用GDPR思考:更好的系统设计指南

Q3 Social Sciences Information Services and Use Pub Date : 2021-09-06 DOI:10.3233/isu-210107

A. Cormack

{"title":"用GDPR思考:更好的系统设计指南","authors":"A. Cormack","doi":"10.3233/isu-210107","DOIUrl":null,"url":null,"abstract":"Europe’s General Data Protection Regulation (GDPR) has a fearsome reputation as “the law that can fine you €20 million.” But behind that scary slogan lies a text that can be a very helpful guide to designing data processing systems. This paper explores that side of the GDPR: how understanding it can produce more effective - and more trustworthy - systems. Three popular myths often take designers down the wrong track: that GDPR is about stopping processing, is about users, and is about consent. Instead we consider, from a design perspective, the GDPR’s source material, its Principles, and its Lawful Bases for processing. Three examples - from the field of education, but widely applicable - show how “thinking with GDPR” has improved both the effectiveness and safety of large-scale data processing systems.","PeriodicalId":39698,"journal":{"name":"Information Services and Use","volume":"38 1","pages":"61-69"},"PeriodicalIF":0.0000,"publicationDate":"2021-09-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Thinking with GDPR: A guide to better system design\",\"authors\":\"A. Cormack\",\"doi\":\"10.3233/isu-210107\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Europe’s General Data Protection Regulation (GDPR) has a fearsome reputation as “the law that can fine you €20 million.” But behind that scary slogan lies a text that can be a very helpful guide to designing data processing systems. This paper explores that side of the GDPR: how understanding it can produce more effective - and more trustworthy - systems. Three popular myths often take designers down the wrong track: that GDPR is about stopping processing, is about users, and is about consent. Instead we consider, from a design perspective, the GDPR’s source material, its Principles, and its Lawful Bases for processing. Three examples - from the field of education, but widely applicable - show how “thinking with GDPR” has improved both the effectiveness and safety of large-scale data processing systems.\",\"PeriodicalId\":39698,\"journal\":{\"name\":\"Information Services and Use\",\"volume\":\"38 1\",\"pages\":\"61-69\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-09-06\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Information Services and Use\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.3233/isu-210107\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q3\",\"JCRName\":\"Social Sciences\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Information Services and Use","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.3233/isu-210107","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"Social Sciences","Score":null,"Total":0}

引用次数: 0

摘要

欧洲的通用数据保护条例(GDPR)有着可怕的名声，被称为“可以罚你2000万欧元的法律”。但在这个可怕的口号背后，有一篇文章可以成为设计数据处理系统的非常有用的指南。本文探讨了GDPR的这一方面:如何理解它可以产生更有效和更值得信赖的系统。有三个流行的神话经常把设计师带入错误的轨道:GDPR是关于停止处理的，是关于用户的，是关于同意的。相反，我们从设计的角度考虑GDPR的原始材料，其原则及其处理的合法基础。三个例子——来自教育领域，但广泛适用——展示了“与GDPR一起思考”如何提高了大规模数据处理系统的有效性和安全性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

Thinking with GDPR: A guide to better system design

Europe’s General Data Protection Regulation (GDPR) has a fearsome reputation as “the law that can fine you €20 million.” But behind that scary slogan lies a text that can be a very helpful guide to designing data processing systems. This paper explores that side of the GDPR: how understanding it can produce more effective - and more trustworthy - systems. Three popular myths often take designers down the wrong track: that GDPR is about stopping processing, is about users, and is about consent. Instead we consider, from a design perspective, the GDPR’s source material, its Principles, and its Lawful Bases for processing. Three examples - from the field of education, but widely applicable - show how “thinking with GDPR” has improved both the effectiveness and safety of large-scale data processing systems.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Information Services and Use Social Sciences-Library and Information Sciences

CiteScore

0.90

自引率

0.00%

发文量

期刊介绍： Information Services & Use is an information and information technology oriented publication with a wide scope of subject matters. International in terms of both audience and authorship, the journal aims at leaders in information management and applications in an attempt to keep them fully informed of fast-moving developments in fields such as: online systems, offline systems, electronic publishing, library automation, education and training, word processing and telecommunications. These areas are treated not only in general, but also in specific contexts; applications to business and scientific fields are sought so that a balanced view is offered to the reader.