104,426 research outputs found
Cyber Babel: Finding the Lingua Franca in Cybersecurity Regulation
Cybersecurity regulations have proliferated over the past few years as the significance of the threat has drawn more attention. With breaches making headlines, the public and their representatives are imposing requirements on those that hold sensitive data with renewed vigor. As high-value targets that hold large amounts of sensitive data, financial institutions are among the most heavily regulated. Regulations are necessary. However, regulations also come with costs that impact both large and small companies, their customers, and local, national, and international economies. As the regulations have proliferated so have those costs. The regulations will inevitably and justifiably diverge where different governments view the needs of their citizens differently. However, that should not prevent regulators from recognizing areas of agreement. This Note examines the regulatory regimes governing the data and cybersecurity practices of financial institutions implemented by the Securities and Exchange Commission, the New York Department of Financial Services, and the General Data Protection Regulations of the European Union to identify areas where requirements overlap, with the goal of suggesting implementations that promote consistency, clarity, and cost reduction
European Union regulations on algorithmic decision-making and a "right to explanation"
We summarize the potential impact that the European Union's new General Data
Protection Regulation will have on the routine use of machine learning
algorithms. Slated to take effect as law across the EU in 2018, it will
restrict automated individual decision-making (that is, algorithms that make
decisions based on user-level predictors) which "significantly affect" users.
The law will also effectively create a "right to explanation," whereby a user
can ask for an explanation of an algorithmic decision that was made about them.
We argue that while this law will pose large challenges for industry, it
highlights opportunities for computer scientists to take the lead in designing
algorithms and evaluation frameworks which avoid discrimination and enable
explanation.Comment: presented at 2016 ICML Workshop on Human Interpretability in Machine
Learning (WHI 2016), New York, N
The control over personal data: True remedy or fairy tale ?
This research report undertakes an interdisciplinary review of the concept of
"control" (i.e. the idea that people should have greater "control" over their
data), proposing an analysis of this con-cept in the field of law and computer
science. Despite the omnipresence of the notion of control in the EU policy
documents, scholarly literature and in the press, the very meaning of this
concept remains surprisingly vague and under-studied in the face of
contemporary socio-technical environments and practices. Beyond the current
fashionable rhetoric of empowerment of the data subject, this report attempts
to reorient the scholarly debates towards a more comprehensive and refined
understanding of the concept of control by questioning its legal and technical
implications on data subject\^as agency
Mapping and analysis of the current self- and co- regulatory framework of commercial communication aimed at minors
As the advertising sector has been very active in self-regulating commercial communication aimed at children, a patchwork of different rules and instruments exist, drafted by different self-regulatory organisations at international, European and national level. In order to determine the scope and contents of these rules, and hence, the actual level of protection of children, a structured mapping of these rules is needed. As such, this report aims to provide an overview of different categories of Alternative Regulatory Instruments(ARIs,such as self- and co-regulation regarding (new) advertising formats aimed at children. This report complements the first legal AdLit research report, which provided an overview of the legislative provisions in this domain.status: publishe
Design Challenges for GDPR RegTech
The Accountability Principle of the GDPR requires that an organisation can
demonstrate compliance with the regulations. A survey of GDPR compliance
software solutions shows significant gaps in their ability to demonstrate
compliance. In contrast, RegTech has recently brought great success to
financial compliance, resulting in reduced risk, cost saving and enhanced
financial regulatory compliance. It is shown that many GDPR solutions lack
interoperability features such as standard APIs, meta-data or reports and they
are not supported by published methodologies or evidence to support their
validity or even utility. A proof of concept prototype was explored using a
regulator based self-assessment checklist to establish if RegTech best practice
could improve the demonstration of GDPR compliance. The application of a
RegTech approach provides opportunities for demonstrable and validated GDPR
compliance, notwithstanding the risk reductions and cost savings that RegTech
can deliver. This paper demonstrates a RegTech approach to GDPR compliance can
facilitate an organisation meeting its accountability obligations
Whatâs behind the ag-data logo? An examination of voluntary agricultural-data codes of practice
In this article, we analyse agricultural data (ag-data) codes of practice. After the introduction, Part II examines the emergence of ag-data codes of practice and provides two case studiesâthe American Farm Bureauâs Privacy and Security Principles for Farm Data and New Zealandâs Farm Data Code of Practiceâthat illustrate that the ultimate aims of ag-data codes of practice are inextricably linked to consent, disclosure, transparency and, ultimately, the building of trust. Part III highlights the commonalities and challenges of ag-data codes of practice. In Part IV several concluding observations are made. Most notably, while ag-data codes of practice may help change practices and convert complex details about ag-data contracts into something tangible, understandable and useable, it is important for agricultural industries to not hastily or uncritically accept or adopt ag-data codes of practice. There needs to be clear objectives, and a clear direction in which stakeholders want to take ag-data practices. In other words, stakeholders need to be sure about what they are trying, and able, to achieve with ag-data codes of practice. Ag-data codes of practice need credible administration, accreditation and monitoring. There also needs to be a way of reviewing and evaluating the codes in a more meaningful way than simple metrics such as the number of members: for example, we need to know something about whether the codes raise awareness and education around data practices, and, perhaps most importantly, whether they encourage changes in attitudes and behaviours around the access to and use of ag-data
- âŠ