Profiling the European Citizen in the Internet of Things: How Will the General Data Protection Regulation Apply to this Form of Personal Data Processing, and How Should It?

2016 ◽  
Author(s):  
Sarah Eskens
Keyword(s):  
Internet Of Things ◽  
Data Processing ◽  
Data Protection ◽  
Personal Data ◽  
The Internet ◽  
General Data Protection Regulation ◽  
General Data ◽  
The Internet Of Things ◽  
European Citizen

scholarly journals A Blockchain-Based Platform for Consent Management of Personal Data Processing in the IoT Ecosystem

2019 ◽  
Vol 2019 ◽  
pp. 1-15 ◽  
Author(s):  
Konstantinos Rantos ◽  
George Drosatos ◽  
Antonios Kritsas ◽  
Christos Ilioudis ◽  
Alexandros Papanikolaou ◽  
...  
Keyword(s):  
Internet Of Things ◽  
Data Processing ◽  
Personal Data ◽  
The Internet ◽  
General Data Protection Regulation ◽  
General Data ◽  
User Centric ◽  
The Internet Of Things ◽  
Average User ◽  
Require Data

In the Internet of Things (IoT) ecosystem, the volume of data generated by devices in the user’s environment is continually increasing and becoming of particular value. In such an environment the average user is bound to face considerable difficulties in understanding the size and scope of his/her collected data. However, the provisions of the European General Data Protection Regulation (GDPR) require data subjects to be able to control their personal data, be informed, and consent to its processing in an intelligible manner. This paper proposes ADVOCATE platform, a user-centric solution that allows data subjects to easily manage consents regarding access to their personal data in the IoT ecosystem. The proposed platform also assists data controllers to meet GDPR requirements, such as informing data subjects in a transparent and unambiguous manner about the data they will manage, the processing purposes, and periods. The integrity of personal data processing consents and the immutable versioning control of them are protected by a blockchain infrastructure. Finally, the paper provides a prototype implementation of the proposed platform that supports the main consents management functionality.

scholarly journals Delegation-Based Personal Data Processing Request Notarization Framework for GDPR Based on Private Blockchain

2021 ◽  
Vol 11 (22) ◽  
pp. 10574
Author(s):  
Sung-Soo Jung ◽  
Sang-Joon Lee ◽  
Ieck-Chae Euom
Keyword(s):  
Data Processing ◽  
Data Protection ◽  
Data Privacy ◽  
Personal Data ◽  
General Data Protection Regulation ◽  
Personal Data Protection ◽  
Compliance Audit ◽  
General Data ◽  
Data Controller ◽  
Data Subject

With the growing awareness regarding the importance of personal data protection, many countries have established laws and regulations to ensure data privacy and are supervising managements to comply with them. Although various studies have suggested compliance methods of the general data protection regulation (GDPR) for personal data, no method exists that can ensure the reliability and integrity of the personal data processing request records of a data subject to enable its utilization as a GDPR compliance audit proof for an auditor. In this paper, we propose a delegation-based personal data processing request notarization framework for GDPR using a private blockchain. The proposed notarization framework allows the data subject to delegate requests to process of personal data; the framework makes the requests to the data controller, which performs the processing. The generated data processing request and processing result data are stored in the blockchain ledger and notarized via a trusted institution of the blockchain network. The Hypderledger Fabric implementation of the framework demonstrates the fulfillment of system requirements and feasibility of implementing a GDPR compliance audit for the processing of personal data. The analysis results with comparisons among the related works indicate that the proposed framework provides better reliability and feasibility for the GDPR audit of personal data processing request than extant methods.

The Internet of Things From a Legal Perspective

2022 ◽  
pp. 27-49
Author(s):  
Sidi Mohamed Sidi Ahmed
Keyword(s):  
Internet Of Things ◽  
Data Protection ◽  
Smart Grids ◽  
Personal Data ◽  
The Internet ◽  
Legal Perspective ◽  
Data Protection Law ◽  
Fitness Tracker ◽  
Wearable Medical ◽  
The Internet Of Things

The internet of things (IoT) is one of successive technological waves that could have great impact on different aspects of modern life. It is being used in transport, smart grids, healthcare, environmental monitoring, logistics, as well as for processing pure personal data through a fitness tracker, wearable medical device, smartwatch, smart clothing, wearable camera, and so forth. From a legal viewpoint, processing personal data has to be done in accordance with rules of data protection law. This law aims to protect data from collection to retention. It usually applies to the processing of personal data that identifies or can identify a specific natural person. Strict adherence to this law is necessary for protecting personal data from being misused and also for promoting the IoT industry. This chapter discusses the applicability of the data protection law to IoT and the consequences of non-compliance with this law. It also provides recommendations on how to effectively comply with the data protection law in the IoT environment.

scholarly journals Can the Internet Forget? – Rhe Eight to be Forgotten in the EU Law and its Actual Impact on the Internet. Comparison of the Approaches Towards the Notion and Assessment of its Effectiveness

2020 ◽  
Vol 9 (1) ◽  
pp. 86-101
Author(s):  
Aleksandra Gebuza
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
The Internet ◽  
Eu Law ◽  
General Data Protection Regulation ◽  
Actual Impact ◽  
Right To Be Forgotten ◽  
General Data ◽  
The Right ◽  
The Eu

AbstractThe main aim of the article is to provide analysis on the notion of the right to be forgotten developed by the CJEU in the ruling Google v. AEPD & Gonzalez and by the General Data Protection Regulation within the context of the processing of personal data on the Internet. The analysis provides the comparison of approach towards the notion between European and American jurisprudence and doctrine, in order to demonstrate the scale of difficulty in applying the concept in practice.

scholarly journals Identification of IoT Actors

Sensors ◽  
2021 ◽  
Vol 21 (6) ◽  
pp. 2093 ◽  
Author(s):  
Suada Hadzovic ◽  
Sasa Mrdovic ◽  
Milutin Radonjic
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Computing Power ◽  
General Data Protection Regulation ◽  
Personal Data Protection ◽  
Data Processor ◽  
General Data ◽  
Data Controller ◽  
Dew Computing ◽  
The Internet Of Things

The Internet of Things (IoT) is a leading trend with numerous opportunities accompanied by advantages as well as disadvantages. Parallel with IoT development, significant privacy and personal data protection challenges are also growing. In this regard, the General Data Protection Regulation (GDPR) is often considered the world’s strongest set of data protection rules and has proven to be a catalyst for many countries around the world. The concepts and interaction of the data controller, the joint controllers, and the data processor play a key role in the implementation of the GDPR. Therefore, clarifying the blurred IoT actors’ relationships to determine corresponding responsibilities is necessary. Given the IoT transformation reflected in shifting computing power from cloud to the edge, in this research we have considered how these computing paradigms are affecting IoT actors. In this regard, we have introduced identification of IoT actors according to a new five-computing layer IoT model based on the cloud, fog, edge, mist, and dew computing. Our conclusion is that identifying IoT actors in the light of the corresponding IoT data manager roles could be useful in determining the responsibilities of IoT actors for their compliance with data protection and privacy rules.

scholarly journals DATA PROTECTION CHALLENGES IN THE INTERNET OF THINGS ERA: AN ASSESSMENT OF PROTECTION OFFERED BY PDPA 2010

2019 ◽  
Vol 4 (17) ◽  
pp. 01-12
Author(s):  
Sidi Mohamed Sidi Ahmed ◽  
Sonny Zulhuda
Keyword(s):  
Internet Of Things ◽  
Data Protection ◽  
Comparative Method ◽  
Personal Data ◽  
The Internet ◽  
Privacy And Security ◽  
Personal Data Protection ◽  
Data Protection Law ◽  
Legal Frameworks ◽  
The Internet Of Things

The Internet of Things (IoT) is an emerging technology of the 21st century. It is described as the first real evolution of the Internet that could positively or negatively affect all aspects of life. The basic idea of the IoT revolves around connecting things and objects (persons, animals, cars, trees, etc.) to the Internet and enabling them to communicate and then process (generate, receive, send, etc.) data about themselves and the environment surrounding them. Without a doubt, the IoT will bring countless benefits and provide timely-data and information about places and objects. However, the IoT, like other technologies, has disadvantages especially in terms of privacy and security of data. Particularly, the IoT might challenge personal data protection law and misgive its ability to effectively stand in the rapid successive technology waves. As the most important law relating to the protection of personal data in Malaysia, the Personal Data Protection Act (PDPA) 2010 could be used as a benchmark for assessing the adequacy of data protection law in the country. Thus, this paper attempts to shed light on data protection challenges in the IoT era and then assess the adequacy of this Act in dealing with those challenges. The paper employs a legal doctrinal method to analyze the legal frameworks relevant to personal data protection. It may also use a comparative method to compare the PDPA with its counterparts in other countries. A study such as this is arguably useful and timely as Malaysia is already embarked in the IoT caravan with the vision of being “the Premier Regional IoT Development Hub.”

Sign in / Sign up

Export Citation Format

Share Document