scholarly journals Respecting the GDPR in Online Interviewed Focus Groups

2021 ◽  
Vol 4 (2) ◽  
Author(s):  
Carolina Goberna Caride
Keyword(s):  
Focus Groups ◽  
Data Protection ◽  
Personal Data ◽  
Security Measures ◽  
National Data ◽  
Legal Requirements ◽  
Legal Reason ◽  
Social Distancing ◽  
Research Procedure ◽  
Group Interviews

Since March 2020 the Corona virus has limited personal encounters due to social distancing measures. Thus, many data collection techniques relying on face-to-face interaction, like interviews or Focus Groups (FG), are now being practised in online environments. Such change requires the implementation of innovative measures to comply with Regulation EU 2016/679 (GDPR) and obey national data protection laws. Processing personal data of voluntary participants has to have a lawful ground and a clear purpose behind it. Moreover, the researcher has to respect legal requirements and principles for processing personal data, provide the participants with information about the research procedure and apply security measures to avoid risks to the rights and freedoms of individuals. This process has to apply to any interaction mediated by Web-Conferencing Systems (WCS). The purpose of this paper is to describe the legal requirements for conducting online interviews or FG under social distancing conditions. The project of reference for the application of these requirements is the EU Horizon2020 HELIOS project consisting of the development of a decentralised social media platform. Lay summary At universities or in industry researchers can interview people personally to test, for instance, the use of a specific technology. The objective is to collect data for future improvements. In 2020 people all over the world found themselves in a pandemic. The Covid-19 limited social meetings with beloved ones and also restricted the work of scientific researchers. Individual or group interviews could not take place in presence. Thus, a solution was seen in online conferencing platforms such as Zoom. Modifying the space and the way in which an interview takes place poses some legal challenges regarding data protection. Such conversations with individuals always have to apply European and national data protection laws. Among other things, this means that there needs to be a specific legal reason to process personal data and a specific purpose behind the interview. Additionally, the researcher has to inform participants about all the legal terms, legal guarantees and research procedure. All this applies as well if online conferencing platforms are used. In this article, you can find a description of the necessary legal steps to develop online interviews with individuals or focus groups and fulfil European data protection requirements.

Processing employees’ personal data during the Covid-19 pandemic

2020 ◽  
pp. 203195252097899
Author(s):  
Seili Suder
Keyword(s):  
Data Protection ◽  
Health And Safety ◽  
Personal Data ◽  
Health Data ◽  
Body Temperatures ◽  
National Data ◽  
Pragmatic Approach ◽  
General Data Protection Regulation ◽  
Nation States ◽  
General Data

While needing to ensure the health and safety of their employees during the Covid-19 pandemic, employers face many burning data protection questions, including under what conditions they can process employees’ personal data (in particular health data) and whether gathering personal data concerning employees’ medical history, trips and contacts with infected persons, is allowed. This article focuses on issues that are problematic, based on the analysis of guidance issued by the European Data Protection Board, as well as national data protection authorities and practitioners from 20 countries in response to these concerns. The first section of the article analyses concepts of personal data and health data in the context of Covid-19. Then the article proceeds with exploring what possible legal bases employers can use to process employees’ personal data in general, and health data in particular, under the General Data Protection Regulation when applying different measures to combat Covid-19. In the latter part of the article two practical questions raised by employers – concerning the checking of employees’ body temperatures and informing them of possible infection – are discussed. The analysis indicates that national data protection authorities seem to look for a reasonable and pragmatic approach regarding compliance with the GDPR in light of the Covid-19 emergency. However, their guidance differs in several areas and the views in between nation states are not always aligned. A more specific, clear and uniform pan-European vision concerning the processing of employees’ data in times of emergency is needed to better protect employees and limit the spread of the virus.

5. The data protection principles

2017 ◽  
Author(s):  
Ian J. Lloyd
Keyword(s):  
Data Protection ◽  
Data Use ◽  
Personal Data ◽  
Third Party ◽  
Security Measures ◽  
Data Controller

This chapter focuses on the data protection principles under the Data Protection Act 1998. It considers to what extent and under what conditions a data controller may lawfully process personal data. Use may take a variety of forms and will include disclosure of data to a third party. It also looks at the operation of the principle requiring users to adopt appropriate security measures.

scholarly journals Reporting, recording, and communication of COVID-19 cases in workplace: data protection as a moving target

2020 ◽  
Vol 7 (1) ◽  
Author(s):  
Mahsa Shabani ◽  
Tom Goffin ◽  
Heidi Mertes
Keyword(s):  
Data Collection ◽  
Data Protection ◽  
Personal Data ◽  
Privacy Preserving ◽  
Moving Target ◽  
National Data ◽  
Risks And Benefits ◽  
Guidelines And Recommendations

Abstract In response to concerns related to privacy in the context of coronavirus disease 2019 (COVID-19), recently European and national Data Protection Authorities (DPAs) issued guidelines and recommendations addressing a variety of issues related to the processing of personal data for preventive purposes. One of the recurring questions in these guidelines is related to the rights and responsibilities of employers and employees in reporting, recording, and communicating COVID-19 cases in workplace. National DPAs in some cases adopted different approaches regarding duties in reporting and communicating the COVID-19 cases; however, they unanimously stressed the importance of adopting privacy-preserving approaches to avoid raising concerns about surveillance and stigmatization. We stress that in view of the increasing use of new data collection and sharing tools such as ‘tracing and warning’ apps, the associated privacy-related risks should be evaluated on an ongoing manner. In addition, the intricacies of different settings where such apps may be used should be taken into consideration when assessing the associated risks and benefits.

5. The data protection principles

2020 ◽  
pp. 71-91
Author(s):  
Ian J. Lloyd
Keyword(s):  
Data Protection ◽  
Large Scale ◽  
Personal Data ◽  
Cyber Attacks ◽  
Third Parties ◽  
Security Measures ◽  
Unauthorized Access ◽  
News Stories ◽  
General Data ◽  
The Right

The notion that data controllers should comply with a set of general data protection principles has been a feature of data protection statutes from the earliest days. As well as imposing obligations on controllers, the principles also confer rights – most notably relating to subject access on data subjects. This chapter will consider the scope and extent of the principles paying particular attention to the requirement that personal data be processed fairly and lawfully. A topic of more recent interest relates to the length of time for which data may be held and made available to third parties. Often referred to as involving the “right to be forgotten”, this is especially relevant to the operation of search engines which make it easy for users to find news stories what would have passed into obscurity in previous eras. The chapter considers also at the operation of the principle requiring users to adopt appropriate security measures against unauthorized access, a topic which is of particular relevance given recent and well publicised large-scale cyber-attacks.

scholarly journals Compatibility of a Security Policy for a Cloud-Based Healthcare System with the EU General Data Protection Regulation (GDPR)

Information ◽  
2020 ◽  
Vol 11 (12) ◽  
pp. 586
Author(s):  
Dimitra Georgiou ◽  
Costas Lambrinoudakis
Keyword(s):  
Healthcare System ◽  
Data Protection ◽  
Security Policy ◽  
Personal Data ◽  
Legal Framework ◽  
Healthcare Systems ◽  
Security And Privacy ◽  
Security Measures ◽  
General Data Protection Regulation ◽  
General Data

Currently, there are several challenges that cloud-based healthcare systems around the world are facing. The most important issue is to ensure security and privacy, or in other words, to ensure the confidentiality, integrity, and availability of the data. Although the main provisions for data security and privacy were present in the former legal framework for the protection of personal data, the General Data Protection Regulation (GDPR) introduces new concepts and new requirements. In this paper, we present the main changes and the key challenges of the GDPR and, at the same time, we present how a cloud-based security policy could be modified in order to be compliant with the GDPR, as well as how cloud environments can assist developers to build secure and GDPR compliant cloud-based healthcare systems. The major concept of this paper is dual-purpose; primarily, to facilitate cloud providers in comprehending the framework of the new GDPR and secondly, to identify security measures and security policy rules, for the protection of sensitive data in a cloud-based healthcare system, following our risk-based security policy methodology that assesses the associated security risks and takes into account different requirements from patients, hospitals, and various other professional and organizational actors.

scholarly journals Data protection for networked and robotic toys - a legal perspective

2018 ◽  
Vol 27 ◽  
Author(s):  
Rocco Panetta ◽  
Federico Sartore
Keyword(s):  
Data Protection ◽  
Codes Of Conduct ◽  
Personal Data ◽  
Legal Framework ◽  
Fundamental Rights ◽  
Security Measures ◽  
General Data Protection Regulation ◽  
Legal Perspective ◽  
Psychological Maturity ◽  
Iot Devices

This paper is aimed to understand the state of the art and the resulting consequences of the legal framework in Europe, with regard to the protection of children's data. Especially when they interact with networked and robotic toys, like in 'My friend Cayla' case. In order to evaluate the practical implications of the use of IoT devices by children or teenager users, the first part of the paper presents an analysis of the international guiding principles of the protection of minors, a category which enjoys a higher level of protection of their fundamental rights, due to their condition of lack of physical and psychological maturity. Secondly, the focus is moved upon the protection of personal data of children. Only after confronting previous data protection legal instruments and having compared them with the novelties set forth in General Data Protection Regulation, it is reasonable to assume that new provisions such as "privacy by design" principle, adequacy of security measures and codes of conduct, can support data controllers in ensuring compliance (in line with the accountability principle) in the field of IoT toys. In conclusion, the paper supports a view of Data Protection Authorities as a relevant player in enhancing these renovated tools in order to achieve the protection of children's rights, as to ensure their substantial protection against the threats of the interconnected world.

scholarly journals Transposition of transnational requirements relating to the protection of personal data and the security of information communicated in a global space while taking into account the groundswell concept

2021 ◽  
Vol 129 ◽  
pp. 06005
Author(s):  
Adam Madleňák ◽  
Marek Švec
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Value Added ◽  
Legal Framework ◽  
Internal Communication ◽  
Secondary Response ◽  
Internal Environment ◽  
Security Measures ◽  
Personal Data Protection ◽  
Business Entities

Research background: The adoption of the GDPR Regulation prompted the introduction of a unified regulation on the protection of personal data and highlighted the need to implement security measures relating to information disseminated across businesses operating in several mainly European countries. In practice, the adopted internal standards at the group level are expected to be introduced to the internal environment of individual local subsidiaries. The need to take into account specificities of national legal systems, as well as a specific environment capable of creating a secondary response - a groundswell has also became important. The legal framework of privacy protection in relation to the confidentiality of information disclosed by employers thus represents a fundamental challenge for the interaction between global requirements and local legislation, taking into account the specific assumptions of the business entity concerned. Purpose of the article: The aim of the paper is to describe the range of problems and solutions regarding the process of introducing internal processes of business entities in terms of data security. Moreover, the paper also pays attention to personal data protection legislation. Methods: In an effort to achieve the set goal, the authors used analytical, inductive, deductive and comparative research methods in order to identify areas of problems in relation to intrusion into the privacy of individuals in the online environment and internal communication channels. By synthesising knowledge published in domestic and foreign literature it was possible to draw up the key terminology. Findings & Value added: The experience of the authors in setting up the internal environment of business entities with regard to the issues in question (personal data protection and security of information disclosed in connection with the decision-making power of national regulators) contributes to the knowledge in the given field.

scholarly journals Regulatory Environment for Biobanking in Estonia

2021 ◽  
pp. 227-242
Author(s):  
Kärt Pormeister
Keyword(s):  
Data Protection ◽  
Genetic Research ◽  
Personal Data ◽  
Regulatory Framework ◽  
Regulatory Environment ◽  
Research Use ◽  
National Data ◽  
Open Research ◽  
Open Consent ◽  
Data Protection Law

AbstractThe regulatory framework for biobanking in Estonia is fragmented. Whilst a specific law applies to the population-wide biobank, other entities engaged in biobanking are subject to rules stemming from various legal sources. In the case of the population biobank, participants give open consent for their data and tissue to be used in genetic research. Most other entities do not have the possibility to obtain open research consent for the use of personal data. However, national data protection law enables the use of personal data in research without the consent of individuals.In contrast, since no stricter requirements are set, open consent can be used when tissue is obtained directly from individuals for research purposes. However, if tissue is initially obtained for other (research) purposes, further research use requires written consent in the case of blood, while due notification will suffice for most other types of tissue.

Sign in / Sign up

Export Citation Format

Share Document