scholarly journals Diagnostic of Data Processing by Brazilian Organizations—A Low Compliance Issue

Information ◽  
2021 ◽  
Vol 12 (4) ◽  
pp. 168
Author(s):  
Sâmmara Éllen Renner Ferrão ◽  
Artur Potiguara Carvalho ◽  
Edna Dias Canedo ◽  
Alana Paula Barbosa Mota ◽  
Pedro Henrique Teixeira Costa ◽  
...  
Keyword(s):  
Personal Data ◽  
Good Faith ◽  
Public Access ◽  
Communication Process ◽  
Public And Private ◽  
Brazilian Government ◽  
Or Methodology ◽  
General Data ◽  
Data Protection Law ◽  
Compliance Issue

In order to guarantee the privacy of users’ data, the Brazilian government created the Brazilian General Data Protection Law (LGPD). This article made a diagnostic of Brazilian organizations in relation to their suitability for LGPD, based on the perception of Information Technology (IT) practitioners who work in these organizations. We used a survey with 41 questions to diagnose different Brazilian organizations, both public and private. The diagnostic questionnaire was answered by 105 IT practitioners. The results show that 27% of organizations process personal data of public access based on good faith and LGPD principles. In addition, our findings also revealed that 16.3% of organizations have not established a procedure or methodology to verify that the LGPD principles are being respected during the development of services that will handle personal data from the product or service design phase to its execution and 20% of the organizations did not establish a communication process to the personal data holders, regarding the possible data breaches. The result of the diagnostic allows organizations and data users to have an overview of how the treatment of personal data of their customers is being treated and which points of attention are in relation to the principles of LGPD.

scholarly journals Adequação da MOSE® Competence para a Implementação do Capítulo VII da LGPD: Um Mapeamento dos Ativos de Segurança e Boas Práticas

2021 ◽  
Author(s):  
Maykon Araújo de Souza ◽  
Sandro Ronaldo Bezerra Oliveira
Keyword(s):  
Research Question ◽  
Personal Data ◽  
Private Companies ◽  
Public And Private ◽  
Good Practices ◽  
Goods And Services ◽  
Brazilian Government ◽  
General Data ◽  
Definition Of ◽  
Specific Section

This study presents a mapping of the assets present in the Guiding Model for the Success of Public and Private Companies (MOSE) and the articles included in the General Data Protection Law (LGPD) of the Brazilian Government, with regard to Security and Good Practices in Chapter VII of this law. The theme becomes relevant, as more and more companies from different contexts need to implement the articles contained in this law in order to adhere to the standard of regulation of personal data processing activities defined by the Brazilian Federal Government. However, this law still needs guidelines for its proper implementation based on the adoption of good practices in models, methods and/or techniques available in the specialized literature. One of these instruments refers to the MOSE, which helps public and private companies to achieve levels of excellence in performance, governance and quality, in the production of goods and services, based on the use of practices and indicators specific to the area of knowledge or specialty. Thus, the research question guiding this work is: how to correspond/map the practices included in the MOSE to guide the implementation of the articles of the LGPD law? The methodology adopted was the asset mapping, described in a specific section of the paper, which included the following steps: definition of the LGPD chapter that focuses on data security management; definition of the model and law structures, and their inputs to be analyzed; identification of the description of each asset; analysis of correspondence between assets; evaluation of the mapping using the peer review technique with expert in the two target standards of this research. The result was the perception that 33% of the MOSE’s competences goals, with the appropriate adjustments, have total adherence with 100% of the security and good pratices assets of LGPD. This mapping is intended to provide assistance in defining a roadmap containing activities, work products, tools, indicators and expected results to achieve the goals defined in the LGPD.

The Risk-Based Approach to Data Protection

2020 ◽  
Author(s):  
Raphaël Gellert
Keyword(s):  
Risk Management ◽  
Data Protection ◽  
Personal Data ◽  
Management Tools ◽  
General Data Protection Regulation ◽  
Regulation Theory ◽  
Régulation Theory ◽  
General Data ◽  
Data Protection Law ◽  
The Way

The main goal of this book is to provide an understanding of what is commonly referred to as “the risk-based approach to data protection”. An expression that came to the fore during the overhaul process of the EU’s General Data Protection Regulation (GDPR)—even though it can also be found in other statutes under different acceptations. At its core it consists in endowing the regulated organisation that process personal data with increased responsibility for complying with data protection mandates. Such increased compliance duties are performed through risk management tools. It addresses this topic from various perspectives. In framing the risk-based approach as the latest model of a series of regulation models, the book provides an analysis of data protection law from the perspective of regulation theory as well as risk and risk management literatures, and their mutual interlinkages. Further, it provides an overview of the policy developments that led to the adoption of such an approach, which it discusses in the light of regulation theory. It also includes various discussions pertaining to the risk-based approach’s scope and meaning, to the way it has been uptaken in statutes including key provisions such as accountability and data protection impact assessments, or to its potential and limitations. Finally, it analyses how the risk-based approach can be implemented in practice by providing technical analyses of various data protection risk management methodologies.

scholarly journals General Data Protection Law

2021 ◽  
Vol 20 ◽  
pp. e3220
Author(s):  
Cristiane Krüger ◽  
Adriana Cristina Castanho Baldassari ◽  
Luis Felipe Dias Lopes ◽  
Lizana Ilha da Silva
Keyword(s):  
Data Protection ◽  
Structural Equation ◽  
Personal Data ◽  
Survey Study ◽  
Equation Modeling ◽  
Online Questionnaire ◽  
Accounting Professionals ◽  
Technological Advances ◽  
General Data ◽  
Data Protection Law

Technological advances make it possible to quickly access and share personal data and information, which demands greater security and requires conscious attitudes from the different professionals who deal with these issues. Accounting professionals stand out in this universe for being responsible for customer, supplier, and employee data. The information insecurity scenario led to the creation of the General Data Protection Law (GDPL), a specific legislation for personal data handling. Driven by this context, this research aimed to analyze the GDPL compliance determinants among accounting professionals. In order to achieve this purpose, we conducted a quantitative, descriptive, survey study. For data collection, we developed and applied an online questionnaire addressed to accounting professionals. The final surveyed sample totaled 194 respondents. We performed the data analysis through Structural Equation Modeling. The validated model showed the dimensions of personal behaviors and attitudes and governance mechanisms as determinants, explaining 26.3% of GDPL compliance. This research contributes to the understanding of behavioral aspects of accounting professionals in face of the new legislation. It is an unprecedented approach and fills a gap in the accounting area, presenting useful contributions for educational institutions, class associations, and companies in the area.

scholarly journals The Protection of Consumer’s Personal Data and the Electronic Geodiscrimination Practice

2021 ◽  
Vol 49 (1) ◽  
pp. 709-731
Author(s):  
Bárbara Guerra Chala ◽  
Cíntia Burille ◽  
Lucas Moreschi Paulo
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Research Technique ◽  
Protection Legislation ◽  
Consumer Data ◽  
General Data ◽  
Data Protection Law ◽  
The Law

The purpose of this study is to analyse the General Data Protection Law for the Protection of Personal Data from the perspective of the protection of the consumer's personal data, with a view to ascertaining the main aspects of the legislation and verifying its impacts in relation to geopricing practices and geoblocking. To that effect, it begins by addressing the principles of the new legislation that inform the activity of processing personal data. Right after, the main axes of structuring the law are presented, focusing on aspects that concern the processing of consumer data. Finally, the practices of geodiscrimination will be examined, with the effect of assessing the legal treatment in relation to such techniques and how they may be affected after the entry into force of the General Data Protection Law. For that, the hypothetico-deductive methodology and the bibliographic research technique were adopted. Thus, it is observed that new data protection legislation added to the protection of consumers' rights in relation to the practices of geopricing and geoblocking, insofar as the standard was designed to prevent the disinformation of the personal data holder on the purpose of the treatment of your information and the illegitimate treatment of personal data, as well as covering the possibility of redressing the consumer who holds personal data if he experiences damage.

Personal Data in Insolvency Proceedings: The Interface between the New General Data Protection Regulation and (German) Insolvency Law

2019 ◽  
Vol 16 (6) ◽  
pp. 724-745
Author(s):  
Ronny Hauck
Keyword(s):  
Data Protection ◽  
German Law ◽  
Personal Data ◽  
Third Party ◽  
Insolvency Law ◽  
General Data Protection Regulation ◽  
General Data ◽  
Data Protection Law ◽  
Principle Of Proportionality ◽  
Insolvency Proceedings

When the General Data Protection Regulation (henceforth: GDPR) came into force, it quickly became clear that the new data protection law would strongly influence many different areas of law. This article deals with the relationship between data protection law and insolvency law, which was hardly considered before the GDPR was adopted. This relationship is particularly relevant where personal data is to be sold as asset in insolvency proceedings. As will be shown, the new data protection law imposes requirements on such data transfers which are very difficult to fulfil. The main problem is that in German law, personal data is not transferable because it is considered part of a subject’s personality. This situation is comparable to German copyright law, since the copyright itself is a non-transferable good. However, just as usage rights in copyright, the rights to use the personal data can be transferred to a third party provided that the requirements of the GDPR are satisfied. This article will comprehensively analyse under which conditions a transfer of such rights would be possible in insolvency proceedings. To create a balanced relationship between data protection law and insolvency law, the principle of proportionality is of crucial importance in this respect.

scholarly journals Aplicativos de mobilidade urbana e compartilhamento de dados de tráfego com o poder público: uma análise com base na Lei Geral de Proteção de Dados brasileira / Urban mobility applications and sharing of traffic data with public power: an analysis based on the General Data Protection Law in Brazil

2020 ◽  
Vol 12 (4) ◽  
pp. 24-50
Author(s):  
Patrícia Borba Vilar Guimarães ◽  
Yanko Marcius de Alencar Xavier ◽  
Braulio Gomes Mendes Diniz
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Sharing Economy ◽  
Traffic Data ◽  
Urban Mobility ◽  
The Right To Privacy ◽  
General Data ◽  
Data Protection Law ◽  
The Government ◽  
The Right

ResumoEste artigo avalia as possibilidades de aplicativos de mobilidade urbana compartilharem dados de tráfego com o poder público como forma de auxiliar no planejamento da mobilidade urbana. Inicialmente, apresenta-se a estrutura de organização de da economia do compartilhamento, que depende intensamente do fornecimento de dados por parte dos usuários para oferecer os serviços propostos. Em seguida, destaca-se a relevância jurídica desses dados pessoais e os fundamentos de sua proteção, por um lado, e a importância de obter dados de tráfego para o planejamento da mobilidade urbana, por outro. Definido o contexto em que o debate é proposto, avalia-se de que maneira a Lei Geral de Proteção de Dados (LGPD) brasileira aborda essa questão do compartilhamento de dados pessoais com o Estado, bem como as regras específicas de três das plataformas de serviços de transporte em operação no Brasil (Uber, Cabify e 99). A partir da análise, sugerem-se como alternativas ao compartilhamento dentro dos parâmetros legais: i) o fornecimento de dados anonimizados, agregados ou tratados de modo a preservar o direito à privacidade; ii) a preservação de segredos comercial e industrial; e iii) reforço nas políticas de privacidade quanto às regras de consentimento do usuário.Palavras-chave: Mobilidade urbana. Aplicativos. Proteção de dados. LGPD. Compartilhamento de dados. AbstractThis article assesses the possibilities for urban mobility applications to share traffic data with the government as a way to assist in planning urban mobility. Initially sharing economy is presented as which depends heavily on data provision by users to offer their proposed services. Then, it highlights the legal relevance of personal data and their protection, on the one hand, and the importance of obtaining traffic data for the planning of urban mobility, on the other. Having defined the context in which the debate is proposed, it is assessed how the Brazilian General Data Protection Law (LGPD) addresses this issue of sharing personal data with the State, as well as the specific rules of three of the service urban mobility platforms in operation in Brazil (Uber, Cabify and 99). From the analysis, the following alternatives are suggested within the brazilian legal parameters: i) the provision of anonymized data, aggregated or treated in order to preserve the right to privacy; ii) the preservation of commercial and industrial secrets; and iii) reinforcement of privacy policies regarding user consent rules.Keywords: urban mobility. Applications. Data protection. LGPD. Data sharing.

scholarly journals Research under the GDPR – a level playing field for public and private sector research?

2021 ◽  
Vol 17 (1) ◽  
Author(s):  
Paul Quinn
Keyword(s):  
Personal Data ◽  
Single Type ◽  
Public And Private ◽  
The Public ◽  
Playing Field ◽  
Advantages And Disadvantages ◽  
Societal Challenges ◽  
General Data ◽  
Economic Innovation ◽  
Public And Private Sector

AbstractScientific research is indispensable inter alia in order to treat harmful diseases, address societal challenges and foster economic innovation. Such research is not the domain of a single type of organization but can be conducted by a range of different entities in both the public and private sectors. Given that the use of personal data may be indispensable for many forms of research, the data protection framework will play an important role in determining not only what types of research may occur but also which types of actors may carry it out. This article looks at the role the EU’s General Data Regulation plays in determining which types of actors can conduct research with personal data. In doing so it focuses on the various legal bases that are available and attempts to discern whether the GDPR can be said to favour research in either the public or private domains. As this article explains, the picture is nuanced, with either type of research actor enjoying advantages and disadvantages in specific contexts.

scholarly journals Algorithms that Remember: Model Inversion Attacks and Data Protection Law

2018 ◽  
Author(s):  
Michael Veale ◽  
Reuben Binns ◽  
Lilian Edwards
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Training Data ◽  
Future Directions ◽  
Model Inversion ◽  
General Data Protection Regulation ◽  
General Data ◽  
Inference Attacks ◽  
Data Protection Law ◽  
Use Of Models

Cite as: Michael Veale, Reuben Binns and Lilian Edwards (2018) Algorithms That Remember: Model Inversion Attacks and Data Protection Law. Philosophical Transactions A, forthcoming. doi:10.1098/rsta.2018.0083Many individuals are concerned about the governance of machine learning systems and the prevention of algorithmic harms. The EU's recent General Data Protection Regulation (GDPR) has been seen as a core tool for achieving better governance of this area. While the GDPR does apply to the use of models in some limited situations, most of its provisions relate to the governance of personal data, while models have traditionally been seen as intellectual property. We present recent work from the information security literature around `model inversion' and `membership inference' attacks, which indicate that the process of turning training data into machine learned systems is not one-way, and demonstrate how this could lead some models to be legally classified as personal data. Taking this as a probing experiment, we explore the different rights and obligations this would trigger and their utility, and posit future directions for algorithmic governance and regulation.

The “Riskification” of European Data Protection Law through a two-fold Shift

2017 ◽  
Vol 8 (3) ◽  
pp. 506-540 ◽  
Author(s):  
Milda MACENAITE
Keyword(s):  
Risk Management ◽  
Data Protection ◽  
Personal Data ◽  
Risk Regulation ◽  
General Data Protection Regulation ◽  
Regulation Mechanisms ◽  
General Data ◽  
Data Protection Law ◽  
Practical Level

The importance of the concept of risk and risk management in the data protection field has grown explosively with the adoption of the General Data Protection Regulation (2016/679). The article explores the concept and the role of risk, as well as associated risk regulation mechanisms in EU data protection law. It shows that with the adoption of the General Data Protection Regulation there is evidence of a two-fold shift: first on a practical level, a shift towards risk-based data protection enforcement and compliance, and second a shift towards risk regulation on the broader regulatory level. The article analyses these shifts to enhance the understanding of the changing relationship between risk and EU data protection law. The article also discusses associated potential challenges when trying to manage multiple and heterogeneous risks to the rights and freedoms of individuals resulting from the processing of personal data.

Effects and Projections of the Brazilian General Data Protection Law (LGPD) Application and the Role of the DPO

2021 ◽  
pp. 195-208
Author(s):  
Claudio Roberto Pessoa ◽  
Bruna Cardoso Nunes ◽  
Camila de Oliveira ◽  
Marco Elísio Marques
Keyword(s):  
Artificial Intelligence ◽  
Data Protection ◽  
Personal Data ◽  
Personal Data Protection ◽  
Specific Objective ◽  
The World ◽  
General Data ◽  
Data Protection Law ◽  
The Impact

The world scenario is changing when we talk about personal data protection. Not that long ago, it was common to find companies that sell databases, and other companies that work with the information contained into these databases, aimed to create profiles and generate solutions, using technologies such as big data and artificial intelligence, among others, looking to be attractive and get more customers. In order to protect the privacy of citizens across the world, laws have been created and/or expanded to reinforce this protection. In Brazil, specifically, the Lei de Proteção de Dados Pessoais – LGPD [General Data Protection Law] was created. This research aims to analyze this law, as well as other laws that orbit around it. The goal is to know the impact of law enforcement on business routine and, as a specific objective, what the role of DPO (Data Protection Officer) in organizations will be.

Sign in / Sign up

Export Citation Format

Share Document