Abstract
In the cross-border process of data, major issues such as national security and personal information security caused by complex processes and variable risk factors are gradually exposed. Based on the development status, this paper proposes a framework of cross-border data risk assessment model. The assessment framework not only considers the data protection capabilities of data controllers and data receivers, but also considers the impact of informed consent of data subjects on risk assessment results. The framework includes multiple evaluation modules such as data collection, data storage, etc., so that the framework can be updated and maintained at the module level in the future. This paper analyzes and extracts 18 important risk indicators in the six modules, as well as six potential risk events under cross-border data activities, to fully consider the possibility of potential risk accidents under each risk indicator. Finally, this paper analyzes the development needs of data cross-border risk assessment.
This work was supported by the National Key Research and Development Program (2023QY1202), the National Natural Science Foundation of China (U1836210), the Key Research and Development Science and Technology of Hainan Province (GHYF2022010), and the Research Startup Foundation of Hainan University (RZ2100003335).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Ran, C., He, M., Liu, X.: Research on governance and countermeasures of cross border data flow in china from the perspective of data sovereignty. Libr. Intell. (4), 1–14 (2021)
Lun, Y.: Practice and enlightenment of cross-border data flow in Australia. Inf. Secur. Commun. Confidentiality (05), 25–32 (2017)
Mazetova, E.: Data protection regulation and international arbitration: can there be harmonious coexistence (with the GDPR requirements concerning cross-border data transfer)? Legal Issues Digit. Age 2(2), 21–48 (2021)
Zhao, W.: Regulation of cross-border flow of personal data. Master’s degree thesis. Dalian Maritime University, Liaoning (2019)
Fan, S.: Personal data protection in cross-border data flow. Electron. Intellect. Prop. Rights (6), 85–97 (2020)
Jimenez-Gomez, B.S.: Cross-border data transfers between the EU and the US: a transatlantic dispute. Santa Clara J. Int. L. 19, 1 (2021)
Rahat, T.A., Long, M., Tian, Y.: Is your policy compliant? A deep learning-based empirical study of privacy policies’ compliance with GDPR. In: Proceedings of the 21st Workshop on Privacy in the Electronic Society (WPES 2022), pp. 89–102. Association for Computing Machinery, New York (2022). https://doi.org/10.1145/3559613.3563195
Story, P., Zimmeck, S., Ravichander, A., et al.: Natural language processing for mobile app privacy compliance. In: AAAI Spring Symposium on Privacy-Enhancing Artificial Intelligence and Language Technologies, p. 10 (2019)
Asif, M., Javed, Y., Hussain, M.: Automated analysis of Pakistani websites’ compliance with GDPR and Pakistan data protection act. In: 2021 International Conference on Frontiers of Information Technology (FIT), pp. 234–239 (2021). https://doi.org/10.1109/FIT53504.2021.00051
Liu, S., Zhao, B., Guo, R., Meng, G., Zhang, F., Zhang, M.: Have you been properly notified? Automatic compliance analysis of privacy policy text with GDPR Article 13. In Proceedings of the Web Conference 2021 (WWW 2021), pp. 2154–2164. Association for Computing Machinery, New York (2021). https://doi.org/10.1145/3442381.3450022
Libal, T.: Towards automated GDPR compliance checking. In: Heintz, F., Milano, M., O’Sullivan, B. (eds.) TAILOR 2020. LNCS, vol. 12641, pp. 3–19. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-73959-1_1
Zimmeck, S., Story, P., Smullen, D., et al.: MAPS: scaling privacy compliance analysis to a million apps. Proc. Priv. Enhanc. Technol. 2019(3), 66–86 (2019)
Andow, B., Mahmud, S.Y., Whitaker, J., et al.: Actions speak louder than words: {entity-sensitive} privacy policy and data flow analysis with {PoliCheck}. In: 29th USENIX Security Symposium (USENIX Security 2020), pp. 985–1002 (2020)
Guamán, D.S., Del Alamo, J.M., Caiza, J.C.: GDPR compliance assessment for cross-border personal data transfers in android apps. IEEE Access 9, 15961–15982 (2021). https://doi.org/10.1109/ACCESS.2021.3053130
Guamán, D.S., Ferrer, X., del Alamo, J.M., et al.: Automating the GDPR compliance assessment for cross-border personal data transfers in android applications. arXiv preprint arXiv:2103.07297 (2021)
Yuan, H., Zhang, S.: Content analysis of privacy policy of government APP under the environment of “internet plus+government services.” Mod. Intell. 42(3), 121–132 (2022). https://doi.org/10.3969/j.issn.1008-0821.2022.03.014
Ma, C., Liu, Q.: Comparative study on the protection of personal health information between China and the United States: analysis of privacy policy based on 60 mainstream mobile medical APPs. Electron. Intellect. Prop. 1, 27–36 (2021). https://doi.org/10.3969/j.issn.1004-9517.2021.01.004
Zhao, J., Yuan, Q., Chen, J.: Research on B2C network merchant privacy policy based on content analysis. Mod. Intell. 40(4), 101–110 (2020). https://doi.org/10.3969/j.issn.1008-0821.2020.04.012
Zhang, Y., Qiu, Y.: Research on the compliance of privacy policy of mobile reading APP in China under hard rules. Mod. Intell. 42(1), 167–176 (2022). https://doi.org/10.3969/j.issn.1008-0821.2022.01.016
Zhao, Y., Yan, Z., Shen, Q., et al.: Research on the compliance of privacy policy of medical health APP based on machine learning. Data Anal. Knowl. Discov. 6(5), 112–126 (2022). https://doi.org/10.11925/infotech.2096-3467.2021.0897
Liang, D.: The normative path for the protection of personal information of E-commerce consumers: an empirical study based on the privacy policy of 6 categories and 12 home appliance business platforms. J. Dalian Univ. Technol. (Soc. Sci. Edn.) 43(3), 102–112 (2022). https://doi.org/10.19525/j.issn1008-407x.2022.03.011
Wang, X.: Research on compliance of privacy policy in mobile social APP - content analysis based on 20 privacy policy texts. Netw. Secur. Technol. Appl. (1), 143–146 (2022). https://doi.org/10.3969/j.issn.1009-6833.2022.01.090
Zhu, Z., Lu, Y., Tang, Z., et al.: Application classification based on privacy policy terms and machine learning. Commun. Technol. 53(11), 2749–2757 (2020). https://doi.org/10.3969/j.issn.1002-0802.2020.11.022
Xu, Q.: Research on compliance with privacy policy of mobile internet APP based on the personal information protection law. Wuhan University, Hubei (2022)
Li, J., Zhang, L., Li, J., Xing, X.: Classified control and influencing factors for risks management in institutions with cross-border data flow. J. Syst. Sci. Math. Sci. 42(9), 2347–2366 (2022)
Kuner, C.: Protecting EU data outside EU borders under the GDPR. Common Mark. Law Rev. 60(1), 77–106 (2023)
Du, S.: The enlightenment of EU legislation on cross-border flow of personal data to China. Master’s degree thesis. Shandong University, Shandong (2018)
Li, S.: Research on information security risk assessment method based on improved neural network. China University of Mining and Technology (2018)
Iso, A.N.: AS_NZS ISO 31000:2009 risk management - principles and guidelines (2009)
Purdy, G.: ISO 31000:2009—setting a new standard for risk management. Risk Anal. 30(6), 881–886 (2010)
Becker, R., Thorogood, A., Bovenberg, J., et al.: Applying GDPR roles and responsibilities to scientific data sharing. Int. Data Priv. Law 12(3), 207–219 (2022)
Dang, D., Meng, Z.: Information security risk assessment based on support vector machine. J. Huazhong Univ. Sci. Technol. (Nat. Sci. Edn.) 38(03), 46–49 (2010)
Tao, Z., Mu, D., Ren, S., Yao, L.: An information security risk assessment model based on risk matrix method. Comput. Eng. Appl. 46(05), 93–95 (2010)
Xiao, L., Qi, Y., Li, Q.: Information security risk assessment based on AHP and fuzzy comprehensive evaluation. Comput. Eng. Appl. 45(22), 82–85 + 89 (2009)
Zhao, D., Liu, H., Liu, C.: Information security risk assessment based on BP neural network. Comput. Eng. Appl. (01), 139–141 (2007)
Fu, Y., Wu, X., Yan, C.: Information security risk assessment method based on Bayesian network. J. Wuhan Univ. (Sci. Edn.) (05), 631–634 (2006)
Banton, M., Bowles, J., Silvina, A., et al.: On the benefits and security risks of a user-centric data sharing platform for healthcare provision. In: Adjunct Proceedings of the 29th ACM Conference on User Modeling, Adaptation and Personalization, pp. 351–356 (2021)
Na, W., Gaofei, W., Qiuling, Y., Jinglu, H., Zhang, Y.: Research on security assessment of cross border data flow. In: Cao, C., Zhang, Y., Hong, Y., Wang, D. (eds.) FCS 2021. CCIS, vol. 1558, pp. 327–341. Springer, Singapore (2022). https://doi.org/10.1007/978-981-19-0523-0_21
Na, W., Gu, M., Wu, G., et al.: The current situation, analysis, and prospects of cross border data flow. Inf. Secur. Res. 7(6), 488–495 (2021)
Parretti, C., Pourabbas, E., Rolli, F., et al.: Robust privacy assessment in transnational healthcare systems. In: IOP Conference Series: Materials Science and Engineering, vol. 1174, no. 1, p. 012015. IOP Publishing (2021)
Tan, C., Chen, H.: Research on information security risk assessment methods. Confidential Sci. Technol. (10), 40–43 (2017)
Singh, P., Masud, M., Hossain, M.S., et al.: Cross-domain secure data sharing using blockchain for industrial IoT. J. Parallel Distrib. Comput. 156, 176–184 (2021)
Rahman, M.S., Al Omar, A., Bhuiyan, M.Z.A., et al.: Accountable cross-border data sharing using blockchain under relaxed trust assumption. IEEE Trans. Eng. Manage. 67(4), 1476–1486 (2020)
Heider-Aviet, A., Ollik, D.R., Berlato, S., et al.: Blockchain based ran data sharing. In: 2021 IEEE International Conference on Smart Data Services (SMDS), pp. 152–161. IEEE (2021)
Spanakis, E.G., Sfakianakis, S., Bonomi, S., et al.: Emerging and established trends to support secure health information exchange. Front. Digit. Health 3, 636082 (2021)
Guo, T.: Reflections on the regulation of cross border data flow in the digital economy era. World Sci. Technol. Res. Dev. 1 (2022)
Syroid, T.L., Kaganovska, T.Y., Shamraieva, V.M., et al.: The personal data protection mechanism in the European union. Int. J. Comput. Sci. Netw. Secur. 21(5), 113–120 (2021)
Yang, X.: Regulatory approaches of cross-border data flow in the big data era: china’s choice. J. Phys.: Conf. Ser. 1848(1), 012026 (2021)
Zheng, G.: Trilemma and tripartition: the regulatory paradigms of cross-border personal data transfer in the EU, the US and China. Comput. Law Secur. Rev. 43, 105610 (2021)
Casalini, F., González, J.L., Nemoto, T.: Mapping commonalities in regulatory approaches to cross-border data transfers (2021)
Ziyi, X.: International law protection of cross-border transmission of personal information based on cloud computing and big data. Mob. Inf. Sys. 2022 (2022)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Wang, N. et al. (2023). Cross-Border Data Security from the Perspective of Risk Assessment. In: Meng, W., Yan, Z., Piuri, V. (eds) Information Security Practice and Experience. ISPEC 2023. Lecture Notes in Computer Science, vol 14341. Springer, Singapore. https://doi.org/10.1007/978-981-99-7032-2_6
Download citation
DOI: https://doi.org/10.1007/978-981-99-7032-2_6
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-99-7031-5
Online ISBN: 978-981-99-7032-2
eBook Packages: Computer ScienceComputer Science (R0)