Browsing by Keyword "Privacy"
Now showing 1 - 7 of 7
Results Per Page
Sort Options
Item Enhancing GDPR compliance through data sensitivity and data hiding tools(2021) Larrucea, Xabier; Moffie, Micha; Mor, Dan; Tecnalia Research & InnovationSince the emergence of GDPR, several industries and sectors are setting informatics solutions for fulfilling these rules. The Health sector is considered a critical sector within the Industry 4.0 because it manages sensitive data, and National Health Services are responsible for managing patients’ data. European NHS are converging to a connected system allowing the exchange of sensitive information cross different countries. This paper defines and implements a set of tools for extending the reference architectural model industry 4.0 for the healthcare sector, which are used for enhancing GDPR compliance. These tools are dealing with data sensitivity and data hiding tools A case study illustrates the use of these tools and how they are integrated with the reference architectural model.Item Ethical and legal implications for technological devices in clinical research in Europe: Flowchart design for ethical and legal decisions in clinical research(Association for Computing Machinery, 2021-09-22) Garzo, Ainara; Garay-Vitoria, Nestor; Molina-Tanco, Luis; Manresa-Yee, Cristina; Gonzalez-Gonzalez, Carina; Montalvo-Gallego, Blanca; Reyes-Lecuona, Arcadio; Medical TechnologiesIn recent years engineers developing new technologies with assistive or medical purposes have become aware that to create acceptable and usable solutions they need to involve final users, patients and stakeholders in the design, development and evaluation of systems as well as in the device certification processes. Involving stakeholders in such processes has several ethical and legal implications. It has become evident that it is still difficult for engineers in Europe to know which ethical and legal processes should be carried out as they have not been previously trained in these issues during their studies. This article is a review of the laws, standards and recommendations applicable in Europe concerning human involvement in new technologies research, with the aim of helping researchers in the region in question to identify the ethical and legal issues that could arise during those tasks. This review has been carried out in response to the identified need on the part of technological researchers. The design of a flowchart is presented as a summary of the interpretation of the documentation reviewed with the aim of helping the researchers to take the ethical and legal decisions that apply to research involving humans. The flowchart presented has been validated with various research projects in which the authors have participated. The proposed conceptual design can be used for taking decisions, but it is suggested that a tool based on this design be built with the aim of making decision taking easier for researchers in this area.Item Information technologies exposing children to privacy risks: Domains and children-specific technical controls: Domains and children-specific technical controls(2022-08) Crepax, Tommaso; Muntés-Mulero, Victor; Martinez, Jabier; Ruiz, Alejandra; SWT; QuantumEU data protection law requires that digital service providers and system developers put in place technical measures that are adequate to protect children’s informational privacy. The stringent legal obligations of implementing principles of data protection by design into digital systems intensified the engineers’ need to create processes and technological solutions to enhance children’s privacy in digital services. However, in several cases, generic controls have proven to have limited effects on the protection of children’s privacy, raising questions about the need to further develop children- specific technical controls. This paper contributes to address the need for privacy controls by providing (a) a summary of real-world applications of information technologies domains that expose children to privacy risks, and (b) a list that represents the state-of-the-art of the technical controls designed specifically to protect children’s privacy. We identify 24 technical controls that we manually classify with NIST Security and Privacy control categories and Hoepman’s Privacy design strategies. We find that most controls relate to identification and authentication, many of which in the form of techniques for age verification. In general, the vast majority of controls belong to minimization strategies. Our findings show that the field of technical controls specifically designed for children is yet to be developed.Item Mass surveillance and technological policy options: Improving security of private communications: Improving security of private communications(2017-02-01) Schuster, Stefan; van den Berg, Melle; Larrucea, Xabier; Slewe, Ton; Ide-Kostic, Peter; Tecnalia Research & Innovation; Digital BaseThe 2013 Snowden revelations ignited a vehement debate on the legitimacy and breadth of intelligence operations that monitor the Internet and telecommunications worldwide. The ongoing invasion of the private sphere of individuals around the world by governments and companies is an issue that is handled inadequately using current technological and organizational measures. This article(1) argues that in order to retain a vital and vibrant Internet, its basic infrastructure needs to be strengthened considerably. We propose a number of technical and political options, which would contribute to improving the security of the Internet. It focuses on the debates around end-to-end encryption and anonymization, as well as on policies addressing software and hardware vulnerabilities and weaknesses of the Internet architectureItem Privacy-enhancing distributed protocol for data aggregation based on blockchain and homomorphic encryption(2021-11) Regueiro, Cristina; Seco, Iñaki; de Diego, Santiago; Lage, Oscar; Etxebarria, Leire; CIBERSEC&DLT; Tecnalia Research & InnovationThe recent increase in reported incidents of security breaches compromising users' privacy call into question the current centralized model in which third-parties collect and control massive amounts of personal data. Blockchain has demonstrated that trusted and auditable computing is possible using a decentralized network of peers accompanied by a public ledger. Furthermore, Homomorphic Encryption (HE) guarantees confidentiality not only on the computation but also on the transmission, and storage processes. The synergy between Blockchain and HE is rapidly increasing in the computing environment. This research proposes a privacy-enhancing distributed and secure protocol for data aggregation backboned by Blockchain and HE technologies. Blockchain acts as a distributed ledger which facilitates efficient data aggregation through a Smart Contract. On the top, HE will be used for data encryption allowing private aggregation operations. The theoretical description, potential applications, a suggested implementation and a performance analysis are presented to validate the proposed solution.Item Service Level Agreement-based GDPR Compliance and Security assurance in (multi)Cloud-based systems(2019-06-01) Rios Velasco, Erkuden; Iturbe, Eider; Larrucea, Xabier; Rak, Massimiliano; Mallouli, Wissam; Dominiak, Jacek; Muntes, Victor; Matthews, Peter; Gonzalez Moctezuma, Luis; Gonzalez, Luis; Tecnalia Research & Innovation; CIBERSEC&DLTCompliance with the new European General Data Protection Regulation (Regulation (EU) 2016/679) and security assurance are currently two major challenges of Cloud-based systems. GDPR compliance implies both privacy and security mechanisms definition, enforcement and control, including evidence collection. This paper presents a novel DevOps framework aimed at supporting Cloud consumers in designing, deploying and operating (multi)Cloud systems that include the necessary privacy and security controls for ensuring transparency to end-users, third parties in service provision (if any) and law enforcement authorities. The framework relies on the risk-driven specification at design time of privacy and security level objectives in the system Service Level Agreement (SLA) and in their continuous monitoring and enforcement at runtime.Item Smart Grid Challenges Through the Lens of the European General Data Protection Regulation(Springer, 2020) Martinez, Jabier; Ruiz, Alejandra; Puelles, Javier; Arechalde, Ibon; Miadzvetskaya, Yuliya; Siarheyeva, Alena; Barry, Chris; Lang, Michael; Linger, Henry; Schneider, Christoph; SWT; Quantum; DIG_LIF_SKI; Tecnalia Research & InnovationThe General Data Protection Regulation (GDPR) was conceived to remove the obstacles to the free movement of personal data while ensuring the protection of natural persons with regard to the processing of such data. The Smart Grid has similar features as any privacy-critical system but, in comparison to the engineering of other architectures, has the peculiarity of being the source of energy consumption data. Electricity consumption constitutes an indirect means to infer personal information. This work looks at the Smart Grid from the perspective of the GDPR, which is especially relevant now given the current growth and diversification of the Smart Grid ecosystem. We provide a review of existing works highlighting the importance of energy consumption as valuable personal data as well as an analysis of the established Smart Grid Architecture Model and its main challenges from a legal viewpoint, in particular the challenge of sharing data with third parties.