932 resultados para data privacy
Resumo:
The thesis represents the conclusive outcome of the European Joint Doctorate programmein Law, Science & Technology funded by the European Commission with the instrument Marie Skłodowska-Curie Innovative Training Networks actions inside of the H2020, grantagreement n. 814177. The tension between data protection and privacy from one side, and the need of granting further uses of processed personal datails is investigated, drawing the lines of the technological development of the de-anonymization/re-identification risk with an explorative survey. After acknowledging its span, it is questioned whether a certain degree of anonymity can still be granted focusing on a double perspective: an objective and a subjective perspective. The objective perspective focuses on the data processing models per se, while the subjective perspective investigates whether the distribution of roles and responsibilities among stakeholders can ensure data anonymity.
Resumo:
The purpose of this research study is to discuss privacy and data protection-related regulatory and compliance challenges posed by digital transformation in healthcare in the wake of the COVID-19 pandemic. The public health crisis accelerated the development of patient-centred remote/hybrid healthcare delivery models that make increased use of telehealth services and related digital solutions. The large-scale uptake of IoT-enabled medical devices and wellness applications, and the offering of healthcare services via healthcare platforms (online doctor marketplaces) have catalysed these developments. However, the use of new enabling technologies (IoT, AI) and the platformisation of healthcare pose complex challenges to the protection of patient’s privacy and personal data. This happens at a time when the EU is drawing up a new regulatory landscape for the use of data and digital technologies. Against this background, the study presents an interdisciplinary (normative and technology-oriented) critical assessment on how the new regulatory framework may affect privacy and data protection requirements regarding the deployment and use of Internet of Health Things (hardware) devices and interconnected software (AI systems). The study also assesses key privacy and data protection challenges that affect healthcare platforms (online doctor marketplaces) in their offering of video API-enabled teleconsultation services and their (anticipated) integration into the European Health Data Space. The overall conclusion of the study is that regulatory deficiencies may create integrity risks for the protection of privacy and personal data in telehealth due to uncertainties about the proper interplay, legal effects and effectiveness of (existing and proposed) EU legislation. The proliferation of normative measures may increase compliance costs, hinder innovation and ultimately, deprive European patients from state-of-the-art digital health technologies, which is paradoxically, the opposite of what the EU plans to achieve.
Resumo:
Trabalho apresentado no âmbito do Mestrado em Engenharia Informática, como requisito parcial para obtenção do grau de Mestre em Engenharia Informática.
Resumo:
While mobile technologies can provide great personalized services for mobile users, they also threaten their privacy. Such personalization-privacy paradox are particularly salient for context aware technology based mobile applications where user's behaviors, movement and habits can be associated with a consumer's personal identity. In this thesis, I studied the privacy issues in the mobile context, particularly focus on an adaptive privacy management system design for context-aware mobile devices, and explore the role of personalization and control over user's personal data. This allowed me to make multiple contributions, both theoretical and practical. In the theoretical world, I propose and prototype an adaptive Single-Sign On solution that use user's context information to protect user's private information for smartphone. To validate this solution, I first proved that user's context is a unique user identifier and context awareness technology can increase user's perceived ease of use of the system and service provider's authentication security. I then followed a design science research paradigm and implemented this solution into a mobile application called "Privacy Manager". I evaluated the utility by several focus group interviews, and overall the proposed solution fulfilled the expected function and users expressed their intentions to use this application. To better understand the personalization-privacy paradox, I built on the theoretical foundations of privacy calculus and technology acceptance model to conceptualize the theory of users' mobile privacy management. I also examined the role of personalization and control ability on my model and how these two elements interact with privacy calculus and mobile technology model. In the practical realm, this thesis contributes to the understanding of the tradeoff between the benefit of personalized services and user's privacy concerns it may cause. By pointing out new opportunities to rethink how user's context information can protect private data, it also suggests new elements for privacy related business models.
Resumo:
In this technical report, we approach one of the practical aspects when it comes to represent users' interests from their tagging activity, namely the categorization of tags into high-level categories of interest. The reason is that the representation of user profiles on the basis of the myriad of tags available on the Web is certainly unfeasible from various practical perspectives; mainly concerningthe unavailability of data to reliably, accurately measure interests across such fine-grained categorization, and, should the data be available, its overwhelming computational intractability. Motivated by this, our study presents the results of a categorization process whereby a collection of tags posted at BibSonomy #http://www.bibsonomy.org# are classified into 5 categories of interest. The methodology used to conduct such categorization is in line with other works in the field.
Resumo:
The aim of this study was to assess the teaching-learning process related to patient privacy during the care process and the way nursing students’ protect patient privacy. Descriptive/correlational study using a qualitative approach and nonprobability sampling of 19 nurse educators from two schools of nursing. Data was collected using semi-structured interviews. Data analysis was undertaken using the SPSS version 20 and Alceste 2010 programs. The study complied with ethical standards. Two classes were assigned (protection of patient privacy and care process) with four subcategories (protection, empathy, relational competencies and technoscientific competencies).The findings show the need to adopt a reflective approach to the teaching-learning process by using experiential learning activities and real-life activities. We believe that intimacy and the protection of privacy should be core themes of nurse education and training.
Resumo:
Peer-reviewed
Resumo:
Personalised ubiquitous services have rapidly proliferated due technological advancements in sensing, ubiquitous and mobile computing. Evolving societal trends, business and the economic potential of Personal Information (PI) have overlapped the service niches. At the same time, the societal thirst for more personalised services has increased and are met by soliciting deeper and more privacy invasive PI from customers. Consequentially, reinforcing traditional privacy challenges and unearthed new risks that render classical safeguards ine ective. The absence of solutions to criticise personalised ubiquitous services from privacy perspectives, aggravates the situation. This thesis presents a solution permitting users' PI, stored in their mobile terminals to be disclosed to services in privacy preserving manner for personalisation needs. The approach termed, Mobile Electronic Personality Version 2 (ME2.0), is compared to alternative mechanisms. Within ME2.0, PI handling vulnerabilities of ubiquitous services are identi ed and sensitised on their practices and privacy implications. Vulnerability where PI may leak through covert solicits, excessive acquisitions and legitimate data re-purposing to erode users privacy are also considered. In this thesis, the design, components, internal structures, architectures, scenarios and evaluations of ME2.0 are detailed. The design addresses implications and challenges leveraged by mobile terminals. ME2.0 components and internal structures discusses the functions related to how PI pieces are stored and handled by terminals and services. The architecture focusses on di erent components and their exchanges with services. Scenarios where ME2.0 is used are presented from di erent environment views, before evaluating for performance, privacy and usability.
Resumo:
This thesis presented the overview of Open Data research area, quantity of evidence and establishes the research evidence based on the Systematic Mapping Study (SMS). There are 621 such publications were identified published between years 2005 and 2014, but only 243 were selected in the review process. This thesis highlights the implications of Open Data principals’ proliferation in the emerging era of the accessibility, reusability and sustainability of data transparency. The findings of mapping study are described in quantitative and qualitative measurement based on the organization affiliation, countries, year of publications, research method, star rating and units of analysis identified. Furthermore, units of analysis were categorized by development lifecycle, linked open data, type of data, technical platforms, organizations, ontology and semantic, adoption and awareness, intermediaries, security and privacy and supply of data which are important component to provide a quality open data applications and services. The results of the mapping study help the organizations (such as academia, government and industries), re-searchers and software developers to understand the existing trend of open data, latest research development and the demand of future research. In addition, the proposed conceptual framework of Open Data research can be adopted and expanded to strengthen and improved current open data applications.
Resumo:
Modern automobiles are no longer just mechanical tools. The electronics and computing services they are shipping with are making them not less than a computer. They are massive kinetic devices with sophisticated computing power. Most of the modern vehicles are made with the added connectivity in mind which may be vulnerable to outside attack. Researchers have shown that it is possible to infiltrate into a vehicle’s internal system remotely and control the physical entities such as steering and brakes. It is quite possible to experience such attacks on a moving vehicle and unable to use the controls. These massive connected computers can be life threatening as they are related to everyday lifestyle. First part of this research studied the attack surfaces in the automotive cybersecurity domain. It also illustrated the attack methods and capabilities of the damages. Online survey has been deployed as data collection tool to learn about the consumers’ usage of such vulnerable automotive services. The second part of the research portrayed the consumers’ privacy in automotive world. It has been found that almost hundred percent of modern vehicles has the capabilities to send vehicle diagnostic data as well as user generated data to their manufacturers, and almost thirty five percent automotive companies are collecting them already. Internet privacy has been studies before in many related domain but no privacy scale were matched for automotive consumers. It created the research gap and motivation for this thesis. A study has been performed to use well established consumers privacy scale – IUIPC to match with the automotive consumers’ privacy situation. Hypotheses were developed based on the IUIPC model for internet consumers’ privacy and they were studied by the finding from the data collection methods. Based on the key findings of the research, all the hypotheses were accepted and hence it is found that automotive consumers’ privacy did follow the IUIPC model under certain conditions. It is also found that a majority of automotive consumers use the services and devices that are vulnerable and prone to cyber-attacks. It is also established that there is a market for automotive cybersecurity services and consumers are willing to pay certain fees to avail that.
Resumo:
Since the early 1970's, Canadians have expressed many concerns about the growth of government and its impact on their daily lives. The public has requested increased access to government documents and improved protection of the personal information which is held in government files and data banks. At the same time, both academics and practitioners in the field of public administration have become more interested in the values that public servants bring to their decisions and recommendations. Certain administrative values, such as accountability and integrity, have taken on greater relative importance. The purpose of this thesis is to examine the implementation of Ontario's access and privacy law. It centres on the question of whether or not the Freedom of Information and Protection of Privacy Act, 1987, (FIPPA) has answered the demand for open access to government while at the same time protecting the personal privacy of individual citizens. It also assesses the extent to which this relatively new piece of legislation has made a difference to the people of Ontario. The thesis presents an overview of the issues of freedom of information and protection of privacy in Ontario. It begins with the evolution of the legislation and a description of the law itself. It focuses on the structures and processes which have been established to meet the procedural and administrative demands of the Act. These structures and processes are evaluated in two ways. First, the thesis evaluates how open the Ontario government has become and, second, it determines how Ill carefully the privacy rights of individuals are safeguarded. An analytical framework of administrative values is used to evaluate the overall performance of the government in these two areas. The conclusion is drawn that, overall, the Ontario government has effectively implemented the Freedom of Information and Protection of Privacy Act, particularly by providing access to most government-held documents. The protection of individual privacy has proved to be not only more difficult to achieve, but more difficult to evaluate. However, the administrative culture of the Ontario bureaucracy is shown to be committed to ensuring that the access and privacy rights of citizens are respected.
Resumo:
The use of information and communication technologies in the health and social service sectors, and the development of multi-centred and international research networks present many benefits for society: for example, better follow-up on an individual’s states of health, better quality of care, better control of expenses, and better communication between healthcare professionals. However, this approach raises issues relative to the protection of privacy: more specifically, to the processing of individual health information.
Resumo:
L'avancement des communications sans-fil permet l'obtention de nouveaux services bases sur l'habileté des fournisseurs de services sans-fil à déterminer avec précision, et avec l'utilisation de technologies de pistage, la localisation et position géographiquement d'appareils sans-fil Cette habileté permet d'offrir aux utilisateurs de sans-fil de nouveaux services bases sur la localisation et la position géographique de leur appareil. Le développement des services basés sur la localisation des utilisateurs de sans-fil soulevé certains problèmes relatifs à la protection de la vie privée qui doivent être considérés. En effet, l'appareil sans-fil qui suit et enregistre les mouvements de I 'utilisateur permet un système qui enregistre et entrepose tous les mouvements et activités d'un tel utilisateur ou encore qui permet l'envoi de messages non anticipes à ce dernier. Pour ce motif et afin de protéger la vie privée des utilisateurs de sans-fil, une compagnie désirant développer ou déployer une technologie permettant d'offrir ce genre de services personnalisés devra analyser l'encadrement légal touchant la protection des données personnelles--lequel est dans certains cas vague et non approprié à ce nouveau contexte--ainsi que la position de l'industrie dans ce domaine, et ce, afin d'être en mesure de traduire cet encadrement en pratiques commerciales. Cette analyse permettra d'éclairer le fournisseur de ces services sur la façon d'établir son modèle d'affaires et sur le type de technologie à développer afin d'être en mesure de remédier aux nouveaux problèmes touchant la vie privée tout en offrant ces nouveaux services aux utilisateurs de sans-fil.
Resumo:
L’avénement des réseaux sociaux, tel que Facebook, MySpace et LinkedIn, a fourni une plateforme permettant aux individus de rester facilement connectés avec leurs amis, leurs familles ou encore leurs collègues tout en les encourageant activement à partager leurs données personnelles à travers le réseau. Avec la richesse des activités disponibles sur un réseau social, la quantité et la variété des informations personnelles partagées sont considérables. De plus, de part leur nature numérique, ces informations peuvent être facilement copiées, modifiées ou divulguées sans le consentement explicite de leur propriétaire. Ainsi, l’information personnelle révélée par les réseaux sociaux peut affecter de manière concrète la vie de leurs utilisateurs avec des risques pour leur vie privée allant d’un simple embarras à la ruine complète de leur réputation, en passant par l’usurpation d’identité. Malheureusement, la plupart des utilisateurs ne sont pas conscients de ces risques et les outils mis en place par les réseaux sociaux actuels ne sont pas suffisants pour protéger efficacement la vie privée de leurs utilisateurs. En outre, même si un utilisateur peut contrôler l’accès à son propre profil, il ne peut pas contrôler ce que les autres révèlent à son sujet. En effet, les “amis” d’un utilisateur sur un réseau social peuvent parfois révéler plus d’information à son propos que celui-ci ne le souhaiterait. Le respect de la vie privée est un droit fondamental pour chaque individu. Nous pré- sentons dans cette thèse une approche qui vise à accroître la prise de conscience des utilisateurs des risques par rapport à leur vie privée et à maintenir la souveraineté sur leurs données lorsqu’ils utilisent un réseau social. La première contribution de cette thèse réside dans la classification des risques multiples ainsi que les atteintes à la vie privée des utilisateurs d’un réseau social. Nous introduisons ensuite un cadre formel pour le respect de la vie privée dans les réseaux sociaux ainsi que le concept de politique de vie privée (UPP). Celle-ci définie par l’utilisateur offre une manière simple et flexible de spécifier et communiquer leur attentes en terme de respect de la vie privée à d’autres utilisateurs, tiers parties ainsi qu’au fournisseur du réseau social. Par ailleurs, nous dé- finissons une taxonomie (possiblement non-exhaustive) des critères qu’un réseau social peut intégrer dans sa conception pour améliorer le respect de la vie privée. En introduisant le concept de réseau social respectueux de la vie privée (PSNS), nous proposons Privacy Watch, un réseau social respectueux de la vie privée qui combine les concepts de provenance et d’imputabilité afin d’aider les utilisateurs à maintenir la souveraineté sur leurs données personnelles. Finalement, nous décrivons et comparons les différentes propositions de réseaux sociaux respectueux de la vie privée qui ont émergé récemment. Nous classifions aussi ces différentes approches au regard des critères de respect de la vie privée introduits dans cette thèse.
Resumo:
L’utilisation d’Internet prend beaucoup d’ampleur depuis quelques années et le commerce électronique connaît une hausse considérable. Nous pouvons présentement acheter facilement via Internet sans quitter notre domicile et avons accès à d’innombrables sources d’information. Cependant, la navigation sur Internet permet également la création de bases de données détaillées décrivant les habitudes de chaque utilisateur, informations ensuite utilisées par des tiers afin de cerner le profil de leur clientèle cible, ce qui inquiète plusieurs intervenants. Les informations concernant un individu peuvent être récoltées par l’interception de données transactionnelles, par l’espionnage en ligne, ainsi que par l’enregistrement d’adresses IP. Afin de résoudre les problèmes de vie privée et de s’assurer que les commerçants respectent la législation applicable en la matière, ainsi que les exigences mises de l’avant par la Commission européenne, plusieurs entreprises comme Zero-knowledge Systems Inc. et Anonymizer.com offrent des logiciels permettant la protection de la vie privée en ligne (privacy-enhancing technologies ou PETs). Ces programmes utilisent le cryptage d’information, une méthode rendant les données illisibles pour tous à l’exception du destinataire. L’objectif de la technologie utilisée a été de créer des systèmes mathématiques rigoureux pouvant empêcher la découverte de l’identité de l’auteur même par le plus déterminé des pirates, diminuant ainsi les risques de vol d’information ou la divulgation accidentelle de données confidentielles. Malgré le fait que ces logiciels de protection de la vie privée permettent un plus grand respect des Directives européennes en la matière, une analyse plus approfondie du sujet témoigne du fait que ces technologies pourraient être contraires aux lois concernant le cryptage en droit canadien, américain et français.
