Germany ∙ Higher Administrative Court Confirms Proportionality of Data Protection and Security Measures as Auxiliary Provisions

The electronic record may be subject to abuses that can be carried out on a large scale and cause great damage. A wide range of data protection and information security measures will need to be taken to ensure the quality and integrity of such records. A European Union directive was formally adopted in 1995 which sets the obligations of those responsible for data processing as well as a number of important rights for individuals. The responsible teleconsultant or medical officer, as the data controller, must make sure these measures are enforced. In the case of the transmission of medical records to another location, the original data controller may remain liable for abuses. But as different elements of the records are spread throughout the different departments of a hospital or across different geographical locations, it may become difficult to ascertain who is responsible for protecting and controlling what. To this end, the designation of liability by contractual means, between the hospitals and remote users of a telemedicine network, would be the clearest and most straightforward way of achieving uniformity and predictability in terms of the distribution of responsibility for data protection and security.

Download Full-text

5. The data protection principles

10.1093/he/9780198787556.003.0005 ◽

2017 ◽

Author(s):

Ian J. Lloyd

Keyword(s):

Data Protection ◽

Data Use ◽

Personal Data ◽

Third Party ◽

Security Measures ◽

Data Controller

This chapter focuses on the data protection principles under the Data Protection Act 1998. It considers to what extent and under what conditions a data controller may lawfully process personal data. Use may take a variety of forms and will include disclosure of data to a third party. It also looks at the operation of the principle requiring users to adopt appropriate security measures.

Download Full-text

The General Data Protection Regulation in Plain Language

10.5117/9789463726511 ◽

2020 ◽

Author(s):

Bart Sloot

Keyword(s):

Data Protection ◽

The European Union ◽

Security Measures ◽

Plain Language ◽

Process Data ◽

General Data Protection Regulation ◽

General Data ◽

Data Portability ◽

Right To Information ◽

The Right

The General Data Protection Regulation in Plain Language is a guide for anyone interested in the much-discussed rules of the GDPR. In this legislation, which came into force in 2018, the European Union meticulously describes what you can and cannot do with data about other people. Violating these rules can lead to a fine of up to 20 million euros. This book sets out the most important obligations of individuals and organisations that process data about others. These include taking technical security measures, carrying out an impact assessment and registering all data-processing procedures within an organisation. It also discusses the rights of citizens whose data are processed, such as the right to be forgotten, the right to information and the right to data portability.

Download Full-text

Respecting the GDPR in Online Interviewed Focus Groups

Journal of Audiovisual Translation ◽

10.47476/jat.v4i2.2021.175 ◽

2021 ◽

Vol 4 (2) ◽

Author(s):

Carolina Goberna Caride

Keyword(s):

Focus Groups ◽

Data Protection ◽

Personal Data ◽

Security Measures ◽

National Data ◽

Legal Requirements ◽

Legal Reason ◽

Social Distancing ◽

Research Procedure ◽

Group Interviews

Since March 2020 the Corona virus has limited personal encounters due to social distancing measures. Thus, many data collection techniques relying on face-to-face interaction, like interviews or Focus Groups (FG), are now being practised in online environments. Such change requires the implementation of innovative measures to comply with Regulation EU 2016/679 (GDPR) and obey national data protection laws. Processing personal data of voluntary participants has to have a lawful ground and a clear purpose behind it. Moreover, the researcher has to respect legal requirements and principles for processing personal data, provide the participants with information about the research procedure and apply security measures to avoid risks to the rights and freedoms of individuals. This process has to apply to any interaction mediated by Web-Conferencing Systems (WCS). The purpose of this paper is to describe the legal requirements for conducting online interviews or FG under social distancing conditions. The project of reference for the application of these requirements is the EU Horizon2020 HELIOS project consisting of the development of a decentralised social media platform. Lay summary At universities or in industry researchers can interview people personally to test, for instance, the use of a specific technology. The objective is to collect data for future improvements. In 2020 people all over the world found themselves in a pandemic. The Covid-19 limited social meetings with beloved ones and also restricted the work of scientific researchers. Individual or group interviews could not take place in presence. Thus, a solution was seen in online conferencing platforms such as Zoom. Modifying the space and the way in which an interview takes place poses some legal challenges regarding data protection. Such conversations with individuals always have to apply European and national data protection laws. Among other things, this means that there needs to be a specific legal reason to process personal data and a specific purpose behind the interview. Additionally, the researcher has to inform participants about all the legal terms, legal guarantees and research procedure. All this applies as well if online conferencing platforms are used. In this article, you can find a description of the necessary legal steps to develop online interviews with individuals or focus groups and fulfil European data protection requirements.

Download Full-text

Online Banking Security Measures and Data Protection

10.4018/978-1-5225-0864-9 ◽

2017 ◽

Cited By ~ 2

Keyword(s):

Data Protection ◽

Online Banking ◽

Security Measures

Download Full-text

Data Protection and Data Security Regarding Grid Computing in Biomedical Research

Handbook of Research on Computational Grid Technologies for Life Sciences, Biomedicine, and Healthcare ◽

10.4018/978-1-60566-374-6.ch005 ◽

2011 ◽

pp. 76-89

Author(s):

Yassene Mohammed ◽

Fred Viezens ◽

Frank Dickmann ◽

Juergen Falkner ◽

Thomas Lingner

Keyword(s):

Grid Computing ◽

Data Protection ◽

Data Security ◽

High Energy Physics ◽

Legal Aspects ◽

Security And Privacy ◽

Special Focus ◽

Security Measures ◽

Security Technology ◽

Grid Security

This chapter describes security and privacy issues within the scope of biomedical Grid Computing. Grid Computing is of rising interest for life sciences (Konagaya, 2006) and has been used since many years in sciences like high energy physics. Anyhow, medical applications on the grid require a special focus on data security and data protection issues. Based on general security and privacy rules, the authors describe the current state of the art of grid security. Then they describe which additional security measures have to be established in different biomedical grid scenarios. Legal aspects have to be taken into account as well as the current possibilities and flaws of grid security technology. Describing the enhanced security concept in MediGRID (MediGRID, 2005) they outline how medical Grid Computing could fulfill privacy regulations used in more demanding environments.

Download Full-text

5. The data protection principles

Information Technology Law ◽

10.1093/he/9780198830559.003.0005 ◽

2020 ◽

pp. 71-91

Author(s):

Ian J. Lloyd

Keyword(s):

Data Protection ◽

Large Scale ◽

Personal Data ◽

Cyber Attacks ◽

Third Parties ◽

Security Measures ◽

Unauthorized Access ◽

News Stories ◽

General Data ◽

The Right

The notion that data controllers should comply with a set of general data protection principles has been a feature of data protection statutes from the earliest days. As well as imposing obligations on controllers, the principles also confer rights – most notably relating to subject access on data subjects. This chapter will consider the scope and extent of the principles paying particular attention to the requirement that personal data be processed fairly and lawfully. A topic of more recent interest relates to the length of time for which data may be held and made available to third parties. Often referred to as involving the “right to be forgotten”, this is especially relevant to the operation of search engines which make it easy for users to find news stories what would have passed into obscurity in previous eras. The chapter considers also at the operation of the principle requiring users to adopt appropriate security measures against unauthorized access, a topic which is of particular relevance given recent and well publicised large-scale cyber-attacks.

Download Full-text

Compatibility of a Security Policy for a Cloud-Based Healthcare System with the EU General Data Protection Regulation (GDPR)

Information ◽

10.3390/info11120586 ◽

2020 ◽

Vol 11 (12) ◽

pp. 586

Author(s):

Dimitra Georgiou ◽

Costas Lambrinoudakis

Keyword(s):

Healthcare System ◽

Data Protection ◽

Security Policy ◽

Personal Data ◽

Legal Framework ◽

Healthcare Systems ◽

Security And Privacy ◽

Security Measures ◽

General Data Protection Regulation ◽

General Data

Currently, there are several challenges that cloud-based healthcare systems around the world are facing. The most important issue is to ensure security and privacy, or in other words, to ensure the confidentiality, integrity, and availability of the data. Although the main provisions for data security and privacy were present in the former legal framework for the protection of personal data, the General Data Protection Regulation (GDPR) introduces new concepts and new requirements. In this paper, we present the main changes and the key challenges of the GDPR and, at the same time, we present how a cloud-based security policy could be modified in order to be compliant with the GDPR, as well as how cloud environments can assist developers to build secure and GDPR compliant cloud-based healthcare systems. The major concept of this paper is dual-purpose; primarily, to facilitate cloud providers in comprehending the framework of the new GDPR and secondly, to identify security measures and security policy rules, for the protection of sensitive data in a cloud-based healthcare system, following our risk-based security policy methodology that assesses the associated security risks and takes into account different requirements from patients, hospitals, and various other professional and organizational actors.

Download Full-text

Data protection for networked and robotic toys - a legal perspective

The International Review of Information Ethics ◽

10.29173/irie101 ◽

2018 ◽

Vol 27 ◽

Author(s):

Rocco Panetta ◽

Federico Sartore

Keyword(s):

Data Protection ◽

Codes Of Conduct ◽

Personal Data ◽

Legal Framework ◽

Fundamental Rights ◽

Security Measures ◽

General Data Protection Regulation ◽

Legal Perspective ◽

Psychological Maturity ◽

Iot Devices

This paper is aimed to understand the state of the art and the resulting consequences of the legal framework in Europe, with regard to the protection of children's data. Especially when they interact with networked and robotic toys, like in 'My friend Cayla' case. In order to evaluate the practical implications of the use of IoT devices by children or teenager users, the first part of the paper presents an analysis of the international guiding principles of the protection of minors, a category which enjoys a higher level of protection of their fundamental rights, due to their condition of lack of physical and psychological maturity. Secondly, the focus is moved upon the protection of personal data of children. Only after confronting previous data protection legal instruments and having compared them with the novelties set forth in General Data Protection Regulation, it is reasonable to assume that new provisions such as "privacy by design" principle, adequacy of security measures and codes of conduct, can support data controllers in ensuring compliance (in line with the accountability principle) in the field of IoT toys. In conclusion, the paper supports a view of Data Protection Authorities as a relevant player in enhancing these renovated tools in order to achieve the protection of children's rights, as to ensure their substantial protection against the threats of the interconnected world.

Download Full-text