EU DATA NULLIFICATION: CONFUSION AND THE RULE OF LAW

Among the key issues that big data (BD) projects will have to address are privacy and security. This chapter analyses the privacy, data protection and security issues associated with BD and discusses some key challenges associated with such issues in developing countries. A key focus is also on agriculture- and health care-related data. This chapter also promotes an understanding of the institutionalization of data privacy and security issues in developing countries. It gives special consideration to institutions at various levels that can influence cybersecurity and privacy issues in developing countries. This chapter also delves into the variation in institutionalization of cybersecurity and privacy issues across developing countries and different groups of people.

The first Workshop on Privacy and Security issues in Data Mining and Machine Learning (PSDML 2010) was organized on September 24, 2010 at Barcelona, Spain, in conjunction with the European Conference on Machine Learning and Principles and Practice of Knowledge Discovery in Databases (ECML PKDD). Privacy and security-related aspects of data mining and machine learning have been the topic of active research during the last decade due to the existence of numerous applications with privacy and/or security requirements. Privacy issues have become a serious concern due to the increasing collection and sharing of personal d ata for purposes like data publishing or data mining. This has led to the development of privacy-preserving data mining and machine learning methods. More general security considerations arise in applications such as biometric authentication, intrusion detection and malware classification. This has led to the development of adversarial learning algorithms, while parallel work in multi-agent settings and in low regret learning algorithms has revealed interesting interplays between learning and game theory. Although significant research has so far been conducted, we are still far from addressing the numerous theoretical and practical challenges that arise in this domain. Firstly, several emerging research areas in data analysis, decision making and machine learning, require new theoretical and applied techniques for the offering of privacy or security. Secondly, there is an urgent need for learning and mining methods with privacy and security guarantees. Thirdly, there is an emerging demand for security applications such as biometric authentication and malware detection. In all cases, the strong interconnections between data mining and machine learning, cryptography and game theory, create the need for the development of multidisciplinary approaches on adversarial learning and mining problems. The aim of the PSDML workshop was to bring together scientists and practitioners who conduct research on privacy and security issues in data mining and machine learning to discuss the most recent advances in these research areas, identify open problem domains and propose possible solutions. The workshop was organized along four core subjects: (a) data privacy and security issues, (b) theoretical aspects of machine learning for security applications, (c) privacy-preserving data mining, machine learning and applications, and (d) security applications of machine learning. The present special issue contains three extended papers that have been selected among the papers presented at PSDML 2010 focusing mainly on the privacy aspects of data mining and machine learning. The first paper by Manas A. Pathak and Bhiksha Raj is titled 'Efficient Protocols for Principal Eigenvector Computation over Private Data'. It presents an efficient secure multiparty computation protocol for computing the principal eigenvector of a collection of data matrices that belong to semi-honest parties, coordinated by a semi-honest arbitrator. The protocol is augmented with randomization, data padding and oblivious transfer to conceal the information which the parties can learn from the intermediate results. The authors provide an analysis of correctness, security and efficiency of the protocol together with experimental results from a prototype implementation. The second paper by Henrik Grosskreutz, Benedikt Lemmen and Stefan Ruping is titled 'Secure Distributed Subgroup Discovery in Horizontally Partitioned Data'. The paper studies the problem of subgroup discovery and presents new secure protocols which support distributed subgroup discovery on horizontally partitioned data. The authors analyze the properties of their top-1 subgroup discovery protocol and prove that it leaks only little information, namely the size of the database and the share of positive records. They also report experimental results which demonstrate the feasibility of the approach by using a prototype implementation of the protocol. The third paper by Gerald Gavin, Julien Velcin and Philippe Aubertin is titled 'Privacy Preserving Aggregation of Secret Classifiers'. This work considers a number of parties, each having its own dataset, who build a private classifier for predicting a binary class variable. The authors develop protocols which allow combining these private classifiers in a privacy-preserving way in order to improve individual predictions. The aggregation is achieved through a secure computation of linear combinations (weighed votes) over the private classifiers. The proposed protocols are shown to be correct and private against any active polynomial adversary. We believe that the selected papers are a good representative of the research in privacy aspects of data mining and machine learning. We hope that you will enjoy reading them.

The paper investigates how the two key features of GDPR (EU’s data protection regulation)— privacy rights and data security—impact personal data driven markets. First, GDPR recognizes that individuals own and control their data in perpetuity, leading to three critical privacy rights: (i) right to explicit consent (data opt-in), (ii) right to be forgotten (data erasure), and (iii) right to portability (switch data to competitor). Second, GDPR has data security mandates protection against privacy breaches through unauthorized access. The right to explicit opt-in allows goods exchange without data exchange. Erasure and portability rights discipline firms to provide ongoing value and reduces consumers’ holdup using their own data. Overall, privacy rights restrict legal collection and use, while data security protects against illegal access and use. We develop a two- period model of forward-looking firms and consumers where consumers exercise data privacy rights balancing the cost (privacy breach, price discrimination) and benefits (product personalization, price subsidies) of sharing data with firms. We find that by reducing expected privacy breach costs, data security mandates increase opt-in, consumer surplus and firm profit. Privacy rights reduce opt-in and mostly increase consumer surplus at the expense of firm profits; interestingly they hurt firms more in competitive than in monopolistic markets. While privacy rights can reduce surplus for both firms and consumers, these conditions are unlikely to be realized when breach risk is endogenized. Further, by unbundling data exchange from goods exchange, privacy rights facilitate trade in goods that may otherwise fail to occur due to privacy breach risk.

During the last 10 years, Cloud computing has become an evolving technology providing several benefits such as cost reduction and high flexibility. However, one of the main challenges related to cloud computing is related to data security and privacy. Despite this, worldwide many countries, specially developed countries have adopted cloud computing technology. In Africa, specifically in the Southern African Development Community (SADC), Mozambique is one the countries who has recently adopted cloud computing technology. However, on the contrary to countries such as Mauritius and South Africa, Mozambique still does not have a national strategy for cloud computing in place, including security and privacy issues. International organizations such as ENISA and NIST as well as ITU have published frameworks related to cloud computing adoption covering data security and privacy issues. Therefore, in this paper we first analyze the cloud computing frameworks published by these international organizations. In addition, the paper also analyses the adoption of cloud computing in developed and developing countries, such as USA, UK, Germany, Mauritius and South Africa. From these analyses, the paper presents some recommendations for Mozambique to adopt best practices and follow international frameworks related to cloud computing including data security and privacy.

Privacy concerns of smart home device (SHD) users have been largely explored but those of non-users are under-explored. The success of smart home technology comes to fruition only when concerns of both users and non-users are addressed. Understanding of non-user concerns is essential to inform the design of user-centric privacy-preserving SHDs, facilitate acceptance, and bridge the digital divide between non-users and users. To address this gap, we conducted a survey of SHD non-users and comparatively analyzed their privacy concerns with those of users.Methods: We used university email list-servs, snowball sampling and random sampling methods to recruit participants (n=91) for an IRB-approved online survey, titled ‘smart home study’. Our pre-tested questionnaire asked about SHD (non-)usage, privacy concerns (open-ended), suggestions for developers and demographics. We followed a mixed-methods approach to analyze privacy concerns (qualitative/thematic), explore non-use reasons (qualitative/thematic), compare non-users and users concerns (quantitative), and analyze design suggestions (qualitative/thematic). Results: Thematic analysis of privacy concerns of non-users (n=41) and users (n=50) by two researchers performing open-coding (Cohen’s kappa = 0.8) resulted in 17 codes. We then performed axial coding to generate three thematic areas of privacy concerns. The first theme was ‘data collection concerns’ which included five codes: recording audio/video, tracking occupancy, listening to private conversations, monitoring usage/behavior, and identity theft. The second theme was ‘data sharing concerns’ which included four codes: selling data, third party data access, leakage without consent, and marketing data. The third theme was ‘data protection concerns’ which included eight codes: hacking, data handling, protecting data, secondary use, aggregation, data abuse, data loss, and fraud. The three privacy concerns themes belong to the personal communication and personal data privacy dimensions of privacy. Chi-square test between non-users and users showed the privacy concerns of non-users differed significantly (X2=8.46, p<0.05) from users. Non-users reported higher level of concerns in data collection and data protection themes than those of users (46% vs 24% and 34% vs 30% respectively). However, non-users reported fewer concerns in the data sharing theme than those of users (15% vs 28% respectively).Most non-users reported their non-use reason to be privacy concerns (68%). Other non-use reasons included lack of interest in SHDs (32%), cost (22%), lack of perceived usefulness (12%), insecurity or potential of hacking (10%), and perceived difficulty of usage (7%).The thematic analysis of participants’ suggestions for developers resulted in four main themes: (a) data anonymization and minimization, (b) data protection and security, (c) transparent data use policies, and (d) user-centric practices. Based on our findings, we recommend that developers address the data collection and data protection concerns to allow SHD non-users to consider using them. In addition, we recommend addressing data sharing concerns to retain trust of current users. We discuss some guidelines in the paper.Conclusion: This paper contributes by eliciting SHD non-user privacy concerns and provides insights on addressing the concerns, which will be useful for developers towards the design of user-centric privacy-preserving SHDs.

From inception, the electronic patient record has raised issues of data protection and patient confidentiality. These privacy issues have become more complicated with the introduction of electronic links to patient information held in databases sited on local and wide area networks. The first purpose of this paper is to review, from the provider's perspective, the issues surrounding patient confidentiality, data security, and consequential provider liabilities. The second is to propose possible immediate strategies and long-term solutions. Clinical procedures in diabetes practice create patient data from confidential information. This information is owned by the patient, received by the provider, enriched by a professional interpretation, and merged with other data into health records. Ownership, privacy, accountability, and responsibility issues are raised. Consequential data security and patient privacy are easily met by storage in a locked box or file cabinet. Conversion of such records into digital data in databases on local and wide area networks markedly increases the provider's exposure to liabilities. Current methods for securing remote data exist. These involve user authentication and secure transmission, but remote data storage is far less secure than a locked box. New tools for the secure storage of patient data are outlined. These involve encryption and decryption by the provider alone. A suite of computer protocols is presented that can restore security equivalent to a "locked box" and thus reduce liabilities for the provider. Providers should protect the privacy of their patients by encrypting all data that are stored in remote repositories. The tools to do this are urgently needed. A standardized digital protocol for verifying user identities, preserving patient confidentiality, and controlling data security by encryption will fully mitigate provider liabilities. Standardization and economies of scale promise future cost containment.

With the continuous emergence of smart cities around the world, not only the economic development has been improved, but also the convenience of people's life has been improved. However, in the construction of smart cities, a large number of data references have been leaked, causing people to panic about privacy information. Firstly, this paper summarizes the security and privacy issues in smart city based on the literature about smart city and then summarizes the classification, characteristics and applications of blockchain applied in smart city. Finally, according to the wisdom of the city construction, according to the data acquisition, recording, and analysis of the privacy and security issues of wisdom city in the future were brought forward the research question, research methods in data security and data privacy, and data security and privacy protection for the study of wisdom city provided an important research direction, to fill the gaps in this field.KeywordsNetworkingCryptographicBlockchainPrivacySmart city

Almost every nation in the world, including Bangladesh, has seen remarkable growth in internet use over the previous decade. It is a good sign but not safe because the users are concerned about their data security. Generally, it can be said that internet users love to share the information they like the most without any sort of thought. This article aims to find out the university students' attitudes and awareness regarding data privacy and cybersecurity. More specifically, the researcher conducted an online survey using Google Form to apprehend the level of understanding and practice regarding data security among the students of the University of Chittagong, a state-owned university in Bangladesh. A semi-structured questionnaire was used to obtain the data needed to meet the aims. The data analysis was carried out using SPSS, version 25. Participants in this research were 180 students from three distinct faculties at the University of Chittagong in Bangladesh. Through the analysis of the survey findings, the researcher hopes to measure the respondents' knowledge, skills, and attitudes towards digital technology and its privacy issues. This article also aims to check the target audience's cybersecurity awareness and willingness to practice it personally. Every day, the dependence on internet use increases proportionately with the rise of ICT and digital platforms. It has become essential to understand data privacy and cybersecurity issues in this age of cutting-edge technology. As a result, the researcher chose university-level students to assess their cybersecurity and data protection awareness and practice while using digital technologies in their daily lives.

General Data Protection Regulation (GDPR)—the European Union’s data protection regulation—has two key principles. It recognizes that individuals own and control their personal (but not contractual) data in perpetuity, leading to three critical privacy rights, namely, the rights to (i) explicit consent (data opt-in), (ii) to be forgotten (data erasure), and (iii) portability (data transfer). It also includes data security mandates against privacy breaches through unauthorized access. We study GDPR’s equilibrium impact by including these features in a dynamic two-period model of forward-looking firms and consumers. Firms collect consumer data for personalization and price discrimination. Consumers trade off gains from personalization relative to potential losses from privacy breaches and price discrimination in their purchase, data opt-in, erasure, and transfer decisions. Though data security mandates impose fines on firms for privacy breaches, firms can benefit from higher opt-in given lower breach risk. Surprisingly, data security mandates can hurt consumers. The effect of privacy rights is nuanced. Since the right to opt in separates goods exchange from the provision of personal data, it prevents market failure under high breach risk. But it also reduces consumer opt-in and personal data availability. Erasure and portability rights reduce consumers’ hold-up concerns by disciplining firms to provide ongoing value by limiting price discrimination and not slacking off on data security; but they also reduce the incentive to offer lower initial prices that encourages opt-in. Overall, privacy rights always benefit consumers in competitive markets, but they can surprisingly hurt consumers under monopoly, as monopolists have less incentives to subsidize consumer opt-in. They raise (reduce) firm profit and social welfare when breach risk is high (low). Finally, privacy rights increase firm profit most at moderate levels of data transferability. This paper was accepted by Dmitri Kuksov, marketing. Funding: T. T. Ke acknowledges financial support from the General Research Fund of the Hong Kong Research Grants Council [Grant 14500421]. Supplemental Material: The e-companion is available at https://doi.org/10.1287/mnsc.2022.4614 .

The rapid growth of digitization in the present era leads to an exponential increase of information which demands the need of a Big Data paradigm. Big Data denotes complex, unstructured, massive, heterogeneous type data. The Big Data is essential to the success in many applications; however, it has a major setback regarding security and privacy issues. These issues arise because the Big Data is scattered over a distributed system by various users. The security of Big Data relates to all the solutions and measures to prevent the data from threats and malicious activities. Privacy prevails when it comes to processing personal data, while security means protecting information assets from unauthorized access. The existence of cloud computing and cloud data storage have been predecessor and conciliator of emergence of Big Data computing. This article highlights open issues related to traditional techniques of Big Data privacy and security. Moreover, it also illustrates a comprehensive overview of possible security techniques and future directions addressing Big Data privacy and security issues.

The rapid growth of digitization in the present era leads to an exponential increase of information which demands the need of a Big Data paradigm. Big Data denotes complex, unstructured, massive, heterogeneous type data. The Big Data is essential to the success in many applications; however, it has a major setback regarding security and privacy issues. These issues arise because the Big Data is scattered over a distributed system by various users. The security of Big Data relates to all the solutions and measures to prevent the data from threats and malicious activities. Privacy prevails when it comes to processing personal data, while security means protecting information assets from unauthorized access. The existence of cloud computing and cloud data storage have been predecessor and conciliator of emergence of Big Data computing. This article highlights open issues related to traditional techniques of Big Data privacy and security. Moreover, it also illustrates a comprehensive overview of possible security techniques and future directions addressing Big Data privacy and security issues.

BIG DATA is one of the emerging domain and performing a key role under several applications like, smart city, smart grid and intelligent transportation system, etc. In order to provide the real time services, Big Data has achieved a great success on the other side its counterpart is facing lot of challenges of privacy and security. Keeping in the view of real time access and services, security and privacy issues need to be given the highest priority. Personal and professional information's of an individual or an organization are globally available through cloud storage, which attract the attacker(s) and can be misused. Social media is very active and popular among the young generation, movement of very heavy traffic is involving under social environment, smart attackers capture the personal information from social environment and may create the problems against required information. As per the literature review number of proposals is available for the above mentioned issues but there is no guarantee of data privacy and security, therefore, still lot of scope is there for optimal or sub-optimal solutions. Motive of this study is to investigate the different challenges of big data for privacy and security through Indian prospective. We have collected the existing solutions for data privacy and security, and performed a comprehensive review by including their pros and cons. Impact areas of different cyber attacks have been investigated and covered in details. This study is not only preventing the data from fraud but also interested in knowing the culprit behind this fraud/attack.

As educational institutions increasingly embrace AI technologies to enhance learning experiences, a paramount concern arises regarding the privacy and security of sensitive student data. This research paper delves into the challenges and implications associated with the integration of AI in educational platforms, focusing specifically on data privacy and security issues. The study aims to identify potential risks, assess current safeguards, and propose strategies to mitigate threats, ensuring a responsible and secure implementation of AI in education. By examining the intersection of technological advancement and privacy concerns, this research contributes to the ongoing dialogue on ethical considerations in the realm of AI-driven education transformation. Furthermore, this research endeavors to propose robust frameworks and strategies to safeguard the integrity and confidentiality of data in AI driven educational environments. By addressing these concerns head-on, we strive to contribute valuable insights to the ongoing discourse on balancing the transformative benefits of AI in education with the imperative to protect the privacy and security of all stakeholders involved.

SummaryBlockchain (BC) technology has been incorporated into the infrastructure of different kinds of applications that require transparency, reliability, security, and traceability. However, the BC still has privacy issues because of the possibility of privacy leaks when using publicly accessible transaction information, even with the security features offered by BCs. Specifically, certain BCs are implementing security mechanisms to address data privacy to prevent privacy issues, facilitates attack‐resistant digital data sharing and storage platforms. Hence, this proposed review aims to give a comprehensive overview of BC technology, to shed light on security issues related to BC, and to emphasize the privacy requirements for existing applications. Many proposed BC applications in asset distribution, data security, the financial industry, the Internet of Things, the healthcare sector, and AI have been explored in this article. It presents necessary background knowledge about BC and privacy strategies for obtaining these security features as part of the evaluation. This survey is expected to assist readers in acquiring a complete understanding of BC security and privacy in terms of approaches, ideas, attributes, and systems. Subsequently, the review presents the findings of different BC works, illustrating several efforts that tackled privacy and security issues. Further, the review offers a positive strategy for the previously described integration of BC for security applications, emphasizing its possible significant gaps and potential future development to promote BC research in the future.

The Internet of Things and blockchain technology will be the focus of this research. This study looks at issues of security and privacy. The main challenges it faces, as well as the possibility of using it to improve bitcoin transactions for businesses, are the focus points. The blockchain concept is a distributed ledger with decentralization and data that is dispersed evenly across all nodes in the chain. In terms of data security, the blockchain ensures all three components of the CIA trinity by maintaining data confidentiality, integrity, and availability. Initially, the significance of this technique was limited to crypto currency because it is a one-way function that prevents any type of record fabrication. This concept is currently widely used in medical and public health data security, and many financial institutions, such as Citi Bank, are exploring employing block chain technology to create a breakthrough in the financial realm. This research is a comprehensive review of the literature on the significance of blockchain technology, as well as the security and privacy issues that this technology now faces.