AA

Personal data vs disruptive technology

The growth of internet-funded businesses, such as Software as a Service (SaaS), Data as a Service (DaaS) and other models have slowly and steadily changed the circumstances of people’s personal privacy online. Nowadays with the rising proliferation of services and process digitization, individuals struggle to maintain the necessary level of control or awareness over the propagation of their personal or sensitive data along different stakeholders involved as controllers and/or processors counterparties in the digital transactional services. Hence people have been losing control of their personal data, which are normally managed and accessed through distinct controllers and processors and are not sure that their private information is properly managed on the Internet. Now, it is the time for people, companies and governments to take responsibility for personal data.

Can we keep control of our personal data?

The EU General Data Protection Regulation (Regulation EU 2016/679 or GDPR) is an important step to take the responsibility for personal data protection. In fact, one of the main purposes of the GDPR is to ensure a fair and transparent and ease access by physical person to data processing made by controllers. It is of utmost importance to allow data subjects a full control in the use of their personal data, to protect their own rights. On the other hand, data controllers and processors must be compliant with the GDPR in order to avoid not only the GDPR prescribed sanctions but also to lose their customers’ trust with negative consequences on their business.

Keeping with this, PoseID-on aim is to develop and deliver an innovative intrinsically scalable platform, namely the Privacy Enhancing Dashboard for personal data protection, as an integrated and comprehensive solution aimed to safeguard the rights of data subjects (i.e. all those natural persons that represent the primary target of the new GDPR), as well as support organizations in data management and processing while ensuring GDPR compliance. The Privacy Enhanced Dashboard integrates cutting edge technologies and towards the organizations’ accountability and GDPR compliance as fa as data processing and exchange is concerned. Also, it will contribute to help organizations in the guarantee of fundamental rights of data subjects.

CyberEthics Lab.’s involvement in the project aims to conciliate the use of new and disruptive technologies such as the blockchain with the need of both protecting data subjects’ fundamental rights and being compliant with the European and national legal frameworks on privacy and data protection.

Website: https://poseidon-h2020.eu

This project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 786713

Service involved

Assessment of technology impact on privacy
We help our clients and partners to achieve their business goals while addressing ethics, privacy and cybersecurity concerns in a manner that prevents conflicts, sanctions and loss of money derived by the lack of ethical and legal compliance to national and European applicable regulations. All information technologies must respect human fundamental rights and ensure the rights of people in relation to the protection of their private life, personal data and freedom. The new EU General Data Protection Regulation (GDPR) that replaced the Data Protection Directive in all EU member states on May 2018 introduces many new obligations for companies and a comprehensive set of rights for data subjects, including the right to an effective judicial remedy against a controller or a processor and the right to compensation. Therefore, in addition to being at the receiving end of an enforcement action, data controllers and processors may be subject to court proceedings and have to pay compensation to data subjects for their infringements of the GDPR. Our approach to help our clients to avoid this kind of issues consists of a holistic service composed by the following main components: providing a Data Protection Officer to drive the organization’s legal compliance action; mapping the data processed by the organisation to measure its impact on the ethical principles and legal framework; assessing the cybersecurity mechanisms used by the organisation technologies; conducting an impact assessment for all data processing mechanisms identifying ethical, legal and security risks; making recommendations for the implementation of the organisational and technical means to be compliant with the legal framework while ensuring data confidentiality (preserving authorized restrictions on information access and disclosure, including personal privacy and proprietary information protection), integrity (assurance that data is not modified or deleted in an unauthorized and undetected manner), availability (ensuring there’s timely and reliable access to and use of information) and accountability (supporting non‐repudiation, deterrence, fault isolation, intrusion detection and prevention, and after‐action recovery and legal action).
Responsible Research & Innovation
We love discovering and staying on top of new research to continuously advance our knowledge and to transform it into responsible innovation, taking into account effects and potential impacts on ethics, privacy and data protection. We help national and international partners to handle ethical, legal and cybersecurity concerns on both the research process and the project outcomes, through the legal support for the involvement of human beings in the research activity, the analysis of the national and regional legal framework applicable to the implementing technology and the recommendations for the secure and compliant development of technology. We are a multidisciplinary team that promotes the inclusion of legal and ethical concerns in the design of the technology, researching and producing new knowledge and best practices towards making a conscious and transparent adoption of technology.