Related papers: Data-CASE: Grounding Data Regulations for Complian…
The General Data Protection Regulation (GDPR) has become a touchstone model for modern privacy law, in part because it empowers consumers with unprecedented control over the use of their personal information. However, this same power may be…
Compliance at web scale poses practical challenges: each request may require a regulatory assessment. Regulatory texts (e.g., the General Data Protection Regulation, GDPR) are cross-referential and normative, while runtime contexts are…
When sample data are governed by an unknown sequence of independent but possibly non-identical distributions, the data-generating process (DGP) in general cannot be perfectly identified from the data. For making decisions facing such…
Cyber-Physical Systems (CPS) have gained popularity due to the increased requirements on their uninterrupted connectivity and process automation. Due to their connectivity over the network including intranet and internet, dependence on…
Gaussian Processes (GPs) offer an attractive method for regression over small, structured and correlated datasets. However, their deployment is hindered by computational costs and limited guidelines on how to apply GPs beyond simple…
The FAIR principles are globally accepted guidelines for improved data management practices with the potential to align data spaces on a global scale. In practice, this is only marginally achieved through the different ways in which…
This article sheds light on legal implications and challenges surrounding emotion data processing within the EU's legal framework. Despite the sensitive nature of emotion data, the GDPR does not categorize it as special data, resulting in a…
Perception of privacy is a contested concept, which is also evolving along with the rapid proliferation and expansion of technological advancements. Information systems (IS) applications incorporate various sensing infrastructures,…
The General Data Protection Regulation (GDPR) aims to ensure that all personal data processing activities are fair and transparent for the European Union (EU) citizens, regardless of whether these are carried out within the EU or anywhere…
During the last two decades, it has been increasingly acknowledged that the engineering of information systems usually requires a huge effort in integrating master data and business processes. This has led to a plethora of proposals, both…
The GDPR grants data subjects certain rights, like the right to access their data from companies, but in practice multiple problems exist with exercising these rights such as unknown data holders or interpreting the received data. Small and…
Machine learning based classifiers that take a privacy policy as the input and predict relevant concepts are useful in different applications such as (semi-)automated compliance analysis against requirements of the EU GDPR. In all past…
Ample research has demonstrated that compliance with data protection principles remains limited on the web and mobile. For example, almost none of the apps on the Google Play Store fulfil the minimum requirements regarding consent under EU…
The General Data Protection Regulation (GDPR) is considered as the benchmark in the European Union (EU) for privacy and data protection standards. Since before its entry into force in 2018, substantial research has been conducted in the…
The European General Data Protection Regulation asserts data subjects' right to be forgotten, i.e., their right to request that all their personal data be deleted from an organizations' data stores. However, fulfilling such requests in…
The data circulation is a complex scenario involving a large number of participants and different types of requirements, which not only has to comply with the laws and regulations, but also faces multiple challenges in technical and…
The General Data Protection Regulation (GDPR) gives control of personal data back to the owners by appointing higher requirements and obligations on service providers who manage and process personal data. As the verification of…
What if the main data protection vulnerability is risk management? Data Protection merges three disciplines: data protection law, information security, and risk management. Nonetheless, very little research has been made on the field of…
Computer systems process, store and transfer sensitive information which makes them a valuable asset. Despite the existence of standards such as ISO 27005 for managing information risk, cyber threats are increasing, exposing such systems to…
Advances in service personalization are driven by low-cost data collection and processing, in addition to the wide variety of third-party frameworks for authentication, storage, and marketing. New privacy regulations, such as the General…