Dissertations / Theses on the topic 'Personal data control'

The following bachelor thesis explores the design of a GDPR (General Data Protection Regulation) compliant graphical user interface, for an administrative school system. The work presents the process of developing and evaluating a web-based prototype, a platform chosen because of its availability. The aim is to investigate if the design increases the caregivers perception of being in control over personal data, both their own and data related to children in their care. The methods for investigating this subject are grounded in real world research, using both quantitative and qualitative methods.   The results indicate that the users perceive the prototype to be useful, easy to use, easy to learn and that they are satisfied with it. The results also point towards the users feeling of control of both their own and their child’s personal data when using the prototype. The users agree that a higher sense of control also increases their sense of security.

The health and social care sector has a continuous growth in the use of information technology. With more and more information about the patient stored in different systems by different health care actors, information sharing is a key to better treatment. The introduction of the personal health record aims at making this treatment process easier. In addition to being able to share information to others, the patients can also take a more active part in their treatment by communicating with participants through the system. As the personal health record is owned and controlled by the patient with assistance from health care actors, one of the keys to success lies in how the patient can control the access to the record. In this master's thesis we have developed an access control model for the personal health record in a Norwegian setting. The development is based on different studies of existing similar solutions and literature. Some of the topics we present are re-introduced from an earlier project. Interviews with potential users have also been a valuable and important source for ideas and inspiration, especially due to the fact that the access control model sets high demands on user-friendliness. As part of the access control model we have also suggested a set of key roles for the personal health record. Through a conceptual implementation we have further shown that the access control model can be implemented. Three different solutions that show the conceptual implementation in the Indivo personal health record have been suggested, using the Extensible Access Control Markup Language as the foundation.

Web systems have become an integral part in daily life of billions of people. Social is a key characteristic today’s web projects need to feature in order to be successful in the social age. To benefit from an improved user experience, individual persons are continually invited to reveal more and more personal data to web systems. With a rising severity of attacks on web systems, it is evident that their security is inadequate for the amount of accumulated personal data. Numerous threat reports indicate that social media has become a top-ranking attack target, with climbing impacts, with ramifications beyond single individuals and with a booming black market to trade leaked personal data. To enhance information security in managing personal data by web systems for the mutual benefit of individual persons, companies and governments, this dissertation proposes a solution architecture and three research contributions. While the solution architecture establishes the foundation for a more secure management of personal data by web systems, the research contributions represent complementary components for protecting personal data against unwanted data disclosure, tampering and use without the actual data owner’s intent or knowledge. Not only do these components enable seamless integration and combination, but they also contribute to assure quality and maintainability. The dissertation concludes with discussing evaluation results and providing an outlook towards future work.

Web systems have become an integral part in daily life of billions of people. Social is a key characteristic today’s web projects need to feature in order to be successful in the social age. To benefit from an improved user experience, individual persons are continually invited to reveal more and more personal data to web systems. With a rising severity of attacks on web systems, it is evident that their security is inadequate for the amount of accumulated personal data. Numerous threat reports indicate that social media has become a top-ranking attack target, with climbing impacts, with ramifications beyond single individuals and with a booming black market to trade leaked personal data. To enhance information security in managing personal data by web systems for the mutual benefit of individual persons, companies and governments, this dissertation proposes a solution architecture and three research contributions. While the solution architecture establishes the foundation for a more secure management of personal data by web systems, the research contributions represent complementary components for protecting personal data against unwanted data disclosure, tampering and use without the actual data owner’s intent or knowledge. Not only do these components enable seamless integration and combination, but they also contribute to assure quality and maintainability. The dissertation concludes with discussing evaluation results and providing an outlook towards future work.

Since the early 20th century, the view has developed that high quality health care can be delivered only when all the pertinent data about the health of a patient is available to the clinician. Various types of health records have emerged to serve the needs of healthcare providers and more recently, patients or consumers. These health records include, but are not limited to, Personal Health Records, Electronic Heath Records, Electronic Medical Records and Payer-Based Health Records. Payer-Based Health Records emerged to serve the needs of medical aids or health care plans. Electronic Medical Records and Electronic Health Records were targeted at the healthcare provider market, whereas a gap developed in the patient market. Personal Health Records were developed to address the patient market, but adoption was slow at first. The success of online social networking reignited the flame that Personal Health Records needed and online consumer-based Personal Health Records were developed. Despite all the various types of health records, there still seems to be a lack of meaningful use of personal health records in modern society. The purpose of this dissertation is to propose a framework for Personal Health Records in online social networking, to address the issue of a lack of a central, accessible repository for health records. In order for a Personal Health Record to serve this need it has to be of meaningful use. The capability of a PHR to be of meaningful use is core to this research. In order to determine whether a Personal Health Record is of meaningful use, a tool is developed to evaluate Personal Health Records. This evaluation tool takes into account all the attributes that a Personal Health Record which is of meaningful use should comprise of. Suitable ratings are allocated to enable measuring of each attribute. A model is compiled to facilitate the selection of six Personal Health Records to be evaluated. One of these six Personal Health Records acts as a pilot site to test the evaluation tool in order to determine the tool’s utility and effect improvements. The other five Personal Health Records are then evaluated to measure their adherence to the attributes of meaningful use. These findings, together with a literature study on the various types of health records and the evaluation tool, inform the building blocks used to present the framework. It is hoped that the framework for Personal Health Records in online social networking proposed in this research, may be of benefit to provide clear guidance for the achievement of a central or integrated, accessible repository for health records through the meaningful use of Personal Health Records.

As modern technology continues to affect civilization, the issue of electronic rights grows in a global conversation. The right to be forgotten is a data protection regulation specific to the European Union but its consequences are creating an international stir in the fields of mass communication and law. Freedom of expression and privacy rights are both founding values of the United States which are protected by constitutional amendments written before the internet also changed those fields. In a study that analyzes the legal process of when these two fundamental values collide, this research offers insight into both personal and judicial views of informational priority. This thesis conducts a legal analysis of cases that cite the infamous precedents of Melvin v. Reid and Sidis v. F-R Pub. Corp., to examine the factors on which U.S. courts of law determinewhether freedom or privacy rules.

Abstract The past two decades have witnessed an unprecedented proliferation of mobile devices equipped with extremely innovative wireless technologies. Short range networks, such as wireless personal area networks (WPANs), wireless sensor networks (WSNs) and wireless body area networks (WBANs) have been defined and researched to deliver high speed home connectivity, environment and health monitoring. This thesis tackles design, analysis and simulation of medium access control (MAC) protocols tailored for short range networks. These have in common the use of battery operated devices but also certain design challenges connected with MAC protocols are common upon selecting the physical layer technology. Ultra wideband (UWB) technology and 60 GHz technology (which is referred to also as millimeter wave communications) are two valid examples of the wireless revolution of the past decade. Several existing standards, such as IEEE 802.15.3, ECMA-368, IEEE 802.15.4 and its amendment IEEE 802.15.4a, are considered in this thesis for MAC analysis in conjunction with UWB technology. With regard to millimeter wave communications the characteristics of the IEEE 802.15.3c standard are taken into account. Apart for the IEEE 802.15.3c all the MAC protocols have been modeled in the network simulator Opnet. One contribution of this thesis is to produce an innovative and in-depth analysis of the management aspects (e.g. ECMA-368 distributed beaconing) stemming from the above mentioned standards by means of analytical and simulation models. This study approach allows selecting the MAC features suitable for the applications and the technologies of interest. The key performance metric used to analyze all the protocols is energy efficiency, but also throughput is investigated. Another contribution brought by this thesis consists in the innovative way of studying slotted-based MAC protocols as an integrated concept connected with the type of network, the type of application and the selected physical technologies. This thesis also shows MAC performance in conjunction with UWB when false alarm, miss-detection and receiver capture (capture is modeled by means of an existing interference model) are taken into consideration. Most of the unrealistic, though common, assumptions in MAC analysis are removed and the performance of selected medical applications is evaluated through Opnet simulations. The well known binary exponential backoff is analyzed with an innovative though simplified one-dimensional Markov chain approach in the context of directional MAC for 60 GHz communications. As shown in the remainder of this thesis, the simplification introduced does not hinder the accuracy of the results, but rather allows accounting even for a finite number of retransmissions with a simple chain extension
Tiivistelmä Kahden viime vuosikymmenen aikana innovatiivisella langattomalla tekniikalla varustettujen viestintälaiteiden määrä on kasvanut räjähdysmäisesti. Lyhyen kantaman verkkoja kuten langattomia henkilökohtaisen alueen verkkoja (WPAN), langattomia anturiverkkoja (WSN) ja langattomia vartaloalueen verkkoja (WBAN) on määritelty ja tutkittu, jotta voitaisiin tuottaa korkeanopeuksisia kotiyhteyksiä sekä välineitä ympäristön ja terveydentilan seurantaan. Tämä väitöskirja käsittelee lyhyen kantaman viestintään suunniteltujen linkinohjauskerroksen MAC-protokollien suunnittelua, analysointia ja simulointia. Näissä kaikissa käytetään akkukäyttöisiä laitteita, mutta myös tietyt MAC-protokollien suunnittelun haasteet ovat tavallisia fyysisen kerroksen teknologiaa valittaessa. Ultra-laajakaistainen (UWB) teknologia ja 60 GHz teknologia (eli millimetriaallonpituusalueen tietoliikenne) ovat hyviä esimerkkejä kuluneen vuosikymmenen langattomasta vallankumouksesta. Tässä väitöskirjassa huomioidaan UWB teknologiaan liittyvää MAC-kerroksen analyysiä tehtäessä useat olemassa olevat standardit, kuten IEEE 802.15.3, ECMA-368, IEEE 802.15.4 ja sen lisäys IEEE 802.15.4a. Millimetriaallonpituusalueen tietoliikenteessä huomioidaan myös IEEE 802.15.3c standardin erityispiirteet. IEEE 802.15.3c:tä lukuun ottamatta kaikki MAC-protokollat on mallinnettu Opnet verkkosimulaattorilla. Tämä tutkimus tarjoaa innovatiivisen ja syväluotaavan tutkimuksen näiden standardien pohjalta ja analyyttisten ja simuloitujen mallien avulla kehitetyistä hallinnallisista lähestymistavoista (esim. ECMA-368 hajautettu majakkasignaali). Näiden avulla voidaan valita kohteena oleviin sovelluksiin ja teknologioihin parhaiten soveltuvia MAC-ominaisuuksia. Kaikkien protokollien analysointiin käytetty ensisijainen suorituskykymittari on energiatehokkuus, mutta myös datanopeuksia on tarkasteltu. Tässä tutkimuksessa esitellään myös innovatiivinen tapa tutkia MAC protokollia integroituina konsepteina suhteessa verkon ja sovellusten tyyppiin sekä fyysisen kerroksen teknologiaan. Lisäksi tämä väitöskirja esittelee MAC suorituskykyä UWB verkossa silloin, kun siinä otetaan huomioon väärät hälytykset, väärä havainnointi ja vastaanottimen signaalinkaappaus (vastaanoton mallintamiseksi käytetään olemassa olevaa interferenssimallia). MAC analyysistä poistetaan useimmat epärealistiset, vaikkakin tavalliset, olettamukset, ja verkkojen suorituskykyä tarkastellaan valittujen kriittisten parametrien monitoroinnissa Opnet-simulaatioiden avulla. Tunnettua binäärijakoinen eksponentiaalinen perääntyminen -algoritmia analysoidaan innovatiivisella, yksinkertaistetulla yksiulotteisella Markov-ketju -mallilla 60 GHz:n suunta-antenni MAC:n yhteydessä. Kuten tässä tutkimuksessa tullaan osoittamaan, esitelty yksinkertaistus ei rajoita tulosten tarkkuutta, vaan mukaan voidaan lukea jopa rajallinen määrä uudelleenlähetyksiä yksinkertaisen Markovin ketjun laajennuksen avulla

Thesis (MTech (Information Technology))--Cape Peninsula University of Technology, 2016.
Access to healthcare is regarded as a basic and essential human right. It is widely known that ICT solutions have potential to improve access to healthcare, reduce healthcare cost, reduce medical errors, and bridge the digital divide between rural and urban healthcare centres. The access to personal healthcare records is, however, an astounding challenge for both patients and healthcare professionals alike, particularly within resource-restricted environments (such as rural communities). Most rural healthcare institutions have limited or non-existent access to electronic patient healthcare records. This study explored the accessibility of personal healthcare records by patients and healthcare professionals within a rural community hospital in the Eastern Cape Province of South Africa. The case study was conducted at the St. Barnabas Hospital with the support and permission from the Faculty of Informatics and Design, Cape Peninsula University of Technology and the Eastern Cape Department of Health. Semi-structured interviews, observations, and interactive co-design sessions and focus groups served as the main data collection methods used to determine the accessibility of personal healthcare records by the relevant stakeholders. The data was qualitatively interpreted using thematic analysis. The study highlighted the various challenges experienced by healthcare professionals and patients, including time-consuming manual processes, lack of infrastructure, illegible hand-written records, missing records and illiteracy. A number of recommendations for improved access to personal healthcare records are discussed. The significance of the study articulates the imperative need for seamless and secure access to personal healthcare records, not only within rural areas but within all communities.

Esta tesis doctoral reflexiona sobre el impacto social y político de la explotación de datos masivos a nivel europeo. Cumple dos objetivos principales. En primer lugar, define el contexto general en el que se produce esta explotación, a través del análisis de cinco factores: a) la lógica de generación, recopilación y procesamiento de los datos masivos; b) el modelo de negocio de las grandes corporaciones de servicios digitales; c) el discurso mediático dominante acerca de las tecnologías big data; d) las reacciones sociales y formas de resistencia ante este nuevo escenario; y e) el reglamento europeo de protección de datos personales, incluyendo su fundamentación conceptual. En segundo lugar, discute en qué medida estos cinco factores favorecen u obstaculizan la privacidad, la libertad y el control sobre los datos, desde una perspectiva fundamentada en la teoría crítica del capitalismo, la filosofía republicana, la teoría política feminista y la teoría del framing. La investigación se compone de cinco publicaciones: 1. La conversación sobre big data en Twitter. Una primera aproximación al análisis del discurso dominante. 2. Tay is you. The attribution of responsibility in the algorithmic culture. 3. Big social data: límites del modelo notice and choice para la protección de la privacidad. 4. Your likes, your vote? Big personal data exploitation and media manipulation in the US presidential election campaign of Donald Trump in 2016. 5. Personal data are political. A feminist view on privacy and personal data protection. Esta memoria contextualiza, organiza y relaciona las aportaciones principales de estos artículos.
This doctoral thesis reflects on the social and political impact of big data exploitation at the European level. The research fulfils two main objectives. Firstly, it defines the general context in which this exploitation is embedded, through the analysis of five factors: a) the logic of big data generation, gathering and processing; b) the business model of digital services corporations; c) the dominant media discourse on big data technologies; d) the social reactions and forms of resistance to this new scenario; and e) the European regulation on personal data protection, including its conceptual foundations. Secondly, it discusses to what extent these five factors favour or hinder privacy, freedom and control over data, from the lens of critical theory of capitalism, republican philosophy, feminist political theory and framing theory. The study consists of five publications: 1. La conversación sobre big data en Twitter. Una primera aproximación al análisis del discurso dominante. 2. Tay is you. The attribution of responsibility in the algorithmic culture. 3. Big social data: límites del modelo notice and choice para la protección de la privacidad. 4. Your likes, your vote? Big personal data exploitation and media manipulation in the US presidential election campaign of Donald Trump in 2016. 5. Personal data are political. A feminist view on privacy and personal data protection. This report contextualizes, organizes and connects the main contributions of these papers.
Aquesta tesi doctoral reflexiona sobre l'impacte social i polític de l'explotació de dades massives a escala europea. Compleix dos objectius principals. En primer lloc, defineix el context general en el qual es produeix aquesta explotació, a través de l'anàlisi de cinc factors: a) la lògica de generació, recopilació i processament de les dades massives; b) el model de negoci de les grans corporacions de serveis digitals; c) el discurs mediàtic dominant al voltant de les tecnologies big data; d) les reaccions socials i formes de resistència davant d’aquest nou escenari; i e) el reglament europeu de protecció de dades personals, incloent-hi la seva fonamentació conceptual. En segon lloc, discuteix en quina mesura aquests cinc factors afavoreixen o obstaculitzen la privacitat, la llibertat i el control sobre les dades, des d'una perspectiva fonamentada en la teoria crítica del capitalisme, la filosofia republicana, la teoria política feminista i la teoria del framing. La recerca es composa de cinc publicacions: 1. La conversación sobre big data en Twitter. Una primera aproximación al análisis del discurso dominante. 2. Tay is you. The attribution of responsibility in the algorithmic culture. 3. Big social data: límites del modelo notice and choice para la protección de la privacidad. 4. Your likes, your vote? Big personal data exploitation and media manipulation in the US presidential election campaign of Donald Trump in 2016. 5. Personal data are political. A feminist view on privacy and personal data protection. Aquesta memòria contextualitza, organitza i relaciona les aportacions principals d'aquests articles.

Il potere di controllare l’attività dei lavoratori subordinati è da sempre una manifestazione ineliminabile della posizione giuridica del datore di lavoro. Nella misura in cui risulta necessario alla corretta esecuzione del contratto, l’assoggettamento del lavoratore al controllo datoriale costituisce una componente essenziale del rapporto di cui all’art. 2094 c.c., contribuendo a definire la nozione stessa di subordinazione. Proprio per questa ragione, una precisa ricognizione dei limiti posti dall’ordinamento ai controlli dell’imprenditore assume fondamentale importanza, onde scongiurare il rischio che la relazione che si instaura nei luoghi di lavoro divenga occasione di condizionamenti della libertà del lavoratore, incompatibili con i principi su cui si fonda una società democratica. Prendendo le mosse da tali considerazioni, l’opera analizza il quadro normativo sul potere di controllo del datore di lavoro, concentrandosi soprattutto sulle regole sancite dallo Statuto dei lavoratori e sulla più recente disciplina di protezione dei dati personali. Nei quattro capitoli lungo i quali si articola, la riflessione viene svolta con sguardo rivolto sia ai tradizionali problemi della materia sia alle nuove sfide sollevate dall’innovazione tecnologica.
The power to control the activity of workers has always been an ineradicable manifestation of the employer’s legal position. To the extent that it is necessary for the correct performance of the contract, the subjection of the worker to the employer control is an essential element of the relationship referred to in Article 2094 of the Italian Civil Code and plays a crucial role in the definition of subordination. For this reason, an accurate recognition of the legal limits on the entrepreneur’s controls is important to avoid the risk that the employment relationship becomes an occasion for conditioning workers’ freedom in a way that is incompatible with the principles of a democratic society. Based on these considerations, the study analyzes the regulatory framework on the employer’s power to control workers, focusing mostly on the rules laid down by Legge no. 300/1970 (Statuto dei lavoratori) and on the recent Personal Data Protection Regulation. The reflection, which is organized around four chapters, is carried out with an eye on both traditional problems related to this topic and new challenges raised by technological innovation.

The present knowledge of factors associated with older adults’ physical activity behaviour is limited. Therefore, this study trialled an innovative physical activity program for older adults, investigating effective recruitment and retention strategies, and exploring the adults’ perceptions of physical activity. A total of 573 subjects were recruited into the quasi-randomised controlled trial, located in 30 intervention and 30 control neighbourhoods in the Perth metropolitan area. The initial response rate was 74% (260/352) in the intervention group and 82% (313/382) in the control group. Self-reported questionnaires administered at three time points (baseline, 3-months, 6-months) measured physical activity levels, personal and demographic information, including perception of financial struggle, proximity to friends, and other psychosocial data. Descriptive statistics, repeated measure analysis of variance, logistic regression and generalised estimating equations were used in the analysis. Qualitative data on the participants’ perceptions of physical activity were collected through one-on-one interviews (n=16). The results showed that: 1. This cost-effective recruitment procedure facilitated the selection of a reasonably representative sample of 65 to 74 year olds from the Perth metropolitan area. Names of 7378 older adults were obtained from the Federal Electoral Roll, then 6401 potential subjects were matched to telephone numbers and phoned with subjects meeting the screening criteria invited to join the program (n = 4209). From this sample, 573 subjects were recruited. More females (63%) than males (37%) were recruited.
The study attracted a greater proportion of ‘obese’ older adults (27%) relative to state averages. 2. Over the intervention period there was a significant increase in participants’ total physical activity of 2.25 hours per week (p >.001). The General Estimating Equation analysis confirmed significant increase in physical activity from baseline to midpoint (p=.002) and to post intervention (p=.0031). Perceptions of financial struggle (p=.020) were positively correlated with physical activity time spent by participants, whereas having friends or acquaintances living nearby (p=.037) had a significant negative correlation with physical activity time. 3. At the end of the intervention, 32% of the intervention group and 25% of the control group had dropped out, resulting in an overall drop out rate of 28%. Most of the attrition occurred in the first 3 months (77%). Characteristics of individuals lost to attrition (n=86, 35%) were compared with program completers (n=162, 65%). Logistic regression analysis showed that those lost to attrition came from areas of lower socio-economic status, were overweight, were less physically active, and had a lower walking self-efficacy score and a higher loneliness score. The results suggest that to improve retention and to avoid potential bias, early assessment of these characteristics should be undertaken to identify individuals at risk of attrition. 4. Based on the finding of this research, future intervention studies should consider: the role of tertiary students as a skilled resource; the use of volunteers to contain costs; the importance of a tailored program; the appropriateness of walking as a form of physical activity for this age group; the enjoyment associated with a walking group; and the usefulness of social support.
This practical program is potentially effective and sustainable for mobilizing physically inactive older people. 5. Qualitative research highlighted the need for older adults to receive more specific information on: the benefits of physical activity; the role of pain management in physical activity; and the concept that involvement in physical activity in younger years leads to involvement when older. The older adults also expressed a desire to engage in less age appropriate activities. These results suggest that the intervention was successful in recruiting older adults into and retaining them in the intervention, documenting a need for early identification of individuals at risk of attrition. The program significantly increased the participants’ weekly mean time for physical activity and identified factors that affect their commitment to physical activity programs. This program was practical and could be used as a model for physical activity programs aimed at older adults.

Usage of locational data is getting more popular day by day. Location-aware application, context aware application and Ubiquities applications are some of the major categories of applications which are based on locational data. One of the most concerning issues regarding such applications is how to protect user’s privacy against malicious attackers. Failing in this task would result in a total failure for the project, considering how privacy concerns are getting more and more important for the end users. In this project, we will propose a theoretical solution for protecting user privacy in location-based application against inference attacks. Our solution is based on categorizing target users into pre-defined groups (a. k. a. Personas) and utilizing their common characteristics in order to synthesize access control rules for the collected data.

The overriding goal of this work was to present information to ambulance command and control (AC2) operators in a manner that complemented their dispatchers decision making processes whilst minimising the effects of a number of identified complexities. It was theorised that presenting information in this manner would improve the decision making performance of the dispatchers. The initial stages of this work involved identifying the strategies that AC2 operators use when making decisions regarding the allocation of ambulances to emergency incidents and the complexities associated with these decisions. These strategies were identified after the analysis of interviews with AC2 operators using an interview approach called the Critical Decision Method. The subsequent analysis of the interview transcripts using an Emergent Themes Analysis provided a significant number of insights regarding the decision making processes of the operators and the information required to support these decisions. Of particular significance was the importance of situation awareness in the decision making process. For example, when dispatchers have a sound understanding of incidents and additional factors such as the ambulances under their control, the dispatch decision becomes less complicated. To extend the understanding of the dispatcher�s work in the communication centres, a number of factors that could contribute to the complexity of the dispatch task were identified from an additional analysis of the interview transcripts. However it was not possible to establish from this the contribution of these factors to the perceived complexity encountered by the operators. To address this, a questionnaire was circulated requiring dispatchers to rate the contribution of a number of factors to the complexity of the dispatch task and the frequency that these factors occurred. The results showed that the most prevalent factors related to a number of the cognitive processes that the dispatchers performed to manage the dispatch task. Such processes included determining the resource most likely to arrive at the scene of an emergency incident the quickest. There were also differences in regard to which areas of the dispatch process the dispatchers in the two centres considered to be the most complex. The final stage of this research was the design of a prototype interface that complemented the decision making strategies used by the dispatchers and addressed the identified complexities. At this stage the scope of the research was narrowed to focus primarily on the resource assessment and allocation phases of the dispatch process and several of the complexities associated with these. The prototype interface made use of a novel display technology that allowed the presentation of information across two overlapping LCD displays (referred to as a Multi Layered Display (MLD)). To test the effectiveness of this display a laboratory experiment was conducted comparing the perfomance of participants using the MLD with participants using a Single Layered Display (SLD) that presented the same information. The results indicated that in almost all cases the participants using the multi layer display performed better. However these differences did not prove to be significant.

L’évolution des notions juridiques de vie privée et de données personnelles. A l’inverse de la littérature foisonnante sur le thème de la surveillance, il ne s’agit pas ici de mettre en avant la nécessité de trouver un équilibre entre la surveillance entendue dans sa dimension sécuritaire et la protection de la vie privée et des données personnelles, en ce qu’elle constitue une liberté fondamentale reconnue par les institutions françaises et européennes. Cette recherche d’une balance équilibrée entre sécurité et liberté doit nécessairement être dépassée pour comprendre le phénomène de surveillance diffuse. La surveillance n’est plus la simple activité de recherche de renseignements concernant un individu potentiellement dangereux. Elle s’inscrit plutôt dans la poursuite de ceque Hannah Arendt qualifie de « crise de la culture ». La surveillance diffuse est même l’une des caractéristiques de la culture contemporaine dominée par la peur, la consommation et l’aliénation par les technologies. Devenue la nouvelle norme sociale admise, la surveillance diffuse désinstitue le droit des données personnelles et la protection de la vie privée. Progressivement, elle désinstitue également le Droit au profit du libéralisme économique qu’elle porte en son sein
The purpose of this research is to understand how diffuse surveillance fits into the evolution of legal concepts of privacy and personal data. Contrary to the abundant literature on the subject of surveillance, it is not a questionhere of highlighting the need to find a balance between surveillance in its security dimension and the protection of privacy and data, as a fundamental freedom recognized by French and European institutions. This search for a balance between security and freedom must necessarily be overcome to understand the phenomenon of diffuse surveillance. Surveillance is no longer just a search for information about a potentially dangerous individual. Rather, it is a continuation of what Hannah Arendt calls the « crisis of culture ». Diffuse surveillance is even oneof the features of contemporary culture dominated by fear, consumption and alienation by technology. Having become the new accepted social norm, the diffuse surveillance deinstitutes the right of the personal data and the protection of the private life. Gradually, it also deinstitutes the Law to profit from the economic liberalism that it carries within it

Las enormes ventajas que reporta el tratamiento de datos, particularmente cuando se verifica por medios informáticos, encubren un riesgo de proporciones, el que se concreta al recaer las operaciones de procesamiento sobre datos personales, ya que su colecta, almacenamiento y empleo suministra un volumen de información sin precedentes sobre personas determinadas o determinables, con el consiguiente menoscabo para las libertades y derechos de éstas. Nuestro legislador no ha podido permanecer ajeno a los peligros inherentes a la penetración de las modernas tecnologías en la intimidad de las personas, muy especialmente aquellos resultantes del tratamiento de sus datos personales; es así como, tras largos años de discusión parlamentaria, vino a dar a luz la Ley 19.628, sobre protección de la vida privada. Sin embargo, la normativa en cuestión omitió establecer un adecuado sistema de control, a fin de cerciorarse del cumplimiento de sus preceptos; muy en especial, la ley prescinde de una autoridad de control que vele por la realización de sus mandatos, lo cual socava toda pretensión de obtener un nivel de protección adecuado a los derechos de las personas concernidas. La presente tesis, tras considerar el desarrollo en el derecho comparado del régimen jurídico aplicable al tratamiento de datos personales, así como la concreción que ha merecido en Chile, se detiene en los diversos mecanismos de control previstos para garantizar la eficacia de la normativa en examen, con especial énfasis en la institución de un organismo público encargado de promover e informar a la comunidad sobre la legislación aplicable, fiscalizar el cumplimiento de ella y sancionar su infracción, o bien instar por la sanción del infractor, en su caso. Finalmente, tras hilar las principales conclusiones a que el estudio arriba, se esboza una propuesta con miras a incorporar a nuestra institucionalidad una autoridad de control en materia de tratamiento de datos personales, mediante la cual brindar eficacia a las previsiones legislativas

Submitted by Noeme Timbo (noeme.timbo@metodista.br) on 2017-01-27T14:19:22Z No. of bitstreams: 1 JulianaG.Santos.pdf: 965373 bytes, checksum: e9ac2dac85934fdcd07c615473464973 (MD5)
Made available in DSpace on 2017-01-27T14:19:22Z (GMT). No. of bitstreams: 1 JulianaG.Santos.pdf: 965373 bytes, checksum: e9ac2dac85934fdcd07c615473464973 (MD5) Previous issue date: 2016-11-23
Personal data protect procedures are organizational tools that properly used by the employee help in the prevention and personal data protect within a safety and transparency organizational limit. This study analyzed the factors that have influenced the perception of the employees of Brazilian organizations about perceived benefits of compliance on the policies established in the prevention and protection of personal data. The research was conducted through a quantitative research approach with analysis of structural equations and the study data were collected through a survey tool to obtain a valid sample of 220 respondents. The study concluded that trust in organization and the risk of loss of personal data are stimulus that positive influence the benefits perceived of the compliance. The results also show that the employees who had your data improperly used, reduces your credibility in organizational controls and increases their perceived risk of privacy loss. The result of the study can help organizations managers to achieve greater adherence of employees with regard to personal data protection policy of organization in which they work, in addition to demonstrate the importance of credibility in internal controls and trust in the organization as predictors of perceived benefits of compliance.
Políticas de proteção de dados pessoais são ferramentas organizacionais que, se usadas de maneira adequada pelos colaboradores auxiliam na prevenção e proteção dos dados pessoais dentro de um limite de segurança e transparência organizacional. Este estudo objetiva analisar os fatores que influenciam a percepção dos empregados de organizações brasileiras quanto aos benefícios percebidos de compliance sobre as políticas estabelecidas na prevenção e proteção dos dados pessoais. A pesquisa foi conduzida através de uma abordagem de investigação quantitativa, com análise por equações estruturais e os dados do estudo foram coletados por meio de um instrumento de pesquisa com obtenção de uma amostra válida de 220 respondentes. O estudo concluiu que a Confiança na organização e a Percepção do risco de perda dos dados pessoais são estímulos que influenciam positivamente os benefícios percebidos de compliance. Os resultados também evidenciam que o empregado que teve seus dados utilizados de forma indevida reduz a sua credibilidade nos controles organizacionais e aumenta a sua Percepção do risco de perda de privacidade. O resultado do estudo pode auxiliar gestores de organizações a obter maior aderência dos empregados quanto às políticas de proteção de dados pessoais da organização em que trabalham, além de demonstrar a importância da credibilidade nos controles internos e a confiança na organização como preditores dos benefícios percebidos de compliance.

In questa tesi mi sono occupato di Big Data. Che cosa sono, perchè sono importanti, che prospettive di utilizzo e di crescita hanno, da chi vengono utilizzati e a quali scopi. In particolare poi, mi sono soffermato sulle leggi che ne regolamentano gli usi. Quali norme in vigore ed in via di adozione sono presenti nel contesto nazionale e continentale. Un'attenzione particolare l'ho dedicata ad alcune grandi forze economiche che perseguono i propri interessi grazie alla rete. Di queste ultime ho raccontato in che modo si agevolano grazie ai Big Data rispetto alle concorrenti e di come, a volte, non ne facciano un utilizzo pienamente etico, anche se (non sempre) all'interno dei limiti di legge. Nel testo affronto le problematiche delle persone comuni nell'era digitale. Come la tutela dei loro diritti personali fondamentali, compresi sommariamente nel diritto alla privacy, sia messa a dura prova dalle nuove tecnologie in costante sviluppo. I pericoli che possono scaturire da pericolosi accentramenti di potere, dovuti al possesso di grosse quantità di dati da parte di pochi soggetti. Infine ho provato a suggerire alcuni approcci al tema che possano in qualche modo risolvere o quantomeno ridurre il problema del controllo sui propri dati. Riassumendo, considero questo lavoro come una visione ad ampio raggio delle possibilità e dei rischi che l'utilizzo dei Big Data comporta e comporterà in un futuro prossimo.

Publicación a texto completo no autorizada por el autor
Muestra el desarrollo de un Data Warehouse y su debida explotación, para el tratamiento de la información de las personas con discapacidad del Perú, a través de la integración de los datos relacionados a los procesos principales en el tema de la discapacidad de las personas; datos e información que es manejada por el Consejo Nacional para la integración de las Personas con Discapacidad (CONADIS), institución responsable de los temas relacionados a la problemática de la discapacidad en el Perú.
Tesis

La biométrie regroupe l'ensemble des techniques informatiques qui permettent de reconnaître un individu sur ses caractères biologiques, physiques ou comportementaux. D'abord réservée au domaine judiciaire, elle se démocratise dans toutes les sphères de la vie des individus. Depuis quelque temps, la biométrie est employée dans les entreprises toujours réceptives aux nouvelles technologies. Ainsi, l'insertion de tels dispositifs en entreprise doit faire l'objet d'un dialogue social entre le chef d'entreprise et les représentants du personnel car il s'agit d'une technologie dite de surveillance, souvent comparée à la vidéosurveillance, aux puces RFID, aux données GPS et peut aboutir à l'espionnage des salariés s'ils ne sont pas encadrés. A défaut de législation spécifique, le législateur a confié à la CNIL le soin d'établir les critères d'admissibilité de cette technologie au sein des entreprises. La législation Informatique et libertés se mêle alors à celle du droit du travail, pour faire appliquer des principes communs tels la finalité, la proportionnalité, la loyauté, la transparence de l'information et le consentement des salariés
Biometry brings together computing techniques that enable the identification of individuals on the basis of their biological, physical appearance and/or behavioral characteristics. Although firstly reserved for the legal system/judiciary domain, biometry tends to be generalized in all spheres of people life. Recently, biometry has also been used in companies who are always receptive to new technologies. Thus, the introduction of identifying devices such as these into a company life has to be the subject of corporate discussions between the managing teams and staff representatives. Indeed, such technologies are often compared to video surveillance, RFID chips, GPS data … and they can lead to the spying of employees if their uses are not well supervised. In the absence of specific laws, the legislator has given the CNIL the abilities to establish the requirements of eligibility of this technology usage within the companies. The "liberty and computing" legislation is then combined with the labor laws in order to apply common principles such as the finality, the proportionality, the loyalty, the transparency of information and employee consents

Le monde des logiciels doit être interprété de manière extensive à l’instar de la présence de l’outil informatique dans la société contemporaine. Le présent travail de recherche entend mettre en avant que la protection du logiciel par le droit d’auteur est davantage opportuniste que réfléchie. Cet opportunisme se ressentait par une volonté libérale de déléguer aux acteurs économiques la fixation des règles propres aux régimes juridiques applicables aux logiciels. Jusqu’à très récemment, la conjugaison du droit d’auteur et du droit des contrats ont entraîné à la fois accentué l’exclusivité sur son code fondée sur le droit d’auteur, ainsi qu’une immunité sur la qualité de son code fondée sur le droit des contrats. Une telle politique a engendré un mouvement contestataire du droit de la propriété intellectuelle, un accroissement des risques des utilisateurs et une protection perverse puisque la divulgation de l’œuvre est supposée être faite lorsque l’auteur l’estime être prête. Ce laissez faire normatif se retrouve également dans les données informatiques, informations, où l’absence de protection d’alors faisait l’objet de grands débats entre informaticiens (libéraux) et juristes (conservateurs). Or la présente étude prône pour l’établissement d’un patrimoine immatériel comme semble l’amorcer les mouvements législatifs et prétoriens actuels. Néanmoins ce patrimoine immatériel étant facilement duplicable en n’étant pas par défaut exclusif, les forces de l’ordre et renseignement peuvent s’en saisir également plus facilement grâce à l’aide des fournisseurs de service. Ceci facilite également l’établissement d’un panopticon intrusif
The world of software shall be constraint widely as could testified the computer tool in our modern society. This research tries to emphasize that the protection of the software is more an opportunistic choice than a reasoned one. That opportunism was seen through the delegation of the rulemaking of the juridical regime of the software to the economic actors. Until very recently, the conjugation of the copyright and ordinary law of contracts which increased the exclusivity of the stakeholder over the code, through the copyright, and an immunity over the poor quality over the same code through the contract law. Such policy generated a dissenting movement against the IP rights, an increasing of the risks on the consumers and a perverted protection because the disclosure of the work by its authors is supposed to be done when the author judges it ready. This legal laissez-faire is also found in the computerized data, informations, where the absence of protection by itself was subject to debates between programmers (liberals) and lawyers (conservative). Or our research is pleading for the establishment of a digital patrimony as the latest laws and cases laws are developing. However the digital patrimony is easily copied and not exclusive by nature, police and intelligence committees can cease it easily than before, thanks to the help of service providers. Such patrimony also helps to the building of an intrusive panopticon

The thesis evaluates the current possibilities and problems of drone control and suggests possible solutions. The aim is to control drones more efficiently and easily. The final system is based on third person view and Augmented Virtuality technology where real data from the drone (video-stream, localization information) has been integrated into the virtual 3D model of the surroundings. The model of the surroundings has been created using free data. The application provides the pilot with the means to navigate in the surroundings and to navigate to destinations. It also offers the possibility to define areas with various potential security risks during mission planning, which will be used to navigate in the mission zones, and to visualize the overall situation in the virtual scene extended with online real data.

La gestion électronique des données médicales consiste autant dans le simple traitement automatisé des données personnelles que dans le partage et l'échange de données relatives à la santé. Son encadrement juridique est assuré, à la fois, par les règles communes au traitement automatisé de toutes les données personnelles et par celles spécifiques au traitement des données médicales. Cette gestion, même si elle constitue une source d'économie, engendre des problèmes de protection de la vie privée auxquels le gouvernement français tente de faire face en créant l'un des meilleurs cadres juridiques au monde, en la matière. Mais, de grands chantiers comme celui du dossier médical personnel attendent toujours d'être réalisés et le droit de la santé se voit devancer et entraîner par les progrès technologiques. Le développement de la télésanté bouleverse les relations au sein du colloque singulier entre le soignant et le soigné. L'extension des droits des patients, le partage de responsabilité, l'augmentation du nombre d'intervenants, le secret médical partagé constituent de nouveaux enjeux avec lesquels il faut, désormais compter. Une autre question cruciale est celle posée par le manque d'harmonisation des législations augmentant les risques en cas de partage transfrontalier de données médicales
The electronic management of medical data is as much in the simple automated processing of personal data in the sharing and exchange of health data . Its legal framework is provided both by the common rules to the automated processing of all personal data and those specific to the processing of medical data . This management , even if it is a source of economy, creates protection issues of privacy which the French government tries to cope by creating one of the best legal framework in the world in this field. However , major projects such as the personal health record still waiting to be made and the right to health is seen ahead and lead by technological advances . The development of e-health disrupts relationships within one dialogue between the caregiver and the patient . The extension of the rights of patients , sharing responsibility , increasing the number of players , the shared medical confidentiality pose new challenges with which we must now count. Another crucial question is posed by the lack of harmonization of legislation increasing the risks in cross-border sharing of medical

This paper focuses on methods for financial institutions to perform precise customer level analysis to anticipate customers' evolving financial needs and maximize the lifetime value of each customer relationship. The paper proposes software packages that analyze customer relationship management from a financial perspective.

Le commerce électronique B to C se popularise de plus en plus et le nombre de ses adeptes ne cesse de croître d'année en année. Ses avantages, pour les consommateurs, en termes de rapidité, de commodité et de proximité ne sont plus à prouver. Néanmoins, la particularité du medium utilisé pour effectuer des transactions en ligne et les spécificités de l'environnement électronique, notamment l'immatérialité, l'interactivité et l'internationalité influent considérablement sur la confiance des cyberconsommateurs en même temps qu'elles accroissent leur vulnérabilité, d'où la nécessité d'un cadre juridique adapté afin que l'essor du commerce électronique B to C ne néglige pas la protection des cyberconsommateurs. Conscients de cet impératif, les législateurs communautaire, français et tunisien, ont mis en place un certain nombre de mesures de nature à rassurer ces derniers et leur permettre de s'engager dans des transactions de commerce en ligne en toute confiance. Ces mesures sont de deux ordres : les unes sont destinées à assurer au cyberconsommateur une protection intrinsèque au processus de la transaction en ligne ; cette protection se manifeste en amont de la transaction, lors de la phase précontractuelle, mais également pendant la période contractuelle, c'est-à-dire au moment de la finalisation de la transaction en ligne et de son exécution. Les autres ont pour objectif de garantir au consommateur une protection extrinsèque au processus de la transaction du commerce électronique. Deux aspects sont, à cet égard, pris en compte : la protection des données à caractère personnel traitées dans le cadre d'une transaction en ligne et les aspects du droit international privé de la protection du cyberconsommateur
B to C e-commerce is increasingly gaining popularity. The number of its followers has seen a drastic surge throughout the few recent years. Its advantages in terms of speed, convenience and proximity are not any more questionable by consumers. Nevertheless, the characteristic of this medium used to carry out online transactions as well as the specificities of the electronic environment - in particular the immateriality, the interactivity and internationality - influence considerably cyber-consumers confidence. Simultaneously, they increase their vulnerability. Thus, the need for an appropriate legal framework to regulate the rise of B to C e-commerce and protect cyber-consumers. Taking into account these requirement, community, French and Tunisian legislators set up a number of measures to reassure the latter and allow them to engage confidently in online commerce transactions. These measures have two targets: some of them were intended to grant cyber-consumers an intrinsic protection in the process of the online transaction. This protection is set to be an upstream transaction protection at the pre-contractual phase as well as during the contractual period; i.e. at the level of on line transaction finalization and execution. The others aim to guarantee the consumer an extrinsic protection throughout the process of e-commerce transaction. In this respect, two aspects are taken into account, namely: personal data processed during transactions and the aspects of private international law of cyber-consumer protection

Tout aurait été dit à propos du « secret médical ». Les disputes doctrinales relatives aux fondements du secret professionnel se seraient taries puisqu’il serait désormais délimité par le seul intérêt du malade, ce qui expliquerait par ailleurs la généralisation du secret professionnel à l’ensemble des personnes intervenant dans le système de santé. Pourtant, lorsqu’il s’agit d’interroger le rapport entre les technologies de l’information et de la communication et le « secret médical » le discours de la doctrine manque de clarté. Quel est l’impact des techniques de l’information et de la communication sur le « secret médical » ? La question mérite d’être posée en explorant des cadres d’analyse différents de ceux qui sont traditionnellement employés afin de la reformuler pour savoir ce que révèle le mouvement de fond qui fait pressentir que le « secret médical » est à la fois « protégé » par le droit face à l’utilisation des technologies et « affaibli » en droit et par les technologies
Is there something to add about “medical secrecy”? Scholar disputes over the professional secrecy foundations are supposed to be dried up, since it is now limited to the patient’s interest alone, which would explain the generalization of medical secrecy to all persons of the care system. Yet, when it comes to the matter of the relationship between information and communications technologies and medical secrecy, the scholar discourse suffer from a lake of clarity. What is the impact of the information and communications technologies on the “medical secrecy”? It is a question worth asking by exploring different analytical frameworks from those traditionally employed. The latter is about studying the structural movement according to which the medical secrecy is at the same time “protected” by Law in face of information and communications technologies and “affected” in Law and by the technologies

L'informatique et Internet en particulier favorisent grandement la collecte de données à l'insu de l'utilisateur, leur divulgation à des tiers et le croisement des données. La densité des activités humaines dans le monde numérique constitue donc un terrain fertile pour de potentielles atteintes à la vie privée des utilisateurs. Les présents travaux examinent d'abord le contexte légal de la protection de la vie privée, ainsi que les divers moyens informatiques destinés à la protection des données personnelles. Il en ressort un besoin de solutions centrées utilisateur, lui donnant davantage de contrôle sur ses données personnelles. Dans cette perspective, nous analysons le cadre légal français et européen pour en tirer des axes de protection. Nous spécifions ensuite les contraintes tirées de ces axes, en proposant de les introduire dans les modèles de politiques de sécurité existants. Ainsi, nous suggérons l'application d'un seul modèle pour le contrôle d'accès et la protection de la vie privée. Le modèle de contrôle d'accès doit être étendu par de nouvelles conditions et paramètres d'accès. Pour cela, nous définissons le langage XPACML (eXtensible Privacy aware Access Control Markup Language) conçu sur la base d'extensions apportées au modèle de contrôle d'accès XACML. Placés dans un contexte E-Commerce, nous avons défini un modèle sémantique permettant de représenter les contextes liés aux différentes transactions électroniques. Ainsi nous avons pu effectuer une génération dynamique des politiques XPACML en fonction du contexte en cours. A la quête d'une protection étendue des données personnelles, nous avons consacré la dernière partie de nos travaux aux négociations possibles qui peuvent être effectuées entre un utilisateur et un fournisseur de service. Ainsi nous avons proposé deux protocoles. Le premier porte sur la négociation des termes et conditions des politiques de protection des données, alors que le deuxième porte sur la négociation des données à dévoiler elles mêmes

La protection des données personnelles sensibles consistait, jusqu'au RGPD, en un contrôle préalable réalisé par une autorité indépendante, malgré l’obstacle posé à la libre circulation. Cette protection renforcée est aujourd'hui remplacée par l’obligation du responsable de traitement d’élaborer une étude d’impact. Une telle mutation implique un risque de pré-légitimation des traitements et peut être favorable au responsable de traitement. Or, est-elle conforme au droit fondamental à la protection des données personnelles ? La thèse interroge le contenu de ce droit et la validité du RGPD. À partir d'une étude comparative allant des années 1970 à nos jours, entre quatre pays et l’Union européenne, les données personnelles sensibles sont choisies comme moyen d'analyse en raison de la protection particulière dont elles font l’objet. Il est démontré qu’en termes juridiques, la conception préventive fait partie de l’histoire de la protection européenne des données et peut donner un sens à la protection et à son seul bénéficiaire, l’individu.Un tel sens serait d’ailleurs conforme aux Constitutions nationales qui garantissent aussi l’individu malgré leurs variations. Cependant, cette conception n’est pas forcement compatible avec l’art. 8 de la Charte des droits fondamentaux de l’UE. La thèse explique que cette disposition contient la garantie d’une conciliation (entre les libertés de l’UE et celles des individus) qui peut impliquer une réduction de la protection de ces dernières. Or, il revient à la CJUE, désormais seule compétente pour son interprétation, de dégager le contenu essentiel de ce droit ; objectif auquel la thèse pourrait contribuer
Before the GDPR, protection of sensitive personal data consisted of a prior check by an independent authority despite limiting their free movement. This has been replaced by the obligation of the controller to prepare a privacy impact assessment. With this modification, one can assume a risk of pre-legitimization of data processing, putting the controller at an advantage. Is that compatible with the fundamental right to the protectionof personal data ? This thesis questions the content of this right and the validity of the GDPR. It is based on a comparative study from 1970s until present day between four European countries and the European Union, in which sensitive data are chosen as a meanto the analysis due to their particular protection. Research shows that in legal termsthe preventive conception is a part of the history of protection in the European Union. By limiting freedom of processing it gives meaning to protection and its only subject,the individual. Such an interpretation is compatible with National Constitutions despite their variations. However, the preventive conception of data protection is not so easily compatible with article 8 of the European Charter of Fundamental Rights. The thesis puts forward that this article contains the safeguard of a balancing, between EU liberties and individuals’ freedoms, which implicates reduced protection. It is up to the European Court of Justice to identify the essence of this right, an aim to which this thesis could contribute

La recherche vise à vérifier si et comment, au niveau de l’UE, la lutte contre la criminalité (surtout organisée) est conduite dans le respect de droits et libertés fondamentales, et si la coopération en matière entre les États membres peut promouvoir des standards de protection élevés et homogènes. La traditionnelle reluctance des États à confier les relatives compétences à l’Union a fortement entravé le développement d’un « espace de liberté, sécurité et justice » équilibré. Aujourd’hui le Traité de Lisbonne fournit des outils importants. Après avoir présenté la sécurité dans l’UE, j’aborde la coopération judiciaire pénale. J’analyse la riche production normative à finalité répressive, aussi que les mesures récemment adoptées à finalité protectrice et promotionnelle. Ensuite, je passe à la coopération policière et à l’intervention de l’EU en matière financière / patrimoniale, en tandem avec les droits à la protection des données personnelles et de la propriété privé
The research aims to verify whether and how, at the EU level, the fight against crime (particularly organized crime) is perpetuated in full respect of fundamental rights and freedoms, and whether cooperation among Member States in this field can promote high and homogeneous standards of protection.The historical reluctance of Member States to give the relative competences to the Union has strongly obstructed the development of an equilibrated “area of freedom, security and justice”. However, the Lisbon Treaty has provided important tools. After firstly presenting security in the EU, I discuss judicial cooperation in criminal matters. Both the rich normative production aimed at repression, and the more recently adopted measures finalized at guarantying and promoting individual rights are analyzed. Then, I pass to police cooperation and EU financial / patrimonial intervention, together with the right to protection of personal data and the right to property - the two most at stake

The individual of today incessantly insists on more protection of his/her personal privacy than a few years ago. During the last few years, rapid technological advances, especially in the field of information technology, directed most attention and energy to the privacy protection of the Internet user. Research was done and is still being done covering a vast area to protect the privacy of transactions performed on the Internet. However, it was established that almost no research has been done on the protection of the privacy of personal data that are stored in tables of a relational database. Until now the individual had no say in the way his/her personal data might have been used, indicating who may access the data or who may not. The individual also had no way to indicate the level of sensitivity with regard to the use of his/her personal data or exactly what he/she consented to. Therefore, the primary aim of this study was to develop a model to protect the personal privacy of the individual in relational databases in such a way that the individual will be able to specify how sensitive he/she regards the privacy of his/her data. This aim culminated in the development of the Hierarchical Privacy-Sensitive Filtering (HPSF) model. A secondary aim was to test the model by implementing the model into query languages and as such to determine the potential of query languages to support the implementation of the HPSF model. Oracle SQL served as an example for text or command-based query languages, while Oracle SQL*Forms served as an example of a graphical user interface. Eventually, the study showed that SQL could support implementation of the model only partially, but that SQL*Forms was able to support implementation of the model completely. An overview of the research approach employed to realise the objectives of the study: At first, the concepts of privacy were studied to narrow down the field of study to personal privacy and the definition thereof. Problems that relate to the violation or abuse of the individual’s personal privacy were researched. Secondly, the right to privacy was researched on a national and international level. Based on the guidelines set by organisations like the Organisation for Economic Co-operation and Development (OECD) and the Council of Europe (COE), requirements were determined to protect the personal privacy of the individual. Thirdly, existing privacy protection mechanisms like privacy administration, self-regulation, and automated regulation were studied to see what mechanisms are currently available and how they function in the protection of privacy. Probably the most sensitive data about an individual is his/her medical data. Therefore, to conclude the literature study, the privacy of electronic medical records and the mechanisms proposed to protect the personal privacy of patients were investigated. The protection of the personal privacy of patients seemed to serve as the best example to use in the development of a privacy model. Eventually, the Hierarchical Privacy-Sensitive Filtering model was developed and introduced, and the potential of Oracle SQL and Oracle SQL*Forms to implement the model was investigated. The conclusion at the end of the dissertation summarises the study and suggests further research topics.
Prof. M.S. Olivier

The theme of the dissertation is surveillance. Its aim is to answer the following question: up to what extend do we live in a society, which may be described as a surveillance society. For this purpose it defines, what is meant by surveillance, how surveillance evolved through history, which theories relevantly describe this phenomenon and in which spheres surveillance is notable. The dissertation introduces the main theories of the multi-disciplinary field of surveillance studies, which has been developing over the last twenty years. Special attention is focused on CCTV systems. At the same time, the thesis focuses on ethical problems of surveillance, i.e. privacy, discrimination, social exclusion, transparency and responsibility.

In my dissertation I will deal with the issue of surveillance, which is applied in the area of marketing, consumption and in connection with that in advertising. I will concentrate mainly on the current age and therefore on the electronic surveillance, so the history of the surveillance studies will not be dealt with in this thesis in more detail. The first part of the thesis will be theoretical focusing on the main theses and theories of the current surveillance authors, especially the issues of electronic surveillance. The next part of this thesis will focus on surveillance and surveillance techniques in marketing and consumption. In this part I will also build on the theories of contemporary authors discussing the surveillance topic in the commercial sphere, but I will try to complement the theoretical introduction of the issue with the specific functioning of this phenomenon in practice. The main aim of this thesis will mainly be an overview and comprehensive illumination of surveillance and control issues focusing on the field of marketing and consumption and also mapping its operation in practice. In this part, I will focus on the issue of electronic surveillance in terms of marketing strategies focusing on the application of surveillance on the Internet and particulary on social networks. I...

O uso intensivo de conversores electrónicos de potência e de outras cargas não lineares, tais como equipamentos electrónicos e iluminação com lâmpadas de descarga em meio gasoso, tanto na indústria como nos outros consumidores em geral, é responsável por um aumento na deterioração das formas de onda de corrente e tensão nos sistemas eléctricos. A presença de harmónicos nas linhas eléctricas causa não só maiores perdas no sistema de distribuição de energia, como também problemas de interferências nos sistemas de comunicações, operação indevida de sistemas de protecção, e por vezes, deficiências no funcionamento de equipamentos electrónicos, que são cada vez mais sensíveis, pois incluem sistemas de controlo baseados em microelectrónica, que operam com níveis de energia muito baixos. Os efeitos a longo prazo são basicamente, sobreaquecimento e envelhecimento prematuro dos dispositivos eléctricos e a fadiga mecânica das máquinas eléctricas. Os filtros passivos podem ser utilizados para compensar diversos problemas de qualidade de energia, mas apenas resolvem os problemas para as frequências que são sintonizados. Além disso, a sua operação não pode ser limitada a uma determinada zona da rede eléctrica e os fenómenos de ressonância não podem ser totalmente prevenidos. Os filtros activos são dispositivos electrónicos de potência que não apresentam as desvantagens dos filtros passivos, podendo compensar alguns dos problemas relacionados com a tensão e a corrente, nomeadamente: falhas de curta duração, distorção da corrente ou tensão causada por harmónicos, desequilíbrio de correntes ou tensões em sistemas trifásicos, flutuação (subharmónicos), sobretensões e subtensões momentâneas, e podem também fazer a correcção do factor de potência. Existem fundamentalmente dois tipos de filtros activos: o filtro activo paralelo, para filtragem das correntes nas linhas; e o filtro activo série, para filtragem das tensões de alimentação. Os algoritmos de controlo baseados na teoria p-q podem ser utilizados de forma simples e eficaz no controlo de filtros activos. Os cálculos são feitos no domínio dos tempos, com valores instantâneos de tensões e correntes, e são relativamente simples. No caso da compensação de tensão com um filtro activo série, é também possível utilizar em alternativa, algoritmos baseados no controlo clássico (por exemplo, controlo proporcional + integral), pois os sinais de referência são conhecidos. O objectivo principal desta tese consistiu no estudo, simulação, desenvolvimento, e teste de um filtro activo série com sistema de controlo implementado num computador pessoal (PC) munido de uma placa de aquisição de dados genérica para o barramento PCI. Esta opção justifica-se devido ao baixo custo, elevada capacidade de processamento, versatilidade e pelas inúmeras possibilidades oferecidas por um sistema de controlo baseado em computador pessoal. O controlo do filtro activo série é um tipo de aplicação que requer um controlador rápido, que não perca amostras, e no qual os intervalos de tempo de resposta máximos permitidos sejam garantidos. Estas características implicam a necessidade de um sistema de controlo em tempo real (hard real time, na literatura inglesa). A implementação do circuito de controlo baseada em PC apresenta algumas dificuldades. Os maiores problemas estão relacionados com os sistemas operativos multitarefa vulgares, podendo ser resolvidos apenas por programadores de nível muito avançado. Outro problema é o lento sistema de entrada/saída de dados. Estas placas são ligadas ao barramento PCI, logo não tiram partido de toda a velocidade do processador, sendo normalmente concebidas para monitorização e controlo de processos. Desse modo, são muito limitadas no tocante ao controlo em tempo real, e além disso, os fabricantes ainda não disponibilizam soluções de baixo custo para execução desse tipo de controlo implementado em PC. Habitualmente é necessário fazer a sincronização dos filtros activos de potência com os sinais distorcidos presentes na rede eléctrica. Os circuitos mais simples, como o detector de passagem por zero podem falhar com facilidade, sendo necessário recorrer a circuitos mais robustos. Discutem-se aqui duas soluções possíveis: o circuito Phase Locked Loop e o Filtro Vectorial Adaptativo. Nesta tese apresentam-se também resultados de simulações e experimentais dos controladores desenvolvidos, e dos filtros activos de potência. Além disso é feita uma comparação com uma implementação baseada em microcontrolador.
The intensive use of power converters and other non-linear loads, such as electronic equipments and discharge lamps, in industry and by consumers in general, is responsible for an increase in the deterioration of the power systems current and voltage waveforms. The presence of harmonics in the power lines results in greater power losses in the distribution system, interference problems in communication systems, faulty operation of protection devices, and sometimes, in operation failures of electronic equipments, which are more and more sensitive since they include microelectronic control systems, which work with very low energy levels. In the long run the effects are, basically, overheating and premature aging of electric devices and mechanical fatigue of electrical machines. Passive filters can be used to compensate some power quality problems, but they only solve the problems for the frequencies they were tuned for. Besides, their operation cannot be limited to a certain zone, and resonances cannot be fully prevented. Active power filters are power electronic devices which do not have the disadvantages of passive filters and are able to compensate some voltage and current related problems, namely: short outages, current or voltage distortion due to harmonics, current or voltage unbalance in three-phase systems, flicker (subharmonics), momentary overvoltages or undervoltages, and they can also correct power factor. There are basically two types of active filters: the shunt active filter, to filter line currents; and the series active filter, to filter mains voltages. The control algorithms based on the p-q theory may be easily and efficiently used for controlling active filters. The calculations are done in the time domain, with instantaneous values of voltages and currents, and are relatively simple. If the voltages are being compensated with a series active filter, it is also possible to efficiently use a classical control approach (for example, proportional + integral control), because the reference signals are known. The main objective of this thesis was to study, simulate, develop, and test a series active filter with a control system implemented in a personal computer (PC), using a standard multifunction data acquisition PCI bus card. This option is justified by its relative low cost, high processing capability, versatility, and because of the numerous possibilities offered by such a computer-based system. The control of a series active filter is a type of application which requires a fast controller, which does not lose samples, and where all the maximum allowed deadlines must be met each and every time. These characteristics imply that this application needs a hard real-time control system. A PC implemented controller presents some difficulties. The main problems are related to the standard multitasking operating systems, and can only be solved by very skilled programmers. Another problem is the slow data input/output system. These boards are connected to the PCI bus and do not take advantage of the full processor speed. They are usually designed to acquire data for monitoring purposes or process control. Thus, they are very limited when performing hard real-time control, and besides, hardware manufacturers do not provide low cost solutions to perform PC based hard real-time control, yet. Usually, it is necessary to synchronize the active power filters with the mains distorted electric signals. Simple circuits like zero crossing detectors may easily fail in performing this task, so it is necessary to use more robust circuits. Two possible solutions are discussed here: the Phase Locked Loop and the Vector Adaptative Filter. In this thesis, simulated and experimental results of the developed controllers and active power filters are also presented. Furthermore, a comparison with a microcontroller based implementation is made.
PRODEP

O advento dos instrumentos de flexibilidade do tempo de trabalho potenciou a imprevisibilidade da jornada laboral e a consequente intensificação da necessidade de controlar a mesma de forma clara e precisa. Este controlo visa garantir o cabal cumprimento das normas relativas à duração e organização do tempo de trabalho, estando indiretamente ligado a vários princípios basilares do Direito do Trabalho, nomeadamente o princípio da conciliação entre a vida profissional e a vida familiar e pessoal e o princípio da segurança e saúde no trabalho. Além disso, este controlo promove a eficácia da atividade inspetiva e proporciona ao trabalhador um precioso meio de prova. Em primeira instância, é sobre o empregador, enquanto parte essencial da relação laboral, que impendem os deveres de controlo do tempo de trabalho dos seus trabalhadores, podendo estes assumir três modalidades distintas. Relativamente ao controlo do horário de trabalho, deve o empregador elaborar um mapa de horário de trabalho que deve estar afixado num local bem visível no seio do local de trabalho em causa. O controlo da jornada de trabalho per se é feito através do registo de tempos de trabalho, modalidade que mais querelas tem levantado nos últimos tempos. Finalmente, é através do registo de trabalho suplementar que se controlam os seus limites e fundamentos. Estes mecanismos de controlo configuram dados pessoais do trabalhador, pelo que se impõe especiais cuidados na sua elaboração e manutenção.
The advent of flexibility instruments of working time increased the unpredictability of the workday and the consequent intensification of the need to control it in a clear and precise way. This control ensures compliance with the rules of duration and organization of working time and is indirectly linked to several basic principles of Labor Law, especially the principle of conciliation between professional life and family and personal life and the principle of safety and health at work. In addition, this control promotes the efficiency of inspective interventions and provides the worker with a reliable means of proof. In the first instance, it is on the employer, as an essential part of the employment relationship, that reflect the duties of controlling the working time of its workers, which can be carried out through three different modalities. Regarding the control of the working schedule, the employer must prepare a work schedule map which has to be posted in a visible location within the respective workplace. The control of the workday, by itself, is done through the registration of working hours, the modality that has triggered the most quarrels in recent times. Finally, it is through overtime record that the legal overtime limits and grounds are monitored. These control mechanisms constitute personal data of the worker, which imposes special cares in its creation and maintenance.

M.Sc. (Computer Science)
With the phenomenal growth of the Online Social Network (OSN) industry in the past few years, users have resorted to storing vast amounts of personal information on these sites. The information stored on these sites is often readily accessible from anywhere in the world and not always protected by adequate security settings. As a result, user information can make its way, unintentionally, into the hands of not only other online users, but also online abusers. Online abusers, better known as cyber criminals, exploit user information to commit acts of identity theft, Advanced Persistent Threats (APTs) and password recovery, to mention only a few. As OSN users are incapable of visualising the process of access to their OSN information, they may choose to never adjust their security settings. This can become synonymous with ultimately setting themselves up to becoming a victim of cyber crime. In this dissertation we aim to address this problem by proposing a prototype system, the Information Deduction Model (IDM) that can visualise and simulate the process of accessing information on an OSN profile. By visually explaining concepts such as information access, deduction and leakage, we aim to provide users with a tool that will enable them to make more informed choices about the security settings on their OSN profiles thereby setting themselves up for a pleasant online experience.

Dissertação de mestrado em Direito Judiciário
O presente estudo tem a intenção de repensar o conceito de proteção de dados e as sanções aplicáveis à sua violação num mundo complexo caracterizado por avanços tecnológicos e alterações legislativas. A fim de compreender se a nossa «era digital» pode ser a razão para criar outros conceitos e viver sob diferentes princípios, é crucial estar ciente do quadro internacional, europeu e nacional em matéria de proteção de dados pessoais. Com o propósito de demonstrar as diversas questões emergentes da legislação aplicável em matéria de proteção de dados pessoais, este estudo culmina com a apresentação de um «novo» direito, já reconhecido pela jurisprudência europeia e constitucionalmente consagrado no art. 35.º da C.R.P., e com uma análise do regime sancionatório a que está sujeita a sua violação. Esta «nova» dimensão da intervenção contraordenacional e penal, em matéria de proteção de dados, traz novos (ou, talvez, não tão novos) problemas de delimitação entre o direito de mera ordenação social e o direito penal após a entrada em vigor do Regulamento Geral sobre a Proteção de Dados no ordenamento jurídico português. Até que ponto o Regulamento Geral altera os quadros constitucionais da ordem jurídica nacional portuguesa, ou até esvazia o próprio direito sancionatório vigente? Será a Proposta de Lei de Proteção de Dados Pessoais, em discussão parlamentar, o melhor meio de execução do Regulamento Geral na ordem jurídica portuguesa? O presente estudo analisa as questões inerentes a esta interpelação, posicionando-se criticamente sobre as contraordenações e os crimes previstos, em matéria de proteção de dados, na legislação em vigor e em discussão parlamentar. A questão central subjacente é efetivamente o confronto do direito de mera ordenação social vigente e do direito penal clássico com uma espécie de ordem preventiva infra-criminalizadora, resultante da inflação legislativa em matéria de proteção de dados pessoais.
The current study has the intent of rethinking the concept of data protection and the sanctions applicable to its violation in a complex world characterized by technological advances and legal changes. In order to understand if our «digital era» can be the reason to craft new concepts and to live under different principles it is crucial to be aware of the international, European and national personal data protection framework. In order to demonstrate the various issues arising from the personal data protection legislation, this study culminates in the presentation of a «new» right, already recognized in European case law and constitutionally enshrined in art. 35.º of C.R.P., and in the analysis of the sanctioning framework to which it is subject its violation. This «new» dimension of administrative and criminal intervention, concerning data protection, brings new (or, perhaps, not so new) problems of delimitation between the law of mere social order and criminal law after the entry into force in the Portuguese legal order of the General Regulation on Data Protection. To what extent does the General Regulation change the constitutional frameworks of the Portuguese national legal order, or even extinguishes the sanctioning right in force itself? Is Proposed Legislative Amendment on Personal Data Protection, in parliamentary discussion, the best way to execute the General Regulation in the Portuguese legal order? The present study analyzes the issues inherent to this interpellation, positioning itself critically about misconductions and crimes regarding data protection, in the legislation in force and in parliamentary discussion. The underlying central question is effectively the confrontation of the law of mere social order in force and the traditional criminal law with a sort of undercriminalizing social preventive order, resulting from legislative inflation in terms of personal data protection.

Regulation (EU) 2016/679, on the protection of personal data of individuals, is directly applicable in all Member States of the European Union, from 25 May 2018. In recent times, has been one of the most legal documents referred to and discussed, not always in the most appropriate way. The present study aims to analyze the fundamental aspects of this Regulation trying to contribute to refocus the debate, emphasizing the main changes in the new legal rules on data protection. So, it is of paramount importance, identify and assess the impact that the new regulatory paradigm introduces in the governance of organizations in the public and private sectors. A set of new obligations, which consolidated the existing legal framework, will have to respond to the rights of data subjects. Organizations will have to draw an internal system, with procedures and new organizational measures and techniques, capable of ensuring and demonstrating compliance with the European regulation. The new political and organizational architecture, public authorities and private enterprises, will have to be based on two fundamental principles that the regulation puts in the center of processing operations of personal data and what are the principles of purpose and necessity.Guaranteed respect for these principles, there are two essential conditions of legitimacy to be lawful processing of personal data which are the proprietor's consent and the existence of legal framework required. As a guarantee for the implementation and maintenance of a policy and a data protection system, applying the best organizational practices, the Regulation created the figure of the data protection officer. Not being mandatory assignment, the regulation sees, in this figure, a "provider" that ensures the continuity of the demonstrable compliance, in conjunction with the data subjects and the national supervisory authority.
O Regulamento (EU) 2016/679, sobre a protecção dos dados das pessoas singulares, será directamente aplicável, em todos os estados Membros da União, a partir do dia 25 de Maio de 2018. Nos últimos tempos, tem sido um dos documentos jurídicos mais referidos e discutidos, nem sempre da forma mais adequada. O presente trabalho tem como objectivo analisar aspectos fundamentais do referido regulamento tentando contribuir para recentrar o debate, enfatizando as principais alterações do novo regime jurídico sobre a protecção de dados. Assim, considera-se de primordial importância, identificar e avaliar o impacto que o novo paradigma regulatório introduz na governança das organizações dos sectores público e privado. Um conjunto de obrigações novas, que densificam o quadro legal existente, terá que responder aos direitos dos titulares dos dados. As organizações terão que desenhar um sistema interno, com procedimentos e medidas técnicas e organizativas, capaz de demonstrar e de garantir a conformidade com o regulamento europeu. A nova arquitectura política e organizativa, das entidades públicas e das empresas privadas, terá que ter por base os dois princípios fundamentais que o regulamento coloca no centro das operações de tratamento dos dados pessoais e que são os princípios da finalidade e da necessidade.Garantido o respeito por estes princípios, existem duas condições essenciais de legitimidade para proceder-se ao tratamento lícito dos dados pessoais que são o consentimento do titular e a existência de enquadramento legal obrigatório. Como garantia da implementação e da manutenção de uma política e de um sistema de gestão de protecção de dados, aplicando as melhores práticas organizativas, o regulamento criou a figura do Encarregado de Protecção de Dados. Não sendo de designação obrigatória, o regulamento vê, nesta figura, um “provedor” que garante a continuidade da conformidade demonstrável, em ligação com os titulares dos dados e a Autoridade de Controlo nacional.

Indiana University-Purdue University Indianapolis (IUPUI)
In 2009, Indianapolis Emergency Medical Service (I-EMS, formerly Wishard Ambulance Service) launched an electronic medical record system within their ambulances and started to exchange patient data with the Indiana Network for Patient Care (INPC). This unique system allows EMS personnel in an ambulance to get important medical information prior to the patient’s arrival to the accepting hospital from incident scene. In this retrospective cohort study, we found EMS personnel made 3,021 patient data requests (14%) of 21,215 EMS transports during a one-year period, with a “success” match rate of 46%, and a match “failure” rate of 17%. The three major factors for causing match “failure” were (1) ZIP code 55%, (2) Patient Name 22%, and (3) Birth Date 12%. This study shows that the ZIP code is not a robust identifier in the patient identification process and Non-ZIP code identifiers may be a better choice due to inaccuracies and changes of the ZIP code in a patient’s record.