scholarly journals Towards a Modular On-Premise Approach for Data Sharing

Sensors ◽  
2021 ◽  
Vol 21 (17) ◽  
pp. 5805
Author(s):  
João S. Resende ◽  
Luís Magalhães ◽  
André Brandão ◽  
Rolando Martins ◽  
Luís Antunes
Keyword(s):  
Data Sharing ◽  
Data Privacy ◽  
Public Cloud ◽  
General Data Protection Regulation ◽  
Private Data ◽  
Private Computation ◽  
Persistent Data ◽  
General Data ◽  
Computational Resources ◽  
Identifiable Data

The growing demand for everyday data insights drives the pursuit of more sophisticated infrastructures and artificial intelligence algorithms. When combined with the growing number of interconnected devices, this originates concerns about scalability and privacy. The main problem is that devices can detect the environment and generate large volumes of possibly identifiable data. Public cloud-based technologies have been proposed as a solution, due to their high availability and low entry costs. However, there are growing concerns regarding data privacy, especially with the introduction of the new General Data Protection Regulation, due to the inherent lack of control caused by using off-premise computational resources on which public cloud belongs. Users have no control over the data uploaded to such services as the cloud, which increases the uncontrolled distribution of information to third parties. This work aims to provide a modular approach that uses cloud-of-clouds to store persistent data and reduce upfront costs while allowing information to remain private and under users’ control. In addition to storage, this work also extends focus on usability modules that enable data sharing. Any user can securely share and analyze/compute the uploaded data using private computing without revealing private data. This private computation can be training machine learning (ML) models. To achieve this, we use a combination of state-of-the-art technologies, such as MultiParty Computation (MPC) and K-anonymization to produce a complete system with intrinsic privacy properties.

A Layered Approach to Jurisdiction

2017 ◽  
Author(s):  
Dan Jerker B. Svantesson
Keyword(s):  
Data Protection ◽  
Data Privacy ◽  
General Data Protection Regulation ◽  
Legal Rules ◽  
Privacy Laws ◽  
Scope Of Application ◽  
General Data ◽  
Layered Approach ◽  
Substantive Law

This chapter observes how it may be inappropriate to apply a single jurisdictional threshold to diverse instruments such as data privacy laws. In the light of this observation, a proposal is outlined for a ‘layered approach’ under which the substantive law rules of such instruments are broken up into different layers, with different jurisdictional thresholds applied to each such layer. This layered approach is discussed primarily as a technique to be utilized in legal drafting, but it may also be applied in the interpretation and application of legal rules. Article 3 of the European Union’s General Data Protection Regulation, which determines that regulation’s scope of application in a territorial sense, provides a particularly useful lens through which to approach this topic and, thus, the discussion is largely centred around that Article.

scholarly journals Complying with Privacy Legislation: From Legal Text to Implementation of Privacy-Aware Location-Based Services

2018 ◽  
Vol 7 (11) ◽  
pp. 442 ◽  
Author(s):  
Mehrnaz Ataei ◽  
Auriol Degbelo ◽  
Christian Kray ◽  
Vitor Santos
Keyword(s):  
Data Privacy ◽  
Location Privacy ◽  
Service Providers ◽  
Location Based Services ◽  
Legal Text ◽  
General Data Protection Regulation ◽  
Location Data ◽  
Privacy Laws ◽  
Technical Issues ◽  
General Data

An individual’s location data is very sensitive geoinformation. While its disclosure is necessary, e.g., to provide location-based services (LBS), it also facilitates deep insights into the lives of LBS users as well as various attacks on these users. Location privacy threats can be mitigated through privacy regulations such as the General Data Protection Regulation (GDPR), which was introduced recently and harmonises data privacy laws across Europe. While the GDPR is meant to protect users’ privacy, the main problem is that it does not provide explicit guidelines for designers and developers about how to build systems that comply with it. In order to bridge this gap, we systematically analysed the legal text, carried out expert interviews, and ran a nine-week-long take-home study with four developers. We particularly focused on user-facing issues, as these have received little attention compared to technical issues. Our main contributions are a list of aspects from the legal text of the GDPR that can be tackled at the user interface level and a set of guidelines on how to realise this. Our results can help service providers, designers and developers of applications dealing with location information from human users to comply with the GDPR.

Analysis of the US Privacy Model

2021 ◽  
pp. 1818-1825
Author(s):  
Francisco García Martínez
Keyword(s):  
Data Privacy ◽  
Personal Information ◽  
National Level ◽  
The United States ◽  
The European Union ◽  
General Data Protection Regulation ◽  
Privacy Laws ◽  
The Us ◽  
General Data ◽  
State Of Art

The creation of the General Data Protection Regulation (GDPR) constituted an enormous advance in data privacy, empowering the online consumers, who were doomed to the complete loss of control of their personal information. Although it may first seem that it only affects companies within the European Union, the regulation clearly states that every company who has businesses in the EU must be compliant with the GDPR. Other non-EU countries, like the United States, have seen the benefits of the GDPR and are already developing their own privacy laws. In this article, the most important updates introduced by the GDPR concerning US corporations will be discussed, as well as how American companies can become compliant with the regulation. Besides, a comparison between the GDPR and the state of art of privacy in the US will be presented, highlighting similarities and disparities at the national level and in states of particular interest.

Analysis of the US Privacy Model

2019 ◽  
Vol 3 (1) ◽  
pp. 43-52
Author(s):  
Francisco García Martínez
Keyword(s):  
Data Privacy ◽  
Personal Information ◽  
National Level ◽  
The United States ◽  
The European Union ◽  
General Data Protection Regulation ◽  
Privacy Laws ◽  
The Us ◽  
General Data ◽  
The Eu

The creation of the General Data Protection Regulation (GDPR) constituted an enormous advance in data privacy, empowering the online consumers, who were doomed to the complete loss of control of their personal information. Although it may first seem that it only affects companies within the European Union, the regulation clearly states that every company who has businesses in the EU must be compliant with the GDPR. Other non-EU countries, like the United States, have seen the benefits of the GDPR and are already developing their own privacy laws. In this article, the most important updates introduced by the GDPR concerning US corporations will be discussed, as well as how American companies can become compliant with the regulation. Besides, a comparison between the GDPR and the state of art of privacy in the US will be presented, highlighting similarities and disparities at the national level and in states of particular interest.

scholarly journals Delegation-Based Personal Data Processing Request Notarization Framework for GDPR Based on Private Blockchain

2021 ◽  
Vol 11 (22) ◽  
pp. 10574
Author(s):  
Sung-Soo Jung ◽  
Sang-Joon Lee ◽  
Ieck-Chae Euom
Keyword(s):  
Data Processing ◽  
Data Protection ◽  
Data Privacy ◽  
Personal Data ◽  
General Data Protection Regulation ◽  
Personal Data Protection ◽  
Compliance Audit ◽  
General Data ◽  
Data Controller ◽  
Data Subject

With the growing awareness regarding the importance of personal data protection, many countries have established laws and regulations to ensure data privacy and are supervising managements to comply with them. Although various studies have suggested compliance methods of the general data protection regulation (GDPR) for personal data, no method exists that can ensure the reliability and integrity of the personal data processing request records of a data subject to enable its utilization as a GDPR compliance audit proof for an auditor. In this paper, we propose a delegation-based personal data processing request notarization framework for GDPR using a private blockchain. The proposed notarization framework allows the data subject to delegate requests to process of personal data; the framework makes the requests to the data controller, which performs the processing. The generated data processing request and processing result data are stored in the blockchain ledger and notarized via a trusted institution of the blockchain network. The Hypderledger Fabric implementation of the framework demonstrates the fulfillment of system requirements and feasibility of implementing a GDPR compliance audit for the processing of personal data. The analysis results with comparisons among the related works indicate that the proposed framework provides better reliability and feasibility for the GDPR audit of personal data processing request than extant methods.

Bulgarian public sector data breach reveals EU trend

2019 ◽  
Keyword(s):  
Public Sector ◽  
Data Privacy ◽  
Public Attention ◽  
Data Breach ◽  
Privacy And Security ◽  
Content Type ◽  
General Data Protection Regulation ◽  
High Profile ◽  
General Data ◽  
Sector Data

Subject Public sector and GDPR. Significance Public attention before and since the EU’s General Data Protection Regulation (GDPR) came into effect in May 2018 has largely focused on high-profile corporate data breaches and fines, such as recently at British Airways and the hotel chain Marriott. However, the data breach at the Bulgarian National Revenue Agency last month put public sector agencies, and their obligations under GDPR, under the spotlight. Impacts The upsurge in data breach notifications will stabilise as GDPR implementation progresses. Local public sector agencies are beginning to take data privacy and security seriously. Outsourcing of public services to private contractors is complicating cybersecurity.

scholarly journals Clinical trial data transparency and GDPR compliance: Implications for data sharing and open innovation

2020 ◽  
Author(s):  
Timo Minssen ◽  
Neethu Rajam ◽  
Marcel Bogers
Keyword(s):  
Clinical Trials ◽  
Data Sharing ◽  
Open Innovation ◽  
Clinical Trial Data ◽  
Public Access ◽  
General Data Protection Regulation ◽  
Policy Goals ◽  
General Data ◽  
Data Transparency ◽  
Privacy Issues

Abstract Recent European Union (EU) initiatives and legislation have considerably increased public access to clinical trials data (CTD). These developments are generally much welcomed for the enhancement of science, trust, and open innovation. However, they also raise many questions and concerns, not least at the interface between CTD transparency and other areas of evolving EU law on the protection of trade secrets, IPRs, and privacy. This article focuses on privacy issues and on the interrelation between developments in transparency and the EU’s new General Data Protection Regulation 2016/679 (GDPR). More specifically, this article examines: (1) the origins and rationales of EU transparency regulations, including the incidents and concerns that have shaped them; (2) the features and implications of the GDPR which are relevant in the context of clinical trials; and (3) the risk for tensions between the GDPR and the policy goals of CTD transparency, as well as implications for data sharing and open innovation. Ultimately, we elaborate on factors that should be carefully considered and addressed to reap the full benefits of CTD transparency.

Differential Privacy Approach for Big Data Privacy in Healthcare

2017 ◽  
pp. 191-213 ◽  
Author(s):  
Marmar Moussa ◽  
Steven A. Demurjian
Keyword(s):  
Big Data ◽  
Data Sharing ◽  
Data Privacy ◽  
Large Scale ◽  
Differential Privacy ◽  
Security And Privacy ◽  
Instrumental Case Study ◽  
Large Scale Data ◽  
Private Data

This chapter presents a survey of the most important security and privacy issues related to large-scale data sharing and mining in big data with focus on differential privacy as a promising approach for achieving privacy especially in statistical databases often used in healthcare. A case study is presented utilizing differential privacy in healthcare domain, the chapter analyzes and compares the major differentially private data release strategies and noise mechanisms such as the Laplace and the exponential mechanisms. The background section discusses several security and privacy approaches in big data including authentication and encryption protocols, and privacy preserving techniques such as k-anonymity. Next, the chapter introduces the differential privacy concepts used in the interactive and non-interactive data sharing models and the various noise mechanisms used. An instrumental case study is then presented to examine the effect of applying differential privacy in analytics. The chapter then explores the future trends and finally, provides a conclusion.

Anonymization, tokenization, encryption. How to recover unrecoverable data

2018 ◽  
Vol 0 (6/2017) ◽  
pp. 9-13
Author(s):  
Olga Dzięgielewska
Keyword(s):  
Risk Analysis ◽  
Data Protection ◽  
Data Privacy ◽  
Personal Data ◽  
Insider Threat ◽  
General Data Protection Regulation ◽  
Analysis Phase ◽  
Data Layer ◽  
General Data ◽  
Financial Consequences

The data privacy is currently vastly commented topic among all the organizations which process personal data due to the introduction of the European Union’s General Data Protection Regulation. Existing methods of data protection are believed to be sufficient as they meet the risk-based approach requirements in every mature organization, yet the number of publicly known data breaches confirms that this assumption is false. The aftermath of such incidents in countless cases prove that the risk-based approach failed as the reputational and financial consequences by far exceed the original estimations. This paper stressed the importance of the data layer protection from the planning, through design, until maintenance stages in the database lifecycle, as numerous attack vectors originating from the insider threat and targeting the data layer still sneak through unnoticed during the risk analysis phase.

Sign in / Sign up

Export Citation Format

Share Document