scholarly journals A GDPR International Transfer Compliance Framework Based on an Extended Data Privacy Vocabulary (DPV)

2021 ◽  
Author(s):  
David Hickey ◽  
Rob Brennan
Keyword(s):  
Data Protection ◽  
Financial Services ◽  
Working Group ◽  
Data Privacy ◽  
Personal Data ◽  
Software Tool ◽  
Proposed Model ◽  
Group A ◽  
Prototype Software ◽  
International Transfers

This paper describes a tool using an extended Data Privacy Vocabulary (the DPV) to audit and monitor GDPR compliance of international transfers of personal data. New terms were identified which have been proposed as extensions to the DPV W3C Working Group. A prototype software tool was built based on the model plus a set of validation rules, and synthetic use-cases created to test the capabilities of the model and tool (together a compliance framework). This framework was created because the rules around international transfer compliance are complex and changing, there is an absence of a common approach to ensuring compliance, few tools exist to assist, and those that do lack interoperability. Evaluation results demonstrate that the proposed model improves compliance identification and standardisation. The tool received positive feedback from the data protection practitioners who participated in the evaluation, and an initial version of is now in use in one financial services organisation. While currently the tool only addresses international transfers, in theory the framework can be extended through further work to the broader area of compliance of other aspects of the GPDR.

scholarly journals Application of Blockchain in Education: GDPR-Compliant and Scalable Certification and Verification of Academic Information

2021 ◽  
Vol 11 (10) ◽  
pp. 4537
Author(s):  
Christian Delgado-von-Eitzen ◽  
Luis Anido-Rifón ◽  
Manuel J. Fernández-Iglesias
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
General Data Protection Regulation ◽  
Certification System ◽  
Proposed Model ◽  
Different Types ◽  
International Regulations ◽  
Innovative Solution ◽  
General Data ◽  
Academic Information

Blockchain technologies are awakening in recent years the interest of different actors in various sectors and, among them, the education field, which is studying the application of these technologies to improve information traceability, accountability, and integrity, while guaranteeing its privacy, transparency, robustness, trustworthiness, and authenticity. Different interesting proposals and projects were launched and are currently being developed. Nevertheless, there are still issues not adequately addressed, such as scalability, privacy, and compliance with international regulations such as the General Data Protection Regulation in Europe. This paper analyzes the application of blockchain technologies and related challenges to issue and verify educational data and proposes an innovative solution to tackle them. The proposed model supports the issuance, storage, and verification of different types of academic information, both formal and informal, and complies with applicable regulations, protecting the privacy of users’ personal data. This proposal also addresses the scalability challenges and paves the way for a global academic certification system.

Personal Data Privacy and Protection in the Meeting, Incentive, Convention, and Exhibition (MICE) Industry

2019 ◽  
pp. 440-466
Author(s):  
M. Fevzi Esen ◽  
Eda Kocabas
Keyword(s):  
Data Protection ◽  
Data Privacy ◽  
Information Technologies ◽  
Personal Data ◽  
Global Networks ◽  
New Developments ◽  
Personal Data Protection ◽  
Business Opportunities ◽  
Mice Industry ◽  
Industry Professionals

With the new developments in information technologies, personal and business data have become easily accessible through different channels. The huge amounts of personal data across global networks and databases have provided crucial benefits in a scientific manner and many business opportunities, also in the meeting, incentive, convention, and exhibition (MICE) industry. In this chapter, the authors focus on the analysis of MICE industry with regards to the new regulation (GDPR) of personal data protection of all EU citizens and how the industry professionals can adapt their way of business in light of this new regulation. The authors conducted an online interview with five different meetings industry professionals to have more insight about the data produced with its content and new regulations applied to the industry. The importance of personal data privacy and protection is discussed, and the most suitable anonymization techniques for personal data privacy are proposed.

International Transfers of Personal Data

2011 ◽  
pp. 292-315
Author(s):  
Sam De Silva
Keyword(s):  
Data Protection ◽  
Explicit Knowledge ◽  
Personal Information ◽  
Personal Data ◽  
Legal Compliance ◽  
Global Nature ◽  
The Individual ◽  
The Uk ◽  
Data Controller ◽  
International Transfers

Developments in technology and the global nature of business means that personal information about individuals in the UK may often be processed overseas, frequently without the explicit knowledge or consent of those individuals. This raises issues such as the security of such data, who may have access to it and for what purposes and what rights the individual may have to object. The Data Protection Act 1998 provides a standard of protection for personal data, including in respect of personal data that is being transferred outside of the UK. Chapter 18 focus on how a UK data controller (the organisation that controls how and why personal data is processed and is therefore legally responsible for compliance) can fulfil its business and operational requirements in transferring personal data outside the EEA, whilst ensuring legal compliance.

Personal Data Privacy and Protection in the Meeting, Incentive, Convention, and Exhibition (MICE) Industry

2021 ◽  
pp. 1548-1574
Author(s):  
M. Fevzi Esen ◽  
Eda Kocabas
Keyword(s):  
Data Protection ◽  
Data Privacy ◽  
Information Technologies ◽  
Personal Data ◽  
Global Networks ◽  
New Developments ◽  
Personal Data Protection ◽  
Business Opportunities ◽  
Mice Industry ◽  
Industry Professionals

With the new developments in information technologies, personal and business data have become easily accessible through different channels. The huge amounts of personal data across global networks and databases have provided crucial benefits in a scientific manner and many business opportunities, also in the meeting, incentive, convention, and exhibition (MICE) industry. In this chapter, the authors focus on the analysis of MICE industry with regards to the new regulation (GDPR) of personal data protection of all EU citizens and how the industry professionals can adapt their way of business in light of this new regulation. The authors conducted an online interview with five different meetings industry professionals to have more insight about the data produced with its content and new regulations applied to the industry. The importance of personal data privacy and protection is discussed, and the most suitable anonymization techniques for personal data privacy are proposed.

scholarly journals Data protection rules in the united states legal system

2020 ◽  
pp. 481-484
Author(s):  
Araz Poladov
Keyword(s):  
United States ◽  
Legal System ◽  
Data Protection ◽  
Data Privacy ◽  
Practical Importance ◽  
Personal Data ◽  
The United States ◽  
Right To Privacy ◽  
The Right To Privacy ◽  
The Right

Purpose of research: define the general characteristics of the protection of personal data; analysis of legislation and case law.Methods of research: analysis and study of regulatory documents containing provisions on protection of personal data.Results: normative and practical importance of personal data protection provisions in various legal acts has been underscored.The right to privacy strengthened its position in the United States in the late 19th century and is now recognized by most States.Although the right to privacy in the United States was originally a British political legacy, judicial decisions in England were more conservativeand cautious than those of U.S. courts. One of the important features of this law in the Anglo-Saxon legal system is that itwas previously formed by judicial precedents and legal doctrine. Also, the right to privacy was not among the rights provided for in theBill of Rights. In general, there is an industry-wide approach to data privacy in the United States. There is no specific federal law thatwould guarantee the confidentiality and protection of personal data. Instead, legislation at the federal level is dispersed and aims to protectdata in certain sectors. Judicial practice and court decisions taken at different times play an important role in regulating personaldata protection in the United States. It is also worth mentioning that until the 1970s, decisions of the U.S. courts did not provide thenecessary privacy protection safeguards.Discussion: offering a comprehensive and detailed study and use of this practice in other states.

scholarly journals Delegation-Based Personal Data Processing Request Notarization Framework for GDPR Based on Private Blockchain

2021 ◽  
Vol 11 (22) ◽  
pp. 10574
Author(s):  
Sung-Soo Jung ◽  
Sang-Joon Lee ◽  
Ieck-Chae Euom
Keyword(s):  
Data Processing ◽  
Data Protection ◽  
Data Privacy ◽  
Personal Data ◽  
General Data Protection Regulation ◽  
Personal Data Protection ◽  
Compliance Audit ◽  
General Data ◽  
Data Controller ◽  
Data Subject

With the growing awareness regarding the importance of personal data protection, many countries have established laws and regulations to ensure data privacy and are supervising managements to comply with them. Although various studies have suggested compliance methods of the general data protection regulation (GDPR) for personal data, no method exists that can ensure the reliability and integrity of the personal data processing request records of a data subject to enable its utilization as a GDPR compliance audit proof for an auditor. In this paper, we propose a delegation-based personal data processing request notarization framework for GDPR using a private blockchain. The proposed notarization framework allows the data subject to delegate requests to process of personal data; the framework makes the requests to the data controller, which performs the processing. The generated data processing request and processing result data are stored in the blockchain ledger and notarized via a trusted institution of the blockchain network. The Hypderledger Fabric implementation of the framework demonstrates the fulfillment of system requirements and feasibility of implementing a GDPR compliance audit for the processing of personal data. The analysis results with comparisons among the related works indicate that the proposed framework provides better reliability and feasibility for the GDPR audit of personal data processing request than extant methods.

scholarly journals Internet Industry Data Openness and Personal Information Protection Based on Privacy Laws

2021 ◽  
Author(s):  
Yurong Gao ◽  
Yiping Guo ◽  
Awais Khan Jumani ◽  
Achyut Shankar
Keyword(s):  
Data Protection ◽  
Data Privacy ◽  
Personal Information ◽  
Open Data ◽  
Personal Data ◽  
International Standards ◽  
Information Protection ◽  
Technical Standards ◽  
Consumption Ratio ◽  
Personal Information Protection

Abstract Data security needs a comprehensive system design approach that combines legal, administrative, and technical protection. These laws generally contain complete rules and principles relevant to the collecting, storing, and using personal information in line with international standards on privacy and data protection. Personal data should be legally collected for a specified reason and not be used without authorization for unlawful monitoring or profiling by governments or third parties. In advocacy and open data activity, increasing attention has been placed on privacy problems. To secure the protection of this data, the Privacy Law (PL) and the Regulations typically put forth industrial and technical standards on IT systems that hold and handle personal data. Concerns about information privacy are genuine, valid, and exacerbated on the Internet of Things (IoT) and Cyber-Physical Systems (CPS). This article suggests that compliance with IoT and CPS Data Privacy (DP) at technical and non-technical levels should be dealt with. The proposed architecture is then coupled with a reference framework for the business architecture to offer a DP-IoT model focused on the industry and technology and positioned to comply with the Personal Information Protection Act (POPI). Therefore, methods are necessary to protect data privacy based on both system and organizational reference designs. In the end, users should have specific rights to information about them, including the capacity and method to seek recourse to protect such rights, to acquire and amend incorrect details. The DP-IoT model shows a privacy ratio of 92.6%, scalability ratio of 91.5, data management ratio of 94.3%, data protection ratio of 96.7%, customer satisfaction rate of 92.2 %, attack prevention ratio of 95.5% and energy consumption ratio of 25.5 % compared to the existing methods.

scholarly journals Ketika Keamanan Privasi Data Pribadi Semakin Rentan, Bagaimana Negara Seharusnya Berperan?

2021 ◽  
Vol 4 (1) ◽  
pp. 25-37
Author(s):  
Zaid Zaid
Keyword(s):  
Research Methods ◽  
Data Protection ◽  
Regulatory Agency ◽  
Data Privacy ◽  
Personal Data ◽  
Conceptual Approach ◽  
Personal Data Protection ◽  
The Government

This article aims to determine the role and responsibility of the government in protecting personal data of all individuals, studied through normative research methods with a statutory and conceptual approach. The results of this study ultimately outlines what must be done by the government by forming law on personal data protection which guarantees its determination, implementation and supervision, forming its Sector Supervisory and Regulatory Agency, forming the Attorney General's Office to prepare a court that is responsive in handling personal data privacy violations.

E-Data Privacy and the Personal Data Protection Bill of Malaysia

2007 ◽  
Vol 7 (5) ◽  
pp. 732-742 ◽  
Author(s):  
Sarabdeen Jawahitha ◽  
Mohamed Ishak ◽  
Mohamed Mazahir
Keyword(s):  
Data Protection ◽  
Data Privacy ◽  
Personal Data ◽  
Personal Data Protection

GDPR vs. Big Data & AI in FinTechs

2020 ◽  
Vol 89 (4) ◽  
pp. 55-72
Author(s):  
Nermin Varmaz
Keyword(s):  
Artificial Intelligence ◽  
Big Data ◽  
Data Protection ◽  
Financial Services ◽  
High Speed ◽  
Personal Data ◽  
General Data Protection Regulation ◽  
Spending Patterns ◽  
General Data ◽  
Initial Processing

Summary: This article addresses the compliance of the use of Big Data and Artificial Intelligence (AI) by FinTechs with European data protection principles. FinTechs are increasingly replacing traditional credit institutions and are becoming more important in the provision of financial services, especially by using AI and Big Data. The ability to analyze a large amount of different personal data at high speed can provide insights into customer spending patterns, enable a better understanding of customers, or help predict investments and market changes. However, once personal data is involved, a collision with all basic data protection principles stipulated in the European General Data Protection Regulation (GDPR) arises, mostly due to the fact that Big Data and AI meet their overall objectives by processing vast data that lies beyond their initial processing purposes. The author shows that within this ratio, pseudonymization can prove to be a privacy-compliant and thus preferable alternative for the use of AI and Big Data while still enabling FinTechs to identify customer needs. Zusammenfassung: Dieser Artikel befasst sich mit der Vereinbarkeit der Nutzung von Big Data und Künstlicher Intelligenz (KI) durch FinTechs mit den europäischen Datenschutzgrundsätzen. FinTechs ersetzen zunehmend traditionelle Kreditinstitute und gewinnen bei der Bereitstellung von Finanzdienstleistungen an Bedeutung, insbesondere durch die Nutzung von KI und Big Data. Die Fähigkeit, eine große Menge unterschiedlicher personenbezogener Daten in hoher Geschwindigkeit zu analysieren, kann Einblicke in das Ausgabeverhalten der Kunden geben, ein besseres Verständnis der Kunden ermöglichen oder helfen, Investitionen und Marktveränderungen vorherzusagen. Sobald jedoch personenbezogene Daten involviert sind, kommt es zu einer Kollision mit allen grundlegenden Datenschutzprinzipien, die in der europäischen Datenschutzgrundverordnung (DS-GVO) festgelegt sind, vor allem aufgrund der Tatsache, dass Big Data und KI ihre übergeordneten Ziele durch die Verarbeitung großer Datenmengen erreichen, die über ihre ursprünglichen Verarbeitungszwecke hinausgehen. Der Autor zeigt, dass sich in diesem Verhältnis die Pseudonymisierung als datenschutzkonforme und damit vorzugswürdige Alternative für den Einsatz von KI und Big Data erweisen kann, die FinTechs dennoch in die Lage versetzt, Kundenbedürfnisse zu erkennen.

Sign in / Sign up

Export Citation Format

Share Document