Privacy by design (PbD) is considered an international principle for privacy protection. For understanding and applying a PbD legal provision, the context of the data processing is essential. This paper intends to analyse the data protection by design (DPbD) legal obligation in the European framework and investigate how it can be implemented in the context of e-health for Electronic Health Records. The PbD approach may play a pivotal role in this sector to fulfil the requirements of the law and to better protect the rights of the data subjects. To fulfil these goals, to understand the deeper meaning of the concept and to evaluate the approach itself, the paper conducts a theoretical legal analysis on PbD and critically compares the edges, the benefits, the challenges and the disadvantages. As the chosen legal framework is that of the European Union, the DPbD legal obligation established by the GDPR will be examined. The paper first gives a brief overview of the applicable EU legal framework for EHRs. Settled this context, the paper proposes a comprehensive DPbD model for the privacy management with technical and organisational measures to be implemented in EHRs. The purpose is to provide more guidance for data controllers and developers on how to comply with the DPbD obligation.
A Data Protection by Design Model for Privacy Management in Electronic Health Records / Bincoletto, Giorgia. - STAMPA. - 11498:(2019), pp. 161-181. (Intervento presentato al convegno 7th Annual Privacy Forum, APF 2019 tenutosi a Roma nel 13-14 giugno 2019) [10.1007/978-3-030-21752-5_11].
A Data Protection by Design Model for Privacy Management in Electronic Health Records
Bincoletto, Giorgia
2019
Abstract
Privacy by design (PbD) is considered an international principle for privacy protection. For understanding and applying a PbD legal provision, the context of the data processing is essential. This paper intends to analyse the data protection by design (DPbD) legal obligation in the European framework and investigate how it can be implemented in the context of e-health for Electronic Health Records. The PbD approach may play a pivotal role in this sector to fulfil the requirements of the law and to better protect the rights of the data subjects. To fulfil these goals, to understand the deeper meaning of the concept and to evaluate the approach itself, the paper conducts a theoretical legal analysis on PbD and critically compares the edges, the benefits, the challenges and the disadvantages. As the chosen legal framework is that of the European Union, the DPbD legal obligation established by the GDPR will be examined. The paper first gives a brief overview of the applicable EU legal framework for EHRs. Settled this context, the paper proposes a comprehensive DPbD model for the privacy management with technical and organisational measures to be implemented in EHRs. The purpose is to provide more guidance for data controllers and developers on how to comply with the DPbD obligation.| File | Dimensione | Formato | |
|---|---|---|---|
|
Bincoletto2019_Chapter_ADataProtectionByDesignModelFo.pdf
accesso riservato
Tipo:
Versione (PDF) editoriale
Licenza:
Licenza per accesso riservato
Dimensione
341.94 kB
Formato
Adobe PDF
|
341.94 kB | Adobe PDF | Visualizza/Apri Contatta l'autore |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
