A Systematic Review on Privacy-Aware IoT Personal Data Stores.

Data from the Internet of Things (IoT) enables the design of new business models and services that improve user experience and satisfaction. These data serve as important information sources for many domains, including disaster management, biosurveillance, smart cities, and smart health, among others. However, this scenario involves the collection of personal data, raising new challenges related to data privacy protection. Therefore, we aim to provide state-of-the-art information regarding privacy issues in the context of IoT, with a particular focus on findings that utilize the Personal Data Store (PDS) as a viable solution for these concerns. To achieve this, we conduct a systematic mapping review to identify, evaluate, and interpret the relevant literature on privacy issues and PDS-based solutions in the IoT context. Our analysis is guided by three well-defined research questions, and we systematically selected 49 studies published until 2023 from an initial pool of 176 papers. We analyze and discuss the most common privacy issues highlighted by the authors and position the role of PDS technologies as a solution to privacy issues in the IoT context. As a result, our findings reveal that only a small number of works (approximately 20%) were dedicated to presenting solutions for privacy issues. Most works (almost 82%) were published between 2018 and 2023, demonstrating an increased interest in the theme in recent years. Additionally, only two works used PDS-based solutions to deal with privacy issues in the IoT context.

A proteção dos dados médicos e o acesso à informação de saúde em Portugal à luz do Regulamento (UE) 2016/679 / The protection of medical data access to health information in Portugal under (EU) Regulation 2016/679 / La protección de datos médicos y el acceso a la información sanitaria en Portugal según el Reglamento (UE) 2016/679

Objetivo: analisar a legislação e as principais questões pertinentes ao armazenamento das informações relativas à saúde do paciente em bancos de dados, bem como as exceções ao dever de sigilo, à luz do Regulamento (UE) 2016/679 (novo Regulamento Geral de Proteção de Dados) e da Lei n.º 58/2019. Metodologia: por meio de uma revisão legislativa e doutrinária, confrontamos os dispositivos que abordam o direito à privacidade do paciente, a proteção do sigilo médico e o acesso de dados, analisando as exceções ao dever de sigilo que decorrem da lei e dos estatutos das ordens profissionais que tutelam o exercício das profissões. Resultados: a dispersão das normas que tratam a proteção de dados pode criar obstáculos à efetivação do direito e dúvidas acerca da interpretação do novo Regulamento Geral de Proteção de Dados. Conclusão: o novo Regulamento e a Lei n.º 58/2019 têm o escopo de sistematizar a matéria concernente à proteção dos dados, mas deverão ser confrontadas com a legislação interna portuguesa que aborde outras questões transversais, a exemplo das tratadas na Lei de Bases da Saúde em Portugal, no Regime Geral dos Arquivos e do Património Arquivístico, dentre outros, o que implica uma dificuldade acrescida ao utilizador do direito.

Objective: to analyze legislation and key issues related to the storage of patient data in databases and exceptions to confidentiality under Regulation (EU) 2016/679 (new General Data Protection Regulation) and Law No. 58/2019.Methods: through a review of legislation and doctrine, we contrast the provisions that address the patient's right to privacy, the protection of medical secrecy, and access to data, and analyze the exceptions to confidentiality arising from the law and the statutes of the professional codes that protect the practice of the professions. Results: the scattering of norms dealing with data protection may lead to obstacles in the realization of the right to data protection and to doubts in the interpretation of the new Regulation. Conclusion: the new Regulation and Law No. 58/2019 are suitable to systematize data protection. However, they must be confronted with Portuguese legislation that deals with other cross-cutting issues, such as the Portuguese Basic Health Law, the General Archives Law and others, which creates additional difficulties for the user of the law.

Objetivo: analizar la legislación y las principales cuestiones relevantes para el almacenamiento de información relacionada con la salud del paciente en bases de datos, así como las excepciones a la obligación de secreto, de acuerdo con el Reglamento (UE) 2016/679 (nuevo Reglamento General de Protección de Datos) y la Ley n.° 58/2019. Metodología: a través de una revisión legislativa y doctrinaria, confrontamos las disposiciones que atienden el derecho a la intimidad del paciente, la protección del secreto médico y el acceso a los datos, analizando las excepciones al deber de secreto, que se derivande la ley y los estatutos que protegen el ejercicio de las profesiones. Resultados: la dispersión de normas que tratan de la protección de datos puede generar obstáculos para la realización del derecho a la protección de datos y dudas sobre la interpretación del Reglamento. Conclusión: el Nuevo Reglamento y la Ley n.º 58/2019 tienen el alcance de sistematizar la materia relativa a la protección de datos, pero deben confrontarse con la legislación interna portuguesa que aborda otras cuestiones transversales, como las tratadas en el Ley de Salud en Portugal, en el Régimen General de Archivos, entre otros, lo que implica una dificultad añadida para el usuario del derecho.

The fundamental right of confidentiality and integrity of IT systems in Germany: a call for "IT Privacy" right in Brazil?

The fundamental right to confidentiality and integrity of IT systems was recognized by the Bundesverfassungsgericht (BVerfG) in Germany and responds to the growing need to recognize new rights that are able to properly protect the individual as new technologies continue to develop. In the said scenario, this paper will seek to answer the question: Starting from the premises set by the BVerfG in the ruling rendered on February 27th, 2008, are there similar grounds to sustain the existence of an IT Privacy right in Brazil, regarding the Brazilian juridical scenario, mainly as to data protection? To that end, the paper is divided into four main parts to: (i) assess the fundamentals of the decision rendered by the BVerfG in the case mentioned; (ii) present the privacy and data protection legal scenario in Brazil; (iii) point out how information security is provided for in Brazilian legislation; and (iv) validate whether the premises adopted by the BVerfG are also coherent in Brazil, considering the legal landscape presented. The research is based on a hypothetical-deductive method, through inquiry and bibliographic analysis, grounded both in Brazilian and European doctrine. Lastly, the research concludes in the sense that the Brazilian and German Constitutional Legal Orders are different, not only relating to the way in which new fundamental rights are acknowledged, but also in regard to the privacy and data protection legal culture, which directly impacts the feasibility of a fundamental right to confidentiality and integrity of IT systems.

Perceptions of ICT Practitioners Regarding Software Privacy.

During software development activities, it is important for Information and Communication Technology (ICT) practitioners to know and understand practices and guidelines regarding information privacy, as software requirements must comply with data privacy laws and members of development teams should know current legislation related to the protection of personal data. In order to gain a better understanding on how industry ICT practitioners perceive the practical relevance of software privacy and privacy requirements and how these professionals are implementing data privacy concepts, we conducted a survey with ICT practitioners from software development organizations to get an overview of how these professionals are implementing data privacy concepts during software design. We performed a systematic literature review to identify related works with software privacy and privacy requirements and what methodologies and techniques are used to specify them. In addition, we conducted a survey with ICT practitioners from different organizations. Findings revealed that ICT practitioners lack a comprehensive knowledge of software privacy and privacy requirements and the Brazilian General Data Protection Law (Lei Geral de Proteção de Dados Pessoais, LGPD, in Portuguese), nor they are able to work with the laws and guidelines governing data privacy. Organizations are demanded to define an approach to contextualize ICT practitioners with the importance of knowledge of software privacy and privacy requirements, as well as to address them during software development, since LGPD must change the way teams work, as a number of features and controls regarding consent, documentation, and privacy accountability will be required.

A Case Study on the Development of a Data Privacy Management Solution Based on Patient Information.

Data on diagnosis of infection in the general population are strategic for different applications in the public and private spheres. Among them, the data related to symptoms and people displacement stand out, mainly considering highly contagious diseases. This data is sensitive and requires data privacy initiatives to enable its large-scale use. The search for population-monitoring strategies aims at social tracking, supporting the surveillance of contagions to respond to the confrontation with COVID-19. There are several data privacy issues in environments where IoT devices are used for monitoring hospital processes. In this research, we compare works related to the subject of privacy in the health area. To this end, this research proposes a taxonomy to support the requirements necessary to control patient data privacy in a hospital environment. According to the tests and comparisons made between the variables compared, the application obtained results that contribute to the scenarios applied. In this sense, we modeled and implemented an application. By the end, a mobile application was developed to analyze the privacy and security constraints with COVID-19.

PRISER: Managing Notification in Multiples Devices with Data Privacy Support.

With the growing number of mobile devices receiving daily notifications, it is necessary to manage the variety of information produced. New smart devices are developed every day with the ability to generate, send, and display messages about their status, data, and information about other devices. Consequently, the number of notifications received by a user is increasing and their tolerance may decrease in a short time. With this, it is necessary to develop a management system and notification controls. In this context, this work proposes a notification and alert management system called PRISER. Its focus is on user profiles and environments, applying data privacy criteria.