Personal data breach notification system in the European Union: Interpretation of “without undue delay”

This is the post-print version of the Article - Copyright @ 2011 Kluwer Law InternationalThe fast-moving technologies continually challenge present rules on data-privacy protection. The expansion of computing functions, speed of processing and storage capabilities makes personal information difficult to be controlled. In the EU, the revised EC e-Privacy Directive amended by the Directive 2009/136/EC modifies existing provisions and makes new provisions to enhance privacy protection in the electronic communications sector, which includes the further development of the system of notification of the personal data breach to minimise adverse effects. This paper aims to examine and evaluate the personal data breach notification system, interpret the requirement of "without undue delay" duty and discuss the impact of the revised Directive to business organisations. It finally proposes solutions to improve the notification system to increase the efficiency of privacy protection

Out-of-Court Dispute Settlement Systems for e-Commerce. Report on an Exploratory Study.

Abstract not availableJRC.(ISIS)-Institute For Systems, Informatics And Safet

EU Privacy seals project: Inventory and analysis of privacy certification schemes

The objective of this report is to comprehensively inventory and analyse privacy and related certification schemes in the European Union and, where relevant, at the international level. The report will provide insights into the importance of privacy seal schemes and present information on the operational aspects of these schemes. The report will also help understand the privacy and data protection elements of the analysed schemes and provide and initial analysis of their shortcomings. The report specifically aims to understand whether (if at all) the analysed schemes address the requirements proposed under the GDPR. It will highlight the main convergences and differences between the schemes, who benefits from such schemes and what the impact of such schemes is.JRC.G.7-Digital Citizen Securit

Mandatory Enforcement of Privacy Policies using Trusted Computing Principles

Modern communication systems and information technology create significant new threats to information privacy. In this paper, we discuss the need for proper privacy protection in cooperative intelligent transportation systems (cITS), one instance of such systems. We outline general principles for data protection and their legal basis and argue why pure legal protection is insufficient. Strong privacy-enhancing technologies need to be deployed in cITS to protect user data while it is generated and processed. As data minimization cannot always prevent the need for disclosing relevant personal information, we introduce the new concept of mandatory enforcement of privacy policies. This concept empowers users and data subjects to tightly couple their data with privacy policies and rely on the system to impose such policies onto any data processors. We also describe the PRECIOSA Privacy-enforcing Runtime Architecture that exemplifies our approach. Moreover, we show how an application can utilize this architecture by applying it to a pay as you drive (PAYD) car insurance scenario

Trusted operational scenarios - Trust building mechanisms and strategies for electronic marketplaces.

This document presents and describes the trusted operational scenarios, resulting from the research and work carried out in Seamless project. The report presents identified collaboration habits of small and medium enterprises with low e-skills, trust building mechanisms and issues as main enablers of online business relationships on the electronic marketplace, a questionnaire analysis of the level of trust acceptance and necessity of trust building mechanisms, a proposal for the development of different strategies for the different types of trust mechanisms and recommended actions for the SEAMLESS project or other B2B marketplaces.trust building mechanisms, trust, B2B networks, e-marketplaces

A Descriptive Content Analysis of Trust-Building Measures in B2B Electronic Marketplaces

Because business-to-business (B2B) electronic marketplaces (e-marketplaces) facilitate transactions between buyers and sellers, they strive to foster a trustworthy trading environment with a variety of trust-building measures. However, little research has been undertaken to explore trust-building measures used in B2B e-marketplaces, or to determine to what extent these measures are applied in B2B e-marketplaces and how they are applied. Based on reviews of the scholarly, trade, and professional literature on trust in electronic commerce, we identified 11 trust-building measures used to create trust in B2B e-marketplaces. Zucker\u27s trust production theory [1986] was applied to understand how these trust-building measures will enhance participants\u27 trust in buyers and sellers in B2B e-marketplaces or in B2B e-marketplace providers. A descriptive content analysis of 100 B2B e-marketplaces was conducted to survey the current usage of the 11 trust-building measures. Many of the trust-building measures were found to be widely used in the B2B e-marketplaces. However, although they were proven to be effective in building trust-related beliefs in online business environments, several institutional-based trust-building measures, such as escrow services, insurance and third-party assurance seals, are not widely used in B2B e-marketplaces

Bridging the gap between human and machine trust : applying methods of user-centred design and usability to computer security

This work presents methods for improving the usability of security. The work focuses on trust as part of computer security. Methods of usability and user-centred design present an essential starting point for the research. The work uses the methods these fields provide to investigate differences between machine and human trust, as well as how the technical expressions of trust could be made more usable by applying these methods. The thesis is based on nine publications, which present various possibilities to research trust with user-centric methods. The publications proceed chronologically and logically from the first user interviews about trust, trusting attitudes and behaviours in general to the actual design and usability testing of user interfaces for security applications, finally presenting the outcomes and conclusions of the research. The work also presents a review of relevant previous work in the area, concentrating on work done in the fields of usability and user-centred design. The work is of cross-disciplinary nature, falling into the areas of human-computer interaction, computer science and telecommunications. The ultimate goal of the conducted research has been to find out 1) how trust is to be understood in this context; 2) what methods can be used to gain insight into trust thus defined; and, finally, 3) what means can be used to create trust in the end users in online situations, where trust is needed. The work aims at providing insight into how trust can be studied with the methods provided by user-centred design and usability. Further, it investigates how to take understanding of trust formation in humans into account when attempting to design trust-inducing systems and applications. The work includes an analysis and comparison of the methods used: what kinds of methods to study trust exist in the field of usability and user-centred design. Further, it is evaluated, what kind of results and when can be reached with the different methods available, by applying a variety of these methods. Recommendations for the appropriate application of these methods when studying the various parts of trust is one of the outcomes. The results received with the methods used have also been compared with results received by others by applying alternative methods to the same research questions. On a conceptual level, the work contains an analysis of the concept of trust. It also contains a brief investigation into both technical and humane ways to express trust, with a comparison between the two

Becoming Artifacts: Medieval Seals, Passports and the Future of Digital Identity

What does a digital identity token have to do with medieval seals? Is the history of passports of any use for enabling the discovery of Internet users\u27 identity when crossing virtual domain boundaries during their digital browsing and transactions? The agility of the Internet architecture and its simplicity of use have been the engines of its growth and success with the users worldwide. As it turns out, there lies also its crux. In effect, Internet industry participants have argued that the critical problem business is faced with on the Internet is the absence of an identity layer from the core protocols of its logical infrastructure. As a result, the cyberspace parallels a global territory without any identification mechanism that is reliable, consistent and interoperable across domains. This dissertation is an investigation of the steps being taken by Internet stakeholders in order to resolve its identity problems, through the lenses of historical instances where similar challenges were tackled by social actors. Social science research addressing the Internet identity issues is barely nascent. Research on identification systems in general is either characterized by a paucity of historical perspective, or scantily references digital technology and online identification processes. This research is designed to bridge that gap. The general question at its core is: How do social actors, events or processes enable the historical emergence of authoritative identity credentials for the public at large? This work is guided by that line of inquiry through three broad historical case studies: first, the medieval experience with seals used as identity tokens in the signing of deeds that resulted in transfers of rights, particularly estate rights; second, comes the modern, national state with its claim to the right to know all individuals on its territory through credentials such as the passport or the national identity card; and finally, viewed from the United States, the case of ongoing efforts to build an online digital identity infrastructure. Following a process-tracing approach to historical case study, this inquiry presents enlightening connections between the three identity frameworks while further characterizing each. We understand how the medieval doctrines of the Trinity and the Eucharist developed by schoolmen within the Church accommodated seals as markers of identity, and we understand how the modern state seized on the term `nationality\u27 - which emerged as late as in the 19th century - to make it into a legal fiction that was critical for its identification project. Furthermore, this investigation brings analytical insights which enable us to locate the dynamics driving the emergence of those identity systems. An ordering of the contributing factors in sequential categories is proposed in a sociohistorical approach to explain the causal mechanisms at work across these large phenomena. Finally this research also proposes historically informed projections of scenarios as possible pathways to the realization of authoritative digital identity. But that is the beginning of yet another story of identity