Privacy Symposium 2023: Data Protection Law International Convergence and Compliance with Innovative Technologies (DPLICIT)

Foreword
	Comments on Specific Papers
	Conclusion
Preface
Organization
	Executive Committee
	Steering Committee
	Program Committee
	Additional Referees
Contents
1 A Methodology for the Assessment of the Impact of Data Protection Risks in the Context of Big Data Analytics: A Delphi Study
	1.1 Introduction
	1.2 Background
	1.3 Overview of the Delphi Study
		1.3.1 Delphi First Round
		1.3.2 Delphi Second Round
	1.4 Conclusions
	A.1 Appendix
		A.1.1 Level of Agreement
		A.1.2 PTP (1) Unclear Data Controllership
		A.1.3 Level of Importance
		A.1.4 DPIA Methodologies
	References
2 Introducing the Concept of Data Subject Rights as a Service under the GDPR
	2.1 Introduction
	2.2 Data Subject Rights
	2.3 Related Work
	2.4 Data Subject Rights as a Service
		2.4.1 Goals
		2.4.2 Services
			2.4.2.1 Data Subject Right Enforcement
			2.4.2.2 Authentication
			2.4.2.3 Data Model
			2.4.2.4 Data Logbook
			2.4.2.5 Consulting
		2.4.3 Interfaces
	2.5 DSRaaS in the Context of the European Data Strategy
	2.6 Discussion
	2.7 Conclusion
	References
3 Technical and Legal Aspects Relating to the (Re)Use of Health Data When Repurposing Machine Learning Models in the EU
	3.1 Introduction
	3.2 Machine Learning Model Repurposing
	3.3 Data Leakage in Machine Learning Models
	3.4 Legal Analysis of Repurposing Machine Learning Models
		3.4.1 General Data Protection Regulation
		3.4.2 Data Governance Act
		3.4.3 European Health Data Space Proposal
	3.5 Scholarly Opinions
	3.6 Discussion
	3.7 Conclusion
	References
4 “We Are the Makers of Manners”: A Grounded Approach to Data Ethics for the Built Environment
	4.1 Introduction
		4.1.1 The RED Foundation
	4.2 The Real Estate Sector: The Landscape, Data, and PropTech
		4.2.1 The Property Landscape
		4.2.2 Real Estate Data
		4.2.3 Technologies Within the Real Estate Sector
		4.2.4 Data Regulations Within the Real Estate Sector
	4.3 Data and Data Protection Challenges in the Real Estate Sector
		4.3.1 Smart Homes and the Internet of Things: Consumer Data Within the Sector
		4.3.2 Smart Cities and Sensing: Citizen Data in the Built Environment
		4.3.3 The Occupier Perspective: The Service Provider Versus the Customer
		4.3.4 Summary
	4.4 Overcoming Data and Data Protection Challenges in Practice
		4.4.1 Good Practices in the Absence of Central Regulation
		4.4.2 The RED Foundation Data Ethics Playbook
		4.4.3 Future Work
	4.5 Conclusion
	References
5 How the Charter of Trust Can Support the Data Protection
	5.1 Introduction
	5.2 Recent Landscape in Cybersecurity: EU Cybersecurity, Strategy Prime Threats, and Investments
		5.2.1 The EU Cybersecurity Strategy
		5.2.2 Prime Threats in the 2021–2022
		5.2.3 The ENISA NIS Investments 2022 Report
	5.3 The Charter of Trust
	5.4 How the Charter of Trust Supports Data Protection
		5.4.1 The “Default” Concept and the Charter of Trust 03 Principle: Security by Default
		5.4.2 A User-Centricity Approach
		5.4.3 Education
		5.4.4 Transparency and Response
	5.5 Conclusion
	References
6 Operationalizing the European Essential Guarantees in Cross-Border Personal Data Transfers: The Case Studies of China and India
	6.1 Introduction
	6.2 The European Essential Guarantees for Surveillance Measures
	6.3 Legal Analysis of Government Access to Personal Data in China and India
		6.3.1 Government Access to Personal Data in China
			6.3.1.1 Secondary Legislation Analysis in China: Government Access, Oversight, and Data Subject Rights
			6.3.1.2 Assessment of the Chinese Legal Framework Against the European Essential Guarantees
			6.3.1.3 Chinese Personal Information Protection Law: New Regime for the Legality, Oversight Mechanism, Redress, and Data Subject Rights for the Government Data Access?
		6.3.2 Government Access to Personal Data in India
			6.3.2.1 Secondary Legislation Analysis in India: Government Access, Oversight, and Data Subject Rights
			6.3.2.2 Assessment of the Indian Legal Framework Against the European Essential Guarantees
	6.4 Conclusion
	6.5 Tables of Relevant Chinese and Indian Laws
7 Enabling Versatile Privacy Interfaces Using Machine-Readable Transparency Information
	7.1 Introduction
	7.2 Background and Related Work
	7.3 General Model for Providing Transparency Information
	7.4 Implementation
		7.4.1 Layered Privacy Dashboard Including Privacy Icons
		7.4.2 Interactive Privacy Chatbot and Voice Assistant Through Conversational AI
	7.5 Preliminary Evaluation
		7.5.1 Layered Privacy Dashboard
		7.5.2 Interactive Privacy Chatbot and Voice Assistant
	7.6 Discussion, Conclusion, and Outlook
	References
8 Processing of Data Relating to Criminal Convictions and Offenses in the Context of Labor Relations in Spain
	8.1 Introduction
	8.2 The Legal Regime Applicable in Spain to the Processing of Personal Data in the Field of Employment
	8.3 The Effects of the Special Nature of Data Concerning Criminal Convictions and Offenses with Respect to Its Processing by Employers in Spain
	8.4 The Processing of Personal Data Relating to Criminal Convictions and Offenses by Employers in Other Member States
	8.5 Conclusions
	References
Index