China
Africa
Explore chapters and articles related to this topic
Challenges of Implementing Privacy Policies Across the Globe
Published in Ahmed Elngar, Ambika Pawar, Prathamesh Churi, Data Protection and Privacy in Healthcare, 2021
The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy in the European Union and the European Economic Area. It also addresses the transfer of personal data outside the EU and EEA areas. GDPR in terms of healthcare follows certain principles such as lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, integrity, confidentiality, accountability and limited storage. It defines certain circumstances in which a patient’s health and genetic data can be processed, the rules for consent and the rights provided to patients regarding their data. GDPR makes a special clause which ensures a patient’s voice is heard in data protection debates. While GDPR helps ensure trust between companies who handle personally identifiable data and patients, there are some drawbacks present. The one-time cost for companies to get their data affairs in order was huge which affected many businesses. Also, the cost of violating GDPR could lead to a fine up to $23.5 million, or 4% of the global annual revenue of a business.
Security and privacy issues of blockchain-enabled fog and edge computing
Published in Muhammad Maaz Rehan, Mubashir Husain Rehmani, Blockchain-enabled Fog and Edge Computing, 2020
Imane Ameli, Nabil Benamar, Abdelhakim Senhaji Hafid
General Data Protection Regulation (GDPR) is European regulation. Its principal mission is to define and set up laws and restrictions to be applied by the European organisations in to protect sensitive personal information. We note in [54] that blockchain technology has some characteristics that seem contradictory to the GDPR principles. The immutability of data in blockchain and ‘right to be forgotten’ in the GPDR key. While the block is maintained into the blockchain, data could not be altered or deleted. By contrast, the ‘right to be forgotten’ consists that each entity should have the right to delete its own data (e.g., the health history of a patient) when it is necessary. The indelible nature of the data in the blockchain may present a block stumbling with law enforcement. And for this perspective, the authors in [55] have proposed a new approach acronym by FLPE (functionality-preserving local erasure) based on erasing data on a local level of nodes. Briefly put, this solution permits the clearing out the transactions in question while opening the doors for mischievous entities to transact freely.
IP and Other Moats
Published in Gennadi Saiko, Bringing a Medical Device to the Market A Scientist's Perspective, 2022
In the European Union, General Data Protection Regulation (or so-called GDPR rule) is a regulation that requires businesses to protect the personal data and privacy of European Union citizens for transactions that occur within the European Union. GDPR is considered the world’s strongest set of data protection rules. The regulation became a model for many national laws outside the European Union, including Japan, Brazil, and South Korea.
Software agents supporting the security of IT systems handling personal information
Published in Journal of Decision Systems, 2020
Mariusz Zytniewski, Stanislaw Stanek
As a result of regulatory effort initiated by the European Union, legislation known as the General Data Protection Regulation (GDPR) was adopted and entered into force on 25 May 2018, laying down the general rules to be met when processing, storing and managing personal information. Its impact is broad, as it regulates the behaviour of all organisations, regardless of their affiliations, intending to engage in business activity in an EU member state. The definition of personal data is general, encompassing both data attributed to identifiable individuals, such as, e.g. credit card number, and data on anonymous natural persons, e.g. on any European citizen inputting a query in an internet search engine. The GDRP does not contain specific recommendations regarding the organisational and technical security of personal data, only setting out general principles. In many cases, it is possible to adapt some of the solutions previously employed in the area of classified data protection, credit card services, or personal data processing under former regulations. Also, most solutions related to risk analysis, periodic reviews and continuous improvement known from previous NIST and ISO/OSI information security standards (cf., e.g. Stanek, 2016) can be utilised in the construction of GDPR-compliant IT systems. A more in-depth analysis of GDRP articles indicates that a number of provisions are innovative and unsupported in former IT frameworks. GDPR will indirectly affect the development of advanced IT solutions used in the area of computer decision support. A discussion of some completed experiments will be delivered in the following section.
The Role of Privacy in the Acceptance of Smart Technologies: Applying the Privacy Calculus to Technology Acceptance
Published in International Journal of Human–Computer Interaction, 2022
Eva-Maria Schomakers, Chantal Lidynia, Martina Ziefle
A similar argument can be based on the results regarding the influence of perceived information sensitivity on privacy concerns. The more sensitive the collected information is perceived to be, the higher are privacy concerns. Data minimization – a principle that is also included in the General Data Protection Regulation by the European Union – postulates that only data should be collected, analyzed, and stored which is necessary for the purpose (Ziegler et al., 2019). This goes in line with the general idea of the privacy calculus: to gain benefits, data collection is needed. But if there is no benefits to be gained, no further data should be used.
Responsible innovation at work: gamification, public engagement, and privacy by design
Published in Journal of Responsible Innovation, 2022
Daniele Ruggiu, Vincent Blok, Christopher Coenen, Christos Kalloniatis, Angeliki Kitsiou, Aikaterini-Georgia Mavroeidi, Simone Milani, Andrea Sitzia
In the EU, GDPR enforcement has made the protection of personal data compulsory for all organisations during systems design and implementation (Sousa et al. 2018). New data rights have been established for EU citizens, supporting their autonomy and self-determination. Additionally, each organisation is obliged to establish a Data Protection Officer (DPO), an expert in data protection rules and practices who is responsible for ensuring that organisational processes comply with the legislation (art. 37 GDPR).