994 resultados para privacy protection
Resumo:
This article is concerned with the liability of search engines for algorithmically produced search suggestions, such as through Google’s ‘autocomplete’ function. Liability in this context may arise when automatically generated associations have an offensive or defamatory meaning, or may even induce infringement of intellectual property rights. The increasing number of cases that have been brought before courts all over the world puts forward questions on the conflict of fundamental freedoms of speech and access to information on the one hand, and personality rights of individuals— under a broader right of informational self-determination—on the other. In the light of the recent judgment of the Court of Justice of the European Union (EU) in Google Spain v AEPD, this article concludes that many requests for removal of suggestions including private individuals’ information will be successful on the basis of EU data protection law, even absent prejudice to the person concerned.
Resumo:
Traditionally the right of privacy has not been recognised at common law. However, recently the High Court has indicated that it may be willing to develop a new tort of invasion of privacy. Several of the justices have stated that the new action would only relate to natural persons, not corporations. This is because the principles said to underpin the right to privacy, autonomy and dignity, are supposedly inapposite to corporations. This article argues that this reasoning is flawed. Neither the right to autonomy nor dignity is capable of underpinning the right to privacy. Hence, no sustainable basis has so far been advanced for restricting the availability of any future tort of invasion of privacy to individuals. This article also questions whether a separate tort is needed in view of the protection already provided to the privacy interests of individuals and corporations under the equitable doctrine of confidence.
Resumo:
The right to privacy is not recognised at common law. However, like many other rights, it has gained increasing prominence and legal recognition since the explosion in rights-based normative discourse following the Second World War. Rights-based moral theories are appealing because their language is individualising; promising to expand the sphere of liberty and protection offered to people. It is therefore not surprising that we as individuals are attracted to such theories - they allow us a vehicle through which we can project our wishes and demands onto the community. While in abstract the right to privacy sounds appealing, it has many potential disadvantages. This article examines the justification for the right to privacy. It argues that either the right is illusory (devoid of an overarching doctrinal rationale) or at its highest the right to privacy is an insignificant right - one which should rarely trump other interests. It follows that there is a need to re-assess the desirability of introducing a separate cause of action protecting privacy interests.
Resumo:
Radio Frequency Identification (RFID) system is a remote identification technology which is taking the place of barcodes to become electronic tags of an object. However, its radio transmission nature is making it vulnerable in terms of security. Recently, research proposed that an RFID tag can contain malicious code which might spread viruses, worms and other exploits to middleware and back-end systems. This paper is proposing a framework which will provide protection from malware and ensure the data privacy of a tag. The framework will use a sanitization technique with a mutual authentication in the reader level. This will ensure that any malicious code in the tag is identified. If the tag is infected by malicious code it will stop execution of the code in the RFIF system. Here shared unique parameters are used for authentication. It will be capable of protecting an RFID system from denial of service (DOS) attack, forward security and rogue reader better than existing protocols. The framework is introducing a layer concept on a smart reader to reduce coupling between different tasks. Using this framework, the RFID system will be protected from malware and also the privacy of the tag will be ensured.
Resumo:
As part of the security within distributed systems, various services and resources need protection from unauthorized use. Remote authentication is the most commonly used method to determine the identity of a remote client. This paper investigates a systematic approach for authenticating clients by three factors, namely password, smart card, and biometrics. A generic and secure framework is proposed to upgrade two-factor authentication to three-factor authentication. The conversion not only significantly improves the information assurance at low cost but also protects client privacy in distributed systems. In addition, our framework retains several practice-friendly properties of the underlying two-factor authentication, which we believe is of independent interest.
Resumo:
Cloud computing is an emerging evolutionary computing model that provides highly scalable services over highspeed Internet on a pay-as-usage model. However, cloud-based solutions still have not been widely deployed in some sensitive areas, such as banking and healthcare. The lack of widespread development is related to users’ concern that their confidential data or privacy would leak out in the cloud’s outsourced environment. To address this problem, we propose a novel active data-centric framework to ultimately improve the transparency and accountability of actual usage of the users’ data in cloud. Our data-centric framework emphasizes “active” feature which packages the raw data with active properties that enforce data usage with active defending and protection capability. To achieve the active scheme, we devise the Triggerable Data File Structure (TDFS). Moreover, we employ the zero-knowledge proof scheme to verify the request’s identification without revealing any vital information. Our experimental outcomes demonstrate the efficiency, dependability, and scalability of our framework.
Resumo:
In this paper we propose a secure ownership transfer protocol for a multi-tag multi-owner RFID environment that provides individual-owner-privacy. To our knowledge, the existing schemes do not provide individual-owner-privacy and most of the existing schemes do not comply with the EPC Global Class-1 Gen-2 (C1G2) standard since the protocols use expensive hash operations or sophisticated encryption schemes that cannot be implemented on low-cost passive tags that are highly resource constrained. Our work aims to fill these gaps by proposing a protocol that provides individual-owner-privacy, based on simple XOR and 128-bit pseudo-random number generators (PRNG), operations that are easily implemented on low-cost RFID tags while meeting the necessary security requirements thus making it a viable option for large scale implementations. Our protocol also provides additional protection by hiding the pseudo-random numbers during all transmissions using a blind-factor to prevent tracking attacks.
Resumo:
Principale obiettivo della ricerca è quello di ricostruire lo stato dell’arte in materia di sanità elettronica e Fascicolo Sanitario Elettronico, con una precipua attenzione ai temi della protezione dei dati personali e dell’interoperabilità. A tal fine sono stati esaminati i documenti, vincolanti e non, dell’Unione europea nonché selezionati progetti europei e nazionali (come “Smart Open Services for European Patients” (EU); “Elektronische Gesundheitsakte” (Austria); “MedCom” (Danimarca); “Infrastruttura tecnologica del Fascicolo Sanitario Elettronico”, “OpenInFSE: Realizzazione di un’infrastruttura operativa a supporto dell’interoperabilità delle soluzioni territoriali di fascicolo sanitario elettronico nel contesto del sistema pubblico di connettività”, “Evoluzione e interoperabilità tecnologica del Fascicolo Sanitario Elettronico”, “IPSE - Sperimentazione di un sistema per l’interoperabilità europea e nazionale delle soluzioni di Fascicolo Sanitario Elettronico: componenti Patient Summary e ePrescription” (Italia)). Le analisi giuridiche e tecniche mostrano il bisogno urgente di definire modelli che incoraggino l’utilizzo di dati sanitari ed implementino strategie effettive per l’utilizzo con finalità secondarie di dati sanitari digitali , come Open Data e Linked Open Data. L’armonizzazione giuridica e tecnologica è vista come aspetto strategico per ridurre i conflitti in materia di protezione di dati personali esistenti nei Paesi membri nonché la mancanza di interoperabilità tra i sistemi informativi europei sui Fascicoli Sanitari Elettronici. A questo scopo sono state individuate tre linee guida: (1) armonizzazione normativa, (2) armonizzazione delle regole, (3) armonizzazione del design dei sistemi informativi. I principi della Privacy by Design (“prottivi” e “win-win”), così come gli standard del Semantic Web, sono considerate chiavi risolutive per il suddetto cambiamento.
Resumo:
The thesis aims to make the dynamics of the tradeoffs involving privacy more visible; both theoretically and in two of the central current policy debates in European data protection law, the right to be forgotten and online tracking. In doing so, it offers an explanation for data protection law from an economic perspective and provides a basis for the evaluation of further data protection measures.
Resumo:
The protection of the fundamental human values (life, bodily integrity, human dignity, privacy) becomes imperative with the rapid progress in modern biotechnology, which can result in major alterations in the genetic make-up of organisms. It has become possible to insert human genes into pigs so that their internal organs coated in human proteins are more suitable for transplantation into humans (xenotransplantation), and micro-organisms that cam make insulin have been created, thus changing the genetic make-up of humans. At the end of the 1980s, the Central and Eastern European (CEE) countries either initiated new legislation or started to amend existing laws in this area (clinical testing of drugs, experiments on man, prenatal genetic diagnosis, legal protection of the embryo/foetus, etc.). The analysis here indicates that the CEE countries have not sufficiently adjusted their regulations to the findings of modern biotechnology, either because of the relatively short period they have had to do so, or because there are no definite answers to the questions which modern biotechnology has raised (ethical aspects of xenotransplantation, or of the use of live-aborted embryonic or foetal tissue in neuro-transplantation, etc.). In order to harmonise the existing regulations in CEE countries with respect to the EU and supranational contexts, two critical issues should be taken into consideration. The first is the necessity for CEE countries to recognise the place of humans within the achievements of modern biotechnology (a broader affirmation of the principle of autonomy, an explicit ban on the violation of the genetic identity of either born or unborn life, etc.). The second concerns the definition of the status of different biotechnological procedures and their permissibility (gene therapy, therapeutic genomes, xenotransplantation, etc.). The road towards such answers may be more easily identified once all CEE countries become members of the Council of Europe and express their wish to join the EU, which in turn presupposes taking over the entire body of EU legislation.
Resumo:
A substantial reform of data protection law is on the agenda of the European Commission as it is widely agreed that data protection law is faced by lots of challenges, due to fundamental technical and social changes or even revolutions. Therefore, the authors have issued draft new provisions on data protection law that would work in both Germany and Europe. The draft is intended to provide a new approach and deal with the consequences of such an approach. This article contains some key theses on the main legislatory changes that appear both necessary and adequate.
Resumo:
The development of the Internet has made it possible to transfer data ‘around the globe at the click of a mouse’. Especially fresh business models such as cloud computing, the newest driver to illustrate the speed and breadth of the online environment, allow this data to be processed across national borders on a routine basis. A number of factors cause the Internet to blur the lines between public and private space: Firstly, globalization and the outsourcing of economic actors entrain an ever-growing exchange of personal data. Secondly, the security pressure in the name of the legitimate fight against terrorism opens the access to a significant amount of data for an increasing number of public authorities.And finally,the tools of the digital society accompany everyone at each stage of life by leaving permanent individual and borderless traces in both space and time. Therefore, calls from both the public and private sectors for an international legal framework for privacy and data protection have become louder. Companies such as Google and Facebook have also come under continuous pressure from governments and citizens to reform the use of data. Thus, Google was not alone in calling for the creation of ‘global privacystandards’. Efforts are underway to review established privacy foundation documents. There are similar efforts to look at standards in global approaches to privacy and data protection. The last remarkable steps were the Montreux Declaration, in which the privacycommissioners appealed to the United Nations ‘to prepare a binding legal instrument which clearly sets out in detail the rights to data protection and privacy as enforceable human rights’. This appeal was repeated in 2008 at the 30thinternational conference held in Strasbourg, at the 31stconference 2009 in Madrid and in 2010 at the 32ndconference in Jerusalem. In a globalized world, free data flow has become an everyday need. Thus, the aim of global harmonization should be that it doesn’t make any difference for data users or data subjects whether data processing takes place in one or in several countries. Concern has been expressed that data users might seek to avoid privacy controls by moving their operations to countries which have lower standards in their privacy laws or no such laws at all. To control that risk, some countries have implemented special controls into their domestic law. Again, such controls may interfere with the need for free international data flow. A formula has to be found to make sure that privacy at the international level does not prejudice this principle.
Resumo:
This article provides a holistic legal analysis of the use of cookies in Online Behavioural Advertising. The current EU legislative framework is outlined in detail, and the legal obligations are examined. Consent and the debates surrounding its implementation form a large portion of the analysis. The article outlines the current difficulties associated with the reliance on this requirement as a condition for the placing and accessing of cookies. Alternatives to this approach are explored, and the implementation of solutions based on the application of the Privacy by Design and Privacy by Default concepts are presented. This discussion involves an analysis of the use of code and, therefore, product architecture to ensure adequate protections.
Resumo:
In Europe, roughly three regimes apply to the liability of Internet intermediaries for privacy violations conducted by users through their network. These are: the e-Commerce Directive, which, under certain conditions, excludes them from liability; the Data Protection Directive, which imposes a number of duties and responsibilities on providers processing personal data; and the freedom of expression, contained inter alia in the ECHR, which, under certain conditions, grants Internet providers several privileges and freedoms. Each doctrine has its own field of application, but they also have partial overlap. In practice, this creates legal inequality and uncertainty, especially with regard to providers that host online platforms and process User Generated Content.
