Explore the vast range of titles available.

A massive amount of sensitive personal data is being collected and used by scientists, businesses, and governments. This has led to unprecedented threats to privacy rights and the security of personal data. There are few solutions that empower individuals to provide systematic consent agreements on distinct personal information and control who can collect, access, and use their data for specific purposes and periods. Individuals should be able to delegate consent rights, access consent-related information, and withdraw their given consent at any time. We propose a smart-contract-based dynamic consent management system, backed by blockchain technology, targeting personal data usage under the general data protection regulation. Our user-centric dynamic consent management system allows users to control their personal data collection and consent to its usage throughout the data lifecycle. Transaction history and logs are recorded in a blockchain that provides trusted tamper-proof data provenance, accountability, and traceability. A prototype of our system was designed and implemented to demonstrate its feasibility. The acceptability and reliability of the system were assessed by experimental testing and validation processes. We also analyzed the security and privacy of the system and evaluated its performance.

The definitive guide for ensuring data privacy and GDPR compliance Privacy regulation is increasingly rigorous around the world and has become a serious concern for senior management of companies regardless of industry, size, scope, and geographic area. The Global Data Protection Regulation (GDPR) imposes complex, elaborate, and stringent requirements for any organization or individuals conducting business in the European Union (EU) and the European Economic Area (EEA)—while also addressing the export of personal data outside of the EU and EEA. This recently-enacted law allows the imposition of fines of up to 5% of global revenue for privacy and data protection violations. Despite the massive potential for steep fines and regulatory penalties, there is a distressing lack of awareness of the GDPR within the business community. A recent survey conducted in the UK suggests that only 40% of firms are even aware of the new law and their responsibilities to maintain compliance. The Data Privacy and GDPR Handbook helps organizations strictly adhere to data privacy laws in the EU, the USA, and governments around the world. This authoritative and comprehensive guide includes the history and foundation of data privacy, the framework for ensuring data privacy across major global jurisdictions, a detailed framework for complying with the GDPR, and perspectives on the future of data collection and privacy practices. * Comply with the latest data privacy regulations in the EU, EEA, US, and others * Avoid hefty fines, damage to your reputation, and losing your customers * Keep pace with the latest privacy policies, guidelines, and legislation * Understand the framework necessary to ensure data privacy today and gain insights on future privacy practices The Data Privacy and GDPR Handbook is an indispensable resource for Chief Data Officers, Chief Technology Officers, legal counsel, C-Level Executives, regulators and legislators, data privacy consultants, compliance officers, and audit managers.

The collection, storage, and analysis of large data sets are relevant in many sectors. Especially in the medical field, the processing of patient data promises great progress in personalized health care. However, it is strictly regulated, such as by the General Data Protection Regulation (GDPR). These regulations mandate strict data security and data protection and, thus, create major challenges for collecting and using large data sets. Technologies such as federated learning (FL), especially paired with differential privacy (DP) and secure multiparty computation (SMPC), aim to solve these challenges. This scoping review aimed to summarize the current discussion on the legal questions and concerns related to FL systems in medical research. We were particularly interested in whether and to what extent FL applications and training processes are compliant with the GDPR data protection law and whether the use of the aforementioned privacy-enhancing technologies (DP and SMPC) affects this legal compliance. We placed special emphasis on the consequences for medical research and development. We performed a scoping review according to the PRISMA-ScR (Preferred Reporting Items for Systematic Reviews and Meta-Analyses extension for Scoping Reviews). We reviewed articles on Beck-Online, SSRN, ScienceDirect, arXiv, and Google Scholar published in German or English between 2016 and 2022. We examined 4 questions: whether local and global models are \"personal data\" as per the GDPR; what the \"roles\" as defined by the GDPR of various parties in FL are; who controls the data at various stages of the training process; and how, if at all, the use of privacy-enhancing technologies affects these findings. We identified and summarized the findings of 56 relevant publications on FL. Local and likely also global models constitute personal data according to the GDPR. FL strengthens data protection but is still vulnerable to a number of attacks and the possibility of data leakage. These concerns can be successfully addressed through the privacy-enhancing technologies SMPC and DP. Combining FL with SMPC and DP is necessary to fulfill the legal data protection requirements (GDPR) in medical research dealing with personal data. Even though some technical and legal challenges remain, for example, the possibility of successful attacks on the system, combining FL with SMPC and DP creates enough security to satisfy the legal requirements of the GDPR. This combination thereby provides an attractive technical solution for health institutions willing to collaborate without exposing their data to risk. From a legal perspective, the combination provides enough built-in security measures to satisfy data protection requirements, and from a technical perspective, the combination provides secure systems with comparable performance with centralized machine learning applications.

Dynamic consent management allows a data subject to dynamically govern her consent to access her data. Clearly, security and privacy guarantees are vital for the adoption of dynamic consent management systems. In particular, specific data protection guarantees can be required to comply with rules and laws (e.g., the General Data Protection Regulation (GDPR)). Since the primary instantiation of the dynamic consent management systems in the existing literature is towards developing sustainable e-healthcare services, in this paper, we study data protection issues in dynamic consent management systems, identifying crucial security and privacy properties and discussing severe limitations of systems described in the state of the art. We have presented the precise definitions of security and privacy properties that are essential to confirm the robustness of the dynamic consent management systems against diverse adversaries. Finally, under those precise formal definitions of security and privacy, we have proposed the implications of state-of-the-art tools and technologies such as differential privacy, blockchain technologies, zero-knowledge proofs, and cryptographic procedures that can be used to build dynamic consent management systems that are secure and private by design.

Clicks, comments, transactions, and physical movements are being increasingly recorded and analyzed by Big Data processors who use this information to trace the sentiment and activities of markets and voters. While the benefits of Big Data have received considerable attention, it is the potential social costs of practices associated with Big Data that are of interest to us in this paper. Prior research has investigated the impact of Big Data on individual privacy rights, however, there is also growing recognition of its capacity to be mobilized for surveillance purposes. Our paper delineates the underlying issues of privacy and surveillance and presents them as in tension with one another. We postulate that efforts at controlling Big Data may create a trade-off of risks rather than an overall improvement in data protection. We explore this idea in relation to the principles of the European Union's General Data Protection Regulation (GDPR) as it arguably embodies the new 'gold standard' of cyber-laws. We posit that safeguards advocated by the law, anonymization and pseudonymization, while representing effective counter measures to privacy concerns, also incentivize the use, collection, and trade of behavioral and other forms of de-identified data. We consider the legal status of these ownerless forms of data, arguing that data protection techniques such as anonymization and pseudonymization raise significant concerns over the ownership of behavioral data and its potential use in the large-scale modification of activities and choices made both on and offline.

This study examines the ethical issues surrounding the use of Artificial Intelligence (AI) in healthcare, specifically nursing, under the European General Data Protection Regulation (GDPR). The analysis delves into how GDPR applies to healthcare AI projects, encompassing data collection and decision-making stages, to reveal the ethical implications at each step. A comprehensive review of the literature categorizes research investigations into three main categories: Ethical Considerations in AI; Practical Challenges and Solutions in AI Integration; and Legal and Policy Implications in AI. The analysis uncovers a significant research deficit in this field, with a particular focus on data owner rights and AI ethics within GDPR compliance. To address this gap, the study proposes new case studies that emphasize the importance of comprehending data owner rights and establishing ethical norms for AI use in medical applications, especially in nursing. This review makes a valuable contribution to the AI ethics debate and assists nursing and healthcare professionals in developing ethical AI practices. The insights provided help stakeholders navigate the intricate terrain of data protection, ethical considerations, and regulatory compliance in AI-driven healthcare. Lastly, the study introduces a case study of a real AI health-tech project named SENSOMATT, spotlighting GDPR and privacy issues.

The growth of the distance education modality allows researchers to present varied studies related to the theme. Together with these studies emerge concepts such as Learning Analytics (LA). The LA is an area that will analyze, measure, collect and relate student data in their contexts. However, the use of this data brings with it a new concern regarding the protection, privacy and correct use of the data. The European Union already finds personal data protection legislation with a broad General Data Protection Regulation (GDPR). This article aims to present the result of a Systematic Literature Review that search to identify academic research related to Learning Analytics (LA) and General Data Protection Regulation (GDPR). After applying the inclusion and exclusion requirements of the selected articles ten articles were selected for analysis. With the analysis it is possible to identify an alignment between the LA and GDPR showing that LA should follow the guidelines of GDPR. O rápido crescimento da modalidade de educação a distância propiciou que pesquisadores apresentassem estudos variados relacionados ao tema. Junto a estes estudos emergem conceitos tais como o de Learning Analytics (LA), que se constitui em uma área que se propõe a medir, coletar, analisar e relatar dados de discentes em seus contextos. Todavia, o uso destes dados de discentes traz à tona nova preocupação relacionada a proteção, privacidade e o correto uso dos dados. A União Europeia já se encontra legislando sobre a proteção de dados pessoais com um amplo Regulamento Geral sobre a Proteção de Dados (GDPR). No Brasil, a legislação hoje disponível constitui-se na Lei Geral de Proteção de Dados Pessoais (LGPDP) e seu efeito se inicia em agosto de 2020. Este artigo tem por objetivo apresentar o resultado de uma Revisão Sistemática da Literatura (RSL) que buscou identificar pesquisas acadêmicas relacionadas a temática Learning Analytics (LA) e General Data Protection Regulation (GDPR). Após a aplicação dos critérios de Inclusão e exclusão sobre os artigos obtidos, foram selecionados dez artigos para análise. Com a análise foi possível concluir que existe um alinhamento entre os conceitos de LA e GDPR e que o LA deve seguir as orientações do GDPR. El rápido crecimiento de la modalidad de educación a distancia ha permitido a los investigadores presentar diversos estudios relacionados con el tema. Junto con estos estudios, surgen conceptos como Learning Analytics (LA), que es un área que tiene como objetivo medir, recopilar, analizar e informar datos de los estudiantes en sus contextos. Sin embargo, el uso de estos datos de los estudiantes plantea una nueva preocupación relacionada con la protección, la privacidad y el uso correcto de los datos. La Unión Europea ya está legislando sobre la protección de datos personales con un amplio General Data Protection Regulation(GDPR).Este artículo tiene como objetivo presentar el resultado de una Revisión sistemática de literatura (RSL) que buscó Identificar investigaciones académicas relacionadas con Learning Analytics (LA) y el General Data Protection Regulation (GDPR). Después de aplicar los criterios de inclusión y exclusión en los artículos obtenidos, se seleccionaron diez artículos para su análisis. Con el análisis fue posible concluir que existe una alineación entre los conceptos de LA y GDPR y que LA debe seguir las pautas de GDPR.

The rapid development of digital health poses a critical challenge to the personal health data protection of patients. The European Union General Data Protection Regulation (EU GDPR) works in this context; it was passed in April 2016 and came into force in May 2018 across the European Union. This study is the first attempt to test the effectiveness of this legal reform for personal health data protection. Using the difference-in-difference (DID) approach, this study empirically examines the policy influence of the GDPR on the financial performance of hospitals across the European Union. Results show that hospitals with the digital health service suffered from financial distress after the GDPR was published in 2016. This reveals that during the transition period (2016–2018), hospitals across the European Union indeed made costly adjustments to meet the requirements of personal health data protection introduced by this new regulation, and thus inevitably suffered a policy shock to their financial performance in the short term. The implementation of GDPR may have achieved preliminary success.

Businesses increasingly rely on algorithms that are data-trained sets of decision rules (i.e., the output of the processes often called “machine learning”) and implement decisions with little or no human intermediation. In this article, we provide a philosophical foundation for the claim that algorithmic decision-making gives rise to a “right to explanation.” It is often said that, in the digital era, informed consent is dead. This negative view originates from a rigid understanding that presumes informed consent is a static and complete transaction. Such a view is insufficient, especially when data are used in a secondary, noncontextual, and unpredictable manner—which is the inescapable nature of advanced artificial intelligence systems. We submit that an alternative view of informed consent—as an assurance of trust for incomplete transactions—allows for an understanding of why the rationale of informed consent already entails a right to ex post explanation.

Purpose This study explores global frameworks for healthcare data privacy, focusing on the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and the Protection of Personal Information Act (POPIA). It examines the challenges of regional regulatory disparities, systemic vulnerabilities identified through major health data breach case studies, and the potential of advanced technologies to enhance privacy protections. Methods A qualitative research approach was adopted, incorporating corpus construction and comparative analysis of legal and technical frameworks. The study also utilized case studies of significant health data breaches to identify vulnerabilities and evaluate the role of emerging technologies, such as artificial intelligence (AI) and machine learning (ML), in mitigating risks and enhancing regulatory compliance. Results Findings indicate that GDPR, CCPA, and POPIA set high standards for data protection but reveal significant variability in enforcement and technological adoption across regions. Challenges include inconsistent definitions of sensitive data, semantic discrepancies, a lack of standardized protocols, and limited information technology infrastructure in certain jurisdictions. Advanced technologies like AI and ML promise to address these gaps by improving data harmonization and security. Conclusions Addressing healthcare data privacy challenges requires harmonized global regulations, advanced technological tools, and international collaboration. Strengthening frameworks, enhancing information technology infrastructure, and employing semantic models and ontologies are essential for protecting sensitive data, ensuring compliance, and fostering public trust in digital healthcare systems.