General Data Protection Regulation 2022
This paper explores General Data Protection Regulation (UK GDPR) . GDPR • Agreed in 2016 •In effect from May 2018 •UK General Data Protection Regulation (UK GDPR) 14 https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr
General Data Protection Regulation
GDPR • Agreed in 2016 •In effect from May 2018 •UK General Data Protection Regulation (UK GDPR) 14 https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/ GDPR Overview •Every individual located within the EU must be guaranteed the same rights and freedoms •More focus on individual rights than the interests of businesses •Not only apply to organisations based within the EU, but to any organisation that processes EU citizens’ data 15 GDPR Main Changes •Increased territorial scope. •Penalties: Fined up to 4% of annual global turnover or €20 Million
General Data Protection Regulation
Consent: Given in an intelligible and easily accessible form, with the purpose for data processing attached to that consent •Data subject rights https://eugdpr.org/the-regulation/ 16 Exercise • Consider the following scenario: you have been hired as a software engineer for a company that develops a fitness application for smartphones. Based on the user’s current location and physical attributes, the application suggests training alternatives for the user. After a session, the smartphone sends the training data back to the company’s servers for analysis to improve its suggestion algorithm.
General Data Protection Regulation
Explain what the sensitive user data are in the above scenario and how your software should protect those data. 17 Exercise •Assume that you are developing a software product for deploying political surveys to analyze the reasons behind how people vote for a certain party. List the types of sensitive personal data as described by the GDPR that your software would process. 18 Exercise • Consider the following scenario: you have been hired as a software engineer for a company that develops a mobile healthcare application for patients who are not able to make it to the hospital. For the designated surgery, the application assigns a GP based on the patient’s medical condition.
General Data Protection Regulation
The GP can then remotely communicate with the patient to arrange their medication and advise on their treatment. Explain what the sensitive user data are in the above scenario and how your software should protect those data. 19 Exercise •You work for a company that develops medical software. The software collects and analyses patient information. The company is located in California. Various hospitals in the world use your company’s software. Explain the relevance of your company’s software to applicable data protection regulations. 20 Exercise • Consider the following scenario: you are a competent software developer who is interested in challenging new Web technologies and advances in AI.
General Data Protection Regulation
You have been approached by a start-up working on an online dating application called “Hinder”. During the interview, your potential new boss talks about the exciting features of the application, which would make use of as well as develop new Web technologies and AI algorithms. Some of the features include: integration with other social media platforms such as “Fakebook” for calculating compatibility based on the user’s friends; estimation of user’s age from the uploaded pictures; matchmaking based on AI analysis of the pictures and video uploaded by users as opposed to textual profile elements. • What would you ask your potential employer to understand the legal and ethical implications of the application? https://youtu.be/acijNEErf-c
Attached Files
|