Search results for: Consumer Privacy and Protection Law

Authors: Chien-Wen Chen, Nguyen Duong Thuy Trang, Yu-Hsuan Chang

Abstract:

With the development of information technology, social networking sites are inseparable from life and have become an important way for people to communicate. Nonetheless, privacy issues are raised by the presence of personal information on social networking sites. However, users can benefit from using the functions of social networking sites, which also leads to users worrying about the leakage of personal information without corresponding privacy protection behaviors, which is called the privacy paradox. However, previous studies have questioned the viewpoint of the privacy paradox, believing that users are not so naive and that people with privacy concerns will conduct privacy management. Consequently, this study is based on the view of privacy calculation perspective to investigate the privacy behavior of users on social networking sites. Among them, social benefits and privacy concerns are taken as the expected benefits and costs in the viewpoint of privacy calculation. At the same time, this study also explores the antecedents, including positive feedback, self-presentation, privacy policy, and information sensitivity, and the consequence of privacy behavior of weighing benefits and costs, including self-disclosure and three privacy management strategies by interpersonal boundaries (Preventive, Censorship, and Corrective). The survey respondents' characteristics and prior use experience of social networking sites were analyzed. As a consequence, a survey of 596 social network users was conducted online to validate the research framework. The results show that social benefit has the greatest influence on privacy behavior. The most important external factors affecting privacy behavior are positive feedback, followed by the privacy policy and information sensitivity. In addition, the important findings of this study are that social benefits will positively affect privacy management. It shows that users can get satisfaction from interacting with others through social networking sites. They will not only disclose themselves but also manage their privacy on social networking sites after considering social benefits and privacy management on social networking sites, and it expands the adoption of the Privacy Calculus Perspective framework from prior research. Therefore, it is suggested that as the functions of social networking sites increase and the development of social networking sites, users' needs should be understood and updated in order to ensure the sustainable operation of social networking.

Keywords: privacy calculus perspective, self-disclosure, privacy management, social benefit, privacy concern

Procedia PDF Downloads 68

Authors: M. Naidoo

Abstract:

Artificial intelligence often requires large amounts of good quality data. Within important fields, such as healthcare, the training of AI systems predominately relies on health and personal data; however, the usage of this data is complicated by various layers of law and ethics that seek to protect individuals’ privacy rights. This research seeks to establish the challenges AI and data sciences pose to (i) informational rights, (ii) privacy rights, and (iii) data protection. To solve some of the issues presented, various methods are suggested, such as embedding values in technological development, proper balancing of rights and interests, and others.

Keywords: artificial intelligence, data science, law, policy

Procedia PDF Downloads 93

Authors: Wajdan Al Malwi, Karen Renaud, Lewis Mackenzie

Abstract:

The privacy paradox describes a phenomenon whereby there is no connection between stated privacy concerns and privacy behaviours. We need to understand the underlying reasons for this paradox if we are to help users to preserve their privacy more effectively. In particular, the Social Networking System (SNS) domain offers a rich area of investigation due to the risks of unwise information disclosure decisions. Our study thus aims to untangle the complicated nature and underlying mechanisms of online privacy-related decisions in SNSs. In this paper, we report on the findings of a Systematic Literature Review (SLR) that revealed a number of factors that are likely to influence online privacy decisions. Our deductive analysis approach was informed by Communicative Privacy Management (CPM) theory. We uncovered a lack of clarity around privacy attitudes and their link to behaviours, which makes it challenging to design privacy-protecting SNS platforms and to craft legislation to ensure that users’ privacy is preserved.

Keywords: privacy paradox, self-disclosure, privacy attitude, privacy behavior, social networking sites

Procedia PDF Downloads 138

Authors: Feng Tao, Ma Jing, Guo Xian, Wang Jing

Abstract:

Named Data Networking (NDN) replaces IP address of traditional network with data name, and adopts dynamic cache mechanism. In the existing mechanism, however, only one-to-one search can be achieved because every data has a unique name corresponding to it. There is a certain mapping relationship between data content and data name, so if the data name is intercepted by an adversary, the privacy of the data content and user’s interest can hardly be guaranteed. In order to solve this problem, this paper proposes a one-to-many fuzzy search scheme based on order-preserving encryption to reduce the query overhead by optimizing the caching strategy. In this scheme, we use hash value to ensure the user’s query safe from each node in the process of search, so does the privacy of the requiring data content.

Keywords: NDN, order-preserving encryption, fuzzy search, privacy

Procedia PDF Downloads 468

Authors: Tao Feng, Fei Xing, Ye Lu, Jun Li Fang

Abstract:

NDN is a kind of future Internet architecture. Due to the NDN design introduces four privacy challenges,Many research institutions began to care about the privacy issues of naming data network(NDN).In this paper, we are in view of the major NDN’s privacy issues to investigate privacy protection,then put forwards more effectively anonymous transfer policy for NDN.Firstly,based on mutual anonymity communication for MP2P networks,we propose NDN mutual anonymity protocol.Secondly,we add interest package authentication mechanism in the protocol and encrypt the coding coefficient, security of this protocol is improved by this way.Finally, we proof the proposed anonymous transfer protocol security and anonymity.

Keywords: NDN, mutual anonymity, anonymous routing, network coding, authentication mechanism

Procedia PDF Downloads 434

Authors: Henry Foulds, Magda Huisman, Gunther R. Drevin

Abstract:

Privacy is regarded as a fundamental human right and it is clear that the study of digital privacy is an important field. Digital privacy is influenced by new and constantly evolving technologies and this continuous change makes it hard to create legislation to protect people’s privacy from being exploited by misuse of these technologies.

This study aims to benefit digital privacy legislation efforts by evaluating the awareness and perceived importance of digital privacy legislation among computer science students. The chosen fixed variables for the population are study year and gamer classification.

The use of location based services in mobile applications and games are a concern for digital privacy. For this reason the study focused on computer science students as they have a high likelihood to use and develop this type of software. Surveys were used to evaluate awareness and perceived importance of digital privacy legislation.

The results of the study show that privacy legislation and awareness of privacy legislation are important to people. The perception of the importance of privacy legislation increases with academic experience. Awareness of privacy legislation increases from non-gamers to pro gamers. 

Keywords: digital privacy, legislation awareness, gaming, privacy legislation

Procedia PDF Downloads 341

Authors: Ebtehal Aljedaani, Maha Aljohani

Abstract:

Privacy and security patterns are both important for developing software that protects users' data and privacy. Privacy patterns are designed to address common privacy problems, such as unauthorized data collection and disclosure. Security patterns are designed to protect software from attack and ensure reliability and trustworthiness. Using privacy and security patterns, software engineers can implement security and privacy by design principles, which means that security and privacy are considered throughout the software development process. These patterns are available to translate "security & privacy-by-design" into practical advice for software engineering. Previous research on privacy and security patterns has typically focused on one category of patterns at a time. This paper aims to bridge this gap by merging the two categories and identifying their similarities and differences. To do this, the authors conducted a systematic literature review of 25 research papers on privacy and security patterns. The papers were analysed based on the category of the pattern, the classification of the pattern, and the security requirements that the pattern addresses. This paper presents the results of a comprehensive review of privacy and security design patterns. The review is intended to help future IT designers understand the relationship between the two types of patterns and how to use them to design secure and privacy-preserving software. The paper provides a clear classification of privacy and security design patterns, along with examples of each type. The authors found that there is only one widely accepted classification of privacy design patterns, while there are several competing classifications of security design patterns. Three types of security design patterns were found to be the most commonly used.

Keywords: design patterns, security, privacy, classification of patterns, security patterns, privacy patterns

Procedia PDF Downloads 108

Authors: Jumana Majdi Qutub

Abstract:

Rationale: Cloud computing has rapidly developed the past few years. Because of the importance of providing protection for personal data used in cloud computing, the role of data protection in promoting trust and confidence in users’ data has become an important policy priority. This research examines key regulatory challenges rose by the growing use and importance of cloud computing with focusing on protection of individuals personal data. Methodology: Describing and analyzing governance challenges facing policymakers and industry in Saudi Arabia, with an account of anticipated governance responses. The aim of the research is to describe and define the regulatory challenges on cloud computing for policy making in Saudi Arabia and comparing it with potential complied issues rose in respect of transported data to EU member state. In addition, it discusses information privacy issues. Finally, the research proposes policy recommendation that would resolve concerns surrounds the privacy and effectiveness of clouds computing frameworks for data protection. Results: There are still no clear regulation in Saudi Arabia specialized in legalizing cloud computing and specialty regulations in transferring data internationally and locally. Decision makers need to review the applicable law in Saudi Arabia that protect information in cloud computing. This should be from an international and a local view in order to identify all requirements surrounding this area. It is important to educate cloud computing users about their information value and rights before putting it in the cloud to avoid further legal complications, such as making an educational program to prevent giving personal information to a bank employee. Therefore, with many kinds of cloud computing services, it is important to have it covered by the law in all aspects.

Keywords: cloud computing, cyber crime, data protection, privacy

Procedia PDF Downloads 244

Authors: Veniamin Boiarkin, Bruno Bogaz Zarpelão, Muttukrishnan Rajarajan

Abstract:

The manufacturing sector is a vital component of most economies, which leads to a large number of cyberattacks on organisations, whereas disruption in operation may lead to significant economic consequences. Adversaries aim to disrupt the production processes of manufacturing companies, gain financial advantages, and steal intellectual property by getting unauthorised access to sensitive data. Access to sensitive data helps organisations to enhance the production and management processes. However, the majority of the existing data-sharing mechanisms are either susceptible to different cyber attacks or heavy in terms of computation overhead. In this paper, a privacy-preserving data-sharing scheme for smart utilities is proposed. First, a customer’s privacy adjustment mechanism is proposed to make sure that end-users have control over their privacy, which is required by the latest government regulations, such as the General Data Protection Regulation. Secondly, a local differential privacy-based mechanism is proposed to ensure the privacy of the end-users by hiding real data based on the end-user preferences. The proposed scheme may be applied to different industrial control systems, whereas in this study, it is validated for energy utility use cases consisting of smart, intelligent devices. The results show that the proposed scheme may guarantee the required level of privacy with an expected relative error in utility.

Keywords: data-sharing, local differential privacy, manufacturing, privacy-preserving mechanism, smart utility

Procedia PDF Downloads 59

Authors: Achutha Raman

Abstract:

Today's brave new world features a bonanza of digitally interconnected products, or ‘things,’ that improve convenience, possibilities, and in some cases efficiency for consumers. Nonetheless, even as the market accelerates, this Internet of ‘things’ is subject to substantial leakage of consumer personal data. First defining the fluid concept of ‘things,’ this paper subsequently uses case studies taken from the EU, Asia, and the US, to highlight large gaps and comprehensively evaluate the state of security for consumer ‘things.’ Ultimately, this paper offers several ways of improving the present status quo, and especially focuses on an evaluative approach that augments the standard mechanism of Firmware Over the Air Updates, and ought to be easily implementable.

Keywords: cybersecurity, FOTA, Internet of Things, transnational privacy

Procedia PDF Downloads 202

Authors: Mohammed Nadir Djedid, Abdallah Chouarfia

Abstract:

Transparency of the system and its integration into the natural environment of the user are some of the important features of pervasive computing. But these characteristics that are considered as the strongest points of pervasive systems are also their weak points in terms of the user’s privacy. The privacy in pervasive systems involves more than the confidentiality of communications and concealing the identity of virtual users. The physical presence and behavior of the user in the pervasive space cannot be completely hidden and can reveal the secret of his/her identity and affect his/her privacy. This paper shows that the application of major techniques for protecting the user’s privacy still insufficient. A new solution named Shadow Protocol is proposed, which allows the users to authenticate and interact with the surrounding devices within an ubiquitous computing environment while preserving their privacy.

Keywords: pervasive systems, identification, authentication, privacy

Procedia PDF Downloads 458

Authors: Nasim Karami Mal Amiri, Farhad Razm Azma

Abstract:

Parts of consumer involvement in regards to one product are related to advertisement strategies. Different consumer involvement has different answers to the effectiveness of advertisement. This study has divided the market considering the characteristics and relationship between consumer involvement and the effectiveness of advertisement. The results of this study show consumer involvement which does affect parts of marketing. A positive and direct relationship among consumer involvement and the eventual effectiveness of advertisement has been shown. A great amount of consumer involvement is directly related to advertisement effectiveness. Therefore, consumer involvement is a critical factor in advertisement strategies.

Keywords: consumer involvement, advertisement effectiveness, strategy, effective marketing

Procedia PDF Downloads 435

Authors: Andrzej Poszewiecki

Abstract:

The presented paper contributes to the experimental current of research on privacy. The question of privacy is being discussed at length at present, primarily among lawyers and politicians. However, the matter of privacy has been of interest for economists for some time as well. The valuation of privacy by people is of great importance now. This article is about how people valuate their privacy. An experimental method has been utilised in the conducted research – the survey was carried out among customers of an online store, and the studied issue was whether their readiness to sell their data (WTA) was different from the willingness to buy data back (WTP). The basic aim of this article is to analyse whether people shopping on the Internet differentiate their privacy depending on whether they protect or sell it. The achieved results indicate the presence of major differences in this respect, which do not always come up with the original expectations. The obtained results have supported the hypothesis that people are more willing to sell their data than to repurchase them. However, the hypothesis that the value of proposed remuneration affects the willingness to sell/buy back personal data (one’s privacy) has not been supported.

Keywords: privacy, experimental economics, behavioural economics, internet

Procedia PDF Downloads 273

Authors: Pantaleon Lutta, Mohamed Sedky, Mohamed Hassan

Abstract:

The inability of organizations to put in place management control measures for Internet of Things (IoT) complexities persists to be a risk concern. Policy makers have been left to scamper in finding measures to combat these security and privacy concerns. IoT forensics is a cumbersome process as there is no standardization of the IoT products, no or limited historical data are stored on the devices. This paper highlights why IoT forensics is a unique adventure and brought out the legal challenges encountered in the investigation process. A quadrant model is presented to study the conflicting aspects in IoT forensics. The model analyses the effectiveness of forensic investigation process versus the admissibility of the evidence integrity; taking into account the user privacy and the providers’ compliance with the laws and regulations. Our analysis concludes that a semi-automated forensic process using machine learning, could eliminate the human factor from the profiling and surveillance processes, and hence resolves the issues of data protection (privacy and confidentiality).

Keywords: cloud forensics, data protection Laws, GDPR, IoT forensics, machine Learning

Procedia PDF Downloads 136

Authors: Yunyong Guo, Man Wang, Bryan Guo, Nathan Guo

Abstract:

This paper introduces an advanced security and privacy model tailored for Telehealth systems, emphasizing end-to-end protection across IoT, Fog, and Cloud components. The proposed model integrates encryption, key management, intrusion detection, and privacy-preserving measures to safeguard patient data. A comprehensive simulation study evaluates the model's effectiveness in scenarios such as unauthorized access, physical breaches, and insider threats. Results indicate notable success in detecting and mitigating threats yet underscore areas for refinement. The study contributes insights into the intricate balance between security and usability in Telehealth environments, setting the stage for continued advancements.

Keywords: cloud, enhancing security, fog, IoT, telehealth

Procedia PDF Downloads 54

Authors: Jacolien Barnard, Corlia Van Heerden

Abstract:

Effective and accessible consensual dispute resolution and in particular alternative dispute resolution, are central to consumer protection legislation. In this regard, the Consumer Protection Act 68 of 2008 (CPA) of South Africa is no exception. Due to the nature of consumer disputes, alternative dispute resolution (in theory) is an effective vehicle for the adjudication of disputes in a timely manner avoiding overburdening of the courts. The CPA sets down as one of its core purposes the provision of ‘an accessible, consistent, harmonized, effective and efficient system of redress for consumers’ (section 3(1)(h) of the CPA). Section 69 of the Act provides for the enforcement of consumer rights and provides for the National Consumer Commission to be the Central Authority which streamlines, adjudicates and channels disputes to the appropriate forums which include Alternative Dispute Resolution Agents (ADR-agents). The purpose of this paper is to analyze the regulation of these enforcement and redress mechanisms with particular focus on the Central Authority as well as the ADR-agents and their crucial role in successful and efficient adjudication of disputes in South Africa. The South African position will be discussed comparatively with the European Union (EU) position. In this regard, the European Union (EU) Directive on Alternative Dispute Resolution for Consumer Disputes (2013/11/EU) will be discussed (The ADR Directive). The aim of the ADR Directive is to solve contractual disputes between consumers and traders (suppliers or businesses) regardless of whether the agreement was concluded offline or online or whether or not the trader is situated in another member state (Recitals 4-6). The ADR Directive provides for a set of quality requirements that an ADR body or entity tasked with resolving consumer disputes should adhere to in member states which include regulatory mechanisms for control. Transparency, effectiveness, fairness, liberty and legality are all requirements for a successful ADR body and discussed within this chapter III of the Directive. Chapters III and IV govern the importance of information and co-operation. This includes information between ADR bodies and the European Commission (EC) but also between ADR bodies or entities and national authorities enforcing legal acts on consumer protection and traders. (In South Africa the National Consumer Tribunal, Provincial Consumer Protectors and Industry ombuds come to mind). All of which have a responsibility to keep consumers informed. Ultimately the papers aims to provide recommendations as to the successfulness of the current South African position in light of the comparative position in Europe and the highlight the importance of proper regulation of these redress and enforcement institutions.

Keywords: alternative dispute resolution, consumer protection law, enforcement, redress

Procedia PDF Downloads 209

Authors: Chun-Shien Lu

Abstract:

Privacy-preserving query has recently received considerable attention in the signal processing and multimedia community. It is also a critical step in wireless sensor network for retrieval of sensitive data. The purposes of privacy-preserving query in both the areas of signal processing and sensor network are the same, but the similarity and difference of the adopted technologies are not fully explored. In this paper, we first review the recently developed methods of privacy-preserving query, and then describe in a comprehensive manner what we can learn from the mutual of both areas.

Keywords: encryption, privacy-preserving, search, security

Procedia PDF Downloads 242

Authors: Jojo Y. C. Mo

Abstract:

Memories are good. They remind us of people, places and experiences that we cherish. But memories cannot be changed and there may well be memories that we do not want to remember. This is particularly true in relation to information which causes us embarrassment and humiliation or simply because it is private – we all want to erase or delete such information. This desire to delete is recently recognised by the Court of Justice of the European Union in the 2014 case of Google Spain SL, Google Inc. v Agencia Española de Protección de Datos, Mario Costeja González in which the court ordered Google to remove links to some information about the complainant which he wished to be removed. This so-called ‘right to be forgotten’ received serious attention and significantly, the European Council and the European Parliament enacted the General Data Protection Regulation (GDPR) to provide a more structured and normative framework for implementation of right to be forgotten across the EU. This development in data protection laws will, undoubtedly, have significant impact on companies and co-operations not just within the EU but outside as well. Hong Kong, being one of the world’s leading financial and commercial center as well as one of the first jurisdictions in Asia to implement a comprehensive piece of data protection legislation, is therefore a jurisdiction that is worth looking into. This article/project aims to investigate the following: a) whether there is a right to be forgotten under the existing Hong Kong data protection legislation b) if not, whether such a provision is necessary and why. This article utilises a comparative methodology based on a study of primary and secondary resources, including scholarly articles, government and law commission reports and working papers and relevant international treaties, constitutional documents, case law and legislation. The author will primarily engage literature and case-law review as well as comparative and doctrinal analyses. The completion of this article will provide privacy researchers with more concrete principles and data to conduct further research on privacy and data protection in Hong Kong and internationally and will provide a basis for policy makers in assessing the rationale and need for a right to be forgotten in Hong Kong.

Keywords: privacy, right to be forgotten, data protection, Hong Kong

Procedia PDF Downloads 171

Authors: Anushtha Saxena

Abstract:

This paper examines the process of data monetisation bye-commerce companies operating in India. Data monetisation is collecting, storing, and analysing consumers’ data to use further the data that is generated for profits, revenue, etc. Data monetisation enables e-commerce companies to get better businesses opportunities, innovative products and services, a competitive edge over others to the consumers, and generate millions of revenues. This paper analyses the issues and challenges that are faced due to the process of data monetisation. Some of the issues highlighted in the paper pertain to the right to privacy, protection of data of e-commerce consumers. At the same time, data monetisation cannot be prohibited, but it can be regulated and monitored by stringent laws and regulations. The right to privacy isa fundamental right guaranteed to the citizens of India through Article 21 of The Constitution of India. The Supreme Court of India recognized the Right to Privacy as a fundamental right in the landmark judgment of Justice K.S. Puttaswamy (Retd) and Another v. Union of India . This paper highlights the legal issue of how e-commerce businesses violate individuals’ right to privacy by using the data collected, stored by them for economic gains and monetisation and protection of data. The researcher has mainly focused on e-commerce companies like online shopping websitesto analyse the legal issue of data monetisation. In the Internet of Things and the digital age, people have shifted to online shopping as it is convenient, easy, flexible, comfortable, time-consuming, etc. But at the same time, the e-commerce companies store the data of their consumers and use it by selling to the third party or generating more data from the data stored with them. This violatesindividuals’ right to privacy because the consumers do not know anything while giving their data online. Many times, data is collected without the consent of individuals also. Data can be structured, unstructured, etc., that is used by analytics to monetise. The Indian legislation like The Information Technology Act, 2000, etc., does not effectively protect the e-consumers concerning their data and how it is used by e-commerce businesses to monetise and generate revenues from that data. The paper also examines the draft Data Protection Bill, 2021, pending in the Parliament of India, and how this Bill can make a huge impact on data monetisation. This paper also aims to study the European Union General Data Protection Regulation and how this legislation can be helpful in the Indian scenarioconcerning e-commerce businesses with respect to data monetisation.

Keywords: data monetization, e-commerce companies, regulatory framework, GDPR

Procedia PDF Downloads 102

Authors: Ying Ying Liu, Austin Cooke, Parimala Thulasiraman

Abstract:

Internet of Things (IoT) has attracted a recent spark in research on Internet of Vehicles (IoV). In this paper, we focus on one research area in IoV: preserving location privacy of vehicle data. We discuss existing location privacy preserving techniques and provide a scheme for evaluating these techniques under IoV traffic condition. We propose a different strategy in applying Differential Privacy using k-d tree data structure to preserve location privacy and experiment on real world Gowalla data set. We show that our strategy produces differentially private data, good preservation of utility by achieving similar regression accuracy to the original dataset on an LSTM (Long Term Short Term Memory) neural network traffic predictor.

Keywords: differential privacy, internet of things, internet of vehicles, location privacy, privacy preservation scheme

Procedia PDF Downloads 164

Authors: Veli Durmus, Mert Uydaci

Abstract:

Every patient who needs to get a medical treatment should share health-related personal data with healthcare providers. Therefore, personal health data plays an important role to make health decisions and identify health threats during every encounter between a patient and caregivers. In other words, health data can be defined as privacy and sensitive information which is protected by various health laws and regulations. In many cases, the data are an outcome of the confidential relationship between patients and their healthcare providers. Globally, almost all nations have own laws, regulations or rules in order to protect personal data. There is a variety of instruments that allow authorities to use the health data or to set the barriers data sharing across international borders. For instance, Directive 95/46/EC of the European Union (EU) (also known as EU Data Protection Directive) establishes harmonized rules in European borders. In addition, the General Data Protection Regulation (GDPR) will set further common principles in 2018. Because of close policy relationship with EU, this study provides not only information on regulations, directives but also how they play a role during the legislative process in Turkey. Even if the decision is controversial, the Board has recently stated that private or public healthcare institutions are responsible for the patient call system, for doctors to call people waiting outside a consultation room, to prevent unlawful processing of personal data and unlawful access to personal data during the treatment. In Turkey, vast majority private and public health organizations provide a service that ensures personal data (i.e. patient’s name and ID number) to call the patient. According to the Board’s decision, hospital or other healthcare institutions are obliged to take all necessary administrative precautions and provide technical support to protect patient privacy. However, this application does not effectively and efficiently performing in most health services. For this reason, it is important to draw a legal framework of personal health data by stating what is the main purpose of this regulation and how to deal with complicated issues on personal health data in Turkey. The research is descriptive on data protection law for health care setting in Turkey. Primary as well as secondary data has been used for the study. The primary data includes the information collected under current national and international regulations or law. Secondary data include publications, books, journals, empirical legal studies. Consequently, privacy and data protection regimes in health law show there are some obligations, principles and procedures which shall be binding upon natural or legal persons who process health-related personal data. A comparative approach presents there are significant differences in some EU member states due to different legal competencies, policies, and cultural factors. This selected study provides theoretical and practitioner implications by highlighting the need to illustrate the relationship between privacy and confidentiality in Personal Data Protection in Health Law. Furthermore, this paper would help to define the legal framework for the health law case studies on data protection and privacy.

Keywords: data protection, personal data, privacy, healthcare, health law

Procedia PDF Downloads 199

Authors: Maha Shamseddine, Amjad Nusayr, Wassim Itani

Abstract:

In this paper, we present a Platform-as-a-Service (PaaS) model for controlling the privacy enforcement mechanisms applied on user data when stored and processed in Cloud data centers. The proposed architecture consists of establishing user configurable ‘sticky’ policies on the Graphical User Interface (GUI) data-bound components during the application development phase to specify the details of privacy enforcement on the contents of these components. Various privacy classification classes on the data components are formally defined to give the user full control on the degree and scope of privacy enforcement including the type of execution containers to process the data in the Cloud. This not only enhances the privacy-awareness of the developed Cloud services, but also results in major savings in performance and energy efficiency due to the fact that the privacy mechanisms are solely applied on sensitive data units and not on all the user content. The proposed design is implemented in a real PaaS cloud computing environment on the Microsoft Azure platform.

Keywords: privacy enforcement, platform-as-a-service privacy awareness, cloud computing privacy

Procedia PDF Downloads 207

Authors: Aria Teimourzadeh, Marc Favier, Samaneh Kakavand

Abstract:

The emergence of social networks has revolutionized the exchange of information. Every behavior on these platforms contributes to the generation of data known as social network data that are processed, stored and published by the social network service providers. Hence, it is vital to investigate the role of these platforms in user data by considering the privacy measures, especially when we observe the increased number of individuals and organizations engaging with the current virtual platforms without being aware that the data related to their positioning, connections and behavior is uncovered and used by third parties. Performing analytics on social network datasets may result in the disclosure of confidential information about the individuals or organizations which are the members of these virtual environments. Analyzing separate datasets can reveal private information about relationships, interests and more, especially when the datasets are analyzed jointly. Intentional breaches of privacy is the result of such analysis. Addressing these privacy concerns requires an understanding of the nature of data being accumulated and relevant data privacy regulations, as well as motivations for disclosure of personal information on social network platforms. Some significant points about how user's online information is controlled by the influence of social factors and to what extent the users are concerned about future use of their personal information by the organizations, are highlighted in this paper. Firstly, this research presents a short literature review about the structure of a network and concept of privacy in Online Social Networks. Secondly, the factors of user behavior related to privacy protection and self-disclosure on these virtual communities are presented. In other words, we seek to demonstrates the impact of identified variables on user information disclosure that could be taken into account to explain the privacy preservation of individuals on social networking platforms. Thirdly, a few research directions are discussed to address this topic for new researchers.

Keywords: information disclosure, privacy measures, privacy preservation, social network analysis, user experience

Procedia PDF Downloads 267

Authors: Aslihan Coban

Abstract:

As a result of the rapid development of information communication technology, especially the internet, consumers have become an active party in commerce and in law. Consequently, the protection of consumers in cross-border contracts has become increasingly important. This paper is confined to the international jurisdiction of courts over disputes arising from electronic consumer contracts according to the ‘5718 Turkish Act on Private International Law and Civil Procedure’ and the ‘1215/2012 Council Regulation On Jurisdiction and The Recognition and Enforcement Of Judgments In Civil and Commercial Matters’ (Hereafter ‘Brussels I Regulation’). The international jurisdiction of courts for consumer contracts is recognized under both acts above-mentioned; however, there exist some differences between the said legal regulations. Firstly, while there is a specific provision for electronic consumer contracts in Brussels I Regulation, there is no specific provision in the Turkish Act. Secondly, under the Turkish Act, habitual residence, domicile, and workplace of the other party who is not a consumer are all accepted as jurisdiction elements; while domicile is the only jurisdiction element in Brussels I Regulation. Thirdly, the ability to make jurisdiction agreements in disputes arising from electronic consumer contracts is a controversial issue under the Turkish Act while it is explicitly regulated under Brussels I Regulation that such jurisdiction agreements can be concluded by complying with certain conditions.

Keywords: Brussels I Regulation, electronic consumer contracts, jurisdiction, jurisdiction agreement

Procedia PDF Downloads 144

Authors: Noelia Collado-Rodriguez

Abstract:

The Mortgage Credit Directive 2014/17/UE should have been transposed the 21st of March of 2016. However, in Spain not only we did not meet the deadline, but currently we just have a preliminary draft of the so-called Mortgage Credit Act. Before we analyze the preliminary draft from the standpoint of the responsible lending principle, we should point out that this preliminary draft is not a consumer law statute. Through the text of the preliminary draft we cannot see any reference to the consumer, but we see references to the borrower. Furthermore, and more important, the application of this statute would not be, according to its text, circumscribed to borrowers who address the credit to a personal purpose. Instead, it seems that the preliminary draft aims to be one more of the rules of banking transparency that already exists in the Spanish legislation. In this sense, we can also mention that the sanctions contained in the preliminary draft are referred to these laws of banking ordination and oversight – where the rules of banking transparency belong –. This might be against the spirit of the Mortgage Credit Directive, which allows the extension of its scope to credits aimed to acquire other immovable property beyond the residential one. However, the borrower has to be a consumer accordingly with the Directive. It is quite relevant that the prospective Spanish Mortgage Credit Act might not be a consumer protection statute; specially, from the perspective of the responsible lending principle. The responsible lending principle is a consumer law principle, which is based on the structural weakness of the consumer’s position in the relationship with the creditor. Therefore, it cannot surprise that the Spanish preliminary draft does not state any of the pre contractual conducts that express the responsible lending principle. We are referring to the lender’s duty to provide adequate explanations; the consumer’s suitability test; the lender’s duty to assess consumer’s creditworthiness; the consultation of databases to perform the creditworthiness assessment; and the most important, the lender’s prohibition to grant credit in case of a negative creditworthiness assessment. The preliminary draft just entitles the Economy Ministry to enact provisions related to those topics. Thus, the duties and rules derived from the responsible lending principle included in the EU Directive will not have legal character in Spain, being mere administrative regulations. To conclude, the two main questions that come up after reading the Spanish Mortgage Credit Act preliminary draft are, in the first place, what kind of consequences might arise from the Mortgage Credit Act if finally it is not a consumer law statute. And in the second place, what might be the consequences for the responsible lending principle of being developed by administrative regulations instead of by legislation.

Keywords: consumer credit, consumer protection, creditworthiness assessment, responsible lending

Procedia PDF Downloads 278

Authors: Mikel Alonso López

Abstract:

In order to begin the process of studying the task of making consumer decisions, the main decision models must be analyzed. The objective of this task is to see if there is a presence of emotions in those models, and analyze how authors that have created them consider their impact in consumer choices. In this paper, the most important models of consumer behavior are analysed. This review is useful to consider an unproblematic background knowledge in the literature. The order that has been established for this study is chronological.

Keywords: consumer behaviour, emotions, decision making, consumer psychology

Procedia PDF Downloads 431

Authors: Seyedeh Sajedeh Salehi

Abstract:

The Regulation No. 1215/2012/EC also known as the Brussels I Regulation (Recast) deals with jurisdictional disputes in civil and commercial matters. The main aim of the Recast (as in-line with its predecessor Regulation) is to bring a reform in procuring more simplified and faster circulation of civil and commercial judgments within the EU. Hence it is significant to take a closer look at the function of this regulatory tool. Therefore, the main objective of this paper is to analyze a clear understanding of the post-Recast situation on e-commerce relevant jurisdictional matters. The e-consumer protection and the choice-of-court agreements along with the position of the Court of Justice of the European Union in its decisions within the Recast Regulation will be also taken into consideration throughout this paper.

Keywords: choice-of-court agreements, consumer protection, e-commerce, jurisdiction, Recast Brussels I Regulation

Procedia PDF Downloads 291

Authors: Tim Nedyalkov

Abstract:

A business decision to move to the cloud brings fundamental changes in how an organization develops and delivers its Information Technology solutions. The accelerated pace of digital transformation across businesses and government agencies increases the reliance on cloud-based services. They are collecting, managing, and retaining large amounts of data in cloud environments makes information security and data privacy protection essential. It becomes even more important to understand what key factors drive successful cloud adoption following the commencement of the Privacy Amendment Notifiable Data Breaches (NDB) Act 2017 in Australia as the regulatory changes impact many organizations and industries. This quantitative correlational research investigated the governance, risk management, and compliance factors contributing to cloud security success. The factors influence the adoption of cloud computing within an organizational context after the commencement of the NDB scheme. The results and findings demonstrated that corporate information security policies, data storage location, management understanding of data governance responsibilities, and regular compliance assessments are the factors influencing cloud computing adoption. The research has implications for organizations, future researchers, practitioners, policymakers, and cloud computing providers to meet the rapidly changing regulatory and compliance requirements.

Keywords: cloud compliance, cloud security, data governance, privacy protection

Procedia PDF Downloads 103

Authors: H. Parveen Begam, M. A. Maluk Mohamed

Abstract:

Grid computing is an environment that allows sharing and coordinated use of diverse resources in dynamic, heterogeneous and distributed environment using Virtual Organization (VO). Security is a critical issue due to the open nature of the wireless channels in the grid computing which requires three fundamental services: authentication, authorization, and encryption. The privacy and anonymity are considered as an important factor while communicating over publicly spanned network like web. To ensure a high level of security we explored an extension of onion routing, which has been used with dynamic token exchange along with protection of privacy and anonymity of individual identity. To improve the performance of encrypting the layers, the elliptic curve cryptography is used. Compared to traditional cryptosystems like RSA (Rivest-Shamir-Adelman), ECC (Elliptic Curve Cryptosystem) offers equivalent security with smaller key sizes which result in faster computations, lower power consumption, as well as memory and bandwidth savings. This paper presents the estimation of the performance improvements of onion routing using ECC as well as the comparison graph between performance level of RSA and ECC.

Keywords: grid computing, privacy, anonymity, onion routing, ECC, RSA

Procedia PDF Downloads 384

Authors: Bilquis Ferdousi

Abstract:

With the exponential growth of the online business, the threat to consumers’ privacy and data security has become a serious challenge. This literature review-based study focuses on a better understanding of those threats and what legislative measures have been taken to address those challenges. Research shows that people are increasingly involved in online business using different digital devices and platforms, although this practice varies based on age groups. The threat to consumers’ privacy and data security is a serious hindrance in developing trust among consumers in online businesses. There are some legislative measures taken at the federal and state level to protect consumers’ privacy and data security. The study was based on an extensive review of current literature on protecting consumers’ privacy and data security and legislative measures that have been taken.

Keywords: privacy, data security, legislation, online business

Procedia PDF Downloads 87