The impact of privacy and cybersecurity on e-record: The PNR Directive Adoption and the impact of GDPR

Andrea Chiappetta (1) , Andrea Battaglia (2)
(1) Marconi International University , United States
(2) ASPISEC , Italy

Abstract

Digital transformation means radically change how we manage interaction with everything, including goods, persons and data flows. Cyberspace is by nature borderless and open to everybody, and any sensitive personal info passing through it should be appropriately managed to ensure the protection of the users' identity and other personal records. The Passenger Name Record (EU Directive 2016/681) impacts for travelers, e-wallets for online shoppers, medical e-records for patients, etc., which may contain personal information provided by the users and collected by the service providers during the on-line transaction. While such records need to be shared for the smooth operation of the provided service, evidence shows that such sharing does not always respect the privacy of the data subjects. This paper address this challenge by proposing a comprehensive solution to safeguard and protect such on-line info and to preserve and protect the users’ privacy (GDPR) in order to improve the cybersecurity aspects at EU level with a focus on transports and blockchain.

Full text article

Generated from XML file

References

Caruana, M. M. (2017). The reform of the EU data protection framework in the context of the police and criminal justice sector: harmonisation, scope, oversight and enforcement. International Review of Law, Computers & Technology, 1-22.
Charter of Fundamental Rights of the European Union, Title II.
CJEU. (2017). CJEU’s Opinion 1/15 was issued on 26 July 2017 and was in relation to the lawfulness of EU’s PNR Agreement with Canada. Specifically, CJEU adjudicated that the processing of PNR data generally pursues a different objective from that which was intended when collected by air carriers, and thus requires a different legal basis.”
Collin, T. (2018). The difference between a Private Public Consortium Blockchain. Retrieved from https://www.blockchaindailynews.com/The-difference-between-a-Private-Public-Consortium-Blockchain_a24681.html
Europa.eu. (2016). Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (Text with EEA relevance).
European Union. (2016). Directive (EU) 2016/681 of the European Parliament and of the Council of 27 April 2016 on the use of passenger name record (PNR) data for the prevention, detection, investigation and prosecution of terrorist offences and serious crime.
GDPR Associates. (n.d). The lower level of fine, up to €10 million or 2% of the company’s global annual turnover, will be considered for infringements listed in Article 83(4) of the General Data Protection Regulation. The higher level of fine, up to €20 million or 4% of the company's global annual turnover, will be considered for infringements listed in Article 83(5) of the General Data Protection Regulation.
IBM.com (n.d). Insights on business travel and transportation. Retrieved from https://www.ibm.com/blogs/insights-on-business/travel-and-transportation/tag/blockchain/
Intersoft consulting. (n.d). Security of processing. Retrieved from https://gdpr-info.eu/art-32-gdpr/
I-scoop. (n.d). Personal data pseudonymization: GDPR pseudonymization what and how. Retrieved from https://www.i-scoop.eu/gdpr/pseudonymization/
Lex.europa.eu. (n.d). Communication from the Commission to the European Parliament and the Council on promoting data protection by privacy-enhancing technologies [COM (2007) 228 final - Not published in the Official Journal] Retrieved from https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=LEGISSUM%3Al14555
Nauwelaerts, W. (2017). GDPR-The Perfect Privacy Storm: You Can Run from the Regulator, but You Cannot Hide from the Consumer. Eur. Data Prot. L. Rev., 3, 251.
Olga M. (2010). Data protection and security in civil aviation https://www.uio.no/studier/emner/jus/jus/JUR5630/v11/undervisningsmateriale/JUR5630_lecture_11_11.pdf
Olga Mironenko. (2002). Air Passenger Lists in Civil Aviation.
Public Record Office. (1999). Functional requirements for electronic records management systems. Retrieved from: https://www.nationalarchives.gov.uk/documents/requirements.pdf
Shmueli, G., & Greene, T. (2018). Analyzing the Impact of GDPR on Data Scientists Using the InfoQ Framework.
U.S Department of Homeland Security. (2013). U.S. Customs and Border Protection Passenger Name Record (PNR) Privacy Policy. Retrieved from https://www.cbp.gov/sites/default/files/documents/pnr_privacy_3.pdf
Voigt, P., & von dem Bussche, A. (2017). Scope of Application of the GDPR. In The EU General Data Protection Regulation (GDPR) (pp. 9-30). Springer, Cham.
Voigt, P., & Von dem Bussche, A. (2017). The EU General Data Protection Regulation (GDPR) (Vol. 18). Springer.
Winnesota.com (n.d). How blockchain is revolutionizing the world of transportation and logistics. Retrieved from https://www.winnesota.com/blockchain
Xiaofei, W., Fan, H., Xueming, T., & Guohua, C. (2006). Merkle tree digital signature and trusted computing platform. Wuhan University Journal of Natural Sciences, 11(6), 1467-1472. https://doi.org/10.1007/BF02831799

Authors

Andrea Chiappetta
andrea.chiappetta3@gmail.com (Primary Contact)
Andrea Battaglia
Chiappetta, A., & Battaglia, A. (2018). The impact of privacy and cybersecurity on e-record: The PNR Directive Adoption and the impact of GDPR. Journal of Sustainable Development of Transport and Logistics, 3(3), 77–87. https://doi.org/10.14254/jsdtl.2018.3-3.6

Article Details

No Related Submission Found