Search results

This chapter analyzes the compliance of some category of Open Data in Politics with EU General Data Protection Regulation (GDPR) requirements. After clarifying the legal basis of this framework, with specific attention to the processing procedures that conform to the legitimate interests pursued by the data controller, including open data licenses or anonymization techniques, that can result in partial application of the GDPR, but there is no generic guarantee, and, as a consequence, an appropriate process of analysis and management of risks is required.

The context of this chapter is the use of data and advanced data analytics in a commercial setting. Privacy is considered as protection from vulnerability, whereby vulnerability is understood as the state of being exposed to the possibility of being harmed, either physically or emotionally, or in fundamental rights other than privacy. Therefore, privacy's policy instruments, in particular data protection law, could be seen as a means to reduce the risk of harm resulting from data use. Such harm is probabilistic and often uncertain, which, however, does not exclude analyzing costs and benefits of regulatory data protection policies. When balancing privacy protections and opportunities for knowledge gain, regulatory policy could be viewed as superior, when it expands the range of possible trade-offs between vulnerability protection and gaining socially beneficial knowledge.

This paper aims to explore the changes imposed by the general data protection regulation (GDPR) on software engineering practices. The fundamental objective is to have a perception of the practices and phases that have experienced the greatest changes. Additionally, it aims to identify a set of good practices that can be adopted by software engineering companies.

This study uses a qualitative methodology through four case studies involving Portuguese software engineering companies. Two of these companies are small and medium enterprises (SMEs) while the other remaining two are micro-companies. The thematic analysis is adopted to identify patterns in the performed interviews.

The findings indicate that significant changes have occurred at all stages of software development. In particular, the initial stages of identifying requirements and modeling processes were the stages that experienced the greatest changes. On the opposite, the technical development phase has not noticeably changed but, nevertheless, it is necessary to look at the importance of training software developers for GDPR rules and practices.

Two relevant limitations were identified as follows: only four case studies involving micro-companies and SMEs were considered, and only the traditional software development methodology was considered. The use of agile methodologies was not explored in this study and the findings can only be mainly applied to the waterfall model.

This study offers mainly practical contributions by identifying a set of challenges that are posed to software engineering companies by the implementation of GDPR. Through their knowledge, it is expected to help these companies to better prepare themselves and anticipate the challenges they will necessarily face.

Modern e‐health systems incorporate different healthcare providers in one system and provide an electronic platform to share medical information efficiently. In cross‐context communications between healthcare providers, the same information can be interpreted as different types or values, so that one patient will be issued different identifiers by different healthcare providers. This paper aims to provide a solution to ensure interoperability so that multiple healthcare providers will be able to collaborate in one e‐health system.

This paper primarily focuses on how different healthcare providers, instead of the patients, are able to interact and share information on a common e‐health platform.

In the course of the work, it was found that previous e‐health solutions mainly have a limited view of patient information, where a user‐centric approach for identity management is usually restricted to a single healthcare provider. Interoperability in an e‐health system becomes more problematic when more actors collaborate, and hence linkability from one context to another should not be straightforward. However, some form of linkability, such as the possibility to follow up a patient's medical treatment, is desirable in the e‐health sector, even when it needs to cross different contexts. Therefore, the authors have designed an identity management mechanism to ensure semantic interoperability when data is exchanged among different authorized healthcare providers.

The paper points out that the next generation of e‐health will move towards federated e‐health and will require user‐centricity and transparency properties so that patients are able to specify and verify the disclosure of their medical information.

This paper proposes a new service for cross‐context identity management in e‐health systems, improving interoperability between agencies when context‐specific information is transferred from one healthcare provider to another. How the proposed cross‐context identity management service can be integrated in an e‐health system is explained with a use case scenario.

The digital paradigm people live in today, which drastically increased the consumption of data, is a threat to their privacy. To create a high level of privacy protection for its citizens, the European Union proposed the General Data Protection Regulation (GDPR), which introduces obligations for organizations regarding the storing, processing, collecting and disclosing of data. This paper aims to identify the critical success factors of GDPR implementation.

A systematic literature review was conducted by following a strict review protocol, where 32 documents were found relevant to perform the review and to answer to the proposed research questions.

The critical success factors of GDPR implementation were identified, including barriers and enablers. Furthermore, benefits of complying with GDPR were identified.

As GDPR is a relatively recent subject, there are still few scientific papers about it. Therefore, the authors were unable to neither identify nor present a robust conclusion regarding specific topics, such as practical outcomes.

On the basis of the literature, the identified critical success factors may be useful for organizations as these can be better prepared to achieve compliance by prioritizing the enablers and avoiding the barriers.

This study explores privacy challenges in recommender systems (RSs) and how they have leveraged privacy-preserving technology for risk mitigation. The study also elucidates the extent of adopting privacy-preserving RSs and postulates the future direction of research in RS security.

The study gathered articles from well-known databases such as SCOPUS, Web of Science and Google scholar. A systematic literature review using PRISMA was carried out on the 41 papers that are shortlisted for study. Two research questions were framed to carry out the review.

It is evident from this study that privacy issues in the RS have been addressed with various techniques. However, many more challenges are expected while leveraging technology advancements for fine-tuning recommenders, and a research agenda has been devised by postulating future directions.

The study unveils a new comprehensive perspective regarding privacy preservation in recommenders. There is no promising study found that gathers techniques used for privacy protection. The study summarizes the research agenda, and it will be a good reference article for those who develop privacy-preserving RSs.

This paper aims to identify the controls provisioned in ISO/IEC 27001:2013 and ISO/IEC 27002:2013 that need to be extended to adequately meet, data protection requirements set by the General Data Protection Regulation (GDPR); it also indicates security management actions an organisation needs to perform to fulfil GDPR requirements. Thus, ISO/IEC 27001:2013 compliant organisations, can use this paper as a basis for extending the already existing security control modules towards data protection; and as guidance for reaching compliance with the regulation.

This study has followed a two-step approach; first, synergies between ISO/IEC 27001:2013 modules and GDPR requirements were identified, by analysing all 14 control modules of the ISO/IEC 27001:2013 and proposing the appropriate actions towards the satisfaction of data protection requirements. Second, this paper identified GDPR requirements not addressed by ISO/IEC 27001:2013.

The findings of this work include the identification of the common ground between the security controls that ISO/IEC 27001:2013 includes and the requirements that the GDPR imposes; the actions that need to be performed based on these security controls to adequately meet the data protection requirements that the GDPR imposes; and the identification of the remaining actions an ISO/IEC 27001 compliant organisation needs to perform to be able to adhere with the GDPR.

This paper provides a gap analysis and a further steps identification regarding the additional actions that need to be performed to allow an ISO/IEC 27001:2013 certified organisation to be compliant with the GDPR.

The paper posits that a solution for businesses to use privacy-friendly data repositories for its customers’ data is to change from the traditional centralized repository to a trusted, decentralized data repository. Blockchain is a technology that provides such a data repository. However, the European Union’s General Data Protection Regulation (GDPR) assumed a centralized data repository, and it is commonly argued that blockchain technology is not usable. This paper aims to posit a framework for adopting a blockchain that follows the GDPR.

The paper uses the Levy and Ellis’ narrative review of literature methodology, which is based on constructivist theory posited by Lincoln and Guba. Using five information systems and computer science databases, the researchers searched for studies using the keywords GDPR and blockchain, using a forward and backward search technique. The search identified a corpus of 416 candidate studies, from which the researchers applied pre-established criteria to select 39 studies. The researchers mined this corpus for concepts, which they clustered into themes. Using the accepted computer science practice of privacy by design, the researchers combined the clustered themes into the paper’s posited framework.

The paper posits a framework that provides architectural tactics for designing a blockchain that follows GDPR to enhance privacy. The framework explicitly addresses the challenges of GDPR compliance using the unimagined decentralized storage of personal data. The framework addresses the blockchain–GDPR tension by establishing trust between a business and its customers vis-à-vis storing customers’ data. The trust is established through blockchain’s capability of providing the customer with private keys and control over their data, e.g. processing and access.

The paper provides a framework that demonstrates that blockchain technology can be designed for use in GDPR compliant solutions. In using the framework, a blockchain-based solution provides the ability to audit and monitor privacy measures, demonstrates a legal justification for processing activities, incorporates a data privacy policy, provides a map for data processing and ensures security and privacy awareness among all actors. The research is limited to a focus on blockchain–GDPR compliance; however, future research is needed to investigate the use of the framework in specific domains.

The paper posits a framework that identifies the strategies and tactics necessary for GDPR compliance. Practitioners need to compliment the framework with rigorous privacy risk management, i.e. conducting a privacy risk analysis, identifying strategies and tactics to address such risks and preparing a privacy impact assessment that enhances accountability and transparency of a blockchain.

With the increasingly strategic use of data by businesses and the contravening growth of data privacy regulation, alternative technologies could provide businesses with a means to nurture trust with its customers regarding collected data. However, it is commonly assumed that the decentralized approach of blockchain technology cannot be applied to this business need. This paper posits a framework that enables a blockchain to be designed that follows the GDPR; thereby, providing an alternative for businesses to collect customers’ data while ensuring the customers’ trust.