Inevitably, personal data is transferred from EU to third countries. GDPR should follow this data wherever it is transferred. How can this requirement be enforced in practice? Currently, data transfers from EU to third countries are mostly regulated by legal agreements between data exporters and data importers. But these agreements tend to be complicated, unforeseeable, and ultimately inefficient. Technology can be employed to automatically ensure that transferred data is used by a third country in a way that does not violate GDPR. In particular, this talk, explores how data traceability could function as a basis for enforcing different principles of data processing: integrity and confidentiality, purpose limitation, and informational self-determination (e.g., right to be forgotten).
Elisavet is an associate professor of Computer Science at UiT The Arctic University of Norway. Her research area is Computer Security, and more specifically Information Flow Control. She received her Ph.D. in Computer Science from Cornell University under the supervision of Prof. Fred B. Schneider. After that, she was a postdoctoral fellow in Computer Science at Harvard University working with Prof. Stephen Chong. Elisavet completed her undergraduate studies in ECE at the National Technical University of Athens, Greece.
