On Purpose and by Necessity: Compliance Under the GDPR

Basin, David; Debois, Søren; Hildebrandt, Thomas

doi:10.1007/978-3-662-58387-6_2

Cited by 57 publications

(45 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Step 2: Deleting sensor reading (Lines [1][2][3][4][5][6][7][8][9][10][11][12][13][14]. Suppose that in an epoch T i , n sensor records are needed to be deleted.…”

Section: State Transition Phasementioning

confidence: 99%

IoT Expunge

Panwar

Sharma

Gupta

et al. 2020

Proceedings of the Tenth ACM Conference on Data and Application Security and Privacy

View full text Add to dashboard Cite

The growing deployment of Internet of Things (IoT) systems aims to ease the daily life of end-users by providing several value-added services. However, IoT systems may capture and store sensitive, personal data about individuals in the cloud, thereby jeopardizing user-privacy. Emerging legislation, such as California's CalOPPA and GDPR in Europe, support strong privacy laws to protect an individual's data in the cloud. One such law relates to strict enforcement of data retention policies. This paper proposes a framework, entitled IoT Expunge that allows sensor data providers to store the data in cloud platforms that will ensure enforcement of retention policies. Additionally, the cloud provider produces verifiable proofs of its adherence to the retention policies. Experimental results on a real-world smart building testbed show that IoT Expunge imposes minimal overheads to the user to verify the data against data retention policies. CCS CONCEPTS• Security and privacy → Security protocols; Mobile and wireless security; Domain-specific security and privacy architectures; Social aspects of security and privacy.1 Since secure enclave is a trusted agent of SDP, it can decrypt and compute over encrypted data.There are challenges in computing using enclaves due to side-channel attacks, e.g., cache-line, branch shadow, page-fault attacks [42], but since the focus of this paper is on implementing data retention policies, we do not address those challenges in this paper.

show abstract

“…Step 2: Deleting sensor reading (Lines [1][2][3][4][5][6][7][8][9][10][11][12][13][14]. Suppose that in an epoch T i , n sensor records are needed to be deleted.…”

Section: State Transition Phasementioning

confidence: 99%

IoT Expunge

Panwar

Sharma

Gupta

et al. 2020

Proceedings of the Tenth ACM Conference on Data and Application Security and Privacy

View full text Add to dashboard Cite

show abstract

“…Second, it has been argued that annotation and static analysis are not enough because these miss the purpose of using personal data [37]. While the pseudonymization solution partially addresses also this concern, it must be acknowledged that the intention of using personal data is not made explicit in the architecture.…”

Section: B Limitations and Challengesmentioning

confidence: 99%

The General Data Protection Regulation: Requirements, Architectures, and Constraints

Hjerppe¹,

Ruohonen

Leppänen

2019

2019 IEEE 27th International Requirements Engineering Conference (RE)

View full text Add to dashboard Cite

The General Data Protection Regulation (GDPR) in the European Union is the most famous recently enacted privacy regulation. Despite of the regulation's legal, political, and technological ramifications, relatively little research has been carried out for better understanding the GDPR's practical implications for requirements engineering and software architectures. Building on a grounded theory approach with close ties to the Finnish software industry, this paper contributes to the sealing of this gap in previous research. Three questions are asked and answered in the context of software development organizations. First, the paper elaborates nine practical constraints under which many small and medium-sized enterprises (SMEs) often operate when implementing solutions that address the new regulatory demands. Second, the paper elicits nine regulatory requirements from the GDPR for software architectures. Third, the paper presents an implementation for a software architecture that complies both with the requirements elicited and the constraints elaborated.

show abstract

“…There have been various studies recently which have looked at how digital technologies can improve the shopping experience [2,29,49]. The main focus of these studies have been to examine the capabilities which are offered by technologies but the studies focusing on how the use of technologies can be affected by GDPR are rare [1].…”

Section: Technologies For Enhancing Customer Journeymentioning

confidence: 99%

“…Article 31 of the GDPR requires Data Controllers to report data breaches to the supervisory authority within 72 hours of becoming aware of the breach. In addition to that Article 32 requires that the data subject is informed of the data breach for as long as sensitive information that can potentially deny the data subject their rights of privacy except if the data controller can prove that they have (1) implemented appropriate technical and organisational protection measures in respect of the personal data affected by the breach (such as encryption). (2) taken subsequent measures which ensure that the high risk to the rights and freedoms of individuals is no longer likely to arise or It would involve disproportionate effort [11].…”

Section: Data Breachesmentioning

confidence: 99%

“…the database of ScienceDirect, this review was conducted in four steps:(1) We stated the keywords as -Challenges and opportunities in Digital Retail within the EU‖ and this generated 1,116 results (2). In order to capture the effects of the Great Recession on EU retail trade[41] and a general overview of the impact of the GDPR[11] since its introduction on 25 th May, 2018, we limited the time frame of the literature to review to years 2010 -2019, the search results were reduced to 786.…”

mentioning

confidence: 99%

See 1 more Smart Citation

Digital Retail Challenges within the EU

Nabbosa

Iftikhar

2019

Proceedings of the 2019 3rd International Conference on E-Education, E-Business and E-Technology

View full text Add to dashboard Cite

Retail customers are demanding better shopping experience whether shopping online or in-store. To provide this experience, retailers use digital technologies such as Artificial Intelligence, Big Data, to name a few. They also collect personal data from customers, process it and integrate it in their business models. Use of the digital technologies and customers' data poses legal challenges with the introduction of GDPR in EU. This paper analyses the challenges faced by digital retailers as they strive to provide fulfilling customer experiences. The authors address in this study, the influence of GDPR on business and technological aspects of digital retail. CCS Concepts • Security and privacy ➝ Human and societal aspects of security and privacy • Security and privacy➝Human and societal aspects of security and privacy➝Economics of security and privacy • Information systems➝Information retrieval➝ Users and interactive retrieval➝Personalization

show abstract

On Purpose and by Necessity: Compliance Under the GDPR

Cited by 57 publications

References 18 publications

IoT Expunge

IoT Expunge

The General Data Protection Regulation: Requirements, Architectures, and Constraints

Digital Retail Challenges within the EU

Contact Info

Product

Resources

About