This book examines the conflicts arising from the implementation of privacy principles enshrined in the GDPR, and most particularly of the ``Right to be Forgotten'', on a wide range of contemporary organizational processes, business practices, and emerging computing platforms and decentralized technologies. Among others, we study two ground-breaking innovations of our distributed era: the ubiquitous mobile computing and the decentralized p2p networks such as the blockchain and the IPFS, and we explore their risks to privacy in relation to the principles stipulated by the GDPR. In that context, we identify major inconsistencies between these state-of-the-art technologies with the GDPR and we propose efficient solutions to mitigate their conflicts while safeguarding the privacy and data protection rights. Last but not least, we analyse the security and privacy challenges arising from the COVID-19 pandemic during which digital technologies are extensively utilized to surveil people’s lives.
Author(s): Eugenia Politou, Efthimios Alepis, Maria Virvou, Constantinos Patsakis
Series: Learning And Analytics In Intelligent Systems
Edition: 1
Publisher: Springer
Year: 2022
Language: English
Commentary: TruePDF
Pages: 195
Tags: Computational Intelligence
Series Editor’s Foreword
References
Preface
Contents
Acronyms
1 Introduction
1.1 Book Objectives
1.2 Book Structure
References
2 Privacy and Personal Data Protection
2.1 Introduction
2.2 The Value of Personal Data
2.3 The Value of Data Privacy
2.4 The Rights to Privacy and to Data Protection
2.5 Privacy in the Tax and Financial Domain
References
3 The General Data Protection Regulation
3.1 Introduction
3.2 Introduction to the GDPR
3.3 The GDPR Data Protection Principles
3.4 Consent and Revocation
3.4.1 Consent Misuses
3.4.2 Consent Under the GDPR
3.4.3 Current Efforts for Revoking Consent
3.5 The Right to be Forgotten
3.5.1 Forgetting and the Need to be Forgotten
3.5.2 About the CJEU Decision
3.5.3 The Right to be Forgotten Under the GDPR
References
4 The ``Right to Be Forgotten'' in the GDPR: Implementation Challenges and Potential Solutions
4.1 Introduction
4.2 Implementation Challenges
4.3 The Impact of the GDPR on Backups and Archives
4.3.1 GDPR Provisions for Backups and Archives
4.3.2 The Process of Backing up
4.3.3 IT Security Standards for Backup Procedures
4.3.4 Impact Analysis of Implementing the RtbF on Backups
4.4 Towards GDPR Compliance
References
5 State-of-the-Art Technological Developments
5.1 Introduction
5.2 Mobile Ubiquitous Computing
5.2.1 Affective Computing
5.2.2 Mobile Affective Computing and Ubiquitous Sensing
5.3 Decentralized p2p Networks
5.3.1 Blockchain
5.3.2 Decentralized Storage and File Sharing
References
6 Privacy in Ubiquitous Mobile Computing
6.1 Introduction
6.2 Privacy Risks in Mobile Computing
6.2.1 Privacy and Big Data
6.2.2 Informed Consent
6.2.3 Risk of Re-Identification
6.2.4 Risk of Profiling
6.2.5 The Risks of Tax and Financial Profiling
6.2.6 Towards Accountable, Transparent and Fairer Profiling and Automated Decision Making
6.3 Mitigating Privacy Risks Under the GDPR
6.3.1 Profiling and Automated Decision Making Under the GDPR
6.3.2 Implementation Challenges and Countermeasures
6.3.3 The Future of Big Data Profiling Under the GDPR
References
7 Privacy in Blockchain
7.1 Introduction
7.2 Blockchain Privacy
7.3 Blockchain's Immutability and the ``Right to Be Forgotten''
7.4 Current Efforts for Balancing Immutability and the RtbF
7.4.1 Bypassing Blockchain's Immutability
7.4.2 Removing Blockchain's Immutability
7.5 The Controversy
References
8 Implementing Content Erasure in IPFS
8.1 Introduction
8.2 Storing Off-Chain Personal Data in the IPFS
8.3 Erasing Content in IPFS
8.4 The Requirement for Total Content Erasure
8.5 Towards Aligning IPFS with the RtbF
8.6 The Proposed Protocol
8.6.1 Assumptions and Desiderata
8.6.2 Threat Model
8.6.3 IPFS Delegated Erasure Protocol
8.6.4 Security Proof
8.6.5 Protocol Efficiency
8.6.6 Limitations and Countermeasures
References
9 Privacy in the COVID-19 Era
9.1 Introduction
9.2 Contact Tracing Apps
9.3 Immunity Passports
9.4 Privacy and Data Protection in the Pandemic
9.5 Conclusions
References
10 Open Questions and Future Directions
10.1 Introduction
10.1.1 Forgetting Implementation Standards
10.1.2 Big Data Analytics
10.1.3 Backups and Archives
10.1.4 Blockchain
10.1.5 IPFS and Other Decentralized P2p File Storage Systems
References
11 Conclusions
11.1 Introduction
References
