GDPR y uso ético de los datos

El objetivo de esta iniciativa impulsada por el Grupo de Trabajo del Big Data CoE es generar conciencia social sobre el uso ético de los datos. A continuación se ofrecen contenidos en forma de enlaces, documentos, artículos o libros que analizan los aspectos principales de la ética en el tratamiento de los datos.


Code of Conduct on privacy for mHealth

The Code of Conduct on privacy for mobile health apps has now been formally submitted for comments to the Art 29 Data Protection Working Party. Once approved by this independent EU advisory group, the Code will be applied in practice: App developers will be able to voluntarily commit to follow its rules, which are based on EU data protection legislation.

The Code has been drafted with the vision to be easily understandable, also for SMEs and individual developers who may not have access to legal expertise. It is expected to raise awareness of the data protection rules in relation to mHealth apps, facilitate and increase compliance at the EU level for app developers.

The Code covers user’s consent, purpose limitation and data minimization, privacy by design and by default, data subjects rights and information requirements, data retention, security measures, principles on advertising in mHealth apps, use of personal data for secondary purposes, disclosing data to third parties for processing operations, data transfers, personal data breach and data gathered from children.


A New Generation of e-Health Systems Powered by 5G

5G is expected to support the health domain broadly in the future. This white paper, published by the Wireless World Research Forum, represents a comprehensive review of 5G technologies and eHealth applications including some examples of use cases.

Healthcare models are rapidly changing due to demographic and socio-economic changes from a hospital based, specialist focused approach to a distributed patient centric care model. The point of care is shifting from hospitals towards GP surgeries, day-clinics, care homes, patient homes and the Internet.

The empowerment of patients and their formal and informal cares has become a prime target of healthcare strategy development in Europe and elsewhere. Cloud computing, Big Data and enhanced security will enable virtualization and individualization of care and allow the application of Industry 4.0 design principles in health care.


Code of Conduct for GDPR compliance by the Cloud Security Alliance (CSA)

The Cloud Security Alliance (CSA) has created the CSA Code of Conduct (CoC) for European General Data Protection Regulation (GDPR) Compliance that aims to provide Cloud Service Providers (CSPs) and cloud consumers a solution for GDPR compliance and to provide transparency guidelines regarding the level of data protection offered by the CSP.

It provides a tool to evaluate the level of personal data protection offered by different CSPs to cloud customers of any size and geographic location; and also a guidance to comply with European Union (EU) personal data protection legislation.


Green Paper on mobile health

The Green Paper on mobile health has been published by the European Commission with the views on 11 identified barriers to the uptake of mHealth in the EU provided by relevant stakeholders.

mHealth can contribute to the empowerment of patients as they could manage their health more actively, living more independent lives in their own home environment thanks to selfassessment or remote monitoring solutions and monitoring of environmental factors such as changes in air quality that might influence medical conditions.


Guía Práctica de Análisis de Riesgos en los Tratamientos de Datos Personales sujetos al RGPD

La Agencia Española de Protección de Datos (AEPD) ha elaborado la presente guía para la realización de análisis de riesgos de las actividades de tratamiento con el objetivo de establecer una hoja de ruta para afrontar un enfoque orientado a riesgos.

La guía persigue ofrecer directrices y orientaciones para establecer una hoja de ruta que permita contemplar la privacidad desde el inicio, mediante un enfoque de análisis de riesgos, facilitando el cumplimiento del RGPD.


Guía para el cumplimiento del deber de informar

El objeto de esta Guía, de forma específica, es orientar acerca de las mejores prácticas para dar cumplimiento a la obligación de informar a los interesados, en virtud del principio de transparencia, acerca de las circunstancias y condiciones del tratamiento de datos a efectuar, así como de los derechos que les asisten. Esta guía cubre únicamente este objetivo específico, y debe ser complementada con otras guías que las Autoridades de Protección de Datos puedan emitir, en relación con la aplicación del RGPD.

El RGPD añade requisitos adicionales en cuanto a la necesidad de informar sobre aspectos como los datos de contacto del Delegado de Protección de Datos, la base jurídica o legitimación para el tratamiento, el plazo o los criterios de conservación de la información, la existencia de decisiones automatizadas o elaboración de perfiles, la previsión de transferencias a Terceros Países y el derecho a presentar una reclamación ante las Autoridades de Control. En el caso de que los datos no se obtengan del propio interesado se deberá informar también sobre el origen de los datos y las categorías de los datos.


Guía práctica para las evaluaciones de impacto en la protección de los datos sujetos al RGPD

La Evaluación de Impacto en la Protección de Datos Personales es una herramienta que permite evaluar de manera anticipada cuáles son los potenciales riesgos a los que están expuestos los datos personales en función de las actividades de tratamiento que se llevan a cabo con los mismos. El análisis de riesgos para un determinado tratamiento permite identificar los riesgos que se ciernen sobre los datos de los interesados y establecer una respuesta adoptando las salvaguardas necesarias para reducirlos hasta un nivel de riesgo aceptable.

El RGPD prevé que las Evaluaciones de Impacto se lleven a cabo “antes del tratamiento” en los casos en que sea probable que exista un alto riesgo para los derechos y libertades de los afectados.  También prevé una re-evaluación cuando en una operación iniciada con anterioridad a la aplicación del Reglamento se hayan producido cambios en los riesgos que el tratamiento implica en relación con el momento en que el tratamiento se puso en marcha.

Este cambio en los riesgos puede derivar, por ejemplo, del hecho de que se hayan empezado a aplicar nuevas tecnologías a ese tratamiento, de que los datos se estén usando para finalidades distintas o adicionales a las que se decidieron en su momento, o de que se estén recogiendo más datos, o datos diferentes, de los que en principio se utilizaban para el tratamiento.


Guidelines on Automated individual decision-making and Profiling

The General Data Protection Regulation (the GDPR), specifically addresses profiling and automated individual decision-making, including profiling. Profiling and automated decision-making are used in an increasing number of sectors, both private and public. Banking and finance, healthcare, taxation, insurance, marketing and advertising are just a few examples of the fields where profiling is being carried out more regularly to aid decision-making.

Advances in technology and the capabilities of big data analytics, artificial intelligence and machine learning have made it easier to create profiles and make automated decisions with the potential to significantly impact individuals’ rights and freedoms.

Profiling and automated decision-making can be useful for individuals and organisations as well as for the economy and society as a whole, delivering benefits such as increased efficiencies and resource savings.

They have many commercial applications, for example, they can be used to better segment markets and tailor services and products to align with individual needs. Medicine, education, healthcare and transportation can also all benefit from these processes.


A Unified Ethical Frame for Big Data Analysis

Big data provides unprecedented opportunities to drive information-based innovation in economies, healthcare, public safety, education, transportation and almost every human endeavour. Big data also creates risk to both individuals and society unless effective governance is in place. That governance must be sensitive to reticence, the harm to individuals when data is not used because of ambiguity on how to apply laws, standards and regulations, as well as to privacy. Governance must be holistic taking into consideration concepts of good and bad from all potential stakeholders. That means that the analysis should consider the benefits and risks to the individual, for society as a whole, and for the parties conducting big data discovery and application. Moreover, data protection requires a full understanding of the potential impact of big data on the full range of human rights, not just those related to privacy.

To establish big data governance, the “Information Accountability Foundation” believes in the need for a common ethical frame based on key values and the need for an interrogation framework. The document consists of a set of key questions to be asked and answered to illuminate significant issues, both for industry and for those providing oversight to assess big data projects.


¡NO sigas este enlace o serás bloqueado en este sitio!