Data Privacy Framework Research Articles

The new EU-US data protection framework's implications for healthcare.

In July 2023, the United States and the European Union introduced the Data Privacy Framework (DPF), introducing the third generation of cross-border data transfer agreements constituting adequacy with respect to personal data transfers under the General Data Protection Regulation (GDPR) between the European Union (EU) and the US. This framework may be used in cross-border healthcare and research relationships, which are highly desirable and increasingly essential to innovative health technology development and health services deployment. A reliable model meeting EU adequacy requirements could enhance the transfer of patient and research participant data. While the DPF might present a familiar terrain for US organizations, it also brings unique challenges. A notable concern is the ability of individual EU Member States to establish individual and additional requirements for health data that are more restrictive than GDPR requirements, which are not anticipated by the DPF. This article highlights the DPF's potential impact on the healthcare and research sectors, finding that the DPF may not provide the degree of lawful health data transfer desirable for healthcare entities. We examine the DPF against a background of existing Health Insurance Portability and Accountability Act obligations and other GDPR transfer tools to offer alternatives that can improve the likelihood of reliable, lawful health data transfer between the US and EU.

The EU-U.S. Data Privacy Framework: Is the Dragon Eating its Own Tale?

The EU-U.S. Data Privacy Framework: Is the Dragon Eating its Own Tale?

The EU–US data privacy framework and the impact on companies in the EEA and USA compared to other international data transfer mechanisms

Third time's a charm? Companies in the European Economic Area, Switzerland and the UK (EEA+) are considering the pros and cons of the third attempt of the EU Commission and US government to establish interoperability between their data protection and privacy law systems, after the demise of the US Safe Harbor Program and the EU–US Privacy Shield. Should US companies register? Are the efforts worth the potential benefits, given that the new programme has already been challenged and may be invalidated like previous programmes for reasons that businesses cannot control? Should companies that were already enrolled in the previous programmes accept automatic enrolment or leave the programme? Can and should companies in the EEA+ rely on EU–US Data Privacy Framework (DPF) registration for international transfers? Or insist on registration in addition to standard contractual clauses (EU SCC 2021) or other compliance mechanisms? Are data transfer impact assessments (DTIAs) still required for transfers to the US? Should they be updated? This paper seeks to help companies find answers to these questions and (I) outlines the background and context of the Adequacy Decision, (II) explains how US companies can join the DPF, (III) discusses the impact of the Adequacy Decision, (IV) summarises requirements for other compliance mechanisms for international data transfers under the GDPR, (V) compares the DPF to other transfer compliance mechanisms and (VI) provides practical considerations and a summary.

The United States and the European Union Begin Implementation of the European Union-U.S. Data Privacy Framework

An abstract is not available for this content. As you have access to this content, full HTML content is provided on this page. A PDF of this content is also available in through the ‘Save PDF’ action button.

European Union ∙ EDPB Opinion on the European Commission’s Draft Adequacy Decision regarding the EU-U.S. Data Privacy Framework: Is the Scene Set for Schrems III?

European Union ∙ EDPB Opinion on the European Commission’s Draft Adequacy Decision regarding the EU-U.S. Data Privacy Framework: Is the Scene Set for Schrems III?

European Union ∙ The EU-US Data Privacy Framework (DPF) – A Blueprint for International Data Transfers?

European Union ∙ The EU-US Data Privacy Framework (DPF) – A Blueprint for International Data Transfers?

A framework for data privacy and security accountability in data breach communications

Organisations need to take steps to protect the privacy and security of the personal information they hold. However, when data is breached, how do individuals know whether the organisation took reasonable steps to protect their data? When breached organisations notify affected individuals, this communication is likely to be one of the few windows into the incident from the outside and can become an important artefact for research. This desktop study aimed to consider the extent to which publicly available Australian data breach communications reflect data privacy and security best practices. This paper presents a brief review of literature and government guidance on data security and privacy best practices, along with the results of a qualitative content analysis of 33 publicly available Australian data breach communications. This analysis illustrated that there was little reflection of data privacy and security practices. Literature, government guidance and the content analysis were used to inform and develop a new voluntary framework for organisations. This consists of a series of evaluation questions divided into two broad categories: responsible data management and responsible portrayal of the breach. The framework has the potential to help organisations plan the inclusion of data privacy and security management aspects in their data breach communications. This could assist organisations to address their legal and ethical responsibility to account for their actions in managing privacy and security of the personal data they hold.

An Examination of the Legal Framework for Data Privacy and Protection in Nigeria

An Examination of the Legal Framework for Data Privacy and Protection in Nigeria

Data Privacy Framework on Multi Check-out Timestamp Order for Secured Transaction in Mobile Network

Data transaction over distri uted network has gained much attention in the database communities since the last decade, especially in terms of security support. There are several data privacy models for mobile computing such as Data Encryption Standard, Skipjack, RC5 and so on. Most of the cipher algorithms are designed for huge data size of encryption and decryption processes. Therefore, a suitable secure cipher algorithm is needed if the encryption and decryption is merely for small amount of data such as in the mobile database environment. In this paper, we discuss on the five well-known symmetric key cryptographic ciphers and propose a framework for the security model on top of Multi Check-out Timestamp Order (MCTO) data transaction model.