Before and after enforcement of GDPR: Personal data protection requests received by Croatian Personal Data Protection Agency from academic and research institutions

Introduction: The European Union’s (EU) General Data Protection Regulation (GDPR) was put in force on 25th May 2018. It is not known how many personal data protection requests the national authority in Croatia had received before and after GDPR, and how many of those were related to research. Materials and methods: We obtained data from the Croatian Personal Data Protection Agency (CPDPA) about requests/complaints related to personal data protection that were received specifically from academic/research institutions, specifically the number and type of all cases/requests between the years 2015-2019. Results: In 2018, CPDPA had a dramatic increase in the number of requests in the post-GDPR period, compared to the pre-GDPR period of the same year. In 2019, CPDPA received 2718 requests/complaints; less than in the year 2018. From 2015 to 2019, CPDPA received only 37 requests related to research. Conclusions: Very few requests about personal data protection from academic and research institutions in Croatia were submitted to the national Croatian data protection authority. Future studies could explore whether researchers have sufficient awareness and knowledge about personal data protection related to research, to adequately implement the GDPR regulations

Dark Patterns: Light to be found in Europe’s Consumer Protection Regime

Defined as ‘tricks used in websites and apps that make you do things that you did not mean to, like buying or signing up for something’, much of the academic scholarship on the regulation of ‘dark patterns’ has focussed on privacy and data protection legislation. The term has been deployed to describe ‘deceptive’ and ‘manipulative’ design techniques implemented in a way that led to a user behaviour that would not have happened without the dark pattern. This article analyses to what extent the current EU Consumer Protection acquis is placed to make a substantial and complementary contribution towards curtailing the use of dark patterns. We do so through the lens of the European Commission’s adoption of a ‘New Deal for Consumers’ which strengthens enforcement mechanisms of EU consumer law and modernises the EU’s consumer protection rules in view of market developmentsEffective Protection of Fundamental Rights in a pluralist worl

Mobile Technology in Allergic Rhinitis : Evolution in Management or Revolution in Health and Care?

Smart devices and Internet-based applications (apps) are largely used in allergic rhinitis and may help to address some unmet needs. However, these new tools need to first of all be tested for privacy rules, acceptability, usability, and cost-effectiveness. Second, they should be evaluated in the frame of the digital transformation of health, their impact on health care delivery, and health outcomes. This review (1) summarizes some existing mobile health apps for allergic rhinitis and reviews those in which testing has been published, (2) discusses apps that include risk factors of allergic rhinitis, (3) examines the impact of mobile health apps in phenotype discovery, (4) provides real-world evidence for care pathways, and finally (5) discusses mobile health tools enabling the digital transformation of health and care, empowering citizens, and building a healthier society. (C) 2019 American Academy of Allergy, Asthma & ImmunologyPeer reviewe

Collaborative Research and Development of a Novel, Patient-Centered Digital Platform (MyEyeSite) for Rare Inherited Retinal Disease Data: Acceptability and Feasibility Study

Background: Inherited retinal diseases (IRDs) are a leading cause of blindness in children and working age adults in the United Kingdom and other countries, with an appreciable socioeconomic impact. However, by definition, IRD data are individually rare, and as a result, this patient group has been underserved by research. Researchers need larger amounts of these rare data to make progress in this field, for example, through the development of gene therapies. The challenge has been how to find and make these data available to researchers in the most productive way. MyEyeSite is a research collaboration aiming to design and develop a digital platform (the MyEyeSite platform) for people with rare IRDs that will enable patients, doctors, and researchers to aggregate and share specialist eye health data. A crucial component of this platform is the MyEyeSite patient application, which will provide the means for patients with IRD to interact with the system and, in particular, to collate, manage, and share their personal specialist IRD data both for research and their own health care. / Objective: This study aims to test the acceptability and feasibility of the MyEyeSite platform in the target IRD population through a collaborative patient-centered study. / Methods: Qualitative data were generated through focus groups and workshops, and quantitative data were obtained through a survey of patients with IRD. Participants were recruited through clinics at Moorfields Eye Hospital National Health Service (NHS) Foundation Trust and the National Institute for Health Research (NIHR) Moorfields Biomedical Research Centre through their patient and public involvement databases. / Results: Our IRD focus group sample (n=50) highlighted the following themes: frustration with the current system regarding data sharing within the United Kingdom’s NHS; positive expectations of the potential benefits of the MyEyeSite patient application, resulting from increased access to this specialized data; and concerns regarding data security, including potentially unethical use of the data outside the NHS. Of the surveyed 80 participants, 68 (85%) were motivated to have a more active role in their eye care and share their data for research purposes using a secure technology, such as a web application or mobile app. / Conclusions: This study demonstrates that patients with IRD are highly motivated to be actively involved in managing their own data for research and their own eye care. It demonstrates the feasibility of involving patients with IRD in the detailed design of the MyEyeSite platform exemplar, with input from the patient with IRD workshops playing a key role in determining both the functionality and accessibility of the designs and prototypes. The development of a user-centered technological solution to the problem of rare health data has the potential to benefit not only the patient with IRD community but also others with rare diseases

When Programs Collide: A Panel Report on the Competing Interests of Analytics and Security

The increasing demand for business analytics and cybersecurity professionals provides an exciting job outlook for graduates of information systems programs. However, the rapid proliferation of devices and systems that spurred this trend has created a challenging ethical dilemma for the individuals responsible for educating future generations of information technology professionals. Many firms collect and store as much data as possible in the hope that technology might uncover useful insights in the future. This behavior results in an ever-increasing challenge for those charged with protecting organizational assets and exerts pressure on executives seeking an analytical edge to remain profitable in a hyper-competitive marketplace. With this dilemma in mind, a recent panel discussion at the 14th Annual Midwest Association for Information Systems Conference explored the delicate balance between unleashing the power of analytics and securing the sensitive data it consumes while respecting consumer privacy. This paper reports on that discussion and its insights

Data standardization

With data rapidly becoming the lifeblood of the global economy, the ability to improve its use significantly affects both social and private welfare. Data standardization is key to facilitating and improving the use of data when data portability and interoperability are needed. Absent data standardization, a “Tower of Babel” of different databases may be created, limiting synergetic knowledge production. Based on interviews with data scientists, this Article identifies three main technological obstacles to data portability and interoperability: metadata uncertainties, data transfer obstacles, and missing data. It then explains how data standardization can remove at least some of these obstacles and lead to smoother data flows and better machine learning. The Article then identifies and analyzes additional effects of data standardization. As shown, data standardization has the potential to support a competitive and distributed data collection ecosystem and lead to easier policing in cases where rights are infringed or unjustified harms are created by data-fed algorithms. At the same time, increasing the scale and scope of data analysis can create negative externalities in the form of better profiling, increased harms to privacy, and cybersecurity harms. Standardization also has implications for investment and innovation, especially if lock-in to an inefficient standard occurs. The Article then explores whether market-led standardization initiatives can be relied upon to increase welfare, and the role governmental-facilitated data standardization should play, if at all

Automation of Authorisation Vulnerability Detection in Authenticated Web Applications

In the beginning the World Wide Web, also known as the Internet, consisted mainly of websites. These were essentially information depositories containing static pages, with the flow of information mostly one directional, from the server to the user’s browser. Most of these websites didn’t authenticate users, instead, each user was treated the same, and presented with the same information. A malicious party that gained access to the web server hosting these websites would usually not gain access to confidential information as most of the information on the web server would already be accessible to the public. Instead, the malicious party would typically modify the files that are on the server in order to deface the website or use the server to host pirated materials. At present, the majority of websites available on the public internet are applications; these are highly functional and rely on two-way communication between the client’s browser and the web server hosting the application. The content on these applications is typically generated dynamically, and is often tailored towards each specific user, with much of the information dealt with being confidential in nature. A malicious party that compromises a web application, and gains access to confidential information which they normally should not be able to access, may be able to steal personal client information, commit financial fraud, or perform other malicious actions against those users whose personal information has been leaked. This thesis seeks to examine the access controls that are put in place across a variety of web applications that seek to prevent malicious parties from gaining access to confidential information they should not be able to access. It will test these access controls to ensure that they are robust enough for their purpose, and aims to automate this procedure

Phishing happens beyond technology : the effects of human behaviors and demographics on each step of a phishing process

Prior studies have shown that the behaviours and attitudes of Internet users influence the likelihood of being victimised by phishing attacks. Many scammers design a step-by-step approach to phishing in order to gain the potential victim's trust and convince them to take the desired actions. It is important to understand which behaviours and attitudes can influence following the attacker in each step of a phishing scam. This will enable us to identify the root causes of phishing and to develop specific mitigation plans for each step of the phishing process and to increase prevention points. This study investigates to what extent people's risk-taking and decision-making styles influence the likelihood of phishing victimisation in three specific phishing steps. We asked participants to play a risk-taking game and to answer questions related to two psychological scales to measure their behaviours, and then conducted a simulated phishing campaign to assess their phishability throughout the three phishing steps selected. We find that the attitude to risk-taking and gender can predict users' phishability in the different steps selected. There are however other possible direct and indirect behavioural factors that could be investigated in future studies. The results of this study and the model developed can be used to build a comprehensive framework to prevent the success of phishing attempts, starting from their root causes

Unfair commercial practices in e-commerce

Τα τελευταία χρόνια, λόγω της κυριαρχίας και ανόδου του ηλεκτρονικού εμπορίου και της τεχνητής νοημοσύνης έχουν παρατηρηθεί πρακτικές διαφήμισης και μάρκετινγκ σε διαδικτυακές πλατφόρμες και μέσα κοινωνικής δικτύωσης που παραβιάζουν την Οδηγία για τις αθέμιτες εμπορικές πρακτικές και απειλούν την ευημερία και την προστασία των καταναλωτών. Μια μεγάλη ποικιλία τεχνικών διαδικτυακού μάρκετινγκ, συμπεριλαμβανομένης της εξατομικευμένης διαφήμισης, των παγίδων συνδρομής, της εγγενούς διαφήμισης, influencer marketing, των διαφημιστικών παιχνιδιών και των κριτικών καταναλωτών έχει αποδειχθεί ιδιαιτέρως προβληματική. Σκοπός της διατριβής μου ήταν ο εντοπισμός τέτοιων αθέμιτων εμπορικών πρακτικών στο ευρύ πεδίο του ηλεκτρονικού εμπορίου και η κριτική της τυχόν αποτελεσματικότητας ή μη του υπάρχοντος νομικού πλαισίου.There have been increased concerns during the past years, due to the rise of e-Commerce and Artificial Intelligence, about advertising and marketing practices in online platforms and social media that infringe the Unfair Commercial Practices Directive and threaten the consumers’ welfare and protection. A great variety of online marketing techniques, including personalised advertising, subscription traps, bait and drip pricing, native advertising, influencer marketing, advertorials, fishing, advergames and consumer reviews, was found to be particularly problematic. The scope of my dissertation was to detect such unfair commercial practices within the broad field of e-commerce and elaborate on the efficiencies and inefficiencies of the existing legal framework

The Brave New World of Big Data

Note from the editor The Brave New World of Big Data by Akos Rona-Tas Aadhaar: Uniquely Indian Dystopia? by Reetika Khera Biometric IDs and the remaking of the Indian (welfare) state by Ursula Rao Multiple social credit systems in China by Chuncheng Liu Credit Scoring in the United States by Barbara Kiviat Bringing Context back into privacy regulation and beyond. About limitation on purpose as an (old) response to (new) data challenges by Karoline Krenn OpEd by Jenny Andersson Book review