What amendments need to be made to the current EU legal framework to better address the security obligations of data controllers?

The overall objective of this thesis is to identify the gaps in the current EU legal framework surrounding the security obligations of data controllers and make recommendations to help advance the discussions around the possible ways of effectively addressing the problem of cyber insecurity. The the...

Full description

Bibliographic Details
Main Author: Papadaki, Evangelia
Other Authors: O'hara, Kieron ; Stalla-Bourdillon, Sophie
Published: University of Southampton 2018
Subjects:
Online Access:https://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.741744
id ndltd-bl.uk-oai-ethos.bl.uk-741744
record_format oai_dc
spelling ndltd-bl.uk-oai-ethos.bl.uk-7417442019-03-05T15:13:27ZWhat amendments need to be made to the current EU legal framework to better address the security obligations of data controllers?Papadaki, EvangeliaO'hara, Kieron ; Stalla-Bourdillon, Sophie2018The overall objective of this thesis is to identify the gaps in the current EU legal framework surrounding the security obligations of data controllers and make recommendations to help advance the discussions around the possible ways of effectively addressing the problem of cyber insecurity. The thesis adopts an interdisciplinary approach to data security, which involves legal analysis enriched with considerations from the fields of Computer Science and Managerial Economics. In response to the rapidly changing landscape of emerging technologies, which challenges the conventional thinking of regulators, the thesis calls for a shift in the data security regulation paradigm. The contribution of the thesis to knowledge in this field lies in reframing the elements that need to be incorporated into the laws regulating the security obligations of data controllers. The thesis proposes a holistic, dynamic, hybrid and layered approach to data security, which systematically tailors the security obligations of data controllers to the level of re-identification risk involved in data processing operations, and suggests security measures depending on the security level required while laying down the security objectives to be achieved. The proposed regulatory model can serve as guidance for regulators on the law-making process concerning the security obligations of data controllers. The proposed model aspires to provide adequate clarity to data controllers in terms of the initial phase of the design of security measures, while abstaining from imposing technology specific security requirements in order to grant flexibility to data controllers to adapt the security mechanisms to their particular business model and the given data environment.621.38University of Southamptonhttps://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.741744https://eprints.soton.ac.uk/421046/Electronic Thesis or Dissertation
collection NDLTD
sources NDLTD
topic 621.38
spellingShingle 621.38
Papadaki, Evangelia
What amendments need to be made to the current EU legal framework to better address the security obligations of data controllers?
description The overall objective of this thesis is to identify the gaps in the current EU legal framework surrounding the security obligations of data controllers and make recommendations to help advance the discussions around the possible ways of effectively addressing the problem of cyber insecurity. The thesis adopts an interdisciplinary approach to data security, which involves legal analysis enriched with considerations from the fields of Computer Science and Managerial Economics. In response to the rapidly changing landscape of emerging technologies, which challenges the conventional thinking of regulators, the thesis calls for a shift in the data security regulation paradigm. The contribution of the thesis to knowledge in this field lies in reframing the elements that need to be incorporated into the laws regulating the security obligations of data controllers. The thesis proposes a holistic, dynamic, hybrid and layered approach to data security, which systematically tailors the security obligations of data controllers to the level of re-identification risk involved in data processing operations, and suggests security measures depending on the security level required while laying down the security objectives to be achieved. The proposed regulatory model can serve as guidance for regulators on the law-making process concerning the security obligations of data controllers. The proposed model aspires to provide adequate clarity to data controllers in terms of the initial phase of the design of security measures, while abstaining from imposing technology specific security requirements in order to grant flexibility to data controllers to adapt the security mechanisms to their particular business model and the given data environment.
author2 O'hara, Kieron ; Stalla-Bourdillon, Sophie
author_facet O'hara, Kieron ; Stalla-Bourdillon, Sophie
Papadaki, Evangelia
author Papadaki, Evangelia
author_sort Papadaki, Evangelia
title What amendments need to be made to the current EU legal framework to better address the security obligations of data controllers?
title_short What amendments need to be made to the current EU legal framework to better address the security obligations of data controllers?
title_full What amendments need to be made to the current EU legal framework to better address the security obligations of data controllers?
title_fullStr What amendments need to be made to the current EU legal framework to better address the security obligations of data controllers?
title_full_unstemmed What amendments need to be made to the current EU legal framework to better address the security obligations of data controllers?
title_sort what amendments need to be made to the current eu legal framework to better address the security obligations of data controllers?
publisher University of Southampton
publishDate 2018
url https://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.741744
work_keys_str_mv AT papadakievangelia whatamendmentsneedtobemadetothecurrenteulegalframeworktobetteraddressthesecurityobligationsofdatacontrollers
_version_ 1718990647143170048