The impact of privacy and cybersecurity on e-record: The PNR Directive Adoption and the impact of GDPR

• Autorzy: Chiappetta A. , Battaglia A.

Identyfikatory

DOI

10.14254/jsdtl.2018.3-3.6

• Języki publikacji: EN

Abstrakty

EN

Digital transformation means radically change how we manage interaction with everything, including goods, persons and data flows. Cyberspace is by nature borderless and open to everybody, and any sensitive personal info passing through it should be appropriately managed to ensure the protection of the users' identity and other personal records. The Passenger Name Record (EU Directive 2016/681) impacts for travellers, e-wallets for online shoppers, medical e-records for patients, etc., which may contain personal information provided by the users and collected by the service providers during the on-line transaction. While such records need to be shared for the smooth operation of the provided service, evidence shows that such sharing does not always respect the privacy of the data subjects. This paper address this challenge by proposing a comprehensive solution to safeguard and protect such on-line info and to preserve and protect the users’ privacy (GDPR) in order to improve the cybersecurity aspects at EU level with a focus on transports and blockchain.

Słowa kluczowe

EN

blockchain; transport; general data protection regulation; passenger name record

• Wydawca: Fundacja Centrum Badań Socjologicznych ; Scientific Publishing House "SciView"
• Czasopismo: Journal of Sustainable Development of Transport and Logistics
• Rocznik: 2018
• Tom: Vol. 3, No. 3
• Strony: 77--87
• Opis fizyczny: Bibliogr. 21 poz.

Twórcy

autor

Chiappetta A.

• Marconi International University, 111 NE 1st street, Miami - 33132 Florida, USA

autor

Battaglia A.

• ASPISEC, Piazzale Flaminio 19 – 00196 Rome, Italy

Bibliografia

• Caruana, M. M. (2017]. The reform of the EU data protection framework in the context of the police and criminal justice sector: harmonisation, scope, oversight and enforcement International Review of Law, Computers & Technology, 1-22.
• Charter of Fundamental Rights of the European Union, Title II.
• CJEU. (2017). CJEU's Opinion 1/15 was issued on 26 July 2017 and was in relation to the lawfulness of EU's PNR Agreement with Canada. Specifically, CJEU adjudicated that the processing of PNR data generally pursues a different objective from that which was intended when collected by air carriers, and thus requires a different legal basis.
• Collin, T. (2018). The difference between a Private Public Consortium Blockchain. Retrieved from https://www.blockchaindailynews.com/The-difference-between-a-Private-Public-Consortium-Blockchain_a24681.html
• Europa.eu. (2016). Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (Text with EEA relevance).
• European Union. (2016). Directive (EU) 2016/681 of the European Parliament and of the Council of 27 April 2016 on the use of passenger name record (PNR) data for the prevention, detection, investigation and prosecution of terrorist offences and serious crime.
• GDPR Associates, (n.d). The lower level of fine, up to €10 million or 2% of the company's global annual turnover, will be considered for infringements listed in Article 83(4) of the General Data Protection Regulation. The higher level of fine, up to €20 million or 4% of the company's global annual turnover, will be considered for infringements listed in Article 83(5) of the General Data Protection Regulation.
• IBM.com (n.d). Insights on business travel and transportation. Retrieved from https://www.ibm.com/blogs/insights-on-business/travel-and-transportation/tag/blockchain/
• Intersoft consulting, (n.d). Security of processing. Retrieved from https://gdpr-info.eu/art-32-gdpr/
• I-scoop. (n.d). Personal data pseudonymization: GDPR pseudonymization what and how. Retrieved from https://www.i-scoop.eu/gdpr/pseudonymization/
• Lex.europa.eu. (n.d). Communication from the Commission to the European Parliament and the Council on promoting data protection by privacy-enhancing technologies [COM (2007) 228 final - Not published in the Official Journal] Retrieved from https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=LEGISSUM%3A114555
• Nauwelaerts, W. (2017). GDPR-The Perfect Privacy Storm: You Can Run from the Regulator, but You Cannot Hide from the Consumer. Eur. Data Prot. L. Rev., 3, 251.
• Olga M. (2010). Data protection and security in civil aviation https://www.uio.no/studier/emner/jus/jus/JUR5630/vll/undervisningsmateriale/JUR5630_lecture_11_11.pdf
• Olga Mironenko. (2002). Air Passenger Lists in Civil Aviation.
• Public Record Office. (1999). Functional requirements for electronic records management systems. Retrieved from: https://www.nationalarchives.gov.uk/documents/requirements.pdf
• Shmueli, G., & Greene, T. (2018). Analyzing the Impact of GDPR on Data Scientists Using the InfoQ Framework.
• U.S Department of Homeland Security. (2013). U.S. Customs and Border Protection Passenger Name Record (PNR) Privacy Policy. Retrieved from https://www.cbp.gov/sites/default/files/documents/pnr_privacy_3.pdf
• Voigt, P., & von dem Bussche, A. (2017). Scope of Application of the GDPR. In The EU General Data Protection Regulation (GDPR) (pp. 9-30). Springer, Cham.
• Voigt, P., & Von dem Bussche, A. (2017). The EU General Data Protection Regulation (GDPR) (Vol. 18). Springer.
• Winnesota.com (n.d). How blockchain is revolutionizing the world of transportation and logistics. Retrieved from https://www.winnesota.com/blockchain
• Xiaofei, W., Fan, H., Xueming, T., & Guohua, C. (2006). Merkle tree digital signature and trusted computing platform. Wuhan University Journal of Natural Sciences, 11 (6), 1467-1472. https://doi.org/10.1007/BF02831799

Uwagi

PL

Opracowanie rekordu w ramach umowy 509/P-DUN/2018 ze środków MNiSW przeznaczonych na działalność upowszechniającą naukę (2019).