• PDF / 2,924,508 Bytes
• 21 Pages / 439.37 x 666.142 pts Page_size
• 93 Downloads / 259 Views

DOWNLOAD

REPORT

2

1

Maticmind S.p.A., Via Mario Carucci 131, 00143 Rome, Italy [email protected] ISC Information Sharing Company s.r.l, Via Paolo Emilio 7, 00192 Rome, Italy [email protected] 3 University of the Aegean, Palama 2, 83200 Karlovassi, Samos, Greece [email protected] 4 Politecnico di Milano, Via Ponzio, 34/5, 20133 Milan, Italy [email protected]

Introduction

During the last years data became a central asset for more and more of companies, where it is used to reach their business objectives. For example, stock exchange companies intensively use historical data on transactions to foresee the trend of the market; companies that have direct interactions with people customize their services based on the data about behaviour of customers. One of the most precious type of data managed by companies, is personal information, i.e., information that can be linked to persons and can be used, for example, for profiling of targeted advertisement. Luckily such wild usage of data has been limited by privacy laws. However, laws had substantial differences [12] allowing companies to exploit weak points based on how they want to process such data. Before May 2018, each state of European Union had its own privacy law and companies were allow to process data of all European Union (EU) citizens using the privacy law of the state where the headquarters where placed. This allowed companies to, essentially, chose the privacy law most suited to their data processing. Luckily in May 2018 the European Union adopted a unified privacy law called General Data Protection Regulation (GDPR), which unifies the privacy laws of the EU member states and adopts novel concepts of protection in order to regulate the new massive usage of information and, specifically, of personal data. GDPR regulates the management of personal data and defines severe financial consequences if such regulation is broken. Nevertheless, many organizations and companies are not yet ready to handle personal data and demonstrate that the data are managed as specify by GDPR. This section analyses GDPR, and in particular the privacy by design concept, i.e., how to create systems compliant with privacy regulation right from its design. After that, it describes an approach, used as basis for the rest of the book, where privacy agreements between users and organizations are specified as a form of contract. c Springer Nature Switzerland AG 2020  M. Salnitri et al. (Eds.): Visual Privacy Management, LNCS 12030, pp. 1–21, 2020. https://doi.org/10.1007/978-3-030-59944-7_1

2

A. Praitano et al.

2

Privacy Law Analysis

This section describes the contexts of the GDPR and the main concepts (called pillars) on which it is based. 2.1

Evolution of the European Data Protection Law

In 2016, after a long discussion for the finalization of the update process, the European Parliament and the Commission approved the first part of the new European Data Protection framework that will replace the “old” Directive 95/46/EC [6]. The update of the legislation had become no longer

Recommend Documents

An Introduction to Cucurbits

207 91 9MB

An Introduction to TypeScript

208 90 2MB

An Introduction to Linguistics

260 20 30MB

Introduction to Privacy and Anonymity in Information Management Systems

195 90 157KB

Correction to: Which Privacy Policy Works, Privacy Assurance or Personalization Declaration? An Investigation of Privacy

165 95 333KB

An Introduction to Statistical Mechanics

198 50 2MB

An Introduction to Catalan Numbers

196 103 4MB

An Introduction to Healthy Places

189 0 700KB

An Introduction to Linguistic Summaries

182 74 7MB

An Introduction to Riemann Surfaces

227 65 5MB

An Introduction to Differential Manifolds

173 47 4MB

An Introduction to Mine Hydrogeology

172 60 1MB