SlideShare une entreprise Scribd logo

AI, Blockchain, IoT GDPR v. PIPA Compliance AT A Glance

Alex G. Lee, Ph.D. Esq. CLP
Alex G. Lee, Ph.D. Esq. CLP

processing of personal data purpose limitation data minimization pseudonymization implementation of appropriate data protection policies by the controller Right to rectification Right to data portability Transfers on the basis of an adequacy decision Automated individual decision-making, including profiling Processing of special categories of personal data

Droit
1  sur  9
1    ©2020 TechIPm, LLC All Rights Reserved http://www.techipm.com/    AI, Blockchain, IoT GDPR v. PIPA Compliance AT A Glance Alex G. Lee1 GDPR v. PIPA (Personal Information Protection Act in S. Korea: 데이터 3 법) AI Bloclkchain IoT Article 5 Principles relating to processing of personal data 제 3 장 개인정보의 처리 (1)(b) Personal data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with Article 89(1), not be considered to be incompatible with the initial purposes (‘purpose limitation’) 제 15 조 개인정보의 수집·이용 제 18 조 개인정보의 목적 외 이용·제공 제한: 개인정보 처리 목적을 명확하게 하고, 그 목적에 필요한 범위 내에서 개인정보를 수집하며, 그 목적 외로 활용하지 않아야 함(당초 수집 목적과 합리적으로 관련된 범위 내에서 정보주체의 동의 없이 개인정보를 이용할 수 있도록 함) Personal data for AI should be collected for specified, explicit and legitimate purposes and processed for those purposes. Specific purpose of the AI’s use of personal data should be determined before data collection or training or deployment. A new AI’s use purpose of personal data should be compatible with the original purpose. Specific purpose of the blockcahin’s use of personal data should be clearly communicated to the data subject that they are using blockcahin technology and explained related implications such as that the processing is not limited to the original transaction but that their personal data will continue to be processed thereafter. Personal data collected by IoT should be processed in relation to the purposes for which those data are collected.                                                              1 Alex G. Lee, Ph.D Esq., is a principal consultant at TechIPm, LLC.
2    ©2020 TechIPm, LLC All Rights Reserved http://www.techipm.com/    (1)(c) Personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimization’) 제 16 조 개인정보의 수집 제한 ① 개인정보처리자는 제 15 조 제 1 항 각 호의 어느 하 나에 해당하여 개인정보를 수집하는 경우에는 그 목적에 필요한 최소한의 개인정보를 수집하여야 한다. (1)(a) Personal data shall be processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’) 제 1 장 총칙 제 3 조 개인정보 보호 원칙 ⑤ 개인정보처리자는 개인정보 처리방침 등 개인정보의 처리에 관한 사항을 공개하여야 하며, 열람청구권 등 정보주체의 권리를 보장하여야 한다 Article 89(1) Processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, shall be subject to appropriate safeguards, in accordance with this Regulation, for the rights and freedoms of the data subject. Those safeguards shall AI's use of additional personal data should provide a benefit that outweighs any potential risk by including additional personal data. The personal data processed for statistical purpose should not be used for adopting decisions on individuals by AI. AI should process personal data transparently and not produce bias output (인공지능 데이터 학습과정이 투명해야 하며(설명가능 AI) 그 결과에 인종/성별 등에 대한 차별이 없어야 함) Personal data collected by IoT should be limited to what is necessary in relation to the purposes (applications or services to operate) for which they are processed.) The user of IoT should be informed regarding how collected personal data is being handled.
3    ©2020 TechIPm, LLC All Rights Reserved http://www.techipm.com/    ensure that technical and organizational measures are in place in particular in order to ensure respect for the principle of data minimization. Those measures may include pseudonymization provided that those purposes can be fulfilled in that manner. 제 3 장 제 28 조 가명정보의 처리 등 ① 개인정보처리자는 통계작성, 과학적 연구, 공익적 기록보존 등을 위하여 정보주체의 동의 없이 가명정보를 처리할 수 있다. * Pseudonymized Data (가명정보) Recital 28 (제 1 장 총칙 제 2 조 정의) Article 24 Responsibility of the controller (2) Where proportionate in relation to processing activities, the measures referred to in paragraph 1 shall include the implementation of appropriate data protection policies by the controller./ Article 25 Data protection by design and by default/ Article 32 Security of processing 제 4 장 개인정보의 안전한 관리 제 29 조 안전조치의무 개인정보처리자는 개인정보가 분실·도난·유출·위조·변조 또는 훼손되지 아니하도록 내부 관리계획 수립, 접속기록 보관 등 대통령령으로 정하는 바에 따라 안전성 확보에 필요한 기술적·관리적 및 물리적 조치를 하여야 한다./ 제 4 장 개인정보의 안전한 관리 제 30 조 With regard to AI, these measures should include controls over the representativeness of training sets, over the reasonableness of the inferences and over the absence of unfairness and discrimination./Appropriate security measures, such as encryption or pseudonymization, should also prevent Whoever uses blockchain technology, should ensure that the technical specificities are such to enable compliance with the GDPR. The data controllers are obliged to make sure that the processes of blockchain governance to ensure that compliance with the GDPR is possible. Special design consideration in GDPR-compliance IoT system should be given considering automatic communication without human intervention between IoT objects and between IoT objects and persons.
4    ©2020 TechIPm, LLC All Rights Reserved http://www.techipm.com/    개인정보 처리방침의 수립 및 공개 (개인정보의 안전성 확보 조치) * Controller (개인정보처리자): Article 4(7) (제 2 조 제 5 호); Processor (개인정보취급자): Article 4(8) (제 28 조 제 1 항) Article 35 Data protection impact assessment (1) Where a type of processing in particular using new technologies, and taking into account the nature, scope, context and purposes of the processing, is likely to result in a high risk to the rights and freedoms of natural persons, the controller shall, prior to the processing, carry out an assessment of the impact of the envisaged processing operations on the protection of personal data. A single assessment may address a set of similar processing operations that present similar high risks. 제 4 장 개인정보의 안전한 관리 제 33 조 개인정보 영향평가 ① 공공기관의 장은 대통령령으로 정하는 기준에 해당하는 개인정보파일의 운용으로 인하여 정보주체의 개인정보 침해가 우려되는 경우에는 그 위험요인의 분석과 개선 사항 도출을 위한 평가(이하 " 영향평가"라 한다)를 하고 그 결과를 보호위원회에 제출하여야 한다. The impact assessment is important in the development of data-protection compliant AI. It would be helpful if regulatory guidance on blockchains to specify whether the use of blockchains creates a high risk to fundamental rights, or whether risk ought to be assessed on a case-by-case basis. IoT data controllers should consider the impact of the personal data processing. Double shield for cybersecurity via AI +blockchain integration may provide data- protection compliant IoT.
5    ©2020 TechIPm, LLC All Rights Reserved http://www.techipm.com/    Article 16 Right to rectification The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement. Article 17 – Right to erasure (‘right to be forgotten’) The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay … 제 5 장 정보주체의 권리 보장 제 36 조(개인정보의 정정·삭제) ② 개인정보처리자는 제 1 항에 따른 정보주체의 요구를 받았을 때에는 개인정보의 정정 또는 삭제에 관하여 다른 법령에 특별한 절차가 규정되어 있는 경우를 제외하고는 지체 없이 그 개인정보를 조사하여 정보주체의 요구에 따라 정정·삭제 등 필요한 조치를 한 후 그 결과를 정보주체에게 알려야 한다. Trained AI algorithm can be used for transfer learning because the data that are embedded in trained AI algorithm are no longer persona data. Rectifying data on private blockchains can be possible through a change of the relevant transaction record by re-hashing subsequent blocks where this is facilitated by the respective technical and governance set-up./Rectifying data on public blockchains may be possible by means of providing a supplementary statement to make incomplete data complete. Blockahin should provide at least means for blocking access to the data (e.g., destruction of the private key, which would have the effect of making data encrypted with a public key inaccessible). If possible, use anonymized data (e.g., non-reversible encryption of data, Zero-knowledge proofs). *Elaboration for Self Sovereign Identity (SSI) over blockchain (Decentrized Identifier IoT should be designed from the start to meet suitable detailed requirements of personal data rectification and erasure.
6    ©2020 TechIPm, LLC All Rights Reserved http://www.techipm.com/    Article 20 Right to data portability The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided … 제 3 장 제 17 조 개인정보의 제공 ① 개인정보처리자는 다음 각 호의 어느 하나에 해당 되는 경우에는 정보주체의 개인정보를 제 3 자에게 제공(공유를 포함한다. 이 하 같다)할 수 있다. Article 45 Transfers on the basis of an adequacy decision A transfer of personal data to a third country or an international organization may take place where the Commission has decided that the third country, a territory or one or more specified sectors within that third country, or the international organization in question ensures an adequate level of protection. Such a transfer shall not require any specific authorization. 제 3 장 제 17 조 개인정보의 제공 ③ 개인정보처리자가 개인정보를 국외의 제 3 자에게 Data analysis using AI is likely to involve cross-border transfer and multiple parties. (DID)) is needed. There may be some cases that interoperability among various blockchain solutions cab be an issue. Blockchain should allow data subjects to obtain information about where their data has been transferred to in line with the informational duties applying to third country transfers. IoT should be designed from the start to meet suitable detailed requirements of personal data portability and transfer. Transfer of personal data to multiple devices located in many locations including in other Nations is likely in the IoT
7    ©2020 TechIPm, LLC All Rights Reserved http://www.techipm.com/    제공할 때에는 제 2 항 각 호에 따른 사항을 정보주체에게 알리고 동의를 받아야 하며, 이 법을 위반하는 내용으로 개인정보의 국외 이전에 관한 계약을 체결하여서는 아니 된다 Article 22 Automated individual decision- making, including profiling (1) The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her (3) In the cases referred to in points (a) and (c) of paragraph 2, the data controller shall implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision Implement some level of human involvement in the decision process (decision supporting tool for final human decision). If possible, use anonymized data. Potential measures are (a) Use pseudonymized data (b) Input data related to the data subject and other parameters used by AI algorithm for automated decision can be provided upon request. Automated decision- making by blockchain smart contracts should be analyzed for compatibility. This is the case particularly for AI algorithms deployed in conjunction with IoT.
8    ©2020 TechIPm, LLC All Rights Reserved http://www.techipm.com/    (4) Decisions referred to in paragraph 2 shall not be based on special categories of personal data referred to in Article 9(1), unless point (a) or (g) of Article 9(2) applies and suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests are in place. Article 9 Processing of special categories of personal data 제 3 장 제 23 조 민감정보의 처리 제한 ① 개인정보처리자는 사상·신념, 노동조합·정 당의 가입·탈퇴, 정치적 견해, 건강, 성생활 등에 관한 정보, 그 밖에 정보주체 의 사생활을 현저히 침해할 우려가 있는 개인정보로서 대통령령으로 정하는 정보(이하 “민감정보”라 한다)를 처리하여서는 아니 된다. 다만, 다음 각 호의 어느 하나에 해당하는 경우에는 그러하지 아니하다. 1. 정보주체에게 제 15 조 제 2 항 각 호 또는 제 17 조 제 2 항 각 호의 사항을 알리 고 다른 개인정보의 처리에 대한 동의와 별도로 동의를 받은 경우 2. 법령에서 민감정보의 처리를 요구하거나 허용하는 경우 A careful consideration should be given for processing sensitive personal data (personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic state, biometric signal, health status, sex life or sexual orientation).
9    ©2020 TechIPm, LLC All Rights Reserved http://www.techipm.com/   

Recommandé

Infosec Law (Feb 2006)
Infosec Law (Feb 2006)Infosec Law (Feb 2006)
Infosec Law (Feb 2006)Lance Michalson
 
2017 cyber legislation in Singapore (v2) - case study and discussion of cybe...
2017 cyber legislation in Singapore (v2) - case study and discussion of cybe...2017 cyber legislation in Singapore (v2) - case study and discussion of cybe...
2017 cyber legislation in Singapore (v2) - case study and discussion of cybe...Benjamin Ang
 
Niche Konsult Limited Section By Section Analysis Of Cyber Security And Infor...
Niche Konsult Limited Section By Section Analysis Of Cyber Security And Infor...Niche Konsult Limited Section By Section Analysis Of Cyber Security And Infor...
Niche Konsult Limited Section By Section Analysis Of Cyber Security And Infor...Niche Konsult Ltd
 
Data protection in_india
Data protection in_indiaData protection in_india
Data protection in_indiaAltacit Global
 
Where data security and value of data meet in the cloud brighttalk webinar ...
Where data security and value of data meet in the cloud brighttalk webinar ...Where data security and value of data meet in the cloud brighttalk webinar ...
Where data security and value of data meet in the cloud brighttalk webinar ...Ulf Mattsson
 
Smart grid
Smart gridSmart grid
Smart gridAparna “Ash” Himmatramka
 
A practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpaA practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpaUlf Mattsson
 
India Start-ups IT Security & IT Act 2008
India Start-ups IT Security & IT Act 2008India Start-ups IT Security & IT Act 2008
India Start-ups IT Security & IT Act 2008ValueMentor Consulting
 

Recommandé

Infosec Law (Feb 2006)
Infosec Law (Feb 2006)Infosec Law (Feb 2006)
Infosec Law (Feb 2006)Lance Michalson
 
2017 cyber legislation in Singapore (v2) - case study and discussion of cybe...
2017 cyber legislation in Singapore (v2) - case study and discussion of cybe...2017 cyber legislation in Singapore (v2) - case study and discussion of cybe...
2017 cyber legislation in Singapore (v2) - case study and discussion of cybe...Benjamin Ang
 
Niche Konsult Limited Section By Section Analysis Of Cyber Security And Infor...
Niche Konsult Limited Section By Section Analysis Of Cyber Security And Infor...Niche Konsult Limited Section By Section Analysis Of Cyber Security And Infor...
Niche Konsult Limited Section By Section Analysis Of Cyber Security And Infor...Niche Konsult Ltd
 
Data protection in_india
Data protection in_indiaData protection in_india
Data protection in_indiaAltacit Global
 
Where data security and value of data meet in the cloud brighttalk webinar ...
Where data security and value of data meet in the cloud brighttalk webinar ...Where data security and value of data meet in the cloud brighttalk webinar ...
Where data security and value of data meet in the cloud brighttalk webinar ...Ulf Mattsson
 
Smart grid
Smart gridSmart grid
Smart gridAparna “Ash” Himmatramka
 
A practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpaA practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpaUlf Mattsson
 
India Start-ups IT Security & IT Act 2008
India Start-ups IT Security & IT Act 2008India Start-ups IT Security & IT Act 2008
India Start-ups IT Security & IT Act 2008ValueMentor Consulting
 
An Indian Outline on Database Protection
An Indian Outline on Database ProtectionAn Indian Outline on Database Protection
An Indian Outline on Database ProtectionSinghania2015
 
Telebiometric information security and safety management
Telebiometric information security and safety managementTelebiometric information security and safety management
Telebiometric information security and safety managementPhil Griffin
 
India'a Proposed Privacy & Personal Data Protection Law
India'a Proposed Privacy & Personal Data Protection Law India'a Proposed Privacy & Personal Data Protection Law
India'a Proposed Privacy & Personal Data Protection Law Priyanka Aash
 
Protecting Data Privacy in Analytics and Machine Learning
Protecting Data Privacy in Analytics and Machine LearningProtecting Data Privacy in Analytics and Machine Learning
Protecting Data Privacy in Analytics and Machine LearningUlf Mattsson
 
Unlock the potential of data security 2020
Unlock the potential of data security 2020Unlock the potential of data security 2020
Unlock the potential of data security 2020Ulf Mattsson
 
ISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloudISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloudUlf Mattsson
 
Compliance audit under the Information Technology Act, 2000
Compliance audit under the Information Technology Act, 2000Compliance audit under the Information Technology Act, 2000
Compliance audit under the Information Technology Act, 2000Sagar Rahurkar
 
Emerging application and data protection for multi cloud
Emerging application and data protection for multi cloudEmerging application and data protection for multi cloud
Emerging application and data protection for multi cloudUlf Mattsson
 
10 Things You Need To Know About Privacy
10 Things You Need To Know About Privacy10 Things You Need To Know About Privacy
10 Things You Need To Know About PrivacyNow Dentons
 
Evolving regulations are changing the way we think about tools and technology
Evolving regulations are changing the way we think about tools and technologyEvolving regulations are changing the way we think about tools and technology
Evolving regulations are changing the way we think about tools and technologyUlf Mattsson
 
PRIVACY AND SECURITY POLICIES THAT ENCOURAGE EBUSINESS
PRIVACY AND SECURITY POLICIES THAT ENCOURAGE EBUSINESSPRIVACY AND SECURITY POLICIES THAT ENCOURAGE EBUSINESS
PRIVACY AND SECURITY POLICIES THAT ENCOURAGE EBUSINESSpattok
 
HISTOGRAM OF NEIGHBORHOOD TRIPARTITE AUTHENTICATION WITH FINGERPRINT-BASED BI...
HISTOGRAM OF NEIGHBORHOOD TRIPARTITE AUTHENTICATION WITH FINGERPRINT-BASED BI...HISTOGRAM OF NEIGHBORHOOD TRIPARTITE AUTHENTICATION WITH FINGERPRINT-BASED BI...
HISTOGRAM OF NEIGHBORHOOD TRIPARTITE AUTHENTICATION WITH FINGERPRINT-BASED BI...IJCNCJournal
 
Jul 16 isaca london data protection, security and privacy risks - on premis...
Jul 16 isaca london data protection, security and privacy risks - on premis...Jul 16 isaca london data protection, security and privacy risks - on premis...
Jul 16 isaca london data protection, security and privacy risks - on premis...Ulf Mattsson
 
Blockchain Decentralized Identifier (DID) Innovation Insights from Patents
Blockchain Decentralized Identifier (DID) Innovation Insights from PatentsBlockchain Decentralized Identifier (DID) Innovation Insights from Patents
Blockchain Decentralized Identifier (DID) Innovation Insights from PatentsAlex G. Lee, Ph.D. Esq. CLP
 
Regulatory Compliance under the Information Technology Act, 2000
Regulatory Compliance under the Information Technology Act, 2000Regulatory Compliance under the Information Technology Act, 2000
Regulatory Compliance under the Information Technology Act, 2000n|u - The Open Security Community
 
Is Encryption the Only Key to GDPR?
Is Encryption the Only Key to GDPR?Is Encryption the Only Key to GDPR?
Is Encryption the Only Key to GDPR?Joe Orlando
 
ISACA Houston - Practical data privacy and de-identification techniques
ISACA Houston - Practical data privacy and de-identification techniquesISACA Houston - Practical data privacy and de-identification techniques
ISACA Houston - Practical data privacy and de-identification techniquesUlf Mattsson
 
Law firm information security overview focus on encryption by dave cunningh...
Law firm information security overview focus on encryption by dave cunningh...Law firm information security overview focus on encryption by dave cunningh...
Law firm information security overview focus on encryption by dave cunningh...David Cunningham
 
Protecting data privacy in analytics and machine learning - ISACA
Protecting data privacy in analytics and machine learning - ISACAProtecting data privacy in analytics and machine learning - ISACA
Protecting data privacy in analytics and machine learning - ISACAUlf Mattsson
 
What is tokenization in blockchain?
What is tokenization in blockchain?What is tokenization in blockchain?
What is tokenization in blockchain?Ulf Mattsson
 
AI, Blockchain, IoT GDPR Compliance AT A Glance
AI, Blockchain, IoT GDPR Compliance AT A GlanceAI, Blockchain, IoT GDPR Compliance AT A Glance
AI, Blockchain, IoT GDPR Compliance AT A GlanceAlex G. Lee, Ph.D. Esq. CLP
 
GDPR, Data Privacy.
GDPR, Data Privacy.GDPR, Data Privacy.
GDPR, Data Privacy.Liviu Claudiu Cismaru
 

Contenu connexe

Tendances

An Indian Outline on Database Protection
An Indian Outline on Database ProtectionAn Indian Outline on Database Protection
An Indian Outline on Database ProtectionSinghania2015
 
Telebiometric information security and safety management
Telebiometric information security and safety managementTelebiometric information security and safety management
Telebiometric information security and safety managementPhil Griffin
 
India'a Proposed Privacy & Personal Data Protection Law
India'a Proposed Privacy & Personal Data Protection Law India'a Proposed Privacy & Personal Data Protection Law
India'a Proposed Privacy & Personal Data Protection Law Priyanka Aash
 
Protecting Data Privacy in Analytics and Machine Learning
Protecting Data Privacy in Analytics and Machine LearningProtecting Data Privacy in Analytics and Machine Learning
Protecting Data Privacy in Analytics and Machine LearningUlf Mattsson
 
Unlock the potential of data security 2020
Unlock the potential of data security 2020Unlock the potential of data security 2020
Unlock the potential of data security 2020Ulf Mattsson
 
ISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloudISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloudUlf Mattsson
 
Compliance audit under the Information Technology Act, 2000
Compliance audit under the Information Technology Act, 2000Compliance audit under the Information Technology Act, 2000
Compliance audit under the Information Technology Act, 2000Sagar Rahurkar
 
Emerging application and data protection for multi cloud
Emerging application and data protection for multi cloudEmerging application and data protection for multi cloud
Emerging application and data protection for multi cloudUlf Mattsson
 
10 Things You Need To Know About Privacy
10 Things You Need To Know About Privacy10 Things You Need To Know About Privacy
10 Things You Need To Know About PrivacyNow Dentons
 
Evolving regulations are changing the way we think about tools and technology
Evolving regulations are changing the way we think about tools and technologyEvolving regulations are changing the way we think about tools and technology
Evolving regulations are changing the way we think about tools and technologyUlf Mattsson
 
PRIVACY AND SECURITY POLICIES THAT ENCOURAGE EBUSINESS
PRIVACY AND SECURITY POLICIES THAT ENCOURAGE EBUSINESSPRIVACY AND SECURITY POLICIES THAT ENCOURAGE EBUSINESS
PRIVACY AND SECURITY POLICIES THAT ENCOURAGE EBUSINESSpattok
 
HISTOGRAM OF NEIGHBORHOOD TRIPARTITE AUTHENTICATION WITH FINGERPRINT-BASED BI...
HISTOGRAM OF NEIGHBORHOOD TRIPARTITE AUTHENTICATION WITH FINGERPRINT-BASED BI...HISTOGRAM OF NEIGHBORHOOD TRIPARTITE AUTHENTICATION WITH FINGERPRINT-BASED BI...
HISTOGRAM OF NEIGHBORHOOD TRIPARTITE AUTHENTICATION WITH FINGERPRINT-BASED BI...IJCNCJournal
 
Jul 16 isaca london data protection, security and privacy risks - on premis...
Jul 16 isaca london data protection, security and privacy risks - on premis...Jul 16 isaca london data protection, security and privacy risks - on premis...
Jul 16 isaca london data protection, security and privacy risks - on premis...Ulf Mattsson
 
Blockchain Decentralized Identifier (DID) Innovation Insights from Patents
Blockchain Decentralized Identifier (DID) Innovation Insights from PatentsBlockchain Decentralized Identifier (DID) Innovation Insights from Patents
Blockchain Decentralized Identifier (DID) Innovation Insights from PatentsAlex G. Lee, Ph.D. Esq. CLP
 
Regulatory Compliance under the Information Technology Act, 2000
Regulatory Compliance under the Information Technology Act, 2000Regulatory Compliance under the Information Technology Act, 2000
Regulatory Compliance under the Information Technology Act, 2000n|u - The Open Security Community
 
Is Encryption the Only Key to GDPR?
Is Encryption the Only Key to GDPR?Is Encryption the Only Key to GDPR?
Is Encryption the Only Key to GDPR?Joe Orlando
 
ISACA Houston - Practical data privacy and de-identification techniques
ISACA Houston - Practical data privacy and de-identification techniquesISACA Houston - Practical data privacy and de-identification techniques
ISACA Houston - Practical data privacy and de-identification techniquesUlf Mattsson
 
Law firm information security overview focus on encryption by dave cunningh...
Law firm information security overview focus on encryption by dave cunningh...Law firm information security overview focus on encryption by dave cunningh...
Law firm information security overview focus on encryption by dave cunningh...David Cunningham
 
Protecting data privacy in analytics and machine learning - ISACA
Protecting data privacy in analytics and machine learning - ISACAProtecting data privacy in analytics and machine learning - ISACA
Protecting data privacy in analytics and machine learning - ISACAUlf Mattsson
 
What is tokenization in blockchain?
What is tokenization in blockchain?What is tokenization in blockchain?
What is tokenization in blockchain?Ulf Mattsson
 

Tendances (20)

An Indian Outline on Database Protection
An Indian Outline on Database ProtectionAn Indian Outline on Database Protection
An Indian Outline on Database Protection
 
Telebiometric information security and safety management
Telebiometric information security and safety managementTelebiometric information security and safety management
Telebiometric information security and safety management
 
India'a Proposed Privacy & Personal Data Protection Law
India'a Proposed Privacy & Personal Data Protection Law India'a Proposed Privacy & Personal Data Protection Law
India'a Proposed Privacy & Personal Data Protection Law
 
Protecting Data Privacy in Analytics and Machine Learning
Protecting Data Privacy in Analytics and Machine LearningProtecting Data Privacy in Analytics and Machine Learning
Protecting Data Privacy in Analytics and Machine Learning
 
Unlock the potential of data security 2020
Unlock the potential of data security 2020Unlock the potential of data security 2020
Unlock the potential of data security 2020
 
ISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloudISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloud
 
Compliance audit under the Information Technology Act, 2000
Compliance audit under the Information Technology Act, 2000Compliance audit under the Information Technology Act, 2000
Compliance audit under the Information Technology Act, 2000
 
Emerging application and data protection for multi cloud
Emerging application and data protection for multi cloudEmerging application and data protection for multi cloud
Emerging application and data protection for multi cloud
 
10 Things You Need To Know About Privacy
10 Things You Need To Know About Privacy10 Things You Need To Know About Privacy
10 Things You Need To Know About Privacy
 
Evolving regulations are changing the way we think about tools and technology
Evolving regulations are changing the way we think about tools and technologyEvolving regulations are changing the way we think about tools and technology
Evolving regulations are changing the way we think about tools and technology
 
PRIVACY AND SECURITY POLICIES THAT ENCOURAGE EBUSINESS
PRIVACY AND SECURITY POLICIES THAT ENCOURAGE EBUSINESSPRIVACY AND SECURITY POLICIES THAT ENCOURAGE EBUSINESS
PRIVACY AND SECURITY POLICIES THAT ENCOURAGE EBUSINESS
 
HISTOGRAM OF NEIGHBORHOOD TRIPARTITE AUTHENTICATION WITH FINGERPRINT-BASED BI...
HISTOGRAM OF NEIGHBORHOOD TRIPARTITE AUTHENTICATION WITH FINGERPRINT-BASED BI...HISTOGRAM OF NEIGHBORHOOD TRIPARTITE AUTHENTICATION WITH FINGERPRINT-BASED BI...
HISTOGRAM OF NEIGHBORHOOD TRIPARTITE AUTHENTICATION WITH FINGERPRINT-BASED BI...
 
Jul 16 isaca london data protection, security and privacy risks - on premis...
Jul 16 isaca london data protection, security and privacy risks - on premis...Jul 16 isaca london data protection, security and privacy risks - on premis...
Jul 16 isaca london data protection, security and privacy risks - on premis...
 
Blockchain Decentralized Identifier (DID) Innovation Insights from Patents
Blockchain Decentralized Identifier (DID) Innovation Insights from PatentsBlockchain Decentralized Identifier (DID) Innovation Insights from Patents
Blockchain Decentralized Identifier (DID) Innovation Insights from Patents
 
Regulatory Compliance under the Information Technology Act, 2000
Regulatory Compliance under the Information Technology Act, 2000Regulatory Compliance under the Information Technology Act, 2000
Regulatory Compliance under the Information Technology Act, 2000
 
Is Encryption the Only Key to GDPR?
Is Encryption the Only Key to GDPR?Is Encryption the Only Key to GDPR?
Is Encryption the Only Key to GDPR?
 
ISACA Houston - Practical data privacy and de-identification techniques
ISACA Houston - Practical data privacy and de-identification techniquesISACA Houston - Practical data privacy and de-identification techniques
ISACA Houston - Practical data privacy and de-identification techniques
 
Law firm information security overview focus on encryption by dave cunningh...
Law firm information security overview focus on encryption by dave cunningh...Law firm information security overview focus on encryption by dave cunningh...
Law firm information security overview focus on encryption by dave cunningh...
 
Protecting data privacy in analytics and machine learning - ISACA
Protecting data privacy in analytics and machine learning - ISACAProtecting data privacy in analytics and machine learning - ISACA
Protecting data privacy in analytics and machine learning - ISACA
 
What is tokenization in blockchain?
What is tokenization in blockchain?What is tokenization in blockchain?
What is tokenization in blockchain?
 

Similaire à AI, Blockchain, IoT GDPR v. PIPA Compliance AT A Glance

GDPR and Analytics
GDPR and AnalyticsGDPR and Analytics
GDPR and Analyticsbrunomase
 
Compatible use of personal data (개인정보 이용의 양립가능성)
Compatible use of personal data (개인정보 이용의 양립가능성)Compatible use of personal data (개인정보 이용의 양립가능성)
Compatible use of personal data (개인정보 이용의 양립가능성)David Lee
 
GDPR: Protecting Your Data
GDPR: Protecting Your DataGDPR: Protecting Your Data
GDPR: Protecting Your DataUlf Mattsson
 
Managing Data Protection guide powerpoint presentation
Managing Data Protection guide powerpoint presentationManaging Data Protection guide powerpoint presentation
Managing Data Protection guide powerpoint presentationsilvereyez11
 
Continuous PCI and GDPR Compliance With Data-Centric Security
Continuous PCI and GDPR Compliance With Data-Centric SecurityContinuous PCI and GDPR Compliance With Data-Centric Security
Continuous PCI and GDPR Compliance With Data-Centric SecurityTokenEx
 
Webinar: eCommerce Compliance - PCI meets GDPR
Webinar: eCommerce Compliance - PCI meets GDPRWebinar: eCommerce Compliance - PCI meets GDPR
Webinar: eCommerce Compliance - PCI meets GDPRSucuri
 
GDPR and eHealth for the pharma industry (VFenR presentation)
GDPR and eHealth for the pharma industry (VFenR presentation)GDPR and eHealth for the pharma industry (VFenR presentation)
GDPR and eHealth for the pharma industry (VFenR presentation)Erik Vollebregt
 
iSPIRT's Response on Digital Information Security in Healthcare Act (DISHA)
iSPIRT's Response on Digital Information Security in Healthcare Act (DISHA)iSPIRT's Response on Digital Information Security in Healthcare Act (DISHA)
iSPIRT's Response on Digital Information Security in Healthcare Act (DISHA)ProductNation/iSPIRT
 
Biometric Personal Data, Legal and Technological Utilization Issues
Biometric Personal Data, Legal and Technological Utilization IssuesBiometric Personal Data, Legal and Technological Utilization Issues
Biometric Personal Data, Legal and Technological Utilization IssuesGiannisBasa
 
Legal aspects of IT security
Legal aspects of IT securityLegal aspects of IT security
Legal aspects of IT securityAdv Prashant Mali
 
security issue in e-commerce
security issue in e-commercesecurity issue in e-commerce
security issue in e-commercePalavesa Krishnan
 
BigID Data Sheet: LGPD Compliance Automated
BigID Data Sheet: LGPD Compliance AutomatedBigID Data Sheet: LGPD Compliance Automated
BigID Data Sheet: LGPD Compliance AutomatedBigID Inc
 
ITCamp 2018 - Cristiana Fernbach - GDPR compliance in the industry 4.0
ITCamp 2018 - Cristiana Fernbach - GDPR compliance in the industry 4.0ITCamp 2018 - Cristiana Fernbach - GDPR compliance in the industry 4.0
ITCamp 2018 - Cristiana Fernbach - GDPR compliance in the industry 4.0ITCamp
 
Personal privacy and computer technologies
Personal privacy and computer technologiesPersonal privacy and computer technologies
Personal privacy and computer technologiessidra batool
 
GDPR practical info session for development
GDPR practical info session for developmentGDPR practical info session for development
GDPR practical info session for developmentTomppa Järvinen
 
Examples of international privacy legislation
Examples of international privacy legislationExamples of international privacy legislation
Examples of international privacy legislationUlf Mattsson
 
Startups - data protection
Startups - data protectionStartups - data protection
Startups - data protectionMathew Chacko
 

Similaire à AI, Blockchain, IoT GDPR v. PIPA Compliance AT A Glance (20)

AI, Blockchain, IoT GDPR Compliance AT A Glance
AI, Blockchain, IoT GDPR Compliance AT A GlanceAI, Blockchain, IoT GDPR Compliance AT A Glance
AI, Blockchain, IoT GDPR Compliance AT A Glance
 
GDPR, Data Privacy.
GDPR, Data Privacy.GDPR, Data Privacy.
GDPR, Data Privacy.
 
GDPR and Analytics
GDPR and AnalyticsGDPR and Analytics
GDPR and Analytics
 
Compatible use of personal data (개인정보 이용의 양립가능성)
Compatible use of personal data (개인정보 이용의 양립가능성)Compatible use of personal data (개인정보 이용의 양립가능성)
Compatible use of personal data (개인정보 이용의 양립가능성)
 
GDPR: Protecting Your Data
GDPR: Protecting Your DataGDPR: Protecting Your Data
GDPR: Protecting Your Data
 
Managing Data Protection guide powerpoint presentation
Managing Data Protection guide powerpoint presentationManaging Data Protection guide powerpoint presentation
Managing Data Protection guide powerpoint presentation
 
Continuous PCI and GDPR Compliance With Data-Centric Security
Continuous PCI and GDPR Compliance With Data-Centric SecurityContinuous PCI and GDPR Compliance With Data-Centric Security
Continuous PCI and GDPR Compliance With Data-Centric Security
 
Webinar: eCommerce Compliance - PCI meets GDPR
Webinar: eCommerce Compliance - PCI meets GDPRWebinar: eCommerce Compliance - PCI meets GDPR
Webinar: eCommerce Compliance - PCI meets GDPR
 
GDPR and eHealth for the pharma industry (VFenR presentation)
GDPR and eHealth for the pharma industry (VFenR presentation)GDPR and eHealth for the pharma industry (VFenR presentation)
GDPR and eHealth for the pharma industry (VFenR presentation)
 
iSPIRT's Response on Digital Information Security in Healthcare Act (DISHA)
iSPIRT's Response on Digital Information Security in Healthcare Act (DISHA)iSPIRT's Response on Digital Information Security in Healthcare Act (DISHA)
iSPIRT's Response on Digital Information Security in Healthcare Act (DISHA)
 
Biometric Personal Data, Legal and Technological Utilization Issues
Biometric Personal Data, Legal and Technological Utilization IssuesBiometric Personal Data, Legal and Technological Utilization Issues
Biometric Personal Data, Legal and Technological Utilization Issues
 
Legal aspects of IT security
Legal aspects of IT securityLegal aspects of IT security
Legal aspects of IT security
 
security issue in e-commerce
security issue in e-commercesecurity issue in e-commerce
security issue in e-commerce
 
Cyber safe lambeth | GDPR taster
Cyber safe lambeth | GDPR tasterCyber safe lambeth | GDPR taster
Cyber safe lambeth | GDPR taster
 
BigID Data Sheet: LGPD Compliance Automated
BigID Data Sheet: LGPD Compliance AutomatedBigID Data Sheet: LGPD Compliance Automated
BigID Data Sheet: LGPD Compliance Automated
 
ITCamp 2018 - Cristiana Fernbach - GDPR compliance in the industry 4.0
ITCamp 2018 - Cristiana Fernbach - GDPR compliance in the industry 4.0ITCamp 2018 - Cristiana Fernbach - GDPR compliance in the industry 4.0
ITCamp 2018 - Cristiana Fernbach - GDPR compliance in the industry 4.0
 
Personal privacy and computer technologies
Personal privacy and computer technologiesPersonal privacy and computer technologies
Personal privacy and computer technologies
 
GDPR practical info session for development
GDPR practical info session for developmentGDPR practical info session for development
GDPR practical info session for development
 
Examples of international privacy legislation
Examples of international privacy legislationExamples of international privacy legislation
Examples of international privacy legislation
 
Startups - data protection
Startups - data protectionStartups - data protection
Startups - data protection
 

Plus de Alex G. Lee, Ph.D. Esq. CLP

[Presentation] Webinar on Patent Management and Patent Asset STO in the ChatG...
[Presentation] Webinar on Patent Management and Patent Asset STO in the ChatG...[Presentation] Webinar on Patent Management and Patent Asset STO in the ChatG...
[Presentation] Webinar on Patent Management and Patent Asset STO in the ChatG...Alex G. Lee, Ph.D. Esq. CLP
 
Metaverse x AI x Web3 x Sustainability Convergence
Metaverse x AI x Web3 x Sustainability ConvergenceMetaverse x AI x Web3 x Sustainability Convergence
Metaverse x AI x Web3 x Sustainability ConvergenceAlex G. Lee, Ph.D. Esq. CLP
 
Tokenization, Securitization, Monetization of Real-World Assets
Tokenization, Securitization, Monetization of Real-World AssetsTokenization, Securitization, Monetization of Real-World Assets
Tokenization, Securitization, Monetization of Real-World AssetsAlex G. Lee, Ph.D. Esq. CLP
 
Maximizing Innovation through ChatGPT Powered Patent Analysis
Maximizing Innovation through ChatGPT Powered Patent AnalysisMaximizing Innovation through ChatGPT Powered Patent Analysis
Maximizing Innovation through ChatGPT Powered Patent AnalysisAlex G. Lee, Ph.D. Esq. CLP
 
Maximizing AI Business Value Creation Utilizing Patents
Maximizing AI Business Value Creation Utilizing PatentsMaximizing AI Business Value Creation Utilizing Patents
Maximizing AI Business Value Creation Utilizing PatentsAlex G. Lee, Ph.D. Esq. CLP
 
Real-World Assets STO + Institutional DeFi Integration
Real-World Assets STO + Institutional DeFi IntegrationReal-World Assets STO + Institutional DeFi Integration
Real-World Assets STO + Institutional DeFi IntegrationAlex G. Lee, Ph.D. Esq. CLP
 
Metaverse & Web3 Technology Innovation & Business Development
Metaverse & Web3 Technology Innovation & Business DevelopmentMetaverse & Web3 Technology Innovation & Business Development
Metaverse & Web3 Technology Innovation & Business DevelopmentAlex G. Lee, Ph.D. Esq. CLP
 
웹3.0기반 메타버스 응용을 위한 NFT 가치개발과 가치평가 특강
웹3.0기반 메타버스 응용을 위한 NFT 가치개발과 가치평가 특강웹3.0기반 메타버스 응용을 위한 NFT 가치개발과 가치평가 특강
웹3.0기반 메타버스 응용을 위한 NFT 가치개발과 가치평가 특강Alex G. Lee, Ph.D. Esq. CLP
 
NFT for Web3 Based Metaverse Monetization Webinar.pdf
NFT for Web3 Based Metaverse Monetization Webinar.pdfNFT for Web3 Based Metaverse Monetization Webinar.pdf
NFT for Web3 Based Metaverse Monetization Webinar.pdfAlex G. Lee, Ph.D. Esq. CLP
 
FAME UNIVERSE Fashion NFT Monetization Platform Introduction
FAME UNIVERSE Fashion NFT Monetization Platform IntroductionFAME UNIVERSE Fashion NFT Monetization Platform Introduction
FAME UNIVERSE Fashion NFT Monetization Platform IntroductionAlex G. Lee, Ph.D. Esq. CLP
 
NAVIGATING THE METAVERSE (Wiley) One Page Book Summary
NAVIGATING THE METAVERSE (Wiley) One Page Book SummaryNAVIGATING THE METAVERSE (Wiley) One Page Book Summary
NAVIGATING THE METAVERSE (Wiley) One Page Book SummaryAlex G. Lee, Ph.D. Esq. CLP
 

Plus de Alex G. Lee, Ph.D. Esq. CLP (20)

[Presentation] Webinar on Patent Management and Patent Asset STO in the ChatG...
[Presentation] Webinar on Patent Management and Patent Asset STO in the ChatG...[Presentation] Webinar on Patent Management and Patent Asset STO in the ChatG...
[Presentation] Webinar on Patent Management and Patent Asset STO in the ChatG...
 
Metaverse x AI x Web3 x Sustainability Convergence
Metaverse x AI x Web3 x Sustainability ConvergenceMetaverse x AI x Web3 x Sustainability Convergence
Metaverse x AI x Web3 x Sustainability Convergence
 
Tokenization, Securitization, Monetization of Real-World Assets
Tokenization, Securitization, Monetization of Real-World AssetsTokenization, Securitization, Monetization of Real-World Assets
Tokenization, Securitization, Monetization of Real-World Assets
 
Maximizing Innovation through ChatGPT Powered Patent Analysis
Maximizing Innovation through ChatGPT Powered Patent AnalysisMaximizing Innovation through ChatGPT Powered Patent Analysis
Maximizing Innovation through ChatGPT Powered Patent Analysis
 
Maximizing AI Business Value Creation Utilizing Patents
Maximizing AI Business Value Creation Utilizing PatentsMaximizing AI Business Value Creation Utilizing Patents
Maximizing AI Business Value Creation Utilizing Patents
 
Real-World Assets STO + Institutional DeFi Integration
Real-World Assets STO + Institutional DeFi IntegrationReal-World Assets STO + Institutional DeFi Integration
Real-World Assets STO + Institutional DeFi Integration
 
Metaverse x Web3 Interoperability Overview
Metaverse x Web3 Interoperability OverviewMetaverse x Web3 Interoperability Overview
Metaverse x Web3 Interoperability Overview
 
AI for Metaverse x Web3 Overview
AI for Metaverse x Web3 OverviewAI for Metaverse x Web3 Overview
AI for Metaverse x Web3 Overview
 
NFT Web3 Metaverse Global Leaders Roundtable
NFT Web3 Metaverse Global Leaders RoundtableNFT Web3 Metaverse Global Leaders Roundtable
NFT Web3 Metaverse Global Leaders Roundtable
 
Fame Universe Introduction
Fame Universe IntroductionFame Universe Introduction
Fame Universe Introduction
 
Metaverse Fashion Overview
Metaverse Fashion OverviewMetaverse Fashion Overview
Metaverse Fashion Overview
 
Global Metaverse Fashion Innovators Roadshow
Global Metaverse Fashion Innovators RoadshowGlobal Metaverse Fashion Innovators Roadshow
Global Metaverse Fashion Innovators Roadshow
 
NFT Financialization Overview
NFT Financialization OverviewNFT Financialization Overview
NFT Financialization Overview
 
Metaverse & Web3 Technology Innovation & Business Development
Metaverse & Web3 Technology Innovation & Business DevelopmentMetaverse & Web3 Technology Innovation & Business Development
Metaverse & Web3 Technology Innovation & Business Development
 
NFT Monetization Innovation Webinar
NFT Monetization Innovation WebinarNFT Monetization Innovation Webinar
NFT Monetization Innovation Webinar
 
웹3.0기반 메타버스 응용을 위한 NFT 가치개발과 가치평가 특강
웹3.0기반 메타버스 응용을 위한 NFT 가치개발과 가치평가 특강웹3.0기반 메타버스 응용을 위한 NFT 가치개발과 가치평가 특강
웹3.0기반 메타버스 응용을 위한 NFT 가치개발과 가치평가 특강
 
NFT for Web3 Based Metaverse Monetization Webinar.pdf
NFT for Web3 Based Metaverse Monetization Webinar.pdfNFT for Web3 Based Metaverse Monetization Webinar.pdf
NFT for Web3 Based Metaverse Monetization Webinar.pdf
 
FAME UNIVERSE Fashion NFT Monetization Platform Introduction
FAME UNIVERSE Fashion NFT Monetization Platform IntroductionFAME UNIVERSE Fashion NFT Monetization Platform Introduction
FAME UNIVERSE Fashion NFT Monetization Platform Introduction
 
NAVIGATING THE METAVERSE (Wiley) One Page Book Summary
NAVIGATING THE METAVERSE (Wiley) One Page Book SummaryNAVIGATING THE METAVERSE (Wiley) One Page Book Summary
NAVIGATING THE METAVERSE (Wiley) One Page Book Summary
 
FAME Universe Introduction
FAME Universe IntroductionFAME Universe Introduction
FAME Universe Introduction
 

Dernier

Vanderburgh County Sheriff says he will Not Raid Delta 8 Shops
Vanderburgh County Sheriff says he will Not Raid Delta 8 ShopsVanderburgh County Sheriff says he will Not Raid Delta 8 Shops
Vanderburgh County Sheriff says he will Not Raid Delta 8 ShopsAbdul-Hakim Shabazz
 
PPT Template - Federal Law Enforcement Training Center
PPT Template - Federal Law Enforcement Training CenterPPT Template - Federal Law Enforcement Training Center
PPT Template - Federal Law Enforcement Training Centerejlfernandez22
 
Special Accounting Areas - Hire purchase agreement
Special Accounting Areas - Hire purchase agreementSpecial Accounting Areas - Hire purchase agreement
Special Accounting Areas - Hire purchase agreementShubhiSharma858417
 
citizenship in the Philippines as to the laws applicable
citizenship in the Philippines as to the laws applicablecitizenship in the Philippines as to the laws applicable
citizenship in the Philippines as to the laws applicableSaraSantiago44
 
John Hustaix - The Legal Profession: A History
John Hustaix - The Legal Profession: A HistoryJohn Hustaix - The Legal Profession: A History
John Hustaix - The Legal Profession: A HistoryJohn Hustaix
 
Hungarian legislation made by Robert Miklos
Hungarian legislation made by Robert MiklosHungarian legislation made by Robert Miklos
Hungarian legislation made by Robert Miklosbeduinpower135
 
Guide for Drug Education and Vice Control.docx
Guide for Drug Education and Vice Control.docxGuide for Drug Education and Vice Control.docx
Guide for Drug Education and Vice Control.docxjennysansano2
 
Alexis O'Connell Arrest Records Houston Texas lexileeyogi
Alexis O'Connell Arrest Records Houston Texas lexileeyogiAlexis O'Connell Arrest Records Houston Texas lexileeyogi
Alexis O'Connell Arrest Records Houston Texas lexileeyogiBlayneRush1
 
Law360 - How Duty Of Candor Figures In USPTO AI Ethics Guidance
Law360 - How Duty Of Candor Figures In USPTO AI Ethics GuidanceLaw360 - How Duty Of Candor Figures In USPTO AI Ethics Guidance
Law360 - How Duty Of Candor Figures In USPTO AI Ethics GuidanceMichael Cicero
 
Analysis on Law of Domicile under Private International laws.
Analysis on Law of Domicile under Private International laws.Analysis on Law of Domicile under Private International laws.
Analysis on Law of Domicile under Private International laws.2020000445musaib
 
Succession (Articles 774-1116 Civil Code
Succession (Articles 774-1116 Civil CodeSuccession (Articles 774-1116 Civil Code
Succession (Articles 774-1116 Civil CodeMelvinPernez2
 
Alexis O'Connell Lexileeyogi 512-840-8791
Alexis O'Connell Lexileeyogi 512-840-8791Alexis O'Connell Lexileeyogi 512-840-8791
Alexis O'Connell Lexileeyogi 512-840-8791BlayneRush1
 
Rights of under-trial Prisoners in India
Rights of under-trial Prisoners in IndiaRights of under-trial Prisoners in India
Rights of under-trial Prisoners in IndiaAbheet Mangleek
 
Good Governance Practices for protection of Human Rights (Discuss Transparen...
Good Governance Practices for protection of Human Rights (Discuss Transparen...Good Governance Practices for protection of Human Rights (Discuss Transparen...
Good Governance Practices for protection of Human Rights (Discuss Transparen...shubhuc963
 
THE INDIAN CONTRACT ACT 1872 NOTES FOR STUDENTS
THE INDIAN CONTRACT ACT 1872 NOTES FOR STUDENTSTHE INDIAN CONTRACT ACT 1872 NOTES FOR STUDENTS
THE INDIAN CONTRACT ACT 1872 NOTES FOR STUDENTSRoshniSingh312153
 
Alexis O'Connell lexileeyogi Bond revocation for drug arrest Alexis Lee
Alexis O'Connell lexileeyogi Bond revocation for drug arrest Alexis LeeAlexis O'Connell lexileeyogi Bond revocation for drug arrest Alexis Lee
Alexis O'Connell lexileeyogi Bond revocation for drug arrest Alexis LeeBlayneRush1
 
Comparison of GenAI benchmarking models for legal use cases
Comparison of GenAI benchmarking models for legal use casesComparison of GenAI benchmarking models for legal use cases
Comparison of GenAI benchmarking models for legal use casesritwikv20
 
Grey Area of the Information Technology Act, 2000.pptx
Grey Area of the Information Technology Act, 2000.pptxGrey Area of the Information Technology Act, 2000.pptx
Grey Area of the Information Technology Act, 2000.pptxBharatMunjal4
 
Sarvesh Raj IPS - A Journey of Dedication and Leadership.pptx
Sarvesh Raj IPS - A Journey of Dedication and Leadership.pptxSarvesh Raj IPS - A Journey of Dedication and Leadership.pptx
Sarvesh Raj IPS - A Journey of Dedication and Leadership.pptxAnto Jebin
 
昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书
昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书
昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书1k98h0e1
 

Dernier (20)

Vanderburgh County Sheriff says he will Not Raid Delta 8 Shops
Vanderburgh County Sheriff says he will Not Raid Delta 8 ShopsVanderburgh County Sheriff says he will Not Raid Delta 8 Shops
Vanderburgh County Sheriff says he will Not Raid Delta 8 Shops
 
PPT Template - Federal Law Enforcement Training Center
PPT Template - Federal Law Enforcement Training CenterPPT Template - Federal Law Enforcement Training Center
PPT Template - Federal Law Enforcement Training Center
 
Special Accounting Areas - Hire purchase agreement
Special Accounting Areas - Hire purchase agreementSpecial Accounting Areas - Hire purchase agreement
Special Accounting Areas - Hire purchase agreement
 
citizenship in the Philippines as to the laws applicable
citizenship in the Philippines as to the laws applicablecitizenship in the Philippines as to the laws applicable
citizenship in the Philippines as to the laws applicable
 
John Hustaix - The Legal Profession: A History
John Hustaix - The Legal Profession: A HistoryJohn Hustaix - The Legal Profession: A History
John Hustaix - The Legal Profession: A History
 
Hungarian legislation made by Robert Miklos
Hungarian legislation made by Robert MiklosHungarian legislation made by Robert Miklos
Hungarian legislation made by Robert Miklos
 
Guide for Drug Education and Vice Control.docx
Guide for Drug Education and Vice Control.docxGuide for Drug Education and Vice Control.docx
Guide for Drug Education and Vice Control.docx
 
Alexis O'Connell Arrest Records Houston Texas lexileeyogi
Alexis O'Connell Arrest Records Houston Texas lexileeyogiAlexis O'Connell Arrest Records Houston Texas lexileeyogi
Alexis O'Connell Arrest Records Houston Texas lexileeyogi
 
Law360 - How Duty Of Candor Figures In USPTO AI Ethics Guidance
Law360 - How Duty Of Candor Figures In USPTO AI Ethics GuidanceLaw360 - How Duty Of Candor Figures In USPTO AI Ethics Guidance
Law360 - How Duty Of Candor Figures In USPTO AI Ethics Guidance
 
Analysis on Law of Domicile under Private International laws.
Analysis on Law of Domicile under Private International laws.Analysis on Law of Domicile under Private International laws.
Analysis on Law of Domicile under Private International laws.
 
Succession (Articles 774-1116 Civil Code
Succession (Articles 774-1116 Civil CodeSuccession (Articles 774-1116 Civil Code
Succession (Articles 774-1116 Civil Code
 
Alexis O'Connell Lexileeyogi 512-840-8791
Alexis O'Connell Lexileeyogi 512-840-8791Alexis O'Connell Lexileeyogi 512-840-8791
Alexis O'Connell Lexileeyogi 512-840-8791
 
Rights of under-trial Prisoners in India
Rights of under-trial Prisoners in IndiaRights of under-trial Prisoners in India
Rights of under-trial Prisoners in India
 
Good Governance Practices for protection of Human Rights (Discuss Transparen...
Good Governance Practices for protection of Human Rights (Discuss Transparen...Good Governance Practices for protection of Human Rights (Discuss Transparen...
Good Governance Practices for protection of Human Rights (Discuss Transparen...
 
THE INDIAN CONTRACT ACT 1872 NOTES FOR STUDENTS
THE INDIAN CONTRACT ACT 1872 NOTES FOR STUDENTSTHE INDIAN CONTRACT ACT 1872 NOTES FOR STUDENTS
THE INDIAN CONTRACT ACT 1872 NOTES FOR STUDENTS
 
Alexis O'Connell lexileeyogi Bond revocation for drug arrest Alexis Lee
Alexis O'Connell lexileeyogi Bond revocation for drug arrest Alexis LeeAlexis O'Connell lexileeyogi Bond revocation for drug arrest Alexis Lee
Alexis O'Connell lexileeyogi Bond revocation for drug arrest Alexis Lee
 
Comparison of GenAI benchmarking models for legal use cases
Comparison of GenAI benchmarking models for legal use casesComparison of GenAI benchmarking models for legal use cases
Comparison of GenAI benchmarking models for legal use cases
 
Grey Area of the Information Technology Act, 2000.pptx
Grey Area of the Information Technology Act, 2000.pptxGrey Area of the Information Technology Act, 2000.pptx
Grey Area of the Information Technology Act, 2000.pptx
 
Sarvesh Raj IPS - A Journey of Dedication and Leadership.pptx
Sarvesh Raj IPS - A Journey of Dedication and Leadership.pptxSarvesh Raj IPS - A Journey of Dedication and Leadership.pptx
Sarvesh Raj IPS - A Journey of Dedication and Leadership.pptx
 
昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书
昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书
昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书
 

AI, Blockchain, IoT GDPR v. PIPA Compliance AT A Glance

  • 1. 1    ©2020 TechIPm, LLC All Rights Reserved http://www.techipm.com/    AI, Blockchain, IoT GDPR v. PIPA Compliance AT A Glance Alex G. Lee1 GDPR v. PIPA (Personal Information Protection Act in S. Korea: 데이터 3 법) AI Bloclkchain IoT Article 5 Principles relating to processing of personal data 제 3 장 개인정보의 처리 (1)(b) Personal data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with Article 89(1), not be considered to be incompatible with the initial purposes (‘purpose limitation’) 제 15 조 개인정보의 수집·이용 제 18 조 개인정보의 목적 외 이용·제공 제한: 개인정보 처리 목적을 명확하게 하고, 그 목적에 필요한 범위 내에서 개인정보를 수집하며, 그 목적 외로 활용하지 않아야 함(당초 수집 목적과 합리적으로 관련된 범위 내에서 정보주체의 동의 없이 개인정보를 이용할 수 있도록 함) Personal data for AI should be collected for specified, explicit and legitimate purposes and processed for those purposes. Specific purpose of the AI’s use of personal data should be determined before data collection or training or deployment. A new AI’s use purpose of personal data should be compatible with the original purpose. Specific purpose of the blockcahin’s use of personal data should be clearly communicated to the data subject that they are using blockcahin technology and explained related implications such as that the processing is not limited to the original transaction but that their personal data will continue to be processed thereafter. Personal data collected by IoT should be processed in relation to the purposes for which those data are collected.                                                              1 Alex G. Lee, Ph.D Esq., is a principal consultant at TechIPm, LLC.
  • 2. 2    ©2020 TechIPm, LLC All Rights Reserved http://www.techipm.com/    (1)(c) Personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimization’) 제 16 조 개인정보의 수집 제한 ① 개인정보처리자는 제 15 조 제 1 항 각 호의 어느 하 나에 해당하여 개인정보를 수집하는 경우에는 그 목적에 필요한 최소한의 개인정보를 수집하여야 한다. (1)(a) Personal data shall be processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’) 제 1 장 총칙 제 3 조 개인정보 보호 원칙 ⑤ 개인정보처리자는 개인정보 처리방침 등 개인정보의 처리에 관한 사항을 공개하여야 하며, 열람청구권 등 정보주체의 권리를 보장하여야 한다 Article 89(1) Processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, shall be subject to appropriate safeguards, in accordance with this Regulation, for the rights and freedoms of the data subject. Those safeguards shall AI's use of additional personal data should provide a benefit that outweighs any potential risk by including additional personal data. The personal data processed for statistical purpose should not be used for adopting decisions on individuals by AI. AI should process personal data transparently and not produce bias output (인공지능 데이터 학습과정이 투명해야 하며(설명가능 AI) 그 결과에 인종/성별 등에 대한 차별이 없어야 함) Personal data collected by IoT should be limited to what is necessary in relation to the purposes (applications or services to operate) for which they are processed.) The user of IoT should be informed regarding how collected personal data is being handled.
  • 3. 3    ©2020 TechIPm, LLC All Rights Reserved http://www.techipm.com/    ensure that technical and organizational measures are in place in particular in order to ensure respect for the principle of data minimization. Those measures may include pseudonymization provided that those purposes can be fulfilled in that manner. 제 3 장 제 28 조 가명정보의 처리 등 ① 개인정보처리자는 통계작성, 과학적 연구, 공익적 기록보존 등을 위하여 정보주체의 동의 없이 가명정보를 처리할 수 있다. * Pseudonymized Data (가명정보) Recital 28 (제 1 장 총칙 제 2 조 정의) Article 24 Responsibility of the controller (2) Where proportionate in relation to processing activities, the measures referred to in paragraph 1 shall include the implementation of appropriate data protection policies by the controller./ Article 25 Data protection by design and by default/ Article 32 Security of processing 제 4 장 개인정보의 안전한 관리 제 29 조 안전조치의무 개인정보처리자는 개인정보가 분실·도난·유출·위조·변조 또는 훼손되지 아니하도록 내부 관리계획 수립, 접속기록 보관 등 대통령령으로 정하는 바에 따라 안전성 확보에 필요한 기술적·관리적 및 물리적 조치를 하여야 한다./ 제 4 장 개인정보의 안전한 관리 제 30 조 With regard to AI, these measures should include controls over the representativeness of training sets, over the reasonableness of the inferences and over the absence of unfairness and discrimination./Appropriate security measures, such as encryption or pseudonymization, should also prevent Whoever uses blockchain technology, should ensure that the technical specificities are such to enable compliance with the GDPR. The data controllers are obliged to make sure that the processes of blockchain governance to ensure that compliance with the GDPR is possible. Special design consideration in GDPR-compliance IoT system should be given considering automatic communication without human intervention between IoT objects and between IoT objects and persons.
  • 4. 4    ©2020 TechIPm, LLC All Rights Reserved http://www.techipm.com/    개인정보 처리방침의 수립 및 공개 (개인정보의 안전성 확보 조치) * Controller (개인정보처리자): Article 4(7) (제 2 조 제 5 호); Processor (개인정보취급자): Article 4(8) (제 28 조 제 1 항) Article 35 Data protection impact assessment (1) Where a type of processing in particular using new technologies, and taking into account the nature, scope, context and purposes of the processing, is likely to result in a high risk to the rights and freedoms of natural persons, the controller shall, prior to the processing, carry out an assessment of the impact of the envisaged processing operations on the protection of personal data. A single assessment may address a set of similar processing operations that present similar high risks. 제 4 장 개인정보의 안전한 관리 제 33 조 개인정보 영향평가 ① 공공기관의 장은 대통령령으로 정하는 기준에 해당하는 개인정보파일의 운용으로 인하여 정보주체의 개인정보 침해가 우려되는 경우에는 그 위험요인의 분석과 개선 사항 도출을 위한 평가(이하 " 영향평가"라 한다)를 하고 그 결과를 보호위원회에 제출하여야 한다. The impact assessment is important in the development of data-protection compliant AI. It would be helpful if regulatory guidance on blockchains to specify whether the use of blockchains creates a high risk to fundamental rights, or whether risk ought to be assessed on a case-by-case basis. IoT data controllers should consider the impact of the personal data processing. Double shield for cybersecurity via AI +blockchain integration may provide data- protection compliant IoT.
  • 5. 5    ©2020 TechIPm, LLC All Rights Reserved http://www.techipm.com/    Article 16 Right to rectification The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement. Article 17 – Right to erasure (‘right to be forgotten’) The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay … 제 5 장 정보주체의 권리 보장 제 36 조(개인정보의 정정·삭제) ② 개인정보처리자는 제 1 항에 따른 정보주체의 요구를 받았을 때에는 개인정보의 정정 또는 삭제에 관하여 다른 법령에 특별한 절차가 규정되어 있는 경우를 제외하고는 지체 없이 그 개인정보를 조사하여 정보주체의 요구에 따라 정정·삭제 등 필요한 조치를 한 후 그 결과를 정보주체에게 알려야 한다. Trained AI algorithm can be used for transfer learning because the data that are embedded in trained AI algorithm are no longer persona data. Rectifying data on private blockchains can be possible through a change of the relevant transaction record by re-hashing subsequent blocks where this is facilitated by the respective technical and governance set-up./Rectifying data on public blockchains may be possible by means of providing a supplementary statement to make incomplete data complete. Blockahin should provide at least means for blocking access to the data (e.g., destruction of the private key, which would have the effect of making data encrypted with a public key inaccessible). If possible, use anonymized data (e.g., non-reversible encryption of data, Zero-knowledge proofs). *Elaboration for Self Sovereign Identity (SSI) over blockchain (Decentrized Identifier IoT should be designed from the start to meet suitable detailed requirements of personal data rectification and erasure.
  • 6. 6    ©2020 TechIPm, LLC All Rights Reserved http://www.techipm.com/    Article 20 Right to data portability The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided … 제 3 장 제 17 조 개인정보의 제공 ① 개인정보처리자는 다음 각 호의 어느 하나에 해당 되는 경우에는 정보주체의 개인정보를 제 3 자에게 제공(공유를 포함한다. 이 하 같다)할 수 있다. Article 45 Transfers on the basis of an adequacy decision A transfer of personal data to a third country or an international organization may take place where the Commission has decided that the third country, a territory or one or more specified sectors within that third country, or the international organization in question ensures an adequate level of protection. Such a transfer shall not require any specific authorization. 제 3 장 제 17 조 개인정보의 제공 ③ 개인정보처리자가 개인정보를 국외의 제 3 자에게 Data analysis using AI is likely to involve cross-border transfer and multiple parties. (DID)) is needed. There may be some cases that interoperability among various blockchain solutions cab be an issue. Blockchain should allow data subjects to obtain information about where their data has been transferred to in line with the informational duties applying to third country transfers. IoT should be designed from the start to meet suitable detailed requirements of personal data portability and transfer. Transfer of personal data to multiple devices located in many locations including in other Nations is likely in the IoT
  • 7. 7    ©2020 TechIPm, LLC All Rights Reserved http://www.techipm.com/    제공할 때에는 제 2 항 각 호에 따른 사항을 정보주체에게 알리고 동의를 받아야 하며, 이 법을 위반하는 내용으로 개인정보의 국외 이전에 관한 계약을 체결하여서는 아니 된다 Article 22 Automated individual decision- making, including profiling (1) The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her (3) In the cases referred to in points (a) and (c) of paragraph 2, the data controller shall implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision Implement some level of human involvement in the decision process (decision supporting tool for final human decision). If possible, use anonymized data. Potential measures are (a) Use pseudonymized data (b) Input data related to the data subject and other parameters used by AI algorithm for automated decision can be provided upon request. Automated decision- making by blockchain smart contracts should be analyzed for compatibility. This is the case particularly for AI algorithms deployed in conjunction with IoT.
  • 8. 8    ©2020 TechIPm, LLC All Rights Reserved http://www.techipm.com/    (4) Decisions referred to in paragraph 2 shall not be based on special categories of personal data referred to in Article 9(1), unless point (a) or (g) of Article 9(2) applies and suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests are in place. Article 9 Processing of special categories of personal data 제 3 장 제 23 조 민감정보의 처리 제한 ① 개인정보처리자는 사상·신념, 노동조합·정 당의 가입·탈퇴, 정치적 견해, 건강, 성생활 등에 관한 정보, 그 밖에 정보주체 의 사생활을 현저히 침해할 우려가 있는 개인정보로서 대통령령으로 정하는 정보(이하 “민감정보”라 한다)를 처리하여서는 아니 된다. 다만, 다음 각 호의 어느 하나에 해당하는 경우에는 그러하지 아니하다. 1. 정보주체에게 제 15 조 제 2 항 각 호 또는 제 17 조 제 2 항 각 호의 사항을 알리 고 다른 개인정보의 처리에 대한 동의와 별도로 동의를 받은 경우 2. 법령에서 민감정보의 처리를 요구하거나 허용하는 경우 A careful consideration should be given for processing sensitive personal data (personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic state, biometric signal, health status, sex life or sexual orientation).