Global ETD Search

201	Platform Privacy Construction – A case study of privacy on public digital healthcare platform 1177 Lindholm, Nina January 2023 (has links) Privacy is an essential concept in the field of healthcare. As healthcare is fast digitalizing and going through platformization, understanding how it is constructed has become important. Swedish digital healthcare platform 1177 is a unique case, that can be used to analyze how the different actors that are present in the platform environment like the platform owner, healthcare organizations, and patients take part in the construction of privacy in a platform environment and how for example national and international legislation affects on the societal norms of the platform. By using the context analysis method and operationalizing platform society – and contextual integrity theory to 1177, it was revealed that while there is a clear hierarchy between the actors, all of them participate in different ways into making sure that the data that flows within the platform is being processed securely and with privacy in mind. While the platforms are their own socio-technical environments, they are also affected by national and international legislative norms. Compliance with legislation like the GDPR and the Swedish national patient data law is important as non-compliance can cause issues for the platform. However, while the platform privacy construction would be strong, the development of data analysis methods and AI can pose a risk for the data transfer from the platform to other purposes, like for example in research. privacy digital healthcare platform contextual integrity data processing GDPR privacy norms Media and Communications Medie- och kommunikationsvetenskap
202	Rätten till ersättning för ideella skador enligt GDPR : En analys av rätten till ersättning, grupptalan samt rättsutvecklingens konsekvenser på dataskyddet i EU / The right to compensation for non-material damages according to the GDPR Persson, Enar January 2023 (has links) The Court of Justice of the European Union (CJEU) recently clarified some fundamental questions regarding the right to compensation under Article 82 of the General Data Protection Regulation (GDPR). The CJEU emphasised the cumulative conditions for the right to compensation, namely, damage resulting from a data breach and a causal link between the two. There are a number of ways in which the GDPR provides a more detailed framework for what should typically constitute damage, how the control of personal data can facilitate the assessment of the concept of damage and how the burden of proof can be interpreted in the light of the purpose of the Regulation. There is no automatic right to compensation and a more detailed assessment must be made under all of the criteria set out in Article 82. In the absence of further case law, I have tried to clarify the applicable law by interpreting the GDPR and the two judgements from the CJEU on the right to compensation. From a procedural point of view, a future with more litigation in the form of representative actions as a result of the Representative Action Directive is likely. The Directive does not change the Swedish representative action rules in any major way, but what is worth noting are the differences between opt-in and opt-out. An opt-in system, such as the Swedish one, may see some increase in the number of representative actions, but in an opt-out system, like the one in the Netherlands, it is likely to see many more representative actions. Uncertainties remain as to whether the opt-out system is compatible with the GDPR, and the CJEU will have to clarify the legal status in the near future. When evaluating the consequences of the legal developments, a potential over- regulation is a risk, while information security is likely to improve. As I see it, the CJEU has two choices to counteract any over-regulation that may arise as a result of legal developments. Either the CJEU can clarify that Article 80 of the GDPR does not allow for an opt-out system, or the CJEU can clarify where the upper limit of the amount of damages in representative actions lies, for example through the principle of proportionality. dataskydd GDPR rätten till ersättning skadestånd artikel 82 grupptalandirektivet grupptalan Law and Society Juridik och samhälle
203	Public knowledge of digital cookies : Exploring the design of cookie consent forms Gröndahl, Louise January 2020 (has links) Forms for consent regarding the use of digital cookies are currently used by websites to convey the information about the use of digital cookies on the visited website. However, the design of these consent forms is not entirely right according to the directives of the General Data Protection Regulation and also not optimal seen from a user's perspective. They often lack options and the informational text is often too brief within the form. As a user, that might make it difficult to understand what it is you accept and what the consequences could be for your personal data. Based on the directives given for the digital cookie consent form, it becomes clear that many do not meet the requirements. The question therefore arise, which factors make a cookie consent form successful, concerning how well a user understands the content and is aware of his/her choice of action? To answer that question, a quantitative- and a qualitative study was conducted. The quantitative study examined people's current understanding and perception about digital cookie forms. The results of that study were then used in the qualitative study to develop prototypes producing new cookie consent forms which were then examined with a usability test. The study presents five factors that contribute to a cookie consent form to be considered successful from the user's perspective in understanding the content and making an active choice. These factors are text, options, full-page consent form, active choice and trustworthiness. These five factors can independently increase the user experience of a form, although, all should be accounted for for better results. The various factors together contribute to a form that complies with different directives and laws, but above all, helps users get a better experience of understanding what they approve of and the feeling of making an active choice. / Formulär för samtycke till användandet av digitala kakor (cookies) används idag av hemsidor för att förmedla informationen om användningen av digitala kakor på den besökta hemsidan. Utformningen av dessa samtyckesformulär är däremot inte alltid helt korrekta enligt direktiven från the General Data Protection Regulation och inte heller optimala sett utifrån en användares perspektiv. De saknas ofta valmöjligheter och information är ofta kortfattad inom formuläret. Som användare, kan det därför vara svårt att förstå vad det är man godkänner och vilka konsekvenser det innebär för ens personliga data. Utifrån de direktiv som ges för utformningen av formulären för samtycke till användandet av digitala kakor blir det tydligt att många inte uppnår kraven. Frågan blir därför vilka faktorer som gör att ett formulär blir framgångsrikt i den aspekt att användaren förstår innehållet och är medveten om sitt val? För att svara på denna fråga gjordes en kvantitativ studie och en kvalitativ studie. Den kvantitativa studien undersökte människors nuvarande förståelse och känsla om formulär för digitala kakor. Resultatet användes denna studie använde sedan i den kvalitativa studien i form av prototyper föreställande nya formulär som sedan undersöktes i ett användartest. Studien resulterade i att fem faktorer visade sig vara avgörande för att ett samtyckesformulär för digitala kakor ska anses framgångsrikt utifrån användarens perspektiv med att förstå innehållet och göra ett aktivt val. Dessa faktorer är, text, alternativ, heltäckande sida av formulär, aktivt val och pålitlighet. Dessa fem faktorer kan enskilt förhöja användarupplevelsen av ett formulär, dock bör man ta hänsyn till alla för ett bästa resultat. De olika faktorerna bidrar tillsammans till ett formulär som följer olika direktiv och lagar men framförallt bidrar till att användarna får en bättre upplevelse med att förstå vad de godkänner och känslan av att göra ett medvetet val. Cookie Consent Forms Usability Data Privacy GDPR Computer and Information Sciences Data- och informationsvetenskap
204	GDPR – en "kioskvältare"? Kidman, Kajsa, Axelsson, Lisen January 2017 (has links) Denna uppsats är en fallstudie. Studien behandlar den kommande dataskyddsförordningen (GDPR) och dess påverkan på medie- och IKT-företag. Syftet med studien är att studera den befintliga kunskapen kring dataskyddsförordningen inom medie- och IKT-företag samt hur ett förändringsarbete mot förordningen kan drivas. Studien redovisar för dataskyddsförordningen och dess bakgrund följt av en beskrivning kring medieindustrin, IKT-företag och dess komplexa struktur. Vidare beskrivs organisationsförändringar och metoder för dessa vilka kan underlätta ett förändringsarbete. Med hjälp av en enkätundersökning har författarna undersökt om dataskyddsförordningen har uppmärksammats inom 50 medie- och IKT-företag samt om ett förändringsarbete har planerats eller påbörjats. Vidare har studien kompletterats med kvalitativa intervjuer där dataskyddsförordningen i förhållande till tre medieföretag samt ett IKT-företag har analyserats mer ingående. Resultatet av undersökningarna visar hur en stor andel medieföretag i nuläget inte har påbörjat anpassningen mot dataskyddsförordningen. De studerade organisationerna vittnar även om en okunskap i förhållande till det behandlade ämnet och ett anpassningsarbete har i majoriteten av de studerade fallen ej påbörjats. Studien lyfter därför förändringsmodeller vilka kan ge struktur åt ett kommande anpassningsarbete. / This essay is a case study. The study addresses the forthcoming General Data Protection Regulation (GDPR) and its impact on media-and ICT-companies. The purpose of the study is to examine the existing knowledge of the data protection regulation within media and ICT-companies. The study also aims to create an understanding of how an adaption can be carried out against the regulation. The study accounts for the GDPR and its background, followed by a description of the media industry, ICT-companies and its complex structure. Furthermore, organizational changes and methods are described in order to facilitate and provide an overall structure for the change work. By means of a survey, the authors examined whether the GDPR has been noted in 50 media and ICT-companies and if a change work has been planned or begun. Furthermore, the study has been supplemented with qualitative interviews where the GDPR in relation to three media companies and one ICT-company has been analyzed in more detail. The results of the survey show how a large proportion of media companies have not yet begun the adaptation or change work to meet the requirements in the GDPR. The studied organizations also testify to an ignorance in relation to the subject and an adaptation work has not begun in the majority of the studied companies. The study therefore raises change models that can provide an overall structure for future change work to GDPR. dataskyddsförordningen GDPR organisationsförändringar personuppgifter medieföretag IKT-företag anpassningsarbete mediebranschen Engineering and Technology Teknik och teknologier
205	Illegal Cookie Banners and Developing a Compliant Solution Sandin, Arvid January 2024 (has links) Laws in the European Union can be difficult to interpret and the General Data Protection Regulation (GDPR) has majorly redefined consent in regard to online tracking. By specifying requirements for a cookie banner, the compliance of different websites can easier be investigated and a compliant cookie banner can be created. The result shows that virtually all websites fail to collect consent in accordance with the law. A created web component, simply called cookie-banner is suggested as a compliant solution. Cookies GDPR Cookie banner Online tracking Kakor Dataskyddsförordningen Computer Engineering Datorteknik
206	Compliance to GDPR Data Protection and Privacy in Artificial Intelligence Technology: Legal and Ethical Ramifications in Malaysia Kamaruddin, S., Mohammad, A.M., Mohd Saufi, N.N., Wan Rosli, Wan R., Othman, M.B., Hamin, Z. 25 September 2023 (has links) No / AI is becoming increasingly important in cybersecurity. AI-based products detect risks and secure systems and data. Cybercriminals can use technology to launch more sophisticated attacks. AI-based security is in demand due to cyberattacks. With the adoption of AI technology, GDPR requires most countries to have legal measures to protect their citizens' data and privacy. Data protection and privacy issues arise when using AI technology. AI use must comply with GDPR, including obtaining consent for data processing, ensuring data accuracy, and giving individuals the right to access, correct, or delete their data. Organisations must also be transparent about how their AI makes decisions and not discriminate against individuals or groups. This study examines Malaysia's GDPR compliance on AI usage, data protection, and privacy in light of current concerns. This study analyses primary and secondary sources using doctrinal research. In 2022, Malaysia's banking, healthcare, and telecommunications sectors were hit by data breaches, indicating that AI is increasing data breaches. Thus, the government must examine citizen data protection and privacy concerns and re-examine its governance, including legal and regulatory mechanisms, to see if it conforms to international norms and consider reforms. / This research was supported by the Ministry of Education (MOE) through the Fundamental Research Grant Scheme (FRGS/1/2020/SSI0/UPSI/02/12). Computer crime Data governance Law Legislation Data protection GDPR Artificial intelligence Privacy Malaysia
207	Exchanging and Protecting Personal Data across Borders: GDPR Restrictions on International Data Transfer Oldani, Isabella 20 July 2020 (has links) From the very outset of the EU data protection legislation, and hence from the 1995 Directive, international data transfer has been subject to strict requirements aimed at ensuring that protection travels with data. Although these rules have been widely criticized for their inability to deal with the complexity of modern international transactions, the GDPR has essentially inherited the same architecture of the Directive together with its structural limitations. This research aims to highlight the main weaknesses of the EU data export restrictions and identify what steps should be taken to enable a free, yet safe, data flow. This research first places EU data transfer rules in the broader debate about the challenges that the un-territorial cyberspace poses to States’ capabilities to exert their control over data. It then delves into the territorial scope of the GDPR to understand how far it goes in protecting data beyond the EU borders. The objectives underpinning data export restrictions (i.e., avoiding the circumvention of EU standards and protecting data from foreign public authorities) and their limitations in achieving such objectives are then identified. Lastly, three possible “solutions” for enabling data flow are tested. Firstly, it is shown that the adoption by an increasing number of non-EEA countries of GDPR-like laws and the implementation by many companies of GDPR-compliant policies is more likely to boost international data flow than internationally agreed standards. Secondly, the role that Article 3 GDPR may play in making data transfer rules “superfluous” is analysed, as well as the need to complement the direct applicability of the GDPR with cross-border cooperation between EU and non-EU regulators. Thirdly, the study finds that the principle of accountability, as an instrument of data governance, may boost international data flow by pushing most of the burden for ensuring GDPR compliance on organizations and away from resource-constrained regulators.
208	Tredjelandsöverföring av personuppgifter: en jämförelse mellan artikel 45, artikel 46 och artikel 49 GDPR / Transfer of Personal Data to Third Countries: A Comparison Between Article 45, Article 46 and Article 49 GDPR Erbili, Darin January 2019 (has links) The introduction of algorithms has for companies led to new ways of marketing themselves. However, access to personal data is needed for a company to successfully use an algorithm, which means companies can trade with our personal data. Personal data is therefore no longer used solely for nonprofit purposes but has rather acquired a financial value. This has led to new challenges in terms of third country transfer of personal data, which requires legislation that can effectively protect personal data. Within the EU, the General Data Protection Legislation (GDPR) regulates how personal data can be transferred to a third country. Article 45 GDPR, which contains the first requirement for third country transfers, states that transfers are only permitted based on an adequacy decision issued by the Commission. On the basis, inter alia, of the annulment of the Safe Harbor decision, by the European Court of Justice, and the criticism that has been addressed towards the Privacy Shield decision, questions are raised if there are reason for companies to make third country transfers based on the alternative provisions in article 46 and article 49 GDPR. The aim of this thesis is to examine the possibilities of making third country transfers according to articles 45, 46 and 49 GDPR by making a comparison that has been made from an individual- and company perspective. The research questions have been focused on the content of the adequacy decisions concerning USA, Switzerland, Canada, Israel and Japan, a review of the legal basis for third country transfers stated in articles 46 and 49 GDPR, as well as benefits and drawbacks with applying the grounds set forth in articles 46 and 49 GDPR rather than applying an adequacy decision pursuant to article 45 GDPR. In conclusion, it may be noted that the adequacy decisions that have been discussed leave room for doubt in relation to the level of protection that is guaranteed in the GDPR. This gives reason for companies to consider application of article 46 and article 49 GDPR. There are several benefits and drawbacks with such considerations including the size of the company and its financial recourses affecting which appropriate safeguard in article 46 GDPR is the most suitable safeguard to use. Furthermore, the derogations in article 49 GDPR may, in theory and in practice, be very difficult to apply instead of article 45 and article 46 GDPR since the derogations focuses on specific situations and must be used restrictively. The findings in this thesis however leads to the conclusion that there are several reasons for companies to consider application of article 46 GDPR instead of article 45 GDPR. GDPR third country transfer adequacy decision binding corporate rules standard data pro-tection clauses code of conduct certification mechanism derogation. GDPR tredje land överföring beslut om adekvat skyddsnivå bindande företagsbestämmelser standardiserade dataskyddsbestämmelser uppförandekoder certifieringsmekanismer undantag. Law Juridik
209	Samhällsutmaningarnas lösning stavas Smart stad; hur påverkas den personliga integriteten? : En kvalitativ fallstudie om beslutsfattares inställning till och planer för personlig integritet i den smarta staden / Smart cities, a solution to societal challenges. But what happens to citizen privacy? : A qualitative case study of policymakers’ attitudes and plans regarding citizen privacy in the smart city Nord, Jonas, Wåhlberg, Gabriel January 2019 (has links) Svenska städer utmanas av ökad urbanisering, en skiftande demografi och krav på en minskad miljöpåverkan. Ett led i att bemöta dessa utmaningar är utvecklingen av den smarta staden. Den smarta staden saknar ännu en vedertagen definition men innebär en digitalisering och effektivisering av stadens funktioner. Digitalisering i den smarta staden möjliggör effektivisering genom att nyttja algoritmer, höghastighetsinternet, sensorer och billiga stora lagringsvolymer för att generera önskvärda resultat. Stora mängder data kan behandlas i realtid och användas till exempelvis beslutsstöd eller automatiserad beslutsfattande. Ett outforskat område inom smarta städer är dess inverkan på invånare och besökares integritet, där vissa menar att den smarta staden skulle kunna möjliggöra storskaliga integritetskränkningar genom aggregering och korrelering av behandlade personuppgifter. Integritet är en central del av en fungerande demokrati eftersom den möjliggör samhällsutveckling utanför existerande normer och höjer mänskligt välmående. För att förstå risken för integritetskränkningar i den smarta staden behövs insikt i hur beslutsfattarna, som utformar den smarta staden, ser på risken för integritetskränkningar, samt det lagrum inom vilket den smarta staden utvecklas. Denna studie utforskar definitionen av den smarta staden, problemen den smarta staden ämnar lösa och risken att den smarta staden innebär integritetskränkningar. Definitionen av den smarta staden saknar konsensus men ses i stor utsträckning använda teknik som möjliggörare. Konkreta initiativ av den smarta staden är lättare att kategorisera och förstå innebörden av, samtidigt ser inte beslutsfattare att framtagandet av en definition är avgörande för utvecklingen av den smarta staden. Den smarta staden ses enhälligt syfta till att lösa samhällsutmaningar och bidra till livskvalité. Integritetsutmaningarna i den smarta staden ses vara en avvägning mellan samhällsnytta och integritet, där beslutsfattare ser att integritetsfrågan är av ringa vikt jämfört med forskning inom området. GDPR ses vara en central reglering för integritet i den smarta staden, trots detta saknas entydighet från beslutsfattare kring förordningens applicering och potentiella konsekvenserna i den smarta stadens samtida explorativa utveckling. Studien utgår ifrån EU-förordningen GDPR, nationella riktlinjer för smarta städer och integritet, det nationella samarbetsprogrammet för smarta städer och samtida forskning inom smarta städer, integritet och dess överlapp. Den bedrivs genom en kvalitativ fallstudie av Stockholms smarta stad-initiativ. / Swedish cities face challenges such as increased urbanisation, shifting demographics and demands on lowered environmental impact. The smart city may be considered part of the solution to these challenges. While there is no commonly accepted definition of the term “smart city” the term may be summarised as utilising digitalisation to increase a city’s efficiency. Digitalisation in the smart city enables efficiency and increases quality of life through the utilisation of algorithms, high speed internet, sensors and cheap digital storage. Large amounts of data may be processed in real time and used to assist in, or automate, decision making. Experts suggest that the smart city may negatively impact the privacy of visitors and citizens by aggregating and correlating processed personal data. Privacy is a central part of a healthy democracy, it enables societal change by allowing citizens to act outside existing societal norms and increases citizen wellbeing. Since the smart city is currently shaped by policy makers, an understanding of their attitudes towards the risks of the smart city infringing on citizen privacy provides insights into whether the smart city may poses an overall threat to citizen privacy. Another important factor to consider is the legal constraints within which the policy makers operate. This study explores the definition of the term “smart city”, its role in solving problems and the risks of it negatively impacting the integrity of citizens and visitors. While there is no consensus regarding the smart city’s definition, some common ground may be found in that it is enabled by technology. Instead of grappling with the implications of the smart city as a whole we found it appropriate to understand it by categorising and comprehending the initiatives which comprise the smart city, as well as their interactions, separately. The smart city’s role in society is to solve societal challenges and increase quality of life, decision makers don’t consider it important to define the smart city as a part of its development. Smart cities bring about a trade-off situation in which decision makers clearly favor efficiency over integrity, a stark contrast to the published papers in the field which hold integrity in a higher esteem. Despite the GDPR being a key regulation to consider when dealing with integrity in the smart city we found that decision makers are unaware of its application, scope or potential consequences for the development of the smart city. This study is conducted as a qualitative case study of the Stockholm smart city project and explores the project’s impact on privacy. The study is contextualised through the EU-regulation GDPR, national guidelines for integrity, the national program for smart cities and current research within smart cities, integrity and their intersection. Smart city Privacy Data processing Democracy GDPR Privacy challenges Qualitative research Smart stad Integritet Datainsamling Demokrati GDPR Integritetsutmaningar Kvalitativ forskning Information Systems, Social aspects
210	GDPR och känsliga personuppgifter : En fallstudie om fackförbunds arbete med Dataskyddsförordningen / GDPR and sensitive personal data : A case study about trade unions' work with the General Data Protection Regulation Helenius, Anna January 2018 (has links) Den 25e maj 2018 träder den nya dataskyddsförordningen, GDPR, i kraft. I och med detta kommer alla medlemsstater i den europeiska unionen få en gemensam lag som skärper tidigare regler och ställer högre krav på organisationers personuppgiftsbehandling. Syftet med detta arbete har varit att undersöka och kartlägga hur verksamheter som behandlar känsliga personuppgifter anser sig bli påverkade av GDPR, samt hur de arbetar för att uppfylla kraven från denna nya förordning. Känsliga personuppgifter är sådana som exempelvis avslöjar en persons sexuella läggning, politiska åsikt, religiösa övertygelse eller fackliga tillhörighet och för att uppfylla syftet utfördes därför en fallstudie på sex stycken fackförbund av olika storlek. Datainsamlingen gjordes med hjälp av intervjuer med en person från varje förbund som har god insikt och överblick över organisationens GDPR-arbete. Resultaten från studien visar att fackförbunden anser att den nya dataskyddsförordningen är komplex och svårtolkad men att den ändå medför positiva konsekvenser för både organisationen och medlemmarna. Alla personuppgifter som fackförbunden hanterar faller direkt under känsliga personuppgifter eftersom de kan härledas till facklig tillhörighet, och detta gör att förbunden anser sig ställas inför högre krav på informationssäkerhet i jämförelse med många andra verksamheter. Bland annat möter de stora utmaningar i hur de skall kunna kommunicera med sina medlemmar i framtiden eftersom missbruksregeln försvinner och även ostrukturerat material inkluderas i den nya dataskyddsförordningen. Det går inte att säga generellt vilka åtgärder förbunden vidtagit för att förbereda sig inför de nya kraven från GDPR men det är tydligt att både tekniska och administrativa säkerhetsåtgärder behövs. Exempelvis uppgraderar många av förbunden sina IT-system och upphandlar helt nya ärendehanteringssystem, samtidigt som de dessutom inför rutiner för gallring och för hantering av personuppgiftsincidenter. / On 25 May 2018, the new data protection regulation, GDPR, will come into effect. With this, all members of the European Union will have a common law that sharpens previous rules and puts higher demands on organisations' personal data processing. The purpose of this study has been to investigate and map how businesses dealing with sensitive personal data consider themselves being affected by GDPR, and how they work to meet the requirements of this new regulations. Sensitive personal data are what for example reveals a person's sexual orientation, political opinion, religious conviction or union affiliation and therefore, to fulfil the purpose, a case study with six trade unions of different sizes was performed. The data collection was made with help of interviews with one person from each trade union, who has good insight and overview over the organisation's work with the GDPR. The results from the study show that the trade unions find the new data protection regulation to be complex and hard to interpret but that it nevertheless causes positive consequences for both the organisation and the members. All personal data that the trade unions handle fall directly under sensitive personal data since they may be derived to union affiliation and this leads to where the trade unions considering themselves facing higher demands on information security in comparison to many other businesses. Among other things, they face major challenges in how they are going to communicate with their members in the future, as even unstructured material is included in the new data protection regulation. It's not possible to say in general what actions the unions have taken to prepare for the new requirements of the GDPR, but it's clear that both technical and administrative safety actions are needed. For example, many of the unions are upgrading their IT systems or purchasing brand new case management systems while also introducing new routines for clearing of data and for management of personal data incidents. GDPR data protection general data protection regulation personal data processing sensitive personal data trade union information security GDPR dataskydd dataskyddsförordningen personuppgiftsbehandling känsliga personuppgifter fackförbund informationssäkerhet Computer and Information Sciences Data- och informationsvetenskap

Search results