Le banquier et le Data Protection Officer (DPO). D'une obligation d'information et de conseil à une obligation d'assistance / Banker and Data Protection Officer (DPO). From an obligation to provide information and advice to an obligation to provide assistance

Renucci, Antoine

10 July 2019

La mise en parallèle des activités de banquier et de Data protection Officer est particulièrement intéressante du point de vue de l’obligation d’information et de conseil, concept qui fait l’objet d’une importante mutation. Notre thèse est que cette obligation évolue de façon parallèle pour ces deux professionnels, mais prend in fine une option différente. Dans les deux cas, cette obligation tend à devenir une obligation d’assistance, mais elle est de nature différente : si dans sa forme classique avec le banquier, l’obligation d’assistance est passive, dans sa forme actuelle avec le DPO, elle est active. Cette divergence s’explique par les enjeux et les logiques qui ne sont pas identiques. Avec le Banquier, c’est la logique des affaires qui prime et il ne peut s’y ingérer. En revanche, avec le Data Protection Officer (DPO), c’est la logique de protection des personnes, et plus particulièrement de leurs données qui prime, ce qui justifie et même impose son ingérence. Il est donc logique que l’assistance soit passive dans un cas et active dans l’autre. / The parallel between banking and data protection officer activities is particularly interesting regarding the obligation to provide information and advice, a concept which is undergoing a major change. Our thesis is that this obligation evolves concomitantly for these two professionals but, in the end, takes a different way. In both cases, this obligation tends to become an obligation of assistance of a different nature : in its classical form, the banker has the obligation to provide a passive assistance, but in its current form, the assistance provided by the DPO, is active. This divergence is explained by the difference of needs and logic. In the case of the Banker, the business logic prevails and he can’t interfere. On the other hand, in the case of the Data Protection Officer (DPO), the protection prevails, especially the data protection, which justifies and even imposes his action. It is therefore logical that assistance provided should be passive in one case and active in the other.

Assistance

Banquier

Confidentialité

Data Protection Officer

Banker

Compliance

Human trafficking 2.0 the impact of new technologies

Rentzsch, Viola

January 2021

Magister Legum - LLM / Human history is traversed by migration. This manifold global phenomenon has shaped the world to its current state, moving people from one place to another in reaction to the changing world. The autonomous decision to permanently move locations represents only a segment of what is considered to be migration. Routes can be dangerous, reasons can be without any alternative, displacements forced, and journeys deadly. Arguably the most fatal of all long-distance global migration flows, the transatlantic slave trade has left an enduring legacy of economic patterns and persistent pain. Whilst the trade in human beings originated centuries before, with Europe’s long history of slavery, this event represents an atrocious milestone in history. In a nutshell, European colonialists traded slaves for goods from African kings, who had captured them as war prisoners.

Privacy

Human trafficking

Data mining

Forced prostitution

Data protection

Správa sociálního zabezpečení a ochrana osobních údajů / Social security administration and personal data protection

Beneš, Jiří

January 2019

Social security administration and personal data protection The protection of personal data is one of the most discussed legal topics of contemporary legal science. However, the attention of both the professional and general public has so far been focused on the processing of personal data carried out by private law entities. On the contrary, the author focuses on a topic that has been overlooked, namely the processing of personal data performed by social security administration authorities. This thesis aims to answer the question whether the processing carried out by selected authorities of the social security administration follows the principle of lawfulness according to data protection regulations and the Regulation (GDPR). The key aspect of the author's answer is primarily to assess the compliance of the current legislation in the area of sickness and pension insurance and passive employment policy with the requirements of the Regulation (GDPR). In this work, the author first deals with the historical roots and birth of the legal regulation of personal data protection. Then, by comparing the legal regulations adopted within the Council of Europe, the European Union, and the Czech Republic, it analyses the applicable regulation of personal data protection. As the author points out in this work,...

Programvaruutvecklingen efter GDPR : Effekten av GDPR hos mjukvaruföretag

Nord, Lisa

January 2020

GDPR (General data protection regulation, generella dataskyddsförordningen) är en ny europeisk förordning som reglerar behandlingen av känsliga uppgifter samt det fria flödet av dessa inom EU. Förordningen utgör ett skydd för fysiska personer vid behandling av deras personuppgifter inom unionen vilket är en grundläggande rättighet.  GDPR har sedan den trädde i kraft i Maj 2018 varit en förordning att räkna med då dess bötesbelopp är höga. Alla företag inom Europa behöver följa reglerna samt företag utanför EU som hanterar europeiska personuppgifter. Målet med detta arbete är se vilken effekt GDPR har haft hos svenska mjukvaruutvecklare och hur de ser på sin arbetsbörda. Detta har gjorts genom en enkätundersökning hos svenska mjukvaruföretag som blivit slumpmässigt utvalda. Av uppsatsens resultat framgår det att många mjukvaruföretag som skapar egen programvara eller distribuerar programvara för en tredje part har den nya förordningen inneburit ett tyngre arbetslass samt omförhandling av existerande programvarulösningar. Något som inneburit nya arbetsplatser eller arbetsgrupper hos många företag. När GDPR först trädde ikraft lades det ner många arbetstimmar på att omvandla redan existerande lösningar för att uppfylla kraven. Trots detta har det lagts många fler timmar vid utveckling även efter GDPR för att se till att den nya programvaran även den lever upp till de krav som är ställda.  Av resultatet kan vi även finna att många företag ser väldigt strikt på hantering av känsliga uppgifter de samlat in från deras kunder men ser mindre strikt på lagring och hantering av personuppgifter av sina egna anställda. / GDPR(General data protection regulation) is a new European regulation that regulates data, protection, and privacy. It also addresses the transfer of personal data to countries outside of the European Union. Ever since the GDPR was enforceable May 2018, it has been a regulation for businesses to strictly follow and be wary of due to the hefty fines. All European businesses need to follow the new regulation and likewise, so to the businesses outside of the E.U. in which handles any type of personal data of Europeans. The goal with this thesis is to see the effect the GDPR has had for Swedish software developers and how they portray their workload. This data has been shown in the form of a questionnaire which was randomly distributed to a number of Swedish software companies.  In conclusion, this thesis shows that the new regulation has had a big impact on the developers that create new software/distributes software, primarily in form of a heavier workload and the need to re-negotiate already existing software. This has provided new jobs and/or new teams for many of the companies that were a part of this study. When GDPR was first introduced, the software companies spent countless hours on converting already existing software. Even tho they spend a lot of time in the beginning, the dedication of time is spent on every solution to make sure it meets the requirements of GDPR: We can also see that many businesses spend a lot more time and money on data protection for their clients personal data, but they do not treat their employees personal data in the same way.

GDPR

Programvaruutveckling

General Data Protection Regulation

Dataskyddsförordningen

Software Engineering

Programvaruteknik

Ochrana osobních údajů a veřejná správa / Personal data protection and public administration

Talík, Michael

January 2022

6 General / Obecné Personal data protection and public administration Abstract This thesis is aimed to personal data protection in connection to public administration. Given the extensiveness of the topic, the author is focused on the most important issues related to the area of personal data protection. The main area of the study is the terminology, and the effect on the public administration. The goal of the thesis is to provide clear and comprehensive explanation of terms related to personal data protection. The goal is accomplished due to expansive explanation of those terms in order to appropriately connect the reader with the topic. The thesis is divided into four chapters. The first chapter aims to systematization of personal data protection. In addition to that, also explaining the crucial term of this thesis, the personal data. The second chapter deals with historical context and evolution of the data protection. The historical context provides the explanation of the relevant data protection laws, which determined the evolution of the data protection itself. The third chapter concentrates to the merit of the thesis, therefore General Data Protection regulation. Each of those subchapters were selected by the author to provide only the crucial terms and not to overflow the reader with a less...

Privacy-Aware Data Analysis: Recent Developments for Statistics and Machine Learning

Lut, Yuliia

January 2022

Due to technological development, personal data has become more available to collect, store and analyze. Companies can collect detailed browsing behavior data, health-related data from smartphones and smartwatches, voice and movement recordings from smart home devices. Analysis of such data can bring numerous advantages to society and further development of science and technology. However, given an often sensitive nature of the collected data, people have become increasingly concerned about the data they share and how they interact with new technology. These concerns have motivated companies and public institutions to provide services and products with privacy guarantees. Therefore, many institutions and research communities have adopted the notion of differential privacy to address privacy concerns which has emerged as a powerful technique for enabling data analysis while preventing information leakage about individuals. In simple words, differential privacy allows us to use and analyze sensitive data while maintaining privacy guarantees for every individual data point. As a result, numerous algorithmic private tools have been developed for various applications. However, multiple open questions and research areas remain to be explored around differential privacy in machine learning, statistics, and data analysis, which the existing literature has not covered. In Chapter 1, we provide a brief discussion of the problems and the main contributions that are presented in this thesis. Additionally, we briefly recap the notion of differential privacy with some useful results and algorithms. In Chapter 2, we study the problem of differentially private change-point detection for unknown distributions. The change-point detection problem seeks to identify distributional changes in streams of data. Non-private tools for change-point detection have been widely applied in several settings. However, in certain applications, such as identifying disease outbreaks based on hospital records or IoT devices detecting home activity, the collected data is highly sensitive, which motivates the study of privacy-preserving tools. Much of the prior work on change-point detection---including the only private algorithms for this problem---requires complete knowledge of the pre-change and post-change distributions. However, this assumption is not realistic for many practical applications of interest. In this chapter, we present differentially private algorithms for solving the change-point problem when the data distributions are unknown to the analyst. Additionally, we study the case when data may be sampled from distributions that change smoothly over time rather than fixed pre-change and post-change distributions. Furthermore, our algorithms can be applied to detect changes in linear trends of such data streams. Finally, we also provide a computational study to empirically validate the performance of our algorithms. In Chapter 3, we study the problem of learning from imbalanced datasets, in which the classes are not equally represented, through the lens of differential privacy. A widely used method to address imbalanced data is resampling from the minority class instances. However, when confidential or sensitive attributes are present, data replication can lead to privacy leakage, disproportionally affecting the minority class. This challenge motivates the study of privacy-preserving pre-processing techniques for imbalanced learning. In this work, we present a differentially private synthetic minority oversampling technique (DP-SMOTE) which is based on a widely used non-private oversampling method known as SMOTE. Our algorithm generates differentially private synthetic data from the minority class. We demonstrate the impact of our pre-processing technique on the performance and privacy leakage of various classification methods in a detailed computational study. In Chapter 4, we focus on the analysis of sensitive data that is generated from online internet activity. Accurately analyzing and modeling online browsing behavior play a key role in understanding users and technology interactions. Towards this goal, in this chapter, we present an up-to-date measurement study of online browsing behavior. We study both self-reported and observational browsing data and analyze what underlying features can be learned from statistical analysis of this potentially sensitive data. For this, we empirically address the following questions: (1) Do structural patterns of browsing differ across demographic groups and types of web use?, (2) Do people have correct perceptions of their behavior online?, and (3) Do people change their browsing behavior if they are aware of being observed? In response to these questions, we found little difference across most demographic groups and website categories, suggesting that these features cannot be implied solely from clickstream data. We find that users significantly overestimate the time they spend online but have relatively accurate perceptions of how they spend their time online. We find no significant changes in behavior throughout the study, which may indicate that observation had no effect on behavior or that users were consciously aware of being observed throughout the study.

Statistics

Machine learning

Privacy

Data protection

Internet searching

The Impact of Artificial Intelligence on Data Protection: A Legal Analysis

Dos Santos, Ana Paula

01 April 2020

This study explores the implications of artificial intelligence innovation on privacy, data protection regulations, and other related laws. With the spread of data endangering privacy, it is a difficult task to protect the “right to be let alone,” considered as an individuals’ liberty and a fundamental right. This research has shown that at the same time, the use of personal information by artificial intelligence can impact an individual’s privacy. Artificial intelligence also brings conjecturable, incredible, and useful innovation that benefits humans. The analysis of the enacted laws in the European Union, China, and the United States on data protection regulations demonstrates that the laws are not sufficient to prevent the challenges raised by artificial intelligence. This thesis discusses the great importance of the subject matter to society, the several impacts it can foment and the lack of regulations to avoid the outcome

Artificial Intelligence

Privacy

Data Protection

Technology

Personal Data

Law

Performance analysis of the MULTISAFE protection enforcement processes

Deaver, Mason C.

30 October 2008

This paper describes the performance of the MULTISAFE database protection model through response-time equations. A predicate-based protection model is described. Various classes of access decision dependencies are reviewed. The distinct modules of MULTISAFE are discussed, and a relational database approach to the management of data protection is developed for these modules. A performance equation which models user login into MULTISAFE is developed. A set of equations is developed which model the processing of database queries as a series of steps. These equations are then modified to consider the possibility of concurrent processing among the MULTISAFE modules. The two sets of equations are compared and analyzed. The analysis reveals that the concurrency feature of MULTISAFE allows database protection to be implemented with a minimum of system overhead. Further analysis shows that, in some cases, an arbitrary database query takes less time to process with all protection checks in force than a similar query in a protection less environment. / Master of Science

LD5655.V855 1983.D429

Computers -- Access control

Data protection

Data protection in the age of Big Data : legal challenges and responses in the context of online behavioural advertising

Chen, Jiahong

January 2018

This thesis addresses the question of how data protection law should respond to the challenges arising from the ever-increasing prevalence of big data. The investigation is conducted with the case study of online behavioural advertising (OBA) and within the EU data protection legal framework, especially the General Data Protection Regulation (GDPR). It is argued that data protection law should respond to the big data challenges by leveraging the regulatory options that are either already in place in the current legal regime or potentially available to policymakers. With the highly complex, powerful and opaque OBA network, in both technical and economic terms, the use of big data may pose fundamental threats to certain individualistic, collective or societal values. Despite a limited number of economic benefits such as free access to online services and the growth of the digital market, the latent risks of OBA call for an effective regulatory regime on big data. While the EU's GDPR represents the latest and most comprehensive legal framework regulating the use of personal data, it has still fallen short on certain important aspects. The regulatory model characterised by individualised consent and the necessity test remains insufficient in fully protecting data subjects as autonomous persons, consumers and citizens in the context of OBA. There is thus a pressing need for policymakers to review their regulatory toolbox in the light of the potential threats. On the one hand, it is necessary to reconsider the possibilities to blacklist or whitelist certain data uses with mechanisms that are either in place in the legal framework or can be introduced additionally. On the other hand, it is also necessary to realise the full range of policy options that can be adopted to assist individuals in making informed decisions in the age of big data.

Dynamic Differential Data Protection for High-Performance and Pervasive Applications

Widener, Patrick M. (Patrick McCall)

20 July 2005

Modern distributed applications are long-lived, are expected to provide flexible and adaptive data services, and must meet the functionality and scalability challenges posed by dynamically changing user communities in heterogeneous execution environments. The practical implications of these requirements are that reconfiguration and upgrades are increasingly necessary, but opportunities to perform such tasks offline are greatly reduced. Developers are responding to this situation by dynamically extending or adjusting application functionality and by tuning application performance, a typical method being the incorporation of client- or context-specific code into applications' execution loops. Our work addresses a basic roadblock in deploying such solutions: the protection of key application components and sensitive data in distributed applications. Our approach, termed Dynamic Differential Data Protection (D3P), provides fine-grain methods for providing component-based protection in distributed applications. Context-sensitive, application-specific security methods are deployed at runtime to enforce restrictions in data access and manipulation. D3P is suitable for low- or zero-downtime environments, since deployments are performed while applications run. D3P is appropriate for high performance environments and for highly scalable applications like publish/subscribe, because it creates native codes via dynamic binary code generation. Finally, due to its integration into middleware, D3P can run across a wide variety of operating system and machine platforms. This dissertation introduces D3P, using sample applications from the high performance and pervasive computing domains to illustrate the problems addressed by our D3P solution. It also describes how D3P can be integrated into modern middleware. We present experimental evaluations which demonstrate the fine-grain nature of D3P, that is, its ability to capture individual end users' or components' needs for data protection, and also describe the performance implications of using D3P in data-intensive applications.

Distributed systems

Security

Publish-subscribe systems

Middleware

Data protection

Computer security

Data protection

Middleware