Privacy by design (PbD) is considered an international principle for privacy protection. For understanding and applying a PbD legal provision, the context of the data processing is essential. This paper intends to analyse the data protection by design (DPbD) legal obligation in the European framework and investigate how it can be implemented in the context of e-health for Electronic Health Records. The PbD approach may play a pivotal role in this sector to fulfil the requirements of the law and to better protect the rights of the data subjects. To fulfil these goals, to understand the deeper meaning of the concept and to evaluate the approach itself, the paper conducts a theoretical legal analysis on PbD and critically compares the edges, the benefits, the challenges and the disadvantages. As the chosen legal framework is that of the European Union, the DPbD legal obligation established by the GDPR will be examined. The paper first gives a brief overview of the applicable EU legal framework for EHRs. Settled this context, the paper proposes a comprehensive DPbD model for the privacy management with technical and organisational measures to be implemented in EHRs. The purpose is to provide more guidance for data controllers and developers on how to comply with the DPbD obligation.
A Data Protection by Design Model for Privacy Management in Electronic Health Records / Bincoletto, G.. - 11498:(2019), pp. 161-181. (Intervento presentato al convegno 7th Annual Privacy Forum, APF 2019 tenutosi a Rome nel June 13–14, 2019) [10.1007/978-3-030-21752-5_11].
A Data Protection by Design Model for Privacy Management in Electronic Health Records
Bincoletto G.
2019-01-01
Abstract
Privacy by design (PbD) is considered an international principle for privacy protection. For understanding and applying a PbD legal provision, the context of the data processing is essential. This paper intends to analyse the data protection by design (DPbD) legal obligation in the European framework and investigate how it can be implemented in the context of e-health for Electronic Health Records. The PbD approach may play a pivotal role in this sector to fulfil the requirements of the law and to better protect the rights of the data subjects. To fulfil these goals, to understand the deeper meaning of the concept and to evaluate the approach itself, the paper conducts a theoretical legal analysis on PbD and critically compares the edges, the benefits, the challenges and the disadvantages. As the chosen legal framework is that of the European Union, the DPbD legal obligation established by the GDPR will be examined. The paper first gives a brief overview of the applicable EU legal framework for EHRs. Settled this context, the paper proposes a comprehensive DPbD model for the privacy management with technical and organisational measures to be implemented in EHRs. The purpose is to provide more guidance for data controllers and developers on how to comply with the DPbD obligation.| File | Dimensione | Formato | |
|---|---|---|---|
|
Bincoletto - 2019 - A Data Protection by Design Model for Privacy Mana.pdf
Solo gestori archivio
Tipologia:
Versione editoriale (Publisher’s layout)
Licenza:
Tutti i diritti riservati (All rights reserved)
Dimensione
341.94 kB
Formato
Adobe PDF
|
341.94 kB | Adobe PDF | Visualizza/Apri |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione
