1,947 research outputs found
A Generic Information and Consent Framework for the IoT
The Internet of Things (IoT) raises specific issues in terms of information
and consent, which makes the implementation of the General Data Protection
Regulation (GDPR) challenging in this context. In this report, we propose a
generic framework for information and consent in the IoT which is protective
both for data subjects and for data controllers. We present a high level
description of the framework, illustrate its generality through several
technical solutions and case studies, and sketch a prototype implementation
GDPR Privacy Policies in CLAUDETTE: Challenges of Omission, Context and Multilingualism
The latest developments in natural language processing and machine learning have created new opportunities in legal text analysis. In particular, we look at the texts of online privacy policies after the implementation of the European General Data Protection Regulation (GDPR). We analyse 32 privacy policies to design a methodology for automated detection and assessment of compliance of these documents. Preliminary results confirm the pressing issues with current privacy policies and the beneficial use of this approach in empowering consumers in making more informed decisions. However, we also encountered several serious issues in the process. This paper introduces the challenges through concrete examples of context dependence, omission of information, and multilingualism
The coexistence between Blockchain and GDPR
The constant evolution of technology sometimes cannot avoid conflict with the parallel evolution of surrounding regulations and legislation. This dissertation highlights the Blockchain architectural design and its inherent and apparent incompatibility with the standing European directives concerning General Data Protection Regulation (GDPR) thanks to one of its most prominent features - immutability. As Blockchain-based solutions emerge and their adoption increases, the concerns about current regulation regarding storage of personal data and the conciliation with the Blockchain’s model arises. As a consequence, this research aims to find out a practical way of making Blockchains compatible with GDPR and providing a solution, with the elaboration of a Proof of Concept, along with interviews to experts of Blockchain and GDPR’s fields with the purpose of obtaining results and drawing conclusions.A constante evolução que categoriza a tecnologia nĂŁo pode, por vezes, evitar conflitos com a evolução paralela de regulamentos e de legislações envolventes. Esta dissertação destaca a discrepância entre a arquitetura inerente dos sistemas de Blockchain e a sua incompatibilidade aparente e inerente Ă s diretrizes europeias assentes sobre o Regulamento Geral de Proteção de Dados, graças a uma das suas caracterĂsticas mais importantes – imutabilidade. Ă€ medida que as soluções baseadas em Blockchain surgem e a sua adopção aumenta, surgem preocupações sobre a regulamentação atual em relação ao armazenamento de dados pessoais e a conciliação com o modelo da Blockchain. Consequentemente, esta pesquisa tem como objectivo descobrir uma maneira prática de tornar a tecnologia Blockchain compatĂvel com o Regulamento Geral de Proteção de Dados e fornecer uma solução atravĂ©s da elaboração de uma Prova de Conceito, alĂ©m de entrevistas com especialistas das áreas de Blockchain e Regulamento Geral de Proteção de Dados com o objetivo de obter resultados e tirar conclusões
Dark Patterns after the GDPR: Scraping Consent Pop-ups and Demonstrating their Influence
New consent management platforms (CMPs) have been introduced to the web to
conform with the EU's General Data Protection Regulation, particularly its
requirements for consent when companies collect and process users' personal
data. This work analyses how the most prevalent CMP designs affect people's
consent choices. We scraped the designs of the five most popular CMPs on the
top 10,000 websites in the UK (n=680). We found that dark patterns and implied
consent are ubiquitous; only 11.8% meet the minimal requirements that we set
based on European law. Second, we conducted a field experiment with 40
participants to investigate how the eight most common designs affect consent
choices. We found that notification style (banner or barrier) has no effect;
removing the opt-out button from the first page increases consent by 22--23
percentage points; and providing more granular controls on the first page
decreases consent by 8--20 percentage points. This study provides an empirical
basis for the necessary regulatory action to enforce the GDPR, in particular
the possibility of focusing on the centralised, third-party CMP services as an
effective way to increase compliance.Comment: 13 pages, 3 figures. To appear in the Proceedings of CHI '20 CHI
Conference on Human Factors in Computing Systems, April 25--30, 2020,
Honolulu, HI, US
Management of open access research infrastructures in large EU projects: the “CultureLabs” case
Working Paper Ircres-CNR 09/2021. Research funding organizations, particularly at international level, are increasingly promoting the creation and maintenance of open access research infrastructures (RI). These resources have assumed a pivotal role as support for the new open and networked science in their dimension of technical and operational frameworks that allow scientists and stakeholders to collaborate and share scientific data and results. In Social Sciences and Humanities (SSH), the creation and exploitation of open data platforms is still attempting to catch up with longer-standing practices in the “hard sciences” as the resistance to wider data sharing has not yet been completely overcome. This paper aims to describe how a large project, financed by the European Commission, managed the creation of a RI in the field of SSH, showing the steps undertaken to comply with the GDPR regulations and prepare the data for useful sharing and reuse. In this regard, the authors present the case study of the Horizon 2020 “CultureLabs” project, placing emphasis on some specific practical factors that they believe are particularly important for implementing open access principles in the establishment and maintenance of RIs in the new course of science based on sharing and openness. In particular, the authors will focus on creation of “useful” and GDPR-compliant data and the impact on research activities as a result of their (re)utilisation; the control of the data management process; and the compliance with funders’ requirements (e.g. in terms of data security). The reflection on the interplay of these aspects, operated through a case study, appears to be crucial in moving away from a merely theoretical approach to addressing the issue of open access, and it hopes to serve as a guide or a warning for those who create and administer open RIs
European Health Data Space – an opportunity now to grasp the future of data-driven healthcare
Peer reviewedPostprin
- …