Privacy and data protection Research Papers (original) (raw)

Data protection concerns have been identified as one of the most serious barriers for the deployment and development of cloud computing. 1 There is a general lack of regulation and policy on a European (EU) level. The Data Protection... more

- by
- •
- Information Security, European Law, Privacy, Information Security and Privacy

The right to privacy is compromised on a daily basis by the commercial practices of today's information society. The Schrems case is an example of the risks of the processing of personal data on the internet. The European regulatory system for the protection of personal data cannot ensure effective protection of its citizens' information. Therefore, this article proposes a reconceptualisation of the internet by classifying it as an aspect of the environment in which people live. Although it is a virtual dimension, there is still a need to apply the rules established to protect the real habitat, such as, for example, those that recognise a specific corporate social responsibility.

- by The Italian Law Journal ItaLJ and +1
- •
- Privacy and data protection, Data Privacy, Law and Technology
- by alessandro mantelero and +1
- •
- Data Protection, Privacy and data protection

Muovendo dal fenomeno della commercializzazione dei dati personali dei consumatori, il lavoro analizza i formanti giuridici che intersecano il tema a livello nazionale ed europeo. Lo sguardo è rivolto principalmente alla disciplina in materia di protezione dei dati personali e agli istituti privatistici che possono essere invocati dinanzi alla crescente patrimonializzazione dei dati. Il cuore dell’indagine è dedicato ai modi in cui lo statuto contrattuale consumeristico può combinarsi con il sistema di data protection. In tale contesto, la maggior parte delle riflessioni sono ispirate dai rapporti tra il regolamento (Ue) 2016/679, ossia il regolamento generale per la protezione dei dati, e la direttiva 2019/770/Ue, relativa ai contratti di fornitura di contenuti e servizi digitali. Quest’ultima, infatti, giuridicizzando lo scambio «servizi/contenuti digitali contro dati personali» apre le porte ad una nuova stagione del diritto contrattuale, deputato a fronteggiare le sfide del «capitalismo della sorveglianza».

Modern biotechnologies are among the reasons explaining the new focus on the idea of human dignity in public, political and scientific discourses. Topics being debated range from assisted reproduction, cloning, genetic diagnostics and genetic intervention, neuroprosthetics, cyborgs or artificial life all the way to visions of 'transhumanism' or 'posthumanity'. With their potential for bringing about radical transformations, advanced biotechnologies are forcing the notion and boundaries of what is human to be revisited. The biological foundations of humankind are more and more accessible , can be modified in a targeted way, and thus become the object of decisions. Naturalistic self-descriptions are being questioned and replaced by forms of description which are explicitly culturally constructed. We have to rethink the very question of what it means to be human and how we are to construct human boundaries or the difference between human beings and their environment. This creates a new background for the nor-mative concepts of human rights, rights of the individual and human dignity. Through reference to the dignity of a human being and to the idea of dignity, the concept of human dignity implies notions attached to what constitutes being human. This fundamental meaning is supported by the multifarious traditions of human dignity, by its function as a key concept in interdisciplinary debates and not least by its prominent status in legal texts and discourses. Views of the role of human dignity, though, could not be more divergent. The conviction that dignity is an essential norma-tive concept is juxtaposed with criticism that it is useless, nebulous, incoherent or even reactionary.

- by Marion Albers
- •
- Internet Studies, Global Governance, Security Studies, Health Law

Conferência ao IV Congresso Interativo Virtual "Humanos Direitos Máquinas - amigos ou inimigos". Universidad Nacional de Lanús / E-Justicia Latinoamérica, Argentina. Dia 20 de novembro de 2019.
A mesma retoma a comunicação apresentada na "Nordic Conference on Legal Informatics - 2019", na Universidade da Lapónia, Rovaniemi, dia 14 de novembro de 2019.

- by Manuel David Masseno
- •
- Privacy, IT law, PERSONAL DATA PROTECTION, European Union Law

O Direito consubstancia o caminho-meio de regulação da vida em sociedade através de normas jurídicas que prescrevem o mote de condução das relações intersubjetivadas, numa senda consonante com os valores reinantes numa determinada comunidade, contexto histórico-social e desígnios ideológicos de justiça imanentes a um determinado círculo. A hodierna tríade telemática-telecomunicações e informática-sociedade de informação e ambiente ciber convolam uma enormidade de desafios legais conducentes desde logo à problemática da tipologia de governação eletrónica. É que, os fluxos de informação por de entre o ciberespaço-indubitavelmente globalizado-despoletam questões quanto ao âmbito territorial da regulação. Dir-se-á que a polivalência territorial sob a qual incidem os fluxos de informação, por de entre os diferentes modelos de governação adotados pelas entidades governamentais e empresas, e na senda de manuseio de dados indexantes à pessoa humana (in casu, respeitantes ao próprio titular dos dados pessoais), despoletam a necessidade de fixação de balizas normativas num prisma crescentemente internacional, com a jusante necessidade de recurso a fontes normativas concorrenciais ou suplementares ao direito interno. Estamos defronte um perspetivar evolutivo de um novo paradigma social, jurídico e político-administrativo, carecido de ajustamentos de entre os saberes jurídicos e a própria tecnologia, numa senda concretizadora de um verdadeiro 'Direito das Tecnologias de Informação'. Assemelha-se conveniente a simbiose diante o crescendo acesso ubíquo a um vastíssimo espectro de serviços e recursos informáticos-preconizado, a título exemplificativo, com o fenómeno da 'computação em nuvem' (em inglês, cloud computing) que materializa a possibilidade acesso, uso, armazenamento e partilha de informação entre os utilizadores na Internet. Pois bem, num perspetivar 'check & balance(ador)' entre os interesses económicos e a tutela da posição jurídica dos utilizadores emergira o artigo 35.º CRP, num clarividente enjeito protecionista quanto ao possível uso abusivo de dados ou monopolização desmedida em razão de interesses comerciais, ideológicos ou políticos. Sucede que o acesso massivo à Web, passível de controlo faccioso (refira-se), desencadeia concomitantemente inúmeros riscos ao nível da privacidade, conquanto inúmeras são as ferramentas de busca eletrónica de dados indexados direta ou indiretamente à pessoa humana. Em suma, a desmaterialização dos fluxos num ciberespaço crescentemente universal, conotado pela facilidade comunicacional de dados, dímere a questão da opção por uma 'auto' ou 'hetero'-regulação, por referência à dimensão global da rede. Refira-se, contudo, que todo um funcionamento internético deverá de ser consonante com os ditames jus-constitucionalistas da liberdade de expressão e de informação, conquanto se atém por necessário o preenchimento substantivo-normativo consonante com os quesitos do princípio da proporcionalidade, necessidade e adequação-v. para o efeito, artigo 18.º, n.º 2 da norma normarum.

- by Diogo Morgado Rebelo
- •
- Privacy and data protection

PRATA DE CARVALHO, Angelo Gamba. Transferência internacional de dados na lei geral de proteção de dados - força normativa e efetividade diante do cenário transnacional. In: FRAZÃO, Ana; TEPEDINO, Gustavo; OLIVA, Milena Donato. A Lei Geral... more

El llamado derecho al olvido como una manifestación del derecho a la protección de datos personales es una realidad insoslayable en el ámbito de la Unión Europea. Sin embargo, esta perspectiva ha generado posturas encontradas, tanto por la complejidad de su implementación como por los potenciales conflictos que podría implicar para el ejercicio de otros derechos humanos. Esto resulta de especial relevancia para aquellos países en los que el derecho de la Unión Europea ha sido un importante referente en el diseño normativo e institucional del derecho a la protección de datos personales. En ese contexto, este artículo pretende dilucidar si dadas las condiciones actuales del sistema jurídico mexicano, en el que se carece de resoluciones firmes que esclarezcan la solución, es posible adoptar el camino previamente trazado por el fallo inédito del Tribunal de Justicia de la Unión Europea. Para esos efectos, este artículo se centra en el debate generado en torno al papel de los intermediarios de Internet y en el reconocimiento del derecho a la protección de datos personales como un derecho humano.

Resumen: La reciente sentencia del Tribunal de Justicia de la Unión Europea en el asunto Google Spain y Google Inc. contra Agencia Española de Protección de Datos y Mario Costeja ha reco-nocido la responsabilidad de los motores de búsqueda en Internet y ha delimitado la aplicación territorial de la Directiva 95/46/CE, pronunciándose a favor de su aplicación en supuestos en los que la compañía que gestiona el buscador está ubicada fuera de la Unión Europea, pero tiene en un Estado miembro su fi lial para la comercialización de espacios publicitarios. Asimismo, el Tribunal de Justicia ha caracterizado el "derecho al olvido", determinando las circunstancias que el juez nacional habrá de tomar en consideración cuando realice la ponderación entre este derecho y las libertades de expresión e información. El presente trabajo analiza la normativa europea sobre privacidad vigente en la actualidad, la aplicación e interpretación de ésta realizada por el Tribunal de Justicia, así como la propuesta de adaptación o modernización redactada por la Comisión Europea-el futuro Reglamento general de Protección de Datos-. Palabras clave: derecho al olvido, privacidad, protección de datos personales, libertad de expre-sión, motores de búsqueda. Abstract: The recent judgment of the Court of Justice of the European Union in case Google Spain and Google Inc. against Spanish Data Protection Agency and Mario Costeja has established liability or responsibilities of search engines before European Law when handling personal data. The Court stated that Directive 95/46/EC applies to search engines operators if they have a subsidiary in a Member State which promotes the selling of advertising space offered by the search engine. Besides, this judgment has modeled the "right to be forgotten" and has clarifi ed the need to be balanced against other fundamental rights, such as the freedom of expression and the media-in an exercise that has to be done by national judges, in a case-by-case assessment-. This paper provides an analysis of the current European legislation on data protection and privacy, and the interpretation and application made by the Court of Justice in the case mentioned above. Finally, this paper studies the modifi cation of the European legislation that has been proposed by the European Commission-the future General Data Protection Regulation- .

This introductory chapter provides an overview of the main legal and policy implications of blockchain technology. It proceeds in four steps. First, the chapter traces the technical and legal evolution of blockchain applications since the early days of bitcoin, highlighting in particular the political ambitions and tensions that have marked many of these projects from the start. Second, it shows how blockchain applications have created new calculative spaces of financial markets that seek to challenge existing forms of money. Third, it discusses the core points of friction with incumbent legal systems, with a particular focus on the regulability of decentralized systems in general and data protection concerns in particular. Fourth, the chapter provides an outline to the contributions to the volume, which span a wide array of topics at the intersection of blockchain, law, and politics.

- by Philipp Hacker and +2
- •
- Contract Law, Competition Law, Regulation And Governance, Information Technology Law

The objective of this work was to identify if and when the services offered by OTTs can be assimilated to electronic communications services pursuant to Art. 2(4) of the EECC and, therefore, be subject to the rules introduced by the ePR. In addition, the study intended to highlight some concrete effects that the proposed Regulation, as it currently stands, would have on the digital economy.
In conclusion, it can be said that the current formulation of the Proposal does not effectively identify and resolve the complexities deriving from the nature of OTT services, which end up being subject to rules that are not consistent with the provisions and objectives of the GDPR and assimilated to electronic communications services whose definition is now obsolete in light of the innovations introduced by Internet-based services.
While the objective of the Proposal to protect the confidentiality of electronic communications remains desirable and necessary, it appears problematic that the legal basis for the processing of electronic communications data is only based (except for rare exceptions under Art. 6 of the ePR) on the consent of the user to whom the service is provided. In this sense, if the extension of the ePrivacy regulation to OTTs is maintained, it would be advisable to consider an extension of the legal bases for the processing of electronic communications data by these and other suppliers, as already provided for by Art. 6(1) and (4) of the GDPR. From this point of view, the dynamics of the digital economy (multi-sided markets and remuneration of providers, functionality of processing for the core activities of companies) lead to a reflection on the balancing of markets and data protection. Othervwise, the risk would be that of a reduction in Internet services or the introduction of paid solutions for Internet users. With regard to this last aspect, it would be useful to question the repercussions of the decision of search engines and social networks to establish prices for access to its services.

With ample regard to the scandal of Mark Zuckerberg and the inevitable leaks from media that have exposed unjust data protection processing, there is in fact, legislation in the European Union which aims to guard such from occurring. This paper focuses on how Facebook will differ come GDPR and how data protection laws in Slovakia will be transformed come May 25, 2018.

- by adam mcnally
- •
- Cyberlaw, Facebook, Data Protection, Privacy and data protection

Publicado el 21 de febrero de 2020 en La Segunda

- by Pablo Viollier
- •
- Privacy and data protection

The forced displacement and transnational migration of millions of people around the world is a growing phenomenon that has been met with increased surveillance and datafication by a variety of actors. Small humanitarian organizations that help irregular migrants in the United States frequently do not have the resources or expertise to fully address the implications of collecting, storing, and using data about the vulnerable populations they serve. As a result, there is a risk that their work could exacerbate the vulnerabilities of the very same migrants they are trying to help. In this study, we propose a conceptual framework for protecting privacy in the context of humanitarian information activities (HIA) with irregular migrants. We draw from a review of the academic literature as well as interviews with individuals affiliated with several US-based humanitarian organizations, higher education institutions, and nonprofit organizations that provide support to undocumented migrants. We discuss 3 primary issues: (i) HIA present both technological and human risks; (ii) the expectation of privacy self-management by vulnerable populations is problematic; and (iii) there is a need for robust, actionable, privacy-related guidelines for HIA. We suggest 5 recommendations to strengthen the privacy protection offered to undocumented migrants and other vulnerable populations.

- by Sara Vannini and +1
- •
- Migration Studies, Information Security and Privacy, Privacy and data protection, Data Privacy

Constitutional Guarantees of Information Privacy Protection in Light of New Technologies Development The development of new information technologies has contributed to a significant change in the methods of collection, processing and transfer of various kinds of personal data. Mass aggregation of the data and invention of cloud computing affected the flow of personal data. These developments create challenges for the privacy protection. The article contains an analysis of the constitutional standard of privacy protection, particularly with regard to the processing of personal information. Part of the article is devoted to the analysis of the permissible limitations to the right to privacy and legislative process in which those limitations are developed.

- by Katarzyna Łakomiec
- •
- Constitutional Law, Privacy, Health Law, Data Protection

The first question that will be examined in this paper is whether IP addresses should be considered personal data. Even if many jurisdictions accept IP addresses as personal data, not every legal system takes this stance. Secondly as a result of the technical process in peer-to-peer (P2P) networks users' IP addresses are visible to others users while downloading/uploading files. One could then be tempted to argue that internet users make this data (their IP addresses) publicly available when they access (P2P) networks. However, how consciously the peers reveal their IP addresses is a question that needs to be answered more categorically. Secondly, this paper will evaluate whether copyright holders’ obvious legitimate interest in enforcing copyright claims against infringers can overweight the privacy of the data subject. Overall, this paper will examine which criterion can be taken into account, in today’s digital age, when assessing the lawfulness of IP addresses processing in P2P networks. In this respect, the paper examines the 95/46/EC Directive, German Law and Swiss Law in a comparative perspective.

- by Nafiye Yücedağ
- •
- Intellectual Property, Privacy, Privacy and data protection, Data Privacy

Date of publication xxxx 00, 0000, date of current version xxxx 00, 0000.

- by Murtaza Farooque
- •
- Information Security, Privacy, Information Security and Privacy, Healthcare

This essay aims to address a general conception of what privacy is, as well as an analysis of the challenges and dangers of living without privacy and the importance of data protection against the breakdown of traditional paradigms by new technologies disruptive, concluding that cyber literacy and cyber hygiene are fundamental pillars to combat threats, disclosures, risks and vulnerabilities that could become security incidents that threaten arbitrary interference with private life.

- by Jersain Zadamig Llamas Covarrubias
- •
- Information Security, Privacy, Data Management, Cyberculture

Using remote sensing technologies to ensure environmental protection responds to the need of protection of a right and a public good and interest. However, the increasing introduction of these technologies has raised new challenges, such as their interference with the rights of privacy and personal data, which are also protected fundamental rights. In this paper the importance of remote sensing technologies as tools for environmental monitoring and environmental law enforcement is analyzed, while legal issues regarding privacy and data protection from their use for environmental purposes are presented. Existing legislation for reconciling emerging conflicts is also examined and major European Court of Human Rights (ECtHR) and Court of Justice of the European Union (CJEU) case law on the issue is approached. Finally, recent developments in Greek legislation and their application perspectives in environmental law are presented as a timely “case study”.

The integration of distributed renewable resources relies increasingly on 'smart' solutions, requiring data to schedule, control and plan the operation of distributed assets within future energy systems. Such data can include household and even personal information. Personal location data can give valuable insights with relevance for energy consumption. Movement patterns and occupancy states help with scheduling of appliances, heating loads or storage, and other applications may yet emerge. Many smart home business models rely on data for their service provision. The potential upsides from the use of personal location data are met with growing concerns over information privacy. We present results from a representative UK survey on attitudes towards location data sharing. Our findings suggest that many of the resulting service benefits are widely appreciated. However, trust in the organisations delivering them is low and may inhibit their uptake. Less than 20% of people are were willing to share their location data with an energy utility. In addition, the sense of control over location data appears low. Only 15% claim to understand who had access to their location data and 70% of participants feel that these settings are outside their control. These findings pose challenges for policy and regulation of data access. We make policy recommendations that seek to ensure smart solutions are not inhibited by a lack of public trust. In some cases this may require default settings that better match public expectations of data sharing defaults.

- by Phil Grünewald
- •
- Energy, Organizational Trust, Privacy and data protection, Location Data

The crisis generated by the emergence of the new
coronavirus and its rapid spread at global level has led states
to implement measures to prevent and combat the effects of
the pandemic. In the context in which the presence of the
virus in the human body is manifested by the increase of body
temperature, several national authorities, including the
Romanian ones, imposed on public and private entities the
obligation to organize their activity, so as to ensure, upon the
entry of the premises, the mandatory epidemiological triage
and measurement of the body temperature. In the present
study, we aim at identifying and assessing the impact of the
coronavirus pandemic on the personal data processing and
application of the GDPR Regulation provisions. The present
study highlights the types of personal data processed with the
state of emergency/alert period and seeks to define whether
or not the body temperature value may be included in the
concept of personal data. Body temperature information is
analysed by analogy with the concept of personal data, data
concerning health, biological data, and sensitive or special
data.

- by Ștefan Răzvan Tataru
- •
- Health Sciences, Epidemiology, Human Rights, Privacy
- by Silvia Martinelli
- •
- Competition Law, Privacy, Ecommerce, B2B E-Commerce

This analysis of the legal regulations for cloud computing in healthcare is based on the authors' expertise in cloud-based data processing for healthcare and life sciences organizations. The proposed implementation roadmap should help organizations govern health data processing and storage. Novel computing infrastructures and approaches are often applied to improve processes in the healthcare and life sciences domains, 1 with some approaches going as far as incorporating virtual or mixed reality 2 as well as intelligent systems. 3 Cloud computing follows a similar path and is considered one the most important developments in IT. 4 In addition to the general benefits of cloud computing, there's a wide range of specific improvements that the cloud can bring to scientific organizations—particularly in the life sciences. As shown in recent works, these improvements can materialize in the areas of learning 5 and knowledge cocreation, 6 and are inherent to IT best practices, such as service-oriented architectures, Web services, and big data. 7,8 However, security and privacy are often cited as major concerns when considering cloud computing adoption. 9 Although there are approaches that incorporate cloud computing in the context of patient data 10 and that aim to assess the general security requirements related to introducing the cloud, 11 both the research world and practitioners are still on the lookout for applicable approaches to govern cloud computing adoption in the area of healthcare. Here, we present an approach that provides guidance for organizations in the life science domain that are adopting cloud computing and other outsourced IT services. We focus on Germany, because it's a jurisdiction with elaborate and restrictive regulations with respect to data protection, particularly in the area of healthcare. 12 Overview of Legal Regulations Almost every institution within the healthcare system—from doctor's offices to hospitals to medical insurance companies—must process personal patient data, including sensitive aspects of the patient's health status. In Germany, there is a wide range of applicable regulations that govern the protection of individual rights and the " informational self-determination rights " of patients. The universally applicable Federal Data Protection Act or Bundesdatenschutzgesetz (BDSG) defines health data as a special type of personal data with legally mandated increased protection requirements (section 9, paragraph 3 of the law. The collection, processing, and use of health data is generally allowed only for the purposes of preventive medicine and medical diagnosis, care, or treatment, or for the purpose of managing and administering health services. Such data can be processed only by medical personnel or by other people who possess the same appropriate confidentiality obligations (section 28, paragraph 7 of BDSG). However, a pre-assessment of the legality of this data processing should be conducted by the company's data protection official (section 4f BDSG), Section 5). When operating IT systems that process health data, both the original organization (for example, the hospital, practitioner, or insurer) and the outsourcing company should implement appropriate technical and organizational precautionary measures, stemming from a list of eight control requirements (that is, specific areas that the organization should control with respect to information security, as noted in paragraph 9 and the related annex to paragraph 9 of BDSG. There's a similar requirement for socially related data (data that is processed in the context of social security benefits) in § 78a of the Social Codex

- by Vladimir Stantchev and +2
- •
- IT Governance, Privacy and data protection, IT Security

The idea of building safeguards for privacy and other fundamental rights and freedoms into ICT systems has recently been introduced in EU legislation as 'Data Protection by Design'. This article studies the techno-epistemic network emerging around this idea historically and empirically. We present the findings of an 'extended peer consultation' with representatives of the emerging network: policy-makers, regulators, entrepreneurs and ICT developers, but also with jurists and publics that seem instead to remain outside its scope. Standardization exercises here emerge as crucial hybrid sites where the contributions and expectations of different actors are aligned to scale up privacy design beyond single technologies and organizations and to build highly interconnected ICT infrastructures. Through the notion of 'privacy by network', we study how the concept of privacy hereby becomes reconstituted as 'normative transversal', which both works as a stabilizing promise for responsible smart innovation, but simultaneously catalyzes the metamorphosis of the notion of privacy as elaborated in legal settings. The article identifies tensions and limits within these design-based approaches, which can in turn offer opportunities for learning lessons to increase the quality of privacy articulations.

Compliance Officer e Data Protection Officer

- by Sircéia S Macedo and +1
- •
- Compliance, Privacy and data protection, Compliance officer, DPO

The article discusses the human rights implications of algorithmic decision-making in the social welfare sphere. It does so against the background of the 2020 Hague's District Court judgment in a case challenging the Dutch government's use of System Risk Indication-an algorithm designed to identify potential social welfare fraud. Digital welfare state initiatives are likely to fall short of meeting basic requirements of legality and protecting against arbitrariness. Moreover, the intentional opacity surrounding the implementation of algorithms in the public sector not only hampers the effective exercise of human rights but also undermines proper judicial oversight. The analysis unpacks the relevance and complementarity of three legal/regulatory frameworks governing algorithmic systems: data protection, human rights law and algorithmic accountability. Notwithstanding these frameworks' invaluable contribution, the discussion casts doubt on whether they are well-suited to address the legal challenges pertaining to the discriminatory effects of the use of algorithmic systems.

- by Mando Rachovitsa and +1
- •
- Artificial Intelligence, Privacy, PERSONAL DATA PROTECTION, European Convention of Human Rights

Date of publication xxxx 00, 0000, date of current version xxxx 00, 0000.

- by mansour alraja
- •
- Computer Science, Information Security, Privacy, Information Security and Privacy
- by Hüseyin Can Aksoy and +1
- •
- Privacy and data protection
- by Maeve O'Rourke and +4
- •
- Human Rights Law, Adoption, Irish Constitutional Law, Privacy and data protection

This paper aims to provide key insights into the privacy issues and internal threats that come to hamper SMEs by adopting cloud computing for their business functions. The results obtained through detailed study of reasons behind SMEs shift towards migrating to cloud computing services are both encouraging and alarming. Undoubtedly, most SMEs have gained immensely by reducing costs and being technologically at par with larger organisations. But at the same time, the level of risk associated with shifting to computing paradigms is undermined by most companies. The paper identifies the types of risks and privacy issues, while recommending greater education, awareness and sensitization on cloud computing. The need for effective corporate governance, stringent regulatory framework and empathetic technological adoption by SMEs are stressed upon to fight the darker side of an otherwise boon-to-business function of Cloud Computing.

Data Theft is a rampant crime in India. Employees steal data as it is there gratuity. As per The IT Act,2000 Data Theft is a cyber crime in India and attracts criminal as well as civil remedies. This articles discusses the law provisions... more

- by Adv Prashant Mali, Ph.D.
- •
- Privacy, PERSONAL DATA PROTECTION, Cyber crime, The Internet

Lo scritto prende in esame la questione relativa al trattamento e al trasferimento dei dati personali dei passeggeri (PNR) nel trasporto aereo, con lo scopo di combattere il terrorismo internazionale e la criminalità transnazionale.
La questione è stata molto dibattuta a livello europeo, a partire dal primo accordo tra USA-Ue nel 2004, poi abrogato dalla Corte di giustizia Ue, sino ai tempi più recenti, con l’approvazione della direttiva 681/2016 e il parere 1/15 del 2017 della Corte di giustizia sulla compatibilità tra l’accordo Ue-Canada e il vigente quadro normativo dell’Ue, successivo all’entrata in vigore del trattato di Lisbona e della Carta dei diritti fondamentali dell’Unione europea.
The article reviews the issue of processing and transfer of passenger name record (PNR) data in air transport, for purposes of fighting international terrorism and transnational crime.
The issue has been much debated at the European level, starting from the first USAEU Agreement of 2004, later annulled by the EU Court of Justice, until more recently, with the approval of Directive (EU) 2016/681 and the Opinion 1/15 of 26 July 2017 by the Court of Justice on the compatibility of the EU-Canada Agreement with the current regulatory framework of the EU, following the entry into force of the Lisbon Treaty and the Charter of Fundamental Rights of the European Union.

- by Nicola Romana
- •
- Air Transport, Privacy and data protection

Increased collaborative production and dynamic selection of production partners within industry 4.0 manufacturing leads to ever-increasing automatic data exchange between companies. Automatic and unsupervised data exchange creates new attack vectors, which could be used by a malicious insider to leak secrets via an otherwise considered secure channel without anyone noticing. In this paper we reflect upon approaches to prevent the exposure of secret data via blockchain technology, while also providing auditable proof of data exchange. We show that previous blockchain based privacy protection approaches offer protection, but give the control of the data to (potentially not trustworthy) third parties, which also can be considered a privacy violation. The approach taken in this paper is not utilize centralized data storage for data. It realizes data confidentiality of P2P communication and data processing in smart contracts of blockchains.

Tulisan ini memberikan apresiasi sekaligus catatan atau masukan atas draft RUU Perlindungan Data Pribadi. Catatan difokuskan dari perspektif kelembagaan; membadankan kewenangan pengawasan kepada independent administrative body yang dalam hal ini adalah Komisi Informasi Publik (KIP). Catatan ini juga mengingatkan bahwa rumusan norma sanksi masih bersifat pidana sentris, padahal itu berbahaya dan masih belum berkarakter keadilan restoratif.

British Airways will face record-breaking GDPR fine for suffering financial data theft of hundreds of thousands of customers. Following an extensive investigation, the UK's data privacy authority announced that it intends to impose its largest ever fine against airline British Airways (BA), for infringements of the General Data Protection Regulation (GDPR). The proposed fine-1.5 per cent of British Airways' worldwide turnover for the financial year ended 31 December 2017-is the highest-ever that the Information Commissioner's Office (ICO) has leveled at a company over a data breach: the airline will have to pay £183.39 million (204 million euros) for failing to protect its customers' data.

Data Profiling which aims to categorize people to decide their eligibility for certain services, inter alia social and economic services, where an automated decision is taken by computers based on people’s profiles. These decisions may pose risks to people’s lives without their awareness, or they might know only when negative consequences occur to them. This may rise questions regarding personal data protection when analyzing such data then categorizing it into different profiles. It also challenges the main principles of the EU Data Protection Directive in a way that makes the directive insufficient to provide protection to data subjects against such profiling risks.

- by Fady Emil
- •
- Internet Law, Patents, Copyright, Intellectual Property Law

The term "data" might be used to talk about information whicha) is being processed by means of equipment that operates automatically, b) is recorded with the intention that it should be processed using such equipment, c) is either recorded as part of an information system or with the intention that it should form part of an information system, d) is held on computer, or is intended to be held on computer, e) is related to individuals to the extent that, although the information is not processed by means of such equipment, the record is structured, either by reference to such individuals or by reference to specific attributes related to such individuals, in such a way that specific information relating to a particular individual is easily accessible. f) is recorded information held by a public authority 1 .

- by Syamantak Sen and +1
- •
- PERSONAL DATA PROTECTION, Privacy and data protection, Protection of Personal Data