Technologies of Data Protection and Institutional Decisions for Data Sovereignty-Reference-Cited by-同舟云学术

Technologies of Data Protection and Institutional Decisions for Data Sovereignty

Published:2024-07-30 Issue:8 Volume:15 Page:444
ISSN:2078-2489
Container-title:Information
language:en
Short-container-title:Information

Author:

Del Re Enrico¹²^ORCID

Affiliation:

1. Department of Information Engineering, University of Florence, 50139 Firenze, Italy

2. National Inter-University Consortium for Telecommunications (CNIT), Viale G.P. Usberti, 181/A Pal.3, 43124 Parma, Italy

Abstract

This paper aims to propose innovative actions of advanced technological solutions and consequent necessary institutional decisions to achieve in a reasonable time the definitive confidential data protection and data sovereignty, based on available scientific results. Confidential data protection is a fundamental and strategic issue in next-generation Internet systems to guarantee data sovereignty and the respect of human rights as stated in the foundation of the United Nations. Even if presently many international regulations are decisive steps to guarantee data protection within normative contexts, they are not adequate to face new technologies, such as facial recognition, automatic profiling, position tracking, biometric data, AI applications, and many others in the future, as they are implemented without any awareness by the interested subjects. Therefore, a new approach to data protection is mandatory based on innovative and disruptive technological solutions. A recent OECD report highlighted the need for the so-called Privacy-Enhancing Technologies (PETs) for the effective protection of confidential data, even more urgent for the coexistence of privacy and data sharing in international contexts. A common feature of these technologies is the use of software methodologies that can run on currently available microprocessors and their present immaturity. More effective and definitive protection can be achieved with another methodological approach based on the paradigm of ‘Data Usage Control’. This new concept guarantees data protection policy by default and initial design and it requires a new architecture of the data and a new HW&SW architecture of the computers. This contribution has a two-fold objective: first, to clarify why regulations alone and present technological proposals are not adequate for the effective and definitive protection of data and, second, to indicate the new necessary technological approach and the simultaneous institutional actions required to achieve the definitive protection and sovereignty of data in reasonable times, based on the results already available in the scientific literature.

Publisher

MDPI AG

Link

https://www.mdpi.com/2078-2489/15/8/444/pdf

Reference17 articles.

1. (2024, June 10). European Commission, 25.01.2012, SEC(2012)72 Final, Page 7. Available online: https://www.europarl.europa.eu/cmsdata/59702/att_20130508ATT65856-1873079025799224642.pdf.

2. European Commission (2024, June 10). IoT Privacy, Data Protection, Information Security. Available online: https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679.

3. (2016). Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46. Off. J. Eur. Union (OJ), 59, 1–88.

4. (2024, June 10). Privacy 2030: A New Vision for Europe. Available online: https://iapp.org/resources/article/privacy-2030/.

5. (2024, June 10). Available online: https://on24static.akamaized.net/event/45/48/66/9/rt/1/documents/resourceList1712772467097/kb4surveillancewebinarslides1712772467097.pdf.