Normative legal mechanism for ensuring cyberspace security of Thailand

Legal Mechanism ◽

Cyberspace Security

The object of this research is the legal relations that emerge in the context of implementation of measures for ensuring cybersecurity. Characteristic is given to the provisions of the normative legal acts of Thailand in the sphere of cybersecurity. The article author explores the peculiarities of such policy and regulatory documents as Thai National Cybersecurity Strategy for 2017–2021, Policy and Plan for National Security (2019–2022), Cyber Crime Act of 2007 (revised in 2017), Criminal Code of 1956 (revised in 2019), Personal Data Protection Act of 2017, and Cybersecurity Act of 2019. The author reveals the peculiarities of normative legal mechanism for ensuring cyberspace security in Thailand. In its policy documents, Thailand does not determine the major information threats in domestic and foreign spheres or the priorities in the development of cybersecurity system, but rather outlines the range of national interests and sets the tasks may propel it to the regional leadership. The laws are elaborated with consideration of the latest trends in the sphere of information technologies,, and include in the scope of regulation such questions as the protection of personal data, computer and information systems, and critical information infrastructure. The vertical framework of state administration and monitoring, as well as the range of powers of the competent bodies are established on the legislative level. In the sphere of protection of personal data, Thai legislation extensively duplicates the provisions of the General Data Protection Regulation of the European Union. A distinctive feature of the normative legal acts consists in legal substantiation of restriction of human rights and freedoms in the context of implementation of such provisions.

Data Protection Impact Assessment (DPIA) for Cloud-Based Health Organizations

Future Internet ◽

10.3390/fi13030066 ◽

2021 ◽

Vol 13 (3) ◽

pp. 66

Author(s):

Dimitra Georgiou ◽

Costas Lambrinoudakis

Keyword(s):

Impact Assessment ◽

Data Protection ◽

Gap Analysis ◽

Health Care Organization ◽

Personal Data ◽

Care Organization ◽

The European Union ◽

Compliance Level

The General Data Protection Regulation (GDPR) harmonizes personal data protection laws across the European Union, affecting all sectors including the healthcare industry. For processing operations that pose a high risk for data subjects, a Data Protection Impact Assessment (DPIA) is mandatory from May 2018. Taking into account the criticality of the process and the importance of its results, for the protection of the patients’ health data, as well as the complexity involved and the lack of past experience in applying such methodologies in healthcare environments, this paper presents the main steps of a DPIA study and provides guidelines on how to carry them out effectively. To this respect, the Privacy Impact Assessment, Commission Nationale de l’Informatique et des Libertés (PIA-CNIL) methodology has been employed, which is also compliant with the privacy impact assessment tasks described in ISO/IEC 29134:2017. The work presented in this paper focuses on the first two steps of the DPIA methodology and more specifically on the identification of the Purposes of Processing and of the data categories involved in each of them, as well as on the evaluation of the organization’s GDPR compliance level and of the gaps (Gap Analysis) that must be filled-in. The main contribution of this work is the identification of the main organizational and legal requirements that must be fulfilled by the health care organization. This research sets the legal grounds for data processing, according to the GDPR and is highly relevant to any processing of personal data, as it helps to structure the process, as well as be aware of data protection issues and the relevant legislation.

Data Sharing Under the General Data Protection Regulation

Hypertension ◽

10.1161/hypertensionaha.120.16340 ◽

2021 ◽

Vol 77 (4) ◽

pp. 1029-1035

Author(s):

Antonia Vlahou ◽

Dara Hallinan ◽

Rolf Apweiler ◽

Angel Argiles ◽

Joachim Beige ◽

...

Keyword(s):

European Union ◽

Data Protection ◽

Personal Data ◽

Research Approach ◽

The European Union ◽

Protection Legislation ◽

General Data ◽

Almost All

The General Data Protection Regulation (GDPR) became binding law in the European Union Member States in 2018, as a step toward harmonizing personal data protection legislation in the European Union. The Regulation governs almost all types of personal data processing, hence, also, those pertaining to biomedical research. The purpose of this article is to highlight the main practical issues related to data and biological sample sharing that biomedical researchers face regularly, and to specify how these are addressed in the context of GDPR, after consulting with ethics/legal experts. We identify areas in which clarifications of the GDPR are needed, particularly those related to consent requirements by study participants. Amendments should target the following: (1) restricting exceptions based on national laws and increasing harmonization, (2) confirming the concept of broad consent, and (3) defining a roadmap for secondary use of data. These changes will be achieved by acknowledged learned societies in the field taking the lead in preparing a document giving guidance for the optimal interpretation of the GDPR, which will be finalized following a period of commenting by a broad multistakeholder audience. In parallel, promoting engagement and education of the public in the relevant issues (such as different consent types or residual risk for re-identification), on both local/national and international levels, is considered critical for advancement. We hope that this article will open this broad discussion involving all major stakeholders, toward optimizing the GDPR and allowing a harmonized transnational research approach.

GDPR implementation as the main reason for the regional fragmentation in the online mediasphere

E3S Web of Conferences ◽

10.1051/e3sconf/202127308099 ◽

2021 ◽

Vol 273 ◽

pp. 08099

Author(s):

Mikhail Smolenskiy ◽

Nikolay Levshin

Keyword(s):

European Union ◽

Data Protection ◽

Personal Data ◽

Main Role ◽

The European Union ◽

Protection Measures ◽

The Usa ◽

General Data

The EU’s General Data Protection Regulation (GDPR) applies not only to the territory of the European Union, but also to all information systems containing data of EU’s citizens around the world. Misusing or carelessly handling personal data bring fines of up to 20 million euros or 4% of the annual turnover of the offending company. This article analyzes the main trends in the global implementation of the GDPR. Authors considered and analyzed results of personal data protection measures in nineteen regions: The USA, Canada, China, France, Germany, India, Kazakhstan, Nigeria, Russia, South Korea and Thailand, as well as the European Union and a handful of other. This allowed identifying a direct pattern between the global tightening of EU’s citizens personal data protection and the fragmentation of the global mediasphere into separate national segments. As a result of the study, the authors conclude that GDPR has finally slowed down the globalization of the online mediasphere, playing a main role in its regional fragmentation.

Credit-Based Insurance Scores: some Observations in the Light of the European General Data Protection Regulation

Cuadernos Europeos de Deusto ◽

10.18543/ced-62-2020pp155-186 ◽

2020 ◽

pp. 155-186

Author(s):

María Dolores Mas Badia

Keyword(s):

Data Protection ◽

Personal Data ◽

Insurance Companies ◽

The European Union ◽

History Data ◽

Credit History ◽

Automated Processing ◽

General Data

Despite the differences between credit risk and insurance risk, in many countries large insurance companies include credit history amongst the information to be taken into account when assigning consumers to risk pools and deciding whether or not to offer them an auto or homeowner insurance policy, or to determine the premium that they should pay. In this study, I will try to establish some conclusions concerning the requirements and limits that the use of credit history data by insurers in the European Union should be subject to. In order to do this, I shall focus my attention primarily on Regulation (EU) 2016/679. This regulation, that came into force on 24 May 2018, not only forms the backbone of personal data protection in the EU, but is also set to become a model for regulation beyond the borders of the Union. This article will concentrate on two main aspects: the lawful basis for the processing of credit history data by insurers, and the rules that should apply to decisions based solely on automated processing, including profiling.Received: 30 December 2019Accepted: 07 February 2020Published online: 02 April 2020

OpenEHR and General Data Protection Regulation: Evaluation of Principles and Requirements (Preprint)

10.2196/preprints.9845 ◽

2018 ◽

Author(s):

Duarte Gonçalves-Ferreira ◽

Mariana Sousa ◽

Gustavo M Bacelar-Silva ◽

Samuel Frade ◽

Luís Filipe Antunes ◽

...

Keyword(s):

Data Protection ◽

Personal Data ◽

Design Principles ◽

Security And Privacy ◽

The European Union ◽

Health Records ◽

General Data ◽

The Common

BACKGROUND Concerns about privacy and personal data protection resulted in reforms of the existing legislation in the European Union (EU). The General Data Protection Regulation (GDPR) aims to reform the existing directive on the topic of personal data protection of EU citizens with a strong emphasis on more control of the citizens over their data and in the establishment of rules for the processing of personal data. OpenEHR is a standard that embodies many principles of interoperable and secure software for electronic health records (EHRs) and has been advocated as the best approach for the development of hospital information systems. OBJECTIVE This study aimed to understand to what extent the openEHR standard can help in the compliance of EHR systems to the GDPR requirements. METHODS A list of requirements for an EHR to support GDPR compliance and also a list of the openEHR design principles were made. The requirements were categorized and compared with the principles by experts on openEHR and GDPR. RESULTS A total of 50 GDPR requirements and 8 openEHR design principles were identified. The openEHR principles conformed to 30% (15/50) of GDPR requirements. All the openEHR principles were aligned with GDPR requirements. CONCLUSIONS This study showed that the openEHR principles conform well to GDPR, underlining the common wisdom that truly realizing security and privacy requires it to be built in from the start. By using an openEHR-based EHR, the institutions are closer to becoming compliant with GDPR while safeguarding the medical data.

The GDPR at the Organizational Level: A Comparative Study of Eight European Countries

E+M Ekonomie a Management ◽

10.15240/tul/001/2021-2-013 ◽

2021 ◽

Vol 24 (2) ◽

pp. 207-222

Author(s):

Marek Zanker ◽

Vladimír Bureš ◽

Anna Cierniak-Emerych ◽

Martin Nehéz

Keyword(s):

Data Collection ◽

Data Protection ◽

Subjective Evaluation ◽

Personal Data ◽

Subjective Assessment ◽

Organizational Level ◽

Correct Identification ◽

The European Union ◽

Personal Data Protection

The General Data Protection Regulation, also known as the ‘gold standard’ or the ‘Magna Carta’ of cyber laws, is a European regulation that deals with rights in the area of privacy and focuses on data collection, storage and data processing. This manuscript presents the results of investigation in the business sphere from eight countries of the European Union. The research focused on awareness of the GDPR, costs associated with the GDPR, number of trainings, how data are secured and subjective evaluation. The questionnaire was used for data collection. The results show that the majority of employees concerned about the GDPR are able to define the GDPR correctly (64%). The correct identification of personal data is in 95% of cases. The vast majority of respondents (94%) assign the right to personal data protection to the GDPR. Most employees are trained in the GDPR once (46%) or twice (45%). Subsequently, the differences between these countries in some areas of the questionnaire survey were examined. For this purpose, Welch ANOVA with post-test Tukey HSD or Kruskal-Wallis test were used. As a result, knowledge about the personal data do not vary significantly between the countries. In the area of rights, the countries are not again statistically different. As for the number of security countries, statistics do not differ significantly. The subjective assessment of the GDPR is different across the countries. The GDPR is rated worst by companies in the Czech Republic and Slovakia. On the contrary, the GDPR is best perceived by companies in France and the United Kingdom.

Certain aspects of personal data protection in the social network: european experience and legislative regulation in Ukraine

Revista Amazonia Investiga ◽

10.34069/ai/2020.27.03.42 ◽

2020 ◽

Vol 9 (27) ◽

pp. 383-390 ◽

Cited By ~ 1

Author(s):

Iryna Davydova ◽

Olena Bernaz-Lukavetska ◽

Semen Reznichenko

Keyword(s):

Social Network ◽

Data Protection ◽

Personal Data ◽

Eu Law ◽

The European Union ◽

European Legislation ◽

The Social ◽

The Individual

The purpose of this study is to examine some aspects of personal data protection in the social network, a comparative analysis of the protection of personal data in the social network under Ukrainian and European legislation, namely the General Data Protection Regulation of the European Union. The methods used in this work are: dialectical, comparative-legal, formal-logical, analysis and dogmatic interpretation. Each of these methods was used in the study to understand and qualitatively explain to the audience categories the individual aspects of personal data protection on the social network. This article reveals the notion of: personal data in the social network, the features of their collection, storage and protection in accordance with European legislation and the development of proposals aimed at improving these processes in Ukraine. The research also addresses the following issues: Features of managing consent to the processing of personal data that have already been obtained; who can act as an "operator" under EU law and what actions he can take; who can act as "controller" and what functions it performs. The article concludes that there is an urgent need to streamline Ukrainian domestic legislation in line with EU law, which should result in a new law on personal data protection that complies with GDPR norms. As a result, a new law on personal data protection may soon emerge in Ukraine, replacing the outdated Law of Ukraine “On Personal Data Protection” of 01.06.2010, which is a “mirror” of the repealed Directive 95/46/EC of the European Parliament and of the Council.

Personal Data Protection in the Decision-Making of the CJEU Before and After the Lisbon Treaty

TalTech Journal of European Studies ◽

10.2478/bjes-2021-0020 ◽

2021 ◽

Vol 11 (2) ◽

pp. 167-188

Author(s):

Ondřej Pavelek ◽

Drahomíra Zajíčková

Keyword(s):

Decision Making ◽

Data Protection ◽

Online Communication ◽

Personal Data ◽

The European Union ◽

Eu Legislation ◽

Before And After ◽

Long Time

Abstract Personal data protection is one of the important areas of the EU’s operation and the general public is especially aware of the General Data Protection Regulation (GDPR). However, personal data protection has been an issue in the EU for a long time. The Court of Justice of the European Union (CJEU) plays a major role in personal data protection as their function is to interpret EU law and thus also EU legislation related to personal data protection. Until now, research papers have tackled specific issues related to interpreting EU legislation or analyses of specific decisions made by the CJEU. However, no comprehensive empirical legal study has been published so far which would evaluate the decision-making of the CJEU in the area of personal data protection using a combination of quantitative and qualitative methods. Therefore, no analysis has been carried out to determine how many decisions of the CJEU have been related to personal data protection, how their number has increased, or which participants and from which areas have participated in the proceedings. The results of the analysis presented here can be used as a basis for studying the future development of the CJEU’s decision-making in the area of personal data protection in relation to digitization and especially to the COVID-19 pandemic, which undoubtedly has contributed to a significant increase in online communication, posing new challenges towards a more efficient personal data protection in the online world.

SEVERAL QUESTIONS REGARDING THE RULES FOR THE PROTECTION OF PERSONAL DATA IN KINDERGARTEN

Education and Technologies Journal ◽

10.26883/2010.211.3282 ◽

2021 ◽

Vol 12 (1) ◽

pp. 261-268

Author(s):

Angel Manchev ◽

Keyword(s):

Data Protection ◽

Technological Progress ◽

Data Exchange ◽

Personal Data ◽

The European Union ◽

The Core ◽

General Data ◽

The Republic

The protection of personal data is one of the core values of modern European societies. This protection is provided by the law of the European Union and by the national legislations of the Member States, to which the Republic of Bulgaria also belongs. As of May 25, 2018, the protection of personal data is being expanded and updated in response to technological progress and the increasingly accelerated data exchange. The reason for this is the entry into force of Regulation (EU ) 2016/679 (General Data Protection Regulation, GDPR) and the changes in our national law that it imposes. In the sense of what has been said so far, the issues of personal data protection in children’s institutions are especially relevant, because these organizations actively handle personal data at any level of children, parents, teachers and staff. In this article, we will try to give short answers to some of the most important questions regarding personal data and the rules for their protection, according to European and Bulgarian legislation.

Privacy in the Era of Big Data: Unlocking the Blue Oceans of Data Paradigm in Malaysia

Malaysian Journal of Social Sciences and Humanities (MJSSH) ◽

10.47405/mjssh.v6i5.780 ◽

2021 ◽

Vol 6 (5) ◽

pp. 203-212

Author(s):

Atiqah Azman ◽

Nur Shaura Azrin Binti Azman ◽

Nurul Sahira Binti Kamal Azwan ◽

Sherie Aneesa Binti Johary Al Bakry ◽

Wan Nur Afiqah Binti Wan Daud ◽

...

Keyword(s):

Big Data ◽

Data Protection ◽

National Policy ◽

Big Data Analytics ◽

Personal Data ◽

Business Environment ◽

Fundamental Rights ◽

The European Union ◽

Personal Data Protection

Big Data has revolutionized the process of online activities such as marketing and advertisement based on individual preferences in the eCommerce industry. In Malaysia, the integration of Big Data in the commercial and business environment is keenly felt by establishing the National Big Data Analytics Framework catalyzing further economic growth in all sectors. However, the distinct features of Big Data spawn issues relating to privacy, such as data profiling, lack of transparency regarding privacy policies, accidental disclosures of data, false data or false analytics results. Hence, this research provides an insight into the intersection between Big Data and an individual's fundamental rights. The trade-off between privacy breaching and preserving is becoming more intense due to the rapid advancement of Big Data. Suggesting comparative analysis method as the data analysis approach, the adequacy of the Malaysian Personal Data Protection Act 2010 (PDPA 2010) in governing the risks of Big Data is evaluated against the European Union General Data Protection Regulation (GDPR) in managing the risk arising from the integration of Big Data. This research is hoped to initiate the improvement to the legislative framework, provides fundamentals to the formulation of national policy, and creation of specific law on Big Data in Malaysia, which will subsequently benefit industrial players and stakeholders.