The controller’s role in determining ‘high risk’ and data protection impact assessment (DPIA) in developing digital smart city

Article 35 of the General Data Protection Regulation (GDPR) states that data controllers are required to carry out data protection impact assessment (DPIA) if a processing operation, particularly involving the use of new technologies, is ‘likely to result in a high risk to the rights and freedoms of natural persons’. The focus in this paper is on the role and responsibilities of data controllers in a smart city platform in assessing ‘high risk’ and the importance of impact assessment in relation to data processing with the latest technologies for the protection of personal data.Peer reviewe

Legal aspects, public interest, and legitimate interest in processing personal data to operate autonomous buses in the regular transportation system

Autonomous or robot vehicles are manufactured with such advanced technologies that they are technically able to operate without human intervention. The number of sensors deployed in automated vehicles is increasing, which runs a high risk of the excessive collection and processing of personal data. Considering European Union and Finnish perspectives on robot buses as an instance of advancements of autonomous vehicles, this article briefly outlines the general legal issues related to developing robot buses, and focuses on public interest and legitimate interest as lawful bases for processing personal data in running such vehicles in the mass transportation system.© 2022 The Authors.Security and Privacy published by John Wiley & Sons Ltd. This is an open access article under the terms of the Creative Commons Attribution-NonCommercial-NoDerivs License, which permits use and distribution in any medium, provided the original work is properly cited, the use is non-commercial and no modifications or adaptations are made.fi=vertaisarvioitu|en=peerReviewed

Cross-Border Issues under EU Data Protection Law with regards to Personal Data Protection

We are living in an inter-connected, global digital society where the services of different operating systems are universal in nature, but many Internet activities are still being tackled by national laws and regulations. A long-existing question is which law is applicable in cases of Internet activities because the online world does not have any physical boundaries. How the European Union (EU) approaches this duality has become a concern for data protection laws. By analysing some recent Court of Justice of the European Union case laws, this article seeks to discover how the EU data protection law tackles disputes involving transnational issues online, which includes its extra-territorial application and cross-border data transfers. The article also indicates that there is an enormous gap between legislation and practice.Peer reviewe

Robustness, Security and Privacy in Location-Based Services for Future IoT : A Survey

Internet of Things (IoT) connects sensing devices to the Internet for the purpose of exchanging information. Location information is one of the most crucial pieces of information required to achieve intelligent and context-aware IoT systems. Recently, positioning and localization functions have been realized in a large amount of IoT systems. However, security and privacy threats related to positioning in IoT have not been sufficiently addressed so far. In this paper, we survey solutions for improving the robustness, security, and privacy of location-based services in IoT systems. First, we provide an in-depth evaluation of the threats and solutions related to both global navigation satellite system (GNSS) and non-GNSS-based solutions. Second, we describe certain cryptographic solutions for security and privacy of positioning and location-based services in IoT. Finally, we discuss the state-of-the-art of policy regulations regarding security of positioning solutions and legal instruments to location data privacy in detail. This survey paper addresses a broad range of security and privacy aspects in IoT-based positioning and localization from both technical and legal points of view and aims to give insight and recommendations for future IoT systems providing more robust, secure, and privacy-preserving location-based services.Peer reviewe

Vulnerabilities in Localization with regard to GNSS and Harmful Radio Interference: International and EU Law Aspects

Harmful radio interference contravenes many national, regional, and international laws. Global navigation satellite system (GNSS) services have global coverage, therefore development of international law is necessary. European Union (EU) also requires harmonized law for its member states. This paper focuses on the current state of international and EU laws to tackle GNSS, radio spectrum and radio equipment usage, and probable interference with regard to location services and privacy. From a legal point of view, this paper seeks to include mitigation of unlawful interference in radio communication in order to ensure a secured location estimation and positioning system.Peer reviewe

Data Protection and Space : What Challenges will the General Data Protection Regulation Face when Dealing with Space-based Data?

Recently, space or satellite technology, as well as space data applications, is developing rapidly, resulting in a variety of uses. At the same time, related legal issues raise questions about how they can be handled efficiently. In addition to pointing out the importance of managing satellite activities in a legally sound environment, this paper explains the relevance of the General Data Protection Regulation and the challenges it will face in handling space-based data, as well as in managing threats to privacy and personal data regarding the outer space context.Peer reviewe

Location Data, Personal Data Protection and Privacy in Mobile Device Usage : An EU Law Perspective

Using location-based services (LBSs) via location-aware applications (apps) and websites on devices including smartphones, tablets and laptops has become inevitable for most device users. Smartphones and smart devices are equipped with sophisticated positioning sensors that can determine the location and physical movements of their users. A variety of risks and threats have been associated with the location data privacy of individuals in this digital era. This dissertation addresses a common and significant legal problem: the relationship between collection of location data in mobile device usage and the European Union (EU) law on the protection of personal location data and privacy. Along with the traditional human rights law, the EU information and communications technology (ICT) as well as data protection law play a significant role in the privacy and personal data protection of mobile device users. Article 4(1) of the General Data Protection Regulation (GDPR) expressly includes location data as an “identifier” of personal data. This dissertation pictures the vulnerabilities of location and location data (which may potentially be sensitive data) in mobile devices and while using the Internet and particular apps on those devices. The theoretical framework for the dissertation includes the EU as a single society in the digital environment, as well as location privacy and cross-border issues under EU data protection law. The need for obtaining user consent and maintaining transparency and accountability on behalf of online platforms and other responsible bodies as data controllers and processors are also described. The main aspect related to localisation in mobile devices concerns data protection addressing protection of privacy online and personal data which includes location data. This aspect emphasises the efficiency of EU data protection legal system, more specifically with the introduction of the GDPR, which can effectively bind data controllers such as multinational technology companies, online platforms and other entities for safeguarding data subjects’ right to privacy and personal data protection and for the promotion of smooth and safe public participation on the Internet via mobile devices. At the same time, the dissertation covers international and EU Law aspects of the mitigation of harmful radio interference in Global Navigation Satellite System (GNSS) and radio communication system for the accuracy in location estimation and location services. On the ground of protection of privacy, the EU law does not permit using illegal devices like jamming and spoofing devices which hamper GNSS technology and services. By researching a comparatively new branch of law and a new topic, the dissertation contributes to the efficient protection of location data and privacy