A MARKETING VIEW OVER THE ROLE OF THE PUBLIC AUTHORITIES IN THE PROTECTION OF THE CONSUMERS' PRIVATE SPACE

The concept of privacy, seen in connection with the consumer\'s private space, and defined in terms of the rights the consumer have to disclose or not, respectively to have protected their personal data has gained an increasing importance, as a result of the organizations' extended and more and more aggressive attempts, within their marketing efforts, to capture, process and use the consumers' personal data. Privacy protection has become an important but, in the same time, extremely sensitive and challenging topic to be taken into consideration by all the stakeholders involved in the processing and employment of the consumers' personal data. A key role in this respect is played by the public authorities acting as data controllers - the Data Protection Authorities, that have to adopt a more proactive and efficient attitude in adopting and implementing policies and processes aiming to ensure a more effective protection of the personal data and private space, conduct privacy impact assessments and continuously improve the specific activities. Paper presents the opinions of the consumers through the results of an exploratory study regarding the importance given to the protection of the personal data, the area of protection of the specific laws, the need for laws regulating the personal data protection, the balance between the public and private entities in providing a proper protection of the personal data, and the relationship between the domestic, European, and international levels in ensuring the protection of the consumers' personal data. Results regarding the role of the public authorities in the protection of the consumers' personal data and private space- in terms of the most appropriate institution to act as a data controller, the rights consumers consider important in relationship with the protection of their personal data and the risks faced in the context of a less effective protection - are also presented.consumer, public authorities, personal data, consumer private space, Romania

Data protection risk modeling into business process analysis

We present a novel way to link business process model with data protection risk management. We use established body of knowledge regarding risk manager concepts and business process towards data protections. We try to contribute to the problems that today organizations should find a suitable data protection model that could be used in as a risk framework. The purpose of this document is to define a model to describe data protection in the context of risk. Our approach including the identification of the main concepts of data protection according to the scope of the with EU directive data protection regulation. We outline data protection model as a continuous way of protection valued organization information regarding personal identifiable information. Data protection encompass the preservation of personal data information from unauthorized access, use, modification, recording or destruction. Since this kind of service is offered in a continuous way, it is important to stablish a way to measure the effectiveness of awareness of data subject discloses regrading personal identifiable information.info:eu-repo/semantics/publishedVersio

Legal Issues about Metadata: Data Privacy vs Information Security

International audienceFor the purposes of our work we use the concept of metadata to implement enterprise digital right management mechanisms in an intelligent document environment. Such metadata allow us to firstly define contextual security rules and secondly to ensure the information traceability. However, its use may have legal implications, especially with regard to metadata that can be stored (see personal data, privacy), how it should be stored (see probative value in case of litigation, digital forensics) or computer processing in which it may be involved. Another topical issue is the storage and the processing of data using a service provider: the cloud. We must ensure, however, that this solution does not lead to a loss of information controllability for the company. This article aims to position our work with respect to these legal issues

Let the Computer Say NO! The Neglected Potential of Policy Definition Languages for Data Sovereignty

During interaction with today’s internet services and platform ecosystems, consumer data is often harvested and shared without their consent; that is, consumers seized to be the sovereigns of their own data with the proliferation of the internet. Due to the rapid and abundant nature of interactions in today’s platform ecosystems, manual consent management is impractical. To support development of semi-automated solutions for reestablishing data sovereignty, we investigate the use of policy definition languages as machine-readable and enforceable mechanisms for fostering data sovereignty. We conducted a realist literature review of the capabilities of policy definition languages developed for pertinent application scenarios (e.g., for access control in cloud computing). We consolidate extant literature into a framework of the chances and challenges of leveraging policy definition languages as central building blocks for data sovereignty in platform ecosystems

Legal Compatibility as a Characteristic of Sociotechnical Systems

Legal compatibility as a characteristic of sociotechnical systems aims at the greatest possible compliance with higher-order legal goals for minimizing social risks of technical systems and extends legality, which refers to the prevention of lawlessness. The paper analyzes the criteria for legal compatibility by reviewing specifications of legally compatible systems and shows goals and resulting requirements to foster legal compatibility. These comprise the following areas: avoiding personal reference in data, ensuring information security, enabling freedom of decision, increasing transparency, ensuring traceability, and increasing usability, whereby traceability and the avoidance of personal reference pursue conflicting goals. The presentation of the goals including their dependencies, relationships, and conflicts in form of standardized requirements explains legal compatibility and summarizes the requirements necessary for the development of legally compatible Systems

A Taxonomy for Mining and Classifying Privacy Requirements in Issue Reports

Digital and physical footprints are a trail of user activities collected over the use of software applications and systems. As software becomes ubiquitous, protecting user privacy has become challenging. With the increasing of user privacy awareness and advent of privacy regulations and policies, there is an emerging need to implement software systems that enhance the protection of personal data processing. However, existing privacy regulations and policies only provide high-level principles which are difficult for software engineers to design and implement privacy-aware systems. In this paper, we develop a taxonomy that provides a comprehensive set of privacy requirements based on two well-established and widely-adopted privacy regulations and frameworks, the General Data Protection Regulation (GDPR) and the ISO/IEC 29100. These requirements are refined into a level that is implementable and easy to understand by software engineers, thus supporting them to attend to existing regulations and standards. We have also performed a study on how two large open-source software projects (Google Chrome and Moodle) address the privacy requirements in our taxonomy through mining their issue reports. The paper discusses how the collected issues were classified, and presents the findings and insights generated from our study.Comment: Submitted to IEEE Transactions on Software Engineering on 23 December 202

Privacy and social network applications

Privacy technological threatens are no limited to data protection. Social Network Applications (SNA) and ubiquitous computing or Ambient Intelligence face other privacy risks. The business model of SNA and the improvement of data mining allow social computation. SNA regulation should favor privacy-by-design and Privacy Enhancing Technologies (PET). Default friendly-privacy policies should also be adopted. The data portability of the applications shifts SNA into a new field of ubiquitous computing. Therefore, the solutions of the Ambient Intelligence shoud be also analysed in the context of SNA

A Sustainable Information Security Framework for e-Government - Case of Tanzania

The government of Tanzania adopted an e-Government strategy in 2009 that is aimed at improving efficiency in government and providing better services to citizens. Information security is identified as one of the requirements for the successful e-Government implementation although the government has not adopted any standards or issued guidelines to government agencies with regards to information security. Comprehensive addressing of information security can be an expensive undertaking and without guidelines information security implementations may be more prone to failure. In a resource poor country such as Tanzania, there is a need for a cost effective and sustainable means of addressing information security in e-Government implementations. In this paper the authors present a case study of an e-Government interaction between a ministry and a government agency and the information security challenges identified in the implementation. In order to address these challenges an information security framework is conceptualized using action research. The framework is applied in the case study to address the identified challenges and the means to address future challenges in a sustainable manner is identified. Finally, the proposed framework is evaluated against Tanzanian and international metrics.Institute for Corporate Citizenshi