A Comparative Study on the Key Provisions of China’s Personal Information Protection Law and EU’s General Data Protection Regulation(GDPR)

Abstract Data security needs a comprehensive system design approach that combines legal, administrative, and technical protection. These laws generally contain complete rules and principles relevant to the collecting, storing, and using personal information in line with international standards on privacy and data protection. Personal data should be legally collected for a specified reason and not be used without authorization for unlawful monitoring or profiling by governments or third parties. In advocacy and open data activity, increasing attention has been placed on privacy problems. To secure the protection of this data, the Privacy Law (PL) and the Regulations typically put forth industrial and technical standards on IT systems that hold and handle personal data. Concerns about information privacy are genuine, valid, and exacerbated on the Internet of Things (IoT) and Cyber-Physical Systems (CPS). This article suggests that compliance with IoT and CPS Data Privacy (DP) at technical and non-technical levels should be dealt with. The proposed architecture is then coupled with a reference framework for the business architecture to offer a DP-IoT model focused on the industry and technology and positioned to comply with the Personal Information Protection Act (POPI). Therefore, methods are necessary to protect data privacy based on both system and organizational reference designs. In the end, users should have specific rights to information about them, including the capacity and method to seek recourse to protect such rights, to acquire and amend incorrect details. The DP-IoT model shows a privacy ratio of 92.6%, scalability ratio of 91.5, data management ratio of 94.3%, data protection ratio of 96.7%, customer satisfaction rate of 92.2 %, attack prevention ratio of 95.5% and energy consumption ratio of 25.5 % compared to the existing methods.

Download Full-text

Personal Information Protection Law in the U.K. - Focusing on the History and Limit of Application of Data Protection Act 1998

CHUNG_ANG LAW REVIEW ◽

10.21759/caulaw.2009.11.1.85 ◽

2009 ◽

Vol 11 (1) ◽

pp. 85-115

Author(s):

최경진

Keyword(s):

Data Protection ◽

Personal Information ◽

Information Protection ◽

Personal Information Protection

Download Full-text

Oblivion Is Full of Memory

Handbook of Research on Cyber Crime and Information Privacy - Advances in Information Security, Privacy, and Ethics ◽

10.4018/978-1-7998-5728-0.ch022 ◽

2021 ◽

pp. 441-465

Author(s):

Anabelen Casares Marcos

Keyword(s):

Data Protection ◽

Personal Information ◽

Self Determination ◽

Current Status ◽

The Internet ◽

General Data Protection Regulation ◽

Legal Duty ◽

General Data ◽

The Right ◽

The Eu

The right to informational self-determination has raised bitter debate over the last decade as to the opportunity and possible scope of the right to demand withdrawal from the internet of personal information which, while true, might represent a detriment that there is no legal duty to put up with. The leading case in this topic is that of Mario Costeja, Judgment of the EU Court of Justice, May 13, 2014. The interest of recent European jurisprudence lies not so much in the recognition of such a right but in the appreciation of certain limits to its implementation, assisting data protection authorities in balancing the rights at stake in each case. Reflection on the current status of the issue considers rights and duties imposed in the matter by Regulation (EU) 2016/679, of 27 April, known as the new General Data Protection Regulation.

Download Full-text

The European Union General Data Protection Regulation (EU 2016/679) and the Australian My Health Record Scheme – A Comparative Study of Consent to Data Processing Provisions

SSRN Electronic Journal ◽

10.2139/ssrn.3225047 ◽

2018 ◽

Cited By ~ 1

Author(s):

Danuta Mendelson

Keyword(s):

European Union ◽

Comparative Study ◽

Data Processing ◽

Data Protection ◽

Health Record ◽

The European Union ◽

General Data Protection Regulation ◽

General Data

Download Full-text

A Comparative Study of EU Directive 95/46 and General Data Protection Regulation - Its Implications for China's Legislation -

Chinese Law Review ◽

10.22415/clr.2017.30..003 ◽

2017 ◽

Vol 30 (null) ◽

pp. 49-71

Author(s):

Tu, Meng ◽

김정진

Keyword(s):

Comparative Study ◽

Data Protection ◽

General Data Protection Regulation ◽

Eu Directive ◽

General Data

Download Full-text

IoT and Smart Home Data Breach Risks from the Perspective of Data Protection and Information Security Law

Business Systems Research Journal ◽

10.2478/bsrj-2020-0033 ◽

2020 ◽

Vol 11 (3) ◽

pp. 167-185

Author(s):

Goran Vojković ◽

Melita Milenković ◽

Tihomir Katulić

Keyword(s):

Information Security ◽

Data Protection ◽

Smart Home ◽

Personal Information ◽

Legal Framework ◽

Smart Devices ◽

General Data Protection Regulation ◽

General Data ◽

Data Controller ◽

Security Incidents

AbstractBackgroundIoT and smart devices have become extremely popular in the last few years. With their capabilities to collect data, it is reasonable to have concerns about the protection of users’ personal information and privacy in general.ObjectivesComparing existing regulations on data protection and information security rules with the new capabilities provided by IoT and smart devices.Methods/approachThis paper will analyse information on data collected by IoT and smart devices and the corresponding legal framework to explore whether the legal framework also covers these new devices and their functionalities.ResultsVarious IoT and smart devices pose a high risk to an individual's privacy. The General Data Protection Regulation, although a relatively recent law, may not adequately regulate all instances and uses of this technology. Also, due to inadequate technological protection, abuse of such devices by unauthorized persons is possible and even likely.ConclusionsThe number of IoT and smart devices is rapidly increasing. The number of IoT and smart home device security incidents is on the rise. The regulatory framework to ensure data controller and processor compliance needs to be improved in order to create a safer environment for new innovative IoT services and products without jeopardizing the rights and freedoms of data subjects. Also, it is important to increase awareness of homeowners about potential security threats when using IoT and smart devices and services.

Download Full-text

A System to Access Online Services with Minimal Personal Information Disclosure

Information Systems Frontiers ◽

10.1007/s10796-021-10150-8 ◽

2021 ◽

Author(s):

Antonia Russo ◽

Gianluca Lax ◽

Baptiste Dromard ◽

Menad Mezred

Keyword(s):

Data Protection ◽

Information Disclosure ◽

Personal Information ◽

Personal Data ◽

Cryptographic Primitives ◽

Online Services ◽

General Data Protection Regulation ◽

General Data

AbstractThe General Data Protection Regulation highlights the principle of data minimization, which means that only data required to successfully accomplish a given task should be processed. In this paper, we propose a Blockchain-based scheme that allows users to have control over the personal data revealed when accessing a service. The proposed solution does not rely on sophisticated cryptographic primitives, provides mechanisms for revoking the authorization to access a service and for guessing the identity of a user only in cases of need, and is compliant with the recent eIDAS Regulation. We prove that the proposed scheme is secure and reaches the expected goal, and we present an Ethereum-based implementation to show the effectiveness of the proposed solution.

Download Full-text

Personal Data Security in South Africa’s Financial Services Market: The Protection of Personal Information Act 4 of 2013 and the European Union General Data Protection Regulation Compared

Potchefstroom Electronic Law Journal/Potchefstroomse Elektroniese Regsblad ◽

10.17159/1727-3781/2021/v24i0a10727 ◽

2021 ◽

Vol 24 ◽

pp. 1-32

Author(s):

Tapiwa V Warikandwa

Keyword(s):

European Union ◽

Data Protection ◽

Financial Services ◽

Personal Information ◽

Personal Data ◽

African Countries ◽

General Data Protection Regulation ◽

Personal Data Protection ◽

General Data ◽

Laws And Regulations

The contemporary global financial services market has witnessed a substantial increase in cybercrime which places consumers’ personal data at risk. Rapid increases in cybercrime linked to the financial services market have driven financial market regulators to pass novel laws and regulations aimed at curbing the rate of occurrence of cybercrimes connected to personal data sharing. To that end, banks and/or financial services companies in Europe have swiftly moved to comply with the European Union’s General Data Protection Regulation. Whilst personal data protection regulation is not a new concept in Europe, most African countries (with exception of South Africa) do not have laws and regulations on personal data protection. With the financial services market being extremely vulnerable to cyber risks owing to the digitisation of the financial services sector, it is important to assess the suitability of South Africa’s current regulatory framework concerning the protection of personal data. This article thus examines South Africa’s Protection of Personal Information Act 4 of 2013 with a view to ascertaining its suitability and/or adequacy in protecting personal data in the country’s financial services market. With the global Covid-19 pandemic bringing about concerns related to rapid increases in cyber-attacks in the financial services market owing to the increased sharing of the sensitive personal data of consumers, there is also need to test the POPIA’s conformity with the strict European Union GDPR personal data protection guidelines.

Download Full-text