References of "Chiara, Pier Giorgio 50038876"
     in
Bookmark and Share    
Full Text
Peer Reviewed
See detailLa cybersecurity come bene pubblico: alcune riflessioni normative a partire dai recenti sviluppi nel diritto UE
Brighi, Raffaella; Chiara, Pier Giorgio UL

in Federalismi.it (2021), 21

The article casts the light on how and to what extent the recent EU legislative developments can uphold the thesis that would identify cybersecurity as a public good, in particular, taking into account ... [more ▼]

The article casts the light on how and to what extent the recent EU legislative developments can uphold the thesis that would identify cybersecurity as a public good, in particular, taking into account systems’ robustness. The doctrine of the public good, which is typically an economic concept, in its normative dimension reveals a framework of shared responsibilities, in view of the common interest in having a satisfactory level of security of the information systems at the basis of our societies. Improving cybersecurity is essential, on the one hand, to trust and benefit from innovation, connectivity and automation; on the other hand, for safeguarding fundamental rights and freedoms, including the rights to privacy and to the protection of personal data, and the freedom of expression and information. Against this background, the new strategy of the European Commission on cybersecurity, the proposal for an NIS 2.0 Directive and, at a lower level of abstraction, the inclusion of minimum cybersecurity requirements for connected devices in the Directives and Regulations of the “New Legislative Framework” (NLF), testify the firm will of the Commission to outline a clear, coherent and inclusive regulatory framework, in order to increase the global level of security within the Union. [less ▲]

Detailed reference viewed: 24 (1 UL)
Full Text
Peer Reviewed
See detailDisentangling encryption from the personalization debate: On the advisability of endorsing the “relativist approach” underpinning the identifiability criterion
Chiara, Pier Giorgio UL

in University of Vienna Law Review (2021), 4(2), 168-188

The great confusion about encryption, cornerstone concept of data security, may jeopardise a proper taxonomy in order to legally qualify data. Through a technical and legal literature review, this paper ... [more ▼]

The great confusion about encryption, cornerstone concept of data security, may jeopardise a proper taxonomy in order to legally qualify data. Through a technical and legal literature review, this paper firstly aims to shed the light on the nature of encryption. Having set the context, the study investigates whether and to what extent the so-called relativist understanding of Recital 26 GDPR is desirable. It considers the effort required to identify the data subject only by the data controller: in the context of cryptography, GDPR’s regime would be applicable if a data controller is able to decrypt a data set or, at least, has reasonable possibilities of doing so. The legal analysis, integrated with technical aspects, addresses the case of polymorphic encryption as an argument in favour of the relativist approach in the post-Breyer era: if cryptographic means have been strong enough so that identification is no longer reasonably likely, such data would be effectively non-personal data. The advisability of such outcome will be critically discussed in the light of recent business trends, where big corporations are increasingly investing in business models aiming at removing from the equation personal data. [less ▲]

Detailed reference viewed: 29 (2 UL)
Full Text
Peer Reviewed
See detailThe Balance Between Security, Privacy and Data Protection in IoT Data Sharing: a Critique to Traditional "Security&Privacy" Surveys
Chiara, Pier Giorgio UL

in European Data Protection Law Review (2021), 7(1), 18-30

The paper examines the normative challenges of the Internet of Things (IoT), in particular, taking into account today’s debate on privacy, data protection, and security issues brought about by IoT. Three ... [more ▼]

The paper examines the normative challenges of the Internet of Things (IoT), in particular, taking into account today’s debate on privacy, data protection, and security issues brought about by IoT. Three different layers of complexity are under scrutiny. They regard (i) moral and political theories on the concept of ‘security’; (ii) whether and to what extent information security technologies, in the context of IoT, may affect fundamental rights, such as privacy and data protection; and, (iii) new legal challenges for individual and group privacy and data protection. The overall aim of the paper is, on the one hand, to stress basic differences between privacy and data protection and why the distinction matters vis-à-vis the flow of information and data sharing on IoT. On the other hand, the intent is to stress the different meanings security has in this context, since the word is often used interchangeably to address information security, cybersecurity, or safety issues. We should take these distinctions firm, when striking balances between privacy, data protection, and ‘security’ on IoT. [less ▲]

Detailed reference viewed: 170 (1 UL)
Full Text
Peer Reviewed
See detailThe Unsecure Side of (Meta)Data in IoT Systems
Chiara, Pier Giorgio UL

in Ambient Intelligence and Smart Environments (2020, July), 28

The exponential spreading and deployment of emerging digital technologies such as the Internet of Things (IoT) has been remarkable: the IoT market is expected to triple, at least, from USD 170.57 billion ... [more ▼]

The exponential spreading and deployment of emerging digital technologies such as the Internet of Things (IoT) has been remarkable: the IoT market is expected to triple, at least, from USD 170.57 billion in 2017 to USD 561.04 billion by 2022. IoT technologies collect, generate and communicate a huge amount of different data and metadata, through an increasing number of interconnected devices and sensors. Current EU legislation on data protection classifies data into personal and non-personal. The paper aims at charting the resulting entanglements from an interdisciplinary perspective. The legal analysis, integrated with a technical perspective, will address firstly the content of IoT communications, i.e. “data”, and the underlying distinction between personal and non-personal. Secondly, the focus will shift on the metadata related to communications. Through a technical analysis of the highly sensitive nature of metadata, even when the content is encrypted, I will argue that metadata are likely to undermine even more the ontological and sharp division between personal and non-personal data upon which the European legal frameworks for privacy and data protection have been built. The incoming ePrivacy Regulation shall provide metadata, which should be considered always personal data, the same level of protection of “content” data. This interpretation might broaden the scope of application of GDPR and the connected obligations and responsibilities of data controllers and data processors too much. [less ▲]

Detailed reference viewed: 37 (4 UL)
Full Text
Peer Reviewed
See detailSecurity and Privacy in Resource-Constrained Devices
Chiara, Pier Giorgio UL

in CEUR Workshop Proceedings (2020), 2598

Recent adversarial attacks have been shown IoT devices weaknesses due to their limited computing power. Given also their ubiquitous presence, lower costs and limitations in keeping security measures up ... [more ▼]

Recent adversarial attacks have been shown IoT devices weaknesses due to their limited computing power. Given also their ubiquitous presence, lower costs and limitations in keeping security measures up-todate, resource-constrained devices represent a growing risk for the security of IT infrastructure. The scope of the research is to investigate the weaknesses of resource-constrained IoT devices. The methodology for the investigation is the legal analysis of existing legal frameworks regulating IoT cybersecurity and data security; afterwards it will be carried out a critical evaluation of the existing best practices. This critical analysis should face the twofold challenge of increasing transparency and trust in resource-constrained systems. Users and companies are two faces of the same coin: accountability of data collectors and user awareness are crucial in the security and data protection debate. Thus, a comprehensive overview of the relevant legal frameworks and guidelines would increase the understanding of risks of the users, whilst data controllers (especially of small and medium enterprises) may have an instrument to implement properly security measures. [less ▲]

Detailed reference viewed: 125 (5 UL)