Search results for: Privacy and Data Protection Law

Authors: Mohammed Nadir Djedid, Abdallah Chouarfia

Abstract:

Transparency of the system and its integration into the natural environment of the user are some of the important features of pervasive computing. But these characteristics that are considered as the strongest points of pervasive systems are also their weak points in terms of the user’s privacy. The privacy in pervasive systems involves more than the confidentiality of communications and concealing the identity of virtual users. The physical presence and behavior of the user in the pervasive space cannot be completely hidden and can reveal the secret of his/her identity and affect his/her privacy. This paper shows that the application of major techniques for protecting the user’s privacy still insufficient. A new solution named Shadow Protocol is proposed, which allows the users to authenticate and interact with the surrounding devices within an ubiquitous computing environment while preserving their privacy.

Keywords: pervasive systems, identification, authentication, privacy

Procedia PDF Downloads 458

Authors: Isabell Koinig, Sandra Diehl

Abstract:

In recent years, the health-care context has not been left unaffected by technological developments. In recent years, the Internet of Medical Things (IoMT)has not only led to a collaboration between disease management and advanced care coordination but also to more personalized health care and patient empowerment. With more than 40 % of all health technology being IoMT-related by 2020, questions regarding privacy become more prevalent, even more so during COVID-19when apps allowing for an intensive tracking of people’s whereabouts and their personal contacts cause privacy advocates to protest and revolt. There is a widespread tendency that even though users may express concerns and fears about their privacy, they behave in a manner that appears to contradict their statements by disclosing personal data. In literature, this phenomenon is discussed as a privacy paradox. While there are some studies investigating the privacy paradox in general, there is only scarce research related to the privacy paradox in the health sector and, to the authors’ knowledge, no empirical study investigating young people’s attitudes toward data security when using wearables and health apps. The empirical study presented in this paper tries to reduce this research gap by focusing on the area of digital and mobile health. It sets out to investigate the degree of importance individuals attribute to protecting their privacy and individual privacy protection strategies. Moreover, the question to which degree individuals between the ages of 20 and 30 years are willing to grant commercial parties access to their private data to use digital health services and apps are put to the test. To answer this research question, results from 6 focus groups with 40 participants will be presented. The focus was put on this age segment that has grown up in a digitally immersed environment. Moreover, it is particularly the young generation who is not only interested in health and fitness but also already uses health-supporting apps or gadgets. Approximately one-third of the study participants were students. Subjects were recruited in August and September 2019 by two trained researchers via email and were offered an incentive for their participation. Overall, results indicate that the young generation is well informed about the growing data collection and is quite critical of it; moreover, they possess knowledge of the potential side effects associated with this data collection. Most respondents indicated to cautiously handle their data and consider privacy as highly relevant, utilizing a number of protective strategies to ensure the confidentiality of their information. Their willingness to share information in exchange for services was only moderately pronounced, particularly in the health context, since health data was seen as valuable and sensitive. The majority of respondents indicated to rather miss out on using digital and mobile health offerings in order to maintain their privacy. While this behavior might be an unintended consequence, it is an important piece of information for app developers and medical providers, who have to find a way to find a user base for their products against the background of rising user privacy concerns.

Keywords: digital health, privacy, privacy paradox, IoMT

Procedia PDF Downloads 121

Authors: Aofan Liu, Qianqian Tan, Burra Venkata Durga Kumar

Abstract:

Data security is of the utmost importance in the healthcare area, as sensitive patient information is constantly sent around and analyzed by many different parties. The use of federated learning, which enables data to be evaluated locally on devices rather than being transferred to a central server, has emerged as a potential solution for protecting the privacy of user information. To protect against data breaches and unauthorized access, federated learning alone might not be adequate. In this context, the application of blockchain technology could provide the system extra protection. This study proposes a distributed federated learning system that is built on blockchain technology in order to enhance security in healthcare. This makes it possible for a wide variety of healthcare providers to work together on data analysis without raising concerns about the confidentiality of the data. The technical aspects of the system, including as the design and implementation of distributed learning algorithms, consensus mechanisms, and smart contracts, are also investigated as part of this process. The technique that was offered is a workable alternative that addresses concerns about the safety of healthcare while also fostering collaborative research and the interchange of data.

Keywords: data privacy, distributed system, federated learning, machine learning

Procedia PDF Downloads 99

Authors: Nazura Abdul Manap, Siti Nur Farah Atiqah Salleh

Abstract:

For decades, the misuse of personal data has been a critical issue. Malaysia has accepted responsibility by implementing the Malaysian Personal Data Protection Act 2010 to secure personal data (PDPA 2010). After more than a decade, this legislation is set to be revised by the current PDPA 2023 Amendment Bill to align with the world's key personal data protection regulations, such as the European Union General Data Protection Regulations (GDPR). Among the other suggested adjustments is the Data User's appointment of a Data Protection Officer (DPO) to ensure the commercial entity's compliance with the PDPA 2010 criteria. The change is expected to be enacted in parliament fairly soon; nevertheless, based on the experience of the Personal Data Protection Department (PDPD) in implementing the Act, it is projected that there will be a slew of additional concerns associated with the DPO mandate. Consequently, the goal of this article is to highlight the issues that the DPO will encounter and how the Personal Data Protection Department should respond to this subject. The study result was produced using a qualitative technique based on an examination of the current literature. This research reveals that there are probable obstacles experienced by the DPO, and thus, there should be a definite, clear guideline in place to aid DPO in executing their tasks. It is argued that appointing a DPO is a wise measure in ensuring that the legal data security requirements are met.

Keywords: guideline, law, data protection officer, personal data

Procedia PDF Downloads 65

Authors: Natalia Kalinowska

Abstract:

The adoption of the General Data Protection Regulation, (GDPR) finished the four-year work of the European Commission in this area in the European Union. Considering far-reaching changes, which will be applied by GDPR, the European legislator envisaged two-year transitional period. Member states and companies have to prepare for a new regulation until 25 of May 2018. The idea, which becomes a new look at an attitude to data protection in the European Union is risk-based approach. So far, as a result of implementation of Directive 95/46/WE, in many European countries (including Poland) there have been adopted very particular regulations, specifying technical and organisational security measures e.g. Polish implementing rules indicate even how long password should be. According to the new approach from May 2018, controllers and processors will be obliged to apply security measures adequate to level of risk associated with specific data processing. The risk in GDPR should be interpreted as the likelihood of a breach of the rights and freedoms of the data subject. According to Recital 76, the likelihood and severity of the risk to the rights and freedoms of the data subject should be determined by reference to the nature, scope, context and purposes of the processing. GDPR does not indicate security measures which should be applied – in recitals there are only examples such as anonymization or encryption. It depends on a controller’s decision what type of security measures controller considered as sufficient and he will be responsible if these measures are not sufficient or if his identification of risk level is incorrect. Data protection regulation indicates few levels of risk. Recital 76 indicates risk and high risk, but some lawyers think, that there is one more category – low risk/now risk. Low risk/now risk data processing is a situation when it is unlikely to result in a risk to the rights and freedoms of natural persons. GDPR mentions types of data processing when a controller does not have to evaluate level of risk because it has been classified as „high risk” processing e.g. processing on a large scale of special categories of data, processing with using new technologies. The methodology will include analysis of legal regulations e.g. GDPR, the Polish Act on the Protection of personal data. Moreover: ICO Guidelines and articles concerning risk based approach in GDPR. The main conclusion is that an appropriate risk assessment is a key to keeping data safe and avoiding financial penalties. On the one hand, this approach seems to be more equitable, not only for controllers or processors but also for data subjects, but on the other hand, it increases controllers’ uncertainties in the assessment which could have a direct impact on incorrect data protection and potential responsibility for infringement of regulation.

Keywords: general data protection regulation, personal data protection, privacy protection, risk based approach

Procedia PDF Downloads 240

Authors: Maria Jędrzejczak, Patryk Pieniążek

Abstract:

The European legal reality is on the eve of significant change. In European Union law, there is talk of a “fourth industrial revolution”, which is driven by massive data resources linked to powerful algorithms and powerful computing capacity. The above is closely linked to technological developments in the area of artificial intelligence, which has prompted an analysis covering both the legal environment as well as the economic and social impact, also from an ethical perspective. The discussion on the regulation of artificial intelligence is one of the most serious yet widely held at both European Union and Member State level. The literature expects legal solutions to guarantee security for fundamental rights, including privacy, in artificial intelligence systems. There is no doubt that personal data have been increasingly processed in recent years. It would be impossible for artificial intelligence to function without processing large amounts of data (both personal and non-personal). The main driving force behind the current development of artificial intelligence is advances in computing, but also the increasing availability of data. High-quality data are crucial to the effectiveness of many artificial intelligence systems, particularly when using techniques involving model training. The use of computers and artificial intelligence technology allows for an increase in the speed and efficiency of the actions taken, but also creates security risks for the data processed of an unprecedented magnitude. The proposed regulation in the field of artificial intelligence requires analysis in terms of its impact on the regulation on personal data protection. It is necessary to determine what the mutual relationship between these regulations is and what areas are particularly important in the personal data protection regulation for processing personal data in artificial intelligence systems. The adopted axis of considerations is a preliminary assessment of two issues: 1) what principles of data protection should be applied in particular during processing personal data in artificial intelligence systems, 2) what regulation on liability for personal data breaches is in such systems. The need to change the regulations regarding the rights and obligations of data subjects and entities processing personal data cannot be excluded. It is possible that changes will be required in the provisions regarding the assignment of liability for a breach of personal data protection processed in artificial intelligence systems. The research process in this case concerns the identification of areas in the field of personal data protection that are particularly important (and may require re-regulation) due to the introduction of the proposed legal regulation regarding artificial intelligence. The main question that the authors want to answer is how the European Union regulation against data protection breaches in artificial intelligence systems is shaping up. The answer to this question will include examples to illustrate the practical implications of these legal regulations.

Keywords: data protection law, personal data, AI law, personal data breach

Procedia PDF Downloads 46

Authors: Anny Retnowati, Elisabeth Sundari

Abstract:

This research aims to elaborate the meaning of personal data protection principles on patient access to health data in medical records in Indonesia and its implications. The method uses normative legal research by examining health law in Indonesia regarding the patient's right to access their health data in medical records. The data will be analysed qualitatively using the interpretation method to elaborate on the limitation of the meaning of personal data protection principles on patients' access to their data in medical records. The results show that patients only have the right to obtain copies of their health data in medical records. There is no right to inspect directly at any time. Indonesian health law limits the principle of patients' right to broad access to their health data in medical records. This restriction has implications for the reduction of personal data protection as part of human rights. This research contribute to show that a limitaion of personal data protection may abuse the human rights.

Keywords: access, health data, medical records, personal data, protection

Procedia PDF Downloads 70

Authors: Minjung Park, Sangmi Chai, Myoung Jun Lee

Abstract:

Since there are growing concerns on online privacy, enterprises could involve various personal privacy infringements cases resulting legal causations. For companies that are involving online business, it is important for them to pay extra attentions to protect users’ privacy. If firms can aware consequences from possible online privacy invasion cases, they can more actively prevent future online privacy infringements. This study attempts to predict the probability of ruling types caused by various invasion cases under U.S Personal Privacy Act. More specifically, this research explores online privacy invasion cases which was sentenced guilty to identify types of criminal punishments such as penalty, imprisonment, probation as well as compensation in civil cases. Based on the 853 U.S judicial cases ranged from January, 2000 to May, 2016, which related on data privacy, this research examines the relationship between personal information infringements cases and adjudications. Upon analysis results of 41,724 words extracted from 853 regal cases, this study examined online users’ privacy invasion cases to predict the probability of conviction for a firm as an offender in both of criminal and civil law. This research specifically examines that a cause of privacy infringements and a judgment type, whether it leads a civil or criminal liability, from U.S court. This study applies network text analysis (NTA) for data analysis, which is regarded as a useful method to discover embedded social trends within texts. According to our research results, certain online privacy infringement cases caused by online spamming and adware have a high possibility that firms are liable in the case. Our research results provide meaningful insights to academia as well as industry. First, our study is providing a new insight by applying Big Data analytics to legal cases so that it can predict the cause of invasions and legal consequences. Since there are few researches applying big data analytics in the domain of law, specifically in online privacy, this study suggests new area that future studies can explore. Secondly, this study reflects social influences, such as a development of privacy invasion technologies and changes of users’ level of awareness of online privacy on judicial cases analysis by adopting NTA method. Our research results indicate that firms need to improve technical and managerial systems to protect users’ online privacy to avoid negative legal consequences.

Keywords: network text analysis, online privacy invasions, personal information infringements, predicting judgements

Procedia PDF Downloads 216

Authors: Sara Vora (Hoxha)

Abstract:

Defamation, invasion of privacy, and cyberbullying have all increased in tandem with the growth of the internet. European international private law may struggle to deal with such transgressions if they occur in many jurisdictions. The current study examines how effectively the legal system of European international private law addresses abuses of personality rights in cyberspace. The study starts by discussing how established legal frameworks are being threatened by online personality rights abuses. The article then looks into the rules and regulations of European international private law that are in place to handle overseas lawsuits. This article examines the different elements that courts evaluate when deciding which law to use in a particular case, focusing on the concepts of jurisdiction, choice of law, and recognition and execution of foreign judgements. Next, the research analyses the function of the European Union in preventing and punishing online personality rights abuses. Key pieces of law that control the collecting and processing of personal data on the Internet, including the General Data Protection Regulation (GDPR) and the e-Commerce Directive, are discussed. In addition, this article investigates how the ECtHR handles cases involving the infringement of personal freedoms, including privacy and speech. The article finishes with an assessment of how well the legal framework of European international private law protects individuals' right to privacy online. It draws attention to problems with the present legal structure, such as the inability to enforce international judgements, the inconsistency between national laws, and the necessity for stronger measures to safeguard people' rights online. This paper concludes that while European international private law provides a useful framework for dealing with violations of personality rights online, further harmonisation and stronger enforcement mechanisms are necessary to effectively protect individuals' rights in the digital age.

Keywords: European international private law, personality rights, internet, jurisdiction, cross-border disputes, data protection

Procedia PDF Downloads 61

Authors: Shaya Alshahrani

Abstract:

Perceived risks play a major role in consumer intentions, behaviors, attitudes, and decisions about online shopping in the KSA. This paper investigates the influence of six perceived risk dimensions on Saudi consumers: product risk, information risk, financial risk, privacy and security risk, delivery risk, and terms and conditions risk empirically. To ensure the success of this study, a random survey was distributed to reflect the consumers’ perceived risk and to enable the generalization of the results. Data were collected from 323 respondents in the Kingdom of Saudi Arabia (KSA): 50 who had never shopped online and 273 who had done so. The results indicated that all six risks influenced the respondents’ perceptions of online shopping. The non-online shoppers perceived financial and delivery risks as the most significant barriers to online shopping. This was followed closely by performance, information, and privacy and security risks. Terms and conditions were perceived as less significant. The online consumers considered delivery and performance risks to be the most significant influences on internet shopping. This was followed closely by information and terms and conditions. Financial and privacy and security risks were perceived as less significant. This paper argues that introducing adequate legal solutions to addressing related problems arising from this study is an urgent need. This may enhance consumer trust in the KSA online market, increase consumers’ intentions regarding online shopping, and improve consumer protection.

Keywords: perceived risk, online contracts, Saudi Arabia, consumer protection

Procedia PDF Downloads 132

Authors: Muhammad Muhammad Suleiman

Abstract:

Cloud Computing is a versatile concept that refers to a service that allows users to outsource their data without having to worry about local storage issues. However, the most pressing issues to be addressed are maintaining a secure and reliable data repository rather than relying on untrustworthy service providers. In this study, we look at how stenography approaches and collaboration with Digital Watermarking can greatly improve the system's effectiveness and data security when used for Cloud Computing. The main requirement of such frameworks, where data is transferred or exchanged between servers and users, is safe data management in cloud environments. Steganography is the cloud is among the most effective methods for safe communication. Steganography is a method of writing coded messages in such a way that only the sender and recipient can safely interpret and display the information hidden in the communication channel. This study presents a new text steganography method for hiding a loaded hidden English text file in a cover English text file to ensure data protection in cloud computing. Data protection, data hiding capability, and time were all improved using the proposed technique.

Keywords: cloud computing, steganography, information hiding, cloud storage, security

Procedia PDF Downloads 174

Authors: Deborah Garcia-Magna

Abstract:

The use of new technologies has become widespread in the last decade, giving rise to various risks associated with the transfer of personal data and the publication of sensitive material on social media. There are already several supranational instruments that seek to protect the citizens involved in this growing traffic of personal information and, especially, the most vulnerable people, such as minors, who are also the ones who make the most intense use of these new means of communication. In this sense, the configuration of the concept of privacy as a legal right has necessarily been influenced by these new social uses and supranational instruments. The researcher considers correct the decision to introduce sexting as a new criminal behaviour in the Penal Code in 2015, but questions the concrete manner in which it has been made. To this end, an updated review of the various options that our legal system already offered is made, assessing whether these legal options adequately addressed the new social needs and guidelines from jurisprudence and other supranational instruments. Some important issues emerge as to whether the principles of fragmentarity and subsidiarity may be violated since the new article 197.7 of the Spanish Penal Code could refer to very varied behaviours and protect not only particularly vulnerable persons. In this sense, the research focuses on issues such as the concept of 'seriousness' of the infringement of privacy, the possible reckless conduct of the victim, who hang over its own private material to third parties, the affection to other legal rights such as freedom and sexual indemnity, the possible problems of concurrent offences, etc.

Keywords: criminal law reform, ECHR jurisprudence, right to privacy, sexting

Procedia PDF Downloads 183

Authors: Amir Rashid

Abstract:

Cloud Computing frameworks empower organizations to cut expenses by outsourcing computation resources on-request. As of now, customers of Cloud service providers have no methods for confirming the privacy and ownership of their information and data. To address this issue we propose the platform of a trusted cloud computing program (TCCP). TCCP empowers Infrastructure as a Service (IaaS) suppliers, for example, Amazon EC2 to give a shout box execution condition that ensures secret execution of visitor virtual machines. Also, it permits clients to bear witness to the IaaS supplier and decide if the administration is secure before they dispatch their virtual machines. This paper proposes a Trusted Cloud Computing Platform (TCCP) for guaranteeing the privacy and trustworthiness of computed data that are outsourced to IaaS service providers. The TCCP gives the deliberation of a shut box execution condition for a client's VM, ensuring that no cloud supplier's authorized manager can examine or mess up with its data. Furthermore, before launching the VM, the TCCP permits a client to dependably and remotely acknowledge that the provider at backend is running a confided in TCCP. This capacity extends the verification of whole administration, and hence permits a client to confirm the data operation in secure mode.

Keywords: cloud security, IaaS, cloud data privacy and integrity, hybrid cloud

Procedia PDF Downloads 280

Authors: H. Parveen Begam, M. A. Maluk Mohamed

Abstract:

Grid computing is an environment that allows sharing and coordinated use of diverse resources in dynamic, heterogeneous and distributed environment using Virtual Organization (VO). Security is a critical issue due to the open nature of the wireless channels in the grid computing which requires three fundamental services: authentication, authorization, and encryption. The privacy and anonymity are considered as an important factor while communicating over publicly spanned network like web. To ensure a high level of security we explored an extension of onion routing, which has been used with dynamic token exchange along with protection of privacy and anonymity of individual identity. To improve the performance of encrypting the layers, the elliptic curve cryptography is used. Compared to traditional cryptosystems like RSA (Rivest-Shamir-Adelman), ECC (Elliptic Curve Cryptosystem) offers equivalent security with smaller key sizes which result in faster computations, lower power consumption, as well as memory and bandwidth savings. This paper presents the estimation of the performance improvements of onion routing using ECC as well as the comparison graph between performance level of RSA and ECC.

Keywords: grid computing, privacy, anonymity, onion routing, ECC, RSA

Procedia PDF Downloads 384

Authors: Zheng Miao, Dennis Fernandez

Abstract:

CRISPR research has the potential to completely transform life science, agriculture, live-stock and the health care industry. The Intellectual Property derived from its research has raised significant attention in the academic as well as the biopharmaceutical industry culminating an urgent need for strategic IP protection. We review the rudimentary concepts and key competitors of CRISPR technologies as well as the paramount strategies for intellectual property protection. Further, we elaborate on prosecution issues related to CRISPR patents as well as possible solutions to various patent laws, interferences and litigation. Finally, we address how the bioinformatics of the CRISPR technology begs an inquiry into issues of privacy and a host of ethical concerns.

Keywords: bioinformatics, CRISPR, biotechnology, intellectual property

Procedia PDF Downloads 239

Authors: Lorna Goulden, Kai M. Hermsen, Jari Isohanni, Mirko Ross, Jef Vanbockryck

Abstract:

This article introduces disposable identities, with reference use cases and explores possible technical approaches. The proposed approach, when fully developed as an open-source toolkit, enables developers of mobile or web apps to employ a self-sovereign identity and data privacy framework, in order to rebuild trust in digital services by providing greater transparency, decentralized control, and GDPR compliance. With a user interface for the management of self-sovereign identity, digital authorizations, and associated data-driven transactions, the advantage of Disposable Identities is that they may also contain verifiable data such as the owner’s photograph, official or even biometric identifiers for more proactive prevention of identity abuse. These Disposable Identities designed for decentralized privacy management can also be time, purpose and context-bound through a secure digital contract; with verification functionalities based on tamper-proof technology.

Keywords: dentity, trust, self-sovereign, disposable identity, privacy toolkit, decentralised identity, verifiable credential, cybersecurity, data driven business, PETs, GDPRdentity, trust, self-sovereign, disposable identity, privacy toolkit, decentralised identity, verifiable credential, cybersecurity, data driven business, PETs, GDPRI

Procedia PDF Downloads 200

Authors: Emre Bayamlıoğlu

Abstract:

This paper aims to provide an account of the legal and the regulative aspects of the algorithmic reputation systems with a special emphasis on the sharing economy (i.e., Uber, Airbnb, Lyft) business model. The first section starts with an analysis of the legal and commercial nature of the tripartite relationship among the parties, namely, the host platform, individual sharers/service providers and the consumers/users. The section further examines to what extent an algorithmic system of reputational information could serve as an alternative to legal regulation. Shortcomings are explained and analyzed with specific examples from Airbnb Platform which is a pioneering success in the sharing economy. The following section focuses on the issue of governance and control of the reputational information. The section first analyzes the legal consequences of algorithmic filtering systems to detect undesired comments and how a delicate balance could be struck between the competing interests such as freedom of speech, privacy and the integrity of the commercial reputation. The third section deals with the problem of manipulation by users. Indeed many sharing economy businesses employ certain techniques of data mining and natural language processing to verify consistency of the feedback. Software agents referred as "bots" are employed by the users to "produce" fake reputation values. Such automated techniques are deceptive with significant negative effects for undermining the trust upon which the reputational system is built. The third section is devoted to explore the concerns with regard to data mobility, data ownership, and the privacy. Reputational information provided by the consumers in the form of textual comment may be regarded as a writing which is eligible to copyright protection. Algorithmic reputational systems also contain personal data pertaining both the individual entrepreneurs and the consumers. The final section starts with an overview of the notion of reputation as a communitarian and collective form of referential trust and further provides an evaluation of the above legal arguments from the perspective of public interest in the integrity of reputational information. The paper concludes with certain guidelines and design principles for algorithmic reputation systems, to address the above raised legal implications.

Keywords: sharing economy, design principles of algorithmic regulation, reputational systems, personal data protection, privacy

Procedia PDF Downloads 452

Authors: Dwi Ashari

Abstract:

This study attempts to disclose people’s privacy in Indonesian media. Many television (henceforth: TV) programs have shown the exposure of people’s privacy. People, not only celebrities, who appear in TV program often, share their life to the participants to get very intimate self-disclosure with them. Indonesia, as one of the countries with highest population, has many people who watch television everyday. This can be the major factor for some TV stations to create a program to get people’s attention to gain more profit. This study examines some factors of Indonesia TV programs that share the people’s privacy. The relation of privacy in Indonesia TV programs will be related to the concept of self-disclosure and intimacy between the people who share and watch the programs.

Keywords: Indonesia, media, privacy, self-disclosure

Procedia PDF Downloads 318

Authors: Nirmala Gopal, Sheetal Bhoola, Audecious Mugwagwa

Abstract:

This paper discusses the continued infringement and exploitation of data by non-state actors for destructive purposes, emphasizing radical terrorist organizations. It will discuss how terrorist organizations access and use data to foster their nefarious agendas. It further examines how cybersecurity, designed as a tool to curb data exploitation, is ineffective in raising global citizens' concerns about how their data can be kept safe and used for its acquired purpose. The study interrogates several policies and data protection instruments, such as the Data Protection Act, Cyber Security Policies, Protection of Personal Information(PPI) and General Data Protection Regulations (GDPR), to understand data use and storage in democratic states. The study outcomes point to the fact that international cybersecurity and cybercrime legislation, policies, and conventions have not curbed violations of data access and use by radical terrorist groups. The study recommends ways to enhance cybersecurity and reduce cyber risks using democratic principles.

Keywords: cybersecurity, data exploitation, terrorist organizations, data democracy

Procedia PDF Downloads 184

Authors: Noha Nagy, Hoda Mokhtar, Mohamed El Sherkawi

Abstract:

The popularity of workflow delegation models and the increasing number of workflow provenance-aware systems motivate the need for finding more strict delegation models. Such models combine different approaches for enhanced security and respecting workflow privacy. Although modern enterprises seek conformance to workflow constraints to ensure correctness of their work, these constraints pose a threat to security, because these constraints can be good seeds for attacking privacy even in secure models. This paper introduces a comprehensive Workflow Delegation Model (WFDM) that utilizes provenance and workflow constraints to prevent malicious delegate from attacking workflow privacy as well as extending the delegation functionalities. In addition, we argue the need for exploiting workflow constraints to improve workflow security models.

Keywords: workflow delegation models, secure workflow, workflow privacy, workflow provenance

Procedia PDF Downloads 315

Authors: Andrei Bogdan Stanescu, Laura Diaconescu

Abstract:

With the increasing concerns about data breaches and privacy violations, organizations seek robust security measures to protect sensitive information. This research paper highlights the importance of implementing the Zero-Trust Security methodology using Passwordless Authentication Gateways that leverage Keycloak, an open-source Identity and Access Management (IAM) software, as a solution to address the security challenges these organizations face. The paper presents the successful implementation and deployment of such a solution in a mid-size, privacy-oriented organization. The implementation resulted in significant security improvements, reducing the risk of unauthorized access and potential data breaches. Moreover, user feedback indicated enhanced convenience and streamlined authentication experiences. The results of this study bring solid contributions in the field of cybersecurity and provide practical insights for organizations aiming to strengthen their security practices.

Keywords: identity and access management, passwordless authentication, privacy, zero-trust security

Procedia PDF Downloads 76

Authors: Mohamad Ibrahim Al Ladan

Abstract:

Social networks, such as Facebook, Myspace, LinkedIn, Google+, and Twitter have experienced exponential growth and a remarkable adoption rate in recent years. They provide attractive means of online social interactions and communications with family, friends, and colleagues from around the corner or across the globe, and they have become an important part of daily digital interactions for more than one and a half billion users around the world. The various personal information sharing practices that social network providers encourage have led to their success as innovative social interaction platforms. However, these practices have resulted in ample concerns with respect to privacy and security from different stakeholders. Addressing these privacy and security concerns in social networks is a must for these networks to be sustainable. Existing security and privacy tools may not be enough to address existing concerns. Some guidelines should be followed to protect users from the existing risks. In this paper, we have investigated and discussed the various privacy and security issues and concerns pertaining to social networks. Moreover, we have classified these privacy and security issues and presented a thorough discussion of the implications of these issues and concerns on the future of the social networks. In addition, we have presented a set of guidelines as precaution measures that users can consider to address these issues and concerns.

Keywords: social networks privacy issues, social networks security issues, social networks privacy precautions measures, social networks security precautions measures

Procedia PDF Downloads 280

Authors: N. A. Badrul

Abstract:

People are concerned that they are vulnerable as a result of what is exposed about them on the internet. Users are increasingly aware of their privacy and are making various efforts to protect their personal information. However, besides individuals themselves, organisations are also exposing personal information of their staff to the general public by publishing it on their official website. This practice may put individuals at risk and particularly vulnerable to threats. This preliminary study explores explicitly the amount and types of personal information disclosure from organisational websites. Threats and risks related to the disclosures are discussed. In general, all the examined organisational websites discloses personal information with varies identifiable degree of data.

Keywords: personal information, privacy, e-government, information disclosure

Procedia PDF Downloads 298

Authors: Justyna Żywiołek, Marek Matulewski

Abstract:

The article presents the results of a survey conducted among students from various European countries. The aim of the study was to understand how artificial intelligence (AI) affects educational processes in a digital environment. The survey covered a wide range of topics, including students' understanding and use of AI, its impact on motivation and engagement, interaction and support issues, accessibility and equity, and data security and privacy concerns. Most respondents admitted having difficulties comprehending the advanced functions of AI in educational tools. Many students believe that excessive use of AI in education can decrease their motivation for self-study and active participation in classes. Additionally, students reported that interaction with AI-based tools is often less satisfying compared to direct contact with teachers. Furthermore, the survey highlighted inequalities in access to advanced AI tools, which can widen the educational gap between students from different economic backgrounds. Students also expressed concerns about the security and privacy of their personal data collected and processed by AI systems. The findings suggest that while AI has the potential to support digital education, significant challenges need to be addressed to make these tools more effective and acceptable for students. Recommendations include increasing training for students and teachers on using AI, providing more interactive and engaging forms of education, and implementing stricter regulations on data protection.

Keywords: AI, digital education, education tools, motivation and engagement

Procedia PDF Downloads 8

Authors: Derick M. Rakgoale, Topside E. Mathonsi, Vusumuzi Malele

Abstract:

Cloud computing offers distributed online and on-demand computational services from anywhere in the world. Cloud computing services have grown immensely over the past years, especially in the past year due to the Coronavirus pandemic. Cloud computing has changed the working environment and introduced work from work phenomenon, which enabled the adoption of technologies to fulfill the new workings, including cloud services offerings. The increased cloud computing adoption has come with new challenges regarding data privacy and its integrity in the cloud environment. Previously advanced encryption algorithms failed to reduce the memory space required for cloud computing performance, thus increasing the computational cost. This paper reviews the existing encryption algorithms used in cloud computing. In the future, artificial neural networks (ANN) algorithm design will be presented as a security solution to ensure data integrity, confidentiality, privacy, and availability of user data in cloud computing. Moreover, MATLAB will be used to evaluate the proposed solution, and simulation results will be presented.

Keywords: cloud computing, data integrity, confidentiality, privacy, availability

Procedia PDF Downloads 111

Authors: Cheng Xu

Abstract:

As the metaverse emerges as a dynamic virtual simulacrum of reality, its implications on user privacy have become a focal point of interest. While previous discussions have ventured into metaverse privacy dynamics, a glaring empirical gap persists, especially concerning the effects of personalization in the context of news recommendation services. This study stands at the forefront of addressing this void, meticulously examining how users' privacy concerns shift within the metaverse's personalization context. Through a pre-registered randomized controlled experiment, participants engaged in a personalization task across both the metaverse and traditional online platforms. Upon completion of this task, a comprehensive news recommendation service provider offers personalized news recommendations to the users. Our empirical findings reveal that the metaverse inherently amplifies privacy concerns compared to traditional settings. However, these concerns are notably mitigated when users have a say in shaping the algorithms that drive these recommendations. This pioneering research not only fills a significant knowledge gap but also offers crucial insights for metaverse developers and policymakers, emphasizing the nuanced role of user input in shaping algorithm-driven privacy perceptions.

Keywords: metaverse, privacy concerns, personalization, digital interaction, algorithmic recommendations

Procedia PDF Downloads 102

Authors: Rina Arum Prastyanti

Abstract:

Information technology has changed the ways of transacting and enabling new opportunities in business transactions. Problems to be faced by consumers M Commerce, among others, the consumer will have difficulty accessing the full information about the products on offer and the forms of transactions given the small screen and limited storage capacity, the need to protect children from various forms of excess supply and usage as well as errors in access and disseminate personal data, not to mention the more complex problems as well as problems agreements, dispute resolution that can protect consumers and assurance of security of personal data. It is no less important is the risk of payment and personal information of payment dal am also an important issue that should be on the swatch solution. The purpose of this study is 1) to describe the phenomenon of the use of Mobile Commerce in Indonesia. 2) To determine the form of legal protection for the consumer use of Mobile Commerce. 3) To get the right type of law so as to provide legal protection for consumers Mobile Commerce users. This research is a descriptive qualitative research. Primary and secondary data sources. This research is a normative law. Engineering conducted engineering research library collection or library research. The analysis technique used is deductive analysis techniques. Growing mobile technology and more affordable prices as well as low rates of provider competition also affects the increasing number of mobile users, Indonesia is placed into 4 HP users in the world, the number of mobile phones in Indonesia is estimated at around 250.1 million telephones with a population of 237 556. 363. Indonesian form of legal protection in the use of mobile commerce still a part of the Law No. 11 of 2008 on Information and Electronic Transactions and until now there is no rule of law that specifically regulates mobile commerce. Legal protection model that can be applied to protect consumers of mobile commerce users ensuring that consumers get information about potential security and privacy challenges they may face in m commerce and measures that can be used to limit the risk. Encourage the development of security measures and built security features. To encourage mobile operators to implement data security policies and measures to prevent unauthorized transactions. Provide appropriate methods both time and effectiveness of redress when consumers suffer financial loss.

Keywords: mobile commerce, legal protection, consumer, effectiveness

Procedia PDF Downloads 351

Authors: Roman Bieda

Abstract:

The General Data Protection Regulation (GDPR) will come into force on 25 May 2018 which will create a new legal framework for the protection of personal data in the European Union. Article 20 of GDPR introduces a right to data portability. This right allows for data subjects to receive the personal data which they have provided to a data controller, in a structured, commonly used and machine-readable format, and to transmit this data to another data controller. The right to data portability, by facilitating transferring personal data between IT environments (e.g.: applications), will also facilitate changing the provider of services (e.g. changing a bank or a cloud computing service provider). Therefore, it will contribute to the development of competition and the digital market. The aim of this paper is to discuss the right to data portability and its influence on the development of new digital services.

Keywords: data portability, digital market, GDPR, personal data

Procedia PDF Downloads 456

Authors: Devika Tanna

Abstract:

'Biometrics' means 'life measurement' but the term is usually associated with the use of unique physiological characteristics to identify an individual. It is important to secure the privacy of digital face image that is stored in central database. To impart privacy to such biometric face images, first, the digital face image is split into two host face images such that, each of it gives no idea of existence of the original face image and, then each cover image is stored in two different databases geographically apart. When both the cover images are simultaneously available then only we can access that original image. This can be achieved by using the XM2VTS and IMM face database, an adaptive algorithm for spatial greyscale. The algorithm helps to select the appropriate host images which are most likely to be compatible with the secret image stored in the central database based on its geometry and appearance. The encryption is done using GEVCS which results in a reconstructed image identical to the original private image.

Keywords: adaptive algorithm, database, host images, privacy, visual cryptography

Procedia PDF Downloads 112

Authors: Alexandra Aslanidou

Abstract:

The General Data Protection Regulation (GDPR), concerning the protection of natural persons within the European Union with regard to the processing of personal data and on the free movement of such data, became applicable in the European Union (EU) on 25 May 2018 and transformed the way personal data were being treated under the Data Protection Directive (DPD) regime, generating sweeping organizational changes to both public sector and business. A social practice that is considerably influenced in the way of its day-to-day operations is Human Resource (HR) management, for which the importance of GDPR cannot be underestimated. That is because HR processes personal data coming in all shapes and sizes from many different systems and sources. The significance of the proper functioning of an HR department, specifically in human-centered, service-oriented environments such as the education field, is decisive due to the fact that HR operations in schools, conducted effectively, determine the quality of the provided services and consequently have a considerable impact on the success of the educational system. The purpose of this paper is to analyze the decisive role that GDPR plays in HR departments that operate in schools and in order to practically evaluate the aftermath of the Regulation during the first months of its applicability; a comparative use cases analysis in five highly dynamic schools, across three EU Member States, was attempted.

Keywords: general data protection regulation, human resource management, educational system

Procedia PDF Downloads 88