scholarly journals Data Privacy Management in Public Environments

2020 ◽  
Author(s):  
Hugo Lopes ◽  
Valderi R. Q. Leithardt ◽  
Ivan Miguel Pires ◽  
Raúl García-Ovejero ◽  
María Navarro-Cáceres
Keyword(s):  
Mobile Devices ◽  
Data Privacy ◽  
Technological Evolution ◽  
Privacy Management ◽  
General Data Protection Regulation ◽  
The Public ◽  
General Data ◽  
The Individual ◽  
Control And Management ◽  
Public Environment

The mobile devices caused a constant struggle for the pursuit of data privacy. Nowadays, it appears that the number of mobile devices in the world is increasing. With this increase and technological evolution, thousands of data associated with everyone are generated and stored remotely. Thus, the topic of data privacy is highlighted in several areas. There is a need for control and management of data in circulation inherent to this theme. This article presents an approach of the interaction between the individual and the public environment, where this interaction will determine the access to information. This analysis was based on a data privacy management model in public environments created after reading and analyzing the current technologies. A mobile application based on location via Global Positioning System (GPS) was created to substantiate this model, which it considers the General Data Protection Regulation (GDPR) to control and manage access to the data of each individual.

scholarly journals PriADA: Management and Adaptation of Information Based on Data Privacy in Public Environments

Computers ◽  
2020 ◽  
Vol 9 (4) ◽  
pp. 77
Author(s):  
Hugo Lopes ◽  
Ivan Miguel Pires ◽  
Hector Sánchez San Blas ◽  
Raúl García-Ovejero ◽  
Valderi Leithardt
Keyword(s):  
Mobile Devices ◽  
Data Privacy ◽  
Technological Evolution ◽  
Privacy Management ◽  
General Data Protection Regulation ◽  
The Public ◽  
General Data ◽  
The Individual ◽  
Control And Management ◽  
Public Environment

The mobile devices cause a constant struggle for the pursuit of data privacy. Nowadays, it appears that the number of mobile devices in the world is increasing. With this increase and technological evolution, thousands of data associated with everyone are generated and stored remotely. Thus, the topic of data privacy is highlighted in several areas. There is a need for control and management of data in circulation inherent to this theme. This article presents an approach to the interaction between the individual and the public environment, where this interaction will determine the access to information. This analysis was based on a data privacy management model in open environments created after reading and analyzing the current technologies. A mobile application based on location by Global Positioning System (GPS) was developed to substantiate this model, which considers the General Data Protection Regulation (GDPR) to control and manage access to each individual’s data.

scholarly journals Designing a Distributed Ledger Technology System for Interoperable and General Data Protection Regulation–Compliant Health Data Exchange: A Use Case in Blood Glucose Data (Preprint)

2019 ◽  
Author(s):  
David Hawig ◽  
Chao Zhou ◽  
Sebastian Fuhrhop ◽  
Andre S Fialho ◽  
Navin Ramachandran
Keyword(s):  
Blood Glucose ◽  
Data Privacy ◽  
Data Exchange ◽  
Personal Data ◽  
Use Case ◽  
Concept System ◽  
General Data Protection Regulation ◽  
The Public ◽  
Distributed Ledger ◽  
General Data

BACKGROUND Distributed ledger technology (DLT) holds great potential to improve health information exchange. However, the immutable and transparent character of this technology may conflict with data privacy regulations and data processing best practices. OBJECTIVE The aim of this paper is to develop a proof-of-concept system for immutable, interoperable, and General Data Protection Regulation (GDPR)–compliant exchange of blood glucose data. METHODS Given that there is no ideal design for a DLT-based patient-provider data exchange solution, we proposed two different variations for our proof-of-concept system. One design was based purely on the public IOTA distributed ledger (a directed acyclic graph-based DLT) and the second used the same public IOTA ledger in combination with a private InterPlanetary File System (IPFS) cluster. Both designs were assessed according to (1) data reversal risk, (2) data linkability risks, (3) processing time, (4) file size compatibility, and (5) overall system complexity. RESULTS The public IOTA design slightly increased the risk of personal data linkability, had an overall low processing time (requiring mean 6.1, SD 1.9 seconds to upload one blood glucose data sample into the DLT), and was relatively simple to implement. The combination of the public IOTA with a private IPFS cluster minimized both reversal and linkability risks, allowed for the exchange of large files (3 months of blood glucose data were uploaded into the DLT in mean 38.1, SD 13.4 seconds), but involved a relatively higher setup complexity. CONCLUSIONS For the specific use case of blood glucose explored in this study, both designs presented a suitable performance in enabling the interoperable exchange of data between patients and providers. Additionally, both systems were designed considering the latest guidelines on personal data processing, thereby maximizing the alignment with recent GDPR requirements. For future works, these results suggest that the conflict between DLT and data privacy regulations can be addressed if careful considerations are made regarding the use case and the design of the data exchange system.

A Layered Approach to Jurisdiction

2017 ◽  
Author(s):  
Dan Jerker B. Svantesson
Keyword(s):  
Data Protection ◽  
Data Privacy ◽  
General Data Protection Regulation ◽  
Legal Rules ◽  
Privacy Laws ◽  
Scope Of Application ◽  
General Data ◽  
Layered Approach ◽  
Substantive Law

This chapter observes how it may be inappropriate to apply a single jurisdictional threshold to diverse instruments such as data privacy laws. In the light of this observation, a proposal is outlined for a ‘layered approach’ under which the substantive law rules of such instruments are broken up into different layers, with different jurisdictional thresholds applied to each such layer. This layered approach is discussed primarily as a technique to be utilized in legal drafting, but it may also be applied in the interpretation and application of legal rules. Article 3 of the European Union’s General Data Protection Regulation, which determines that regulation’s scope of application in a territorial sense, provides a particularly useful lens through which to approach this topic and, thus, the discussion is largely centred around that Article.

Tracking of Wearable IoT Devices Through WAP Using Intelligent Rule-Based Location Aware Approach

2021 ◽  
Vol 20 (Supp01) ◽  
pp. 2140005
Author(s):  
L. Sai Ramesh ◽  
S. Shyam Sundar ◽  
K. Selvakumar ◽  
S. Sabena
Keyword(s):  
Mobile Devices ◽  
Task Completion ◽  
End User ◽  
Access Points ◽  
The Public ◽  
Location Aware ◽  
Unique Identity ◽  
Iot Devices ◽  
Public Environment ◽  
Specific Scenario

Usage of the internet is increasing in the daily life of humans due to the need for speedy task completion for their daily services. Most of the living time is spent in some indoor environment which provides WiFi which is the basic need of internet connectivity using Wireless Access Points (WAP). Nowadays, most of the devices are IoT-based ones, which connect with the outer world through the access points in the existing environment. The wearable IoT devices may be misplaced somewhere and we need a specific scenario which helps to identify the misplaced mobile devices based on access points where they are connected by their unique identity such as MAC address. Most of the time, unrestricted WiFi access provided in the public environment is used by the end-user. In that scenario, the tracking of misplaced mobile devices is creating an issue when the WiFi is in switch-off mode. This paper proposes a technique for tracking a mobile device by using a location-aware approach with KNN and intelligent rules by tracking the channel accessed by the user to find the misplaced path by examining the device connected WAP positions.

scholarly journals Complying with Privacy Legislation: From Legal Text to Implementation of Privacy-Aware Location-Based Services

2018 ◽  
Vol 7 (11) ◽  
pp. 442 ◽  
Author(s):  
Mehrnaz Ataei ◽  
Auriol Degbelo ◽  
Christian Kray ◽  
Vitor Santos
Keyword(s):  
Data Privacy ◽  
Location Privacy ◽  
Service Providers ◽  
Location Based Services ◽  
Legal Text ◽  
General Data Protection Regulation ◽  
Location Data ◽  
Privacy Laws ◽  
Technical Issues ◽  
General Data

An individual’s location data is very sensitive geoinformation. While its disclosure is necessary, e.g., to provide location-based services (LBS), it also facilitates deep insights into the lives of LBS users as well as various attacks on these users. Location privacy threats can be mitigated through privacy regulations such as the General Data Protection Regulation (GDPR), which was introduced recently and harmonises data privacy laws across Europe. While the GDPR is meant to protect users’ privacy, the main problem is that it does not provide explicit guidelines for designers and developers about how to build systems that comply with it. In order to bridge this gap, we systematically analysed the legal text, carried out expert interviews, and ran a nine-week-long take-home study with four developers. We particularly focused on user-facing issues, as these have received little attention compared to technical issues. Our main contributions are a list of aspects from the legal text of the GDPR that can be tackled at the user interface level and a set of guidelines on how to realise this. Our results can help service providers, designers and developers of applications dealing with location information from human users to comply with the GDPR.

Analysis of the US Privacy Model

2021 ◽  
pp. 1818-1825
Author(s):  
Francisco García Martínez
Keyword(s):  
Data Privacy ◽  
Personal Information ◽  
National Level ◽  
The United States ◽  
The European Union ◽  
General Data Protection Regulation ◽  
Privacy Laws ◽  
The Us ◽  
General Data ◽  
State Of Art

The creation of the General Data Protection Regulation (GDPR) constituted an enormous advance in data privacy, empowering the online consumers, who were doomed to the complete loss of control of their personal information. Although it may first seem that it only affects companies within the European Union, the regulation clearly states that every company who has businesses in the EU must be compliant with the GDPR. Other non-EU countries, like the United States, have seen the benefits of the GDPR and are already developing their own privacy laws. In this article, the most important updates introduced by the GDPR concerning US corporations will be discussed, as well as how American companies can become compliant with the regulation. Besides, a comparison between the GDPR and the state of art of privacy in the US will be presented, highlighting similarities and disparities at the national level and in states of particular interest.

scholarly journals To What Extent Does the EU General Data Protection Regulation (GDPR) Apply to Citizen Scientist-Led Health Research with Mobile Devices?

2020 ◽  
Vol 48 (S1) ◽  
pp. 187-195
Author(s):  
Edward S. Dove ◽  
Jiahong Chen
Keyword(s):  
Mobile Devices ◽  
Data Protection ◽  
Health Research ◽  
Health Data ◽  
Specific Context ◽  
General Data Protection Regulation ◽  
Citizen Scientist ◽  
Open Questions ◽  
General Data ◽  
The Eu

In this article, we consider the possible application of the European General Data Protection Regulation (GDPR) to “citizen scientist”-led health research with mobile devices. We argue that the GDPR likely does cover this activity, depending on the specific context and the territorial scope. Remaining open questions that result from our analysis lead us to call for lex specialis that would provide greater clarity and certainty regarding the processing of health data by for research purposes, including these non-traditional researchers.

Analysis of the US Privacy Model

2019 ◽  
Vol 3 (1) ◽  
pp. 43-52
Author(s):  
Francisco García Martínez
Keyword(s):  
Data Privacy ◽  
Personal Information ◽  
National Level ◽  
The United States ◽  
The European Union ◽  
General Data Protection Regulation ◽  
Privacy Laws ◽  
The Us ◽  
General Data ◽  
The Eu

The creation of the General Data Protection Regulation (GDPR) constituted an enormous advance in data privacy, empowering the online consumers, who were doomed to the complete loss of control of their personal information. Although it may first seem that it only affects companies within the European Union, the regulation clearly states that every company who has businesses in the EU must be compliant with the GDPR. Other non-EU countries, like the United States, have seen the benefits of the GDPR and are already developing their own privacy laws. In this article, the most important updates introduced by the GDPR concerning US corporations will be discussed, as well as how American companies can become compliant with the regulation. Besides, a comparison between the GDPR and the state of art of privacy in the US will be presented, highlighting similarities and disparities at the national level and in states of particular interest.

Data sharing, international property practices and the GDPR: communicating with your consumers

2020 ◽  
Vol ahead-of-print (ahead-of-print) ◽  
Author(s):  
Lucy Cradduck ◽  
Scarlett Stevens ◽  
Matthew Cowan
Keyword(s):  
New Zealand ◽  
Relevant Information ◽  
Public Access ◽  
European Economic Area ◽  
The European Union ◽  
Content Type ◽  
General Data Protection Regulation ◽  
The Public ◽  
Business Partners ◽  
General Data

PurposeThe purpose of this paper is to examine the requirements of the General Data Protection Regulation (“GDPR”) in order to: identify its requirements for the Australian and New Zealand based members of multi-national property firms (“MNPF”); and understand how those firms are currently engaging with customers regarding the obligations the GDPR imposes.Design/methodology/approachThe research was undertaken by means of doctrinal legal research that engaged with statutory law, related policy documents, accessible private firm documents and website materials, and academic and other related writings. The authors considered these in the context of the GDPR's requirements, and how relevant obligations were communicated to the public on the MNPF Australian and New Zealand members' websites.FindingsThe research confirms the available literature's observations of the GDPR's broad reach and the firms to which it applies. The difficulties experienced in locating relevant information highlights the need for a change to firm processes to ensure that any communication obligations are met. The cases engaged with also serve to highlight the need to ensure that the actual practice is consistent with required GDPR processes.Research limitations/implicationsThe research faced three limitations. First: there was a limited number of relevant Australian and New Zealand based property related firms available to consider: not all property related firms were members of a MNPF or had business partners or customers/clients in the European Union or European Economic Area. Second: one of the relevant firms had already identified it was withdrawing from the Australian market. Third: there was a lack of public access to all materials as, while privacy policies as required by domestic laws were readily accessible, access was not readily available to GDPR related or required information or documents.Originality/valueThe research adds to the academic literature in this emerging area of international legal obligation.

scholarly journals La responsabilidad proactiva de las Administraciones Públicas en la protección de datos personales.

2020 ◽  
pp. 138-153
Author(s):  
Aritz ROMEO RUIZ
Keyword(s):  
Public Administration ◽  
Data Protection ◽  
Main Idea ◽  
Personal Data ◽  
Practical Implementation ◽  
Organizational Changes ◽  
General Data Protection Regulation ◽  
The Public ◽  
General Terms ◽  
General Data

Laburpena: Lan honen helburua da administrazio publikoak datu pertsonalen tratamenduan duen erantzukizun proaktiboaren printzipioaren analisia eskaintzea, eta ikuspegi juridikoa ematea praktikan errazago aplikatzeko. Lana lau ataletan egituratuta dago. Lehenengoan, datu pertsonalen babesa arautzen duen esparru berriaren aurkezpen orokorra egiten da; hau da, Datuak Babesteko Erregelamendu Orokorrak (EB) ezartzen duen araudi berria aurkezten da. Bigarren atala erantzukizun proaktiboari buruzkoa da, administrazio publikoek datu pertsonalak tratatzeko oinarrizko printzipio gisa. Hirugarrenak proposatzen ditu administrazio publikoek praktikan erantzukizun proaktiboaren printzipioa betetzeko kontuan har ditzaketen hainbat neurri. Azkenik, laugarren atalak gogoeta egiten du antolamendu-aldaketak egiteko beharrari buruz, Erregelamendu Orokorraren printzipioak betetzen dituztela ziurtatzeko eta herritarrek eskubideak balia ditzaten ziurtatzeko; horrez gain, aipamen berezia egiten dio datuak babesteko ordezkariaren figurari. Ondorioztatzen den ideia nagusia da garrantzitsua dela administrazio publikoek datuak babesteko politika bat diseinatzea, lehenetsita aplikatuko dena, eta ez bakarrik erantzukizun politikoak dituztenei, baizik eta sektore publikoan lan egiten duten pertsona guztiei eragingo diena. Resumen: El presente trabajo tiene como objetivo ofrecer un análisis del principio de responsabilidad proactiva en el tratamiento de datos personales por parte de la administración pública, y pretende aportar una visión jurídica para facilitar su aplicación en la práctica. El trabajo está estructurado en cuatro apartados. En el primero de ellos se presenta, en términos generales, el nuevo marco regulador de la protección de datos personales, que es consecuencia del Reglamento (UE) General de Protección de Datos. El segundo apartado está dedicado a la responsabilidad proactiva como principio básico del tratamiento de datos personales por las administraciones públicas. El tercero propone una serie de medidas que las administraciones públicas pueden tener en cuenta para cumplir con el principio de responsabilidad proactiva en la práctica. Finalmente, el apartado cuarto aporta una reflexión sobre la necesidad de introducir cambios organizacionales para asegurar el cumplimiento de los principios del Reglamento General de Protección de datos y del ejercicio de derechos por la ciudadanía, con una especial mención a la figura del delegado o delegada de protección de datos. La principal idea que se concluye es la importancia de que las administraciones públicas diseñen una política de protección de datos que se aplique por defecto, e implique, no sólo a quienes ejercen responsabilidades políticas, sino a todas las personas que trabajan en el sector público. Abstract: The present work aims to offer an analysis of the principle of proactive responsibility in the treatment of personal data by the public administration, and aims to provide a legal vision to facilitate its practical implementation. The work is structured in four sections. The first of these presents, in general terms, the new regulatory framework for the protection of personal data, which is a consequence of the General Data Protection Regulation (EU). The second section is dedicated to proactive responsibility as a basic principle of the processing of personal data by public administrations. The third proposes a series of measures that public administrations can take into account to comply with the principle of proactive responsibility in practice. Finally, the fourth section provides a reflection on the need to introduce organizational changes to ensure compliance with the principles of the General Data Protection Regulation and the exercise of rights by citizens, with special reference to the figure of the Data Protection Officer. The main idea that is concluded is the importance for public administrations to design a data protection policy that is applied by default, and involves not only those who exercise political responsibilities, but also all those who work in the public sector.

Sign in / Sign up

Export Citation Format

Share Document