Results 1-11 of 11.
((uid:50001861))

Bookmark and Share    
Full Text
Peer Reviewed
See detailThe General Data Protection Regulation: A New Opportunity and Challenge for the Banking Sector
Giurgiu, Andra UL; Lallemang, Thierry

in Ace Magazine et Archives Online : Fiscalité, Comptabilité, Audit, Droit des Affaires au Luxembourg (2017), (1), 3-15

Detailed reference viewed: 322 (19 UL)
Full Text
Peer Reviewed
See detailTowards legal compliance by correlating Standards and Laws with a semi-automated methodology
Bartolini, Cesare UL; Giurgiu, Andra UL; Lenzini, Gabriele UL et al

in Bosse, Tibor; Bredeweg, Bert (Eds.) Communications in Computer and Information Science (2017)

Since generally legal regulations do not provide clear parameters to determine when their requirements are met, achieving legal compliance is not trivial. The adoption of standards could help create an ... [more ▼]

Since generally legal regulations do not provide clear parameters to determine when their requirements are met, achieving legal compliance is not trivial. The adoption of standards could help create an argument of compliance in favour of the implementing party, provided there is a clear correspondence between the provisions of a specific standard and the regulation's requirements. However, identifying such correspondences is a complex process which is complicated further by the fact that the established correlations may be overridden in time e.g., because newer court decisions change the interpretation of certain legal provisions. To help solve these problems, we present a framework that supports legal experts in recognizing correlations between provisions in a standard and requirements in a given law. The framework relies on state-of-the-art Natural Language Semantics techniques to process the linguistic terms of the two documents, and maintains a knowledge base of the logic representations of the terms, together with their defeasible correlations, both formal and substantive. An application of the framework is shown by comparing a provision of the European General Data Protection Regulation with the ISO/IEC 27018:2014 standard. [less ▲]

Detailed reference viewed: 300 (29 UL)
Full Text
Peer Reviewed
See detailA Framework to Reason about the Legal Compliance of Security Standards
Bartolini, Cesare UL; Giurgiu, Andra UL; Lenzini, Gabriele UL et al

in Proceedings of the Tenth International Workshop on Juris-informatics (JURISIN) (2016, November)

Achieving compliance with legal regulations is no easy task. Normally, laws state general requirements but do not provide clear parameters to determine when such requirements are met. On a different level ... [more ▼]

Achieving compliance with legal regulations is no easy task. Normally, laws state general requirements but do not provide clear parameters to determine when such requirements are met. On a different level, industrial standards and best practices define specific objectives that can be certified by means of auditing procedures from qualified bodies. Implementing a standard does not per se guarantee legal compliance, with the rare exception when the standard is also endorsed by the law itself. But standards and laws in the same domain may have overlaps and correlations, so adopting the former may provide an argument to demonstrate that adequate measures were taken to achieve legal compliance. In this paper, we introduce a framework that, using state-of-the-art Natural Language Semantics techniques, helps process legal documents and standards to build a knowledge base to store their logic representations, and the correlations between them. The knowledge base will help legal experts assess what requirements of the law are met by the standard and, consequently, recognize what requirements still need to be implemented to fill the remaining gaps. An application of the framework is exemplified by comparing a provision of the European General Data Protection Regulation against the ISO/IEC 27001:2013 standard. [less ▲]

Detailed reference viewed: 438 (38 UL)
Full Text
Peer Reviewed
See detailRoles and Powers of National Data Protection Authorities Moving from Directive 95/46/EC to the GDPR: Stronger and More ‘European’ DPAs as Guardians of Consistency?
Giurgiu, Andra UL; Larsen, Tine

in European Data Protection Law Review (2016), 2(3), 342-352

Safeguarding the rights of the citizens to the protection of their personal data in an era of nearly ubiquitous computing has become increasingly challenging. National data protection authorities (DPAs ... [more ▼]

Safeguarding the rights of the citizens to the protection of their personal data in an era of nearly ubiquitous computing has become increasingly challenging. National data protection authorities (DPAs), central actors in the data protection landscape, face a difficult task when fulfilling their missions and acting as guardians of these rights under the provisions of the outdated Directive 95/46/EC. Critical decisions of the Court of Justice of the European Union illustrate the challenge of 'stretching' the provisions regarding the powers and competences of DPAs under the Directive to make them applicable to current data processing realities. The article points out the existing problems under the current framework with regard to powers and competence of DPAs and examines if and to what extent they are mended by the General Data Protection Regulation (GDPR). It analyses substantive and procedural aspects of the new cooperation model under the one-stop-shop and consistency mechanisms and discusses whether and how these new tools successfully contribute to solve existing problems. [less ▲]

Detailed reference viewed: 349 (6 UL)
Full Text
See detailEU’s One-Stop-Shop Mechanism: Thinking Transnational
Giurgiu, Andra UL; Boulet, Gertjan; De Hert, Paul

in Privacy Laws & Business. International Report (2015)

Detailed reference viewed: 112 (4 UL)
Full Text
Peer Reviewed
See detailAssessing IT Security Standards Against the Upcoming GDPR for Cloud Systems
Bartolini, Cesare UL; Gheorghe, Gabriela UL; Giurgiu, Andra UL et al

Poster (2015, March 11)

This work in progress aims at identifying a mapping between the current security standards (in particular, but not limited to, ISO 27001-2013) and the upcoming regulations in data protection. The aim is ... [more ▼]

This work in progress aims at identifying a mapping between the current security standards (in particular, but not limited to, ISO 27001-2013) and the upcoming regulations in data protection. The aim is to find an overlap between the requirements for data protection and the existing security standards, to measure the gap that a business has to cross (and consequently an estimate of the expenses that it must sustain) to achieve compliance with the GDPR. [less ▲]

Detailed reference viewed: 2034 (46 UL)
Full Text
Peer Reviewed
See detailNo Place to Hide – Edward Snowden, the NSA and the Surveillance State
Giurgiu, Andra UL

in European Data Protection Law Review (2015), 1(3), 249-254

Detailed reference viewed: 255 (3 UL)
Full Text
Peer Reviewed
See detailThe "Minimal" Approach: the CJEU on the Concept of "Establishment" Triggering Jurisdiction for DPAs and Limitations of Their Sanctioning Powers
Cole, Mark UL; Giurgiu, Andra UL

in European Data Protection Law Review (2015)

Detailed reference viewed: 128 (13 UL)
Peer Reviewed
See detailSmart TV - Smarte Regulierung
Giurgiu, Andra UL; Metzdorf, Jenny UL

in Taeger, Jürgen (Ed.) Big Data & Co., Neue Herausforderungen für das Informationsrecht (2014)

Detailed reference viewed: 174 (11 UL)
Full Text
Peer Reviewed
See detailA New Approach to EU Data Protection
Giurgiu, Andra UL; Lommel, Gérard

in Kritische Vierteljahresschrift für Gesetzgebung und Rechtswissenschaft (2014), 97(1), 10-27

Die Entwicklung neuer Technologien und die bedeutende Rolle des Internets im heutigen Alltag haben den Datenschutz vor neue Herausforderungen gestellt. Darüber hinaus wirkt sich die uneinheitliche ... [more ▼]

Die Entwicklung neuer Technologien und die bedeutende Rolle des Internets im heutigen Alltag haben den Datenschutz vor neue Herausforderungen gestellt. Darüber hinaus wirkt sich die uneinheitliche Umsetzung der Richtlinie 94/46/EG, die den rechtlichen Rahmen für den Datenschutz in Europa bildet, negativ auf den europäischen Binnenmarkt aus. Vor diesem Hintergrund ist es Ziel des Vorschlags der Europäischen Kommission für eine neue Datenschutz- Grundverordnung, den Rechtsrahmen zu harmonisieren und ein erhöhtes Datenschutzniveau der Bürger zu schaffen. Obwohl sich die Europäische Kommission, das Parlament und der Rat in vielen Punkten noch nicht einig sind, ist eine klare Änderung der Perspektive zu erkennen. Unternehmen sollen selbst tätig werden und eine verantwortliche Haltung zum Datenschutz übernehmen. Die Rechenschaftspflicht der für die Verarbeitung Verantwortlichen wird hiermit in den Vordergrund gestellt. Es gilt nun proaktiv zu handeln, und nicht nur reaktiv. Prinzipien wie Datenschutz durch Technik und datenschutzfreundliche Voreinstellungen spiegeln diesen Ansatz wider. Bürger werden ihrerseits mit am Internetzeitalter angepassten Rechten - wie dem Recht auf Datenübertragbarkeit – ausgestattet, um die Kontrolle über ihre Daten in die eigene Hand nehmen zu können. Die Bedingungen einer gültigen Einwilligung in der Online-Welt werden deutlicher gestaltet und Nutzer und Verbraucher mit erweiterten Rechtsschutzinstrumenten ausgestattet, die die Durchsetzbarkeit des Datenschutzes stärken. Auch wenn vor 2015 kaum mit einer Verabschiedung der Reform zu rechnen ist, verspricht diese neue Herangehensweise, die Chance auf einen effizienteren Datenschutz. [less ▲]

Detailed reference viewed: 109 (8 UL)
Full Text
Peer Reviewed
See detailChallenges of Regulating a Right to Be Forgotten with Particular Reference to Facebook
Giurgiu, Andra UL

in Masaryk University Journal of Law and Technology (2013), 7(2), 361-378

Detailed reference viewed: 116 (3 UL)