The University of Southampton
University of Southampton Institutional Repository

What amendments need to be made to the current EU legal framework to better address the security obligations of data controllers?

What amendments need to be made to the current EU legal framework to better address the security obligations of data controllers?
What amendments need to be made to the current EU legal framework to better address the security obligations of data controllers?
The overall objective of this thesis is to identify the gaps in the current EU legal framework surrounding the security obligations of data controllers and make recommendations to help advance the discussions around the possible ways of effectively addressing the problem of cyber insecurity. The thesis adopts an interdisciplinary approach to data security, which involves legal analysis enriched with considerations from the fields of Computer Science and Managerial Economics. In response to the rapidly changing landscape of emerging technologies, which challenges the conventional thinking of regulators, the thesis calls for a shift in the data security regulation paradigm. The contribution of the thesis to knowledge in this field lies in reframing the elements that need to be incorporated into the laws regulating the security obligations of data controllers. The thesis proposes a holistic, dynamic, hybrid and layered approach to data security, which systematically tailors the security obligations of data controllers to the level of re-identification risk involved in data processing operations, and suggests security measures depending on the security level required while laying down the security objectives to be achieved. The proposed regulatory model can serve as guidance for regulators on the law-making process concerning the security obligations of data controllers. The proposed model aspires to provide adequate clarity to data controllers in terms of the initial phase of the design of security measures, while abstaining from imposing technology specific security requirements in order to grant flexibility to data controllers to adapt the security mechanisms to their particular business model and the given data environment.
University of Southampton
Papadaki, Evangelia
9c8c1dc5-d295-49a3-be40-c88df9315784
Papadaki, Evangelia
9c8c1dc5-d295-49a3-be40-c88df9315784
O'hara, Kieron
0a64a4b1-efb5-45d1-a4c2-77783f18f0c4
Stalla-Bourdillon, Sophie
c189651b-9ed3-49f6-bf37-25a47c487164

Papadaki, Evangelia (2018) What amendments need to be made to the current EU legal framework to better address the security obligations of data controllers? University of Southampton, Doctoral Thesis, 272pp.

Record type: Thesis (Doctoral)

Abstract

The overall objective of this thesis is to identify the gaps in the current EU legal framework surrounding the security obligations of data controllers and make recommendations to help advance the discussions around the possible ways of effectively addressing the problem of cyber insecurity. The thesis adopts an interdisciplinary approach to data security, which involves legal analysis enriched with considerations from the fields of Computer Science and Managerial Economics. In response to the rapidly changing landscape of emerging technologies, which challenges the conventional thinking of regulators, the thesis calls for a shift in the data security regulation paradigm. The contribution of the thesis to knowledge in this field lies in reframing the elements that need to be incorporated into the laws regulating the security obligations of data controllers. The thesis proposes a holistic, dynamic, hybrid and layered approach to data security, which systematically tailors the security obligations of data controllers to the level of re-identification risk involved in data processing operations, and suggests security measures depending on the security level required while laying down the security objectives to be achieved. The proposed regulatory model can serve as guidance for regulators on the law-making process concerning the security obligations of data controllers. The proposed model aspires to provide adequate clarity to data controllers in terms of the initial phase of the design of security measures, while abstaining from imposing technology specific security requirements in order to grant flexibility to data controllers to adapt the security mechanisms to their particular business model and the given data environment.

Text
Final Thesis - Version of Record
Available under License University of Southampton Thesis Licence.
Download (1MB)

More information

Published date: March 2018

Identifiers

Local EPrints ID: 421046
URI: http://eprints.soton.ac.uk/id/eprint/421046
PURE UUID: 91391683-712c-47b6-933e-d5a939125c57
ORCID for Kieron O'hara: ORCID iD orcid.org/0000-0002-9051-4456

Catalogue record

Date deposited: 21 May 2018 16:30
Last modified: 14 Mar 2019 01:46

Export record

Contributors

Author: Evangelia Papadaki
Thesis advisor: Kieron O'hara ORCID iD
Thesis advisor: Sophie Stalla-Bourdillon

University divisions

Download statistics

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics

Atom RSS 1.0 RSS 2.0

Contact ePrints Soton: eprints@soton.ac.uk

ePrints Soton supports OAI 2.0 with a base URL of http://eprints.soton.ac.uk/cgi/oai2

This repository has been built using EPrints software, developed at the University of Southampton, but available to everyone to use.

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.

×