Should Islamic Banking & Financial Institutions go with General Data Protection Regulation Compliance?

The new European Union (EU) data protection law - General Data Protection Regulation (GDPR)that is enforceable on all entities, within and outside the territory of European Union requires that follow entities dealing with private data of EU individuals should follow due procedures in regard to safe data handling and storage. This regulation is forcing all countries globally, including those in the Islamic countries to take special precautions. Islamic banks and financial institutions are key intermediaries fostering smooth foreign trade between Islamic and European countries. Lack of sufficiently strong data protection legislation in most of the Islamic countries is hampering conformity with GDPR. This leads to non-compliance and thereby paves way to heavy monetary penalties in the short-run and hurts business prospects with the European counties in the long-run, both of which are detrimental. This paper helps institutions in building frameworksby taking them through a series of compliance checks, build teamsto enforce standards, make knowledge repositories and to undertake necessary technical measures. Findings from this study can help Islamic companies in general and Islamic Banking Financial institutions in particular in meeting GDPR compliance.Finally, this paper makes some key recommendations to the Governments, Regulators, Financial Institutions, Organizations and Individuals so that they can become GDPR complaint

Enhancing GDPR compliance through data sensitivity and data hiding tools

Since the emergence of GDPR, several industries and sectors are setting informatics solutions for fulfilling these rules. The Health sector is considered a critical sector within the Industry 4.0 because it manages sensitive data, and National Health Services are responsible for managing patients’ data. European NHS are converging to a connected system allowing the exchange of sensitive information cross different countries. This paper defines and implements a set of tools for extending the reference architectural model industry 4.0 for the healthcare sector, which are used for enhancing GDPR compliance. These tools are dealing with data sensitivity and data hiding tools A case study illustrates the use of these tools and how they are integrated with the reference architectural model

Conflict-free access rules for sharing smart patient health records

This research is funded by the EU H2020 project Serums (Securing Medical Data in Smart Patient-Centric Healthcare Systems), grant code 826278.With an increasing trend in personalised healthcare provision across Europe, we need solutions to enable the secure transnational sharing of medical records, establishing granular access rights to personal patient data. Access rules can establish what should be accessible by whom for how long, and comply with collective regulatory frameworks, such as the European General Data Protection Regulation (GDPR). The challenge is to design and implement such systems integrating novel technologies like Blockchain and Data Lake to enhance security and access control. The blockchain module must deal with adequate policies and algorithms to guarantee that no data leaks occur when authorising data retrieval requests. The data lake module tackles the need for an efficient way to retrieve potential granular data from heterogeneous data sources. In this paper, we define a patient-centric authorisation approach, incorporating a structured format for composing access rules that enable secure data retrieval and automatic rules conflict checking.Postprin

Managing expectations, rights, and duties in large-scale genomics initiatives: a European comparison

This article reports on the findings of an international workshop organised by the UK-France Genomics and Ethics Network (UK-FR GENE) in 2021. They focus specifically on how collection, storage and sharing of genomic data may pose challenges to established principles and values such as trust, confidentiality, and privacy in countries that have implemented, or are about to implement, large-scale national genomic initiatives. These challenges impact the relationships between patients/citizens and medicine/science, and on each party’s rights and duties towards each other. Our geographic scope of comparative analysis includes initiatives underway in England (Genomics England), France (Plan France Médecine Génomique) and Germany (German Human Genome-Phenome Archive). We discuss existing as well as future challenges raised by large-scale health data collection and management in each country. We conclude that the prospects of improving individualised patient healthcare as well as contributing to the scientific and research prosperity of any given nation engaged in health data collection, storage and processing are undeniable. However, we also attempt to demonstrate that biomedical data requires careful management, and transparent and accountable governance structures that are clearly communicated to patients/participants and citizens. Furthermore, when third parties partake as stakeholders, transparent consent protocols relative to data access and use come centre stage, and patient benefits must clearly outweigh commercial interests. Finally, any cross-border data transfer needs to be carefully managed to address incoherencies between regional, national, and supranational regulations and recommendations

Data Spaces

This open access book aims to educate data space designers to understand what is required to create a successful data space. It explores cutting-edge theory, technologies, methodologies, and best practices for data spaces for both industrial and personal data and provides the reader with a basis for understanding the design, deployment, and future directions of data spaces. The book captures the early lessons and experience in creating data spaces. It arranges these contributions into three parts covering design, deployment, and future directions respectively. The first part explores the design space of data spaces. The single chapters detail the organisational design for data spaces, data platforms, data governance federated learning, personal data sharing, data marketplaces, and hybrid artificial intelligence for data spaces. The second part describes the use of data spaces within real-world deployments. Its chapters are co-authored with industry experts and include case studies of data spaces in sectors including industry 4.0, food safety, FinTech, health care, and energy. The third and final part details future directions for data spaces, including challenges and opportunities for common European data spaces and privacy-preserving techniques for trustworthy data sharing. The book is of interest to two primary audiences: first, researchers interested in data management and data sharing, and second, practitioners and industry experts engaged in data-driven systems where the sharing and exchange of data within an ecosystem are critical

Data Spaces

This open access book aims to educate data space designers to understand what is required to create a successful data space. It explores cutting-edge theory, technologies, methodologies, and best practices for data spaces for both industrial and personal data and provides the reader with a basis for understanding the design, deployment, and future directions of data spaces. The book captures the early lessons and experience in creating data spaces. It arranges these contributions into three parts covering design, deployment, and future directions respectively. The first part explores the design space of data spaces. The single chapters detail the organisational design for data spaces, data platforms, data governance federated learning, personal data sharing, data marketplaces, and hybrid artificial intelligence for data spaces. The second part describes the use of data spaces within real-world deployments. Its chapters are co-authored with industry experts and include case studies of data spaces in sectors including industry 4.0, food safety, FinTech, health care, and energy. The third and final part details future directions for data spaces, including challenges and opportunities for common European data spaces and privacy-preserving techniques for trustworthy data sharing. The book is of interest to two primary audiences: first, researchers interested in data management and data sharing, and second, practitioners and industry experts engaged in data-driven systems where the sharing and exchange of data within an ecosystem are critical

ETHICAL IMPLICATIONS AND HUMAN RIGHTS VIOLATIONS IN THE AGE OF ARTIFICIAL INTELLIGENCE

In an era marked by technological advancements, the proliferation of Artificial Intelligence (AI) systems has ushered in a new wave of possibilities and challenges, deeply interwoven with the stringent legal framework established by the General Data Protection Regulation (GDPR) within the European Union. This research paper adopts a multidisciplinary approach, encompassing theoretical analysis, ethical frameworks, and empirical case studies. By scrutinizing real-world AI applications across various domains, we aim to provide a nuanced understanding of the ethical implications and societal ramifications of AI's integration into our lives, while meticulously adhering to the GDPR's data protection and privacy provisions. The GDPR's principles of lawfulness, fairness, transparency, and data minimization serve as ethical benchmarks, ensuring that AI applications respect individual privacy and data protection rights. We delve into the GDPR's provisions concerning automated decision-making, profiling, and data subject rights, elucidating their pivotal role in upholding human rights in the context of AI's burgeoning influence. Our inquiry underscores the urgency of adopting a responsible and GDPR-compliant approach to AI development and deployment. By emphasizing the need for ethical guidelines and regulatory measures, we advocate for the safeguarding of human rights and dignity within the AI-driven world. It is within this nexus of ethical considerations and legal imperatives, particularly those set forth by the GDPR, that the profound impact of AI on human rights and dignity is unveiled. Our research contributes to the ongoing discourse and provides a roadmap toward a future where AI aligns harmoniously with the robust privacy and data protection standards mandated by European privacy laws, ensuring the preservation of individual rights in the digital age

Designing Data Spaces

This open access book provides a comprehensive view on data ecosystems and platform economics from methodical and technological foundations up to reports from practical implementations and applications in various industries. To this end, the book is structured in four parts: Part I “Foundations and Contexts” provides a general overview about building, running, and governing data spaces and an introduction to the IDS and GAIA-X projects. Part II “Data Space Technologies” subsequently details various implementation aspects of IDS and GAIA-X, including eg data usage control, the usage of blockchain technologies, or semantic data integration and interoperability. Next, Part III describes various “Use Cases and Data Ecosystems” from various application areas such as agriculture, healthcare, industry, energy, and mobility. Part IV eventually offers an overview of several “Solutions and Applications”, eg including products and experiences from companies like Google, SAP, Huawei, T-Systems, Innopay and many more. Overall, the book provides professionals in industry with an encompassing overview of the technological and economic aspects of data spaces, based on the International Data Spaces and Gaia-X initiatives. It presents implementations and business cases and gives an outlook to future developments. In doing so, it aims at proliferating the vision of a social data market economy based on data spaces which embrace trust and data sovereignty

EPOS Security & GDPR Compliance

Since May 2018, companies have been required to comply with the General Data Protection Regulation (GDPR). This means that many companies had to change their methods of collecting and processing EU citizens’ data. The compliance process can be very expensive, for example, more specialized human resources are needed, who need to study the regulations and then implement the changes in the IT applications and infrastructures. As a result, new measures and methods need to be developed and implemented, making this process expensive. This project is part of the EPOS project. EPOS allows data on earth sciences from various research institutes in Europe to be shared and used. The data is stored in a database and in some file systems and in addition, there is web services for data mining and control. The EPOS project is a complex distributed system and therefore it is important to guarantee not only its security, but also that it is compatible with GDPR. The need to automate and facilitate this compliance and verification process was identified, in particular the need to develop a tool capable of analyzing applications web. This tool can provide companies in general an easier and faster way to check the degree of compliance with the GDPR in order to assess and implement any necessary changes. With this, PADRES was developed that contains the main points of GDPR organized by principles in the form of checklist which are answered manually. When submitted, a security analysis is also performed based on NMAP and ZAP together with the cookie analyzer. Finally, a report is generated with the information obtained together with a set of suggestions based on the responses obtained from the checklist. Applying this tool to EPOS, most of the points related to GDPR were answered as being in compliance although the rest of the suggestions were generated to help improve the level of compliance and also improve general data management. In the exploitation of vulnerabilities, some were found to be classified as high risk, but most were found to be classified as medium risk.Desde maio de 2018 que as empresas precisam de cumprir o Regulamento Geral de Proteção de Dados (GDPR). Isso significa que muitas empresas tiveram que mudar seus métodos de como recolhem e processam os dados dos cidadãos da UE. O processo de conformidade pode ser muito caro, por exemplo, são necessários recursos humanos mais especializados, que precisam estudar os regulamentos e depois implementar as alterações nos aplicativos e infraestruturas de TI. Com isso novas medidas e métodos precisam ser desenvolvidos e implementados, tornando esse processo caro. Este projeto está inserido no projeto European Plate Observing System (EPOS). O EPOS permite que dados sobre ciências da terra de vários institutos de pesquisa na Europa sejam compartilhados e usados. Os dados são armazenados em base de dados e em alguns sistema de ficheiros e além disso, existem web services para controle e mineração de dados. O projeto EPOS é um sistema distribuído complexo e portanto, é importante garantir não apenas sua segurança, mas também que seja compatível com o GDPR. Foi identificada a necessidade de automatizar e facilitar esse processo, em particular a necessidade de desenvolver uma ferramenta capaz de analisar aplicações web. Essa ferramenta, chamada PrivAcy, Data REgulation and Security (PADRES) pode fornecer às empresas uma maneira mais fácil e rápida de verificar o grau de conformidade com o GDPR com o objetivo de avaliar e implementar quaisquer alterações necessárias. Com isto, esta ferramenta contém os pontos principais do General Data Protection Regulation (GDPR) organizado por princípios em forma duma lista de verificação, os quais são respondidos manualmente. Como os conceitos de privacidade e segurança se complementam, foi também incluída a procura por vulnerabilidades em aplicações web. Ao integrar as ferramentas de código aberto como o Network Mapper (NMAP) ou Zed Attack Proxy (ZAP), é possível então testar a aplicações contra as vulnerabilidades mais frequentes segundo o Open Web Application Security Project (OWASP) Top 10. Aplicando esta ferramenta no EPOS, a maioria dos pontos relativos ao GDPR foram respondidos como estando em conformidade apesar de nos restantes terem sido geradas as respetivas sugestões para ajudar a melhorar o nível de conformidade e também melhorar o gerenciamento geral dos dados. Na exploração das vulnerabilidades foram encontradas algumas classificadas com risco elevado mas na maioria foram encontradas mais com classificação média

The Elements of Big Data Value

This open access book presents the foundations of the Big Data research and innovation ecosystem and the associated enablers that facilitate delivering value from data for business and society. It provides insights into the key elements for research and innovation, technical architectures, business models, skills, and best practices to support the creation of data-driven solutions and organizations. The book is a compilation of selected high-quality chapters covering best practices, technologies, experiences, and practical recommendations on research and innovation for big data. The contributions are grouped into four parts: · Part I: Ecosystem Elements of Big Data Value focuses on establishing the big data value ecosystem using a holistic approach to make it attractive and valuable to all stakeholders. · Part II: Research and Innovation Elements of Big Data Value details the key technical and capability challenges to be addressed for delivering big data value. · Part III: Business, Policy, and Societal Elements of Big Data Value investigates the need to make more efficient use of big data and understanding that data is an asset that has significant potential for the economy and society. · Part IV: Emerging Elements of Big Data Value explores the critical elements to maximizing the future potential of big data value. Overall, readers are provided with insights which can support them in creating data-driven solutions, organizations, and productive data ecosystems. The material represents the results of a collective effort undertaken by the European data community as part of the Big Data Value Public-Private Partnership (PPP) between the European Commission and the Big Data Value Association (BDVA) to boost data-driven digital transformation