Data Privacy and GDPR Handbook
eBook - ePub

Data Privacy and GDPR Handbook

Sanjay Sharma

  1. English
  2. ePUB (adapté aux mobiles)
  3. Disponible sur iOS et Android
eBook - ePub

Data Privacy and GDPR Handbook

Sanjay Sharma

DĂ©tails du livre
Aperçu du livre
Table des matiĂšres
Citations

À propos de ce livre

The definitive guide for ensuring data privacy and GDPR compliance

Privacy regulation is increasingly rigorous around the world and has become a serious concern for senior management of companies regardless of industry, size, scope, and geographic area. The Global Data Protection Regulation (GDPR) imposes complex, elaborate, and stringent requirements for any organization or individuals conducting business in the European Union (EU) and the European Economic Area (EEA)—while also addressing the export of personal data outside of the EU and EEA. This recently-enacted law allows the imposition of fines of up to 5% of global revenue for privacy and data protection violations. Despite the massive potential for steep fines and regulatory penalties, there is a distressing lack of awareness of the GDPR within the business community. A recent survey conducted in the UK suggests that only 40% of firms are even aware of the new law and their responsibilities to maintain compliance.

The Data Privacy and GDPR Handbook helps organizations strictly adhere to data privacy laws in the EU, the USA, and governments around the world. This authoritative and comprehensive guide includes the history and foundation of data privacy, the framework for ensuring data privacy across major global jurisdictions, a detailed framework for complying with the GDPR, and perspectives on the future of data collection and privacy practices.

  • Comply with the latest data privacy regulations in the EU, EEA, US, and others
  • Avoid hefty fines, damage to your reputation, and losing your customers
  • Keep pace with the latest privacy policies, guidelines, and legislation
  • Understand the framework necessary to ensure data privacy today and gain insights on future privacy practices

The Data Privacy and GDPR Handbook is an indispensable resource for Chief Data Officers, Chief Technology Officers, legal counsel, C-Level Executives, regulators and legislators, data privacy consultants, compliance officers, and audit managers.

Foire aux questions

Comment puis-je résilier mon abonnement ?
Il vous suffit de vous rendre dans la section compte dans paramĂštres et de cliquer sur « RĂ©silier l’abonnement ». C’est aussi simple que cela ! Une fois que vous aurez rĂ©siliĂ© votre abonnement, il restera actif pour le reste de la pĂ©riode pour laquelle vous avez payĂ©. DĂ©couvrez-en plus ici.
Puis-je / comment puis-je télécharger des livres ?
Pour le moment, tous nos livres en format ePub adaptĂ©s aux mobiles peuvent ĂȘtre tĂ©lĂ©chargĂ©s via l’application. La plupart de nos PDF sont Ă©galement disponibles en tĂ©lĂ©chargement et les autres seront tĂ©lĂ©chargeables trĂšs prochainement. DĂ©couvrez-en plus ici.
Quelle est la différence entre les formules tarifaires ?
Les deux abonnements vous donnent un accĂšs complet Ă  la bibliothĂšque et Ă  toutes les fonctionnalitĂ©s de Perlego. Les seules diffĂ©rences sont les tarifs ainsi que la pĂ©riode d’abonnement : avec l’abonnement annuel, vous Ă©conomiserez environ 30 % par rapport Ă  12 mois d’abonnement mensuel.
Qu’est-ce que Perlego ?
Nous sommes un service d’abonnement Ă  des ouvrages universitaires en ligne, oĂč vous pouvez accĂ©der Ă  toute une bibliothĂšque pour un prix infĂ©rieur Ă  celui d’un seul livre par mois. Avec plus d’un million de livres sur plus de 1 000 sujets, nous avons ce qu’il vous faut ! DĂ©couvrez-en plus ici.
Prenez-vous en charge la synthÚse vocale ?
Recherchez le symbole Écouter sur votre prochain livre pour voir si vous pouvez l’écouter. L’outil Écouter lit le texte Ă  haute voix pour vous, en surlignant le passage qui est en cours de lecture. Vous pouvez le mettre sur pause, l’accĂ©lĂ©rer ou le ralentir. DĂ©couvrez-en plus ici.
Est-ce que Data Privacy and GDPR Handbook est un PDF/ePUB en ligne ?
Oui, vous pouvez accĂ©der Ă  Data Privacy and GDPR Handbook par Sanjay Sharma en format PDF et/ou ePUB ainsi qu’à d’autres livres populaires dans Business et Corporate Governance. Nous disposons de plus d’un million d’ouvrages Ă  dĂ©couvrir dans notre catalogue.

Informations

Éditeur
Wiley
Année
2019
ISBN
9781119594192
Édition
1
Sujet
Business
Sous-sujet
Corporate Governance

1
Origins and Concepts of Data Privacy

Privacy is not something that I’m merely entitled to, it’s an absolute prerequisite.
— Marlon Brando
We generate enormous amounts of personal data and give it away without caring about our privacy.
Before the wake-up alarm rings on our smartphone, our heartbeats and sleeping patterns were being recorded through the night on the embedded app on our wrist watch. We turn on our customized morning playlist on Spotify, read the headlines tailored for our interests on Apple or Google news, retweet on Twitter, upvote on Quora, register likes on WhatsApp, post a snapshot of the snow outside our window, and look up on what our friends are up to on Facebook. We then check the weather forecast and ask Alexa to order cereal from Amazon. We are ready to go to work.
Unimaginable convenience for us commoners without a royal butler feels splendid. The invisible cost is that we are under constant surveillance whenever we use these services. All our choices, actions, and activities are being recorded and stored by the seemingly free technology-driven conveniences.
When we take an Uber or Lyft to work, our location and destination are known to them from previous trips. Today’s journey is also recorded, including the name of the driver and how we behaved – spilling coffee may show up on our passenger rating if the driver notices it. A smile and thank-you wave to the driver are worth five rating stars. Our choice of coffee at Starbucks may already be programmed and ready based on our past preferences. Each swipe of our credit card is imprinted into our purchase habits.
As we exit the car, a scarcely visible street camera is recording our movements and storing those records for the local city police. The recording of our actions continue as we turn on our computer at work. We read and respond to e-mails, order lunch online, attend video conference calls, and check on family and friends again. Before noon, we have generated innumerable data on our laptops, tablets, phones, and wearables – with or without our conscious cognition or permission.
Everything that we touch through the make-believe cocoon of our computer, tablet, or smartphone leaves a digital trail. Records of our actions are used as revenue sources by data-gobbling observers in the guise of learning and constant improvement. In a different era, this level of voluntary access into our daily lives would have thrilled secret service organizations.
Numerous questions are raised in this fast-evolving paradigm of convenience at no cost: Whose data is it? Who has the rights to sell it? What is the value of the information that we are generating? Can it be shared by the Data Collectors, and, if so, under what circumstances? Could it be used for surveillance, revenue generation, hacking into our accounts, or merely for eavesdropping on our conversations? And, most importantly, can it be used to influence our thinking, decisions, and buying behavior?
Concerns regarding the privacy of our data are growing with advances in technology, social networking frameworks, and societal norms. This book provides a discourse on questions surrounding individual rights and privacy of personal data. It is intended to contribute to the debate on the importance of privacy and protection of individuals’ information from commercialization, theft, public disclosure, and, most importantly, its subliminal and undue influence on our decisions.
This book is organized across three areas: we first introduce the concept of data privacy, situating its underlying assumptions and challenges within a historical context; we then describe the framework and a systematic guide for the General Data Protection Regulations (GDPR) for individual businesses and organizations, including a practical guide for practitioners and unresolved questions; the third area focuses on Facebook, its abuses of personal data, corrective actions, and compliance with GDPR.

1.1 Questions and Challenges of Data Privacy

We illustrate the questions and challenges surrounding individual rights and privacy of personal data by exploring online dating and relationship-seeking apps such as match.com, eHarmony, and OK Cupid. To search for compatible relationships through these apps, users create their profiles by voluntarily providing personal information, including their name, age, gender, and location, as well as other character traits such as religious beliefs, sexual orientation, etc. These apps deploy sophisticated algorithms to run individuals’ profiles to search for suitable matches for dating and compatible relationships.
Online dating apps and platforms are now a global industry with over $2 billion in revenue and an estimated 8,000 sites worldwide. These include 25 apps for mainstream users, while others cater to unique profiles, special interests, and geographic locations. The general acceptance of dating sites is significant – approximately 40% of the applicable US population use dating sites, and it is estimated that half of British singles do not ask someone for a date in person. The industry continues to evolve and grow, with around 1,000 apps and websites being launched every year in the US alone.
Most dating sites and apps do not charge a fee for creating user profiles, uploading photos, and searching for matches. The convenience of these apps to users is manifold. They can search through the universe of other relationship-seekers across numerous criteria without incurring the costs and time for the initial exchange of information through in-person meetings. More importantly, dating apps lower the probability of aspirational disappointment if there was disinterest from their dates.

1.1.1 But Cupid Turned Out to Be Not OK

In May 2016, several Danish researchers caused an outrage by publishing data on 70,000 users of the matchmaking/dating site OK Cupid. Clearly, the researchers had violated OK Cupid’s terms of use. The researchers’ perspective was that this information was not private to begin with. Their justification for not anonymizing the data was that users had provided it voluntarily by answering numerous questions about themselves. By registering on the dating service, the users’ motivation was to be “discovered” as individuals through a selection process by application of the matching algorithm. The information was available to all other OK Cupid members. The researchers argued that it should have been apparent to the users that other relationship-seekers and thus the general public could access their information – with some effort, anyone could have guessed their identities from the OK Cupid database.
This case raises the following legal and ethical questions:
  1. Were the researchers and OK Cupid within their rights to conduct research on data that would be considered as private by the users?
  2. Did the researchers have the obligation to seek the consent of OK Cupid users for the use of their personal information?
  3. Was it the obligation of OK Cupid to prevent the release of data for purposes other than dating?
  4. If a legal judgment were to be made in favor of the users, how could the monetary damages be estimated?
  5. What should a legal construct look like to prevent the use of personal data for purposes different from that which is provided by the users?
  6. If users’ information in the possession of and stored by OK Cupid was illegally obtained and sold or otherwise made public, who is liable?

1.2 The Conundrum of Voluntary Information

As humans, we have an innate desire to share information. At the same time, we also want to be left alone – or at least have the autonomy and control to choose when and with whom we want to share information. We may disrobe in front of medical professionals, but it would be unthinkable in any other professional situation. Similarly, we share our tax returns with our financial advisors but otherwise guard them with our lives. We share our private information personally and professionally in specific contexts and with a level of trust.
This phenomenon is not new but takes on a different dimension when our lives are inextricably intertwined with the internet, mobile phone connectivity, and social networks. With the ease of information dissemination through the internet, anyone with a computer or a mobile phone has become a virtual publisher – identifiable or anonymous. The internet provides near-complete autonomy of individual expression and effortless interactions with commercial services to bring tremendous convenience to our daily lives. At the same time, our expectations of control over our privacy have become increasingly overwhelmed by the power of commercial interests to collect our personal data, track our activities, and, most alarming, to subliminally influence our thoughts and actions. The growing power of commercial and other nefarious interests to impact our lives would have been considered dystopian not too long ago.
We generally understand that once we voluntarily share information with someone else, we lose control over how it can be used. However, two questions remain unanswered: Do we truly realize the extent to which our personal data is being monitored? What level of control and rights do we have over our personal information that is generated through our activities and involuntarily disclosed by us? As an example, mapping our driving routes to avoid traffic jams or ordering a taxicab to our location through an app on our mobile phones has become indispensable. This capability requires that our mobile phones act as monitoring devices and record our every movement with technological sophistication that would make conventional surveillance mechanisms look quaint. However, we would chafe at the notion of being asked to carry a monitoring device in the context of law enforcement, societal surveillance, or even as part of a research project.
The mechanisms for sharing information and their abuse are exponentially greater than in the days of print journalism and the school yearbook. Fast-evolving technology platforms are making our lives efficient and convenient, but these technologies require us to share personal information. Entities that receive and collect our data can use it to foster their commercial and sometimes nefarious interests. Our personal data can be abused through a multitude of ways that are becoming easier to execute – making it more profitable for commercial interests and more effective for law enforcement.
We need rigorous regulatory and legal mechanisms to govern how our information is used, regardless of whether it is provided voluntarily or otherwise. However, this is a very hard challenge because artificial intelligence and big data technology frameworks are constantly and rapidly evolving and can be easily mutated to circumvent regulations. Lawmakers are increasingly recognizing and adapting to these realities by laying the groundwork for legal frameworks to protect our privacy. Their challenge is that regulations for protecting individuals’ data privacy should foster technology-driven personal convenience and not stifle ethical commercial activities and interests.

1.3 What Is Data Privacy?

1.3.1 Physical Privacy

Data privacy as a concept did not exist until the late twentieth century, with the birth of the internet and its exponential rate of adoption through computers and mobile phones. Until that time, privacy largely applied to physi...

Table des matiĂšres

  1. Cover
  2. Title Page
  3. Copyright
  4. Dedication
  5. 1 Origins and Concepts of Data Privacy
  6. 2 A Brief History of Data Privacy
  7. 3 GDPR's Scope of Application
  8. 4 Technical and Organizational Requirements under GDPR
  9. 5 Material Requisites for Processing under GDPR
  10. 6 Data Subjects' Rights
  11. 7 GDPR Enforcement
  12. 8 Remedies
  13. 9 Governmental Use of Data
  14. 10 Creating a GDPR Compliance Department
  15. 11 Facebook: A Perennial Abuser of Data Privacy
  16. 12 Facebook and GDPR
  17. 13 The Future of Data Privacy
  18. Appendix Compendium of Data Breaches
  19. About the Authors
  20. Index
  21. End User License Agreement
Normes de citation pour Data Privacy and GDPR Handbook

APA 6 Citation

Sharma, S. (2019). Data Privacy and GDPR Handbook (1st ed.). Wiley. Retrieved from https://www.perlego.com/book/1323927/data-privacy-and-gdpr-handbook-pdf (Original work published 2019)

Chicago Citation

Sharma, Sanjay. (2019) 2019. Data Privacy and GDPR Handbook. 1st ed. Wiley. https://www.perlego.com/book/1323927/data-privacy-and-gdpr-handbook-pdf.

Harvard Citation

Sharma, S. (2019) Data Privacy and GDPR Handbook. 1st edn. Wiley. Available at: https://www.perlego.com/book/1323927/data-privacy-and-gdpr-handbook-pdf (Accessed: 14 October 2022).

MLA 7 Citation

Sharma, Sanjay. Data Privacy and GDPR Handbook. 1st ed. Wiley, 2019. Web. 14 Oct. 2022.