GDPR Compliance: Implementation Use Cases for User Data Privacy in News Media Industry

The paper presents implementation use cases towards the consequences of maintaining user data privacy after the adoption of GDPR; specifically in the news media industry. General data privacy regulation (GDPR) is a European Union general data protection regulation adopted in 2016 subjected to protect personal data of the citizens in the EU. Besides, it implies to particular restrictions and obligations for handling user data by different companies or organizations. However, although the rule is applicable only if EU citizens are involved, all the companies started adopting the preparation and practice to maintain compliance with GDPR. In this paper, we identify and present the system design and implementation use cases for the news media industry that is compliant with the new regulations. The use cases indicate and explain significant transformation required in user data management process according to the GDPR.

[1]  Carmela Troncoso,et al.  Engineering Privacy by Design , 2011 .

[2]  Miguel López Coronado,et al.  1 Requisites of Security , Reliability and Usability in 2 Mhealth Apps : Systematic Analysis and Proposed 3 Architecture 4 , 2018 .

[3]  Hamid Jahankhani,et al.  The Impact of the new European General Data Protection Regulation (GDPR) on the Information Governance Toolkit in Health and Social Care with Special Reference to Primary Care in England , 2017, 2017 Cybersecurity and Cyberforensics Conference (CCC).

[4]  Mary J. Culnan,et al.  How Ethics Can Enhance Organizational Privacy: Lessons from the ChoicePoint and TJX Data Breaches , 2009, MIS Q..

[5]  H. Nissenbaum Privacy as contextual integrity , 2004 .

[6]  Kyungho Lee,et al.  An analysis of economic impact on IoT under GDPR , 2017, 2017 International Conference on Information and Communication Technology Convergence (ICTC).

[7]  Monica Palmirani,et al.  A Visualization Approach for Adaptive Consent in the European Data Protection Framework , 2017, 2017 Conference for E-Democracy and Open Government (CeDEM).

[8]  Dear Mr Sotiropoulos ARTICLE 29 Data Protection Working Party , 2013 .

[9]  Josep Domingo-Ferrer,et al.  Privacy by design in big data: An overview of privacy enhancing technologies in the era of big data analytics , 2015, ArXiv.

[10]  Herbert Burkert,et al.  Some Preliminary Comments on the DIRECTIVE 95/46/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. , 1996 .

[11]  Andreas Pfitzmann,et al.  Privacy 3.0 := Data Minimization + User Control + Contextual Integrity , 2011, it Inf. Technol..

[12]  Lorrie Faith Cranor,et al.  A Design Space for Effective Privacy Notices , 2015, SOUPS.

[13]  Wouter Joosen,et al.  Empirical evaluation of a privacy-focused threat modeling methodology , 2014, J. Syst. Softw..

[14]  Noah A. Smith,et al.  The Usable Privacy Policy Project : Combining Crowdsourcing , Machine Learning and Natural Language Processing to Semi-Automatically Answer Those Privacy Questions Users Care About , 2014 .

[15]  Rossana Ducato,et al.  Cloud computing for s-health and the data protection challenge: Getting ready for the General Data Protection Regulation , 2016, 2016 IEEE International Smart Cities Conference (ISC2).