Questions related to Data Protection
The impact of digital health technologies on healthcare system is becoming relevant day in day out and its adoption is making access to to patient care more easily accessible.
Introduction of deep learning into the security of EHR data is one of the areas that is being looked into, to ascertain better protection of these sensitive personal identifiable data.
Your input will help a lot to ensure great achievement of this project.
As an important factor of production, data is actively protected by criminal law in most countries, such as Germany and the United States.
But where is the boundary of criminal law protection?
How can protection be achieved for the entire data life cycle (fetch, process, expose, store, and destroy)?
What are the differences between criminal law obligations undertaken by different subjects (platforms, countries and individuals)?
please give me your answer
I obtained a dataset from an official body. The data is tabulated so in the cells there are actual case numbers. When the numbers are lower than three but higher than zero they are intentionally removed as a result of data protection. I wanted to run an imputation model to impute those numbers in SPSS. However the model impute values lower than zero (even minus 56). When I put the options like one for the lowest value and two for the highest value the process ends with empty cells. Does anyone recommend anything to overcome this obstacle?
My name is Laura Lomax and I am an undergraduate student at the University of Bolton completing my 3rd-year project, under the supervision of Professor Jerome Carson. My study is examining whether adverse childhood experiences (ACES), affect an individual’s level of flourishing in adulthood.
Your participation should take approximately 10-15 minutes and will require minimal demographic information such as age, gender, and country. There are two questionnaires to complete, with eight short questions at the end. The first questionnaire consists of 10 questions regarding Adverse Childhood Experiences and the second questionnaire has a total of 23 questions that all relate to one’s flourishing.
Participation in the study is voluntary and you are free to withdraw from the study at any time before the last question. Completing the survey is giving your consent to participate. Once you have completed the questionnaire and pressed ‘submit’, you will no longer be able to withdraw from the study. Please note that all responses to this study are completely anonymous and your identity will remain unknown throughout. Once submitted, all data will be stored in line with the General Data Protection Regulation. The only people with access to the results are the researcher and her supervisor.
This study has been approved by the Psychology Department’s ethical committee, which adheres to the British Psychological Society’s guidelines. It is not my intention to cause you any psychological distress, however, some questions are of a sensitive nature that you may find distressing. If this is the case, or if you are interested in receiving any support about any issues raised in this study, please contact the following helplines:
Samaritans (UK & Ireland) – Call 116 123
CALM – 0800 58 58 58
Thank you for taking the time to complete the study. Should you feel you require any additional information concerning this study either before completing it or afterwards, please do not hesitate to contact me via email at firstname.lastname@example.org My supervisor’s details are J.Carson@bolton.ac.uk
Link to study: https://forms.gle/bTznoPJvyxj6GyMXA
The EU General Data Protection Regulation (GDPR) is among the world’s toughest data protection laws. Under the GDPR, the EU’s data protection authorities can impose fines of up to up to €20 million (roughly $2,372,000), or 4 percent of worldwide turnover for the preceding financial year—whichever is higher.
Since the GDPR took effect in May 2018, we’ve seen over 800 fines issued across the European Economic Area (EEA) and the U.K. Enforcement started off somewhat slow. But between July 18, 2020, and July 18, 2021, there was a significant increase in the size and quantity of fines, with total penalties surging by around 113.5%. And that was before the record-breaking fine against Amazon—announced by the company in its July 30 earnings report—which dwarfed the cumulative total of all GDPR fines up until that date.
Top 10 fines so far:
- Amazon — €746 million
- Google – €50 million
- H&M — €35 million
- TIM – €27.8 million
- British Airways – €22 million
- Marriott – €20.4 million
- Wind — €17 million
- Vodafone Italia — €12.3 million
- Notebooksbilliger.de — €10.4 million
- Eni — €8.5 million
More details: https://www.tessian.com/blog/biggest-gdpr-fines-2020/
Hello. I am conducting a psychological research study with participants in the UK, and I want to know what privacy and data protection rules there are about recording participants' microphone audio and camera video for research purposes. We have a video-conferencing simulation with a virtual human (recorded actor) and would like to record short clips of participants' audio and video during the video interaction. Is this possible, and, if so, what types of informed consent and data protection need to be provided?
Thank you so much.
Given the privacy and data protection concern, is there a good place to get anonymous runners training data for their previous marathon for academic research purpose? What are that proper ways to ask companies, such as Garmin, Strava etc. for a dataset for research purpose?
Even though the idea of a "pay with money not with data" principle is not new in the literature, so far this idea has not translated into domestic legislation. Why? Are there hurdles or obstacles to it? if so, of what nature (legal, political, financial)? If such principle were to be implemented, what should be the features of a corresponding legal provision under domestic law? Regarding the international regulatory framework of data protection, you are welcome to look at my last research on the matter at :
The compatibility of DLT-based applications with the GDPR has been reviewed in the past years, but the conclusions were in general not very sharp. Often, scholars underscored the fact that compatibility or lack thereof can only be assessed on a case-by-case basis. This is at least the conclusion I drew in my article on the matter, available at :
Many thanks for a lively discussion.
CALL FOR CONTRIBUTIONS
Cyber-Physical Systems in Pandemic Monitoring and Management
Special Issue for the Cyber-Physical Systems Journal
Cyber-Physical Systems in Pandemic Monitoring and Management
This special issue addresses the timely theme of tackling challenges associated with managing infectious diseases. As witnessed in the outbreaks of many infectious diseases such as SARS and swine flu over the past couple of decades, and more recently another wave of global pandemic, the substantial volume of human traffic from country to country has posed substantial challenges to public health systems.
Utilizing integrated solutions of computation, networked sensors, and physical processes; cyber-physical systems are well-suited as monitoring systems for effective disease-spread simulation analysis that enables health resource management in tackling the current global epidemic as well as any infectious disease outbreaks that may happen in the future.
Given the urgent need for modeling disease transmission behavior in highly infectious risk areas and mitigation strategies under different outbreak circumstances, this special issue invites manuscript submissions in the following topics, but not limited to:
- Physical processes in air quality control for ventilation enhancement
- Disease transmission and spread modelling
- Pandemic data protection and management system architecture
- Social impact and socio-technology development of CPS in healthcare
- Data mining and analytics for analyzing public health data
- Model-based design, validation and implementation of CPS
- Model driven disease transmission simulation
- Transportation scenarios in confined spaces (e.g. trains, ships, airplanes)
- Sensor networks
- Data Fusion of epidemiological knowledge
- Ethical and regulatory issues concerning CPS deployment in fighting pandemic
For details please visit:
Paper submission due: October 15, 2020
Notification of decision: December 23, 2020
Revision due: January 15, 2021
Acceptance notification: February 28, 2021
Approximate publication date: Spring 2021, subject to journal publication schedules
Hello everyone, right now I am working in the very initial phase of a dissertation proposal revolving around the Article 16 and Article 17 of the EU GDPR, and compliance of a Blockchain model to it.
Over 10000 people from 84 countries have already participated. Survey available in 24+ languages. In order to join, please visit: https://www.yashchawla.in/corona-virus
Description: Researchers, policymakers and societies alike are increasingly discussing the New Corona Virus (COVID-19) situation, globally and in their respective countries of residence. The European Commission, national governments and private foundations invest large amounts of money for research, focusing on finding the potential cure for the virus.
In line with these developments, our international research consortium is conducting a research survey to better understand public awareness, opinions of COVID-19, and the role of various communication channels in the propagation of myths and facts. We invite you to participate in this anonymous survey, as learning about your opinions will help us to provide recommendations to both, research institutions and policymakers, regarding the process of effective communication with society. The results of this survey will be published in international academic outlets, with no identifiers to individual respondents. The data collection procedures are in-line with the General Data Protection Regulations (GDPR).
A need for Data Protection Officers is emerging very fast. After adoption of GDPR, organizations worldwide need hundreds of thousands of DPOs. Are universities ready, are there enough data privacy programs/courses that putts together information security and law?
Do you think Data Protection Officer should be a lawyer or an infosec expert? Since it is very hard to get 2 in 1 in one person, do you thing that DPO should be a team of at least two people?
The data protection officer shall be designated on the basis of professional qualities and, in particular, expert knowledge of data protection law and practices and the ability to fulfil the tasks referred to in Article 39.
Tasks of the data protection officer
1. The data protection officer shall have at least the following tasks:
(a) to inform and advise the controller or the processor and the employees who carry out processing of their obligations pursuant to this Regulation and to other Union or Member State data protection provisions;
(b) to monitor compliance with this Regulation, with other Union or Member State data protection provisions and with the policies of the controller or processor in relation to the protection of personal data, including the assignment of responsibilities, awareness-raising and training of staff involved in processing operations, and the related audits;
(c) to provide advice where requested as regards the data protection impact assessment and monitor its performance pursuant to Article 35;
(d) to cooperate with the supervisory authority;
(e) to act as the contact point for the supervisory authority on issues relating to processing, including the prior consultation referred to in Article 36, and to consult, where appropriate, with regard to any other matter.
2. The data protection officer shall in the performance of his or her tasks have due regard to the risk associated with processing operations, taking into account the nature, scope, context and purposes of processing.
I am looking for case studies of actual privacy risks. At the core of privacy and data protection impact assessments, we find the concept of 'risk' meaning - in this case - the probability of a threat to personal data and the possible harm or damage caused by this threat. E.g. I fall victim to a phishing attack and the attacker gains access to my bank account, the actual harm being that my account is emptied. Another example would be that my account at a social media platform is hacked and my identity is used to "go shopping".
Now, one finds a lot of literature on privacy (PIA) and data protection impact assessments (e.g. the edited volume by Wright and De Hert (2012) on PIA), on the potential risks of low levels of data security (e.g. Rosner, Kenneally (2018): Clearly Opaque: Privacy Risks of the Internet of Things), on technological and organization standards (e.g. ISO 27001 on Information security management), or on the regulatory frameworks of privacy and data protection (e.g. everything on the details of the GDPR in the EU). But I have a hard time to find research results evaluating actual risks similar to your risk to fall victim to a traffic accident, have your home being broken into, or get cancer.
I would welcome any hint to empirical publications on actual privacy risk analysis be it from medical, social, internet-based or any other research that you consider as most important. I am *not* looking for literature on how to conduct privacy and data protection impact assessments or standards for this purpose. Thank you.
Has the the the GDPR effectuated the application and enforcement of data protection controls in the non-European countries? How has it impacted on your own country's legal system (if applicable)?
I am participating in a scientific study. Our general aim is to collect financial information about the amount of the funds that natural protected areas are using (and a breakdown of the spending of those funds), and what is the estimated budget needed for the PA system to achieve its objectives (the ideal budget). At the country level, or broken down in individual protected areas.
Apart from that, we have more specific questions, like how much would it cost to create new protected area, and how much is the positive economic value of the protected area, taking into account ecosystem services and visitor-based income.
If you were so kind as to help me, I would be very grateful. Many thanks and best regards
The General Data Protection Regulation (GDPR) has been in force since May 2018 and thus for almost a year. Do you know of cases in which fines were imposed for violating the requirements of the GDPR? How high were these fines and which companies were affected? Background of the question are the fears of the fines at that time (up to 20 million Euro or in the case of a company up to 4% of the total worldwide annual turnover of the previous business year). To what extent were these fears justified?
Implementation of GDPR will reduce the access to personal data by the corporations in several aspects. The effects will have several pros and cons for the economy and business. What are the prospects that GDPR will effect?
I was wondering what the feelings were (esp for those in the EU) about the new General Data Protection Regulation (GDPR) that comes online in 4 months...
In my opinion, information contained in posts, posts, comments on social media portals can be used as research material, which can be used for scientific research if appropriate standards of ethics and personal data protection are maintained.
In view of the above, I am asking you: Does the information contained in posts, posts, comments on social media portals can be used for scientific research?
I invite you to the discussion
Thank you very much
Dear Friends and Colleagues of RG
The problems of the analysis of information contained on social media portals for marketing purposes are described in the publication:
I invite you to discussion and cooperation.
The ongoing saga of improper access to personal medical data continues despite the multitude of computing standards for data protection.
Could Blockchain ensure the security of patient data while allowing access to appropriate healthcare staff?
I will be really thankful if you share your experience , research, pre-prints on the impact of GDPR on planning and executing the surveys. How you achieve the consent for data protection? Whaat is the respondent reaction? What is the response rate after GDPR? We expect some decrease, for now more visible in online surveys than in face-to-face.
The GDPR seems to be more a protectionist initiative for large and rich publishers. They say that "the GDPR improves transparency and data privacy rights of individuals", but seems to be an initiative to restrict science and reduces the access to information, but is it? Please you must say what your opinion.
I am currently working on a catalogue of good practices in the sphere of privacy and data protection learning and this information will help me decide if to include your project in the catalogue.
Thank you in advance,
The use of big data to target groups with advertising is a mild form of manipulation but considering all the things that it could be used for, good and bad, how can a set of ethics be maintained until there is some way of policing the internet. There is a very fine line between using big data to protect people to using it to control people.
I am wondering particularly in light of the new general data protection regulation coming into force across Europe shortly. We found data protection presented a significant challenge in our long term cohort follow up study.
Today, in the UK, the Department of Digital, Culture, Media and Sport (DCMS) announced that organisations could face a fine of 4% of global turnover or £17 million for the failure of critical infrastructure, including within energy, water, transport, and health. Overall it is part of the UK's response to an EU directive on Network and Information Systems (NIS), and levies the same levels of fines of GDRP (which focuses on data protection).
This also comes on the back of recent power-related outages at BA and Capita, which led to serious problems their systems. A key focus is that organisations will be required to prove that they have a disaster recovery plan in place, and have plans to enact it on serious incidents.
But, will fines actually improve things or will auditors and the legal industry be rubbing their hands with the increasing fees for the work?
When working with collaborators in Switzerland it became obvious that the government shot itself in the foot when regulating the use and transfer of patient data. Even some of the simple anonymized statistical data sets require permission from the ethics committee.
These country-specific regulations also serve as a barrier to entry when asking someone for a data set from a published paper in order to replicate their experiments to see if these experiments are reproducible.
In your experience, what are the best countries (including Asia), where data transactions for research purposes are not regulated and most fluid?
I am doing reseach on electronic solutions to substitute the Excel/Word checklist to facilitate the Inspectors' tasks and then a possible second phase to support the centres' preparations. Do members have any suggestions of solutions that you have seen and that could work as an alternative to the current Excel file? One requirement is that the solution is hosted in the EU to meet data protection requirements.
Hello! I am doing Master of Laws in Criminal Procedure in São Paulo (Brazil) and my dissertation involves data protection according to its sensitivity aspect. The main objective of my dissertation is to study the classification of data, mainly the sensitive category, i.e., when this category came up, in which context this category came up, how can I define sensitive data, which parameters could be used to conclude that a data is sensitive, etc. Does anyone have/know any article/book related to this subject? Tks
I have downloaded some tools from these links: http://www.acunetix.com/download-8991-2/
but I'm not able to generate reports from these free trial tools.
I am interested to find the advantages for each method , because there are a lot of researchers used k-anonymity and they were make many enhancement to it. Some others worked on l-diversity also for protecting sensitive data privacy.If anyone know other techniques I appreciate that..
Which algorithm of anonymous data is more useful to preserve a big data from a data analizer. For example I want to outsourcing a database for data mining. What is the effective data anonimizing in the big data to protect the personal infomation?
The future data protection package includes a General Regulation and a Directive on the protection of individuals with regard to the processing of personal data by competent authorities for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and the free movement of such data.
However, the data protection package initially leaves unaffected Prüm regime as was pointed out by the European Data Protection Supervisor (Opinion of the European Data Protection Supervisor on the data protection reform package, 7 March 2012, 443, page 68 ).
The Amendment 6 of EU Parliament (14 March 2014) introduced it. (EP legislative resolution of 12 March 2014 COM(2012)0010 – C7-0024/2012 – 2012/0010(COD)) Today (4 December 2014) is in discussion within the Council (http://eur-lex.europa.eu/procedure/EN/201285)
I am interested in know any comments or articles regarding this question, thanks!
Hi All. I'm Khairil from Malaysia.
Currently, I've being working on developing a model / framework regarding the Data Leakage Protection for government sector. Does anyone have references? Thank you so much for your help.
Patient clinical data is private and acquiring it for research especially by researchers outside the affiliation to healthcare organisations can be close to impossible. Even when such data is anonymised.
Can patient data be simulated? Will it then be considered applicable for use in a research?
Are there any samples of simulated data which can be tested?
Dear colleagues, we are looking for data on informality among firms in Latin America, and comparisons to other emerging regions.
In particular, we would like to know estimates of the share of firms not registered (while they should); or firms paying taxes, etc...
Apparently, some household surveys include the question, but we would favor firm surveys.
Note: The WB Entreprise survey only surveys formal firms, and how they compete with informal ones.
The data protection can be studied in the two different angles, that is technical and legal. Can we consider data security as a technical issue and data protection as a legal issue?
Using file entropy or the chi square test seems to generate too many false positives (i.e., encrypted files are reported as unencrypted).
Perhaps one can use the FRSS score mentioned on page 12 here (https://www.utica.edu/academic/institutes/ecii/publications/articles/A0B3DC9E-F145-4A89-36F7462B629759FE.pdf), but I'm not sure how to apply that patch to SleuthKit.
My main concern is how to identify individuals who are prone to manifest psychological or social problems even in a well-managed and friendly working environment, without infringing their personal space and having in consideration data protection issues.
Like techniques for ensuring the integrity of data on the server-side (the service providers) or during the transfer of the data.
In Clinical database management system, researchers can handle enormous patient records. Those records may consist of sensitive information. How to preserve the individual privacy of patients in clinical data management and biobank?