The Unlikely Siblings in the GDPR Family: A Techno-Legal Analysis of Major Platforms in the Diffusion of Personal Data in Service Ecosystems

Kurtz, Christian; Wittner, Florian; Semmann, Martin; Schulz, Wolfgang; Böhmann, Tilo

doi:10.24251/hicss.2019.607

Cited by 7 publications

(7 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Privacy by design is an approach that states that privacy must be incorporated into networked data systems and technologies, by default [21,45,60]. It approaches privacy from the design-thinking perspective, stating that the data controller of a system must implement technical measures for data regulation by default, within the applicable context.…”

Section: Semantic Iot Platforms and Privacy Preservationmentioning

confidence: 99%

“…Other principles focus on visibility and transparency, privacy as the default setting, proactive instead of reactive measures, avoiding unnecessary privacy-related trade-offs, and end-to-end security through the lifecycle of the data. Privacy by design is a key principle of the General Data Protection Regulation (GDPR) of the European Union [45].…”

Section: Semantic Iot Platforms and Privacy Preservationmentioning

confidence: 99%

“…The query filters observations on the defined stream data window :win of a certain sensor ?sensor with a value for the observed property ?prop_o that is higher than a certain threshold ?threshold (WHERE clause in lines 52-58). For every match of this pattern, output triples are constructed that represent an ongoing activity of type ?activityType in the routine of a patient ?patient, predicted by the activity recognition model ?model (CONSTRUCT clause in lines [44][45][46][47][48][49]. These six variables are exactly the six input variables as defined in lines 30-32: their values will be instantiated during the query derivation.…”

Section: Generic Querymentioning

confidence: 99%

See 2 more Smart Citations

Context-aware query derivation for IoT data streams with DIVIDE enabling privacy by design

Brouwer

Steenwinckel

Fang

et al. 2023

View full text Add to dashboard Cite

Integrating Internet of Things (IoT) sensor data from heterogeneous sources with domain knowledge and context information in real-time is a challenging task in IoT healthcare data management applications that can be solved with semantics. Existing IoT platforms often have issues with preserving the privacy of patient data. Moreover, configuring and managing context-aware stream processing queries in semantic IoT platforms requires much manual, labor-intensive effort. Generic queries can deal with context changes but often lead to performance issues caused by the need for expressive real-time semantic reasoning. In addition, query window parameters are part of the manual configuration and cannot be made context-dependent. To tackle these problems, this paper presents DIVIDE, a component for a semantic IoT platform that adaptively derives and manages the queries of the platform’s stream processing components in a context-aware and scalable manner, and that enables privacy by design. By performing semantic reasoning to derive the queries when context changes are observed, their real-time evaluation does require any reasoning. The results of an evaluation on a homecare monitoring use case demonstrate how activity detection queries derived with DIVIDE can be evaluated in on average less than 3.7 seconds and can therefore successfully run on low-end IoT devices.

show abstract

Section: Semantic Iot Platforms and Privacy Preservationmentioning

confidence: 99%

Section: Semantic Iot Platforms and Privacy Preservationmentioning

confidence: 99%

Section: Generic Querymentioning

confidence: 99%

See 1 more Smart Citation

Context-aware query derivation for IoT data streams with DIVIDE enabling privacy by design

Brouwer

Steenwinckel

Fang

et al. 2023

View full text Add to dashboard Cite

show abstract

“…We have identified two software solutions that assist organizations in maintaining an inventory of all the vendors they use. In research, two studies have been published on the matter and focus on the issues of third-party data processing (Kurtz et al, 2018), as well as an investigation of third-party data dissemination in digital service ecosystems (Kurtz et al, 2019). The latter illustrates the challenges from both legal and technical perspectives in the seemingly straightforward use case of a weather app on a smartphone, which transmits data to the operating system provider, the app developer, and an underlying API provider.…”

Section: External Linkagesmentioning

confidence: 99%

Building data management capabilities to address data protection regulations: Learnings from EU-GDPR

Labadie

Legner

2023

Journal of Information Technology

View full text Add to dashboard Cite

The European Union’s General Data Protection Regulation (EU-GDPR) has initiated a paradigm shift in data protection toward greater choice and sovereignty for individuals and more accountability for organizations. Its strict rules have inspired data protection regulations in other parts of the world. However, many organizations are facing difficulty complying with the EU-GDPR: these new types of data protection regulations cannot be addressed by an adaptation of contractual frameworks, but require a fundamental reconceptualization of how companies store and process personal data on an enterprise-wide level. In this paper, we introduce the resource-based view as a theoretical lens to explain the lengthy trajectories towards compliance and argue that these regulations require companies to build dedicated, enterprise-wide data management capabilities. Following a design science research approach, we propose a theoretically and empirically grounded capability model for the EU-GDPR that integrates the interpretation of legal texts, findings from EU-GDPR-related publications, and practical insights from focus groups with experts from 22 companies and four EU-GDPR projects. Our study advances interdisciplinary research at the intersection between IS and law: First, the proposed capability model adds to the regulatory compliance management literature by connecting abstract compliance requirements to three groups of capabilities and the resources required for their implementation, and second, it provides an enterprise-wide perspective that integrates and extends the fragmented body of research on EU-GDPR. Practitioners may use the capability model to assess their current status and set up systematic approaches toward compliance with an increasing number of data protection regulations.

show abstract

“…This allows firms to extract more consumer data automatically and widens their scope of data usage (e.g., the expanded usage rights that are applied to photos uploaded on social media platforms), even allowing integration with other (public) data (Zuboff 2015). For example, an analysis of eBay's privacy policy showed that its users agreed to share their data with 909 eBay partners and that the privacy policies involved count some 2 million words (Kurtz et al 2020). In addition, gamification approaches and social reputation systems (e.g., number and profiles of followers and likes) can generate additional insights into specific customer attitudes and behaviors, including their social network.…”

Section: A New Perspective On Data In Servicementioning

confidence: 99%

Corporate Digital Responsibility in Service Firms and Their Ecosystems

Wirtz

Hartley

Tarbit

2022

Journal of Service Research

View full text Add to dashboard Cite

Digitization, artificial intelligence, and service robots carry serious ethical, privacy, and fairness risks. Using the lens of corporate digital responsibility (CDR), we examine these risks and their mitigation in service firms and make five contributions. First, we show that CDR is critical in service contexts because of the vast streams of customer data involved and digital service technology’s omnipresence, opacity, and complexity. Second, we synthesize the ethics, privacy, and fairness literature using the CDR data and technology life-cycle perspective to understand better the nature of these risks in a service context. Third, to provide insights on the origins of these risks, we examine the digital service ecosystem and the related flows of money, service, data, insights, and technologies. Fourth, we deduct that the underlying causes of CDR issues are trade-offs between good CDR practices and organizational objectives (e.g., profit opportunities versus CDR risks) and introduce the CDR calculus to capture this. We also conclude that regulation will need to step in when a firm’s CDR calculus becomes so negative that good CDR is unlikely. Finally, we advance a set of strategies, tools, and practices service firms can use to manage these trade-offs and build a strong CDR culture.

show abstract

The Unlikely Siblings in the GDPR Family: A Techno-Legal Analysis of Major Platforms in the Diffusion of Personal Data in Service Ecosystems

Cited by 7 publications

References 11 publications

Context-aware query derivation for IoT data streams with DIVIDE enabling privacy by design

Context-aware query derivation for IoT data streams with DIVIDE enabling privacy by design

Building data management capabilities to address data protection regulations: Learnings from EU-GDPR

Corporate Digital Responsibility in Service Firms and Their Ecosystems

Contact Info

Product

Resources

About