On 17th April, MCSE researchers from the Departments of Computer Science, Library & Information Science and Electrical & Electronic Engineering, presented their perspectives on the General Data Protection Regulation which comes into force on 25th May 2018.
The City Press Office and the School of Mathematics, Computer Science & Engineering (MCSE) hosted a press briefing on 17th April to discuss the introduction of the General Data Protection Regulation (GDPR) on 25th May.
Titled 'Privacy and the individual - What difference will GDPR make?', the briefing featured a panel of academics from across MCSE.
The GDPR will replace the Data Protection Act 1998 which was brought into law in order to implement the 1995 EU Data Protection Directive.
The GDPR seeks to give individuals more control over how organisations use their data and imposes penalties for organisations that fail to comply with the regulation, and for those that suffer data breaches.
It will also ensure that data protection law is identical and uniform across the EU.
The MCSE panel comprised Dr David Haynes, Royal Academy of Engineering Research Fellow and Data Governance expert (Library & Information Science); Dr Waqar Asif, Information Engineering post-doctoral Research Fellow (Electrical & Electronic Engineering); Cher Devey, PhD student researching data privacy breaches (Department of Computer Science); Paul Pedley, PhD student researching the nature of data privacy (Department of Computer Science)
The press briefing was full of lively and robust discussion on data breaches, the protection of data, the online privacy of individuals, and how GDPR might apply to Facebook and others in light of the recent allegations about misuse of personal data by Cambridge Analytica.
Commenting on the GDPR as a "necessity of the time and a great step forward", Dr Asif said that while the new Regulation gives individuals the right to their own data, he hastened to add that "the practice of this right is highly dependent upon the transparency of the whole system".
Dr Haynes spoke to the importance of consent in the new GDPR regime:
"Consent is one of the legal bases for fair processing of personal data under GDPR. The criteria for consent are much more rigorous than previous legislation. Consent has to be freely-given, informed, unambiguous, and specific. It must also be signified by a positive action, rather than inertial inaction. However consent is meaningless unless individuals are educated about online safety – we need a ‘highway code’ for the internet and an active information literacy programme for the public."
Paul Pedley pointed out a flaw within the GDPR in dealing with breaches of informational privacy:
In predictive analytics individuals can be linked based on shared behaviours and interests. They can be targeted based on categorisation without being identified as such. The GDPR fails to address breaches of informational privacy which occur at a group level, focussing instead on the protection of individuals.
Cher Devey touched on the reluctance of organisations to disclose data breach incidents and reminded her audience that the GDPR will hold organisations accountable with fines and penalties.
As part of her PhD research, Devey has devised a prototype dashboard to assess data privacy harm by addressing the initial breach notification question (to notify individual users or not) before notifying affected individuals and the Information Commisoners Office (ICO) during the initial data incident response.
She says "Organisations will be called upon to be transparent and respect the rights of individuals to know about breaches."
Join the conversation#GDPR#CityPressOffice#MCSE#DrDavidHaynes#CherDevey#DrWaqarAsif#PaulPedley##CityLIS
Share this article