scholarly journals Privacy Laws and Privacy by Design Schemes for the Internet of Things

2021 ◽  
Vol 54 (5) ◽  
pp. 1-38
Author(s):  
Atheer Aljeraisy ◽  
Masoud Barati ◽  
Omer Rana ◽  
Charith Perera
Keyword(s):  
Internet Of Things ◽  
Data Protection ◽  
Personal Information ◽  
Design Stage ◽  
Sensitive Information ◽  
Privacy By Design ◽  
Framework Analysis ◽  
Systematic Analysis ◽  
Consumer Privacy ◽  
Privacy Act

Internet of Things applications have the potential to derive sensitive information about individuals. Therefore, developers must exercise due diligence to make sure that data are managed according to the privacy regulations and data protection laws. However, doing so can be a difficult and challenging task. Recent research has revealed that developers typically face difficulties when complying with regulations. One key reason is that, at times, regulations are vague and could be challenging to extract and enact such legal requirements. In this article, we have conducted a systematic analysis of the privacy and data protection laws that are used across different continents, namely (i) General Data Protection Regulations, (ii) the Personal Information Protection and Electronic Documents Act, (iii) the California Consumer Privacy Act, (iv) Australian Privacy Principles, and (v) New Zealand’s Privacy Act 1993. Then, we used framework analysis method to attain a comprehensive view of different privacy and data protection laws and highlighted the disparities to assist developers in adhering to the regulations across different regions, along with creating a Combined Privacy Law Framework (CPLF). After that, the key principles and individuals’ rights of the CPLF were mapped with Privacy by Design (PbD) schemes (e.g., privacy principles, strategies, guidelines, and patterns) developed previously by different researchers to investigate the gaps in existing schemes. Subsequently, we have demonstrated how to apply and map privacy patterns into IoT architectures at the design stage and have also highlighted the complexity of doing such mapping. Finally, we have identified the major challenges that should be addressed and potential research directions to take the burden off software developers when applying privacy-preserving techniques that comply with privacy and data protection laws. We have released a companion technical report [3] that comprises all definitions, detailed steps on how we developed the CPLF, and detailed mappings between CPLF and PbD schemes.

scholarly journals Data Protection by Design in the E-Health Care Sector

2021 ◽  
Author(s):  
Giorgia Bincoletto
Keyword(s):  
Health Care ◽  
Data Protection ◽  
Medical Information ◽  
Health Care Sector ◽  
Design Stage ◽  
Personal Health ◽  
Sensitive Information ◽  
Primary Concern ◽  
Health Technologies ◽  
Data Subject

In the digital age, e-health technologies play a pivotal role in the processing of medical information. As personal health data represent sensitive information concerning a data subject, enhancing data protection and security of systems and practices has become a primary concern. This book explores how an e-health system could be developed and how data processing activities could be carried out to apply data protection principles and requirements from the design stage. There is currently a lack of clarity and knowledge on the topic among developers, data controllers and stakeholders. The research attempts to bridge the gap between the legal and technical disciplines on DPbD by providing a set of guidelines for the implementation of the principle in the e-health care sector.

scholarly journals Medical Error in Psychiatry - Brazilian Analysis and Proposal For A Doctor's Protection Protocol

2020 ◽  
Vol 03 (11) ◽  
Author(s):  
Homaile Mascarin do Vale ◽  
Keyword(s):  
Data Protection ◽  
Medical Error ◽  
Medical Malpractice ◽  
Patient Privacy ◽  
General Data Protection Regulation ◽  
Consumer Privacy ◽  
Privacy Act ◽  
The Face ◽  
General Data ◽  
Real Practice

There is an increase in the number of medical malpractice cases all over the world and the detachment of the role of the judiciary and the real practice of medical activity is striking, converging to a weakness of the doctor in the face of a system that does not advocate the equalization of plaintiff and defendant in the process, bringing procedural difficulties to the doctor due to the legislation, especially the Brazilian. In a transdisciplinary way, permeating the law and medicine, the article mapped the operation of the Brazilian judiciary in the face of medical error and, specifically, measured how the state power understands cases about psychiatry, a specialty that is difficult to prove medical error. It was analyzed statistically how Brazilian courts behave, creating a procedural diagnosis of justice. This research offers a protection protocol to the psychiatrist inspired by the General Data Protection Law, which in turn comes from the European General Data Protection Regulation and the California Consumer Privacy Act of 2018 to address the procedural vulnerability of the doctor in medical error processes respecting patient privacy and intimacy, applicable and adaptable to countries and continents that have legislation for specific data protection. The article concludes by critically analyzing the format of processing and judgment of medical malpractice cases in Brazil, proposing a multidisciplinary configuration in search of real justice.

scholarly journals Apply or not to apply?

2020 ◽  
Vol 4 (2) ◽  
pp. 81-94
Author(s):  
Matúš Mesarčík
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
The European Union ◽  
Privacy Regulation ◽  
New Era ◽  
General Data Protection Regulation ◽  
Consumer Privacy ◽  
Privacy Act ◽  
General Data ◽  
The Eu

A new era of data protection laws arises after the adoption of the General Data Protection Regulation (GDPR) in the European Union. One of the newly adopted regulations of processing of personal data is Californian Consumer Privacy Act commonly referred to as CCPA. The article aims to fill the gap considering a deep analysis of the territorial scope of both acts and practical consequences of the application. The article starts with a brief overview of privacy regulation in the EU and USA. Introduction to GDPR and CCPA follows focusing on the territorial scope of respective legislation. Three scenarios of applicability are derived in the following part including practical examples.

scholarly journals Internet of Things: From applications, challenges and standardization to Industry implementations

2016 ◽  
Vol 4 (2) ◽  
Author(s):  
Xhafer Krasniqi
Keyword(s):  
Internet Of Things ◽  
Personal Information ◽  
Smart Homes ◽  
Security And Privacy ◽  
The Internet ◽  
Sensitive Information ◽  
Industry Standards ◽  
Research Company ◽  
Key Issues ◽  
The Internet Of Things

The Internet of Things that is defined as anything that can be accessible anytime and anywhere provides connectivity to different objects and sensors around us and which will enable the transfer of different data between these objects and devices. A thing in the Internet of Things can be any natural or man-made object that can be assigned an IP address with a capability to exchange date over a network. There is a huge number of applications of IoT to benefit users, such as health monitors, smart homes, connected cars etc. If everything around us is connected and information about these things that can contain sensitive information, e.g. health and other personal information, are collected then these networks become very important and must be able to provide a proper security and privacy. It is believed that by 2020 there will be over 50 billion things that could be connected to Internet. Internet of things are very much associated with M2M (machine to machine communication) that is identified as a technology that makes objects smart, like smart homes, smart utility meters etc. M2M actually is considered to be a subset of IoT and which is mainly used for difficult and dangerous tasks, e.g. nuclear plants, etc. The deployment of IoT has already started and is expected to transform the way we live. According to Gartner, a technology research company, the Internet of Things has just reached the deployment stage by early adopters and the full deployment is expected in over ten years. From an industry angle, this paper will examine the market and technical trends of Internet of Things, main applications that will be supported by this technology, key issues and challenges faced by the industry, standards activities around IoT and finally the implementation landscape.

scholarly journals Excerpt of «Designing for Privacy and its Legal Framework»

sui generis ◽  
2019 ◽  
Author(s):  
Aurelia Tamò-Larrieux
Keyword(s):  
Internet Of Things ◽  
Data Protection ◽  
Legal Framework ◽  
Multiple Perspectives ◽  
Privacy By Design ◽  
Informational Privacy ◽  
Internet Of Things Environment ◽  
Interdisciplinary Nature ◽  
Multiple Services ◽  
The Law

Technical and economic advances have led to the digitalization of our environment. Whether collected from smartphones, smart household devices, or wearable health trackers, data is automatically processed and used to provide us with multiple services throughout the day. While the benefits of such technologies for individual users — as well as society at large — are undisputed, the resulting transformed environment triggers concerns vis-à-vis informational privacy and the loss thereof. These privacy and data protection challenges must be addressed. As privacy protects different and evolving interests, research in this field is a complex undertaking. To do justice to the complex and interdisciplinary nature of privacy and data protection, the topic at hand has to be approached from multiple perspectives. The book «Designing for Privacy and Its Legal Framework» focuses on how the law and technical tools, acting together, can enhance the protection of privacy and data in an Internet of Things environment. In doing so, we provide concrete insights into how to implement the concept of privacy by design.

scholarly journals Data protection regulation: a comparative law approach

2021 ◽  
Vol 2 (2) ◽  
pp. 33-53
Author(s):  
MarcusAbreu de Magalhaes
Keyword(s):  
Data Protection ◽  
Data Privacy ◽  
Data Transfer ◽  
Personal Information ◽  
Security Requirements ◽  
Comparative Approach ◽  
General Data Protection Regulation ◽  
Consumer Privacy ◽  
Privacy Law ◽  
Data Control

This paper aims to present a comparative approach to data protection regulations around the world. Most countries possess data protection laws in some level of detail. In order to compare structures of data control and compliance in dissimilar systems, the study selected four distinct arrangements : the European General Data Protection Regulation (GDPR); the California Consumer Privacy Act (CCPA); the Brazilian Digital Privacy Law, Lei Geral de Proteção de Dados Pessoais (LGPD); and the Chinese Data Privacy Framework, which is molded by a set of different regulations. The analysis was based in common key points of those regulations – territorial scope, consent and disclosure, data security requirements, data transfer, Data Protection Officer, awareness and training, and penalties – to explore the different policies and national goals. The paper argues that, in the landscape of the information based society, new law is needed to protect citizens’ rights to privacy and to bound harvesting and mining of personal information to ensure transparency, control, and compliance of the information economy.

scholarly journals A Data Scope Management Service to Support Privacy by Design and GDPR Compliance

2021 ◽  
Vol 2 (2) ◽  
pp. 136-165
Author(s):  
Luca Piras ◽  
Mohammed Ghazi Al-Obeidallah ◽  
Michalis Pavlidis ◽  
Haralambos Mouratidis ◽  
Aggeliki Tsohou ◽  
...  
Keyword(s):  
Data Protection ◽  
Design Flow ◽  
Design Stage ◽  
Business Practices ◽  
Management Service ◽  
Privacy By Design ◽  
Official Document ◽  
General Data Protection Regulation ◽  
Positive Side ◽  
Scope Management

In order to empower user data protection and user rights, the European General Data Protection Regulation (GDPR) has been enforced. On the positive side, the user is obtaining advantages from GDPR. However, organisations are facing many difficulties in interpreting GDPR, and to properly applying it, and, in the meanwhile, due to their lack of compliance, many organisations are receiving huge fines from authorities. An important challenge is compliance with the Privacy by Design and by default (PbD) principles, which require that data protection is integrated into processing activities and business practices from the design stage. Recently, the European Data Protection Board (EDPB) released an official document with PbD guidelines, and there are various efforts to provide approaches to support these. However, organizations are still facing difficulties in identifying a flow for executing, in a coherent, linear and effective way, these activities, and a complete toolkit for supporting this. In this paper, we propose the design of such flow, and our comprehensive supporting toolkit, as part of the DEFeND EU Project platform. Within DEFeND, we identified candidate tools, fulfilling specific GDPR aspects, and integrated them in a comprehensive toolkit: the DEFeND Data Scope Management service (DSM). The aim of DSM is to support organizations for continuous GDPR compliance through model-based Privacy by Design analysis. Here, we present DSM, its design, flow, and a preliminary case study and evaluation performed with pilots from the healthcare, banking, public administration and energy sectors.

scholarly journals Setting the Bar Low: Are Websites Complying With the Minimum Requirements of the CCPA?

2021 ◽  
Vol 2022 (1) ◽  
pp. 608-628
Author(s):  
Maggie Van Nortwick ◽  
Christo Wilson
Keyword(s):  
Personal Information ◽  
The United States ◽  
State Legislature ◽  
Consumer Privacy ◽  
Privacy Act ◽  
Privacy Laws ◽  
Minimum Requirements ◽  
The Law ◽  
Compliance With The Law ◽  
Rule Making

Abstract On June 28, 2018, the California State Legislature passed the California Consumer Privacy Act (CCPA), arguably the most comprehensive piece of online privacy legislation in the United States. Online services covered by the CCPA are required to provide a hyperlink on their homepage with the text “Do Not Sell My Personal Information” (DNSMPI). The CCPA went into effect on January 1, 2020, a date that was chosen to give data collectors time to study the new law and bring themselves into compliance. In this study, we begin the process of investigating whether websites are complying with the CCPA by focusing on DNSMPI links. Using longitudinal data crawled from the top 1M websites in the Tranco ranking, we examine which websites are including DNSMPI links, whether the websites without DNSMPI links are out of compliance with the law, whether websites are using geofences to dynamically hide DNSMPI links from non-Californians, how DNSMPI adoption has changed over time, and how websites are choosing to present DNSMPI links (e.g., in terms of font size, color, and placement). We argue that the answers to these questions are critical for spurring enforcement actions under the law, and helping to shape future privacy laws and regulations, e.g., rule making that will soon commence around the successor to the CCPA, known as the CPRA.

scholarly journals EUROPEAN UNION DATA PROTECTION LAW AND MEDIA EXPRESSION: FUNDAMENTALLY OFF BALANCE

2016 ◽  
Vol 65 (1) ◽  
pp. 139-183 ◽  
Author(s):  
David Erdos
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Fundamental Rights ◽  
Sensitive Information ◽  
European Economic Area ◽  
Systematic Analysis ◽  
Criminal Convictions ◽  
European Data ◽  
Data Protection Directive ◽  
Fundamental Rights And Freedoms

AbstractThe European Data Protection Directive 95/46/EC requires all European Economic Area (EEA) jurisdictions to provide an equivalent regime protecting the privacy and other fundamental rights and freedoms of natural persons in relation to personal data processing, whilst also shielding media expression from the default substantive requirements as necessary to ensure a balance between fundamental rights. Through a comprehensive coding of the derogations set out in each jurisdiction's data protection laws, this article provides the first systematic analysis of whether this has in fact been achieved. It is demonstrated that there is a total lack of even minimal harmonization in this area, with many laws providing for patently unbalanced results especially as regards the publication of sensitive information, which includes criminal convictions and political opinion, and the collection of information without notice direct from the data subject. This reality radically undermines European data protection's twin purposes of ensuring the free flow of personal data and protecting fundamental rights, an outcome which remains largely unaddressed by the proposed new Data Protection Regulation. Practical suggestions are put forward to ameliorate these troubling inconsistencies within the current process of reform.

Sign in / Sign up

Export Citation Format

Share Document