This work was selected from materials presented at the 9th International Conference on Computers, Privacy, and Data Protection, held in Brussels in January 2016. The ten chapters were selected from the 80 panels and 343 speakers who presented at the conference, and represent issues related to the General Data Protection Regulation (GDPR, Regulation 2016/679) recently adopted by the European Parliament going into effect in May 2018.
The selected papers are organized into three broad categories: “Fundamental and Legal Questions,” “Concepts and Tools,” and “Case Studies.” Each chapter is a peer-reviewed paper, and discusses a key issue related to the challenges surrounding the adoption of a major new piece of legislation.
In the first section, three papers consider the important issues on fundamental rights and what rights exist in an Internet of Things (IoT) with respect to privacy. In chapter 1, the question of whether data protection is a fundamental right is considered. This is a term of legal art, and relates to the question of whether data privacy is now considered a distinct human right, since it has been disconnected from the issues of privacy, with respect to Regulation 2016/679. Chapters 2 and 3 consider the challenges of a hyper-connected IoT world, and consider important questions. First, should we have a “right” for offline options in an IoT world? (That is, should a person have the “right” to lead a nondigital life? What are the implications of leading such a life on society and the individual?) Finally, in chapter 3, the authors look at four dimensions of an IoT world: how IoT changes traditional views of privacy and data protection; how IoT moves us to collective, versus individual, privacy; how technological convergence leads to artificial agency; and the relationship of technical and legal standards.
The second section examines applied issues relating to security. In chapter 4, the authors consider the appropriate framework for a code of conduct in the healthcare domain when privacy and security intersect when patients are ubiquitously monitored and sensitive information is easily transferred. Complementing the behavioral issues of a code of conduct, chapter 5 contrasts the privacy mechanisms of privacy by design (PbD) with the author’s proposal of minimum harm by design (MHbD), which focuses on the issues of the impact of surveillance as well as how these issues serve to define a society and its political character. In chapter 7, the authors consider data governance and suggest a focus on purpose as opposed to anticipated sensitivity, which will ultimately lead to a more user-centric business model of data governance. The section closes in chapter 7 with a discussion of a privacy engineering framework, with specific emphasis on how privacy engineering differs between which target controllers, processors, and integrators, and IoT subsystems that target suppliers.
The final section considers case studies related to the management of data security and privacy. In chapter 8, the authors consider the impact of maladministration as the root cause of data breaches in the UK healthcare system, and how behavioral issues often lead to better governance and fewer data breaches. In chapter 9, the authors discuss how their tool, the real-time risk and trust analysis engine, can be used to mitigate the risk of internal data breaches through the monitoring of employee activity. Finally, in chapter 10, the authors examine the question of corporate compliance with respect to the existing regulatory framework as related to issues around transparency and rights of access with respect to employee awareness.
The strength of this book is its broad perspective on the issues of privacy and data security, especially within the context of the recently adopted General Data Protection Directive. As peer-reviewed papers, these chapters have a formal academic structure and in-depth bibliographies. The weakness of this book is the lack of editorial cohesiveness that would be present if written by a single author around a narrower topic. In addition, since these are academic papers, they lack the commonly found discussion questions, and activities of a textbook. Notwithstanding these issues, for researchers in the field, it provides an excellent perspective of the issues.
