Your search keyword '"GENERAL Data Protection Regulation, 2016"' showing total 2,807 results

1. Governing Engels' Pause: AI and the World of Work in Germany.

Author

Özkiziltan, Didem

Subjects

ARTIFICIAL intelligence, BUREAUCRACY, DATA protection, GENERAL Data Protection Regulation, 2016, ELECTRONIC commerce

Abstract

This article examines the impact of artificial intelligence (AI) on the labor market in Germany. It raises concerns about job displacement and wealth disparities, comparing the situation to the historical "Engels' pause" during the Industrial Revolution. While Germany has not yet seen significant wealth inequalities due to AI, there is evidence of an AI-induced Engels' pause, with digital skills becoming increasingly important and AI adoption in the workplace increasing. The article also discusses the challenges faced by migrant workers, power imbalances, and Germany's regulatory approach to AI in the workplace. It highlights the upcoming EU Platform Work Directive and the differing interests of employers' organizations and trade unions in governing AI-driven tools. The potential impacts of AI on labor markets, including inequality and precarious work, are also explored. The article concludes by emphasizing the need for strong policy interventions to address socioeconomic challenges and promote fairness and inclusion in the digitalized world of work. [Extracted from the article]

Published

2024

2. Negotiating about Algorithms: Social Partner Responses to AI in Denmark and Sweden.

Author

Ilsøe, Anna, Larsen, Trine Pernille, Mathieu, Christopher, and Rolandsson, Bertil

Subjects

LANGUAGE models, LABOR laws, SOCIAL media, ARTIFICIAL intelligence, GENERAL Data Protection Regulation, 2016, COLLECTIVE labor agreements

Abstract

This article provides an overview of the use of artificial intelligence (AI) in Denmark and Sweden, as well as the responses of social partners to this technology. Both countries are highly digitalized, with Denmark having a higher percentage of companies using AI compared to Sweden. Social partners in both countries have responded to technological changes through tripartite, bipartite, and unilateral initiatives. The European Union's regulations on digitalization have raised concerns among Nordic social partners. In Denmark, there have been debates and initiatives regarding AI, including the introduction of machine learning in public institutions and discussions on data ethics and ownership. Trade unions and employers' associations have negotiated collective agreements addressing digital workers' rights. In Sweden, the focus has been on sectors like manufacturing and the service sector, with concerns about job loss and re-skilling needs. The Swedish government has established commissions and allocated research funding to address the consequences of AI. Both countries emphasize bipartite agreements but also engage in tripartite measures involving the government. The implementation of EU regulations on AI is also a topic of discussion in both countries. [Extracted from the article]

Published

2024

3. Workplace AI Regulation and Worker Resistance in Korea.

Author

Kim, Sunghoon and No, Seri

Subjects

GENERATIVE artificial intelligence, LABOR organizing, ECONOMIC development projects, GENERAL Data Protection Regulation, 2016, ELECTRONIC commerce, KNOWLEDGE workers, INSURANCE company personnel

Abstract

South Korea is a technologically advanced country with a strong digital infrastructure and manufacturing sector. The government prioritizes promoting AI technology over regulating it, while workers have concerns about AI-related issues. The Korean business system is hierarchical, with the government and families playing significant roles. The country has active labor unions that have been growing recently. The government supports AI development through investments, but the effectiveness of these initiatives is debated. The regulatory framework on AI in Korea is similar to the EU's but more business-friendly in certain aspects. The text discusses the relationship between AI governance and worker mobilization, highlighting incidents that led to updates in AI regulations. It explores the unionization of knowledge workers and precarious workers subject to algorithmic control, as well as resistance against job-replacing AI-assisted manufacturing technologies. The challenges faced by labor movements and the role of social partnership are also discussed. The Korean government invests in AI technologies, while workers organize to address the challenges of the AI-driven economy. The expansion of data subjects' rights may provide gig workers with opportunities to resist algorithmic control, but the long-term impact on Korean industrial relations is uncertain. [Extracted from the article]

Published

2024

4. Varieties of AI Regulations: The United States Perspective.

Author

Litwin, Adam Seth and Racabi, Gali

Subjects

ARTIFICIAL intelligence, GENERAL Data Protection Regulation, 2016, EMPLOYMENT policy, DATA privacy, TECHNOLOGICAL unemployment, COLLECTIVE labor agreements

Abstract

This article provides an overview of the regulation of artificial intelligence (AI) in the workplace, with a specific focus on the United States. It explores the challenges policymakers face in promoting the benefits of AI while addressing potential harm and ensuring worker access. Concerns highlighted include the impact on workers' well-being, bias and discrimination, lack of transparency and data privacy, and job displacement. The Biden administration calls for clear governance systems, worker input in AI design and oversight, and protection of workers' rights. The article also examines how other countries approach workplace AI regulation. At the federal level, the US government aims to promote AI development while ensuring trustworthiness and equity, but faces limitations in including workers in decision-making processes. States and cities focus more on individual harms but struggle with capacity limitations and promoting collective rights. Unions can offer policy initiatives to complement traditional mechanisms. The challenge for regulators is to strike a balance between protecting workers and keeping up with AI technology advancements. [Extracted from the article]

Published

2024

5. The Early Impact of GDPR Compliance on Display Advertising: The Case of an Ad Publisher.

Author

Wang, Pengyuan, Jiang, Li, and Yang, Jian

Subjects

GENERAL Data Protection Regulation, 2016, REGULATORY compliance, INTERNET advertising, DATA protection, PERSONALLY identifiable information, CONSUMER behavior

Abstract

The European Union's General Data Protection Regulation (GDPR), with its explicit consent requirement, may restrict the use of personal data and shake the foundations of online advertising. The ad industry has predicted drastic loss of revenue from GDPR compliance and has been seeking alternative ways of targeting. Taking advantage of an event created by an ad publisher's request for explicit consent from users with European Union IP addresses, the authors find that for a publisher that uses a pay-per-click model, has the capacity to leverage both user behavior and web page content information for advertising, and observes high consent rates, GDPR compliance leads to modest negative effects on ad performance, bid prices, and ad revenue. The changes in ad metrics can be explained by temporal variations in consent rates. The impact is most pronounced for travel and financial services advertisers and least pronounced for retail and consumer packaged goods advertisers. The authors further find that web page context can compensate for the loss of access to users' personal data, as the GDPR's negative impact is less pronounced when ads are posted on web pages presenting relevant content. The results suggest that publishers and advertisers should leverage targeting based on web page content after the GDPR's rollout. [ABSTRACT FROM AUTHOR]

Published

2024

6. Privacy-preserving hierarchical federated learning with biosignals to detect drowsiness while driving.

Author

López Bernal, Sergio, Hidalgo Rogel, José Manuel, Martínez Beltrán, Enrique Tomás, Quiles Pérez, Mario, Martínez Pérez, Gregorio, and Huertas Celdrán, Alberto

Subjects

*FEDERATED learning, *DATA privacy, *GENERAL Data Protection Regulation, 2016, *STOCKS (Finance), *FACIAL expression

Abstract

In response to the global safety concern of drowsiness during driving, the European Union enforces that new vehicles must integrate detection systems compliant with the general data protection regulation. To identify drowsiness patterns while preserving drivers' data privacy, recent literature has combined Federated Learning (FL) with different biosignals, such as facial expressions, heart rate, electroencephalography (EEG), or electrooculography (EOG). However, existing solutions are unsuitable for drowsiness detection where heterogeneous stakeholders want to collaborate at different levels while guaranteeing data privacy. There is a lack of works evaluating the benefits of using Hierarchical FL (HFL) with EEG and EOG biosignals, and comparing HFL over traditional FL and Machine Learning (ML) approaches to detect drowsiness at the wheel while ensuring data confidentiality. Thus, this work proposes a flexible framework for drowsiness identification by using HFL, FL, and ML over EEG and EOG data. To validate the framework, this work defines a scenario of three transportation companies aiming to share data from their drivers without compromising their confidentiality, defining a two-level hierarchical structure. This study presents three incremental Use Cases (UCs) to assess detection performance: UC1) intra-company FL, yielding a 77.3% accuracy while ensuring the privacy of individual drivers' data; UC2) inter-company FL, achieving 71.7% accuracy for known drivers and 67.1% for new subjects, ensuring data confidentiality between companies but not intra-organization; and UC3) HFL inter-company, which ensured comprehensive data privacy both within and between companies, with an accuracy of 71.9% for training subjects and 65.5% for new subjects. [ABSTRACT FROM AUTHOR]

Published

2024

7. European Court of Justice.

Author

Nys, Herman

Subjects

*DATA protection, *DATA protection laws, *STATE laws, *GENERAL Data Protection Regulation, 2016, *LOCATION data, *ANTITRUST law, *INTELLECTUAL disabilities

Abstract

The European Court of Justice issued a judgment on the processing of data concerning health in the context of online marketing of pharmacy-only medicinal products. The case involved a dispute between two pharmacy operators regarding the processing of customer data on an online platform. The Court clarified that personal data entered by customers when ordering pharmacy-only medicinal products online constitutes data concerning health, even if the products do not require a prescription. The judgment emphasized the broad interpretation of data concerning health to ensure a high level of protection for individuals' fundamental rights and freedoms. [Extracted from the article]

Published

2024

8. ПРОЗОРІСТЬ ТА ЗГОДА ЯК ОСНОВНІ ПРИНЦИПИ ЗАХИСТУ ПЕРСОНАЛЬНИХ ДАНИХ В УКРАЇНІ.

Author

Н. Т., Головацький

Subjects

GENERAL Data Protection Regulation, 2016, DATA protection, PERSONALLY identifiable information, ELECTRONIC data processing, TRUST, INFORMATION resources management

Abstract

The rapid digitization of the modern world has led to an increase in the collection and processing of personal data. The principles of transparency and consent have become crucial for citizens to understand how their data is being used and to be able to give their voluntary consent to its processing. Ukraine is actively adapting its legislation to EU standards in the field of personal data protection. In particular, the General Data Protection Regulation (GDPR) affects approaches to data collection and processing. Examining transparency and consent in the context of these changes can help identify which aspects of the law need special attention. Citizens are becoming increasingly cautious about who they trust with their data. This article analyzes and evaluates the role and impact of the principles of transparency and consent on the effective mechanism of personal data protection in Ukraine, taking into account modern technological and legislative challenges. Studying these principles demonstrates their importance and relevance in today’s digital society. The principle of transparency determines the need for accessible and understandable information for data subjects regarding the processing of their data. Openness is a fundamental requirement for maintaining trust between organizations and citizens. Providing the ability to control and regulate their data allows data subjects to play a more active role in the processing and use of their personal data. The principle of consent, in turn, emphasizes the voluntary and informed nature of consent to data processing. The consent of the data subject determines the basis for the legal processing of personal data, ensuring harmony between the rights of citizens and the interests of organizations. As technology advances and legislation changes, transparency and consent become even more important aspects. They help build trust between organizations and citizens, ensure responsible use of personal data, and empower individuals to control their own information. [ABSTRACT FROM AUTHOR]

Published

2024

9. Secure semi‐automated GDPR compliance service with restrictive fine‐grained access control.

Author

Hashem Eiza, Max, Thong Ta, Vinh, Shi, Qi, and Cao, Yue

Subjects

*GENERAL Data Protection Regulation, 2016, *ACCESS control, *PERSONALLY identifiable information, *DATA protection, *DATA security failures

Abstract

Sharing personal data with service providers is a contentious issue that led to the birth of data regulations such as the EU General Data Protection Regulation (GDPR) and similar laws in the US. Complying with these regulations is a must for service providers. For users, this compliance assures them that their data is handled the way the service provider says it will be via their privacy policy. Auditing service providers' compliance is usually carried out by specific authorities when there is a need to do so (e.g., data breach). Nonetheless, these irregular compliance checks could lead to non‐compliant actions being undetected for long periods. Users need an improved way to make sure their data is managed properly, giving them the ability to control and enforce detailed, restricted access to their data, in line with the policies set by the service provider. This work addresses these issues by providing a secure semi‐automated GDPR compliance service for both users and service providers using smart contracts and attribute‐based encryption with accountability. Privacy policies will be automatically checked for compliance before a service commences. Users can then upload their personal data with restrictive access controls extracted from the approved privacy policy. Operations' logs on the personal data during its full lifecycle will be immutably recorded and regularly checked for compliance to ensure the privacy policy is adhered to at all times. Evaluation results, using a real‐world organization policy and example logs, show that the proposed service achieves these goals with low time overhead and high throughput. [ABSTRACT FROM AUTHOR]

Published

2024

10. Dark patterns: EU's regulatory efforts.

Author

Herman, Johanna

Subjects

*DATA privacy, *GENERAL Data Protection Regulation, 2016, *ARTIFICIAL intelligence, *CONTRACTING out, *DATA security

Abstract

In a world where technology is rapidly advancing, regulation of dark pattern practices has become a topic of increasing importance. Society has become somewhat desensitized to these deceptive online practices that manipulate users into taking actions, which are not in their best interests, such as difficulty unsubscribing from a service, prominence of consent buttons, and countless other advanced tactics to obscure transparency. However, these ongoing practices harm both the individual user, and society in general, by impeding informed decision‐making. This Article addresses the European Union's leading efforts to tackle dark pattern practices, and in particular, addresses the numerous legislative acts which have been enacted to regulate and eliminate them. The acts explored in this Article include the General Data Protection Regulation, the Uniform Commercial Practices Directive, the Data Act, the Digital Markets Act, the Digital Services Act, the Amendment to the Directive on Financial Services Contracts Concluded at a Distance, and the Artificial Intelligence Act. This Article then discusses the interplay between the numerous acts, and the resulting ambiguities and overlap which have led to a level of regulatory redundancy. This Article examines not only the difficulty in interpretation of the various acts, but additionally, explores the issues which arise in implementation from a jurisdictional perspective. Further, this Article suggests potential solutions to address the fragmented legislation, including a hybrid form of harmonization, as well as methods for consolidation and centralization. [ABSTRACT FROM AUTHOR]

Published

2024

11. An effective cloud computing model enhancing privacy in cloud computing.

Author

Chawki, Mohamed

Subjects

*DATA privacy, *GENERAL Data Protection Regulation, 2016, *TECHNOLOGICAL innovations, *LITERATURE reviews, *GEOGRAPHIC boundaries, *CLOUD computing

Abstract

Cloud computing revolutionizes global software, system, infrastructure, and storage accessibility, offering flexibility and cost-effectiveness. This paper explores the pivotal intersection of cloud computing and privacy, presenting a model to enhance cloud privacy. Beginning with an insightful introduction, the paper conducts a comprehensive exploration. A meticulous literature review addresses data privacy intricacies in the cloud context. The study navigates international dimensions of personal data processing, revealing global implications beyond geographical boundaries. Delving into cloud computing's impact on user privacy, it emphasizes the delicate balance between convenience and safeguarding sensitive information. The examination of inherent cloud computing challenges, both technical and legal. A deep dive into recent privacy concerns is complemented by dissecting legal challenges, emphasizing the General Data Protection Regulation's (GDPR) far-reaching impact on the cloud industry. Contributions include a legal and technological overview, technologies for privacy protection, and a global legal framework. The paper identifies challenges and offers information on resolving legal intricacies. Proposed strategies provide a roadmap for industry stakeholders to ensure compliance and mitigate risks. The manuscript concludes with a future perspective on cloud computing's evolving landscape, offering insights into shaping technological advancements. [ABSTRACT FROM AUTHOR]

Published

2024

12. Minderjährige im Datenschuldrecht (Teil 1): Grundlagen des Zusammenspiels von Minderjährigenschutz, Verbrauchervertragsrecht und Datenschutz.

Author

Stürner, Michael and Nolteernsting, Katja

Subjects

*GENERAL Data Protection Regulation, 2016, *DATA protection laws, *CONTRACTS, *CONSUMER contracts, *PERSONALLY identifiable information, *CONSUMER law

Abstract

The article "Minors in Data Protection Law (Part 1): Basics of the interaction between minor protection, consumer contract law and data protection" deals with the legal foundations of the interaction between minor protection, consumer contract law and data protection in the context of "paying with data". It discusses the importance of minor protection in the German Civil Code, consumer contracts for digital products, and the General Data Protection Regulation (GDPR). The article sheds light on how minors can effectively "pay" with their data and how the various regulatory areas interact within the European multi-level system. [Extracted from the article]

Published

2024

13. Data privacy regulation and cross-border e-commerce.

Author

Yan, Jing

Subjects

DATA privacy, CROSS-border e-commerce, GENERAL Data Protection Regulation, 2016, TRADE regulation, DIGITAL technology

Abstract

The rise of big data in the global economy has altered the ways in which firms do international business. The digital revolution has also changed how international business is regulated. Personal information protection is one of the new challenging regulatory issues. In this study, we build a framework to discuss how data privacy regulation affects cross-border e-commerce. We show that data privacy regulation has four effects: the web traffic effect, the data collection effect, the advertising effect and the data sharing effect, all of which negatively affect cross-border e-commerce. We also demonstrate the heterogenous effects of data privacy regulation. Specifically, we argue that data privacy regulation has a stronger cross-border e-commerce reduction effect on countries with higher labor cost and marketing cost, and data privacy regulation has a larger negative effect on cross-border e-commerce for differentiated products than homogenous products. By empirically testing the impact of General Data Protection Regulation on cross-border e-commerce between 183 countries and European Union countries from 2015 to 2020, we confirm all the proposed hypotheses. There are few studies exploring specifically how data privacy regulation affects cross-border e-commerce. We contribute to the literatures by filling this gap. Our research results provide new insights for multinational companies and public policymakers on this globally important issue in the digital age. [ABSTRACT FROM AUTHOR]

Published

2024

14. The Encrypted Truth is Already Out There.

Author

GOLDMAN, ERIC H.

Subjects

PUBLIC key cryptography, INFORMATION technology auditing, ELECTRONIC data processing, GENERAL Data Protection Regulation, 2016, INFORMATION technology security, INTERNET forums, QUANTUM computers

Abstract

The article discusses the impact of quantum computing on current cryptographic systems and the need for organizations to prepare for the transition to quantum-safe cryptography. It highlights the risks of impersonation and forgery that may arise with quantum computing and emphasizes the importance of early awareness and education at all levels of an organization. The article also addresses the need for thorough planning, risk evaluation, and contingency plans to address potential data exposure or impersonation due to migration gaps. Additionally, it mentions the importance of understanding the implications of quantum computing on cybersecurity insurance and the need for organizations to work with insurers to ensure adequate coverage. [Extracted from the article]

Published

2024

15. The challenge of wearable neurodevices for workplace monitoring: an EU legal perspective.

Author

Muhl, Ekaterina

Subjects

GENERAL Data Protection Regulation, 2016, ARTIFICIAL intelligence, EMPLOYEE surveillance, INDUSTRIAL safety, EMPLOYEE rights

Abstract

This paper explores the emerging practice of workplace surveillance by using neurotechnologies, particularly wearable neurodevices, to monitor employees' cognitive abilities, concentration levels, and emotional responses. It aims to assess the legality of such practices within the framework of EU law, focusing on the General Data Protection Regulation (GDPR) and the EU Artificial Intelligence Act (AI Act) by providing a detailed analysis of recent EU legislation in the context of the implementation of neurosurveillance at the workplace. Furthermore, the paper discusses whether current regulations adequately address the use of neurotechnologies in the workplace or are overly restrictive. It raises the question of ensuring sufficient flexibility in the regulations to allow for legitimate implementations of neurotechnologies in the labour field for workers' safety while protecting workers' rights. Overall, the paper offers insights into the intersection of neurotechnology advancements and labour relations and stimulates critical discussion about the fair balance between innovation and workers' rights. [ABSTRACT FROM AUTHOR]

Published

2024

16. Editorial: Joining efforts to improve data quality and harmonization among European population-based cancer registries.

Author

Martos, Carmen, Giusti, Francesco, Van Eycken, Liesbet, and Visser, Otto

Subjects

GENERAL Data Protection Regulation, 2016, DATA harmonization, WEBSITES, QUALITY control, LITERATURE reviews, PANCREATECTOMY, RIB fractures

Abstract

The editorial discusses efforts to enhance data quality and harmonization among European population-based cancer registries. Population-based cancer registries play a crucial role in cancer surveillance, aiding in quantifying cancer burden, describing trends, and informing policy decisions. The editorial highlights challenges in data comparability, tools for improving data quality, and the impact of data harmonization on cancer indicators. It also emphasizes the importance of data quality in improving cancer epidemiology insights and addressing inequalities across European countries and regions. [Extracted from the article]

Published

2024

17. DESAFÍOS EN LA ESPECIALIZACIÓN PARA GESTIÓN DE DATOS DE INVESTIGACIÓN EN UN CONTEXTO ÉTICO.

Author

Belmar, Ricardo Hartley and Atenas, Javiera

Subjects

*DATA management, *DATA protection, *GENERAL Data Protection Regulation, 2016, *STANDARDS

Abstract

The Acta Bioética article from October 1, 2024 addresses the ethical and bioethical challenges in research data management in Chile, in relation to European regulations such as the GDPR and FAIR principles. The role of institutions such as La Referencia, CLACSO, and UNESCO in promoting practices aligned with European standards is highlighted. The importance of integrating responsible data management in research is emphasized, including the implementation of DPIAs in Chile to improve data protection. [Extracted from the article]

Published

2024

18. THE RIGHT TO BE FORGOTTEN REGARDING GENETIC DATA: A LEGAL AND ETHICAL ANALYSIS.

Author

Correia, Mónica, Rego, Guilhermina, and Nunes, Rui

Subjects

*RIGHT to be forgotten, *DATA privacy, *GENETIC privacy, *GENERAL Data Protection Regulation, 2016, *RIGHT of privacy

Abstract

This article investigates an under-discussed provision of the European Union's (EU's) General Data Protection Regulation (GDPR) regarding genetic data, i.e., the right to be forgotten. The debate on this right came from the commercerelated side of data protection instead of the medical side. Thus, this article addresses the implications of the RTBF for the lawful processing of familial genetic data. The article develops a normative, ethically focused principles argument about interpreting genetic data's right to be forgotten. It gives due consideration to autonomy, privacy, and human dignity. It argues that the individualistic approach of genetic privacy materialised through the extreme solution of data erasure is challenging to combine with familial and scientific research interests. The article suggests an interpretation of the GDPR according to bioethical principles and the inclusion of a specific exception regarding genetic data to prevent patients from claiming the right to be forgotten. [ABSTRACT FROM AUTHOR]

Published

2024

19. Honorarkürzung bei fehlender Anbindung eines Vertragsarztes an Telematikinfrastruktur.

Subjects

*ELECTRONIC data processing, *TELEMATICS, *GENERAL Data Protection Regulation, 2016, *PHYSICIANS, *CONTRACTS

Abstract

The article deals with the fee reduction of a contract doctor due to a lack of connection to the telematics infrastructure. The obligation to connect to the TI is considered appropriate and not as a disproportionate restriction of the medical professional freedom. The data processing during the execution of the insured person master data comparison by contract doctors complies with the requirements of the GDPR. A revision against the fee reduction was dismissed as unfounded, and the differential cost regulation according to § 106b para. 2a SGB V applies only to uneconomical prescriptions. [Extracted from the article]

Published

2024

20. Cognitive assessment: More important than ever.

Author

Cappa, Stefano F.

Subjects

*DISEASE risk factors, *ALZHEIMER'S disease, *MEDICAL personnel, *COVID-19 pandemic, *GENERAL Data Protection Regulation, 2016

Abstract

This document is a list of references from scientific articles that cover various topics related to cognitive assessment and Alzheimer's disease. The articles discuss the definition and diagnosis of Alzheimer's disease, the progression rates of mild cognitive impairment, the use of biomarkers for diagnosis, and the development of AI systems for early screening. They also explore the importance of cognitive assessment in the context of aging and the impact of the COVID-19 pandemic on teleneuropsychology. These references are valuable resources for library patrons conducting research on cognitive assessment and Alzheimer's disease. [Extracted from the article]

Published

2024

21. Collective knowledge exchange through regional hubs: Local expertise, global platform.

Author

Llamas, Camilla Alay, Guinto, Renzo, Addison, Julia, Alam, Nazmul, Amoakoh, Hannah Brown, Artola Arita, Vicente, Kolpa, Noa, Mattijsen, Juliette, Zhang, Ying, Downward, George S., and Browne, Joyce L.

Subjects

*CHIEF human capital officers, *SUSTAINABILITY, *YOUNG adults, *GENERAL Data Protection Regulation, 2016, *COVID-19 pandemic

Published

2024

22. A feasibility study of a participatory designed program for preventing cardiovascular disease in mentally vulnerable patients.

Author

Fisker Christensen, Lone, Bilberg, Randi, Birkemose, Inge, Nielsen, Anette Søgaard, Kaarsted, Thomas, Overgaard, Anne Kathrine, Sheldrick-Michel, Tanja Maria, Nielsen, Bent, and Andersen, Kjeld

Subjects

*COMMUNITY mental health services, *ALCOHOLISM, *GENERAL Data Protection Regulation, 2016, *SLEEP, *PARTICIPATORY design

Abstract

Aim: To test the feasibility of a participatory design intervention aimed at reducing the risk of cardio-vascular disease among patients suffering from alcohol use disorder (AUD) or severe mental illness (SMI). Methods: The intervention was developed by patients from the Community Mental Health Center and the Alcohol Treatment Facility in Odense, Denmark, and consisted of eight modules (health interviews, screening and treatment, introduction, diet/alcohol, physical activity, smoking, health app, and sleep problems). The intervention was tested using pre- and post-measurements of selected variables, patients' intervention attendance, and interviews and dialogue workshops at the end of the study. Results: A total of 21 out of 42 eligible patients from the Alcohol Treatment Facility and two out of 443 eligible patients from the Community Mental Health Center accepted participation in the study. The two patients from the Community Mental Health Center were not included in the analyses due to General Data Protection Regulation (GDPR). All patients accepted being screened for risk factors at inclusion, and the majority enrolled in at least one of the subsequent modules. The study indicated that the patients followed recommendations from their GPs. Conclusions: There is a great need for focus on cardio-vascular disease in patients with SMI and those with AUD. Results indicate that the intervention is feasible for patients with AUD, but due to inclusion of too few patients with SMI, nothing can be concluded for this patient group. Patients and staff in the Alcohol Treatment Facility agreed that the intervention has future perspectives. [ABSTRACT FROM AUTHOR]

Published

2024

23. How Should a Vape Shop-Based Smoking Cessation Intervention Be Delivered? A Qualitative Study.

Author

Langley, Tessa, Young, Emily, Hunter, Abby, and Bains, Manpreet

Subjects

*ELECTRONIC cigarettes, *SMOKING cessation, *SMOKING, *GENERAL Data Protection Regulation, 2016, *DATA privacy

Abstract

Introduction Encouraging smokers to quit smoking tobacco using e-cigarettes could substantially reduce smoking-related diseases. Vape shops (VS) therefore have the potential to play an important role in supporting smoking cessation. The aim of this study was to explore how to deliver a vape shop-based smoking cessation intervention in the United Kingdom. Methods Semistructured telephone interviews were undertaken with four stakeholder groups: 20 stop smoking service (SSS) providers, seven tobacco control leads, seven smokers/vapers, and five vape shop staff. Interviews were analyzed thematically. Results Stakeholder groups were positive about the idea of delivering a vape shop-based intervention. Themes that were identified were the characteristics of the intervention (duration and timing; delivery; style and content; and product provisions); barriers to the intervention (challenges for new vapers; false information; tobacco company involvement; and conflicts of interest); facilitators to the intervention (positive views on vaping; cost-effectiveness; popularity; and accessibility); and considerations for the intervention (data protection and privacy; aesthetics; and regulation and management). The results suggest that the intervention should be delivered by vape shop workers with mandatory training with the support of SSS. Most stakeholders agreed quitting vaping was not a priority, but that information on how to reduce nicotine use should be given. Concerns around privacy, General Data Protection Regulation, misinformation about vaping, and tobacco company involvement would need to be addressed. Conclusions Stakeholders agree that VS should offer stop smoking interventions and hold similar opinions on how this should be delivered. Implications This study suggests that smokers, vapers, and other key stakeholders are positive about the idea of a stop-smoking vape shop-based intervention and that they hold similar opinions on how this should be delivered. Most participants felt that this should be primarily delivered by trained vape shop staff and run with support from SSS. Participants agreed that a stop-smoking vape shop-based intervention should be flexible in terms of the type, duration, and frequency of support provided, and that the intervention should comprise both technical guidance on using a vape and behavioral support to prevent a return to smoking. [ABSTRACT FROM AUTHOR]

Published

2024

24. A study on privacy and security aspects of personalised apps.

Author

Gerasimou, Stylianos and Limniotis, Konstantinos

Subjects

*DATA protection, *GENERAL Data Protection Regulation, 2016, *DESIGN protection, *PERSONAL security, *MOBILE apps

Abstract

This paper studies personalised smart apps, from a data protection and security point of view. More precisely, having as a reference model the provisions stemming from the General Data Protection Regulation, we investigate whether such apps, whose philosophy is based on the provision of personalised services, adopt appropriate data protection techniques, focusing especially on aspects from the data protection by design and by default principles, as well as on their security features. Our analysis over ten popular such Android apps illustrates the existence of several privacy concerns, including the facts that several data processes are by default enabled without requesting users' consent, as well as that several data processes are not well justified or sufficiently transparent to the users. Moreover, interestingly enough, the apps studied are not free of known security weaknesses. [ABSTRACT FROM AUTHOR]

Published

2024

25. REGULATING THE DATA MARKET: THE MATERIAL SCOPE OF AMERICAN CONSUMER DATA PRIVACY LAW.

Author

NEWELL, BRYCE CLAYTON, PURTOVA, NADEZHDA, YOUNG EUN MOON, and PATERSON III, HUGH J.

Subjects

*DATA protection laws, *CONSUMER law, *AMERICAN consumers, *DATA privacy, *GENERAL Data Protection Regulation, 2016, *AMERICAN law

Abstract

This Article compares the material scope of several comprehensive consumer data privacy (or data protection) laws enacted recently in the United States, both with each other and with the European Union's General Data Protection Regulation ("GDPR"). Our comparative analysis covers five broad state consumer data privacy laws enacted and in effect as of the end of 2023, specifically those adopted in California, Virginia, Colorado, Utah, and Connecticut. We contrast these against each other and the GDPR. We compare how each of these laws define and scope their subject matter (e.g., what constitutes "personal data"), how they define data subjects, what amounts to data processing, and which entities are obligated to respect the data subjects' rights provided by these laws. We demonstrate how the existing state laws are more limited in most respects than the GDPR, and how their framing as consumer protection laws significantly limits their applicability and restricts their ability to adequately address the broad range of data privacy problems that confront contemporary society. Drawing on neorepublican political philosophy, we argue that most of these laws generally fail to adequately constrain commercial data markets in many contexts and that they also fail to address the problem of law enforcement agencies acquiring personal information from the commercial sector--ultimately raising concerns about domination and the potential for uncontrolled interference by both corporate and state interests in the private lives of the data subjects who ostensibly acquire rights. In the end, most of these "comprehensive" consumer data privacy laws at the state level in the United States do little to reign in corporate and state power to collect and use personal data in many contexts and represent a missed opportunity to provide much more significant protections for individual data privacy rights in the United States. [ABSTRACT FROM AUTHOR]

Published

2024

26. AS LEIS DE PROTEÇÃO DE DADOS E SUA APLICAÇÃO AO TREINAMENTO DE IA.

Author

Wesley Borges, Davi, Giammelaro Michelini, Henrique, Schultz Campos, Estevao, and Hollanda, Alciomar

Subjects

GENERAL Data Protection Regulation, 2016, DATA protection laws, ARTIFICIAL intelligence, RIGHT of privacy, COMPARATIVE law

Abstract

Copyright of Revista Foco (Interdisciplinary Studies Journal) is the property of Revista Foco and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2024

27. EU: Non-Material Damage for Data Leak Caused By Hacking.

Subjects

GENERAL Data Protection Regulation, 2016, INFORMATION technology, DATA security failures, COMPUTER laws, EXPERT evidence

Abstract

This document explores a case law in the European Union (EU) regarding a data leak resulting from hacking. It emphasizes that just because personal data is accessed or disclosed by a third party does not automatically mean that the security measures implemented by the data controller were inadequate. The document stresses the importance of assessing the appropriateness of technical and organizational measures based on the associated risks. It also discusses the burden of proof on the data controller to demonstrate the adequacy of security measures and the obligation to compensate data subjects for any damage suffered. The text further examines the interpretation of certain articles of the General Data Protection Regulation (GDPR) concerning liability for personal data breaches and the right of data subjects to access copies of their personal data. It clarifies that data controllers are generally liable for damages caused by data breaches unless they can prove otherwise. Additionally, it highlights that data subjects have the right to receive a free copy of their personal data, even if the request is not related to specific circumstances outlined in the GDPR. Furthermore, it emphasizes that data subjects have the right to obtain a faithful and understandable reproduction of their medical records, including diagnoses and treatment information. [Extracted from the article]

Published

2024

28. EU: Provider of TikTok As Gatekeeper Under Digital Markets Act.

Subjects

BUSINESS planning, DISCLOSURE, ONLINE social networks, GENERAL Data Protection Regulation, 2016, CONFIDENTIAL communications

Abstract

This article examines a case involving TikTok and its designation as a gatekeeper under the Digital Markets Act. The provider of TikTok has failed to prove the urgency of suspending this designation to protect against harm. The article discusses the alleged breach of confidentiality and concludes that being designated as a gatekeeper does not result in an irreparable breach of confidentiality. It also discusses the requirements for granting interim measures in a legal case, emphasizing the need for specific and detailed information to justify such measures. The article addresses the alleged harm caused by Regulation 2022/1925, particularly regarding the use of personal data by TikTok. The Commission disputes these arguments, stating that the harm is hypothetical and can be resolved through compensation. Ultimately, the article concludes that the application for interim measures should be dismissed. [Extracted from the article]

Published

2024

29. EU: Applicability of Data Protection Law to Parliamentary Inquiry Committee in Member State.

Subjects

DATA protection laws, COMPUTER laws, GENERAL Data Protection Regulation, 2016, CONSTITUTIONAL law, INTERNATIONAL law

Abstract

This article explores the application of data protection laws to parliamentary inquiry committees in EU member states. It argues that these committees cannot claim exemption from data protection regulations simply because they are conducted by parliamentary bodies. The article also discusses the jurisdiction of a single supervisory authority to handle complaints related to the processing of personal data by inquiry committees. It provides legal analysis and case law to clarify the interpretation of relevant EU regulations and their implications for parliamentary inquiry committees. The text emphasizes the importance of respecting the constitutional structure of member states while upholding the effectiveness of EU law. [Extracted from the article]

Published

2024

30. Prognostic factors for disease activity in newly diagnosed teriflunomide-treated patients with multiple sclerosis: a nationwide Danish study.

Author

Mahler, Mie Reith, Magyari, Melinda, Pontieri, Luigi, Elberling, Frederik, Holm, Rolf Pringler, Weglewski, Arkadiusz, Poulsen, Mai Bang, Storr, Lars Kristian, Bekyarov, Plamen Anzhelov, Illes, Zsolt, Kant, Matthias, Sejbaek, Tobias, Stilund, Morten Leif, Rasmussen, Peter V., Brask, Maria, Urbonaviciute, Inga, and Sellebjerg, Finn

Subjects

MEDICAL sciences, SEX factors in disease, GENERAL Data Protection Regulation, 2016, PROPORTIONAL hazards models, PATIENT selection

Published

2024

31. Algorithms in Digital Marketing: Does Smart Personalization Promote a Privacy Paradox?

Author

Saura, José Ramón

Subjects

SOCIAL media in marketing, DATA privacy, SEARCH engine optimization, MACHINE learning, GENERAL Data Protection Regulation, 2016

Abstract

The article discusses the evolution of digital marketing and the use of artificial intelligence (AI) algorithms in smart personalization. It highlights the benefits of personalized content in driving online sales and influencing user behavior, but also raises concerns about privacy and data usage. The article emphasizes the need for ethical practices and transparency in data collection and protection. It suggests that governments should enforce data protection laws, companies should prioritize user privacy, and users should be educated about their rights and options for controlling their data. The article also calls for interdisciplinary research collaboration and the development of privacy-preserving technologies to address the complexities of the privacy paradox. [Extracted from the article]

Published

2024

32. Data Sharing in Deutschland: Theorie, Empirie und europäische Gesetzgebung.

Author

Eger, Thomas and Scheufen, Marc

Subjects

GENERAL Data Protection Regulation, 2016, DATA protection, INFORMATION sharing, EUROPEAN law, LEGAL instruments

Abstract

Based on empirical surveys on the use and sharing of data in the German economy in 2021, 2022 and 2023, a number of current European laws, such as the General Data Protection Regulation of 2018, the Digital Markets Act of 2023, and the Data Regulation of 2024, are presented as instruments for increasing legal certainty in the transfer of data and the enforcement of protection of costly acquired data. [ABSTRACT FROM AUTHOR]

Published

2024

33. European health regulations reduce registry-based research.

Author

Brück, Oscar, Sanmark, Enni, Ponkilainen, Ville, Bützow, Alexander, Reito, Aleksi, Kauppila, Joonas H., and Kuitunen, Ilari

Subjects

*GENERAL Data Protection Regulation, 2016, *MEDICAL care research, *DATA protection laws, *DATA privacy, *DATA protection

Abstract

Background: The European Health Data Space (EHDS) regulation has been proposed to harmonize health data processing. Given its parallels with the Act on Secondary Use of Health and Social Data (Secondary Use Act) implemented in Finland in 2020, this study examines the consequences of heightened privacy constraints on registry-based medical research. Methods: We collected study permit counts approved by university hospitals in Finland in 2014–2023 and the data authority Findata in 2020‒2023. The changes in the study permit counts were analysed before and after the implementation of the General Data Protection Regulation (GDPR) and the Secondary Use Act. By fitting a linear regression model, we estimated the deficit in study counts following the Secondary Use Act. Results: Between 2020 and 2023, a median of 5.5% fewer data permits were approved annually by Finnish university hospitals. On the basis of linear regression modelling, we estimated a reduction of 46.9% in new data permits nationally in 2023 compared with the expected count. Similar changes were neither observed after the implementation of the GDPR nor in permit counts of other medical research types, confirming that the deficit was caused by the Secondary Use Act. Conclusions: This study highlights concerns related to data privacy laws for registry-based medical research and future patient care. Key Points: Given its parallels with the European Health Data Space regulation, we modelled its possible consequences for registry-based medical research using data from Finland, where the Act on the Secondary Use of Health and Social Data (Secondary Use Act) has been implemented since 2020. Adjusted for the historical trend of increasing registry-based research conducted in Finnish university hospitals, the data permit count was almost 50% lower than expected in 2023. Similar changes were not observed post-GDPR or in other medical research types. This study demonstrates how increased data privacy regulations might reduce medical research, innovations and advances in future patient care. [ABSTRACT FROM AUTHOR]

Published

2024

34. Biobanking, digital health and privacy: the choices of 1410 volunteers and neurological patients regarding limitations on use of data and biological samples, return of results and sharing.

Author

Giannella, Emilia, Bauça, Josep Miquel, Di Santo, Simona Gabriella, Brunelli, Stefano, Costa, Elisabetta, Di Fonzo, Sergio, Fusco, Francesca Romana, Perre, Antonio, Pisani, Valerio, Presicce, Giorgia, Spanedda, Francesca, Scivoletto, Giorgio, Formisano, Rita, Grasso, Maria Grazia, Paolucci, Stefano, De Angelis, Domenico, and Sancesario, Giulia

Subjects

GENERAL Data Protection Regulation, 2016, PATIENTS' attitudes, DATA privacy, BIOMATERIALS, CENTRAL nervous system

Abstract

Background: The growing diffusion of artificial intelligence, data science and digital health has highlighted the role of collection of data and biological samples, thus raising legal and ethical concerns regarding its use and dissemination. Further, the expansion of biobanking, from the basic collection of frozen specimens to the virtual biobanks of specimens and associated data that exist today, has given a revolutionary potential on healthcare systems, particularly in the field of neurological diseases, due to the inaccessibility of central nervous system and the need of non-invasive investigation approaches. Informed Consent (IC) is considered mandatory in all research studies and specimen collections, and must specifically take into account the ethical respect to the individuals to whom the used biological material and data belong. Methods: We evaluated the attitudes of patients with neurological diseases (NP) and healthy volunteers (HV) towards the donation of biological samples to a biobank for future research studies on neurological diseases, and limitations on the use of data, related to the requirements set by the General Data Protection Regulation (GDPR). The study involved a total of 1454 subjects, including 502 HVs and 952 NPs, recruited at Santa Lucia Foundation IRCCS, Rome, from 2020 to 2024. Results: We found that (i) almost all subjects agreed with the participation in biobanking (ii) and authorization to genetic studies (HV = 99.1%; NP = 98.3%); Regarding the return of results, (iii) we found a statistically significant difference between NP and HV, the latter preferring not to be informed of potential results (HV = 43%; NP = 11.3%; p < 0.0001); (iv) a small number limited the sharing inside European Union (EU) (HV = 4.6%; NP = 6.6%), whereas patients were more likely to refuse transfer outside EU (HV = 7.4%; NP = 10.7% p = 0.05); (v) nearly all patients agreed with the use of additional health data from EMR for research purposes (98.9%). Conclusions: Consent for the donation of material for research purposes is crucial for biobanking and biomedical research studies that use biological material of human origin. Here, we have shown that choices regarding participation in a neurological biobank can be different between HVs and NPs, even if the benefit for research and scientific progress is recognized. NP have a strong interest in being informed of possible results but limit sharing of samples, highlighting a perception of greater individual or relative benefit, while HV prefer a wide dissemination and sharing of data but not to have the return of the results, favoring a possible benefit for society and knowledge. The results underline the need to carefully manage biological material and data collected in biobanks, in compliance with the GDPR and the specific requests of donors. [ABSTRACT FROM AUTHOR]

Published

2024

35. Regulatory options for integrating zero-knowledge proofs into the European Digital Identity Wallet.

Author

Ramos Fernández, Raül

Subjects

*ELECTRONIC wallets, *DIGITAL technology, *BEST practices, *GENERAL Data Protection Regulation, 2016, *PERIODICAL publishing

Abstract

On 30 April, Regulation (EU) 2024/1183 amending Regulation (EU) 910/2014 as regards establishing the European Digital Identity Framework, known as eIDAS 2.0, was published in the Official Journal of the European Union. This amendment introduces zero-knowledge proof (ZKP) privacy-enhancing technologies to support two key innovations: the European Digital Identity Wallet (EUDIW) and the electronic attestations of attributes ((Q)EAA). In parallel, the European Digital Identity Wallet Architecture and Reference Framework (EUDIW ARF) provide a common set of standards and best practices for the technical implementation of eIDAS 2.0. This paper analyses how the EUDIW can rely on ZKPs since neither the eIDAS 2.0 Regulation nor the EUDIW ARF does so. We propose a software product regime for the cryptographic derivation of data in a ZKP format through three mutually compatible regulatory options: zero-knowledge issuance by default through the EUDIW, through a software product extension of the EUDIW, or a private standalone wallet. These schemes provide the legal basis for the secure use of ZKPs, ensure effective compliance with the GDPR, and contribute to the debate on the value that electronic ledgers introduced by eIDAS 2.0 bring to digital identity. [ABSTRACT FROM AUTHOR]

Published

2024

36. VwGH: Datenschutzrechtlicher Verantwortlicher für Impferinnerungsschreiben.

Subjects

*GENERAL Data Protection Regulation, 2016, *DATA protection, *ADMINISTRATIVE courts, *FEDERAL courts, *ELECTRONIC data processing

Abstract

The Administrative Court of Justice (VwGH) has ruled that the question of the legitimacy of a data protection complaint must be assessed at the level of substantive legitimacy and not at the level of procedural legitimacy. The definition of the term "controller" according to the General Data Protection Regulation (GDPR) has not changed compared to the previous provision. In the present case, it concerned data processing related to vaccination reminder letters. The Federal Administrative Court (BVwG) determined that the data protection complaint was directed against the wrong organization and should have been addressed to the regional health councilor or the collegiate body of the regional government instead. The question of whether the sending of vaccination reminder letters violates the GDPR was not clarified in this procedure. [Extracted from the article]

Published

2024

37. Operationalizing data-driven campaigning: designing a new tool for mapping and guiding regulatory intervention.

Author

Gibson, Rachel, Bon, Esmeralda, and Römmele, Andrea

Subjects

*PERSONALLY identifiable information, *POLITICAL campaigns, *POLITICAL advertising, *GENERAL Data Protection Regulation, 2016, *OPERATIONAL definitions

Abstract

Since the Cambridge Analytica scandal, governments are increasingly concerned about the way in which citizens' personal data are collected, processed and used during election campaigns To develop the appropriate tools for monitoring and controlling this new mode of "data-driven campaigning" (DDC) regulators require a clear understanding of the practices involved. This paper provides a first step toward that goal by proposing a new organizational and process-centred operational definition of DDC from which we derive a set of empirical indicators. The indicators are applied to the policy environment of a leading government in this domain – the European Union (EU) – to generate a descriptive "heat map" of current regulatory activity toward DDC. Based on the results of this exercise, we argue that regulation is likely to intensify on existing practices and extend to cover current "cold spots". Drawing on models of internet governance, we argue that this expansion is likely to occur in one of two ways. A "kaleidoscopic" approach, in which current legislation extends to absorb DDC practices and a more "designed" approach that involves more active intervention by elites, and ultimately the generation of a new regulatory regime. [ABSTRACT FROM AUTHOR]

Published

2024

38. The Interplay between the AI Act and the GDPR: Part II – Compliance Challenges for AI Systems That Use Personal Data.

Author

Drouard, Etienne, Kurochkina, Olga, Schlich, Rémy, and Ozturk, Daghan

Subjects

ARTIFICIAL intelligence, GENERAL Data Protection Regulation, 2016, DATA protection, TECHNOLOGY, DATA privacy

Abstract

This second part of the 'Interplay between AI Act and GDPR' series (collectively, 'Study'), builds upon the first part titled 'When and How to Comply with Both'. It addresses specifically the legal basis challenges for 'AI systems', 'general-purpose AI models' and 'general-purpose AI systems' ('AI system'), and in particular applicability of the legitimate interests legal basis and its impacts on data minimisation, purpose limitation / compatibility, and data subjects' rights. In the recent years, personal data protection regulators have been focusing on consent as a preferred legal basis for different technologies and specific types of processing. However, to support the development of trustworthy AI, there is a need to shift toward the legal basis of legitimate interests, though its success hinges on how regulators interpret it in the context of AI. Cooperation between AI and data privacy regulators across the EU is crucial to ensure harmonised solutions that protect data rights while fostering innovation and legal clarity. [ABSTRACT FROM AUTHOR]

Published

2024

39. AIRe 3/2024 (Vol. 1).

Subjects

ARTIFICIAL intelligence, GENERAL Data Protection Regulation, 2016, JUDICIAL process, DATA privacy, DATA protection

Published

2024

40. SHROUDED IN SECRECY - DOES THE COMITOLOGY PROCEDURE FOR GDPR ADEQUACY DECISIONS FIT ITS PURPOSE?

Author

CZERNIAWSKI, MICHAL

Subjects

DATA protection, DATA protection laws, GENERAL Data Protection Regulation, 2016, COMMERCIAL treaties, TRANSBORDER data flow, TECHNOLOGICAL progress

Published

2024

41. PEOPLE'S REPUBLIC OF CHINA AND THE ADEQUACY - WHY CHINESE DATA PROTECTION LAW IS NOT ADEQUATE WITHIN THE MEANING OF THE GDPR.

Author

PANEK, WOJCIECH

Subjects

DATA protection, DATA protection laws, GENERAL Data Protection Regulation, 2016, INFORMATION technology, DATA security laws

Published

2024

42. Putting Interests of Digital Nagriks First: Digital Personal Data Protection (DPDP) Act 2023 of India.

Author

Malhotra, Charru and Malhotra, Udbhav

Subjects

DATA protection, DATA privacy, GENERAL Data Protection Regulation, 2016, RIGHT of privacy, PERSONALLY identifiable information, DATA security laws

Abstract

The increasing application of artificial intelligence (AI) and the extensive collection, storage and analysis of personal data by service providers have heightened privacy concerns. To address unauthorised use and potential misuse of personal information, the Government of India introduced the Digital Personal Data Protection (DPDP) Act on 11 August 2023 aimed at enhancing the living standards of its digital citizens, termed as 'digital nagriks ' in this study. This research evaluates the DPDP Act's impact on digital nagriks across six sections, starting with an introduction to the necessity of privacy legislation and an overview of global privacy laws from countries like Singapore, the European Union and China. It then explores the origin and fundamental aspects of the DPDP Act, leveraging the literature to critically analyse its implications for privacy. The study presents observations on the Act's current state, recommends adjustments for balancing privacy with innovation and security and highlights the need for stronger enforcement mechanisms to protect digital nagriks effectively. It concludes that while the DPDP Act is a positive advancement, explicit exceptions in future regulations could further refine this balance. [ABSTRACT FROM AUTHOR]

Published

2024

43. What is in your cookie box? Explaining ingredients of web cookies with knowledge graphs.

Author

Bushati, Geni, Rasmusen, Sven Carsten, Kurteva, Anelia, Vats, Anurag, Nako, Petraq, and Fensel, Anna

Subjects

GENERAL Data Protection Regulation, 2016, KNOWLEDGE graphs, WEB browsers, INFORMATION sharing, COOKIES (Computer science)

Abstract

The General Data Protection Regulation (GDPR) has imposed strict requirements for data sharing, one of which is informed consent. A common way to request consent online is via cookies. However, commonly, users accept online cookies being unaware of the meaning of the given consent and the following implications. Once consent is given, the cookie "disappears", and one forgets that consent was given in the first place. Retrieving cookies and consent logs becomes challenging, as most information is stored in the specific Internet browser's logs. To make users aware of the data sharing implied by cookie consent and to support transparency and traceability within systems, we present a knowledge graph (KG) based tool for personalised cookie consent information visualisation. The KG is based on the OntoCookie ontology, which models cookies in a machine-readable format and supports data interpretability across domains. Evaluation results confirm that the users' comprehension of the data shared through cookies is vague and insufficient. Furthermore, our work has resulted in an increase of 47.5% in the users' willingness to be cautious when viewing cookie banners before giving consent. These and other evaluation results confirm that our cookie data visualisation approach and tool help to increase users' awareness of cookies and data sharing. [ABSTRACT FROM AUTHOR]

Published

2024

44. Navigating Blockchain's Twin Challenges: Scalability and Regulatory Compliance.

Author

Mohammed Abdul, Shezon Saleem

Subjects

BLOCKCHAINS, GENERAL Data Protection Regulation, 2016, GENOMICS, INTERDISCIPLINARY education, INTERNET of things

Abstract

Blockchain technology promises transformative potential across diverse sectors, facilitating innovations in areas ranging from finance to healthcare. Despite its many promising applications, several barriers—including scalability challenges, regulatory complexities, and technical hurdles—limit its widespread adoption. This systematic literature review delves into scalability enhancements and explores the legal and regulatory landscapes impacting blockchain deployment in ten key sectors: IoT, healthcare, finance, education, social media, genomics, supply chain, vehicular networks, e-voting, and tourism. These sectors were selected based on their significant engagement with blockchain technology and their prominence in the analyzed literature. We examine key technological advancements such as Layer-2 techniques, sharding, consensus algorithm optimization, and rollups, and discuss their implications for throughput, latency, and compliance with regulatory standards such as the General Data Protection Regulation (GDPR). The review details these technological and regulatory developments and discusses their broader implications for industry and academia, emphasizing the need for interdisciplinary research and innovation. By identifying gaps in current research and suggesting future directions, this study serves as a roadmap for researchers, practitioners, and policymakers to develop secure, scalable, and compliant blockchain systems. Our comprehensive examination provides valuable insights into enhancing the efficiency, security, and regulatory compliance of blockchain technology. [ABSTRACT FROM AUTHOR]

Published

2024

45. Wer ist Adressat des Art. 22 DSGVO? — Zur Abgrenzung des Entscheiders vom Verantwortlichen.

Author

Ziegenhorn, Gero

Subjects

GENERAL Data Protection Regulation, 2016, DATA protection, IDENTIFICATION cards, DECISION making

Abstract

Copyright of Computer und Recht is the property of De Gruyter and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2024

46. Schadenersatz bei Verstößen gegen die DSGVO — Aktuelle Vorgaben des EuGH und Fallgruppen in der deutschen Rechtsprechung.

Author

Piltz, Carlo and Kukin, Ilia

Subjects

DAMAGE claims, LEGAL judgments, JUDGE-made law, GENERAL Data Protection Regulation, 2016

Abstract

Copyright of Computer und Recht is the property of De Gruyter and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2024

47. Protection of Personal Data in the Context of E-Commerce.

Author

Morić, Zlatan, Dakic, Vedran, Djekic, Daniela, and Regvart, Damir

Subjects

DATA protection, ELECTRONIC commerce, DATA security, ONLINE shopping, GENERAL Data Protection Regulation, 2016

Abstract

This paper examines the impact of stringent regulations on personal data protection on customer perception of data security and online shopping behavior. In the context of the rapidly expanding e-commerce landscape, ensuring the security of personal data is a complex and crucial task. The study of several legal frameworks, including Malaysia's compliance with EU regulations and Indonesia's Personal Data Protection Law, provides valuable insights into consumer data protection. The challenges of balancing data safeguarding and unrestricted movement and tackling misuse by external entities are significant and require careful consideration. This research elucidates the pivotal role of trust in e-commerce environments and the deployment of innovative e-commerce models designed to minimize personal data sharing. By integrating advanced privacy-enhancing technologies and adhering to stringent regulatory standards such as the GDPR, this study demonstrates effective strategies for robust data protection. The paper contributes to the academic discourse by providing a comprehensive framework that synergizes legal, technological, and procedural elements to fortify data security and enhance consumer trust in digital marketplaces. This approach aligns with international data protection standards and offers a pragmatic blueprint for achieving sustainable data security in e-commerce. [ABSTRACT FROM AUTHOR]

Published

2024

48. Exploring Data Privacy and Privacy Paradox Nature of Consumers Using Block Chain Technology: Application of SLR and Bibliometric Analysis Tools.

Author

Afridi, Mohd Faisal and Kumar, Kompalli Sasi

Subjects

DATA privacy, GENERAL Data Protection Regulation, 2016, BLOCKCHAINS, TECHNOLOGICAL innovations, DIGITAL technology

Abstract

This research presents an in-depth study of blockchain technology's impact on data privacy and the consumer behaviour phenomenon known as the privacy paradox. Through a systematic literature review (SLR) and bibliometric analysis, the study delves into the effectiveness of blockchain in safeguarding personal data in an increasingly digital world. Key databases such as Scopus and Web of Science provide rich academic contributions, particularly from regions with stringent data privacy laws. The findings highlight blockchain's effectiveness in limiting unauthorised data access, boosting user control and tackling the privacy paradox, where personal information is shared despite privacy worries. Yet, it points out challenges in aligning blockchain with legal frameworks, such as General Data Protection Regulation, particularly concerning data erasure rights. The study emphasises three themes: blockchain's progression toward robust data protection, psychological aspects of the privacy paradox in consumer decisions and attitudes toward blockchain solutions. It notes gaps in standardisation, public awareness and blockchain's practical applications, alongside ethical and policy issues. Conclusively, the research stresses the need for aligning technological advancements with legal and ethical frameworks, highlighting user experience in digital technology adoption. It positions blockchain as a pivotal factor in reshaping digital privacy, advocating for continued innovation and exploration in blockchain applications to ensure a secure, user-empowering future globally. [ABSTRACT FROM AUTHOR]

Published

2024

49. Strange Bedfellows: Consumer Protection and Competition Policy in the Making of the EU Privacy Regime.

Author

Caliskan, Koray, MacKenzie, Donald, and Rommerskirchen, Charlotte

Subjects

GENERAL Data Protection Regulation, 2016, DATA privacy, DIGITAL music, CONSUMER protection, DATA protection

Abstract

How was the European Union's privacy regime built? Drawing on regime theory and carrying out qualitative document analysis, we present the evolution of the privacy regime across the three decades from the 1995 European Data Protection Directive to the 2016 General Data Protection Regulation, the 2022 Data Governance Act and finally the 2022 Digital Markets package. Our analysis focuses on the European Commission and suggests that the privacy regime emerged out of the seemingly conflicting interplay between the (digital) single market whose power draws on the network effects of expanding data resources and concerns for personal privacy that seek limiting data gathering itself. Contrary to expectations, potential tensions between competition law and consumer protection have not hindered or decelerated the formation of the regulatory regime. In fact, these tensions have proven to be surprisingly productive. [ABSTRACT FROM AUTHOR]

Published

2024

50. Dark Sides of Data Transparency: Organized Immaturity After GDPR?

Author

Schade, Frederik

Subjects

DIGITAL technology, GENERAL Data Protection Regulation, 2016, DATA protection, SOCIOTECHNICAL systems, PERSONALLY identifiable information, ELECTRONIC data processing

Abstract

Organized immaturity refers to the capacity of widely institutionalized sociotechnical systems to challenge qualities of human enlightenment, autonomy, and self-determination. In the context of surveillance capitalism, where these qualities are continuously put at risk, data transparency is increasingly proposed as a means of restoring human maturity by allowing individuals insight and choice vis-à-vis corporate data processing. In this article, however, I draw on research on General Data Protection Regulation–mandated data transparency practices to argue that transparency—while potentially fostering maturity—itself risks producing new forms of organized immaturity by facilitating user ignorance, manipulation, and loss of control of personal data. Considering data transparency's relative "successes" and "failures" regarding the cultivation of maturity, I outline a set of possible remedies while arguing for a general need to develop more sophisticated ethical appreciations of transparency's complex and potentially problematic implications for organized (im)maturity in the digital age. [ABSTRACT FROM AUTHOR]

Published

2023