Use this URL to cite or link to this record in EThOS: https://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.741744
Title: What amendments need to be made to the current EU legal framework to better address the security obligations of data controllers?
Author: Papadaki, Evangelia
ISNI:       0000 0004 7225 6937
Awarding Body: University of Southampton
Current Institution: University of Southampton
Date of Award: 2018
Availability of Full Text:
Access from EThOS:
Full text unavailable from EThOS. Please try the link below.
Access from Institution:
Abstract:
The overall objective of this thesis is to identify the gaps in the current EU legal framework surrounding the security obligations of data controllers and make recommendations to help advance the discussions around the possible ways of effectively addressing the problem of cyber insecurity. The thesis adopts an interdisciplinary approach to data security, which involves legal analysis enriched with considerations from the fields of Computer Science and Managerial Economics. In response to the rapidly changing landscape of emerging technologies, which challenges the conventional thinking of regulators, the thesis calls for a shift in the data security regulation paradigm. The contribution of the thesis to knowledge in this field lies in reframing the elements that need to be incorporated into the laws regulating the security obligations of data controllers. The thesis proposes a holistic, dynamic, hybrid and layered approach to data security, which systematically tailors the security obligations of data controllers to the level of re-identification risk involved in data processing operations, and suggests security measures depending on the security level required while laying down the security objectives to be achieved. The proposed regulatory model can serve as guidance for regulators on the law-making process concerning the security obligations of data controllers. The proposed model aspires to provide adequate clarity to data controllers in terms of the initial phase of the design of security measures, while abstaining from imposing technology specific security requirements in order to grant flexibility to data controllers to adapt the security mechanisms to their particular business model and the given data environment.
Supervisor: O'hara, Kieron ; Stalla-Bourdillon, Sophie Sponsor: Not available
Qualification Name: Thesis (Ph.D.) Qualification Level: Doctoral
EThOS ID: uk.bl.ethos.741744  DOI: Not available
Share: