scholarly journals Analyzing Remote Server Locations for Personal Data Transfers in Mobile Apps

2017 ◽  
Vol 2017 (1) ◽  
pp. 118-131 ◽  
Author(s):  
Mojtaba Eskandari ◽  
Bruno Kessler ◽  
Maqsood Ahmad ◽  
Anderson Santana de Oliveira ◽  
Bruno Crispo
Keyword(s):  
Mobile Devices ◽  
Data Protection ◽  
High Speed ◽  
Data Transfer ◽  
Mobile Apps ◽  
Personal Data ◽  
Analysis Tool ◽  
The European Union ◽  
Wide Range ◽  
Almost All

Abstract The prevalence of mobile devices and their capability to access high speed internet has transformed them into a portable pocket cloud interface. Being home to a wide range of users’ personal data, mobile devices often use cloud servers for storage and processing. The sensitivity of a user’s personal data demands adequate level of protection at the back-end servers. In this regard, the European Union Data Protection regulations (e.g., article 25.1) impose restriction on the locations of European users’ personal data transfer. The matter of concern, however, is the enforcement of such regulations. The first step in this regard is to analyze mobile apps and identify the location of servers to which personal data is transferred. To this end, we design and implement an app analysis tool, PDTLoc (Personal Data Transfer Location Analyzer), to detect violation of the mentioned regulations. We analyze 1, 498 most popular apps in the EEA using PDTLoc to investigate the data recipient server locations. We found that 16.5% (242) of these apps transfer users’ personal data to servers located at places outside Europe without being under the control of a data protection framework. Moreover, we inspect the privacy policies of the apps revealing that 51% of these apps do not provide any privacy policy while almost all of them contact the servers hosted outside Europe.

scholarly journals Data Sharing Under the General Data Protection Regulation

Hypertension ◽  
2021 ◽  
Vol 77 (4) ◽  
pp. 1029-1035
Author(s):  
Antonia Vlahou ◽  
Dara Hallinan ◽  
Rolf Apweiler ◽  
Angel Argiles ◽  
Joachim Beige ◽  
...  
Keyword(s):  
European Union ◽  
Data Protection ◽  
Personal Data ◽  
Research Approach ◽  
The European Union ◽  
General Data Protection Regulation ◽  
Personal Data Protection ◽  
Protection Legislation ◽  
General Data ◽  
Almost All

The General Data Protection Regulation (GDPR) became binding law in the European Union Member States in 2018, as a step toward harmonizing personal data protection legislation in the European Union. The Regulation governs almost all types of personal data processing, hence, also, those pertaining to biomedical research. The purpose of this article is to highlight the main practical issues related to data and biological sample sharing that biomedical researchers face regularly, and to specify how these are addressed in the context of GDPR, after consulting with ethics/legal experts. We identify areas in which clarifications of the GDPR are needed, particularly those related to consent requirements by study participants. Amendments should target the following: (1) restricting exceptions based on national laws and increasing harmonization, (2) confirming the concept of broad consent, and (3) defining a roadmap for secondary use of data. These changes will be achieved by acknowledged learned societies in the field taking the lead in preparing a document giving guidance for the optimal interpretation of the GDPR, which will be finalized following a period of commenting by a broad multistakeholder audience. In parallel, promoting engagement and education of the public in the relevant issues (such as different consent types or residual risk for re-identification), on both local/national and international levels, is considered critical for advancement. We hope that this article will open this broad discussion involving all major stakeholders, toward optimizing the GDPR and allowing a harmonized transnational research approach.

scholarly journals Compatibility of the EU and Georgian Personal Data Protection Regimes and Data Transfer

Law and World ◽  
2021 ◽  
Vol 7 (5) ◽  
pp. 40-46
Keyword(s):  
European Union ◽  
Data Protection ◽  
Data Transfer ◽  
Personal Data ◽  
Data System ◽  
Protection System ◽  
The European Union ◽  
Great Opportunity ◽  
Association Agreement ◽  
Personal Data Protection

The work discusses Personal Data Protection system under the European Union law, also Personal Data Protection in Georgia and the compatibility of those two regimes. Moreover, there were men- tioned ways how Georgia can adopt regulations and harmonize its legislation, to be compatible with the European Union Personal Data Protection regime. The work emphasized efforts of Georgia on the path of developing its Personal Data Protection system. The many citizens of Georgia don’t even have a knowledge that their Personal Data has to be defended. Although, the court practice of Georgia revealed good developing signs in this field. If before there were not any cases concerning personal data protection, today we have some good decisions regarding the personal data protection. The data transfer between the European Union and Georgia, is also implemented in the Association Agreement between the European Union and Georgia. Here as well has to be mentioned that the Association Agreement was the greatest step for Georgia, it was the great opportunity to harmonize Georgian Personal Data system with a European. Step by step, Georgia is straining to become a member of the European Union. Thus, this work is a look through past and future of Georgian and EU relations in the field of Personal Data system.

Cross-Border Transfer of Personal Data

Cyber Crime ◽  
2013 ◽  
pp. 832-850
Author(s):  
Grigore-Octav Stan ◽  
Georgiana Ghitu
Keyword(s):  
Data Protection ◽  
Data Transfer ◽  
Personal Data ◽  
European Economic Area ◽  
The European Union ◽  
Legal Regime ◽  
Cross Border ◽  
Data Protection Directive ◽  
High Level ◽  
Insight Into

This chapter outlines the Romanian data protection legal regime governing the cross-border transfers of personal data, both to countries located in the European Union (EU) or in the European Economic Area (EEA), as well as to non-EU or non-EEA countries. In addressing the Romanian legal requirements related to international transfers of personal data, a high level insight into the background of Romanian data protection principles and main rules applicable in the broader context of privacy proves useful. Although this chapter analyzes mainly the Romanian legal regime of data protection, with a special emphasis on cross-border transfer of personal data, a similar interpretation and application of the data protection related requirements may also be encountered in other European jurisdictions. While expounding primarily on data transfer related matters, this chapter also looks at how the EU Data Protection Directive (Directive No. 95/46 EC), as well as the relevant secondary legislation in the field of data protection, has been implemented into Romanian law.

The Crisis of Privacy and Sacrifice of Personal Data in the Name of National Security

2019 ◽  
pp. 109-126
Author(s):  
Irena Nesterova
Keyword(s):  
National Security ◽  
Data Protection ◽  
Data Transfer ◽  
Personal Data ◽  
The European Union ◽  
Data Retention ◽  
Privacy And Security ◽  
The Public ◽  
Mass Surveillance ◽  
Proper Balance

Edward Snowden’s surveillance revelations in 2013 raised the issue of privacy and security in the public spotlight. These revelations underlined the need for a strong data protection framework. At the same time, the pressing demand to address security concerns and the threat of terrorist attacks might weaken privacy and data protection standards. Two landmark judgments of the Court of Justice of the European Union, namely the Digital rights Ireland judgment (which invalidates the Data Retention Directive) and the Schrems judgment (which invalidates the Safe Harbour Decision forming a legal basis for transatlantic data transfers) are of great significance in strengthening the rights to privacy and data protection in the context of digital mass surveillance. They continue to have far-reaching implications for EU and national data retention mechanisms, as well on the cross-border data transfer framework. Through the lens of the CJEU, the chapter reveals the key challenges that data protection law faces both at national and EU level that have to be addressed in response to mass surveillance in order to maintain a proper balance between privacy and national security.

Cross-Border Transfer of Personal Data

2011 ◽  
pp. 298-316
Author(s):  
Grigore-Octav Stan ◽  
Georgiana Ghitu
Keyword(s):  
Data Protection ◽  
Data Transfer ◽  
Personal Data ◽  
European Economic Area ◽  
The European Union ◽  
Legal Regime ◽  
Cross Border ◽  
Data Protection Directive ◽  
High Level ◽  
Insight Into

This chapter outlines the Romanian data protection legal regime governing the cross-border transfers of personal data, both to countries located in the European Union (EU) or in the European Economic Area (EEA), as well as to non-EU or non-EEA countries. In addressing the Romanian legal requirements related to international transfers of personal data, a high level insight into the background of Romanian data protection principles and main rules applicable in the broader context of privacy proves useful. Although this chapter analyzes mainly the Romanian legal regime of data protection, with a special emphasis on cross-border transfer of personal data, a similar interpretation and application of the data protection related requirements may also be encountered in other European jurisdictions. While expounding primarily on data transfer related matters, this chapter also looks at how the EU Data Protection Directive (Directive No. 95/46 EC), as well as the relevant secondary legislation in the field of data protection, has been implemented into Romanian law.

scholarly journals Is Data Localization a Solution for Schrems II?

2020 ◽  
Vol 23 (3) ◽  
pp. 771-784
Author(s):  
Anupam Chander
Keyword(s):  
European Union ◽  
Data Protection ◽  
Data Transfer ◽  
Personal Data ◽  
The European Union ◽  
Personal Privacy ◽  
Court Of Justice ◽  
The Usa

ABSTRACT For the second time this decade, the Court of Justice of the European Union has struck a blow against the principal mechanisms for personal data transfer to the USA. In Data Protection Commissioner v Facebook Ireland, Maximillian Schrems, the Court declared the European Union-US Privacy Shield invalid and placed significant hurdles to the process of transferring personal data from the European Union to the USA via the mechanism of Standard Contractual Clauses. Many have begun to suggest data localization as the solution to the problem of data transfer; that is, do not transfer the data at all. I argue that data localization neither solves the problem of foreign surveillance, nor enhances personal privacy, while undermining other values embraced by the European Union.

scholarly journals ASSESSING THE IMPLICATIONS OF SCHREMS II FOR EU–US DATA FLOW

2021 ◽  
pp. 1-18
Author(s):  
Maria Helen Murphy
Keyword(s):  
European Union ◽  
Data Protection ◽  
Data Flow ◽  
Data Transfer ◽  
Personal Data ◽  
Fundamental Rights ◽  
Constant Flow ◽  
The European Union ◽  
Court Of Justice ◽  
The Eu

Abstract With the constant flow of data across jurisdictions, issues regarding conflicting laws and the protection of rights arise. This article considers the EU–US data transfer relationship in the aftermath of the decision in Data Protection Commissioner v Facebook Ireland and Maximillian Schrems where the Court of Justice of the European Union (CJEU) invalidated an EU–US data transfer agreement for the second time in just five years. This judgment continues the line of cases emphasising the high value the Court places on securing EU personal data in accordance with EU data protection standards and fundamental rights. This article assesses the implications of the ruling for the vulnerable EU–US data transfer relationship.

scholarly journals Data Protection Impact Assessment (DPIA) for Cloud-Based Health Organizations

2021 ◽  
Vol 13 (3) ◽  
pp. 66
Author(s):  
Dimitra Georgiou ◽  
Costas Lambrinoudakis
Keyword(s):  
Impact Assessment ◽  
Data Protection ◽  
Gap Analysis ◽  
Health Care Organization ◽  
Personal Data ◽  
Care Organization ◽  
The European Union ◽  
General Data Protection Regulation ◽  
Personal Data Protection ◽  
Compliance Level

The General Data Protection Regulation (GDPR) harmonizes personal data protection laws across the European Union, affecting all sectors including the healthcare industry. For processing operations that pose a high risk for data subjects, a Data Protection Impact Assessment (DPIA) is mandatory from May 2018. Taking into account the criticality of the process and the importance of its results, for the protection of the patients’ health data, as well as the complexity involved and the lack of past experience in applying such methodologies in healthcare environments, this paper presents the main steps of a DPIA study and provides guidelines on how to carry them out effectively. To this respect, the Privacy Impact Assessment, Commission Nationale de l’Informatique et des Libertés (PIA-CNIL) methodology has been employed, which is also compliant with the privacy impact assessment tasks described in ISO/IEC 29134:2017. The work presented in this paper focuses on the first two steps of the DPIA methodology and more specifically on the identification of the Purposes of Processing and of the data categories involved in each of them, as well as on the evaluation of the organization’s GDPR compliance level and of the gaps (Gap Analysis) that must be filled-in. The main contribution of this work is the identification of the main organizational and legal requirements that must be fulfilled by the health care organization. This research sets the legal grounds for data processing, according to the GDPR and is highly relevant to any processing of personal data, as it helps to structure the process, as well as be aware of data protection issues and the relevant legislation.

scholarly journals Artificial intelligence, Digital Single Market and the proposal of a right to fair and reasonable inferences: a legal issue between ethics and techniques

2019 ◽  
Vol 5 (2) ◽  
pp. 75-91
Author(s):  
Alexandre Veronese ◽  
Alessandra Silveira ◽  
Amanda Nunes Lopes Espiñeira Lemos
Keyword(s):  
Artificial Intelligence ◽  
European Union ◽  
Data Protection ◽  
Personal Data ◽  
Legal Framework ◽  
Single Market ◽  
Legal Issue ◽  
The European Union ◽  
European Union Law ◽  
General Data Protection Regulation

The article discusses the ethical and technical consequences of Artificial intelligence (hereinafter, A.I) applications and their usage of the European Union data protection legal framework to enable citizens to defend themselves against them. This goal is under the larger European Union Digital Single Market policy, which has concerns about how this subject correlates with personal data protection. The article has four sections. The first one introduces the main issue by describing the importance of AI applications in the contemporary world scenario. The second one describes some fundamental concepts about AI. The third section has an analysis of the ongoing policies for AI in the European Union and the Council of Europe proposal about ethics applicable to AI in the judicial systems. The fourth section is the conclusion, which debates the current legal mechanisms for citizens protection against fully automated decisions, based on European Union Law and in particular the General Data Protection Regulation. The conclusion will be that European Union Law is still under construction when it comes to providing effective protection to its citizens against automated inferences that are unfair or unreasonable.

Sign in / Sign up

Export Citation Format

Share Document