949 resultados para data protection reform, data protection
Resumo:
In this work, we present an adaptive unequal loss protection (ULP) scheme for H264/AVC video transmission over lossy networks. This scheme combines erasure coding, H.264/AVC error resilience techniques and importance measures in video coding. The unequal importance of the video packets is identified in the group of pictures (GOP) and the H.264/AVC data partitioning levels. The presented method can adaptively assign unequal amount of forward error correction (FEC) parity across the video packets according to the network conditions, such as the available network bandwidth, packet loss rate and average packet burst loss length. A near optimal algorithm is developed to deal with the FEC assignment for optimization. The simulation results show that our scheme can effectively utilize network resources such as bandwidth, while improving the quality of the video transmission. In addition, the proposed ULP strategy ensures graceful degradation of the received video quality as the packet loss rate increases. © 2010 IEEE.
Resumo:
Though controversial the question of applying data protection laws to biological materials has only gotten a little attention in data privacy discourse. This article aims to contribute to this dearth by arguing that despite absence of positive intention from the architects to apply the EU Data privacy law to biological materials, a range of developments in Molecular Biology and nano-technology—usually mediated by advances in ICT—may provide persuasive grounds to do so. In addition, paucity of sufficient explication of key terms like ‘data/information’ in these legislations may fuel such tendency whereby laws originally intended for the informational world may end up applying to the biological world. The article also analyzes various predicaments that may arise from applying data privacy laws to biological materials. A focus is made on legislative sources at the EU level though national laws are relied on when pertinent.
Resumo:
Encryption of personal data is widely regarded as a privacy preserving technology which could potentially play a key role for the compliance of innovative IT technology within the European data protection law framework. Therefore, in this paper, we examine the new EU General Data Protection Regulation’s relevant provisions regarding encryption – such as those for anonymisation and pseudonymisation – and assess whether encryption can serve as an anonymisation technique, which can lead to the non-applicability of the GDPR. However, the provisions of the GDPR regarding the material scope of the Regulation still leave space for legal uncertainty when determining whether a data subject is identifiable or not. Therefore, we inter alia assess the Opinion of the Advocate General of the European Court of Justice (ECJ) regarding a preliminary ruling on the interpretation of the dispute concerning whether a dynamic IP address can be considered as personal data, which may put an end to the dispute whether an absolute or a relative approach has to be used for the assessment of the identifiability of data subjects. Furthermore, we outline the issue of whether the anonymisation process itself constitutes a further processing of personal data which needs to have a legal basis in the GDPR. Finally, we give an overview of relevant encryption techniques and examine their impact upon the GDPR’s material scope.
Resumo:
Public agencies are increasingly required to collaborate with each other in order to provide high-quality e-government services. This collaboration is usually based on the service-oriented approach and supported by interoperability platforms. Such platforms are specialized middleware-based infrastructures enabling the provision, discovery and invocation of interoperable software services. In turn, given that personal data handled by governments are often very sensitive, most governments have developed some sort of legislation focusing on data protection. This paper proposes solutions for monitoring and enforcing data protection laws within an E-government Interoperability Platform. In particular, the proposal addresses requirements posed by the Uruguayan Data Protection Law and the Uruguayan E-government Platform, although it can also be applied in similar scenarios. The solutions are based on well-known integration mechanisms (e.g. Enterprise Service Bus) as well as recognized security standards (e.g. eXtensible Access Control Markup Language) and were completely prototyped leveraging the SwitchYard ESB product.
Resumo:
Tutkielman tarkoituksena on selvittää lukijalle, mistä syistä ja miten Euroopan unionin tietosuojainstrumentit – nykyinen tietosuojadirektiivi ja tuleva tietosuoja-asetus – asettavat rajoituksia EU:n kansalaisten henkilötietojen siirroille kolmansiin maihin kaupallisia tarkoituksia varten. Erityisen tarkastelun kohteena on henkilötietojen siirrot EU:n alueelta Yhdysvaltoihin mahdollistanut Safe Harbor-järjestelmä, jonka Euroopan unionin tuomioistuin katsoi pätemättömäksi asiassa C-362/14 Maximillian Schrems v Data Protection Commissioner. Tutkimusaiheen eli henkilötietojen rajat ylittävien siirtojen ollessa kansainvälisen oikeuden ja tietosuojaoikeuden leikkauspisteessä on tutkimuksessa käytetty molempien oikeudenalojen asiantuntijoiden tutkimuksia lähteenä. Kansainvälisen oikeuden peruslähteenä on käytetty Brownlien teosta Principles of Public International Law (6. painos), jota vasten on peilattu tutkimusaihetta tarkemmin käsittelevää kirjallisuutta. Erityisesti on syytä nostaa esille Bygraven tietosuojaoikeutta kansainvälisessä kontekstissa käsittelevä Data Privacy Law: An International Perspective sekä Kunerin nimenomaisesti henkilötietojen kansainvälisiä siirtoja käsittelevä Transborder Data Flows and Data Privacy Law. Uusien teknologioiden myötä nopeasti kehittyvästä tutkimusilmiöstä ja oikeudenalasta johtuen tutkimuksessa on käytetty lähdemateriaaleina runsaasti aihepiiriä käsitteleviä artikkeleita arvostetuista julkaisuista, sekä EU:n tietosuojaviranomaisten ja YK:n raportteja virallislähteinä. Keskeiset tutkimustulokset osoittavat EU:n ja sen jäsenvaltioiden intressit henkilötietojen siirroissa sekä EU:n asettamien henkilötietojen siirtosääntelyiden vaikutukset kolmansiin maihin. Globaalin konsensuksen saavuttamisen koskien henkilötietojen kansainvälisiä siirtosääntelyitä arvioitiin olevan ainakin lähitulevaisuudessa epätodennäköistä. Nykyisten alueellisten sääntelyratkaisujen osalta todettiin Euroopan neuvoston yleissopimuksen No. 108 eniten osoittavan potentiaalia maailmanlaajuiselle implementoinnille. Lopuksi arvioitiin oikeudellisen pluralismin mallin puitteissa tarkoituksenmukaisia keinoja EU:n kansalaisten perusoikeuksina turvattujen yksityisyyden ja henkilötietojen suojan parantamiseksi. Tarkastelu osoittaa EU:n kansalaisten sekä näiden henkilötietoja käsittelevien ja siirtävien yritysten välillä olleen tiedollinen ja voimallinen epätasapaino, joka ilmenee yksilön tiedollisen itseautonomian ja suostumuksen merkityksen heikentymisenä, joskin EU:n vuonna 2018 voimaan astuva tietosuoja-asetus organisaatioiden vastuuta korostamalla pyrkii poistamaan tätä ongelmaa.
Resumo:
In the digital age, e-health technologies play a pivotal role in the processing of medical information. As personal health data represents sensitive information concerning a data subject, enhancing data protection and security of systems and practices has become a primary concern. In recent years, there has been an increasing interest in the concept of Privacy by Design, which aims at developing a product or a service in a way that it supports privacy principles and rules. In the EU, Article 25 of the General Data Protection Regulation provides a binding obligation of implementing Data Protection by Design technical and organisational measures. This thesis explores how an e-health system could be developed and how data processing activities could be carried out to apply data protection principles and requirements from the design stage. The research attempts to bridge the gap between the legal and technical disciplines on DPbD by providing a set of guidelines for the implementation of the principle. The work is based on literature review, legal and comparative analysis, and investigation of the existing technical solutions and engineering methodologies. The work can be differentiated by theoretical and applied perspectives. First, it critically conducts a legal analysis on the principle of PbD and it studies the DPbD legal obligation and the related provisions. Later, the research contextualises the rule in the health care field by investigating the applicable legal framework for personal health data processing. Moreover, the research focuses on the US legal system by conducting a comparative analysis. Adopting an applied perspective, the research investigates the existing technical methodologies and tools to design data protection and it proposes a set of comprehensive DPbD organisational and technical guidelines for a crucial case study, that is an Electronic Health Record system.
Resumo:
In recent years, there has been exponential growth in using virtual spaces, including dialogue systems, that handle personal information. The concept of personal privacy in the literature is discussed and controversial, whereas, in the technological field, it directly influences the degree of reliability perceived in the information system (privacy ‘as trust’). This work aims to protect the right to privacy on personal data (GDPR, 2018) and avoid the loss of sensitive content by exploring sensitive information detection (SID) task. It is grounded on the following research questions: (RQ1) What does sensitive data mean? How to define a personal sensitive information domain? (RQ2) How to create a state-of-the-art model for SID?(RQ3) How to evaluate the model? RQ1 theoretically investigates the concepts of privacy and the ontological state-of-the-art representation of personal information. The Data Privacy Vocabulary (DPV) is the taxonomic resource taken as an authoritative reference for the definition of the knowledge domain. Concerning RQ2, we investigate two approaches to classify sensitive data: the first - bottom-up - explores automatic learning methods based on transformer networks, the second - top-down - proposes logical-symbolic methods with the construction of privaframe, a knowledge graph of compositional frames representing personal data categories. Both approaches are tested. For the evaluation - RQ3 – we create SPeDaC, a sentence-level labeled resource. This can be used as a benchmark or training in the SID task, filling the gap of a shared resource in this field. If the approach based on artificial neural networks confirms the validity of the direction adopted in the most recent studies on SID, the logical-symbolic approach emerges as the preferred way for the classification of fine-grained personal data categories, thanks to the semantic-grounded tailor modeling it allows. At the same time, the results highlight the strong potential of hybrid architectures in solving automatic tasks.
Resumo:
The General Data Protection Regulation (GDPR) has been designed to help promote a view in favor of the interests of individuals instead of large corporations. However, there is the need of more dedicated technologies that can help companies comply with GDPR while enabling people to exercise their rights. We argue that such a dedicated solution must address two main issues: the need for more transparency towards individuals regarding the management of their personal information and their often hindered ability to access and make interoperable personal data in a way that the exercise of one's rights would result in straightforward. We aim to provide a system that helps to push personal data management towards the individual's control, i.e., a personal information management system (PIMS). By using distributed storage and decentralized computing networks to control online services, users' personal information could be shifted towards those directly concerned, i.e., the data subjects. The use of Distributed Ledger Technologies (DLTs) and Decentralized File Storage (DFS) as an implementation of decentralized systems is of paramount importance in this case. The structure of this dissertation follows an incremental approach to describing a set of decentralized systems and models that revolves around personal data and their subjects. Each chapter of this dissertation builds up the previous one and discusses the technical implementation of a system and its relation with the corresponding regulations. We refer to the EU regulatory framework, including GDPR, eIDAS, and Data Governance Act, to build our final system architecture's functional and non-functional drivers. In our PIMS design, personal data is kept in a Personal Data Space (PDS) consisting of encrypted personal data referring to the subject stored in a DFS. On top of that, a network of authorization servers acts as a data intermediary to provide access to potential data recipients through smart contracts.
Resumo:
The thesis represents the conclusive outcome of the European Joint Doctorate programmein Law, Science & Technology funded by the European Commission with the instrument Marie Skłodowska-Curie Innovative Training Networks actions inside of the H2020, grantagreement n. 814177. The tension between data protection and privacy from one side, and the need of granting further uses of processed personal datails is investigated, drawing the lines of the technological development of the de-anonymization/re-identification risk with an explorative survey. After acknowledging its span, it is questioned whether a certain degree of anonymity can still be granted focusing on a double perspective: an objective and a subjective perspective. The objective perspective focuses on the data processing models per se, while the subjective perspective investigates whether the distribution of roles and responsibilities among stakeholders can ensure data anonymity.
Resumo:
The purpose of this research study is to discuss privacy and data protection-related regulatory and compliance challenges posed by digital transformation in healthcare in the wake of the COVID-19 pandemic. The public health crisis accelerated the development of patient-centred remote/hybrid healthcare delivery models that make increased use of telehealth services and related digital solutions. The large-scale uptake of IoT-enabled medical devices and wellness applications, and the offering of healthcare services via healthcare platforms (online doctor marketplaces) have catalysed these developments. However, the use of new enabling technologies (IoT, AI) and the platformisation of healthcare pose complex challenges to the protection of patient’s privacy and personal data. This happens at a time when the EU is drawing up a new regulatory landscape for the use of data and digital technologies. Against this background, the study presents an interdisciplinary (normative and technology-oriented) critical assessment on how the new regulatory framework may affect privacy and data protection requirements regarding the deployment and use of Internet of Health Things (hardware) devices and interconnected software (AI systems). The study also assesses key privacy and data protection challenges that affect healthcare platforms (online doctor marketplaces) in their offering of video API-enabled teleconsultation services and their (anticipated) integration into the European Health Data Space. The overall conclusion of the study is that regulatory deficiencies may create integrity risks for the protection of privacy and personal data in telehealth due to uncertainties about the proper interplay, legal effects and effectiveness of (existing and proposed) EU legislation. The proliferation of normative measures may increase compliance costs, hinder innovation and ultimately, deprive European patients from state-of-the-art digital health technologies, which is paradoxically, the opposite of what the EU plans to achieve.
Resumo:
Big data and AI are paving the way to promising scenarios in clinical practice and research. However, the use of such technologies might clash with GDPR requirements. Today, two forces are driving the EU policies in this domain. The first is the necessity to protect individuals’ safety and fundamental rights. The second is to incentivize the deployment of innovative technologies. The first objective is pursued by legislative acts such as the GDPR or the AIA, the second is supported by the new data strategy recently launched by the European Commission. Against this background, the thesis analyses the issue of GDPR compliance when big data and AI systems are implemented in the health domain. The thesis focuses on the use of co-regulatory tools for compliance with the GDPR. This work argues that there are two level of co-regulation in the EU legal system. The first, more general, is the approach pursued by the EU legislator when shaping legislative measures that deal with fast-evolving technologies. The GDPR can be deemed a co-regulatory solution since it mainly introduces general requirements, which implementation shall then be interpretated by the addressee of the law following a risk-based approach. This approach, although useful is costly and sometimes burdensome for organisations. The second co-regulatory level is represented by specific co-regulatory tools, such as code of conduct and certification mechanisms. These tools are meant to guide and support the interpretation effort of the addressee of the law. The thesis argues that the lack of co-regulatory tools which are supposed to implement data protection law in specific situations could be an obstacle to the deployment of innovative solutions in complex scenario such as the health ecosystem. The thesis advances hypothesis on theoretical level about the reasons of such a lack of co-regulatory solutions.
Resumo:
The dissertation contains five parts: An introduction, three major chapters, and a short conclusion. The First Chapter starts from a survey and discussion of the studies on corporate law and financial development literature. The commonly used methods in these cross-sectional analyses are biased as legal origins are no longer valid instruments. Hence, the model uncertainty becomes a salient problem. The Bayesian Model Averaging algorithm is applied to test the robustness of empirical results in Djankov et al. (2008). The analysis finds that their constructed legal index is not robustly correlated with most of the various stock market outcome variables. The second Chapter looks into the effects of minority shareholders protection in corporate governance regime on entrepreneurs' ex ante incentives to undertake IPO. Most of the current literature focuses on the beneficial part of minority shareholder protection on valuation, while overlooks its private costs on entrepreneur's control. As a result, the entrepreneur trade-offs the costs of monitoring with the benefits of cheap sources of finance when minority shareholder protection improves. The theoretical predictions are empirically tested using panel data and GMM-sys estimator. The third Chapter investigates the corporate law and corporate governance reform in China. The corporate law in China regards shareholder control as the means to the ends of pursuing the interests of stakeholders, which is inefficient. The Chapter combines the recent development of theories of the firm, i.e., the team production theory and the property rights theory, to solve such problem. The enlightened shareholder value, which emphasizes on the long term valuation of the firm, should be adopted as objectives of listed firms. In addition, a move from the mandatory division of power between shareholder meeting and board meeting to the default regime, is proposed.
Resumo:
The reconstruction of the child protection system in the post-communist period so as to meet professional standards while responding to the needs of children is an enormous task. In order to understand the features of the current stage of the development of the Romanian child protection system and to evaluate its trends towards change, Roth-Szamoskozi analysed data from scientific literature and collected statistics to document the evolution of the child-protection structure. Empirical data collection using qualitative methods (content analysis of documents and interviews with staff) were designed to reflect the degree to which child welfare laws correspond to internationally accepted regulations and to analyse the attitudes of those working in the field at different decision-making levels. An experiment with a group of 12 students showed that there have been basic changes in the legal framework of Romanian child welfare. Students could see that the required principles exist in the new Romanian child protection law, but also identified areas which are still inadequately represented. 61 staff members working in child welfare agencies (both state and non-governmental) were also interviewed, using a systematic, circular interview. Using the criteria of competence and the existence of specific social goals, professionalism in solving social problems and respect for social-work values, the 30 non-governmental organisations were divided into three categories. The first (7 organisations) are active in the area, know the law and are fairly professional, the second (5) are motivated in their work with specific problems, but with no great competence. The 18 organisations in the third group have no competence in the social field and in issues concerning children and do only charitable work. The state agencies are still dominated by routine, but there were many staff members who were developing reform and strategic roles and were actively directing the system towards change. Many staff members in both governmental and non-governmental organisations were directing the system towards a stress on intervention in the interests of the child in the context of its family. Roth-Szamoskozi found that staff members felt the need of a more accurate evaluation system which would enable them to show their results more clearly.
Resumo:
Quantification of dermal exposure to pesticides in rural workers, used in risk assessment, can be performed with different techniques such as patches or whole body evaluation. However, the wide variety of methods can jeopardize the process by producing disparate results, depending on the principles in sample collection. A critical review was thus performed on the main techniques for quantifying dermal exposure, calling attention to this issue and the need to establish a single methodology for quantification of dermal exposure in rural workers. Such harmonization of different techniques should help achieve safer and healthier working conditions. Techniques that can provide reliable exposure data are an essential first step towards avoiding harm to workers' health.
Resumo:
Severe accidents caused by the armed spider Phoneutria nigriventer cause neurotoxic manifestations in victims. In experiments with rats, P. nigriventer venom (PNV) temporarily disrupts the properties of the BBB by affecting both the transcellular and the paracellular route. However, it is unclear how cells and/or proteins participate in the transient opening of the BBB. The present study demonstrates that PNV is a substrate for the multidrug resistance protein-1 (MRP1) in cultured astrocyte and endothelial cells (HUVEC) and increases mrp1 and cx43 and down-regulates glut1 mRNA transcripts in cultured astrocytes. The inhibition of nNOS by 7-nitroindazole suggests that NO derived from nNOS mediates some of these effects by either accentuating or opposing the effects of PNV. In vivo, MRP1, GLUT1 and Cx43 protein expression is increased differentially in the hippocampus and cerebellum, indicating region-related modulation of effects. PNV contains a plethora of Ca(2+), K(+) and Na(+) channel-acting neurotoxins that interfere with glutamate handling. It is suggested that the findings of the present study are the result of a complex interaction of signaling pathways, one of which is the NO, which regulates BBB-associated proteins in response to PNV interference on ions physiology. The present study provides additional insight into PNV-induced BBB dysfunction and shows that a protective mechanism is activated against the venom. The data shows that PNV has qualities for potential use in drug permeability studies across the BBB.
