Skip to main content
SpringerLink
Log in

Cross-Border Data Security from the Perspective of Risk Assessment

  • Conference paper
  • First Online:
Information Security Practice and Experience (ISPEC 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14341))

  • 377 Accesses

Abstract

In the cross-border process of data, major issues such as national security and personal information security caused by complex processes and variable risk factors are gradually exposed. Based on the development status, this paper proposes a framework of cross-border data risk assessment model. The assessment framework not only considers the data protection capabilities of data controllers and data receivers, but also considers the impact of informed consent of data subjects on risk assessment results. The framework includes multiple evaluation modules such as data collection, data storage, etc., so that the framework can be updated and maintained at the module level in the future. This paper analyzes and extracts 18 important risk indicators in the six modules, as well as six potential risk events under cross-border data activities, to fully consider the possibility of potential risk accidents under each risk indicator. Finally, this paper analyzes the development needs of data cross-border risk assessment.

This work was supported by the National Key Research and Development Program (2023QY1202), the National Natural Science Foundation of China (U1836210), the Key Research and Development Science and Technology of Hainan Province (GHYF2022010), and the Research Startup Foundation of Hainan University (RZ2100003335).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 79.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 99.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Ran, C., He, M., Liu, X.: Research on governance and countermeasures of cross border data flow in china from the perspective of data sovereignty. Libr. Intell. (4), 1–14 (2021)

    Google Scholar 

  2. Lun, Y.: Practice and enlightenment of cross-border data flow in Australia. Inf. Secur. Commun. Confidentiality (05), 25–32 (2017)

    Google Scholar 

  3. Mazetova, E.: Data protection regulation and international arbitration: can there be harmonious coexistence (with the GDPR requirements concerning cross-border data transfer)? Legal Issues Digit. Age 2(2), 21–48 (2021)

    Article  Google Scholar 

  4. Zhao, W.: Regulation of cross-border flow of personal data. Master’s degree thesis. Dalian Maritime University, Liaoning (2019)

    Google Scholar 

  5. Fan, S.: Personal data protection in cross-border data flow. Electron. Intellect. Prop. Rights (6), 85–97 (2020)

    Google Scholar 

  6. Jimenez-Gomez, B.S.: Cross-border data transfers between the EU and the US: a transatlantic dispute. Santa Clara J. Int. L. 19, 1 (2021)

    Google Scholar 

  7. Rahat, T.A., Long, M., Tian, Y.: Is your policy compliant? A deep learning-based empirical study of privacy policies’ compliance with GDPR. In: Proceedings of the 21st Workshop on Privacy in the Electronic Society (WPES 2022), pp. 89–102. Association for Computing Machinery, New York (2022). https://doi.org/10.1145/3559613.3563195

  8. Story, P., Zimmeck, S., Ravichander, A., et al.: Natural language processing for mobile app privacy compliance. In: AAAI Spring Symposium on Privacy-Enhancing Artificial Intelligence and Language Technologies, p. 10 (2019)

    Google Scholar 

  9. Asif, M., Javed, Y., Hussain, M.: Automated analysis of Pakistani websites’ compliance with GDPR and Pakistan data protection act. In: 2021 International Conference on Frontiers of Information Technology (FIT), pp. 234–239 (2021). https://doi.org/10.1109/FIT53504.2021.00051

  10. Liu, S., Zhao, B., Guo, R., Meng, G., Zhang, F., Zhang, M.: Have you been properly notified? Automatic compliance analysis of privacy policy text with GDPR Article 13. In Proceedings of the Web Conference 2021 (WWW 2021), pp. 2154–2164. Association for Computing Machinery, New York (2021). https://doi.org/10.1145/3442381.3450022

  11. Libal, T.: Towards automated GDPR compliance checking. In: Heintz, F., Milano, M., O’Sullivan, B. (eds.) TAILOR 2020. LNCS, vol. 12641, pp. 3–19. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-73959-1_1

    Chapter  Google Scholar 

  12. Zimmeck, S., Story, P., Smullen, D., et al.: MAPS: scaling privacy compliance analysis to a million apps. Proc. Priv. Enhanc. Technol. 2019(3), 66–86 (2019)

    Google Scholar 

  13. Andow, B., Mahmud, S.Y., Whitaker, J., et al.: Actions speak louder than words: {entity-sensitive} privacy policy and data flow analysis with {PoliCheck}. In: 29th USENIX Security Symposium (USENIX Security 2020), pp. 985–1002 (2020)

    Google Scholar 

  14. Guamán, D.S., Del Alamo, J.M., Caiza, J.C.: GDPR compliance assessment for cross-border personal data transfers in android apps. IEEE Access 9, 15961–15982 (2021). https://doi.org/10.1109/ACCESS.2021.3053130

    Article  Google Scholar 

  15. Guamán, D.S., Ferrer, X., del Alamo, J.M., et al.: Automating the GDPR compliance assessment for cross-border personal data transfers in android applications. arXiv preprint arXiv:2103.07297 (2021)

  16. Yuan, H., Zhang, S.: Content analysis of privacy policy of government APP under the environment of “internet plus+government services.” Mod. Intell. 42(3), 121–132 (2022). https://doi.org/10.3969/j.issn.1008-0821.2022.03.014

    Article  Google Scholar 

  17. Ma, C., Liu, Q.: Comparative study on the protection of personal health information between China and the United States: analysis of privacy policy based on 60 mainstream mobile medical APPs. Electron. Intellect. Prop. 1, 27–36 (2021). https://doi.org/10.3969/j.issn.1004-9517.2021.01.004

    Article  Google Scholar 

  18. Zhao, J., Yuan, Q., Chen, J.: Research on B2C network merchant privacy policy based on content analysis. Mod. Intell. 40(4), 101–110 (2020). https://doi.org/10.3969/j.issn.1008-0821.2020.04.012

    Article  Google Scholar 

  19. Zhang, Y., Qiu, Y.: Research on the compliance of privacy policy of mobile reading APP in China under hard rules. Mod. Intell. 42(1), 167–176 (2022). https://doi.org/10.3969/j.issn.1008-0821.2022.01.016

    Article  Google Scholar 

  20. Zhao, Y., Yan, Z., Shen, Q., et al.: Research on the compliance of privacy policy of medical health APP based on machine learning. Data Anal. Knowl. Discov. 6(5), 112–126 (2022). https://doi.org/10.11925/infotech.2096-3467.2021.0897

    Article  Google Scholar 

  21. Liang, D.: The normative path for the protection of personal information of E-commerce consumers: an empirical study based on the privacy policy of 6 categories and 12 home appliance business platforms. J. Dalian Univ. Technol. (Soc. Sci. Edn.) 43(3), 102–112 (2022). https://doi.org/10.19525/j.issn1008-407x.2022.03.011

  22. Wang, X.: Research on compliance of privacy policy in mobile social APP - content analysis based on 20 privacy policy texts. Netw. Secur. Technol. Appl. (1), 143–146 (2022). https://doi.org/10.3969/j.issn.1009-6833.2022.01.090

  23. Zhu, Z., Lu, Y., Tang, Z., et al.: Application classification based on privacy policy terms and machine learning. Commun. Technol. 53(11), 2749–2757 (2020). https://doi.org/10.3969/j.issn.1002-0802.2020.11.022

    Article  Google Scholar 

  24. Xu, Q.: Research on compliance with privacy policy of mobile internet APP based on the personal information protection law. Wuhan University, Hubei (2022)

    Google Scholar 

  25. Li, J., Zhang, L., Li, J., Xing, X.: Classified control and influencing factors for risks management in institutions with cross-border data flow. J. Syst. Sci. Math. Sci. 42(9), 2347–2366 (2022)

    Google Scholar 

  26. Kuner, C.: Protecting EU data outside EU borders under the GDPR. Common Mark. Law Rev. 60(1), 77–106 (2023)

    Article  Google Scholar 

  27. Du, S.: The enlightenment of EU legislation on cross-border flow of personal data to China. Master’s degree thesis. Shandong University, Shandong (2018)

    Google Scholar 

  28. Li, S.: Research on information security risk assessment method based on improved neural network. China University of Mining and Technology (2018)

    Google Scholar 

  29. Iso, A.N.: AS_NZS ISO 31000:2009 risk management - principles and guidelines (2009)

    Google Scholar 

  30. Purdy, G.: ISO 31000:2009—setting a new standard for risk management. Risk Anal. 30(6), 881–886 (2010)

    Article  Google Scholar 

  31. Becker, R., Thorogood, A., Bovenberg, J., et al.: Applying GDPR roles and responsibilities to scientific data sharing. Int. Data Priv. Law 12(3), 207–219 (2022)

    Article  Google Scholar 

  32. Dang, D., Meng, Z.: Information security risk assessment based on support vector machine. J. Huazhong Univ. Sci. Technol. (Nat. Sci. Edn.) 38(03), 46–49 (2010)

    Google Scholar 

  33. Tao, Z., Mu, D., Ren, S., Yao, L.: An information security risk assessment model based on risk matrix method. Comput. Eng. Appl. 46(05), 93–95 (2010)

    Google Scholar 

  34. Xiao, L., Qi, Y., Li, Q.: Information security risk assessment based on AHP and fuzzy comprehensive evaluation. Comput. Eng. Appl. 45(22), 82–85 + 89 (2009)

    Google Scholar 

  35. Zhao, D., Liu, H., Liu, C.: Information security risk assessment based on BP neural network. Comput. Eng. Appl. (01), 139–141 (2007)

    Google Scholar 

  36. Fu, Y., Wu, X., Yan, C.: Information security risk assessment method based on Bayesian network. J. Wuhan Univ. (Sci. Edn.) (05), 631–634 (2006)

    Google Scholar 

  37. Banton, M., Bowles, J., Silvina, A., et al.: On the benefits and security risks of a user-centric data sharing platform for healthcare provision. In: Adjunct Proceedings of the 29th ACM Conference on User Modeling, Adaptation and Personalization, pp. 351–356 (2021)

    Google Scholar 

  38. Na, W., Gaofei, W., Qiuling, Y., Jinglu, H., Zhang, Y.: Research on security assessment of cross border data flow. In: Cao, C., Zhang, Y., Hong, Y., Wang, D. (eds.) FCS 2021. CCIS, vol. 1558, pp. 327–341. Springer, Singapore (2022). https://doi.org/10.1007/978-981-19-0523-0_21

    Chapter  Google Scholar 

  39. Na, W., Gu, M., Wu, G., et al.: The current situation, analysis, and prospects of cross border data flow. Inf. Secur. Res. 7(6), 488–495 (2021)

    Google Scholar 

  40. Parretti, C., Pourabbas, E., Rolli, F., et al.: Robust privacy assessment in transnational healthcare systems. In: IOP Conference Series: Materials Science and Engineering, vol. 1174, no. 1, p. 012015. IOP Publishing (2021)

    Google Scholar 

  41. Tan, C., Chen, H.: Research on information security risk assessment methods. Confidential Sci. Technol. (10), 40–43 (2017)

    Google Scholar 

  42. Singh, P., Masud, M., Hossain, M.S., et al.: Cross-domain secure data sharing using blockchain for industrial IoT. J. Parallel Distrib. Comput. 156, 176–184 (2021)

    Article  Google Scholar 

  43. Rahman, M.S., Al Omar, A., Bhuiyan, M.Z.A., et al.: Accountable cross-border data sharing using blockchain under relaxed trust assumption. IEEE Trans. Eng. Manage. 67(4), 1476–1486 (2020)

    Article  Google Scholar 

  44. Heider-Aviet, A., Ollik, D.R., Berlato, S., et al.: Blockchain based ran data sharing. In: 2021 IEEE International Conference on Smart Data Services (SMDS), pp. 152–161. IEEE (2021)

    Google Scholar 

  45. Spanakis, E.G., Sfakianakis, S., Bonomi, S., et al.: Emerging and established trends to support secure health information exchange. Front. Digit. Health 3, 636082 (2021)

    Article  Google Scholar 

  46. Guo, T.: Reflections on the regulation of cross border data flow in the digital economy era. World Sci. Technol. Res. Dev. 1 (2022)

    Google Scholar 

  47. Syroid, T.L., Kaganovska, T.Y., Shamraieva, V.M., et al.: The personal data protection mechanism in the European union. Int. J. Comput. Sci. Netw. Secur. 21(5), 113–120 (2021)

    Google Scholar 

  48. Yang, X.: Regulatory approaches of cross-border data flow in the big data era: china’s choice. J. Phys.: Conf. Ser. 1848(1), 012026 (2021)

    Google Scholar 

  49. Zheng, G.: Trilemma and tripartition: the regulatory paradigms of cross-border personal data transfer in the EU, the US and China. Comput. Law Secur. Rev. 43, 105610 (2021)

    Article  Google Scholar 

  50. Casalini, F., González, J.L., Nemoto, T.: Mapping commonalities in regulatory approaches to cross-border data transfers (2021)

    Google Scholar 

  51. Ziyi, X.: International law protection of cross-border transmission of personal information based on cloud computing and big data. Mob. Inf. Sys. 2022 (2022)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Guangzhou Research Institute, Xidian University, Guangzhou, 510555, China

    Na Wang & Yuqing Zhang

  2. National Computer Network Intrusion Protection Center, University of Academy of Sciences, Beijing, 101408, China

    Na Wang, Gaofei Wu, Jingfeng Rong & Yuqing Zhang

  3. School of Cyber Engineering, Xidian University, Xi’an, 710126, China

    Gaofei Wu, Zheng Yan & Yuqing Zhang

  4. School of Computer Science and Technology, University of Chinese Academy of Sciences, Beijing, 101408, China

    Yuqing Zhang

  5. School of Cyberspace Security (School of Cryptography), Hainan University, Haikou, 570100, China

    Jingfeng Rong, Qiuling Yue & Yuqing Zhang

  6. Graduate School of Information, Production and Systems, Waseda University, Shinjuku-ku, 169-8050, Japan

    Jinglu Hu

Authors
  1. Na Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Gaofei Wu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jingfeng Rong
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Zheng Yan
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Qiuling Yue
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Jinglu Hu
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Yuqing Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yuqing Zhang .

Editor information

Editors and Affiliations

  1. Technical University of Denmark, Kongens Lyngby, Denmark

    Weizhi Meng

  2. Xidian University, Xi'an, China

    Zheng Yan

  3. University of Milan, Milan, Italy

    Vincenzo Piuri

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Wang, N. et al. (2023). Cross-Border Data Security from the Perspective of Risk Assessment. In: Meng, W., Yan, Z., Piuri, V. (eds) Information Security Practice and Experience. ISPEC 2023. Lecture Notes in Computer Science, vol 14341. Springer, Singapore. https://doi.org/10.1007/978-981-99-7032-2_6

Download citation

  • DOI: https://doi.org/10.1007/978-981-99-7032-2_6

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-99-7031-5

  • Online ISBN: 978-981-99-7032-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation