What amendments need to be made to the current EU legal framework to better address the security obligations of data controllers?
What amendments need to be made to the current EU legal framework to better address the security obligations of data controllers?
The overall objective of this thesis is to identify the gaps in the current EU legal framework surrounding the security obligations of data controllers and make recommendations to help advance the discussions around the possible ways of effectively addressing the problem of cyber insecurity. The thesis adopts an interdisciplinary approach to data security, which involves legal analysis enriched with considerations from the fields of Computer Science and Managerial Economics. In response to the rapidly changing landscape of emerging technologies, which challenges the conventional thinking of regulators, the thesis calls for a shift in the data security regulation paradigm. The contribution of the thesis to knowledge in this field lies in reframing the elements that need to be incorporated into the laws regulating the security obligations of data controllers. The thesis proposes a holistic, dynamic, hybrid and layered approach to data security, which systematically tailors the security obligations of data controllers to the level of re-identification risk involved in data processing operations, and suggests security measures depending on the security level required while laying down the security objectives to be achieved. The proposed regulatory model can serve as guidance for regulators on the law-making process concerning the security obligations of data controllers. The proposed model aspires to provide adequate clarity to data controllers in terms of the initial phase of the design of security measures, while abstaining from imposing technology specific security requirements in order to grant flexibility to data controllers to adapt the security mechanisms to their particular business model and the given data environment.
University of Southampton
Papadaki, Evangelia
9c8c1dc5-d295-49a3-be40-c88df9315784
March 2018
Papadaki, Evangelia
9c8c1dc5-d295-49a3-be40-c88df9315784
O'Hara, Kieron
0a64a4b1-efb5-45d1-a4c2-77783f18f0c4
Stalla-Bourdillon, Sophie
c189651b-9ed3-49f6-bf37-25a47c487164
Papadaki, Evangelia
(2018)
What amendments need to be made to the current EU legal framework to better address the security obligations of data controllers?
University of Southampton, Doctoral Thesis, 272pp.
Record type:
Thesis
(Doctoral)
Abstract
The overall objective of this thesis is to identify the gaps in the current EU legal framework surrounding the security obligations of data controllers and make recommendations to help advance the discussions around the possible ways of effectively addressing the problem of cyber insecurity. The thesis adopts an interdisciplinary approach to data security, which involves legal analysis enriched with considerations from the fields of Computer Science and Managerial Economics. In response to the rapidly changing landscape of emerging technologies, which challenges the conventional thinking of regulators, the thesis calls for a shift in the data security regulation paradigm. The contribution of the thesis to knowledge in this field lies in reframing the elements that need to be incorporated into the laws regulating the security obligations of data controllers. The thesis proposes a holistic, dynamic, hybrid and layered approach to data security, which systematically tailors the security obligations of data controllers to the level of re-identification risk involved in data processing operations, and suggests security measures depending on the security level required while laying down the security objectives to be achieved. The proposed regulatory model can serve as guidance for regulators on the law-making process concerning the security obligations of data controllers. The proposed model aspires to provide adequate clarity to data controllers in terms of the initial phase of the design of security measures, while abstaining from imposing technology specific security requirements in order to grant flexibility to data controllers to adapt the security mechanisms to their particular business model and the given data environment.
Text
Final Thesis
- Version of Record
More information
Published date: March 2018
Identifiers
Local EPrints ID: 421046
URI: http://eprints.soton.ac.uk/id/eprint/421046
PURE UUID: 91391683-712c-47b6-933e-d5a939125c57
Catalogue record
Date deposited: 21 May 2018 16:30
Last modified: 16 Mar 2024 04:05
Export record
Contributors
Author:
Evangelia Papadaki
Download statistics
Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.
View more statistics