COVID-19, a highly infectious disease, has affected the globe tremendously since its outbreak during late 2019 in Wuhan, China. In order to respond to the pandemic, governments around the world ...introduced a variety of public health measures including contact-tracing, a method to identify individuals who may have come into contact with a confirmed COVID-19 patient, which usually leads to quarantine of certain individuals. Like many other governments, the South Korean health authorities adopted public health measures using latest data technologies. Key data technology-based quarantine measures include:(1) Electronic Entry Log; (2) Self-check App; and (3) COVID-19 Wristband, and heavily relied on individual’s personal information for contact-tracing and self-isolation. In fact, during the early stages of the pandemic, South Korea’s strategy proved to be highly effective in containing the spread of coronavirus while other countries suffered significantly from the surge of COVID-19 patients. However, while the South Korean COVID-19 policy was hailed as a success, it must be noted that the government achieved this by collecting and processing a wide range of personal information. In collecting and processing personal information, the data minimum principle - one of the widely recognized common data principles between different data protection laws - should be applied. Public health measures have no exceptions, and it is even more crucial when government activities are involved. In this study, we provide an analysis of how the governments around the world reacted to the COVID-19 pandemic and evaluate whether the South Korean government’s digital quarantine measures ensured the protection of its citizen’s right to privacy.
Financial institutions process large amounts of personal data, and for many different purposes. The prevention of money laundering and terrorist financing requires the processing of personal data, ...and with this in mind financial institutions collect data on projected turnover in accounts, relatives related to politics, etc, which is based on the principle of “know your customer”. In this article the authors assess the processing of personal data for identification purposes from the standpoint of the data minimisation principle, which is required under the provisions of the General Data Protection Regulation of the European Union. The latter examines whether the processing of personal data for these purposes can be considered proportionate activity, that is to say carried out for defined purposes and only to the extent necessary. A discussion of the related legal regulation is presented which also examines the objectives of such regulation. The article also examines the criteria for the lawful processing of personal data and their application in the processing of personal data for the above mentioned purposes.
The Data Minimization Principle is crucial for protecting individual privacy. However, existing Android runtime permissions do not guarantee this principle. Moreover, the lack of an automatic ...enforcement mechanism leads to uncertainty as to whether apps strictly comply with this principle. To bridge this gap, we conduct the first systematic empirical study on violations of the Data Minimization Principle and design a new enforcement tool called GUIMind to detect them. GUIMind first utilizes a reinforcement learning model to explore app activities and monitor access to sensitive APIs that require sensitive permissions, and then it leverages an existing tool to detect such violations. We evaluate the performance of GUIMind using 120 real-world Android apps. The results indicate that GUIMind can achieve a detection accuracy of 96.1%, effectively accelerating the empirical study. Our empirical research is mainly focused on the prevalence of violations, the responses of administrators to violations, and the potential factors and characteristics that lead to violations, such as typical violations, app categories, and personal data types. Our study reveals that 83.5% of apps contain at least one privacy violation, with health apps being the most severe. In addition, telephony information is the most commonly leaked personal data type, accounting for 71.1%. Finally, we randomly selected 60 non-compliant apps for reporting to the administrator, whose responses confirm the effectiveness of our approach.
COVID-19, a highly infectious disease, has affected the globe tremendously since its outbreak during late 2019 in Wuhan, China. In order to respond to the pandemic, governments around the world ...introduced a variety of public health measures including contact-tracing, a method to identify individuals who may have come into contact with a confirmed COVID-19 patient, which usually leads to quarantine of certain individuals. Like many other governments, the South Korean health authorities adopted public health measures using latest data technologies. Key data technology-based quarantine measures include:(1) lectronic ntry Log; (2) Self-check App; and (3) COVID-19 Wristband, and heavily relied on individual's personal information for contact-tracing and self-isolation. In fact, during the early stages of the pandemic, South Korea's strategy proved to be highly effective in containing the spread of coronavirus while other countries suffered significantly from the surge of COVID-19 patients. However, while the South Korean COVID-19 policy was hailed as a success, it must be noted that the government achieved this by collecting and processing a wide range of personal information. In collecting and processing personal information, the data minimum principle - one of the widely recognized common data principles between different data protection laws - should be applied. Public health measures have no exceptions, and it is even more crucial when government activities are involved. In this study, we provide an analysis of how the governments around the world reacted to the COVID-19 pandemic and evaluate whether the South Korean government's digital quarantine measures ensured the protection of its citizen's right to privacy. Keywords: Privacy, Personal Information, COVID-19 pandemic, Data Minimization Principle
Virtual Reality is thought to be the prototype of the next-generation Internet, consisting of more I/O devices and interactive methods than traditional mobile systems. Hence VR developers need to ...inform users what data is collected and shared, which is generally conveyed by privacy policies. Existing research has examined the consistency between the VR app's privacy policy and its corresponding actual behaviors. However, few studies paid attention to the data minimization principle, i.e., whether a privacy policy claims to collect no more data than it practically needs to implement the app's functionalities. In this poster, we targeted a mainstream VR platform and analyzed the data minimization principle compliance of privacy policies for all 1,726 VR apps in this platform. Experiment results show that 48.1 % VR apps potentially violate the data minimization principle. Moreover, the comparative experiments reveal significant differences in the distribution of data collection between VR and non-VR apps.
