Enlarge / Can GDPR privacy protections be improved?
Wikimedia
Nick Dedeke is a professor in the Supply Chain and Information Management (SCIM) group at Northeastern University in Boston.
The European Union introduced the General Data Protection Regulation (GDPR) in May 2016 to give users (also called data subjects) more control over their personal data, which is usually in the custody of aggregators data and/or data processors. After an initial period of presentation to the public and stakeholders, the law entered into force on May 25, 2018 and the GDPR has made several positive contributions to better regulate data protection. First, it expanded certain existing rights, such as the right of the subject to information, the right of access, the right of rectification, the right of cancellation and the right of opposition. The GDPR also created new rights, such as the right to be forgotten, the right to portable data and the right to restrict the processing of personal data. The GDPR has also included several obligations that data controllers owe to data subjects.
Secondly, the GDPR also introduced a significant extension of existing definitions of personal data. Currently, personally identifiable information (PII) includes data such as name, address, phone number and email. Sensitive Personally Identifiable Information (SPII) includes data such as social security numbers, driver's license or state identification numbers, passport numbers, alien registration numbers, account numbers financial and biometric identifiers. Some data becomes SPII when it appears with PII data. For example, data elements such as citizenship or immigration status, medical information, ethnic, religious, sexual orientation or lifestyle information become SPII when linked to a person's identity. an individual.
The GDPR defines personal data as any information relating to an identified or identifiable natural person. The identifiable natural person is a person who can be identified, directly or indirectly, by a name, an identification number, location data, an online identifier, or by one or more factors specific to the physical, physiological , genetic, mental, economic, cultural or social identity of that person. Thus, personal data includes photographs where an individual is identifiable, cookie ID, Internet Protocol (IP) address and location data. Article 9 of the GDPR introduced a new category called special personal data, which includes personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, data biometric data processed solely to identify a human being, data relating to health and data concerning a person's sex life or sexual orientation. The processing of the special category of personal data is prohibited, except for very specific purposes and under specific conditions.
Finally, it is commendable that the EU was the first government body to complete a major update to its privacy law. It helps combat the commoditization of user data by online platforms and sets legal boundaries for the ever-increasing adoption and use of big data analytics, online surveillance and big data collection technologies. . For these reasons and more, GDPR is a major step forward in society's quest to protect citizens' personal data.
Why discuss GDPR loopholes?
After becoming familiar with the GDPR, I would not recommend any country to copy it without making significant changes to some of the key assumptions of the law. Although the GDPR is a laudable effort to regulate the processing of data by processors and to protect the personal data of citizens, it contains several stipulations and assumptions which, in my opinion, are wrong. I raise these questions not because I dislike the law, but because the privacy, security, and business communities need...
Enlarge / Can GDPR privacy protections be improved?
Wikimedia
Nick Dedeke is a professor in the Supply Chain and Information Management (SCIM) group at Northeastern University in Boston.
The European Union introduced the General Data Protection Regulation (GDPR) in May 2016 to give users (also called data subjects) more control over their personal data, which is usually in the custody of aggregators data and/or data processors. After an initial period of presentation to the public and stakeholders, the law entered into force on May 25, 2018 and the GDPR has made several positive contributions to better regulate data protection. First, it expanded certain existing rights, such as the right of the subject to information, the right of access, the right of rectification, the right of cancellation and the right of opposition. The GDPR also created new rights, such as the right to be forgotten, the right to portable data and the right to restrict the processing of personal data. The GDPR has also included several obligations that data controllers owe to data subjects.
Secondly, the GDPR also introduced a significant extension of existing definitions of personal data. Currently, personally identifiable information (PII) includes data such as name, address, phone number and email. Sensitive Personally Identifiable Information (SPII) includes data such as social security numbers, driver's license or state identification numbers, passport numbers, alien registration numbers, account numbers financial and biometric identifiers. Some data becomes SPII when it appears with PII data. For example, data elements such as citizenship or immigration status, medical information, ethnic, religious, sexual orientation or lifestyle information become SPII when linked to a person's identity. an individual.
The GDPR defines personal data as any information relating to an identified or identifiable natural person. The identifiable natural person is a person who can be identified, directly or indirectly, by a name, an identification number, location data, an online identifier, or by one or more factors specific to the physical, physiological , genetic, mental, economic, cultural or social identity of that person. Thus, personal data includes photographs where an individual is identifiable, cookie ID, Internet Protocol (IP) address and location data. Article 9 of the GDPR introduced a new category called special personal data, which includes personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, data biometric data processed solely to identify a human being, data relating to health and data concerning a person's sex life or sexual orientation. The processing of the special category of personal data is prohibited, except for very specific purposes and under specific conditions.
Finally, it is commendable that the EU was the first government body to complete a major update to its privacy law. It helps combat the commoditization of user data by online platforms and sets legal boundaries for the ever-increasing adoption and use of big data analytics, online surveillance and big data collection technologies. . For these reasons and more, GDPR is a major step forward in society's quest to protect citizens' personal data.
Why discuss GDPR loopholes?
After becoming familiar with the GDPR, I would not recommend any country to copy it without making significant changes to some of the key assumptions of the law. Although the GDPR is a laudable effort to regulate the processing of data by processors and to protect the personal data of citizens, it contains several stipulations and assumptions which, in my opinion, are wrong. I raise these questions not because I dislike the law, but because the privacy, security, and business communities need...
Enlarge / Can GDPR privacy protections be improved?
Wikimedia
