Gauthier Chassang

DOI: https://doi.org/10.3332/ecancer.2017.709

2017-01-03

ecancermedicalscience

Abstract:The use of personal data is critical to ensure quality and reliability in scientific research. The new Regulation [European Union (EU)] 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data [general data protection regulation (GDPR)], repealing Directive 95/46/EC, strengthens and harmonises the rules for protecting individuals' privacy rights and freedoms within and, under certain conditions, outside the EU territory. This new and historic legal milestone both prolongs and updates the EU acquis of the previous Data Protection Directive 95/46/EC. The GDPR fixes both general rules applying to any kind of personal data processing and specific rules applying to the processing of special categories of personal data such as health data taking place in the context of scientific research, this including clinical and translational research areas. This article aims to provide an overview of the new rules to consider where scientific projects include the processing of personal health data, genetic data or biometric data and other kinds of sensitive information whose use is strictly regulated by the GDPR in order to give the main key facts to researchers to adapt their practices and ensure compliance to the EU law to be enforced in May 2018.

John Mark Michael Rumbold,Barbara Pierscionek

DOI: https://doi.org/10.2196/jmir.7108

IF: 7.076

2017-02-24

Journal of Medical Internet Research

Abstract:BACKGROUND: The enactment of the General Data Protection Regulation (GDPR) will impact on European data science. Particular concerns relating to consent requirements that would severely restrict medical data research have been raised.OBJECTIVE: Our objective is to explain the changes in data protection laws that apply to medical research and to discuss their potential impact.METHODS: Analysis of ethicolegal requirements imposed by the GDPR.RESULTS: The GDPR makes the classification of pseudonymised data as personal data clearer, although it has not been entirely resolved. Biomedical research on personal data where consent has not been obtained must be of substantial public interest.CONCLUSIONS: The GDPR introduces protections for data subjects that aim for consistency across the EU. The proposed changes will make little impact on biomedical data research.

health care sciences & services,medical informatics

V. Kravchuk

DOI: https://doi.org/10.24144/2307-3322.2023.78.2.7

2023-08-31

Abstract:The article analyzes the protection of personal data based on foreign experience. Social networking has been identified as one of the most prominent cultural phenomena to emerge in the Web 2.0 era. They keep users connected and facilitate the exchange of information between them. The European Union has adopted a new personal data protection system called the General Data Protection Regulation (GDPR). Its main goals include providing individuals with tools to control their personal data, implementing modern standards for the protection of personal information, developing the digital space of the European Union to safeguard personal data, ensuring strict compliance by all parties, and providing legal support for the international transfer of personal information. United States legislative documents related to aspects of data protection and privacy were analyzed, namely: California Consumer Privacy Act (CCPA); Children’s Online Privacy Protection Act (COPPA); Health Insurance Portability and Accountability Act (HIPAA); State data breach notification laws. It is noted that China has a comprehensive legal framework that regulates the protection of personal data, and includes the following legal acts: Personal Information Protection Law (PIPL) and Data Security Law (DSL). Conclusions were made that the urgency and importance of protecting personal data in social networks is due to rapid technological progress, the growth of cyber security threats and the spread of these platforms. By protecting personal data, people can maintain privacy, prevent abuse, maintain user trust, reduce risk, and comply with legal obligations. The issue of ensuring mobility and interoperability in social networks gives particular importance to the protection of personal data, as it relates to this particular data, and not just to technology, as it may be in the telecommunications sector. This requires additional thought and measures to ensure privacy and data security. Therefore, when developing legal protection mechanisms for online social networks, it is necessary to take into account and solve problems related to the protection of personal data.

Victoria Chico

DOI: https://doi.org/10.1093/bmb/ldy038

2018-11-17

British Medical Bulletin

Abstract:Background: On the May 25, 2018 the General Data Protection Regulation (hereafter the GDPR or the Regulation) came into force, replacing the Data Protection Directive 95/46/EC (upon which the Data Protection Act 1998 is based), and imposing new responsibilities on organizations which process the data of European Union citizens.Sources of data: This piece examines the impact of the Regulation on health research.Areas of agreement: The Regulation seeks to harmonize data privacy laws across Europe, to protect and empower all EU citizen's data privacy and to reshape the way that organizations approach data privacy (See the GDPR portal at: https://www.eugdpr.org/ (accessed 8 May 2018). As a Regulation the GDPR is directly applicable in all member states as opposed to a directive which requires national implementing measures (In the UK the Data Protection Act 1998 was the implementing legislation for the Data Protection Directive 95/46/EC.).Areas of controversy: The Regulation is sector wide, but its impact on organizations us sector specific. In some sectors, the Regulation inhibits the processing of personal data, whilst in others it enables that processing. The Regulation takes the position that the 'processing of data should be designed to serve mankind' (Recital 4). Whilst it does not spell out what exactly is meant by this, it indicates that a proportionate approach will be taken to the protection of personal data, where that data can be processed for common goods such as healthcare. Thus, the protection of personal data is not absolute, but considered in relation to its function in society and balance with other fundamental rights in accordance with the principle of proportionality (Recital 4). Differing interpretations of proportionality can detract from the harmonization objective of the Regulation.Growing points: Reflecting the commitment to proportionality, scientific research holds a privileged position in the Regulation. Throughout the Regulation provision is made for organizations that process personal data for scientific research purposes to avoid restrictive measures which might impede the increase of knowledge. However, the application of the Regulation differs across health research sectors and across jurisdictions. Transparency and engagement across the health research sector is required to promote alignment.Areas timely for developing research: Research which focuses on the particular problems which arise in the context of the regulation's application to health research would be welcome. Particularly in the context of the operation of the Regulation alongside the duty of confidentiality and the variation in approaches across Member States.

medicine, general & internal

Chris Jay Hoofnagle,Bart van der Sloot,Frederik Zuiderveen Borgesius

DOI: https://doi.org/10.1080/13600834.2019.1573501

2019-01-02

Abstract:This paper introduces the strategic approach to regulating personal data and the normative foundations of the European Union’s General Data Protection Regulation (‘GDPR’). We explain the genesis of the GDPR, which is best understood as an extension and refinement of existing requirements imposed by the 1995 Data Protection Directive; describe the GDPR’s approach and provisions; and make predictions about the GDPR’s implications. We also highlight where the GDPR takes a different approach than U.S. privacy law. The GDPR is the most consequential regulatory development in information policy in a generation. The GDPR brings personal data into a detailed regulatory regime, that will influence personal data usage worldwide. Understood properly, the GDPR encourages firms to develop information governance frameworks, to in-house data use, and to keep humans in the loop in decision making. Companies with direct relationships with consumers have strategic advantages under the GDPR, compared to third party advertising firms on the internet. To reach these objectives, the GDPR uses big sticks, structural elements that make proving violations easier, but only a few carrots. The GDPR will complicate and restrain some information-intensive business models. But the GDPR will also enable approaches previously impossible under less-protective approaches.

Rolly R. Tang, Jae Kyu Lee, Shan Liu

DOI: https://doi.org/10.52783/jes.1612

2024-04-04

Abstract:Will General Data Protection Regulation (GDPR) be adopted globally in business? The GDPR was approved in the European Union (EU) in April 2016 and officially put into effect in May 2018, thus the research in this field has an obvious upward trend. The development of GDPR is aimed at adapting to new trends, conducting scientific econometric analysis in the fields of privacy and GDPR, and analyzing and visualizing emerging trends. First, summarizing the privacy and GDPR studies publicly published between 1995 and 2023 through statistical analysis of terminology categories and high-yield journals. Then, understand the overall research status of privacy rights and GDPR from the perspectives of author, journal, literature co citation analysis, and collaborative networks. Finally, based on keyword analysis and literature co citation cluster analysis, a knowledge graph was constructed that includes knowledge domains, evolutionary trends, and future research directions. As a globally influential regulation, GDPR emphasizes the protection and lawful processing of personal data, which is of great significance for protecting personal data privacy and enhancing data security.

Mahsa Shabani,Pascal Borry

DOI: https://doi.org/10.1038/s41431-017-0045-7

2017-11-29

European Journal of Human Genetics

Abstract:Genetic data contain sensitive health and non-health-related information about the individuals and their family members. Therefore, adopting adequate privacy safeguards is paramount when processing genetic data for research or clinical purposes. One of the major legal instruments for personal data protection in the EU is the new General Data Protection Regulation (GDPR), which has entered into force in May 2016 and repealed the Directive 95/46/EC, with an ultimate goal of enhancing effectiveness and harmonization of personal data protection in the EU. This paper explores the major provisions of the new Regulation with regard to processing genetic data, and assesses the influence of such provisions on reinforcing the legal safeguards when sharing genetic data for research purposes. The new Regulation attempts to elucidate the scope of personal data, by recognizing pseudonymized data as personal (identifiable) data, and including genetic data in the catalog of special categories of data (sensitive data). Moreover, a set of new rules is laid out in the Regulation for processing personal data under the scientific research exemption. For instance, further use of genetic data for scientific research purposes, without obtaining additional consent will be allowed, if the specific conditions is met. The new Regulation has already fueled concerns among various stakeholders, owing to the challenges that may emerge when implementing the Regulation across the countries. Notably, the provided definition for pseudonymized data has been criticized because it leaves too much room for interpretations, and it might undermine the harmonization of the data protection across the countries.

genetics & heredity,biochemistry & molecular biology

Elif Erdemoglu

DOI: https://doi.org/10.1007/978-94-6265-144-9_7

2016-01-01

Abstract:The discussion on the regulation on citizens’ right to privacy grows parallel to the widespread usage and collection of Big Data. This chapter analyses from a law and economics perspective the discussion on the European Union (EU) citizens’ rights to privacy with regards to collection, retention, analysis and transfer of personal data in light of the EU General Data Protection Regulation (GDPR). The GDPR is drafted in coherence with the EU Digital Market Strategy, which aims to create the correct incentives for digital networks and services to flourish by providing trustworthy infrastructure supported by the right regulations. A significant part of achieving this aim would require the EU citizens to trust in using digital services. The GDPR is designed to increase the citizens’ trust to use online and digital services by obliging the service providers to comply with the GDPR. This chapter analyses two key compliance requirements of the GDPR through the economic analysis lens and proposes possible changes to the GDPR in line with the Digital Single Market Strategy of the EU. The scope of this chapter’s analysis is limited to how to cure information asymmetries between the citizens and the data collectors in order to increase the citizens’ trust in using digital services given the fast-changing and delicate legal issues arising from collecting the personal data of the EU citizens. This chapter concludes by suggesting three improvements to the GDPR; more frequent controls for issuing the EU Data Protection Seal, increased independence of the Data Protection Controller and issuance of publicly available, frequent privacy ratings.

Javed Ahmed,Sule Yildirim,Mariusz Nowostawski,Mohamed Abomhara,Raghavendra Ramachandra,Ogerta Elezaj

DOI: https://doi.org/10.1007/978-3-030-39445-5_10

2020-01-01

Abstract:AbstractOnline Social Networks (OSNs) are very popular and widely adopted by the vast majority of Internet users across the globe. Recent scandals on the abuse of users’ personal information via these platforms have raised serious concerns about the trustworthiness of OSN service providers. The unprecedented collection of personal data by OSN service providers poses one of the greatest threats to users’ privacy and their right to be left alone. The recent approval of the GDPR (General Data Protection Regulation) presents OSN service providers with great compliance challenges. A set of new data protection requirements are imposed on data controllers (OSN service providers) by GDPR that offer greater control to data subjects (OSN users) over their personal data. This position paper investigates the link between GDPR provisions and the use of blockchain technology for solving the consent management problem in online social networks. We also describe challenges and opportunities in designing a GDPR-compliant consent management mechanism for online social networks. Key characteristics of blockchain technology that facilitate regulatory compliance were identified. The legal and technological state of play of the blockchain-GDPR relationship is reviewed and possible ways to reconcile blockchain technology with the GDPR requirements are demonstrated. This paper opens up new research directions on the use of the disruptive innovation of blockchain to achieve regulatory compliance in the application domain of online social networks.

Luca Marelli,Giuseppe Testa,Ine Van Hoyweghen

DOI: https://doi.org/10.1177/20539517211018783

2021-01-01

Abstract:The emergence of a global industry of digital health platforms operated by Big Tech corporations, and its growing entanglements with academic and pharmaceutical research networks, raise pressing questions on the capacity of current data governance models, regulatory and legal frameworks to safeguard the sustainability of the health research ecosystem. In this article, we direct our attention toward the challenges faced by the European General Data Protection Regulation in regulating the potentially disruptive engagement of Big Tech platforms in health research. The General Data Protection Regulation upholds a rather flexible regime for scientific research through a number of derogations to otherwise stricter data protection requirements, while providing a very broad interpretation of the notion of “scientific research”. Precisely the breadth of these exemptions combined with the ample scope of this notion could provide unintended leeway to the health data processing activities of Big Tech platforms, which have not been immune from carrying out privacy-infringing and socially disruptive practices in the health domain. We thus discuss further finer-grained demarcations to be traced within the broadly construed notion of scientific research, geared to implementing use-based data governance frameworks that distinguish health research activities that should benefit from a facilitated data protection regime from those that should not. We conclude that a “re-purposing” of big data governance approaches in health research is needed if European nations are to promote research activities within a framework of high safeguards for both individual citizens and society.

social sciences, interdisciplinary

Galit Shmueli,Travis Greene

DOI: https://doi.org/10.2139/ssrn.3183625

2018-01-01

Abstract:The significant growth in recent years in the availability of behavioral big data to companies, governments, researchers and other organizations and individuals has led to many novel developments and technologies. This fast technological advance has far outpaced the speed of updates to ethical research codes and regulation of data privacy and human subjects data collection, storage, and use. The EU’s General Data Protection Regulation (GDPR) which comes into effect in May 2018, can have a large impact on data scientists and researchers who use BBD in industry and in academia not only in the EU but around the world. We use the Information Quality (InfoQ) framework by Kenett and Shmueli (2014) to identify the key GDPR concepts and analyze the various potential changes that can affect data scientists in the new data privacy regulation era.

Travis Greene,Galit Shmueli,Soumya Ray,Jan Fell

DOI: https://doi.org/10.1089/big.2018.0176

IF: 4.426

Big Data

Abstract:Rapid growth in the availability of behavioral big data (BBD) has outpaced the speed of updates to ethical research codes and regulation of data privacy and human subjects' data collection, storage, and use. The introduction of the European Union's (EU's) General Data Protection Regulation (GDPR) in May 2018 will have far-reaching effects on data scientists and researchers who use BBD, not only in the EU, but around the world. Consequently, many companies are struggling to comply with the Regulation. At the same time, academics interested in research collaborations with companies are finding it more difficult to obtain data. In light of the importance of BBD in both industry and academia, data scientists and behavioral researchers would benefit from a deeper understanding of the GDPR's key concepts, definitions, and principles, especially as they apply to the data science workflow. We identify key GDPR concepts and principles and describe how they can impact the work of data scientists and researchers in this new data privacy regulation era.

Nils Gruschka,Vasileios Mavroeidis,Kamer Vishi,Meiko Jensen

DOI: https://doi.org/10.48550/arXiv.1811.08531

2018-11-21

Abstract:Big data has become a great asset for many organizations, promising improved operations and new business opportunities. However, big data has increased access to sensitive information that when processed can directly jeopardize the privacy of individuals and violate data protection laws. As a consequence, data controllers and data processors may be imposed tough penalties for non-compliance that can result even to bankruptcy. In this paper, we discuss the current state of the legal regulations and analyze different data protection and privacy-preserving techniques in the context of big data analysis. In addition, we present and analyze two real-life research projects as case studies dealing with sensitive data and actions for complying with the data regulation laws. We show which types of information might become a privacy risk, the employed privacy-preserving techniques in accordance with the legal requirements, and the influence of these techniques on the data processing phase and the research results.

Cryptography and Security

Alison Cool

DOI: https://doi.org/10.1177/0306312719846557

2019-05-06

Social Studies of Science

Abstract:On May 25, 2018, the European Union’s General Data Protection Regulation (GDPR) came into force. EU citizens are granted more control over personal data while companies and organizations are charged with increased responsibility enshrined in broad principles like transparency and accountability. Given the scope of the regulation, which aims to harmonize data practices across 28 member states with different concerns about data collection, the GDPR has significant consequences for individuals in the EU and globally. While the GDPR is primarily intended to regulate tech companies, it also has important implications for data use in scientific research. Drawing on ethnographic fieldwork with researchers, lawyers and legal scholars in Sweden, I argue that the GDPR’s flexible accountability principle effectively encourages researchers to reflect on their ethical responsibility but can also become a source of anxiety and produce unexpected results. Many researchers I spoke with expressed profound uncertainty about ‘impossible’ legal requirements for research data use. Despite the availability of legal texts and interpretations, I suggest we should take researchers’ concerns about ‘unknowable’ data law seriously. Many researchers’ sense of legal ambiguity led them to rethink their data practices and themselves as ethical subjects through an orientation to what they imagined as the ‘real people behind the data’, variously formulated as a Swedish population desiring data use for social benefit or a transnational public eager for research results. The intentions attributed to people, populations and publics – whom researchers only encountered in the abstract form of data – lent ethical weight to various and sometimes conflicting decisions about data security and sharing. Ultimately, researchers’ anxieties about their inability to discern the desires of the ‘real people’ lent new appeal to solutions, however flawed, that promised to alleviate the ethical burden of personal data.

history & philosophy of science

Simant Shankar Bharti,Saroj Kumar Aryal

DOI: https://doi.org/10.1080/14782804.2022.2130193

2022-10-09

Journal of Contemporary European Studies

Abstract:The article traces the European Union (EU)'s General Data Protection Regulation (GDPR) and implication in the Europe. In the era of global digitalisation, the right to respect private life, communication and the home has become a matter of protection. Protecting the right to privacy is a responsibility of a state which includes privacy of personal information, e.g. birth, messages, phone call and number and emails. Likewise, this study explains EU concern's about its citizens' privacy and the recent inclusion of the GDPR for the protection of natural persons. The article aims to explore individual fundamental rights and implications in the digital age, as well as cooperation data rules between companies and public bodies. At the same time, questions arise about the rightful implication of GDPR and the right to privacy of the public through protection, especially from tech companies. For validating the argument, various qualitative research methods were applied. The COVID-19 pandemic has raised a serious question over privacy rights protection by the government, which supports our findings that EU GDPR has a long road to go and have challenges. Its credibility of lawful data activities is also a matter of concern and a reliable promise by the member states and the EU.

area studies,political science,international relations

Samuel G. Goldberg,Garrett A. Johnson,Scott K. Shriver

DOI: https://doi.org/10.1257/pol.20210309

2024-02-01

Abstract:Modern websites rely on personal data to design better content and to market themselves. The European Union’s General Data Protection Regulation (GDPR) was intended to make access to such personal data more difficult, with the goal of protecting user privacy. We examine the GDPR's impact on website page views and revenue for 1,084 online firms using data from Adobe's website analytics platform. We find a reduction of 12 percent in both EU user website page views and website revenue recorded by the platform after the GDPR’s enforcement deadline. We decompose these GDPR effects into changes in real outcomes and changes to data recording, respectively. (JEL D83, K24, L51, L86, L88, M31, M37)

economics

Androniki A. Georgopoulou,Eftichia Tzika,Spyros E. Polykalas

DOI: https://doi.org/10.33422/bmmconf.v1i1.258

2024-06-15

Abstract:This article investigates the use of social media by minors in Europe, examining relevant legislation and conducting practical research. The study delves into the General Data Protection Regulation (GDPR), analyzing its approach to minors' data protection and the history of its adoption. Despite GDPR's intent to set an age limit for minors' data processing consent, the lack of consensus among member states led to an inconclusive solution, allowing varying age thresholds. The study further presents practical research conducted in Greece, involving attempts to create profiles on six major social media platforms at ages 12, 14, and 16. Findings reveal a lack of compliance with GDPR and national laws, with platforms often allowing underage users to create profiles without parental consent. Conclusions emphasize that since teenagers are a major marketing target, social media will continue this practice and the need for EU institutions to establish a uniform pan-European age limit for minors' data processing consent, prompting a vital dialogue for legal improvement.

Alex Bowyer,Jack Holt,Josephine Go Jefferies,Rob Wilson,David Kirk,Jan David Smeddinck

DOI: https://doi.org/10.1145/3491102.3501947

2022-03-10

Abstract:In our data-centric world, most services rely on collecting and using personal data. The EU's General Data Protection Regulation (GDPR) aims to enhance individuals' control over their data, but its practical impact is not well understood. We present a 10-participant study, where each participant filed 4-5 data access requests. Through interviews accompanying these requests and discussions scrutinising returned data, it appears that GDPR falls short of its goals due to non-compliance and low-quality responses. Participants found their hopes to understand providers' data practices or harness their own data unmet. This causes increased distrust without any subjective improvement in power, although more transparent providers do earn greater trust. We propose designing more effective, data-inclusive and open policies and data access systems to improve both customer relations and individual agency, and also that wider public use of GDPR rights could help with delivering accountability and motivating providers to improve data practices.

Human-Computer Interaction

Klaus M. Miller,Julia Schmitt,Bernd Skiera

2024-11-18

Abstract:Privacy regulations often necessitate a balance between safeguarding consumer privacy and preventing economic losses for firms that utilize consumer data. However, little empirical evidence exists on how such laws affect firm performance. This study aims to fill that gap by quantifying the impact of the European Union's General Data Protection Regulation (GDPR) on online usage behavior over time. We analyzed data from 6,286 websites across 24 industries, covering 10 months before and 18 months after the GDPR's enactment in 2018. Employing a generalized synthetic control estimator, we isolated the short- and long-term effects of the GDPR on user behavior. Our results show that the GDPR negatively affected online usage per website on average; specifically, weekly visits decreased by 4.88% in the first 3 months and 10.02% after 18 months post-enactment. At the 18-month mark, these declines translated into average revenue losses of about USD 7 million for e-commerce websites and nearly USD 2.5 million for ad-based websites. Nonetheless, the GDPR's impact varied across website size, industry, and user origin, with some large websites and industries benefiting from the regulation. Notably, the largest 10% of websites pre-GDPR suffered less, suggesting that the GDPR has increased market concentration.

General Economics

Klaus M. Miller,Karlo Lukic,Bernd Skiera

2024-11-11

Abstract:This study explores the impact of the General Data Protection Regulation (GDPR), introduced on May 25th, 2018, on online trackers, vital elements in the online advertising ecosystem. Using a difference-in-differences approach with a balanced panel of 294 publishers, we compare publishers subject to the GDPR with those unaffected (the control group). Drawing on data from <a class="link-external link-http" href="http://WhoTracks.me" rel="external noopener nofollow">this http URL</a>, which spans 32 months from May 2017 to December 2019, we analyze how the number of trackers used by publishers changed before and after the GDPR. The findings reveal that although online tracking increased for both groups, the rise was less significant for EU-based publishers subject to the GDPR. Specifically, the GDPR reduced about four trackers per publisher, equating to a 14.79% decrease compared to the control group. The GDPR was particularly effective in curbing privacy invasive trackers that collect and share personal data, thereby strengthening user privacy. However, it had a limited impact on advertising trackers and only slightly reduced the presence of analytics trackers.

General Economics