and personal data have possible implications for personal privacy. There may also be security vulnerabilities in electronics and communications systems.
>assess the importance of data protection and privacy aspects in the areas and actions of the ITS Action Plan>evaluate which potential measures could be undertaken
addressing the specific data security and data protection issues related to ITS applications and services. Meanwhile, a number of EU-backed research projects have carried out work relevant to the topic,
and personal data protection aspects related to the handling of data in ITS applications and services and propose measures in full compliance with EU legislation Data security
and data protection 2 37>AC T ION 5. 2>A c T I O N 5. 2 I N t E L L I G E
both the Norwegian and Danish Data protection Authorities have issued rulings to prevent the use of cloud computing services by municipalities
The Economic Importance of Getting Data protection Right: Protecting Privacy, Transmitting Data, Moving Commerce (European Centre for International Political economy/U s. Chamber of commerce, March 2013), https://www. uschamber. com/sites/default
The Impact of the Data protection Regulation in the EU (Intertic, 2013), http://www. intertic. org/new site/wp-content/uploads/Policy%20papers/CCER. pdf. 110.
Greg Sterling, France Wants To Tax Facebook, Google‘Personal data Collection,'Marketing Land, January 21, 2013, http://marketingland. com/france-wants-to-tax-facebook-google-personal data-collection-31196;
Jacob Albert, France Wants to Tax Data mining, and It's Not a Bad Idea, Quartz, January 22, 2013,
Processing of sensitive personal data in a cloud solution, Datatilsynet, February 3, 2011, http://www. datatilsynet. dk/english/processing-of-sensitive-personal data-in-a-cloud-solution,
The Economic Importance of Getting Data protection Right. 190. Mark Scott, Uber Faces Rebukes in Europe, Bits (blog) New york times, accessed April 18, 2014,
. Thus American citizens are less wary of giving personal data to private firms. Amazon's customer databases hold names, addresses, telephone numbers, email addresses, profiled preferences and, most important, credit card details of its 137 million customers.
The safe harbour rules for the exemption of US web service providers from EU data protection laws, under
Supporting policy actions for open research and dissemination of data (e g. open access publications, open data repositories, data protection strategies etc.
taking into account intellectual property, security and data protection issues. 131 58.0 25. Supporting research on the perspectives of various actors and stakeholders such as policy-makers, school leaders, teachers, learners, parents, IT providers, educational content providers etc. 129 58.0 26.
taking into account intellectual property, security and data protection issues. Encouraging research on the implementation process of ICT-ELI, focusing on the possible learning gains.
taking into account intellectual property, security and data protection issues..8 4. 6 3. 8 11.5 21.4 22.9 35.1 58.0 Supporting research on the perspectives of various actors and stakeholders such as policy-makers, school leaders, teachers
The body should include a division responsible for the governance of ehealth data interoperability standards and patient data privacy and security.
Among the components covered related to the management of patient information are data privacy, security, and interoperability.
Individual patient clinical data can be standardized using the standards already covered in this publication WHO further recognizes the important need for the development of patient health data privacy and security standards.
To lobby nationally for policy guidance in relation to data protection, IP and competition policy to support an open innovation environment for all.
In the EU, for example, a number of directives require data producers to obtain users'consent before gathering any of their personal data. 5 One of the best-known examples of leveraging the online population's digital breadcrumbs for development purposes is Google Flu Trends (GFT.
The World Economic Forum's Rethinking Personal data project has identified key trust challenges facing the personal data economy,
or explicit existence of personal data that needs to be protected. OECD, for example, defines personal data as any information relating to an identified or identifiable individual (data subject)( OECD, 2013.
The result of such an approach has been the policy of inform and consent practised by most companies to inform users of what data are Chapter 5. The role of big data for ICT monitoring
the World Economic Forum (WEF) initiated a global multi-stakeholder dialogue on personal data that advocated a principle-based approach,
Given the complexity of the questions related to privacy and data protection in a big data world, the danger is that these questions may take too long to resolve
Regulators could develop a regulatory mechanism that would shift the focus of privacy protection from informed consent at the point of collecting personal data to accountable and responsible uses of personal data.
In return, data users would be permitted to reuse personal data for novel purposes where a privacy assessment indicates minimal privacy risks.
the collection and processing of personal data or information is regulated currently by Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data (Data protection Directive) 1 and Directive
which focuses more specifically on the processing of personal data in the electronic communications sector. Article 7 of the Data protection directive establishes the principle of opt-in, according to
which personal data cannot legitimately be processed without the consent of the data subject, except if necessary to preserve public order or morality,
as well as to further the general interest of society or individuals. Building on this principle, Article 5 of the eprivacy Directive further provides that the processing of personal data can be effected only with the consent of the data subject
who should be given clear and comprehensive information as to the manner and purpose of such processing, except where it is directly instrumental to the provision of a service
see http://www. weforum. org/issues/rethinking-personal data. 34 It should be noted that there is no single ITU definition of privacy,
http://www. unglobalpulse. org/privacy-and-data protection for an understanding of the privacy protections UN Global Pulse imposes on its researchers. 38 SEO is established an marketing strategy
WEF (2013), Unlocking the Value of Personal data: From Collection to Usage. Geneva, Switzerland. Retrieved from:
"the Digital Agenda for Europe defines a series of cyber security initiatives at European level to ensure cyber security incident response capabilities and the protection of personal data.
Data confidentiality accessing personal data stored or transmitted inside the electronic commerce systems. All the risks and threats mentioned above represent critical situations
and the internet users may be protected through access to Consumer Protection Cooperation network systems (by assuring the protection of personal data,
Directorate for Driving Licenses and Vehicle Registration Concluding contracts Medium Voting 1. Authentication (providing personal data in the ID) 2. Handing the stamp necessary to vote 3. Choosing the candidate 4. Returning
if the address from the ownership title does not match with the address from the Fiscal clearance certificate Obtaining a job Registration with a library 1. Communication of personal data 2. Filling in a library sheet,
based on the personal data indicated before 3. Registration in the database of a library Low 11309 libraries in 2012 Source:
Furthermore, most users have accepted giving away their personal data in exchange for free services. Yet this bargain not only undermines privacy
and weakens data protection but also commodifies knowledge, identity and personal data. There are other models that focus on innovation.
as alternatives to the centralised models of the current dominant global platforms that often monetise and sell personal data Creation and consolidation of new monopolies:
as long as the privacy and data protection of all citizens is preserved and that communities are entitled to share the value
start-ups and social innovators Taxes Crowdfunding & Challenge Prizes Open access Open standards Interoperability Open licensing Open platforms Open Data privacy-aware technologies
and encryption Federated identity management Data control and data ownership The EU data protection reform package Directive on the reuse of public sector information Copyright reform Net Neutrality Magna carta for the Internet Enabling
while preserving citizens'rights and data protection. One of the first steps of DSI policy implementation should be to integrate new legal approaches to open access, open standards and copyright reforms.
An important general issue is to conceive transparency/open data and privacy/data protection as complementary issues and not as opposites.
the right to data protection and privacy, as given in both legal frameworks (such as data protection) and technologies (such as encryption) should apply to individual citizens.
Conversely, institutions and in particular public institutions and work done with public money should be open and transparent.
A broader investigation on the implications of the current personal data market and the role of data brokers64 will be crucial for understanding the future of bottom-up digital economies.
Personal data stores There are also new available solutions, such as Mydex, Qiy, Citizenme65 and many others that are part of an emerging sector of Open Personal data Stores66,
Privacy Dashboards, and Trust frameworks to manage identity, that have emerged out of a new vision of identity management
The EU data protection reform package Growing a Digital Social Innovation Ecosystem for Europe 77 The Data protection reform is currently being discussed by Member States The aim is to to build a single and comprehensive data protection framework to develop tools
Companies should be compelled to be transparent about how they collect users'personal data and the real value they extract from trading personal information.
including the right to control how personal data is used, the right to avoid having information collected in one context
and the right to know who is accountable for the use or misuse of an individual's personal data.
OECD (1980), OECD Guidelines on the Protection of Privacy and Trans-border Flows of Personal data. 6 Government on-line On-line provision of government information and services can increase the efficiency and coverage
52 4. 1. 2 Personal data protection...53 4. 1. 2. 1 Personal data protection in the online environment...
53 2 4. 1. 2. 2 Spam and the eprivacy Directive...55 4. 1. 2. 3 Cookies and the eprivacy Directive...
58 4. 1. 2. 5 Data protection Directive...59 4. 1. 3 Online gambling...60 4. 1. 4 Online pharmacies and other health issues...
covering various aspects such as data protection and consumer affairs. 2. 2. 1 The E-commerce Directive The ECD is designed to help remove obstacles to cross-border online services in the Internal Market
questions related to the Data protection Directive and gambling activities28. 2. 2. 1. 1 The Internal Market clause and establishment requirements (Articles 3-4 ECD) The Internal
These rules have been complemented by Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector, most commonly known as the eprivacy Directive51,
PDF 51 Directive 2002/58/EC of the European parliament and of the Council of 12 july 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications), OJ
PDF 18 The E-Privacy Directive66 (2002 and 2009) complements and particularises the Data protection Directive67 with regard to the processing of personal data in the electronic communication sector.
PDF 66 Directive 2002/58/EC of the European parliament and of the Council of 12 july 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications), OJ
Directive 2002/58/EC repealed Directive 97/66/EC of the European parliament and of the Council of 15 december 1997 concerning the processing of personal data and the protection of privacy in the telecommunications sector. 67 OJ L
but also sites containing child pornography, racist and xenophobic content, defamation, incitements to terrorism or violence in general, illegal gambling offers, illegal pharmaceutical offers, fake banking services (phishing), data protection infringements,
such as internet service providers while respecting all fundamental rights recognised by the EU Charter of Fundamental Rights, in particular also the rights to private life, protection of personal data, freedom of expression and information and to an effective remedy".
It has also been suggested that a requirement to offer the possibility of submitting a counternotice could be in breach of data protection rules
namely their right to protection of their personal data and their freedom to receive or impart information,
and the freedom to conduct business, the right to protection of personal data and the freedom to receive
On the other hand, filtering techniques such as deep packet inspection could restrict the right of personal data protection. There are, however, legitimate concerns about the protection of minors and public decency as regards, in particular,
Trustmarks, personal data requirements specific policies for online gambling and pharmacies and liability provisions for businesses all contribute to enhancing trust online. 4. 1. 1 Trustmarks Trustmarks are considered generally a useful instrument for traders to foster consumer confidence.
Typical trustmark systems consist of an accreditation mechanism with an independent supervisor for an online trader to meet the trustmark's requirements (including creditworthiness, security mechanisms, price transparency, provision of information, customer service, data protection
and benefits of (different models) for setting up an EU online trustmark stakeholder platform. 4. 1. 2 Personal data protection 4. 1. 2. 1 Personal data protection
The use and exchange of personal data have become essential factors in the online economy. 150 Professional players are aggregating massive amounts of data for professional use,
and the right to the protection of personal data. Data protection rules organise and control the way personal data are processed.
These rules take account of the importance of the freedom of expression and provide for specific regime applicable to the processing of personal data carried out solely for freedom of expression purposes. 153 The ECD does not apply to questions relating to information society services covered by the EU legislation on the protection of personal data (Article 1
(5)( b) ECD). The Data protection Directive154 constitutes the fundamental legal framework for the processing of personal data in the EU. It was adopted to harmonise the legislation of the Member States with the twofold objective of protecting fundamental rights, namely the right to personal data protection,
and ensuring the free flow of personal data between Member States within the context of the Internal Market.
According to the Data protection Directive, personal data must be processed fairly and lawfully, collected for specified, explicit and legitimate purposes (data minimisation principle) and not further processed in a way incompatible with those purposes (principle of finality).
Personal data must be adequate, relevant and not excessive in relation to the purposes for which they are collected (purpose limitation principle).
The Directive furthermore provides for the right of individuals to be given information on the purposes of the processing, how and by
whom their data are processed and the rights to access, rectify and delete personal data. Monitoring of compliance with data protection laws implementing the Directive is entrusted to national public independent authorities endowed with investigative and enforcement powers.
The data protection authorities also hear claims lodged by individuals regarding the processing of their personal data.
A major factor enabling individuals to know about the processing of their personal data and exercise the rights granted by the Data protection Directive is the provision of information (principle of transparency).
155 Service providers that qualify as data controllers have to provide users with clear, easily understandable and affordable privacy notices in line with the requirements of the Data protection Directive.
This rule is, however, not always observed. Since its adoption in 1995, other EU legislation has come into force which complements the Data protection Directive.
The most significant instrument for e-commerce and other online services is Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications), 156 as amended by Directive
2009/136/EC (Citizen's Rights 152 Charter of Fundamental Rights of the EU OJ C 364/1, 18.12.200;
available at: http://www. europarl. europa. eu/charter/pdf/text en. pdf 153 See: ECJ, Case C-101/01, Bodil Lindqvist, 6. 11.2003,
and Case C-73/07, Tietosuojavaltuutettu v. Satakunnan Markkinapörssi Oy, Satamedia Oy, 16.12.2008; both available at http://curia. europa. eu/juris/recherche. jsf?
language=en. 154 Directive 95/46/EC of the European parliament and of the Council of 24 october 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, OJ
L 281/31, 23.11.1995 (hereafter‘Data protection Directive';'available at: http://eurlex. europa. eu/Lexuriserv/Lexuriserv. do?
Data protection Directive, Art. 10 and 11.156 Directive on privacy and electronic communications, OJ L 201/37, 31.07.2002 55 Directive), 157 hereafter the eprivacy Directive. 158 The eprivacy
Many respondents to the public consultation on e-commerce commented on the data protection and privacy dimension of online services.
The potential importance of personal data for the development of the Digital Single Market has been outlined but also concerns about the use of data have been raised.
and recall the upcoming revision of the data protection framework. 4. 1. 2. 2 Spam and the eprivacy Directive Recent studies suggest that unsolicited commercial communication
Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector and Regulation (EC) No 2006/2004 on cooperation between national authorities responsible for the enforcement of consumer protection laws,
/privacy/workinggroup/wpdocs/2011 en. htm 163 In accordance with Article 10 of Data protection Directive (95/46/EC) information should cover at least the identity of the company,
to guarantee fair processing in respect of the individual. 164 Article 10 of the Data protection Directive lays down the minimum information that has to be provided to a data subject. 165 Further processing of personal data for historical,
provided suitable safeguards are in place (see recital 29 and Article 6 (1)( b) of the Data protection Directive).
in order to ensure compliance with the EU data protection legal requirements and to provide transparency to users,
and data protection setting out minimum privacy standards to be implemented through national legislation and selfregulation. 170 4. 1. 2. 5 Data protection Directive The Commission is preparing a major reform of the data protection rules laid down in the Data protection Directive171 to make the data protection framework more coherent
and provide more legal certainty (adoption foreseen in the first quarter of 2012). The objectives are to set forth a comprehensive and consistent personal data protection legal framework which addresses new challenges such as technological developments in the digital economy and more intense globalisation,
while eliminating unnecessary costs for operators, reducing administrative burdens, and ensuring more coherence in the data protection acquis.
The reform also aims at clarifying and simplifying rules for international transfers of personal data and strengthening and clarifying the powers of data protection authorities to ensure compliance with data protection rules. advertisement,
coupled with a website providing the user with information about how to switch off behaviourally targeted display ads from the company that the user signed up to.
The principles oblige the participating companies to provide clear and unambiguous notice to users that it collects data for the purposes of online behavioural advertising.
reference=SPEECH/10/452 170 Recommendation CM/Rec (2010) 13 of the Committee of Ministers to member states on the protection of individuals with regard to automatic processing of personal data
of the Regions, A comprehensive approach on data protection in the European union, COM (2010) 609,04. 11.2010;
http://ec. europa. eu/justice/news/consulting public/0006/com 2010 609 en. pdf 60 Individuals sometimes find it difficult to exercise their rights as laid down in the Data protection Directive.
or to get access to personal data. This is particularly an issue in the digital environment. Several provisions of the Directive have given rise to divergent interpretations
a lack of payment security and data protection, and finally uncertainties relating to liability in case of unauthorised payments or unsatisfactory deliveries.
Finally, the Paper deals with payment security and data privacy and the possibilities for improvements in this area.
a platform called Mygreenservices has been designed co with respect of data privacy, offering various green services such as the visualization of environmental data collected by citizen, the alert services via mail or SMS, the ability to download data, the gamified forum for sharing ideas and best practices
1 2 B5. 2 Availability 1 1 2 B6. 1 User ideas 1 1 2 B7. 1 Data protection 1 1
The concept of Aadhaar as an electronic cardless identity has spawned also concerns about data privacy, viability, intent,
http://www. kaleidoszkop. nih. gov. hu/(provided that their publication is prohibited not due to data protection) 6 Gross Expenditure on Research and development:
,,national security, data protection) prevents this. The general principle for developing research infrastructures is that the research infrastructures that have a substantial chance for establishing connections with respect to their disciplines should get the support needed for access by developments and renewals, in the interest of striving for international excellence.
safety and trust through increased accessibility and electronic integration of all EU citizens, fostering innovation in small companies and protection of personal data. 5 3. European Charter of rights of electronic communications services users,
information and updated documents B. Streamline relations with public institutions Increased access to electronic public services Strengthening public confidence in electronic services Ensure protection of personal data Increased performance of public services
Law nr. 677 of 21 november 2001 on Protection of Personal data Processing and free movement of such date, with subsequent Amendments;
A centralised approach would require much more efforts for data gathering, data handling, data security and discussions on data privacy.
& Swiercz, P. 2007), Personal data Collection via the Internet: The Role of Privacy Sensitivity and Technology Trust, Journal of International Technology and Information management, 16 (1), 17-30.
and privacy of personal data with global digital content doubling every eighteen months, to harvest the potential of Big data?
Varying national rules on taxation and data protection ran the risk of stifling the growth these tech businesses can create,
Take data protection, he said, there is one EU data commissioner but the legislation in countries is still different.
The issue of data privacy and protection has been deservedly getting a lot of attention recently. What needs to happen is a change in law to reflect the reality of this type of statistical collection
The European union is committed to data protection and privacy as defined in Regulation (EC) n 45/2001.
and security as defined in the regulation on data protection and processes it only for the explicit and legitimate purposes declared
These processing operations are subject to a Notification to the Data protection Officer (DPO) in accordance with Regulation (EC 45/2001.
see http://ec. europa. eu/invest-in-research/action/2003 actionplan en. htm). The personal data collected and further processed are:
e-mail The collected personal data and all information related to the above mentioned survey is stored on servers of the JRCIPTS, the operations
and modification In case you want to verify the personal data or to have modified it respectively corrected, or deleted, please write an email message to the address mentioned under Contact information,
Your personal data is stored as long as follow-up actions to the above mentioned survey are necessary with regard to the processing of personal data.
Contact information In case you have questions related to this survey, or concerning any information processed in this context,
in case of conflict, can be addressed to the European Data protection Supervisor (EDPS) at www. edps. europa. eu. European commission EUR 26224 EN Joint Research Centre Institute for Prospective Technological Studies
Lack of inherited user and data privacy: In case data protection/encryption methods are employed (even using asymmetric encryption and public key methods),
data cannot be stored efficiently/handled. On the other hand, lack of encryption, violates the user and data privacy. More investigations into the larger privacy and data protection ecosystem are required to overcome current limits of how current information systems deal with privacy and protection of information of users,
and develop ways to better respect the needs and expectations 30,31, 32 iii. Lack of data integrity, reliability and trust, targeting the security and protection of data;
this issue covers both unintended disclosure and damage to integrity from defects or failures, and vulnerabilities to malicious attacks. iv.
Furthermore, ISPS and other companies such as Google and Amazon have increasingly been able to monetize their user transaction data and personal data.
the attempt to acquire sensitive personal data of end-users by masquerading as a trustworthy entity, as a reverse contention tussle among two website owners (the consumers).
or personal data, should, however, only be exposed to known and trusted entities and in a controlled way, allowing the owner of the data to decide
data protection and privacy issues as well as liability and compliance problems may hinder to tap the full potential of cloud computing 22,
in the sense that it will ensure that data mobility is limited to ensure compliance with a wide range of different national legislation including privacy legislation such as the EU Data protection Directive 95/46/EC.
In simple terms, data privacy aims at protecting personally identifiable data (PID. In Europe, Article 8 of the European Convention on Human rights (ECHR) provides a right to respect for ones private and family life, his home and his correspondence.
Furthermore, the European Data protection Directive (Directive 95/46/EC) substantiates this right in order to establish a comprehensive data protection system throughout Europe.
This directive takes into account the OECD privacy principles 16 which mandate several principles such as, e g.,
According to European law, the user who processes PID in the cloud or elsewhere remains responsible for the compliance with the aforementioned principles of data privacy.
Therefore, the question of applicable law and safeguarding the user's responsibilities regarding data privacy in cross-border cloud scenarios is a matter of consequences for the use of these cloud services.
Guidelines on the protection of privacy and transborder flows of personal data. From http://www. oecd. org/document/18/0, 2340, en 2649 34255 1815186 1 1 1 1, 00. html (last modified January 5 1999), the OECD Privacy Principles 17.
and every jurisdiction has its own data protection laws. In addition, the risk, for personal data to travel across boundaries
and business domains, is that the usage conditions agreed J. Domingue et al. Eds.):) Future Internet Assembly, LNCS 6656, pp. 223 231,2011. c The Author (s). This article is published with open access at Springerlink. com. 224 M. Bezzi
when a server storing personal data decides to share the data with a third party Obligations: Obligations in sticky policies specify the actions that should be carried out after collecting
In particular, it is important to stress that during the lifecyle of personal data, the same actor may play the role of both data collector and data provider.
balancing the value of his personal data with the services obtained. As a matter of fact, users have difficulties to monetize the value of their personal information,
or more services/applications provided by external parties that deal with personal data (e g.,, a human resource management application, a remote storage service.
Say, these services handle personal data using a PPL framework (as described in Sect. 2) . In order to guarantee enforcement of the privacy policies and corresponding obligations by the service,
In particular, when personal data are consumed by multiple services, possibly owned by different entities in different locations, the conditions of the data usage,
agreed upon collection, may be lost in the lifecycle of the personal data. From the data consumer point of view, businesses and organizations seek to ensure compliance with the plethora of data protection regulations
and minimize the risk of violating the agreed privacy policy. The concept of sticky policy may be used to address some of the privacy requirements of the cloud scenario.
on the market for data protection in social networks. In: Moore, T.,Pym, D.,Ioannidis, C. eds.
Trust Management and Security, privacy and data protection mechanisms of distributed data. An addressing scheme, where identity and location are embedded not in the same address.
security and data protection with transparent and democratic governance and control of offered services as guiding principles (10,11). 1. 1 Autonomicity
Overtext Web Module V3.0 Alpha
Copyright Semantic-Knowledge, 1994-2011