umu.sePublications
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Balancing data protection and privacy: The case of information security sensor systems
Umeå University, Faculty of Social Sciences, Department of Law.ORCID iD: 0000-0002-4642-3872
2018 (English)In: The Computer Law and Security Review, ISSN 0267-3649, Vol. 34, no 5, p. 1019-1038Article in journal (Refereed) Published
Abstract [en]

This article analyses government deployment of information security sensor systems from primarily a European human rights perspective. Sensor systems are designed to detect attacks against information networks by analysing network traffic and comparing this traffic to known attack-vectors, suspicious traffic profiles or content, while also recording attacks and providing information for the prevention of future attacks. The article examines how these sensor systems may be one way of ensuring the necessary protection of personal data stored in government IT-systems, helping governments fulfil positive obligations with regards to data protection under the European Convention on Human Rights (ECHR), the EU Charter of Fundamental Rights (The Charter), as well as data protection and IT-security requirements established in EU-secondary law. It concludes that the implementation of sensor systems illustrates the need to balance data protection against the negative privacy obligations of the state under the ECHR and the Charter and the accompanying need to ensure that surveillance of communications and associated metadata reach established principles of legality and proportionality. The article highlights the difficulty in balancing these positive and negative obligations, makes recommendations on the scope of such sensor systems and the legal safeguards surrounding them to ensure compliance with European human rights law and concludes that there is a risk of privatised policymaking in this field barring further guidance in EU-secondary law or case law.

Place, publisher, year, edition, pages
Elsevier, 2018. Vol. 34, no 5, p. 1019-1038
Keywords [en]
Data protection, Privacy, Information security, Sensor systems, Communications monitoring, Metadata, Surveillance, Hacking, GDPR, ePrivacy, Workplace surveillance, Government information systems
National Category
Law (excluding Law and Society)
Research subject
Law
Identifiers
URN: urn:nbn:se:umu:diva-148079DOI: 10.1016/j.clsr.2018.04.006Scopus ID: 2-s2.0-85047394052OAI: oai:DiVA.org:umu-148079DiVA, id: diva2:1210389
Funder
Ragnar Söderbergs stiftelse, R23/14Available from: 2018-05-28 Created: 2018-05-28 Last updated: 2018-11-12Bibliographically approved

Open Access in DiVA

The full text will be freely available from 2020-05-25 00:00
Available from 2020-05-25 00:00

Other links

Publisher's full textScopus

Authority records BETA

Naarttijärvi, Markus

Search in DiVA

By author/editor
Naarttijärvi, Markus
By organisation
Department of Law
In the same journal
The Computer Law and Security Review
Law (excluding Law and Society)

Search outside of DiVA

GoogleGoogle Scholar

doi
urn-nbn

Altmetric score

doi
urn-nbn
Total: 118 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf