Judgment

Judgment

Prevention of information exchange network security violations in the light of Article 32 of the EU General Data Protection Regulation

Document Type : Scientific

Authors
Aboutaleb Koosha 1
hossein sadeghi 2
Mahdi Naser 3
1 Assistant Professor of University of Judicial Sciences and Administrative Services
2 Associate Professor, Faculty of Entrepreneurship, University of Tehran, Tehran, Iran
3 Phd in Private Law In University of Judicial Sciences and Administrative Services-Judge
10.22034/judg.2024.2022304.1279
Abstract
Prevention of security violations of information exchange networks is something that has always been the concern of legislators. This issue is important because in today's era, as an electronic era, breaching the security of information exchange networks leads to information leakage and creating grounds for abuse, which misuse of people's personal information can, sometimes even have destructive effects on biological security or cause the personal assassination of the nationals of a country. The legal system of the European Union in this field includes detailed regulations, among which we can refer to the General Data Protection Regulations approved in 2016. These regulations contain detailed rules in the field of maintaining and preventing information security violations. The main question that this research seeks to answer is, what mechanisms does Article 32 of these regulations contain in order to prevent security violations of information exchange networks? In order to answer the above question, the present research, in a documentary way, by presenting the provisions of the above-mentioned article and analyzing its clauses, the mechanisms determined in this article in the four categories of anonymizing and encrypting personal data, ensuring confidentiality, integrity, availability, and flexibility. processing systems and services, risks (risk) related to information processing and compliance with formal requirements, and in the conclusion part, he tried to provide some policy recommendations, including how to amend the laws and regulations approved in Iran's legal system, informing the people through Mass communication media and systematizing the granting of licenses to the activities of transnational companies as the results of the review of Article 32 of the European Union regulations approved in 2016.
Keywords
Security
Information exchange networks
Data
Controller
Data Subject
European Union
  1. لطیف زاده، مهدیه، قبولی درافشان، سیدمحمد مهدی، محسنی، سعید، عابدی، محمد،(1402)، تعهدات پردازش کننده داده شخصی در اتحادیه‌اروپا و امکان سنجی پذیرش آن در حقوق ایران، فصلنامه آموزه‌های فقه مدنی، دوره 16، شماره 27، صص 245-286
  2. لطیف زاده، مهدیه،(1401)، رفع تقابل بین حق آزادی بیان و اطلاعات با حق بر داده‌های‌شخصی در رسانه‌ها از منظر حقوق اتحادیه‌اروپا و نظام‌حقوقی ایران، فصلنامه پژوهش‌های ارتباطی، دوره 29، شماره 111، صص 153-173.

ب) منابع خارجی

  1. Aepd, (Last visited 13/07/2023), Risk Management and Impact Assessment in the Processing of Personal Data, Online Edition: https://www.aepd.es/es/documento/risk-management-and-impact-assessment-in-processing-personal-data.pdf, pp 1-160
  2. Ales Teska , (Last visited 13/07/2023), Pseudonymization, Anonymization, Encryption ... what is the difference?, https://teskalabs.com/blog/data-privacy-pseudonymization-anonymization-encryption,
  3. Care Quality Commission, (Last Visited 24/08/2023), Serious misconduct or mismanagement, https://www.cqc.org.uk/guidance-providers/regulations-enforcement/serious-misconduct-or-mismanagement,
  4. EU, (Last Visited 19/08/2023), Technical and organisational measures, https://data2.eu/en/gdpr/what-technical-and-organisational-measures-do-we-need-to-take
  5. Data Protection Commission, (Last Visited 18/07/2023), Risk based approach, https://www.dataprotection.ie/en/organisations/know-your-obligations/risk-based-approach
  6. Enisa, (Last Visited 16/08/2023), Handbook on Security of Personal Data Processing, European Union Agency For Network and Information Security, online edition enisa.europa.eu
  7. eu, (Last Visited 28/02/2023), Everything you need to know about the GPDR Data Protection Officer (DPO), https://gdpr.eu/data-protection-officer/.

 

  1. GDPR, (Last Visited 04/08/2023), What is a GDPR Data Protection Officer and who needs to appoint one?, https://www.gdpreu.org/the-regulation/key-concepts/data-protection-officer/.
  2. Hintze, Mike,(2018), “Data Controllers, Data Processors, and the Growing Use of Connected Products in the Enterprise: Managing Risks, Understanding Benefits, and Complying with the GDPR”, Journal of Internet Law (Wolters Kluwer), https://ssrn.com/ =3192721
  3. Intersoft Consulting, (Last visited 04/07/2023), General Data Protection Regulation (GDPR), https://gdpr-info.eu/art-40-gdpr/
  4. Joshua Gresham , (Last Visited 27/07/2023), Is encrypted data personal data under the GDPR?, https://iapp.org/news/a/is-encrypted-data-personal-data-under-the-gdpr/
  5. LegalVision, (Last Visited 05/06/2023), Employee Ordinary Misconduct vs Serious and Gross Misconduct in the UK, https://legalvision.co.uk/employment/ordinary-gross-misconduct/
  6. Marie Prokopets, (Last Visited 15/05/2023), The Ultimate Manual To GDPR Article 32, https://nira.com/gdpr-article-32/
  7. National Privacy Commission, (Last Visited 04/05/2023), APPOINTING A DATA PROTECTION OFFICER, https://privacy.gov.ph/appointing-a-data-protection-officer/
  8. Office of the Data Protection Ombudsman, (Last Visited 02/04/2023), Risk assessment and data protection planning, https://tietosuoja.fi/en/risk-assessment-and-data-protection-planning,
  9. Personal Data Protection Commission, (Last Visited 22/07/2023), Data Protection Officers, https://www.pdpc.gov.sg/overview-of-pdpa/data-protection/business-owner/data-protection-officers,
  10. Roy Winkelman, (Last visited 18/07/2023), Director, What is a Network?, Florida Center for Instructional Technology College of Education, University of South Florida, https://fcit.usf.edu/network/chap1/chap1.htm,
  11. Satori, (Last Visited 13/07/2023), Pseudonymisation: 9 Ways to Protect Your PII, https://satoricyber.com/data-masking/pseudonymisation-9-ways-to-protect-your-pii/
  12. Securiti, (Last Visited 12/03/2023), Article 32 Of The GDPR: Explained, https://securiti.ai/blog/gdpr-article-32/
  13. The European Union Agency for Cybersecurity, (Last Visited 02/04/2023), Evaluating the level of risk for a personal data processing operation, https://www.enisa.europa.eu/risk-level-tool/risk
  14. Thomas Zerdick, (Last visited 31/07/2023), Pseudonymous data: processing personal data while mitigating risks, https://edps.europa.eu/press-publications/press-news/blog/pseudonymous-data-processing-personal-data-while-mitigating_en.

van der Sloot, Bart,(2017) ‘Do Privacy and Data Protection Rules Apply to Legal Persons and Should They? A Proposal for a Two-tiered System’, Computer Law and Security Review, Volume 13, Issue 8, pp 18-34

Judgment
Volume 23, Issue 115
Autumn 2023
Pages 1-24

  • Receive Date 05 February 2024
  • Revise Date 11 August 2024
  • Accept Date 08 September 2024