Browsing by Keyword "GDPR"
Now showing 1 - 3 of 3
Results Per Page
Sort Options
Item Information technologies exposing children to privacy risks: Domains and children-specific technical controls: Domains and children-specific technical controls(2022-08) Crepax, Tommaso; Muntés-Mulero, Victor; Martinez, Jabier; Ruiz, Alejandra; SWT; QuantumEU data protection law requires that digital service providers and system developers put in place technical measures that are adequate to protect children’s informational privacy. The stringent legal obligations of implementing principles of data protection by design into digital systems intensified the engineers’ need to create processes and technological solutions to enhance children’s privacy in digital services. However, in several cases, generic controls have proven to have limited effects on the protection of children’s privacy, raising questions about the need to further develop children- specific technical controls. This paper contributes to address the need for privacy controls by providing (a) a summary of real-world applications of information technologies domains that expose children to privacy risks, and (b) a list that represents the state-of-the-art of the technical controls designed specifically to protect children’s privacy. We identify 24 technical controls that we manually classify with NIST Security and Privacy control categories and Hoepman’s Privacy design strategies. We find that most controls relate to identification and authentication, many of which in the form of techniques for age verification. In general, the vast majority of controls belong to minimization strategies. Our findings show that the field of technical controls specifically designed for children is yet to be developed.Item Service Level Agreement-based GDPR Compliance and Security assurance in (multi)Cloud-based systems(2019-06-01) Rios Velasco, Erkuden; Iturbe, Eider; Larrucea, Xabier; Rak, Massimiliano; Mallouli, Wissam; Dominiak, Jacek; Muntes, Victor; Matthews, Peter; Gonzalez Moctezuma, Luis; Gonzalez, Luis; Tecnalia Research & Innovation; CIBERSEC&DLTCompliance with the new European General Data Protection Regulation (Regulation (EU) 2016/679) and security assurance are currently two major challenges of Cloud-based systems. GDPR compliance implies both privacy and security mechanisms definition, enforcement and control, including evidence collection. This paper presents a novel DevOps framework aimed at supporting Cloud consumers in designing, deploying and operating (multi)Cloud systems that include the necessary privacy and security controls for ensuring transparency to end-users, third parties in service provision (if any) and law enforcement authorities. The framework relies on the risk-driven specification at design time of privacy and security level objectives in the system Service Level Agreement (SLA) and in their continuous monitoring and enforcement at runtime.Item Smart Grid Challenges Through the Lens of the European General Data Protection Regulation(Springer, 2020) Martinez, Jabier; Ruiz, Alejandra; Puelles, Javier; Arechalde, Ibon; Miadzvetskaya, Yuliya; Siarheyeva, Alena; Barry, Chris; Lang, Michael; Linger, Henry; Schneider, Christoph; SWT; Quantum; DIG_LIF_SKI; Tecnalia Research & InnovationThe General Data Protection Regulation (GDPR) was conceived to remove the obstacles to the free movement of personal data while ensuring the protection of natural persons with regard to the processing of such data. The Smart Grid has similar features as any privacy-critical system but, in comparison to the engineering of other architectures, has the peculiarity of being the source of energy consumption data. Electricity consumption constitutes an indirect means to infer personal information. This work looks at the Smart Grid from the perspective of the GDPR, which is especially relevant now given the current growth and diversification of the Smart Grid ecosystem. We provide a review of existing works highlighting the importance of energy consumption as valuable personal data as well as an analysis of the established Smart Grid Architecture Model and its main challenges from a legal viewpoint, in particular the challenge of sharing data with third parties.