Auflistung nach Schlagwort "GDPR"
1 - 10 von 30
Treffer pro Seite
Sortieroptionen
- KonferenzbeitragBalancing Privacy and Value Creation in the Platform Economy: The Role of Transparency and Intervenability(Open Identity Summit 2023, 2023) Astfalk, Stefanie; Schunck, Christian H.Data are essential in the platform economy to create value. Since the General Data Protection Regulation (GDPR) demands a high level of protection for personal data, it becomes challenging for small- and medium-sized businesses to provide both: data-based services and compliance to the GDPR. Therefore, the paper focuses on the privacy protection goals of transparency and intervenability to enable privacy friendly business models. To better understand how this approach supports the needs of small- and medium-sized platform providers, a qualitative interview study is conducted. Especially, the lack of legal certainty and the unclarity of how the GDPR can be implemented compliantly in practical terms is found to be a challenge. Based on the interviews, requirements are derived which a personal rights management tool enabling transparency and intervenability should fulfill such as supporting legal compliance or reducing operational complexity. In summary, small- and medium-sized platform providers see providing transparency and intervenability as a promising new approach which they are willing to deploy given the right personal rights management tool.
- TextdokumentBlockchain-based consent manager for GDPR compliance(Open Identity Summit 2019, 2019) Vargas; Juan CamiloThe General Data Protection Regulation represents great challenges for companies. This paper proposes a model of consent management for personal data that uses blockchain technology to help address part of these challenges. On the one hand, the model aims to facilitate compliance with the regulation and offer an agile tool for consent control and interaction between data subjects, controllers and processors. On the other hand, it aims to offer data subjects a tool to assert their rights and get bigger control over their consents and indirectly over personal data. A proof of concept was developed using Hyperledger Fabric and allowed to identify the benefits and challenges of the model.
- TextdokumentChances and Limitations of Personal and Anonymized Data Processing(INFORMATIK 2021, 2021) Selzer, AnnikaArticle 32 GDPR regulates the obligation to implement appropriate technical and organizational measures whenever personal data is being processed. In this paper, we want to link questions arising from taking appropriate technical and organizational measures with considering the chances and limitations of both, personal and anonymized data processing and the potential added value of personal and anonymized data exchange within a smart city context. We demonstrate the link through a legal analysis and 30 structured interviews with smart city participants.
- Conference PaperCode of Practice for Sensor-Based Learning(DELFI 2019, 2019) Yun, Haeseon; Riazy, Shirin; Fortenbacher, Albrecht; Simbeck, KatharinaSensor-based learning refers to utilizing physiological sensor data from learners and information from a learning environment to promote learning. Sensor data enclose learner’s personal information so ethical practice of adopting sensor data in learning analytics needs to be explored thoroughly. In this positional paper, we examine current ethical practices in learning analytics to derive a code of practice for sensor-based learning. Furthermore, we critically validate a wearable sensor device developed as a learning support against the derived code of practice.
- WorkshopbeitragData Privacy Management (DPM) - A Private Household Smart Metering Use Case(Mensch und Computer 2020 - Workshopband, 2020) Jakob, Dietmar; Wilhelm, Sebastian; Gerl, ArminThe automated collection of real life data in private households places special requirements on a Data Privacy Management (DPM) concept. The development and implementation of a DPM concept for use in a scientific environment is demonstrated according to a successful use case – the project BLADL. The intention of this paper is to provide a guideline for ethical and privacy-preserving data collection and management in research projects in the EU.
- KonferenzbeitragData Protection Impact Assessment in Identity Control Management with a Focus on Biometrics(Open Identity Summit 2020, 2020) Bisztray, Tamas; Gruschka, Nils; Mavroeidis, Vasileios; Fritsch, LotharPrivacy issues concerning biometric identification are becoming increasingly relevant due to their proliferation in various fields, including identity and access control management (IAM). The General Data Protection Regulation (GDPR) requires the implementation of a data protection impact assessment for privacy critical systems. In this paper, we analyse the usefulness of two different privacy impact assessment frameworks in the context of biometric data protection. We use experiences from the SWAN project that processes four different biometric characteristics for authentication purposes. The results of this comparison elucidate how useful these frameworks are in identifying sector-specific privacy risks related to IAM and biometric identification.
- ZeitschriftenartikelDatenschutz im Konzern(HMD Praxis der Wirtschaftsinformatik: Vol. 54, No. 6, 2017) Berning, Wilhelm; Keppeler, LutzNach der neuen EU-DSGVO kann es einen oder mehrere Verantwortliche für die gesetzeskonforme Verarbeitung personenbezogener Daten geben. Ausschlaggebend ist, wer die Entscheidungsbefugnis hinsichtlich Zweck und Mittel der Verarbeitung innehat. Die Identifikation der faktischen Verantwortung und die Operationalisierung auf handelnde Menschen gestalten sich insbesondere dann schwierig, wenn in Konzernen oder Unternehmensgruppen zentrale Funktionen personenbezogene Daten verarbeiten, wie etwa eine zentrale IT- oder Personalabteilung. Welcher Konzernteil für die Umsetzung der über 30 bußgeld-bewehrten Verpflichtungen der DSGVO verantwortlich ist, ergibt sich keinesfalls von selbst. Anhand einer beispielhaften Konzernstruktur entwickelt dieser Beitrag eine Methodik, um für eine zentralisierte Verarbeitung von Mitarbeiterdaten die faktische Verantwortung mehrerer Verantwortlicher für ein und dieselbe Verarbeitung zu identifizieren und anwendbar zu machen.AbstractAccording to the new EU GDPR, there may be one or more controller for the compliant processing of personal data. The decisive factor is who holds the decision-making power with regard to the purpose and means of processing. The identification of the factual responsibility and the operationalization on acting people are particularly difficult when within groups central functions of the group process personal data, such as a central IT or personnel department. Which part of the company is responsible for the implementation of the more than 30 fined obligations of the GDPR is not by itself self-evident. Based on an exemplary group structure, this article develops a methodology to identify the factual responsibility of more than one controller for a centralized processing of employee data. The methodology shows how the joint controllers can be identified and how it is applicable.
- ZeitschriftenartikelDatenschutzgrundverordnung (DSGVO): Bewältigung der Herausforderungen mit Unternehmensarchitekturmanagement (EAM)(HMD Praxis der Wirtschaftsinformatik: Vol. 55, No. 5, 2018) Koç, Hasan; Eckert, Kai; Flaig, DanielDatenschutz nimmt eine zunehmend größere Bedeutung in der modernen Datenverarbeitung ein. Seit dem 25. Mai 2018 müssen Unternehmen der EU-Datenschutz-Grundverordnung (EU-DSGVO) entsprechen. Ziel ist die Vereinheitlichung der Datenschutzgesetze aller 28 Mitgliedstaaten der EU. Unternehmen können bei Verstößen mit Bußgeldern bis zu 20 Mio. € oder vier Prozent des weltweiten Jahresumsatzes sanktioniert werden. Aktuelle Studien verdeutlichen, dass die Anzahl der Unternehmen, die den Vorgaben der EU-DSGVO entsprechen, gering ist. In diesem Zusammenhang stehen Unternehmen vor verschiedenen Herausforderungen, wie bspw. undeutliche Interpretationen der EU-DSGVO und die einhergehende Komplexität bei der Anwendung der Verordnung in der Praxis. Unternehmensarchitekturen liefern eine holistische Sicht auf wesentliche Artefakte einer Organisation. Dies geschieht durch eine Verknüpfung über verschiedene Ebenen (z. B. Business und IT). Diese Strukturen sind im Kontext der EU-DSGVO unerlässlich um festzuhalten, warum Daten verarbeitet werden und in welchen Systemen sie gespeichert sind. Vor diesem Hintergrund empfehlen wir, basierend auf den Konzepten des Unternehmensarchitekturmanagements, einen systematischen Ansatz zur Einführung eines DSGVO Projektes. Die vorgestellte Methode wird derzeit bei einem international führenden Softwarehersteller eingesetzt, unter Einhaltung des Design Science Research Paradigmas entwickelt, und evaluiert. Data protection is playing an increasingly important role in modern data processing. Beginning with May 25, 2018, companies need to comply with General Data Protection Regulation (GDPR), a regulation to standardize the data protection laws across all 28 EU countries. In case of a noncompliance, the companies can be fined up to 4% of annual global turnover or €20 million. Recent studies show that the rate of the companies that put the GDPR requirements into practice is quite low. One challenge in this context is vague interpretations of GDPR and the complexity of applying the regulation in practice. Enterprise architectures deliver a holistic view of essential artefacts in an organization. This is achieved by relating information across different domains, e. g. Business and IT. In the GDPR context, such structures deem to be vital when it comes to documenting why the data is processed and in which systems it is stored. To this end, we propose a systematic approach on how to introduce a GDPR project in organizations drawing on the concepts of Enterprise Architecture Management. The approach, which is currently being used in an internationally leading software manufacturer, is developed and evaluated in line with design science research paradigm.
- ZeitschriftenartikelDPMF: A Modeling Framework for Data Protection by Design(Enterprise Modelling and Information Systems Architectures (EMISAJ) – International Journal of Conceptual Modeling: Vol. 15, Nr. 10, 2020) Sion, Laurens; Dewitte, Pierre; Van Landuyt, Dimitri; Wuyts, Kim; Valcke, Peggy; Joosen, WouterBuilding software-intensive systems that respect the fundamental rights to privacy and data protection requires explicitly addressing data protection issues at the early development stages. Data Protection by Design (DPbD)—as coined by Article 25(1) of the General Data Protection Regulation (GDPR)—therefore calls for an iterative approach based on (i) the notion of risk to data subjects, (ii) a close collaboration between the involved stakeholders and (iii) accountable decision-making. In practice, however, the legal reasoning behind DPbD is often conducted on the basis of informal system descriptions that lack systematicity and reproducibility. This affects the quality of Data Protection Impact Assessments (DPIA)—i.e. the concrete manifestation of DPbD at the organizational level. This is a major stumbling block when it comes to conducting a comprehensive and durable assessment of the risks that takes both the legal and technical complexities into account. In this article, we present DPMF, a data protection modeling framework that allows for a comprehensive and accurate description of the data processing operations in terms of the key concepts used in the GDPR. The proposed modeling approach supports the automation of a number of legal reasonings and compliance assessments (e.g., purpose compatibility) that are commonly addressed in a DPIA exercise and this support is strongly rooted upon the system description models. The DPMF is supported in a prototype modeling tool and its practical applicability is validated in the context of a realistic e-health system for a number of complementary development scenarios.
- KonferenzbeitragEmerging biometric modalities and their use: Loopholes in the terminology of the GDPR and resulting privacy risks(BIOSIG 2021 - Proceedings of the 20th International Conference of the Biometrics Special Interest Group, 2021) Bisztray, Tamás; Gruschka, Nils; Bourlai, Thirimachos; Fritsch, LotharTechnological advancements allow biometric applications to be more omnipresent than in any other time before. This paper argues that in the current EU data protection regulation, classification applications using biometric data receive less protection compared to biometric recognition. We analyse preconditions in the regulatory language and explore how this has the potential to be the source of unique privacy risks for processing operations classifying individuals based on soft traits like emotions. This can have high impact on personal freedoms and human rights and, therefore, should be subject to data protection impact assessment.
- «
- 1 (current)
- 2
- 3
- »