Digitala Vetenskapliga Arkivet

Change search
Refine search result
1 - 4 of 4
CiteExportLink to result list
Permanent link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Rows per page
  • 5
  • 10
  • 20
  • 50
  • 100
  • 250
Sort
  • Standard (Relevance)
  • Author A-Ö
  • Author Ö-A
  • Title A-Ö
  • Title Ö-A
  • Publication type A-Ö
  • Publication type Ö-A
  • Issued (Oldest first)
  • Issued (Newest first)
  • Created (Oldest first)
  • Created (Newest first)
  • Last updated (Oldest first)
  • Last updated (Newest first)
  • Disputation date (earliest first)
  • Disputation date (latest first)
  • Standard (Relevance)
  • Author A-Ö
  • Author Ö-A
  • Title A-Ö
  • Title Ö-A
  • Publication type A-Ö
  • Publication type Ö-A
  • Issued (Oldest first)
  • Issued (Newest first)
  • Created (Oldest first)
  • Created (Newest first)
  • Last updated (Oldest first)
  • Last updated (Newest first)
  • Disputation date (earliest first)
  • Disputation date (latest first)
Select
The maximal number of hits you can export is 250. When you want to export more records please use the Create feeds function.
  • 1.
    Dayarathna, Rasika
    Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences. Kungliga tekniska högskolan.
    The principle of security safeguards: Unauthorized activities2009In: The Computer Law and Security Report, ISSN 0267-3649, E-ISSN 1873-6734, Vol. 25, no 2, p. 165-172Article in journal (Refereed)
    Abstract [en]

    The principle of information security safeguards is a key information privacy principle contained in every privacy legislation measure, framework, and guideline. This principle requires data controllers to use an adequate level of safeguards before processing personal information. However, privacy literature neither explains what this adequate level is nor how to achieve it. Hence, a knowledge gap has been created between privacy advocates and data controllers who are responsible for providing adequate protection. This paper takes a step toward bridging this knowledge gap by presenting an analysis of how Data Protection and Privacy Commissioners have evaluated the adequacy level of security protection measures given to personal information in selected privacy invasive cases. This study addresses both security measures used to protect personal information against unauthorized activities and the use of personal information in authentication mechanisms. This analysis also lays a foundation for building a set of guidelines that can be used by data controllers for designing, implementing, and operating both technological and organizational measures used to protect personal information.

  • 2.
    He, Zhicheng
    Stockholm University, Faculty of Law, Department of Law.
    When data protection norms meet digital health technology: China's regulatory approaches to health data protection2022In: The Computer Law and Security Review, ISSN 0267-3649, Vol. 47, article id 105758Article in journal (Refereed)
    Abstract [en]

    While ageing remains a global concern, it is especially challenging for China, which has the world's largest ageing population. In response, the Chinese government has introduced digitalisation policies that clearly embrace the use of information and communication technologies in health. To enhance data protection in this tide of digital transformation, China adopted its first ever standalone data protection legislation in 2021, the Personal Information Protection Law, which is expected to have huge impacts on technology and data processing. This paper captures these significant changes related to technological advances and regulatory approaches. It aims to explore the interplay between China's new data protection legal regime and the digital health advances which were proposed to facilitate healthcare in an ageing society. To do so, the paper first reviews and categorises the use of digital tools for various health functions and argues that the use of digital health technologies creates significant data protection concerns. The paper then investigates to what extent China's data protection rules mitigate privacy risks created by digital health technologies. An evolutionary overview of China's data protection legal landscape is mapped out. On this basis, outstanding legal issues surrounding health data protection are explored, contributing to a nuanced analysis of health data processing under different scenarios including: (1) healthcare provision; (2) health research; (3) public health; (4) social care and health management in a non-medical context; and (5) real-world data for market approval. The paper shows that the Personal Information Protection Law renders China's data protection legal landscape less fragmented and offers important legal safeguards for health data. Despite legislative advances, a closer look at relevant provisions in the Personal Information Protection Law and their interplay with other regulations reveals areas where further clarification is needed, including the definition of health data, the meaning of ‘separate consent’, data minimisation requirements for health apps, and the operation of the enforcement mechanism. The paper ends with indicating potential steps forward, with a hope that the benefits of digital health can be realised in a manner that respects privacy and human dignity.

  • 3.
    Naarttijärvi, Markus
    Umeå University, Faculty of Social Sciences, Department of Law.
    Balancing data protection and privacy: The case of information security sensor systems2018In: The Computer Law and Security Review, ISSN 0267-3649, Vol. 34, no 5, p. 1019-1038Article in journal (Refereed)
    Abstract [en]

    This article analyses government deployment of information security sensor systems from primarily a European human rights perspective. Sensor systems are designed to detect attacks against information networks by analysing network traffic and comparing this traffic to known attack-vectors, suspicious traffic profiles or content, while also recording attacks and providing information for the prevention of future attacks. The article examines how these sensor systems may be one way of ensuring the necessary protection of personal data stored in government IT-systems, helping governments fulfil positive obligations with regards to data protection under the European Convention on Human Rights (ECHR), the EU Charter of Fundamental Rights (The Charter), as well as data protection and IT-security requirements established in EU-secondary law. It concludes that the implementation of sensor systems illustrates the need to balance data protection against the negative privacy obligations of the state under the ECHR and the Charter and the accompanying need to ensure that surveillance of communications and associated metadata reach established principles of legality and proportionality. The article highlights the difficulty in balancing these positive and negative obligations, makes recommendations on the scope of such sensor systems and the legal safeguards surrounding them to ensure compliance with European human rights law and concludes that there is a risk of privatised policymaking in this field barring further guidance in EU-secondary law or case law.

    Download full text (pdf)
    fulltext
  • 4. Stoykova, Radina
    et al.
    Nordvik, Rune
    Ahmed, Munnazzar
    Franke, Katrin
    Axelsson, Stefan
    Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences. Norwegian University of Science and Technology, Norway.
    Toolan, Fergus
    Legal and technical questions of file system reverse engineering2022In: The Computer Law and Security Review, ISSN 0267-3649, Vol. 46, article id 105725Article in journal (Refereed)
    Abstract [en]

    Reverse engineering of file systems is indispensable for tool testing, accurate evidence ac-quisition, and correct interpretation of data structures by law enforcement in criminal inves-tigations. This position paper examines emerging techno-legal challenges from the practice of reverse engineering for law enforcement purposes. We demonstrate that this new context creates uncertainties about the legality of tools and methods used for evidence acquisition and the compliance of law enforcement with obligations to protect intellectual property and confidential information. Further identified are gaps between legal provisions and practice related to disclosure and peer-review of sensitive digital forensic methodology, trade se-crets in investigations, and governmental vulnerability disclosure. It is demonstrated that reverse engineering of file systems is insufficiently addressed by legislators, which results in a lack of file system interpretation and validation information for law enforcement and their dependence on tools. Outlined are recommendations for further developments of dig-ital forensic regulation.

1 - 4 of 4
CiteExportLink to result list
Permanent link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf