Search

Your search keyword '"Gdpr"' showing total 2,792 results
Start Over Descriptor "Gdpr" Language english
2,792 results on '"Gdpr"'

8. THE DARK SIDE OF VOLUNTARY DATA SHARING.

Author

Xi Li, Bingqing Li, and Zhilin Yang

Abstract

To balance the need for privacy and the benefits of big data analytics, regulators around the world are giving consumers control over their data, allowing them to choose whether or not to voluntarily share their purchase history data with firms. Intuition suggests that voluntary data sharing benefits consumers who can now choose to share their data only when it is profitable to do so. To investigate this argument, we built a model in which a monopolistic firm sells a repeatedly purchased product to consumers over two periods, and consumers decide whether or not to share their purchase history data with the firm, who can use it in the future to pricediscriminate against them. We found that, compared to when data collection is completely outlawed, voluntary data sharing can benefit the firm but at the consumer's expense. Moreover, regulations that mandate firms to better protect consumer data against data breaches can backfire on consumers. Finally, we show that under voluntary data sharing, a firm's ability to offer consumers a monetary incentive to share their data can improve profits without hurting consumers. Taken together, these findings underscore the surprising effects of voluntary data sharing and caution public policymakers of how certain data policies that, on the surface, seem purely beneficial can lead to unintended consequences. [ABSTRACT FROM AUTHOR]

Published
2025

10. AUTOMATED ANALYSIS OF CHANGES IN PRIVACY POLICIES: A STRUCTURED SELF-ATTENTIVE SENTENCE EMBEDDING APPROACH.

Author

Lin, Fangyu, Samtani, Sagar, Zhu, Hongyi, Laura, Brandimarte, and Chen, Hsinchun

Abstract

The increasing societal concern for consumer information privacy has led to the enforcement of privacy regulations worldwide. In an effort to adhere to privacy regulations such as the General Data Protection Regulation (GDPR), many companies’ privacy policies have become increasingly lengthy and complex. In this study, we adopted the computational design science paradigm to design a novel privacy policy evolution analytics framework to help identify how companies change and present their privacy policies based on privacy regulations. The framework includes a self-attentive annotation system (SAAS) that automatically annotates paragraph-length segments in privacy policies to help stakeholders identify data practices of interest for further investigation. We rigorously evaluated SAAS against state-of-the-art machine learning (ML) and deep learning (DL)-based methods on a well-established privacy policy dataset, OPP-115. SAAS outperformed conventional ML and DL models in terms of F1-score by statistically significant margins. We demonstrate the proposed framework’s practical utility with an in-depth case study of GDPR’s impact on Amazon’s privacy policies. The case study results indicate that Amazon’s post-GDPR privacy policy potentially violates a fundamental principle of GDPR by causing consumers to exert more effort to find information about first-party data collection. Given the increasing importance of consumer information privacy, the proposed framework has important implications for regulators and companies. We discuss several design principles followed by the SAAS that can help guide future design science-based e-commerce, health, and privacy research. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

11. The General Data Protection Regulation in Plain Language

Author

van der Sloot, Bart

Subjects
GDPR, General Data Protection Regulation, privacy, privacy law, privacy legislation, european legislation, Law, Privacy and data protection
Abstract

The General Data Protection Regulation in Plain Language is a guide for anyone interested in the much-discussed rules of the GDPR. In this legislation, which came into force in 2018, the European Union meticulously describes what you can and cannot do with data about other people. Violating these rules can lead to a fine of up to 20 million euros. This book sets out the most important obligations of individuals and organisations that process data about others. These include taking technical security measures, carrying out an impact assessment and registering all data-processing procedures within an organisation. It also discusses the rights of citizens whose data are processed, such as the right to be forgotten, the right to information and the right to data portability.

Published
2025

13. The Early Impact of GDPR Compliance on Display Advertising: The Case of an Ad Publisher.

Author

Wang, Pengyuan, Jiang, Li, and Yang, Jian

Subjects
GENERAL Data Protection Regulation, 2016, REGULATORY compliance, INTERNET advertising, DATA protection, PERSONALLY identifiable information, CONSUMER behavior
Abstract

The European Union's General Data Protection Regulation (GDPR), with its explicit consent requirement, may restrict the use of personal data and shake the foundations of online advertising. The ad industry has predicted drastic loss of revenue from GDPR compliance and has been seeking alternative ways of targeting. Taking advantage of an event created by an ad publisher's request for explicit consent from users with European Union IP addresses, the authors find that for a publisher that uses a pay-per-click model, has the capacity to leverage both user behavior and web page content information for advertising, and observes high consent rates, GDPR compliance leads to modest negative effects on ad performance, bid prices, and ad revenue. The changes in ad metrics can be explained by temporal variations in consent rates. The impact is most pronounced for travel and financial services advertisers and least pronounced for retail and consumer packaged goods advertisers. The authors further find that web page context can compensate for the loss of access to users' personal data, as the GDPR's negative impact is less pronounced when ads are posted on web pages presenting relevant content. The results suggest that publishers and advertisers should leverage targeting based on web page content after the GDPR's rollout. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

14. 'Convergence of competing powers: EU competition law and privacy in the digital era – scenarios and impacts'.

Author

Gorecka, Arletta

Subjects
*RIGHT of privacy, *DATA privacy, *DIGITAL technology, *ANTITRUST law, *DATA protection laws
Abstract

The debate on the intersection of competition law and privacy constitutes a major challenge for the existing competition law framework. This article considers the intersection between competition law and privacy and argues that it is possible to recognise a positive relation between these legal areas. However, with the rise of digital platforms that provide free products and services to consumers while generating revenue through data collection, the discussion has intensified regarding whether non-price elements, such as privacy, should be considered as a factor in competition law analysis. The author argues that it is possible to demonstrate a dogmatic link between these legal sources, as a coherent and consistent interpretation of competition law and data protection is adequate. The article finds that dogmatic approach corresponds to recent development in competition law enforcement. [ABSTRACT FROM AUTHOR]

Published
2025
Full Text
View/download PDF

15. Cascade genetic testing in hereditary cancer: exploring the boundaries of the Italian legal framework.

Author

Varesco, Liliana, Di Tano, Francesco, Monducci, Juri, Sciallero, Stefania, Turchetti, Daniela, Bighin, Claudia, Buzzatti, Giulia, Giannubilo, Irene, Trevisan, Lucia, and Battistuzzi, Linda

Abstract

Despite its clinical value, cascade genetic testing (CGT) in hereditary cancer syndromes remains underutilized for a number of reasons, including ineffective family communication of genetic risk information. Therefore, alternative strategies are being explored to improve CGT uptake rates; one such strategy is direct contact with at-risk relatives by healthcare professionals with proband consent. It is unclear how Italian laws and regulations pertaining to CGT—including the EU General Data Protection Regulation (GDPR)—should be understood and implemented in the context of such alternative strategies. The authors constructed a hypothetical case about CGT, reviewed laws and regulations on informed consent, privacy, and the right not to know, and analyzed how those laws and regulations might apply to different communicative strategies relevant to the case and aimed at supporting CGT. A constitutionally consistent reading of Italian law and of the GDPR, an integral part of the Italian privacy framework, suggests that multiple communicative approaches may be legally permissible in Italy to support the CGT process. This includes direct contact by healthcare professionals with proband consent, provided certain conditions are met. Understanding the effectiveness of such approaches in improving CGT uptake will require further research efforts. [ABSTRACT FROM AUTHOR]

Published
2025
Full Text
View/download PDF

16. In Brussels we trust? Exploring corporate resistance in platform regulation.

Author

Weigl, Linda and Guzik, Aleksandra

Subjects
*ELECTRONIC data processing, *INTERNET marketing, *ACTIONS & defenses (Law), *BUSINESS models, *GENERAL Data Protection Regulation, 2016
Abstract

Can European regulators be trusted with the enforcement of the new Digital Services Act package? Recent developments show that designated companies are increasingly pursuing legal action against EU institutions. In a comparative analysis of litigation in the context of the GDPR, the DMA and the DSA, we find that the accumulation of digital legislation over time provides some explanatory potential for this legal obstructionism. Moreover, compared to the GDPR, the DMA and the DSA have a stronger impact on platforms’ business models. While GDPR provisions impose rules on obtaining a lawful basis for data processing on all data processing entities, they do not fundamentally alter how a subset of designated platforms directly generate profit. Although the Commission stands steadfast in its enforcement actions, the rise in legal disputes could be seen as a warning sign, questioning the platforms’ true willingness to adhere and requiring regulatory entities to be particularly vigilant. [ABSTRACT FROM AUTHOR]

Published
2025
Full Text
View/download PDF

17. No harm no foul: how harms caused by dark patterns are conceptualised and tackled under EU data protection, consumer and competition laws.

Author

Santos, Cristiana, Morozovaite, Viktorija, and De Conca, Silvia

Subjects
*ANTITRUST law, *DATA protection, *CONSUMER law, *SCHOLARLY method, *GENERAL Data Protection Regulation, 2016
Abstract

Although several Human–Computer Interaction (HCI) studies have empirically investigated the harms caused by dark patterns, with policymakers and regulators regarding these harms significant, they have yet to be examined from a legal perspective. This paper identifies the individual, collective, material and non-material harms deriving from dark patterns, dissecting the role that harms play in the emerging European ‘dark patterns acquis’, comprising the Digital Services Act, Digital Markets Act, AI Act and Data Act. In particular, it systematises the body of knowledge of dark patterns’ harms from HCI scholarship and proposes a dark pattern harm taxonomy. Ultimately, the paper reconciled the debate concerning dark patterns’ harms in HCI with the legal requirements for assessing harms, in light of the remedies mechanisms offered by European data protection, consumer law and competition law. [ABSTRACT FROM AUTHOR]

Published
2025
Full Text
View/download PDF

18. Crumbled Cookies: Exploring E-commerce Websites' Cookie Policies with Data Protection Regulations.

Author

Singh, Nivedita, Do, Yejin, Yu, Yongsang, Fouad, Imane, Kim, Jungrae, and Kim, Hyoungshick

Subjects
GENERAL Data Protection Regulation, 2016, COOKIES (Computer science), SECURITY systems, DATA protection, WEBSITES
Abstract

Despite stringent data protection regulations, such as the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other country-specific laws, numerous websites continue to use cookies to track user activities, raising significant privacy concerns. This study aims to investigate the compliance of e-commerce websites with these regulations from a cookie perspective and explore potential variations in cookie policies across different countries. We conducted a comprehensive analysis of 360 popular e-commerce websites (44,323 cookies) across multiple countries, examining cookie attributes and their potential links to privacy and security breaches. Our findings revealed that 73% of third-party cookies function as tracker cookies, with around 40% breaching lifecycle regulations. Additionally, 85% are vulnerable to potential cross-site scripting (XSS) attacks, while only 349 out of 44,323 adhere to robust measures aimed at combating cross-site request forgery (CSRF) attacks. We also discovered instances of masquerading cookies, where third-party cookies disguise themselves as first-party cookies, enabling unauthorized user tracking without consent. To the best of our knowledge, this study is the first to comprehensively analyze the compliance of e-commerce websites with the GDPR, CCPA, and country-specific regulations concerning cookie policies across different jurisdictions. Our findings highlight the urgent need for uniform and consistent cookie policies across websites and jurisdictions, as well as robust enforcement mechanisms and increased transparency to ensure compliance with data protection regulations. This research contributes to the ongoing discourse on privacy protection and underscores the importance of addressing the challenges posed by insecure cookie practices in the e-commerce sector. [ABSTRACT FROM AUTHOR]

Published
2025
Full Text
View/download PDF

20. Patient-centric information management in blockchain and interplanetary storage.

Author

Dewangan, Narendra and Chandrakar, Preeti

Abstract

In the healthcare sector, the protection of patient information is an essential factor in terms of secrecy and privacy. This information is very useful for industrial and research purposes. Electronic medical records (EMR) hold data related to patients and their treatments. According to GDPR (general data protection regulation), patient information should be anonymous. There should not be any disclosure of patients private information during data transfer. For hiding patients private information, encryption is required. For developing countries, the treatment cost is also a matter for health services. Blockchain technology provides facilities like distributed and immutable data storage and peer-to-peer data transfer. We need cheaper blockchain-based solutions for the healthcare sector. IPFS provides a secure way to store the content of the files in a decentralized manner by using the Merkle tree. By using IPFS with blockchain, we can counter the use of fake medical records or the forge of EMR. In this paper, the interplanetary file system (IPFS) is used to store EMR in compliance with GDPR. We work on the treatment cycle of patients with a blockchain-maintained hospital and doctor. Our proposed system enhances the security and transparency of patients' treatment information. We compared our proposed system with previously developed systems and provided analytical results in terms of security, privacy, and cost. We implemented our proposed system on a Python-customized blockchain with a customized consensus algorithm. [ABSTRACT FROM AUTHOR]

Published
2025
Full Text
View/download PDF

21. Will the EU AI Regulations Give Rise to Another 'Brussels Effect'? Lessons from the GDPR.

Author

Tarafder, Agnidipto and Vadlamani, Aniruddh

Abstract

The pre-eminence of the European Union (EU) General Data Protection Regulation (GDPR) in regulating the business of data collection, processing and transfer cannot be understated. It has come to serve as the model for laws in several non-EU jurisdictions who share in the EU's concerns about citizens' data being harnessed by Big Tech in particular. This article explores the GDPR's outsized impact in the sphere of data regulation, the conflict between the contrasting models of regulation adopted by the EU and the United States and comments on the possibility of the AI regulations becoming what the GDPR is for data. It further delves into the possibility of this approach being followed by countries like India, where government efforts to integrate AI-based innovation and entrepreneurship have led to the possibility of newer regulatory approaches being adopted. [ABSTRACT FROM AUTHOR]

Published
2025
Full Text
View/download PDF

22. A comparative analysis: health data protection laws in Malaysia, Saudi Arabia and EU General Data Protection Regulation (GDPR).

Author

Sarabdeen, Jawahitha and Mohamed Ishak, Mohamed Mazahir

Subjects
DATA privacy, GENERAL Data Protection Regulation, 2016, DATA protection, DATA protection laws, PUBLIC sector, PERSONALLY identifiable information
Abstract

Purpose: General Data Protection Regulation (GDPR) of the European Union (EU) was passed to protect data privacy. Though the GDPR intended to address issues related to data privacy in the EU, it created an extra-territorial effect through Articles 3, 45 and 46. Extra-territorial effect refers to the application or the effect of local laws and regulations in another country. Lawmakers around the globe passed or intensified their efforts to pass laws to have personal data privacy covered so that they meet the adequacy requirement under Articles 45–46 of GDPR while providing comprehensive legislation locally. This study aims to analyze the Malaysian and Saudi Arabian legislation on health data privacy and their adequacy in meeting GDPR data privacy protection requirements. Design/methodology/approach: The research used a systematic literature review, legal content analysis and comparative analysis to critically analyze the health data protection in Malaysia and Saudi Arabia in comparison with GDPR and to see the adequacy of health data protection that could meet the requirement of EU data transfer requirement. Findings: The finding suggested that the private sector is better regulated in Malaysia than the public sector. Saudi Arabia has some general laws to cover health data privacy in both public and private sector organizations until the newly passed data protection law is implemented in 2024. The finding also suggested that the Personal Data Protection Act 2010 of Malaysia and the Personal Data Protection Law 2022 of Saudi Arabia could be considered "adequate" under GDPR. Originality/value: The research would be able to identify the key principles that could identify the adequacy of the laws about health data in Malaysia and Saudi Arabia as there is a dearth of literature in this area. This will help to propose suggestions to improve the laws concerning health data protection so that various stakeholders can benefit from it. [ABSTRACT FROM AUTHOR]

Published
2025
Full Text
View/download PDF

23. Optimization of cyber security through the implementation of AI technologies

Author

Nawaf Liqaa and Bentotahewa Vibhushinie

Subjects
optimization, cyberspace, cyber threat, ai, iot, security, privacy, gdpr, covid-19, Science, Electronic computers. Computer science, QA75.5-76.95
Abstract

Identification of cyber threats is crucial and significant for determining substantial security techniques and approaches. This research illustrates a brief discussion of cyberspace challenges and threats in a disruptive era alongside comprehensive approaches in mitigating the risk of cyber threats. Additionally, the aim of this research is to provide beneficial approaches on how to handle cyber threats in detail. For example, threats and attacks may be caused in the absence of legislation, ethical standardization, support system, and lack of access control. The governance system, therefore, will put a lot of effort into communicating, identifying, and enforcing the principles of security to moderate risk. The Metaheuristic algorithms are stimulated by the human brain, so implementing Artificial Intelligence (AI) that assists the Neural Network to mimic the behaviour of the human brain is important to predict significant outcomes. In this study, the author investigates and analyses the rapid growth of cyber threats to outline the solutions. The aim of this study is to contribute to cyber security optimization through implementing AI methodologies.

Published
2025
Full Text
View/download PDF

24. From Technical Prerequisites to Improved Care: Distributed Edge AI for Tomographic Imaging

Author

Bilgehan Akdemir, Hafiz Faheem Shahid, Mikael A. K. Brix, Juho Laakkola, Johirul Islam, Tanesh Kumar, Jarmo Reponen, Miika T. Nieminen, and Erkki Harjula

Subjects
CBCT, distributed AI, edge computing, edge cloud continuum, GDPR, medical imaging, Electrical engineering. Electronics. Nuclear engineering, TK1-9971
Abstract

Recent years have seen a surge in AI-driven medical image processing, leading to significant improvements in diagnostic performance. However, medical imaging technologies tend to create staggering volumes of medical data, necessitating high-performance computing. Cloud systems with robust GPUs and resource capacity are optimal choices for DL-based medical image processing. However, transferring data to the cloud for processing strains communication links, introduces high communication latency, and raises privacy and security concerns. Consequently, despite the undisputed benefits of cloud computing, dedicated standalone local computers are still used for image reconstruction in today’s systems. This localized strategy uses expensive hardware inefficiently and falls short of scalability and maintainability. Edge computing emerges as an innovative concept by bringing cloud processing capabilities closer to data sources. A continuum of computing including local, edge, and cloud tiers would offer a promising solution for medical image processing. According to literature survey, there are no significant works on utilizing edge cloud continuum for CBCT imaging. To fill this gap, we introduce novel 3-TECC architectural concept, specifically designed for CBCT data reconstruction in medical imaging. This article explores the evolving synergy among medical imaging, distributed AI, containerized solutions, and edge-cloud continuum technologies, highlighting their clinical implications and illuminating the potential for transformative patient care. We uncover challenges and opportunities this convergence provides with the CBCT image reconstruction use case, while aligning with regulatory compliance. The proposed 3-TECC architecture advocates a decentralized data processing paradigm, reducing reliance on the centralized approach and emphasizing the role of local-edge computing.

Published
2025
Full Text
View/download PDF

25. Assessing Privacy Policies and App Settings for User Data Protection: A Data Subject‐Centered Framework Analysis of TikTok in the U.S. and Europe (2023–2024).

Author

Kim, Hyowon and Bratt, Sarah

Subjects
*DATA protection, *MOBILE apps, *DATA management
Abstract

This study examines the extent to which TikTok's privacy policies and app settings in the U.S. and Europe protect the rights entailed in the data subject‐centered framework. Using a case study approach, we analyze current policy documents and app settings to identify the alignment of TikTok's policies with the GDPR perspective. Our findings reveal that current policies and settings fall short in key areas. First, TikTok policies lack details related to managing and protecting sensitive data. Second, the policies neglect to discuss the responsibilities of social media companies when such data is utilized by unspecified third parties. Furthermore, there is a noticeable deficiency in the U.S. regarding detailed in‐app privacy notices and setting options, especially in terms of managing location data and advertisements. Additionally, there is a need for explanations on how specific settings impact users. Lastly, a critical demand exists for default settings, including those for advertisements, to enhance data protection. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

26. Discrimination in the automated targeting of job advertising: The role of the General Data Protection Regulation.

Author

Parodi, Elisa

Abstract

Recently, companies have increasingly been using AI to attract potential candidates through targeted job advertising, whose delivery is then algorithmically optimised. By excluding certain groups from job opportunities, these practices can discriminate in access to work, in relation to grounds protected by EU equality law. This article investigates the possible role of GDPR (Reg. n. 2016/679) in litigating discrimination in targeted and optimised job advertising. It firstly analyses whether and how the data access right under Art. 15(1)(h) can be exercised to gather the prima facie discrimination evidence necessary to bring a discrimination claim against the employer. It then deepens the potential use of Art. 80(2) to address the challenges relating to litigating these discriminatory practices, particularly the victims' lack of awareness and their difficulty in coordinating. [ABSTRACT FROM AUTHOR]

Published
2025
Full Text
View/download PDF

27. Dark Sides of Data Transparency: Organized Immaturity After GDPR?

Author

Schade, Frederik

Subjects
DIGITAL technology, GENERAL Data Protection Regulation, 2016, DATA protection, SOCIOTECHNICAL systems, PERSONALLY identifiable information, ELECTRONIC data processing
Abstract

Organized immaturity refers to the capacity of widely institutionalized sociotechnical systems to challenge qualities of human enlightenment, autonomy, and self-determination. In the context of surveillance capitalism, where these qualities are continuously put at risk, data transparency is increasingly proposed as a means of restoring human maturity by allowing individuals insight and choice vis-à-vis corporate data processing. In this article, however, I draw on research on General Data Protection Regulation–mandated data transparency practices to argue that transparency—while potentially fostering maturity—itself risks producing new forms of organized immaturity by facilitating user ignorance, manipulation, and loss of control of personal data. Considering data transparency's relative "successes" and "failures" regarding the cultivation of maturity, I outline a set of possible remedies while arguing for a general need to develop more sophisticated ethical appreciations of transparency's complex and potentially problematic implications for organized (im)maturity in the digital age. [ABSTRACT FROM AUTHOR]

Published
2023
Full Text
View/download PDF

28. Assessing the Security of Privacy Rights and Data Protection in Albania: A Critical Analysis Within the European Legal Framework

Author

Heliona Miço (Bellani) and Egla Leci

Subjects
the right to privacy, gdpr, data protection, european union, albania, Comparative law. International uniform law, K520-5582, Private international law. Conflict of laws, K7000-7720
Abstract

This paper adopts an analytical approach to the regulation of the right to privacy within the normative foundations of the European Union’s General Data Protection Regulation (GDPR), offering a comparative perspective with the Albanian legal framework. The paper elucidates the reasons that led to the enforcement of the GDPR and delves into the challenges arising in the field of data protection due to technological advancements. The comprehension of the GDPR approach will serve as a benchmark for comparing the progress of the implementation of data protection in Albania. This discussion will underscore the ongoing process of legislation harmonization with the EU 'Acquis communautaire', aiming to pinpoint potential disparities between the General Data Protection Regulation (GDPR) and the Albanian Law on Data Protection. The paper will scrutinize various data protection breaches occurring from 2021 to 2022 in Albania, events that cast doubt on the legal framework concerning the right to privacy and its practical implementation. These instances of data breaches illuminate the challenges within the legal framework and its execution, underscoring the vulnerability of the state in the face of technological advancements. This emphasizes the imperative for proactive measures to enhance the protection of personal data and the right to privacy.

Published
2024
Full Text
View/download PDF

29. Mass Collection of Workers’ Data in Warehouse Facilities: Reflections on Privacy and Workforce Well-being

Author

Thomas De Lombaert, Arpan Rijal, Robert Costrasal, and Michele Molè

Subjects
warehouse management system, workplace surveillance, gdpr, ai regulation, worker well-being, Law in general. Comparative and uniform law. Jurisprudence, K1-7720, Labor. Work. Working class, HD4801-8943
Abstract

Warehouses with complex monitoring and algorithmic management policies are rapidly expanding across the EU. This paper explores the functionalities of a Warehouse Management System (WMS) and its role in managing warehouse workers. In particular, WMS implementation raises concerns regarding worker privacy and data protection due to the increased surveillance of warehouse operations, while at the same time also having the potential to significantly enhance worker well-being. By examining the WMS' features in relation to the GDPR (EU Reg. 2016/679) and the AI Regulation (EU Reg. 2024/1689), this paper establishes a framework in which worker well-being is fostered in accordance with data protection and technology law. Following an introduction to these regulations, we analyse three case studies of personal data acquisition and management policies from warehouse management literature. Building on these examples, this paper offers practical guidelines for researchers and practitioners to ensure their warehouse operations comply with current regulations on worker monitoring. We show that data collection practices and their implications should be more carefully considered, both by practitioners and researchers.

Published
2024
Full Text
View/download PDF

30. Another Path for AI Regulation: Worker Unions and Data Protection Rights

Author

Thomas Le Bonniec

Subjects
artificial intelligence, data protection, digital labour, regulation, gdpr, Law in general. Comparative and uniform law. Jurisprudence, K1-7720, Labor. Work. Working class, HD4801-8943
Abstract

The Artificial Intelligence Regulation (EU Reg. 2024/1689) is widely regarded as the European Union’s primary tool for regulating the market for AI systems. This paper, however, explores how the General Data Protection Regulation (EU Reg. 2016/679) takes precedence and remains a crucial legislation in determining how AI systems are produced and deployed in the EU. This research analyses how the GDPR’s prevalence and application, however, is steered by interpretations put forward by different actors, with particular attention to Data Protection Authorities. In this context, I analyse how AI workers and (working) data subjects are essential stakeholders for the production of AI systems. I explore how their involvement in this regulatory standard could enhance the protection of their own interests and rights. More specifically, I focus on how consumer rights organizations and trade union cooperation could cooperate to challenge current predatory practices by the AI industry through the collective use of data protection rights.

Published
2024
Full Text
View/download PDF

31. GDPR Meets Unfair Competition Law: The Lindenapotheke Ruling and Its Implications for Data Subjects and Controllers

Author

Anna Fiorentini

Subjects
lindenapotheke, data protection law, unfair competition law, remedies, health data, gdpr, Law, Law of Europe, KJ-KKZ
Abstract

(Series Information) European Papers - A Journal on Law and Integration, 2024 9(3), 852-864 | European Forum Insight of 24 December 2024 | (Table of Contents) I.Introduction. - II. Setting the facts of the case. - III. The ECJ's reasoning. - III.1. The nature of the GDPR remedies. - III.2. The breadth of the notion of health data. - IV. Commentary. - IV.1. The safeguards “outside” the GDPR: what role for unfair competition law? - IV.2. The safeguards “inside” the GDPR: what (if any) limits to the notion of sensitive data. - V. Conclusive remarks and broader implications. | (Abstract) On 4 October 2024, the Grand Chamber of the European Court of Justice (ECJ) issued a landmark judgment that adds significant depth to the interpretation of the GDPR, especially concerning its interplay with unfair competition law and the concept of “special categories of personal data”. After analysing the facts of the case and the ECJ’s reasoning, this Insight aims to highlight how the Lindenapotheke ruling, while aligned with the ECJ’s longstanding commitment to securing data subjects’ rights, represents a noteworthy advance: it reinforces the high level of protection afforded to data subjects by integrating GDPR safeguards – particularly those under art. 9 GDPR – with those established in other areas of EU secondary law. Finally, this Insight examines the critical aspects and practical implications of the ruling, especially for data controllers, as the ECJ’s approach may have an (excessive) deterrent effect on prac-tices that risk infringing these enhanced data protection standards.

Published
2024
Full Text
View/download PDF

32. Third time's the charm? the EU - us data privacy framework

Author

Bianca-Raluca Tulac

Subjects
personal data, personal data protection, gdpr, dpf, schrems iii case, Europe (General), D900-2009, Political science
Abstract

In the current context of globalisation, data transfer to non-EU countries is becoming an important component of international trade. For this reason, and by virtue of the right to the protection of personal data, the creation of a legal framework designed to provide adequate safeguards for European citizens is a constant concern of the European Union. Through the lens of this study, we aim to outline an overall perspective on the cooperation between the European Union and the United States of America, regarding the transfer of personal data. Starting from the exposition of the efforts made over time, in order to ensure a safety of the transatlantic flow of data, we will focus on the current provisions in force, known as Privacy Shield 2.0, determining, at the same time, the possible practical implications of them. Therefore, based on the study of the new rules established by the Privacy Shield 2.0, we will draw out the basic principles applicable to the transfer of data to the United States, the concrete effects of this act, presenting the legal challenges that its adoption brings, but also the ways in which it influences the development of international trade. Last but not least, we will analyse the likelihood of an invalidation of Privacy Shield 2.0 by reference to the premises of a possible Schrems III case. In this respect, we will present, on the one hand, the criticism of the way in which the European Union and the United States have agreed to reform the agreement on the confidentiality of data transfers, and, on the other hand, the steps taken against it.

Published
2024
Full Text
View/download PDF

33. Content analysis of EU directives and regulations: legislative frameworks and consumer rights

Author

Alexandra Gheorghiu and Cosmin Ungureanu

Subjects
eu directives, gdpr, data protection, consumer rights, digital economy, Europe (General), D900-2009, Political science
Abstract

This study analyses the European Union's regulatory frameworks on data protection and consumer rights. It examines landmark legislations such as the General Data Protection Regulation (GDPR), the Data Governance Act (DGA), and others that shape data privacy, digital content management, and consumer protection across the EU. Utilizing Iramuteq software for content analysis, it identifies thematic clusters and relationships within the texts, uncovering core concepts like digital service conformity, consumer rights, and the role of public data governance. Through cluster and factor analysis, the study reveals how these legal instruments collectively promote data security, innovation, and market fairness while ensuring consistent consumer protection and legal compliance throughout EU member states.

Published
2024
Full Text
View/download PDF

34. AI use in the workplace. Some legal risks and challenges

Author

Dana VOLOSEVICI

Subjects
ai, monitoring, recruitment, gdpr, workplace, Law in general. Comparative and uniform law. Jurisprudence, K1-7720
Abstract

As Artificial Intelligence (AI) advances, businesses benefit from its ability to exponentially enhance process effectiveness and efficiency, while also facing risks related to personal data protection, human dignity, and ultimately, human identity. This article aims to investigate two domains where AI is frequently employed in labor relations: recruitment and employee monitoring. In these areas, the article seeks to discuss aspects that could help clarify the conditions for the legitimate use of AI. A potential application of the ECJ's SHUFA case solution in recruitment is proposed, while the case of Amazon France Logistique is analysed concerning AI-based employee monitoring.

Published
2024
Full Text
View/download PDF

35. Understanding the GDPR from a requirements engineering perspective—a systematic mapping study on regulatory data protection requirements.

Author

Negri-Ribalta, Claudia, Lombard-Platet, Marius, and Salinesi, Camille

Subjects
*GENERAL Data Protection Regulation, 2016, *DATA protection, *REQUIREMENTS engineering, *COMPUTER software development, *REGULATORY compliance
Abstract

Data protection compliance is critical from a requirements engineering (RE) perspective, both from a software development lifecycle (SDLC) perspective and regulatory compliance. Not including these requirements from the early phases of the SDLC can prove costly and challenging afterward. The general data protection regulation (GDPR) from the European Union (EU) sets a list of requirements that organizations working within its scope should satisfy. However, these requirements are complex to work with, as legal prose tends to be vague and imprecise, and not all requirements have received the same attention from researchers. This study aims to identify the research published in RE for helping compliance with regulatory data protection requirements. We gathered and analyzed 90 articles from 2016 to 2022 through a systematic mapping study. We analyzed key trends in the sample, such as year of publication, publication venue, type of research, interdisciplinarity in the author's background, GDPR focus of compliance element, and type of proposal. Our main findings show ongoing interest, mostly published in conferences, in achieving overall compliance with the GDPR and consent as the most popular topics. Other topics, such as cookies or children's data, did not receive significant attention. Research over the whole RE process has been done. 20 (22%) of the papers have authors affiliated with non-computer science; however, most research seems not interdisciplinary. We finally discuss gaps in the literature, possible future areas of research, and the importance of interdisciplinary research for regulatory data protection requirements in RE. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

36. Legal obstacles jeopardise research in personalised medicine – experiences from a Nordic collaboration within rheumatology.

Author

Glintborg, Bente, Hansson, Mats, Hammer, Hilde Berner, Klareskog, Lars, Saevarsdottir, Saedis, Westerlind, Helga, Rönnelid, Johan, Gehring, Isabel, Benson, Mikael, Esbensen, Bente Appel, Hetland, Merete Lund, Padyukov, Leonid, Kragstrup, Tue Wenzel, Hauge, Ellen-Margrethe, AxnÄs, Barbara Bislawska, Krogh, Niels Steen, Johannesson, Martina, and Askling, Johan

Subjects
*MEDICAL research laws, *RHEUMATOID arthritis treatment, *DATA security, *DIGITAL technology, *HEALTH services administration, *PROCEDURE manuals, *MEDICAL protocols, *INTERPROFESSIONAL relations, *SELECTIVE dissemination of information, *DATA curation, *MEDICAL care, *REPORTING of diseases, *CODES of ethics, *INTERNATIONAL relations, *LONGITUDINAL method, *PATIENT-centered care, *COMMUNICATION, *INDIVIDUALIZED medicine, *STAKEHOLDER analysis, *REGULATORY approval, *GOVERNMENT regulation, *ACCESS to information, *BIOMARKERS
Abstract

Aims: Personalised medicine in chronic complex diseases such as rheumatoid arthritis (RA) is within reach but requires international multi-stakeholder collaboration. We exemplify how national implementations of the General Data Protection Regulation (GDPR) have introduced administrative delays and created disincentives for data sharing and collaborative research. Methods: Our Danish/Swedish/Norwegian research collaboration (the 3-year NordForsk-funded "NORA" project) aims to develop a personalised medicine approach for the management of RA, built on the exploitation of unique existing data sources: longitudinal data from clinical rheumatology registries, research cohorts, nationwide health care registries, and biobank material from >20 sample collections. Data and results are shared and accessed remotely by collaborators at secure servers. New biomarker assays and patient-centric implementations of the results are to be explored, validated, and disseminated to patients and health care via the development of digital tools. Results: Following the advice of legal experts at the involved academic or public institutions and private companies, GDPR compliance resulted in >20 legal documents to govern the collaboration (consortium-, joint controller-, research collaboration-, data sharing-, and a series of unique two-way data processing-, and material transfer agreements). Lack of agreed-upon templates, policies, procedures, and a shortage of legal resources have caused considerable delays. Thus, our research consortium has spent more time ensuring GDPR compliance than on actual research activities. Conclusions: The current interpretation and implementation of the legal premises (rather than the GDPR per se) for research collaborations caused unnecessary barriers and delays. Our experiences call for Nordic trust-based code-of-conduct-like framework agreements, and for harmonisation of procedures and templates, lest the Nordic advantage in research be lost. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

37. Broad collection of consumer data by Big Tech: exclusionary or exploitative abuse?

Author

Hutchinson, Christophe Samuel

Subjects
*PERSONALLY identifiable information, *DATA collection platforms, *ACQUISITION of data, *DATA protection
Abstract

The ability to gather and process large amounts of personal data is primarily held by a small group of companies. Some regulators, scholars, and practitioners have expressed concerns that major advertising-based platforms such as Google and Facebook may abuse their dominant position in the data market by requiring users to agree to the intensive collection of their data as a condition to the free access and use of those platforms' core services. This raises the question of whether such broad collection of consumer data should be examined by European competition authorities as a foreclosure aiming at excluding current and potential competitors from the market of consumer data or as an excessive collection of personal data having the effect of lowering user's privacy. This paper seeks to discuss this matter by examining the recent ruling in Meta by the European Court of Justice. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

38. Good decisions in an imperfect world: a human-focused approach to automated decision-making.

Author

Bacher, Bettina

Subjects
*ARTIFICIAL intelligence, *SOCIAL interaction, *GENERAL Data Protection Regulation, 2016, *DECISION making, *HEURISTIC
Abstract

Legal rules are based on an imagined regulatory scene that contains presumptions about the reality a regulation addresses. Regarding automated decision-making (ADM), these include a belief in the 'good human decision' that is mirrored in the cautious approach in the GDPR. Yet the 'good human decision' defies psychological insight into human weaknesses in decision-making. Instead, it reflects a general unease about algorithmic decisions. Against this background I explore how algorithms become part of human relationships and whether the use of decision systems causes a conflict with human needs, values and the prevailing socio-legal framework. Inspired by the concept of Human-Centered AI, I then discuss how the law may address the apprehension towards decision systems. I outline a human-focused approach to regulating ADM that focuses on improving the practice of decision-making. The interaction between humans and machines is an essential part of the regulation. It must address socio-legal changes caused by decision systems both to integrate them into the existing value system and adapt the latter to changes brought forth by ADM. A human-focused approach thus connects the benefits of technology with human needs and societal values. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

39. The diffusion of data privacy laws in Southeast Asia: learning and the extraterritorial reach of the EU's GDPR.

Author

Corning, Gregory P.

Subjects
*DATA protection laws, *DATA privacy, *GENERAL Data Protection Regulation, 2016, *POLICY diffusion, *DATA security
Abstract

The European Union's General Data Protection Regulation (GDPR) of 2016 is widely recognised as the benchmark global standard for data-privacy law. In recent years, countries across Southeast Asia have enacted or updated data-privacy laws with provisions that align with the GDPR. This paper explores the balance of internal and external forces driving these regulatory changes. It argues that a nuanced understanding of diffusion in the policymaking process allows us to see beyond the 'Brussels Effect' and how the increasing digitalistion of Southeast Asian societies has created increasing local demand for regulatory change. While an analytical focus on scripting in the drafting of GDPR-like laws focuses attention on the extraterritorial reach of the EU's regulatory power, an analytical focus on problematisation points to different pathways of domestic learning regarding data privacy, especially in response to rising data-security threats. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

40. A Grand Entrance Without a Blueprint: A Critical Analysis of the Right to Explanation in Article 86 of the European Union Artificial Intelligence Act.

Author

Nnawuchi, Uchenna and George, Carlisle

Subjects
GENERAL Data Protection Regulation, 2016, ARTIFICIAL intelligence, MACHINE learning, CRITICAL analysis
Abstract

Artificial Intelligence (AI) is already a transformative force across several industries, influencing decisions that significantly impact individuals and societies. In response to the growing need for transparency and accountability in AI systems, the European Union has introduced the Artificial Intelligence Act (AI Act), the first comprehensive regulation on AI by any regulator. This regulation, initially proposed in 2021, was updated in 2024 to expressly establish a right to explanation of AI systems in Article 86. This right aims to ensure that individuals affected by the output of AI algorithms can request an explanation to understand the rationale behind those decisions, thereby fostering trust and accountability. However, the current formulation of this right, as outlined in Article 86, has faced criticisms concerning its lack of specificity and operational clarity. This paper critiques Article 86, comparing it with analogous provisions in the General Data Protection Regulation 2016 and discussing its limitations, and implications for stakeholders. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

41. When AI Turns Emotion into Data: The Gaps in EU Law.

Author

Charmeil, Timothee

Subjects
AFFECTIVE computing, EMOTION recognition, DATA privacy, ARTIFICIAL intelligence, FAILURE (Psychology)
Abstract

This article critically examines the EU AI Act's attempt to regulate AI-based emotion recognition systems, a key development in the realm of emotional data and mental privacy protection. While the AI Act includes provisions specifically addressing emotion recognition, it falls short of providing meaningful safeguards. The AI Act not only offers limited protection against certain types of emotion recognition systems but also inadvertently legitimises emotional data use that verges on manipulation. Given the AI Act's failure to adequately protect emotional privacy, this article explores the protective capacity of the GDPR with respect to emotional data. While the GDPR offers some welcome safeguards, it remains insufficient in addressing the unique risks posed by emotion recognition technologies. Against this backdrop, the article advocates for a novel legal approach: a complete prohibition of emotion recognition systems for non-medical purposes, alongside a nuanced taxonomy regulating their use in medical contexts. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

42. Biobank consent under the GDPR: are potential sample donors informed about all lawful uses of biobank data?

Author

Kaaya, Emmi

Abstract

This paper analyses the information disclosures in two biobank consent documents used by biobanks operating under the General Data Protection Regulation (GDPR). The aim of the analysis is to investigate how these documents inform potential sample donors about possible future uses of biobank data. The findings suggest that the consent documents provide potentially misleading information regarding the range of possible future uses of biobank data. Based on these information disclosures, potential sample donors may reasonably believe that the data can only be used for a narrowly defined range of research purposes. However, the range of lawful uses of the data is much broader and less clearly defined. Consent provided based on misleading information is not morally transformative, even if it were legally valid. To facilitate morally transformative biobank consent, this paper provides two recommendations for information disclosure to potential sample donors regarding future uses of biobank data: first, potential sample donors should be informed about the legal scope of consent; and second, they should be informed about the full range of lawful uses of biobank data. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

43. Assessing the Security of Privacy Rights and Data Protection in Albania: A Critical Analysis Within the European Legal Framework.

Author

BELLANI, Heliona MIÇO and LECI, Egla

Subjects
DATA protection, DATA security failures, GENERAL Data Protection Regulation, 2016, DATA privacy, DATA protection laws, PERSONALLY identifiable information
Abstract

This paper adopts an analytical approach to the regulation of the right to privacy within the normative foundations of the European Union's General Data Protection Regulation (GDPR), offering a comparative perspective with the Albanian legal framework. The paper elucidates the reasons that led to the enforcement of the GDPR and delves into the challenges arising in the field of data protection due to technological advancements. The comprehension of the GDPR approach will serve as a benchmark for comparing the progress of the implementation of data protection in Albania. This discussion will underscore the ongoing process of legislation harmonization with the EU 'Acquis communautaire', aiming to pinpoint potential disparities between the General Data Protection Regulation (GDPR) and the Albanian Law on Data Protection. The paper will scrutinize various data protection breaches occurring from 2021 to 2022 in Albania, events that cast doubt on the legal framework concerning the right to privacy and its practical implementation. These instances of data breaches illuminate the challenges within the legal framework and its execution, underscoring the vulnerability of the state in the face of technological advancements. This emphasizes the imperative for proactive measures to enhance the protection of personal data and the right to privacy. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

44. BIG DATA AND THE DETERIORATION OF CONSENT PRINCIPLE TO PROTECT HEALTH DATA PRIVACY IN MALAYSIA.

Author

Manap, Nazura Abdul, Ab Rahman, Mohd Rizal, and Farah Atiqah Salleh, Siti Nur

Subjects
DATA privacy, DATA protection, GENERAL Data Protection Regulation, 2016, BIG data, ELECTRONIC data processing
Abstract

Copyright of Malaysia Journal Syariah & Law is the property of Universiti Sains Islam Malaysia (USIM) and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published
2024
Full Text
View/download PDF

45. Designing for transparency: a web job board for e-recruitment to explore job seekers’ privacy behaviours.

Author

Boldi, Arianna, Silacci, Alessandro, Rapp, Amon, and Caon, Maurizio

Subjects
*DATA privacy, *PROTOCOL analysis (Cognition), *EMPLOYEE selection, *JOB hunting, *WORK design
Abstract

Possible side effects of using web job boards in the e-recruitment context, such as candidates dropping out from the hiring process, may emerge if these tools are not transparent about data usage, collection, and processing. In response, we developed a novel web job board designed to enhance transparency, simulating a job-matching recommender system. A qualitative study with 20 Italian participants, combining direct observation of the job board use with the Thinking Aloud protocol and interviews, examines participants’ privacy behaviours in terms of data disclosure and seclusion. Findings indicate a general willingness among participants to share personal data, except for information related to their identity. We found that both the design of the job board and the meanings ascribed by participants to data shaped their privacy behaviours. Features enhancing user understanding of data usage and control of privacy settings were positively received, underscoring the importance of design in fostering thoughtful engagement with job board technologies. We contribute to research on privacy behaviours in the context of job search and we draw suggestions from the study findings on how to design platforms that support data protection and allow safe and purposeful disclosure of personal data, sustaining job seekers throughout the recruitment process. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

46. Streamlit-based enhancing crop recommendation systems with advanced explainable artificial intelligence for smart farming.

Author

Akkem, Yaganteeswarudu, Biswas, Saroj Kumar, and Varanasi, Aruna

Subjects
*ARTIFICIAL intelligence, *RECOMMENDER systems, *AGRICULTURE, *SUSTAINABILITY, *MACHINE learning
Abstract

The main objective of this paper is to clarify the importance of explainability in the crop recommendation process and provide insights on how Explainable Artificial Intelligence (XAI) can be incorporated into existing models successfully. The objective is to increase the definition and transparency of the recommendations implemented by AI in smart agriculture, leading to a detailed analysis of the synchronization between crop recommendation systems and XAI that informs decisions as it has sustainable knowledge and practices in modern agriculture. It reviews state-of-the-art XAI techniques such as local interpretable model-agnostic interpretation (LIME), SHapley interpretation additive approach (SHAP), integrated gradients (IG), and level-wise relevance propagation (LRP). It focuses on interpretable models and critical features analysis, and XAI methods are discussed in terms of their applications, critical features, and definitions. The paper found that XAI methods such as LIME and SHAP can make AI-driven crop recommendation systems more transparent and reliable. Graphical techniques such as dependency plots, summary plots, waterfall graphs, and decision plots effectively analyze feature importance. The paper includes counterfactual explanations using dice ml and hearing with advanced techniques combining IG and LRP to provide in-depth narrative model behavior. The novelty of this study lies in a detailed investigation of how XAI can be incorporated into crop recommendation systems to address the "black box" nature of AI models. It uses a unique XAI technique and model approach to make AI-driven recommendations more meaningful and practical for farmers. The proposed systems and techniques are designed to consume agriculture, addressing the specific needs of intelligent systems, making this research a significant contribution to agricultural AI. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

47. Examining generative image models amidst privacy regulations.

Author

Ismael, Hannah

Subjects
*GENERATIVE artificial intelligence, *ANTITRUST law, *COPYRIGHT, *ARTISTS, *DATA analysis
Abstract

As diffusion models emerge as a new frontier in generative AI, requiring vast image databases as their inputs, the question arises: how should regulators approach policies concerning the collection and utilization of these images? Though generative image models currently interpret the data they scrape as public, regulatory bodies have yet to confirm this as a viable understanding. This paper explores the current public/personal distinction of data as well as the respective legal standards for both categories in both the American and European context. This paper acts as a guide for regulators seeking to understand monopolization and privacy implications of confirming the validity of using open sourced images versus imagining a reality of curated or licensed datasets amidst outrage from artists over a breach of an expectation of collection/use to their artwork. Though arguments have been made regarding using copyright to protect artists, this paper seeks to explore other pathways for regulating generative image models under our current conceptual frameworks of privacy. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

48. General data protection regulation: a study on attitude and emotional empowerment.

Author

Marikyan, Davit, Papagiannidis, Savvas, Rana, Omer F., and Ranjan, Rajiv

Subjects
*MEDICAL ethics laws, *RIGHT of privacy, *DATA security laws, *MEDICAL protocols, *POLICY sciences, *CROSS-sectional method, *SCALE analysis (Psychology), *SELF-efficacy, *RESEARCH funding, *GOVERNMENT policy, *CRONBACH'S alpha, *ATTITUDES toward computers, *DATA security failures, *QUESTIONNAIRES, *PUBLIC opinion, *EMOTIONS, *STRUCTURAL equation modeling, *PSYCHOLOGICAL adaptation, *CONFIDENCE, *MULTIVARIATE analysis, *DESCRIPTIVE statistics, *CHI-squared test, *SURVEYS, *SOCIODEMOGRAPHIC factors, *DATA analysis software, *DISCRIMINANT analysis, RESEARCH evaluation
Abstract

Over the last few years, digitalisation has accelerated its pace, fuelling the creation of a massive amount of data. This has resulted in a need to introduce legal mechanisms to protect the privacy and security of data being exchanged between people and organisations. However, little is known about the individuals' perspective on such mechanisms. Given the gap in the literature, this research investigated the drivers and the implications of individuals' attitude towards GDPR compliance. To test the research model, structural equational modelling was employed using 540 responses. The result showed that perceived threat severity, self-efficacy and response efficacy determine a positive attitude towards GDPR compliance, which results in emotional empowerment. The findings contribute to the literature on legal privacy-preserving mechanisms, by providing a user's view on the coping and threat appraisal factors underpinning attitude and demonstrating the implications for driving confidence in control over personal data. The findings also contribute to the literature on protection motivation by demonstrating that attitude towards adaptive behaviour drives emotional empowerment. The study offers suggestions to policymakers on how to enhance public perception of the GDPR. The findings also provide guidelines for organisations on how to inform individuals' understanding of compliance with the legal framework. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

49. An effective cloud computing model enhancing privacy in cloud computing.

Author

Chawki, Mohamed

Subjects
*DATA privacy, *GENERAL Data Protection Regulation, 2016, *TECHNOLOGICAL innovations, *GEOGRAPHIC boundaries, *CLOUD computing
Abstract

Cloud computing revolutionizes global software, system, infrastructure, and storage accessibility, offering flexibility and cost-effectiveness. This paper explores the pivotal intersection of cloud computing and privacy, presenting a model to enhance cloud privacy. Beginning with an insightful introduction, the paper conducts a comprehensive exploration. A meticulous literature review addresses data privacy intricacies in the cloud context. The study navigates international dimensions of personal data processing, revealing global implications beyond geographical boundaries. Delving into cloud computing's impact on user privacy, it emphasizes the delicate balance between convenience and safeguarding sensitive information. The examination of inherent cloud computing challenges, both technical and legal. A deep dive into recent privacy concerns is complemented by dissecting legal challenges, emphasizing the General Data Protection Regulation's (GDPR) far-reaching impact on the cloud industry. Contributions include a legal and technological overview, technologies for privacy protection, and a global legal framework. The paper identifies challenges and offers information on resolving legal intricacies. Proposed strategies provide a roadmap for industry stakeholders to ensure compliance and mitigate risks. The manuscript concludes with a future perspective on cloud computing's evolving landscape, offering insights into shaping technological advancements. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

50. An Assessment on Innovator's Ability for Consent-Free Health Data Reuse, In the Context of the GDPR and EHDS: The Netherlands Case Study.

Author

Afra, Maryam

Subjects
*PUBLIC interest, *RESEARCH personnel, *GENERAL Data Protection Regulation, 2016, *PRIVATE companies, *PRIVATE sector
Abstract

Considering the difficult procedure of obtaining consent, consent-free health data reuse is believed to be one major contributor towards the creation of thriving health innovation ecosystem. While classic researchers are supported by the GDPR to reuse health data without consent, the innovator's situation remains unclear, and this uncertainty continues to exist upon the introduction of the EHDS. To shed light on grey areas, positions of GDPR and EHDS on the ability of innovators for consent-free health data reuse were assessed. The study concludes that, while academicians are able to reuse health data without consent, a private company's ability has been impeded by individual member states' deviations from Article 9(2) GDPR. Furthermore, in contracts to EHDS (2022) which appeared in favour of innovators through the elimination of consent mechanism, EHDS (2024) with the inclusion of opt-out mechanism, and exclusion of private sector bodies from the Article 35(f), has negatively affected private companies. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

Catalog

Books, media, physical & digital resources
See catalog results