Fully compliant? : a study of data protection policy in UK public organisations

Warren, Adam P.

January 2003

No description available.

346

Privacy : Data protection

A public interest approach to data protection law : the meaning, value and utility of the public interest for research uses of data

Stevens, Leslie Anne

January 2017

Due to legal uncertainty surrounding the application of key provisions of European and UK data protection law, the public interest in protecting individuals’ informational privacy is routinely neglected, as are the public interests in certain uses of data. Consent or anonymisation are often treated as the paradigmatic example of compliance with data protection law, even though both are unable to attend to the full range of rights and interests at stake in data processing. Currently, where data processing may serve a realisable public interest, and consent or anonymisation are impracticable (if not impossible to obtain) the public interest conditions to processing are the rational alternative justifications for processing. However, the public interest conditions are poorly defined in the legislation, and misunderstood and neglected in practice. This thesis offers a much-needed alternative to the predominant consent-or-anonymise paradigm by providing a new understanding of the public interest concept in data protection law and to suggest a new approach to deploying the concept in a way that is consistent with the protective and facilitative aims of the legislation. Through undertaking legislative analysis new insight is provided on the purpose of the public interest conditions in data protection law, revealing critical gaps in understanding. By engaging with public interest theory and discovering the conceptual contours of the public interest, these gaps are addressed. Combined with the insight obtained from the legislative history, we can determine the reasonable range of circumstances and types of processing where it may be justifiable to use personal data based on the public interest. On this basis, and to develop a new approach for deploying the concept, other legal uses of the public interest are examined. The lessons learned suggest legislative and procedural elements that are critical to successful deployment of the public interest concept in data protection. The thesis concludes with the identification of key components to allow a clearer understanding of the public interest in this field. Further, these insights enable recommendations to be made, to reform the law, procedure and guidance. In doing so, the concept of the public interest can be confidently deployed in line with the aims of data protection law, to both protect and facilitate the use of personal data.

The impact of privacy regulations on the development of electronic commerce in Jordan and the UK

Aljaber, Maher

January 2012

Improvement in information communication technology (ICT) is one of the factors behind growth in economic productivity. A major dimension of this is the use of the Internet in e-commerce, allowing companies to collect, store, and exchange personal information obtained from visitors to their websites. Electronic commerce has many different variants, and is believed by many governments throughout the world to be the engine of economic stability in the future. While electronic commerce has many benefits, there is evidence to suggest privacy concerns are an inhibitor to its adoption in Jordan and the UK. According to Campbell (1997, p.45), privacy in this context can be defined as “the ability of individuals to determine the nature and extent of information about them which is being communicated to others”. The importance of information in e-commerce has increased, because the main success factor for the completion of transactions between businesses and consumers is the companies’ ability to access consumers’ personal details. This conflicts with the consumers’ fear of providing personal information to un-trusted parties, which makes them disinterested in entering contracts via the internet. This research discusses privacy concerns as an inhibitor for electronic commerce by providing a comparison between UK and Jordanian regulations, to establish the impact that these regulations have ameliorating privacy concerns regarding the development of electronic commerce in Jordan and the UK. The interpretive grounded theory approach has allowed the researcher to gain a deep understanding about privacy perceptions of electronic commerce held by the main stakeholders: government, businesses and consumers. Furthermore, through implementing the Straussian grounded theory approach as a data collection and analysis method, two grounded theories have emerged as giving deeper understanding of the situation in Jordan and the UK regarding privacy concerns and how this affects electronic commerce development in both countries.

004

Differences in self-reported perceptions of privacy between online social and commercial networking users /

Hughes, Jessie.

January 2008

Thesis (M.S.)--Rochester Institute of Technology, 2008. / Typescript. Includes bibliographical references (leaves 22-25).

Perceptions of privacy on Facebook /

Warfel, Elizabeth A.

January 2008

Thesis (M.S.)--Rochester Institute of Technology, 2008. / Typescript. Supplemental CD-ROM contains the thesis as a Microsoft Word document. Includes bibliographical references (leaves 24-25).

The Challenges of Personal Data Markets and Privacy

Spiekermann-Hoff, Sarah, Böhme, Rainer, Acquisti, Alessandro, Hui, Kai-Lung

January 2015

Personal data is increasingly conceived as a tradable asset. Markets for personal information are emerging and new ways of valuating individuals' data are being proposed. At the same time, legal obligations over protection of personal data and individuals' concerns over its privacy persist. This article outlines some of the economic, technical, social, and ethical issues associated with personal data markets, focusing on the privacy challenges they raise.

JEL K20, K40, L14, L20, M30

Private and Secure Data Communication: Information Theoretic Approach

Basciftci, Yuksel O., Basciftci

January 2016

No description available.

Electrical Engineering

EFA (EVENT FLOW ARCHITECTURE) PRINCIPLES ILLUSTRATED THROUGH A SOFTWARE PLATFORM. Software architecture principles for IoT systems, implemented in a platform, addressing privacy, sharing, and fault tolerance

Naimoli, Andrea Eugenio

18 April 2024

The design and development of technology applications has to deal with many variables. Reference is obviously made to established hardware and software support, particularly with regard to the choice of appropriate operating systems, development model, environment and programming language. With the growth of networked and web-exposed systems, we are increasingly dealing with IoT (Internet-of-Things) systems: complex applications consisting of a network of often heterogeneous elements to be managed like an orchestra, using existing elements and creating new ones. Among the many fields affected by this phenomenon, two in particular are considered here: industry and medical, key sectors of modern society. Given the inherently parallel nature of such networks and the fact that it is commonly necessary to manage them via the Web, the most prevalent de facto model employs an architecture relying on a paradigm based on data flows, representing the entire system as a kind of assembly line in which each entity acquires input data and returns an output in a perfectly asynchronous manner. This thesis highlights some notable limitations of this approach and proposes an evolution that resolves some key issues. This has been done not only on a purely theoretical level, but with actual implementations currently operational and thus demonstrated in the field. Rather than proposing an abstract formalisation of a new solution, the basic principles of a whole new architecture are presented here instead, going into more detail on some key features and with experimental and practical feedback implemented as a full blown software platform. A first contribution is the definition of the principles of a new programming architecture, disseminated with some published articles and a speech in an international congress. A second contribution concerns a lightweight data synchronisation strategy, which is particularly useful for components that need to continue working during offline periods. A third contribution concerns a method of storing a symmetric encryption key combined with a peculiar retrieval and verification technique: this has resulted in an international patent, already registered. A fourth contribution concerns a new data classification model, which is particularly effective for processing information asynchronously. Issues related to possible integrations with artificial intelligence systems have also been addressed, for which a number of papers are being written, introduced by a presentation that has just been published.

Settore INF/01 - Informatica

Exchanging and Protecting Personal Data across Borders: GDPR Restrictions on International Data Transfer

Oldani, Isabella

20 July 2020

From the very outset of the EU data protection legislation, and hence from the 1995 Directive, international data transfer has been subject to strict requirements aimed at ensuring that protection travels with data. Although these rules have been widely criticized for their inability to deal with the complexity of modern international transactions, the GDPR has essentially inherited the same architecture of the Directive together with its structural limitations. This research aims to highlight the main weaknesses of the EU data export restrictions and identify what steps should be taken to enable a free, yet safe, data flow. This research first places EU data transfer rules in the broader debate about the challenges that the un-territorial cyberspace poses to States’ capabilities to exert their control over data. It then delves into the territorial scope of the GDPR to understand how far it goes in protecting data beyond the EU borders. The objectives underpinning data export restrictions (i.e., avoiding the circumvention of EU standards and protecting data from foreign public authorities) and their limitations in achieving such objectives are then identified. Lastly, three possible “solutions” for enabling data flow are tested. Firstly, it is shown that the adoption by an increasing number of non-EEA countries of GDPR-like laws and the implementation by many companies of GDPR-compliant policies is more likely to boost international data flow than internationally agreed standards. Secondly, the role that Article 3 GDPR may play in making data transfer rules “superfluous” is analysed, as well as the need to complement the direct applicability of the GDPR with cross-border cooperation between EU and non-EU regulators. Thirdly, the study finds that the principle of accountability, as an instrument of data governance, may boost international data flow by pushing most of the burden for ensuring GDPR compliance on organizations and away from resource-constrained regulators.

A Design- by- Privacy Framework for End- User Data Controls

Zhou, Tangjia

January 2021

Our internet makes data storage and sharing more convenient. An increasing amount of privacy data is being stored on different application platforms, so the security of these data has become a public concern. The European Council General Data Protection Regulation (GDPR) put forward clear requirements for application platforms to give back end- users data control, and the regulations came into force in May 2018. However, there is still a lack of low- cost, easy- to-manage user data control framework in the application platform, especially for startups. To address the problem, I apply Amazon Cognito to provide user account management and monitor. Therefore, I store the user information (e.g., username, email) registered on the web application in Cognito to achieve user authentication. I also associate the web application with Amazon Web Services (AWS) Application Programming Interface (API) Gateway to implement the data control operations on the web application to the AWS DynamoDB database. The final result proves that the framework can successfully implement data control operations on the end- user data under the requirements of GDPR. Meanwhile, all data operation results can be displayed in real- time on the web application and can be used in the corresponding AWS service to monitor. / Vårt internet gör datalagring och delning bekvämare. En ökande mängd känslig användardata lagras på olika applikationsplattformar, så säkerheten för dessa data har blivit en allmän angelägenhet. Europeiska rådets GDPR presenterade tydliga krav på att applikationsplattformar ska returnera slutanvändarnas datakontroller och de förordningar som trädde i kraft i maj 2018. Det saknas dock fortfarande ett billigt, lättanvänt hanteringsramverk för användarna samt datakontroll i applikationsplattformen, särskilt för startups. För att lösa problemet använder jag Amazon Cognito för att hantera och övervaka användarkonton. Därför lagrar jag användarinformationen (t.ex. användarnamn, epost) som är registrerad i webbapplikationen i Cognito för att uppnå användarautentisering. Jag associerar också webbapplikationen med AWS API Gateway för att implementera datakontrollåtgärderna på webbapplikationen till AWS DynamoDB- databasen. Det slutliga resultatet visar att ramverket framgångsrikt kan implementera datahanteringsoperationer på slutanvändardata i enlighet med kraven i GDPR. Under tiden kan alla datadriftresultat visas i realtid i webbapplikationen och kan därmed användas i motsvarande AWS- tjänst för att monitorera.

Privacy Data

GDPR

AWS

End- User Data Control

Sekretessdata

GDPR

AWS

kontroll av slutanvändardata

Computer and Information Sciences

Data- och informationsvetenskap