palmirani
Keyword(s):  
Data Protection ◽  
Participatory Design ◽  
Data Privacy ◽  
Personal Data ◽  
Successful Implementation ◽  
The European Union ◽  
General Data Protection Regulation ◽  
General Data ◽  
Legal Ontologies ◽  
Machine Readable

Design is a key player in the future of data privacy and data protection. The General Data Protection Regulation (GDPR) established by the European Union aims to rebalance the information asymmetry between the organizations that process personal data and the individuals to which that data refers. Machine-readable, standardized icons that present a “meaningful overview of the intended processing” are suggested by the law as a tool to enhance the transparency of information addressed to data subjects. However, no specific guidelines have been provided, and studies on privacy iconography are very few. This article describes research conducted on the creation and evaluation of icons representing data protection concepts. First, we introduce the methodology used to design the Data Protection Icon Set (DaPIS): participatory design methods combined with legal ontologies and machine-readable representations. Second, we discuss some of the challenges that have been faced in the development and evaluation of DaPIS and similar icon sets. Third, we provide some tentative responses and indicate a way forward for evaluation of the effectiveness of privacy icons and their widespread adoption.

Data Protection Commissioner v. Facebook Ireland Ltd. and Maximillian Schrems (C.J.E.U.)

2021 ◽  
Vol 60 (1) ◽  
pp. 53-98
Author(s):  
Michael S. Aktipis ◽  
Ron B. Katwan
Keyword(s):  
Data Protection ◽  
Data Privacy ◽  
Personal Data ◽  
The United States ◽  
Transfer Mechanism ◽  
The European Union ◽  
Privacy Concerns ◽  
General Data Protection Regulation ◽  
General Data ◽  
The Eu

On July 16, 2020, the Court of Justice of the European Union (CJEU) issued its ruling in Data Protection Commissioner v. Facebook Ireland Limited and Maximillian Schrems, commonly known as Schrems II, invalidating the EU–U.S. Privacy Shield as a valid transfer mechanism under the EU's General Data Protection Regulation (GDPR) and creating significant legal uncertainty for the continued availability of another widely used transfer mechanism, Standard Contractual Clauses (SCCs), for transfers of EU personal data from commercial entities in the EU to the United States. The widely anticipated ruling marked the second time in five years that the CJEU had invalidated the legal foundation for such data transfers, which in both cases had been the result of a carefully negotiated compromise balancing European data privacy concerns with statutory and constitutional limitations of the U.S. system (see Schrems I).

scholarly journals Data Sharing Under the General Data Protection Regulation

Hypertension ◽  
2021 ◽  
Vol 77 (4) ◽  
pp. 1029-1035
Author(s):  
Antonia Vlahou ◽  
Dara Hallinan ◽  
Rolf Apweiler ◽  
Angel Argiles ◽  
Joachim Beige ◽  
...  
Keyword(s):  
European Union ◽  
Data Protection ◽  
Personal Data ◽  
Research Approach ◽  
The European Union ◽  
General Data Protection Regulation ◽  
Personal Data Protection ◽  
Protection Legislation ◽  
General Data ◽  
Almost All

The General Data Protection Regulation (GDPR) became binding law in the European Union Member States in 2018, as a step toward harmonizing personal data protection legislation in the European Union. The Regulation governs almost all types of personal data processing, hence, also, those pertaining to biomedical research. The purpose of this article is to highlight the main practical issues related to data and biological sample sharing that biomedical researchers face regularly, and to specify how these are addressed in the context of GDPR, after consulting with ethics/legal experts. We identify areas in which clarifications of the GDPR are needed, particularly those related to consent requirements by study participants. Amendments should target the following: (1) restricting exceptions based on national laws and increasing harmonization, (2) confirming the concept of broad consent, and (3) defining a roadmap for secondary use of data. These changes will be achieved by acknowledged learned societies in the field taking the lead in preparing a document giving guidance for the optimal interpretation of the GDPR, which will be finalized following a period of commenting by a broad multistakeholder audience. In parallel, promoting engagement and education of the public in the relevant issues (such as different consent types or residual risk for re-identification), on both local/national and international levels, is considered critical for advancement. We hope that this article will open this broad discussion involving all major stakeholders, toward optimizing the GDPR and allowing a harmonized transnational research approach.

scholarly journals Location Privacy in the Wake of the GDPR

2019 ◽  
Author(s):  
Yola Georgiadou ◽  
Rolf de By ◽  
Ourania Kounadi
Keyword(s):  
Data Protection ◽  
Location Privacy ◽  
Cultural Theory ◽  
Personal Data ◽  
The European Union ◽  
General Data Protection Regulation ◽  
Digital Ecosystem ◽  
Protection Legislation ◽  
General Data ◽  
Conducting Research

The General Data Protection Regulation (GDPR) protects the personal data of natural persons and at the same time allows the free movement of such data within the European Union (EU). Hailed as majestic by admirers and dismissed as protectionist by critics, the Regulation is expected to have a profound impact around the world, including in the African Union (AU). For European–African consortia conducting research that may affect the privacy of African citizens, the question is ‘how to protect personal data of data subjects while at the same time ensuring a just distribution of the benefits of a global digital ecosystem?’ We use location privacy as a point of departure, because information about an individual’s location is different from other kinds of personally identifiable information. We analyse privacy at two levels, individual and cultural. Our perspective is interdisciplinary: we draw from computer science to describe three scenarios of transformation of volunteered/observed information to inferred information about a natural person and from cultural theory to distinguish four privacy cultures emerging within the EU in the wake of GDPR. We highlight recent data protection legislation in the AU and discuss factors that may accelerate or inhibit the alignment of data protection legislation in the AU with the GDPR.

scholarly journals GDPR implementation as the main reason for the regional fragmentation in the online mediasphere

2021 ◽  
Vol 273 ◽  
pp. 08099
Author(s):  
Mikhail Smolenskiy ◽  
Nikolay Levshin
Keyword(s):  
European Union ◽  
Data Protection ◽  
Personal Data ◽  
Main Role ◽  
The European Union ◽  
Protection Measures ◽  
General Data Protection Regulation ◽  
Personal Data Protection ◽  
The Usa ◽  
General Data

The EU’s General Data Protection Regulation (GDPR) applies not only to the territory of the European Union, but also to all information systems containing data of EU’s citizens around the world. Misusing or carelessly handling personal data bring fines of up to 20 million euros or 4% of the annual turnover of the offending company. This article analyzes the main trends in the global implementation of the GDPR. Authors considered and analyzed results of personal data protection measures in nineteen regions: The USA, Canada, China, France, Germany, India, Kazakhstan, Nigeria, Russia, South Korea and Thailand, as well as the European Union and a handful of other. This allowed identifying a direct pattern between the global tightening of EU’s citizens personal data protection and the fragmentation of the global mediasphere into separate national segments. As a result of the study, the authors conclude that GDPR has finally slowed down the globalization of the online mediasphere, playing a main role in its regional fragmentation.

scholarly journals Credit-Based Insurance Scores: some Observations in the Light of the European General Data Protection Regulation

2020 ◽  
pp. 155-186
Author(s):  
María Dolores Mas Badia
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Insurance Companies ◽  
The European Union ◽  
History Data ◽  
General Data Protection Regulation ◽  
Personal Data Protection ◽  
Credit History ◽  
Automated Processing ◽  
General Data

Despite the differences between credit risk and insurance risk, in many countries large insurance companies include credit history amongst the information to be taken into account when assigning consumers to risk pools and deciding whether or not to offer them an auto or homeowner insurance policy, or to determine the premium that they should pay. In this study, I will try to establish some conclusions concerning the requirements and limits that the use of credit history data by insurers in the European Union should be subject to. In order to do this, I shall focus my attention primarily on Regulation (EU) 2016/679. This regulation, that came into force on 24 May 2018, not only forms the backbone of personal data protection in the EU, but is also set to become a model for regulation beyond the borders of the Union. This article will concentrate on two main aspects: the lawful basis for the processing of credit history data by insurers, and the rules that should apply to decisions based solely on automated processing, including profiling.Received: 30 December 2019Accepted: 07 February 2020Published online: 02 April 2020

scholarly journals Delegation-Based Personal Data Processing Request Notarization Framework for GDPR Based on Private Blockchain

2021 ◽  
Vol 11 (22) ◽  
pp. 10574
Author(s):  
Sung-Soo Jung ◽  
Sang-Joon Lee ◽  
Ieck-Chae Euom
Keyword(s):  
Data Processing ◽  
Data Protection ◽  
Data Privacy ◽  
Personal Data ◽  
General Data Protection Regulation ◽  
Personal Data Protection ◽  
Compliance Audit ◽  
General Data ◽  
Data Controller ◽  
Data Subject

With the growing awareness regarding the importance of personal data protection, many countries have established laws and regulations to ensure data privacy and are supervising managements to comply with them. Although various studies have suggested compliance methods of the general data protection regulation (GDPR) for personal data, no method exists that can ensure the reliability and integrity of the personal data processing request records of a data subject to enable its utilization as a GDPR compliance audit proof for an auditor. In this paper, we propose a delegation-based personal data processing request notarization framework for GDPR using a private blockchain. The proposed notarization framework allows the data subject to delegate requests to process of personal data; the framework makes the requests to the data controller, which performs the processing. The generated data processing request and processing result data are stored in the blockchain ledger and notarized via a trusted institution of the blockchain network. The Hypderledger Fabric implementation of the framework demonstrates the fulfillment of system requirements and feasibility of implementing a GDPR compliance audit for the processing of personal data. The analysis results with comparisons among the related works indicate that the proposed framework provides better reliability and feasibility for the GDPR audit of personal data processing request than extant methods.

scholarly journals OpenEHR and General Data Protection Regulation: Evaluation of Principles and Requirements (Preprint)

2018 ◽  
Author(s):  
Duarte Gonçalves-Ferreira ◽  
Mariana Sousa ◽  
Gustavo M Bacelar-Silva ◽  
Samuel Frade ◽  
Luís Filipe Antunes ◽  
...  
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Design Principles ◽  
Security And Privacy ◽  
The European Union ◽  
Health Records ◽  
General Data Protection Regulation ◽  
Personal Data Protection ◽  
General Data ◽  
The Common

BACKGROUND Concerns about privacy and personal data protection resulted in reforms of the existing legislation in the European Union (EU). The General Data Protection Regulation (GDPR) aims to reform the existing directive on the topic of personal data protection of EU citizens with a strong emphasis on more control of the citizens over their data and in the establishment of rules for the processing of personal data. OpenEHR is a standard that embodies many principles of interoperable and secure software for electronic health records (EHRs) and has been advocated as the best approach for the development of hospital information systems. OBJECTIVE This study aimed to understand to what extent the openEHR standard can help in the compliance of EHR systems to the GDPR requirements. METHODS A list of requirements for an EHR to support GDPR compliance and also a list of the openEHR design principles were made. The requirements were categorized and compared with the principles by experts on openEHR and GDPR. RESULTS A total of 50 GDPR requirements and 8 openEHR design principles were identified. The openEHR principles conformed to 30% (15/50) of GDPR requirements. All the openEHR principles were aligned with GDPR requirements. CONCLUSIONS This study showed that the openEHR principles conform well to GDPR, underlining the common wisdom that truly realizing security and privacy requires it to be built in from the start. By using an openEHR-based EHR, the institutions are closer to becoming compliant with GDPR while safeguarding the medical data.

scholarly journals Apply or not to apply?

2020 ◽  
Vol 4 (2) ◽  
pp. 81-94
Author(s):  
Matúš Mesarčík
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
The European Union ◽  
Privacy Regulation ◽  
New Era ◽  
General Data Protection Regulation ◽  
Consumer Privacy ◽  
Privacy Act ◽  
General Data ◽  
The Eu

A new era of data protection laws arises after the adoption of the General Data Protection Regulation (GDPR) in the European Union. One of the newly adopted regulations of processing of personal data is Californian Consumer Privacy Act commonly referred to as CCPA. The article aims to fill the gap considering a deep analysis of the territorial scope of both acts and practical consequences of the application. The article starts with a brief overview of privacy regulation in the EU and USA. Introduction to GDPR and CCPA follows focusing on the territorial scope of respective legislation. Three scenarios of applicability are derived in the following part including practical examples.

scholarly journals Location Privacy in the Wake of the GDPR

2019 ◽  
Vol 8 (3) ◽  
pp. 157 ◽  
Author(s):  
Yola Georgiadou ◽  
Rolf de By ◽  
Ourania Kounadi
Keyword(s):  
Data Protection ◽  
Location Privacy ◽  
Cultural Theory ◽  
Personal Data ◽  
The European Union ◽  
General Data Protection Regulation ◽  
Digital Ecosystem ◽  
Protection Legislation ◽  
General Data ◽  
Conducting Research

The General Data Protection Regulation (GDPR) protects the personal data of natural persons and at the same time allows the free movement of such data within the European Union (EU). Hailed as majestic by admirers and dismissed as protectionist by critics, the Regulation is expected to have a profound impact around the world, including in the African Union (AU). For European–African consortia conducting research that may affect the privacy of African citizens, the question is `how to protect personal data of data subjects while at the same time ensuring a just distribution of the benefits of a global digital ecosystem?’ We use location privacy as a point of departure, because information about an individual’s location is different from other kinds of personally identifiable information. We analyse privacy at two levels, individual and cultural. Our perspective is interdisciplinary: we draw from computer science to describe three scenarios of transformation of volunteered or observed information to inferred information about a natural person and from cultural theory to distinguish four privacy cultures emerging within the EU in the wake of GDPR. We highlight recent data protection legislation in the AU and discuss factors that may accelerate or inhibit the alignment of data protection legislation in the AU with the GDPR.

Anonymization, tokenization, encryption. How to recover unrecoverable data

2018 ◽  
Vol 0 (6/2017) ◽  
pp. 9-13
Author(s):  
Olga Dzięgielewska
Keyword(s):  
Risk Analysis ◽  
Data Protection ◽  
Data Privacy ◽  
Personal Data ◽  
Insider Threat ◽  
General Data Protection Regulation ◽  
Analysis Phase ◽  
Data Layer ◽  
General Data ◽  
Financial Consequences

The data privacy is currently vastly commented topic among all the organizations which process personal data due to the introduction of the European Union’s General Data Protection Regulation. Existing methods of data protection are believed to be sufficient as they meet the risk-based approach requirements in every mature organization, yet the number of publicly known data breaches confirms that this assumption is false. The aftermath of such incidents in countless cases prove that the risk-based approach failed as the reputational and financial consequences by far exceed the original estimations. This paper stressed the importance of the data layer protection from the planning, through design, until maintenance stages in the database lifecycle, as numerous attack vectors originating from the insider threat and targeting the data layer still sneak through unnoticed during the risk analysis phase.

Sign in / Sign up

Export Citation Format

Share Document