Problem-based privacy analysis (ProPAn) – a computer-aided privacy requirements engineering method

Privacy regulators are embracing privacy by design as never before. This is the idea that “building in” privacy throughout the design and development of products and services achieves better results than “bolting it on” as an afterthought. In the US, a very recent FTC Staff Report makes privacy by design one of three main components of a new privacy framework. According to the FTC, firms should adopt privacy by design by incorporating substantive protections into their development practices and implementing comprehensive data management procedures; the latter may also require a privacy impact assessment (PIA) where appropriate. In contrast, European privacy officials view privacy by design as also requiring the broad adoption of Privacy Enhancing Technologies (PETs), especially PETs that shield or reduce identification or minimize the collection of personal data. Despite the enthusiasm of privacy regulators, privacy by design and PETs have yet to achieve widespread acceptance in the marketplace. One reason is that Internet firms derive much of their profit from the collection and use of personal data and may be unwilling to build in privacy if it disrupts profitable activities or new business ventures. Nor does the available evidence support the view that privacy by design pays for itself (except perhaps for a small group of firms who must protect privacy to maintain highly valued brands and avoid reputational damage). At the same time, the regulatory implications of privacy by design remain murky at best, not only for adopters but also for free riders. This Article seeks to clarify the meaning of privacy by design and thereby suggest how privacy regulators might develop appropriate incentives to offset the certain economic costs and uncertain privacy benefits of this new approach. It begins by developing a taxonomy of PETs, classifying them as substitutes or complements depending on how they interact with data protection or privacy laws. Substitute PETs aim for zero-disclosure of PII, whereas complementary PETs enable greater user control over personal data through enhanced user controls. Next, it explores the meanings of privacy by design in the specific context of the FTC’s emerging concept of “comprehensive information privacy programs.” It also examines the activities of a few industry leaders, who rely on engineering approaches and related tools to implement privacy principles throughout the product development and the data management lifecycles. Building on this analysis and using targeted advertising as its primary illustration, the Article then suggests how regulators might achieve better success in promoting the adoption of privacy by design by 1) identifying best practices in privacy design and development, including prohibited practices, required practices, and recommended practices; and 2) situating best practices within an innovative regulatory framework that a) promotes experimentation with new technologies and engineering practices; b) encourages regulatory agreements through stakeholder representation, face-to-face negotiations, and consensus-based decision making; and c) supports flexible, incentive driven safe harbor mechanisms as defined by (newly enacted) privacy legislation.

Privacy in Electronic Health Records (EHR) has become a significant concern in today’s rapidly changing world, particularly for personal and sensitive user data. The sheer volume and sensitive nature of patient records require healthcare providers to exercise an intense quantity of caution during EHR implementation. In recent years, various healthcare providers have been hit by ransomware and distributed denial of service attacks, halting many emergency services during COVID-19. Personal data breaches are becoming more common day by day, and privacy concerns are often raised when sharing data across a network, mainly due to transparency and security issues. To tackle this problem, various researchers have proposed privacy-preserving solutions for EHR. However, most solutions do not extensively use Privacy by Design (PbD) mechanisms, distributed data storage and sharing when designing their frameworks, which is the emphasis of this study. To design a framework for Privacy by Design in Electronic Health Records (PbDinEHR) that can preserve the privacy of patients during data collection, storage, access and sharing, we have analysed the fundamental principles of privacy by design and privacy design strategies, and the compatibility of our proposed healthcare principles with Privacy Impact Assessment (PIA), Australian Privacy Principles (APPs) and General Data Protection Regulation (GDPR). To demonstrate the proposed framework, ‘PbDinEHR’, we have implemented a Patient Record Management System (PRMS) to create interfaces for patients and healthcare providers. In addition, to provide transparency and security for sharing patients’ medical files with various healthcare providers, we have implemented a distributed file system and two permission blockchain networks using the InterPlanetary File System (IPFS) and Ethereum blockchain. This allows us to expand the proposed privacy by design mechanisms in the future to enable healthcare providers, patients, imaging labs and others to share patient-centric data in a transparent manner. The developed framework has been tested and evaluated to ensure user performance, effectiveness, and security. The complete solution is expected to provide progressive resistance in the face of continuous data breaches in the patient information domain.

Online health data sharing and transfer has become easier and more efficient than ever before, but at the same time this has brought about new challenges for the privacy and protection of personal data. Transfer of sensitive health as well as personal data between organizations and countries requires high level of protection and privacyand any breach in that can result in considerable damage to an organization's reputation. In spiteof existing methodologies for privacy impact assessment(PIA) for developing privacy-by-design processes, none of them combine the business as well as legal aspects for assessing the technological requirements before or during the development of privacy and security platforms. e-Authentication and e-Authorization techniques are used by various organizations to address privacy related issues. Using a combined business and legal framework in addition to existing PIAs can simplify the analysis of as-is and to-be business processes and this can be used by business or legal analysts as well as organizations to assess the privacyrequirements as well as legislations before developing service-by-design platforms . In this paper we propose a unique framework that combines business and legal aspects of any health related business process pertaining to protection and privacy of sensitive data exchange. To be able to map the privacy requirements in the context of data sharing across organizations, a general conceptual framework involving a combination of business process as well as legal components has been developed. This framework provides organizations a comprehensive approach for considering legal regulations as well as factors that may affect privacy and security of sensitive data like health data in their business processes. In this paper, we have provided an example of an as-is healthcare customer registration process for German Red Cross and how the framework can be used to assess the requirements for a to-be customer registration processin the context of European privacy laws.

Case law regularly includes personal data on identifiable persons, often of a rather sensitive nature. This makes the EU General Data Protection Regulation (GDPR) relevant. However, the processing of personal data in case law has until recently not been questioned from the point of view of data protection of the individuals concerned. The Court of Justice of the European Union has taken steps ensure such protection for individuals appearing before the courts. Sweden has chosen another path. As transparency is a highly treasured in Sweden, including transparency in the judiciary, restricting access to the full verdict is sensitive. Instead, the processing of personal data has been restricted in a certain areas, such as research. In order to fulfill the requirements for an ‘appropriate safeguard’ under Article 89 GDPR, an ethical approval is needed for all research on specific categories of sensitive personal data, with no exception for publicly-available official documents like case law. The question posed is how the interest in protection of personal data retrieved from case law can be reconciled with the interest in transparency of the judicial process. It is concluded that even though requirements for an ethical approval of legal research hardly can be seen as a relevant ‘appropriate safeguard’, it cannot be denied that there is a legitimate interest of identifiable persons in case law to have their rights in personal data at least considered. Courts should therefore be stronger in elucidating when and why transparency is of overriding importance, and when and why data protection and the interest of secrecy should prevail. Data protection, transparency, case law, official documents, secrecy, sensitive data, research exception, appropriate safeguard, ethical approval

This paper undertakes to decompose the notion of “Data Protection Impact Assessment” pursuant to the definition and the requirements set forth in Article 35 of Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter “GDPR” or the “Regulation”). The paper defines the exact circumstances under which the conduct of a Privacy Impact Assessment is mandatory and highlights the key points for a proper implementation from a procedural perspective. Throughout all the aforementioned steps, additional deliberation will be provided in order to distill the terms and conditions mentioned in the Regulation, Article 29 Data Protection Working Party (hereinafter “WP29”) and European Data Protection Board (hereinafter “EDPB” or the “Board”) guidelines and opinions. In order to achieve an efficient comprehension of the current document a good knowledge on the fundamental notions of privacy and security is required.

The EU General Data Protection Regulation (GDPR) recognizes the data subject’s consent as one of the legal grounds for data processing. Targeted advertising, based on personal data processing, is a central source of revenue for data controllers such as Google and Facebook. At present, the implementation of consent mechanisms for such advertisements are often not well developed in practice and their compliance with the GDPR requirements can be questioned. The absence of consent may mean an unlawful data processing and a lack of control of the user (data subject) on his personal data. However, consent mechanisms that do not fully satisfy GDPR requirements can give users a false sense of control, encouraging them to allow the processing of more personal data than they would have otherwise. In this paper, we identify the features, originating from GDPR requirements, of consent mechanisms. For example, the GDPR specifies that a consent must be informed and freely given, among other requirements. We then examine the Ad Consent Mechanism of Facebook that is based on processing of user activity data off Facebook Company Products provided by third parties with respect to these features. We discuss to what extent this consent mechanism respects these features. To the best of our knowledge, our evaluation of Facebook’s Ad Consent Mechanism is the first of its kind.

The interaction between patients and health providers through mobile apps can potentially improve the efficiency and quality of healthcare. But despite the advantages, the majority of mobile apps provide low or no security protection and there is a lack of security standards and guidelines to support its development with an adequate balance between availability and confidentiality. Since May 2018, this lack of security awareness and measures has to change. With the application of the new General Data Protection Regulation (GDPR), the European residents' personal data processing by third parties will be stricter and more controlled. On the way to understanding how GDPR affects the content and interactions of mHealth apps, this article aims to compare how previous legislation is reflected in the interactions between users and those apps and what key changes must take place now that GDPR is in force. GDPR empowers patients to ask and receive in a simple understandable manner, information about the security measures that are applied to protect their personal data and transparently see how their personal data is processed, by whom and to what purposes. Use-case scenarios are presented to discuss the impact of GDPR key changes in the visual interactions between the user/patient and mHealth apps and how the app content can be adapted to a more objective and uncluttered view. This study provides means to easily and quickly integrate the key privacy and legislation requirements from GDPR into app visualization, improving this way availability, transparency and patients' empowerment.

On 19 September 2019, the Data Protection Authority of the Aland Islands (in Finland) published its findings on the data processing audit for the autonomous region’s parliamentary election special internet voting procedure. It claimed that there were faults in the documentation provided by the processor, which in turn meant that the election’s integrity could not be guaranteed without further precautions from the government of the Aland Islands. Since the European Union’s General Data Protection Regulation (GDPR) entered into force in May 2018, it has set new critical requirements for remote electronic voting projects. Yet, to date, no specific guidance nor research has been conducted on the impact of GDPR on remote electronic voting. Tacking stock of two recent internet voting experiences in the Aland Islands and France, this paper aims at identifying and understanding these new requirements. More specifically, based on these two case studies it analyses four different challenges on the processing of personal data in remote electronic voting under the GDPR: the definitions and categories of personal data processed in online voting projects; the separation of duties between data controllers and data processors; the secure processing of (sensitive) personal data, including the use of anonymisation and pseudonymisation techniques; as well as post-election processing of personal data, and possible limits to (universal) verifiability and public access to personal data.

Intelligent environments collect and process personal information to assist individuals with their daily activities, enhance their experiences and adapt to their needs and intentions. The prosperity of paradigms like the Internet of Things (IoT) will boost the development of intelligent environments, but the envisioned exponential data growth will give rise to serious security and privacy concerns. Already in the domains of smart homes and healthcare one can observe a growing trend of intelligent environments being extended with third party smart service and technology providers - such as cloud and Big Data analytics services - that analyze and visualize sensitive information as a means to offer new insights to their customers, but that typically cross the personal space or privacy boundaries of the intelligent environment. The challenge addressed in this work is how to offer Big Data processing capabilities as a service with appropriate data protection safeguards in order to protect the individual's privacy in the extended intelligent environment. In this paper, we present SparkXS, a framework which offers granular and scalable access and data protection control on streaming data that can deal with the growing velocity, volume and variety of volatile data of IoT, integrated on top of our SAMURAI lambda architecture for Big Data processing. Driven by upcoming legislation and obligations, such as the EU General Data Protection Regulation (GDPR), our framework applies Privacy by Design (PbD) strategies and offers security controls that empower users to better control their personal data. Experimental results with motivating use cases and large data sets demonstrate the feasibility and scalability of our SparkXS framework while operating with acceptable performance overheads.

India’s data protection law is grossly inadequate in terms of personal data protection and privacy. While India is contemplating a separate law on personal data protection, this subject is currently dealt with by various laws. Irrespective of the inadequacies, laws of other countries, specifically the GDPR, have direct bearing on the processing and handling of personal data in India given their exterritorial scope. This paper explores the implication of the EU General Data Protection Regulation (GDPR) on Indian business. The paper reviews the state of data protection laws in India, followed by a review of GDPR and the implications of GDPR for Indian business. The paper argues that since India aims to be counted among the best, it would be wise to ensure that data protection laws are in sync with the best practices from across the world to maintain business competitiveness and ensure a level of personal data protection for its citizens.

The protection of personal data has become a critical issue in the face of the rapid digital transformations.The spread of advanced technologies, such as the internet and artificial intelligence, has increased the collection and exchange of personal data, exposing it to privacy and security risks.In response, many countries have issued legislations to ensure the protection of personal data and regulate its processing to be in line with the international standards.Accordingly, the present study focuses on the importance of personal data protection, examining Algeria's legal framework for safeguarding personal data, its compliance with international standards, and the challenges it faces in practical application.It also explores the enactment of the Law No. 18-07 that is dated on June 10, 2018, concerning the protection of natural persons in the processing of personal data, which aligns with the requirements of the digital age and enhances cybersecurity.Despite Algeria's legal advancements, it still faces a number of challenges, which requires ongoing efforts to ensure compliance and address legal gaps.The study concludes with suggestions for enhancing international cooperation, establishing regional supervisory bodies, and fostering awareness and training to ensure effective protection of personal data in Algeria. 1 Article 03 of Law No. 18-07, dated 10/06/2018, concerning the Protection of Natural Persons in the Processing of Personal Data, as published in the Official Gazette of the People's Democratic Republic of Algeria, No. 34, issued on 10/06/2018. 2 Law No. 63-2004, dated 27/07/2004, concerning the Protection of Personal Data, as published in the Official Gazette of the Tunisian Republic, No. 61, issued on 30/07/2004. Concept of Personal Data According to the GDPRAccording to Article 4 of the General Data Protection Regulation (GDPR) 3 , which came into effect in France and the European Union in 2018: "Personal data" means any information relating to an identified or identifiable natural person ("data subject"); a natural person is considered identifiable if they can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, or an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person 4 .The French (and European under the GDPR) definition is more detailed, specifying particular types of data such as geographic location, biometric, and economic identity, which makes the scope of personal data broader compared to Algerian and Tunisian legislations. The GDPR's Personal Data Protection Law Derived Its Definition From:International Human Rights Conventions: Through Article 8 of the European Convention on Human Rights (ECHR), which guarantees the right to respect for private and family life, home, and correspondence, forming the foundation for the concept of personal data protection 5 .Convention 108 of the Council of Europe, adopted in 1981, is the first binding international treaty on the protection of individuals concerning the automated processing of personal data 6 . National Legislations of European Union Countries:The GDPR also draws upon previous national data protection legislations within EU member states, such as the French law "Loi Informatique et Liberts" enacted in 1978.It also references the European Convention on Human Rights (2000), specifically Article 8 of the Charter, which grants individuals the right to protect their personal data 7 , and the European Directive 95/46/EC 8 , which was the previous foundation for the GDPR, established in 1995 to regulate personal data processing within the European Union.The GDPR replaced this directive to update the rules and keep pace with digital advancements. Importance of Protecting Personal Data:The importance of protecting personal data lies in its role in safeguarding individual privacy, preventing unlawful exploitation of information, developing secure services, enhancing trust in the digital environment, and respecting confidential information.

Healthy Data Protection

The EU General Data Protection Regulation: Implications for International Scientific Research in the Digital Era

An abstract is not available for this content so a preview has been provided. Please use the Get access link above for information on how to access this content.

Secondary use of personal data is particularly challenging for research, especially in paediatrics. The new EU General Data Protection Regulation (GDPR) enables a new legal framework for the data protection and personal data processing. This article analyses the GDPR provisions with the aim to verify if paediatric peculiarities are taken into account in the new framework and if GDPR provides adequate and clear rules to favour the secondary use of paediatric data for research purpose in international contexts. The analysis points out the lack of specific provisions covering paediatric peculiarities in the rules introduced by the GDPR, especially in the case of secondary use of data in international research projects. It concludes underlying the importance to develop new overall governance of personal data processing for health research in order to reduce the risk of infringements of fundamental and child’ rights. The need of further safeguards and tools for the standardisation of practices is also emphasised.