SlideShare uma empresa Scribd logo

The death of data protection sans obama

Transferir como PPTX, PDF
Lilian Edwards
Lilian Edwards
TecnologiaNotícias e política
1 de 29
The Death of Data Protection? Lilian Edwards Professor of Internet Governance University of Strathclyde Goettingen, July 2013
http://www.strath.ac.uk/internetlaw/ Lilian.edwards@strath.ac.uk
Q. Do people still care about privacy? JAN 2010: Zuckerberg : “People have really gotten comfortable not only sharing more information and different kinds, but more openly and with more people.. privacy is no longer a ‘social norm’ .” JUNE 2013: Washington is using "American-style Stasi methods," said Markus Ferber MEP, of Chancellor Angela Merkel's Bavarian sister party. "I thought this era had ended when the DDR fell”
PrivacyMemes, June 11 2013
Viviane Reding: Prism “shows why a clear legal framework for the protection of personal data is not a luxury but a necessity.” Ron Paul: What most undermines the claims of the Administration and its defenders about this surveillance program is the process itself. First the government listens in on all of our telephone calls without a warrant and then if it finds something it goes to a FISA court and gets an illegal approval for what it has already done! This turns the rule of law and due process on its head.
In Europe, even UK(!) rising online privacy concerns c 2010 on C4, May 2010
Attitudes towards data protection • 60% of Europeans who use the internet (40% of all EU citizens) shop or sell things online and use social networking sites. • People disclose personal data, including biographical information (almost 90%), social information (almost 50%) and sensitive information (almost 10%) on these sites. • 70% said they were concerned about how companies use this data and they think that they have only partial, if any, control of their own data. • 74% want to give their specific consent before their data is collected and processed on the Internet. EC citizen attitudes towards data privacy – EuroBarometer 2011
Reform of the Data Protection Directive (DPD) ? January 2012 Draft General Regulation • Main issues – Combine rules on DP police & LEAs sector with existing rules for “civilian” data controllers? (in fact kept separate) – Address globalisation better – data flows out of EU – Improve harmonisation within EU (binding interpretation by Art 29 WP?) – Strengthen Data Subject’s rights/ enhancing control over PD eg, online subject access, clarifying definitions of consent – Reduce red tape for Data Controllers – multinationals only to be regulated by 1 EC DPA - saving 2.3 billion Euros for EU industry - quid pro quo? – Make DCs more accountable, eg, must have a CPO; audit trails of processing; “privacy by design” (?) – Clarify rules on jurisdiction, applicable law and DP (eg Facebook? Google?)
Fiddling round the edges while privacy burns? OECD Privacy Principles, 1980 / “FIPs”/”notice and choice” • Collection Limitation Principle • Data Quality Principle • Purpose Specification Principle • Use Limitation Principle • Security Safeguards Principle • Openness Principle • Individual Participation Principle • Accountability Principle
Data Protection Principles (DPD, art 6) 1. Personal Data shall be processed lawfully and fairly (“collection limitation”). 2. Personal Data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in a manner incompatible with those purposes (“purpose /use limitation”). 3. Personal data shall be adequate, relevant and not excessive in relation to the purpose for which it was processed (add “data minimisation” principle? – DP Reg) 4. Personal data shall be accurate and kept to date if necessary (“data quality”). 5. Personal data shall not be kept for a longer time than it is necessary for its purpose. (“retention”) 6. Personal data can only be processed in accordance with the rights of the data subjects (“openness”) 7. Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing (“security”). 8. Data export principle (and DP Reg may add “accountability”)
Fundamental challenges not addressed? A. Decline of real and informed consent online B. Ubiquitous computing/ambient intelligence/the Internet of Things C. Big Data and profiling • In each case fundamental elements of the “notice and choice” paradigm are elided or destroyed
A. Consent • Existing DPD: Art 7 – grounds for fair processing (1st DP principle) – Consent of Data subject. – Necessary to perform contract DS is party to or for DS to enter a contract. – Necessary to comply with a legal obligation of the data controller. – Necessary to protect DS’s “vital interests”. – Processing is necessary for judicial purposes, public acts or acts of crown. – Necessary for “legitimate interests” of DC unless contrary to human rights of DS.
Consent as it’s meant to be • DPD , Art 2 “any freely given, specific and informed indication of his wishes by which the data subject signifies his agreement to personal data relating to him being processed.” • Art 7 as ground for fair processing, “unambiguous” • Art 8(2)(a) as ground for processing of sensitive PD, “explicit” • Freely given? Standard terms? Employees? Consumers? Social Networks? • Art 29 WP reports questioned quality of consent in privacy policies and some relationships esp employment surveillance (social media passwords?).
Consent online in real life • Privacy policies largely unreadable by non lawyers • Users prize immediate gains (social inclusion )over future dangers (data leakage, employers, NSA etc) -> faulty risk assessment • Constant change of T& C and defaults requires continuing vigilance and skill by users • Lock-in network effect –=> non competitive market on user rights (social death not to be on Facebook, who knows about Duck Duck Go?) • -> Market failure in respect of privacy on SNSs – so why bother checking privacy policies anybody? • SNS economic incentives are to encourage disclosure not encourage privacy (changing?) (but even mentioning privacy reduces revenues - Bonneau)
Consent in real life – complexity, legalese
Consent does not control situation permanently – T & C and defaults change at will
Consent: DP Reg Solution? • Change of definition to “freely given, specific, informed and explicit” – meaning “based either on a statement or on a clear affirmative action” (new recital 24) – but does this make any difference in online standard form consumer contracts? • Consent doesn’t count where there is a “significant imbalance” between Data Subject and Data Controller (eg employee) • But • Largely no restrictions on what can be consented to – no attempt at a consumer protection/unfair terms regime approach re unread adhesion contracts – “regulated contracts” • No restrictions on use of “legitimate business purposes” as alternative to consent for legalising processing (and one report suggests this should enable incompatible uses with original grant of consent) • Conclusion – not much help?
B. Ubiquitous Computing: RFID and the Internet of Things
Example: Location data • Richard Stallman, March 2011 • “It's Stalin's dream. Cell phones are tools of Big Brother. I'm not going to carry a tracking device that records where I go all the time, and I'm not going to carry a surveillance device that can be turned on to eavesdrop.“ • Art 29 WP 13/2011 • Some attempt to provide enforceable rights to “turn off” location data collection in PECD – how effective? Eg recent UK EE subscriber location data sales by Ipsos Mori to Met Police (anonymised?)
“Ambient” intelligence/sensor data collection by default Smart meters
Barcelona clubbers get chipped (2004) BBC Science producer Simon Morton goes clubbing in Barcelona with a microchip implanted in his arm to pay for drinks. Imagine having a glass capsule measuring 1.3mm by 1mm, about the size of a large grain of rice injected under your skin. Last week I headed for the bright lights of the Catalan city of Barcelona to enter the exclusive VIP Baja Beach Club. The night club offers its VIP clients the opportunity to have a syringe-injected microchip implanted in their upper arms that not only gives them special access to VIP lounges, but also acts as a debit account from which they can pay for drinks. Data collection from the body/biometrics Kevin Warwick, University of Reading
Volunteered data about real world interactions
London advertisement targets consumers by gender, with facial recognition, Feb 20 2012 - Plan UK (charity) Non volunteered data? Cas “Ubiquitous Computing, Privacy and DP”, 2009: “Biometric procedures replace the need to remember passwords or actively prove authorisation.. [ambient intelligence environments] require previously inconceivable levels of knowledge about the inhabitants” Chinese face recognition enabled door – on sale,
The future of ambient environments and the death of notice and choice? • Ubiquity = “invisible and seamlessly adaptive” (Spiekerman and Pallas) - always on, always collecting data • Weiser – ICTs weaving themselves “into the fabric of everyday life until they are indistinguishable from it” • The more useful, the less obvious and the less controlled by individual notice and choice. • Adaptive – learn from ambient total data collection, data not forgotten otherwise usefulness constrained– eg domestic or hospital care robots • How can this match DP idea of privacy as individual right to control collection of data? Notions of data minimisation in collection, limitation of purpose and use? • Note that ambient environments also often collect data about those most vulnerable and unable to exercise control – young, sick, geriatric, Alzheimers (eg the iPot, smart chairs, robots, geo-tagged schools and libraries) • Cas “ubiquitous computing will erode all central pillars of current privacy protection” • Resistance? – Default off – but what happens to social gain? – Controls on use rather than collection – how to enforce? (anonymisation – see later) – “Negotiation”? Eg wearing hoodies round CCTV; injecting false info (“noise”) into social networks etc – what is equivalent for ubicomp? – Privacy impact assessments prior to building systems plus privacy by design? Spiekerman’s RFID experience.
Big Data What is Big Data? • “about applying maths to huge amounts of data to infer probabilities.. The key is these systems perform well because they are fed with lots of data on which to base their predictions” – Eg Google Flu Trends – most common 50 m search query terms analysed • “big data refers to things one can do at a large scale that cannot be done at a small one” • “in a Big Data age , most innovative secondary uses haven’t been imagined when the data is first collected” – Eg Captcha - > ReCaptcha • Internet industries produce these huge amounts of data : Google, 24 Petabytes/day; FB, 10m photos uploaded /hr; 400 m tweets/day (2012) • “there is a treasure hunt underway” *(p 15)
Effect on DP/FIPs? • “How can companies provide notice for a purpose that has yet to exist? How can individuals give informed consent to an unknown?” (p 153) • Seeking new consent for each re use at big data scale seems impossible • Seeking blanket consents for any re use destroys whole point of consent as effective control – Yet heading this way?: eg Google combining all its privacy consents (policies) to mail, video, search, blogging etc , Jan 24 2012 • Anonymisation of data collected? Common excuse. Yet re- identification ever easier esp with big data recombined - see Ohm “Broken Promises”(2010) – AOL, Netflix scandals. – Eg anonymise FB data and reidentification from friends, and friemds of friends – “social graph” – often easy.
Solutions? • Ohm “Utility and privacy are, at bottom, two goals at war with one another” (p 1752) • M-S and Cukier: “From privacy to accountability” – abandon dependency on individual consent at time of collection & hold data users (controllers) accountable (p 173) – Means what? – Risk assessment by users of whether data products should be issued? External/internal audit by “algorithmists”? – Prior privacy impact assessments for “risky” processing? – Privacy by design – eg “differential privacy”, fuzzing some results? – Justified by benefits of big data to users - Paternalistic trust? • What would legal liability be for getting it wrong? Strict liability? Causation? Slamming door after horse has bolted? • My own “thought experiment” on “privacy tax” on data users, 2004, “The Problem with Privacy” (SSRN)

Recomendados

The Death of Privacy in Three Acts
The Death of Privacy in Three ActsThe Death of Privacy in Three Acts
The Death of Privacy in Three Acts
Lilian Edwards
 
the Death of Privacy in Three Acts
the Death of Privacy in Three Actsthe Death of Privacy in Three Acts
the Death of Privacy in Three Acts
Lilian Edwards
 
2007 presentation to the exec board of a high street bank - the workplace of...
2007 presentation to the exec board of a high street bank - the workplace of...2007 presentation to the exec board of a high street bank - the workplace of...
2007 presentation to the exec board of a high street bank - the workplace of...
Jerry Fishenden
 
UK Government identity initiatives since the late 1990s - IDnext 2015
UK Government identity initiatives since the late 1990s - IDnext 2015UK Government identity initiatives since the late 1990s - IDnext 2015
UK Government identity initiatives since the late 1990s - IDnext 2015
Jerry Fishenden
 
London School of Economics, February 2010, Jerry Fishenden
London School of Economics, February 2010, Jerry FishendenLondon School of Economics, February 2010, Jerry Fishenden
London School of Economics, February 2010, Jerry Fishenden
Jerry Fishenden
 
Beyond the Internet: Seamless Global Communication
Beyond the Internet: Seamless Global CommunicationBeyond the Internet: Seamless Global Communication
Beyond the Internet: Seamless Global Communication
Jerry Fishenden
 
Data Protection & Risk Management
Data Protection & Risk Management Data Protection & Risk Management
Data Protection & Risk Management
Endcode_org
 
Paperless Lab Academy 'legal aspects of big data analytics'
Paperless Lab Academy 'legal aspects of big data analytics' Paperless Lab Academy 'legal aspects of big data analytics'
Paperless Lab Academy 'legal aspects of big data analytics'
Axon Lawyers
 

Recomendados

The Death of Privacy in Three Acts
The Death of Privacy in Three ActsThe Death of Privacy in Three Acts
The Death of Privacy in Three Acts
Lilian Edwards
 
the Death of Privacy in Three Acts
the Death of Privacy in Three Actsthe Death of Privacy in Three Acts
the Death of Privacy in Three Acts
Lilian Edwards
 
2007 presentation to the exec board of a high street bank - the workplace of...
2007 presentation to the exec board of a high street bank - the workplace of...2007 presentation to the exec board of a high street bank - the workplace of...
2007 presentation to the exec board of a high street bank - the workplace of...
Jerry Fishenden
 
UK Government identity initiatives since the late 1990s - IDnext 2015
UK Government identity initiatives since the late 1990s - IDnext 2015UK Government identity initiatives since the late 1990s - IDnext 2015
UK Government identity initiatives since the late 1990s - IDnext 2015
Jerry Fishenden
 
London School of Economics, February 2010, Jerry Fishenden
London School of Economics, February 2010, Jerry FishendenLondon School of Economics, February 2010, Jerry Fishenden
London School of Economics, February 2010, Jerry Fishenden
Jerry Fishenden
 
Beyond the Internet: Seamless Global Communication
Beyond the Internet: Seamless Global CommunicationBeyond the Internet: Seamless Global Communication
Beyond the Internet: Seamless Global Communication
Jerry Fishenden
 
Data Protection & Risk Management
Data Protection & Risk Management Data Protection & Risk Management
Data Protection & Risk Management
Endcode_org
 
Paperless Lab Academy 'legal aspects of big data analytics'
Paperless Lab Academy 'legal aspects of big data analytics' Paperless Lab Academy 'legal aspects of big data analytics'
Paperless Lab Academy 'legal aspects of big data analytics'
Axon Lawyers
 
Data set Legislation
Data set Legislation Data set Legislation
Data set Legislation
Data-Set
 
Cyber Banking Conference
Cyber Banking Conference Cyber Banking Conference
Cyber Banking Conference
Endcode_org
 
Five moral dimensions of information systems pdf
Five moral dimensions of information systems pdfFive moral dimensions of information systems pdf
Five moral dimensions of information systems pdf
Ace Institute of Management (Nepal), Institute of Management Studies (Nepal)
 
Social Media & Legal Risk
Social Media & Legal Risk Social Media & Legal Risk
Social Media & Legal Risk
Endcode_org
 
IAB Online Content Regulation: Trends
IAB Online Content Regulation: Trends IAB Online Content Regulation: Trends
IAB Online Content Regulation: Trends
Endcode_org
 
What Should The Public Sector Demand Jerry Fishenden 15.05.2009
What Should The Public Sector Demand Jerry Fishenden 15.05.2009What Should The Public Sector Demand Jerry Fishenden 15.05.2009
What Should The Public Sector Demand Jerry Fishenden 15.05.2009
Jerry Fishenden
 
Thierer Internet Privacy Regulation
Thierer Internet Privacy RegulationThierer Internet Privacy Regulation
Thierer Internet Privacy Regulation
Mercatus Center
 
The internet of things..perspectives for the Nigerian legal system
The internet of things..perspectives for the Nigerian legal systemThe internet of things..perspectives for the Nigerian legal system
The internet of things..perspectives for the Nigerian legal system
Simon Aderinlola
 
HSD Digital Citizenship Framework
HSD Digital Citizenship FrameworkHSD Digital Citizenship Framework
HSD Digital Citizenship Framework
Darren Kuropatwa
 
19 July 2012 - Loc-poi overview v2
19 July 2012 - Loc-poi overview v2 19 July 2012 - Loc-poi overview v2
19 July 2012 - Loc-poi overview v2
Timothy Holborn
 
Vint big data research privacy technology and the law
Vint big data research privacy technology and the lawVint big data research privacy technology and the law
Vint big data research privacy technology and the law
Karlos Svoboda
 
Privacy & the Internet: An Overview of Key Issues
Privacy & the Internet: An Overview of Key IssuesPrivacy & the Internet: An Overview of Key Issues
Privacy & the Internet: An Overview of Key Issues
Adam Thierer
 
A short introduction to multimedia forensics the science discovering the hist...
A short introduction to multimedia forensics the science discovering the hist...A short introduction to multimedia forensics the science discovering the hist...
A short introduction to multimedia forensics the science discovering the hist...
Sebastiano Battiato
 
Identity REvolution multi disciplinary perspectives
Identity REvolution multi disciplinary perspectivesIdentity REvolution multi disciplinary perspectives
Identity REvolution multi disciplinary perspectives
Karlos Svoboda
 
Survey of accountability, trust, consent, tracking, security and privacy mech...
Survey of accountability, trust, consent, tracking, security and privacy mech...Survey of accountability, trust, consent, tracking, security and privacy mech...
Survey of accountability, trust, consent, tracking, security and privacy mech...
Karlos Svoboda
 
Data set Legislation
Data set LegislationData set Legislation
Data set Legislation
Data-Set
 
Data set Legislation
Data set LegislationData set Legislation
Data set Legislation
Data-Set
 
Age Friendly Economy - Legislation and Ethics of Data Use
Age Friendly Economy - Legislation and Ethics of Data UseAge Friendly Economy - Legislation and Ethics of Data Use
Age Friendly Economy - Legislation and Ethics of Data Use
AgeFriendlyEconomy
 
Future of privacy - An initial perspective - Stephen Deadman, Vodafone
Future of privacy - An initial perspective - Stephen Deadman, VodafoneFuture of privacy - An initial perspective - Stephen Deadman, Vodafone
Future of privacy - An initial perspective - Stephen Deadman, Vodafone
Future Agenda
 
Final Project Cultura Inglesa
Final Project Cultura InglesaFinal Project Cultura Inglesa
Final Project Cultura Inglesa
Brandon Villalobos Martínez
 
Punimiseminarik bankatqendrore-110513164651-phpapp02
Punimiseminarik bankatqendrore-110513164651-phpapp02Punimiseminarik bankatqendrore-110513164651-phpapp02
Punimiseminarik bankatqendrore-110513164651-phpapp02
emiliosm
 
What do we do with aproblem like revenge porn ?
What do we do with aproblem like revenge porn ?What do we do with aproblem like revenge porn ?
What do we do with aproblem like revenge porn ?
Lilian Edwards
 

Mais conteúdo relacionado

Mais procurados

Thierer Internet Privacy Regulation
Thierer Internet Privacy RegulationThierer Internet Privacy Regulation
Thierer Internet Privacy Regulation
Mercatus Center
 
The internet of things..perspectives for the Nigerian legal system
The internet of things..perspectives for the Nigerian legal systemThe internet of things..perspectives for the Nigerian legal system
The internet of things..perspectives for the Nigerian legal system
Simon Aderinlola
 
Vint big data research privacy technology and the law
Vint big data research privacy technology and the lawVint big data research privacy technology and the law
Vint big data research privacy technology and the law
Karlos Svoboda
 
Identity REvolution multi disciplinary perspectives
Identity REvolution multi disciplinary perspectivesIdentity REvolution multi disciplinary perspectives
Identity REvolution multi disciplinary perspectives
Karlos Svoboda
 
Survey of accountability, trust, consent, tracking, security and privacy mech...
Survey of accountability, trust, consent, tracking, security and privacy mech...Survey of accountability, trust, consent, tracking, security and privacy mech...
Survey of accountability, trust, consent, tracking, security and privacy mech...
Karlos Svoboda
 

Mais procurados (19)

Data set Legislation
Data set Legislation Data set Legislation
Data set Legislation
 
Cyber Banking Conference
Cyber Banking Conference Cyber Banking Conference
Cyber Banking Conference
 
Five moral dimensions of information systems pdf
Five moral dimensions of information systems pdfFive moral dimensions of information systems pdf
Five moral dimensions of information systems pdf
 
Social Media & Legal Risk
Social Media & Legal Risk Social Media & Legal Risk
Social Media & Legal Risk
 
IAB Online Content Regulation: Trends
IAB Online Content Regulation: Trends IAB Online Content Regulation: Trends
IAB Online Content Regulation: Trends
 
What Should The Public Sector Demand Jerry Fishenden 15.05.2009
What Should The Public Sector Demand Jerry Fishenden 15.05.2009What Should The Public Sector Demand Jerry Fishenden 15.05.2009
What Should The Public Sector Demand Jerry Fishenden 15.05.2009
 
Thierer Internet Privacy Regulation
Thierer Internet Privacy RegulationThierer Internet Privacy Regulation
Thierer Internet Privacy Regulation
 
The internet of things..perspectives for the Nigerian legal system
The internet of things..perspectives for the Nigerian legal systemThe internet of things..perspectives for the Nigerian legal system
The internet of things..perspectives for the Nigerian legal system
 
HSD Digital Citizenship Framework
HSD Digital Citizenship FrameworkHSD Digital Citizenship Framework
HSD Digital Citizenship Framework
 
19 July 2012 - Loc-poi overview v2
19 July 2012 - Loc-poi overview v2 19 July 2012 - Loc-poi overview v2
19 July 2012 - Loc-poi overview v2
 
Vint big data research privacy technology and the law
Vint big data research privacy technology and the lawVint big data research privacy technology and the law
Vint big data research privacy technology and the law
 
Privacy & the Internet: An Overview of Key Issues
Privacy & the Internet: An Overview of Key IssuesPrivacy & the Internet: An Overview of Key Issues
Privacy & the Internet: An Overview of Key Issues
 
A short introduction to multimedia forensics the science discovering the hist...
A short introduction to multimedia forensics the science discovering the hist...A short introduction to multimedia forensics the science discovering the hist...
A short introduction to multimedia forensics the science discovering the hist...
 
Identity REvolution multi disciplinary perspectives
Identity REvolution multi disciplinary perspectivesIdentity REvolution multi disciplinary perspectives
Identity REvolution multi disciplinary perspectives
 
Survey of accountability, trust, consent, tracking, security and privacy mech...
Survey of accountability, trust, consent, tracking, security and privacy mech...Survey of accountability, trust, consent, tracking, security and privacy mech...
Survey of accountability, trust, consent, tracking, security and privacy mech...
 
Data set Legislation
Data set LegislationData set Legislation
Data set Legislation
 
Data set Legislation
Data set LegislationData set Legislation
Data set Legislation
 
Age Friendly Economy - Legislation and Ethics of Data Use
Age Friendly Economy - Legislation and Ethics of Data UseAge Friendly Economy - Legislation and Ethics of Data Use
Age Friendly Economy - Legislation and Ethics of Data Use
 
Future of privacy - An initial perspective - Stephen Deadman, Vodafone
Future of privacy - An initial perspective - Stephen Deadman, VodafoneFuture of privacy - An initial perspective - Stephen Deadman, Vodafone
Future of privacy - An initial perspective - Stephen Deadman, Vodafone
 

Destaque

Punimiseminarik bankatqendrore-110513164651-phpapp02
Punimiseminarik bankatqendrore-110513164651-phpapp02Punimiseminarik bankatqendrore-110513164651-phpapp02
Punimiseminarik bankatqendrore-110513164651-phpapp02
emiliosm
 
Basicsofapplets 53-130303003217-phpapp02
Basicsofapplets 53-130303003217-phpapp02Basicsofapplets 53-130303003217-phpapp02
Basicsofapplets 53-130303003217-phpapp02
Swati Jadhav
 
Civil rights movement
Civil rights movementCivil rights movement
Civil rights movement
Prasoon Gupta
 
Slave to the Algo-Rhythms?
Slave to the Algo-Rhythms?Slave to the Algo-Rhythms?
Slave to the Algo-Rhythms?
Lilian Edwards
 
Night vision technology
Night vision technologyNight vision technology
Night vision technology
Cihan Tarıman
 

Destaque (16)

Final Project Cultura Inglesa
Final Project Cultura InglesaFinal Project Cultura Inglesa
Final Project Cultura Inglesa
 
Punimiseminarik bankatqendrore-110513164651-phpapp02
Punimiseminarik bankatqendrore-110513164651-phpapp02Punimiseminarik bankatqendrore-110513164651-phpapp02
Punimiseminarik bankatqendrore-110513164651-phpapp02
 
What do we do with aproblem like revenge porn ?
What do we do with aproblem like revenge porn ?What do we do with aproblem like revenge porn ?
What do we do with aproblem like revenge porn ?
 
Back To Basics CEO
Back To Basics CEOBack To Basics CEO
Back To Basics CEO
 
Excelsunum
ExcelsunumExcelsunum
Excelsunum
 
Cdas 2012, lilian edwards and edina harbinja
Cdas 2012, lilian edwards and edina harbinjaCdas 2012, lilian edwards and edina harbinja
Cdas 2012, lilian edwards and edina harbinja
 
Tarea Gerson
Tarea GersonTarea Gerson
Tarea Gerson
 
Basicsofapplets 53-130303003217-phpapp02
Basicsofapplets 53-130303003217-phpapp02Basicsofapplets 53-130303003217-phpapp02
Basicsofapplets 53-130303003217-phpapp02
 
IT law : the middle kingdom between east and West
IT law : the middle kingdom between east and WestIT law : the middle kingdom between east and West
IT law : the middle kingdom between east and West
 
Civil rights movement
Civil rights movementCivil rights movement
Civil rights movement
 
The death of data protection
The death of data protection The death of data protection
The death of data protection
 
Slave to the Algo-Rhythms?
Slave to the Algo-Rhythms?Slave to the Algo-Rhythms?
Slave to the Algo-Rhythms?
 
Night vision technology
Night vision technologyNight vision technology
Night vision technology
 
Police surveillance of social media - do you have a reasonable expectation of...
Police surveillance of social media - do you have a reasonable expectation of...Police surveillance of social media - do you have a reasonable expectation of...
Police surveillance of social media - do you have a reasonable expectation of...
 
Livescribe smartpen application for educators presentation
Livescribe smartpen application for educators presentationLivescribe smartpen application for educators presentation
Livescribe smartpen application for educators presentation
 
Sejarah tingkatan 2bab1(1)
Sejarah tingkatan 2bab1(1)Sejarah tingkatan 2bab1(1)
Sejarah tingkatan 2bab1(1)
 

Semelhante a The death of data protection sans obama

[SLIDES] Internet of Things presentation at AEI (Sept 2014)
[SLIDES] Internet of Things presentation at AEI (Sept 2014)[SLIDES] Internet of Things presentation at AEI (Sept 2014)
[SLIDES] Internet of Things presentation at AEI (Sept 2014)
Adam Thierer
 
PLA Legal aspects of Big Data analytics final
PLA Legal aspects of Big Data analytics finalPLA Legal aspects of Big Data analytics final
PLA Legal aspects of Big Data analytics final
Sofie van der Meulen
 
Getting the social side of pervasive computing right
Getting the social side of pervasive computing rightGetting the social side of pervasive computing right
Getting the social side of pervasive computing right
blogzilla
 

Semelhante a The death of data protection sans obama (20)

Draft data protection regn 2012
Draft data protection regn 2012Draft data protection regn 2012
Draft data protection regn 2012
 
Smart Data Module 5 d drive_legislation
Smart Data Module 5 d drive_legislationSmart Data Module 5 d drive_legislation
Smart Data Module 5 d drive_legislation
 
The GDPR for Techies
The GDPR for TechiesThe GDPR for Techies
The GDPR for Techies
 
Be careful what you wish for: the great Data Protection law reform - Lilian E...
Be careful what you wish for: the great Data Protection law reform - Lilian E...Be careful what you wish for: the great Data Protection law reform - Lilian E...
Be careful what you wish for: the great Data Protection law reform - Lilian E...
 
[SLIDES] Internet of Things presentation at AEI (Sept 2014)
[SLIDES] Internet of Things presentation at AEI (Sept 2014)[SLIDES] Internet of Things presentation at AEI (Sept 2014)
[SLIDES] Internet of Things presentation at AEI (Sept 2014)
 
To share or not to share? machine generated data for science
To share or not to share? machine generated data for science To share or not to share? machine generated data for science
To share or not to share? machine generated data for science
 
PLA Legal aspects of Big Data analytics final
PLA Legal aspects of Big Data analytics finalPLA Legal aspects of Big Data analytics final
PLA Legal aspects of Big Data analytics final
 
Internet of Things TCLG Oct 23 2014
Internet of Things TCLG Oct 23 2014Internet of Things TCLG Oct 23 2014
Internet of Things TCLG Oct 23 2014
 
Malcolm Crompton, IIS Partners Irish Future Internet Forum - Socioeconomics
Malcolm Crompton, IIS Partners Irish Future Internet Forum - SocioeconomicsMalcolm Crompton, IIS Partners Irish Future Internet Forum - Socioeconomics
Malcolm Crompton, IIS Partners Irish Future Internet Forum - Socioeconomics
 
How Can Policymakers and Regulators Better Engage the Internet of Things?
How Can Policymakers and Regulators Better Engage the Internet of Things? How Can Policymakers and Regulators Better Engage the Internet of Things?
How Can Policymakers and Regulators Better Engage the Internet of Things?
 
Internet of Things & Wearable Technology: Unlocking the Next Wave of Data-Dri...
Internet of Things & Wearable Technology: Unlocking the Next Wave of Data-Dri...Internet of Things & Wearable Technology: Unlocking the Next Wave of Data-Dri...
Internet of Things & Wearable Technology: Unlocking the Next Wave of Data-Dri...
 
IoT & Big Data - A privacy-oriented view of the future
IoT & Big Data - A privacy-oriented view of the futureIoT & Big Data - A privacy-oriented view of the future
IoT & Big Data - A privacy-oriented view of the future
 
Multimedia Privacy
Multimedia PrivacyMultimedia Privacy
Multimedia Privacy
 
Getting the social side of pervasive computing right
Getting the social side of pervasive computing rightGetting the social side of pervasive computing right
Getting the social side of pervasive computing right
 
Privacy, the Internet of Things and Smart Cities
Privacy, the Internet of Things and Smart Cities Privacy, the Internet of Things and Smart Cities
Privacy, the Internet of Things and Smart Cities
 
Sible 09
Sible 09Sible 09
Sible 09
 
Module 5 - Legislation - Online
Module 5 - Legislation - OnlineModule 5 - Legislation - Online
Module 5 - Legislation - Online
 
Big data for development
Big data for development Big data for development
Big data for development
 
The Evolution of Data Privacy - A Symantec Information Security Perspective o...
The Evolution of Data Privacy - A Symantec Information Security Perspective o...The Evolution of Data Privacy - A Symantec Information Security Perspective o...
The Evolution of Data Privacy - A Symantec Information Security Perspective o...
 
GDPR and Blockchain
GDPR and BlockchainGDPR and Blockchain
GDPR and Blockchain
 

Mais de Lilian Edwards

Global Governance of Generative AI: The Right Way Forward
Global Governance of Generative AI: The Right Way ForwardGlobal Governance of Generative AI: The Right Way Forward
Global Governance of Generative AI: The Right Way Forward
Lilian Edwards
 
Can ChatGPT be compatible with the GDPR? Discuss.
Can ChatGPT be compatible with the GDPR? Discuss.Can ChatGPT be compatible with the GDPR? Discuss.
Can ChatGPT be compatible with the GDPR? Discuss.
Lilian Edwards
 

Mais de Lilian Edwards (12)

Global Governance of Generative AI: The Right Way Forward
Global Governance of Generative AI: The Right Way ForwardGlobal Governance of Generative AI: The Right Way Forward
Global Governance of Generative AI: The Right Way Forward
 
How to regulate foundation models: can we do better than the EU AI Act?
How to regulate foundation models: can we do better than the EU AI Act?How to regulate foundation models: can we do better than the EU AI Act?
How to regulate foundation models: can we do better than the EU AI Act?
 
Can ChatGPT be compatible with the GDPR? Discuss.
Can ChatGPT be compatible with the GDPR? Discuss.Can ChatGPT be compatible with the GDPR? Discuss.
Can ChatGPT be compatible with the GDPR? Discuss.
 
What Do You Do with a Problem Like AI?
What Do You Do with a Problem Like AI?What Do You Do with a Problem Like AI?
What Do You Do with a Problem Like AI?
 
The GDPR, Brexit, the UK and adequacy
The GDPR, Brexit, the UK and adequacyThe GDPR, Brexit, the UK and adequacy
The GDPR, Brexit, the UK and adequacy
 
Slave to the Algorithm 2016
Slave to the Algorithm 2016 Slave to the Algorithm 2016
Slave to the Algorithm 2016
 
Cloud computing : legal , privacy and contract issues
Cloud computing : legal , privacy and contract issuesCloud computing : legal , privacy and contract issues
Cloud computing : legal , privacy and contract issues
 
From Privacy Impact Assessment to Social Impact Assessment: Preserving TRrus...
From Privacy Impact Assessment to Social Impact Assessment: Preserving TRrus...From Privacy Impact Assessment to Social Impact Assessment: Preserving TRrus...
From Privacy Impact Assessment to Social Impact Assessment: Preserving TRrus...
 
UK copyright, online intermediaries and enforcement
UK copyright, online intermediaries and enforcementUK copyright, online intermediaries and enforcement
UK copyright, online intermediaries and enforcement
 
Revenge porn: punish, remove, forget, forgive?
Revenge porn: punish, remove, forget, forgive? Revenge porn: punish, remove, forget, forgive?
Revenge porn: punish, remove, forget, forgive?
 
From piracy to “The Producers?
From piracy to “The Producers?From piracy to “The Producers?
From piracy to “The Producers?
 
9worlds robots
9worlds robots9worlds robots
9worlds robots
 

Último

Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 

Último (20)

AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source Milvus
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 

The death of data protection sans obama

  • 1. The Death of Data Protection? Lilian Edwards Professor of Internet Governance University of Strathclyde Goettingen, July 2013
  • 3. Q. Do people still care about privacy? JAN 2010: Zuckerberg : “People have really gotten comfortable not only sharing more information and different kinds, but more openly and with more people.. privacy is no longer a ‘social norm’ .” JUNE 2013: Washington is using "American-style Stasi methods," said Markus Ferber MEP, of Chancellor Angela Merkel's Bavarian sister party. "I thought this era had ended when the DDR fell”
  • 5.
  • 6. Viviane Reding: Prism “shows why a clear legal framework for the protection of personal data is not a luxury but a necessity.” Ron Paul: What most undermines the claims of the Administration and its defenders about this surveillance program is the process itself. First the government listens in on all of our telephone calls without a warrant and then if it finds something it goes to a FISA court and gets an illegal approval for what it has already done! This turns the rule of law and due process on its head.
  • 7. In Europe, even UK(!) rising online privacy concerns c 2010 on C4, May 2010
  • 8. Attitudes towards data protection • 60% of Europeans who use the internet (40% of all EU citizens) shop or sell things online and use social networking sites. • People disclose personal data, including biographical information (almost 90%), social information (almost 50%) and sensitive information (almost 10%) on these sites. • 70% said they were concerned about how companies use this data and they think that they have only partial, if any, control of their own data. • 74% want to give their specific consent before their data is collected and processed on the Internet. EC citizen attitudes towards data privacy – EuroBarometer 2011
  • 9. Reform of the Data Protection Directive (DPD) ? January 2012 Draft General Regulation • Main issues – Combine rules on DP police & LEAs sector with existing rules for “civilian” data controllers? (in fact kept separate) – Address globalisation better – data flows out of EU – Improve harmonisation within EU (binding interpretation by Art 29 WP?) – Strengthen Data Subject’s rights/ enhancing control over PD eg, online subject access, clarifying definitions of consent – Reduce red tape for Data Controllers – multinationals only to be regulated by 1 EC DPA - saving 2.3 billion Euros for EU industry - quid pro quo? – Make DCs more accountable, eg, must have a CPO; audit trails of processing; “privacy by design” (?) – Clarify rules on jurisdiction, applicable law and DP (eg Facebook? Google?)
  • 10. Fiddling round the edges while privacy burns? OECD Privacy Principles, 1980 / “FIPs”/”notice and choice” • Collection Limitation Principle • Data Quality Principle • Purpose Specification Principle • Use Limitation Principle • Security Safeguards Principle • Openness Principle • Individual Participation Principle • Accountability Principle
  • 11. Data Protection Principles (DPD, art 6) 1. Personal Data shall be processed lawfully and fairly (“collection limitation”). 2. Personal Data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in a manner incompatible with those purposes (“purpose /use limitation”). 3. Personal data shall be adequate, relevant and not excessive in relation to the purpose for which it was processed (add “data minimisation” principle? – DP Reg) 4. Personal data shall be accurate and kept to date if necessary (“data quality”). 5. Personal data shall not be kept for a longer time than it is necessary for its purpose. (“retention”) 6. Personal data can only be processed in accordance with the rights of the data subjects (“openness”) 7. Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing (“security”). 8. Data export principle (and DP Reg may add “accountability”)
  • 12. Fundamental challenges not addressed? A. Decline of real and informed consent online B. Ubiquitous computing/ambient intelligence/the Internet of Things C. Big Data and profiling • In each case fundamental elements of the “notice and choice” paradigm are elided or destroyed
  • 13. A. Consent • Existing DPD: Art 7 – grounds for fair processing (1st DP principle) – Consent of Data subject. – Necessary to perform contract DS is party to or for DS to enter a contract. – Necessary to comply with a legal obligation of the data controller. – Necessary to protect DS’s “vital interests”. – Processing is necessary for judicial purposes, public acts or acts of crown. – Necessary for “legitimate interests” of DC unless contrary to human rights of DS.
  • 14. Consent as it’s meant to be • DPD , Art 2 “any freely given, specific and informed indication of his wishes by which the data subject signifies his agreement to personal data relating to him being processed.” • Art 7 as ground for fair processing, “unambiguous” • Art 8(2)(a) as ground for processing of sensitive PD, “explicit” • Freely given? Standard terms? Employees? Consumers? Social Networks? • Art 29 WP reports questioned quality of consent in privacy policies and some relationships esp employment surveillance (social media passwords?).
  • 15. Consent online in real life • Privacy policies largely unreadable by non lawyers • Users prize immediate gains (social inclusion )over future dangers (data leakage, employers, NSA etc) -> faulty risk assessment • Constant change of T& C and defaults requires continuing vigilance and skill by users • Lock-in network effect –=> non competitive market on user rights (social death not to be on Facebook, who knows about Duck Duck Go?) • -> Market failure in respect of privacy on SNSs – so why bother checking privacy policies anybody? • SNS economic incentives are to encourage disclosure not encourage privacy (changing?) (but even mentioning privacy reduces revenues - Bonneau)
  • 16. Consent in real life – complexity, legalese
  • 17. Consent does not control situation permanently – T & C and defaults change at will
  • 18.
  • 19. Consent: DP Reg Solution? • Change of definition to “freely given, specific, informed and explicit” – meaning “based either on a statement or on a clear affirmative action” (new recital 24) – but does this make any difference in online standard form consumer contracts? • Consent doesn’t count where there is a “significant imbalance” between Data Subject and Data Controller (eg employee) • But • Largely no restrictions on what can be consented to – no attempt at a consumer protection/unfair terms regime approach re unread adhesion contracts – “regulated contracts” • No restrictions on use of “legitimate business purposes” as alternative to consent for legalising processing (and one report suggests this should enable incompatible uses with original grant of consent) • Conclusion – not much help?
  • 20. B. Ubiquitous Computing: RFID and the Internet of Things
  • 21. Example: Location data • Richard Stallman, March 2011 • “It's Stalin's dream. Cell phones are tools of Big Brother. I'm not going to carry a tracking device that records where I go all the time, and I'm not going to carry a surveillance device that can be turned on to eavesdrop.“ • Art 29 WP 13/2011 • Some attempt to provide enforceable rights to “turn off” location data collection in PECD – how effective? Eg recent UK EE subscriber location data sales by Ipsos Mori to Met Police (anonymised?)
  • 22. “Ambient” intelligence/sensor data collection by default Smart meters
  • 23. Barcelona clubbers get chipped (2004) BBC Science producer Simon Morton goes clubbing in Barcelona with a microchip implanted in his arm to pay for drinks. Imagine having a glass capsule measuring 1.3mm by 1mm, about the size of a large grain of rice injected under your skin. Last week I headed for the bright lights of the Catalan city of Barcelona to enter the exclusive VIP Baja Beach Club. The night club offers its VIP clients the opportunity to have a syringe-injected microchip implanted in their upper arms that not only gives them special access to VIP lounges, but also acts as a debit account from which they can pay for drinks. Data collection from the body/biometrics Kevin Warwick, University of Reading
  • 24. Volunteered data about real world interactions
  • 25. London advertisement targets consumers by gender, with facial recognition, Feb 20 2012 - Plan UK (charity) Non volunteered data? Cas “Ubiquitous Computing, Privacy and DP”, 2009: “Biometric procedures replace the need to remember passwords or actively prove authorisation.. [ambient intelligence environments] require previously inconceivable levels of knowledge about the inhabitants” Chinese face recognition enabled door – on sale,
  • 26. The future of ambient environments and the death of notice and choice? • Ubiquity = “invisible and seamlessly adaptive” (Spiekerman and Pallas) - always on, always collecting data • Weiser – ICTs weaving themselves “into the fabric of everyday life until they are indistinguishable from it” • The more useful, the less obvious and the less controlled by individual notice and choice. • Adaptive – learn from ambient total data collection, data not forgotten otherwise usefulness constrained– eg domestic or hospital care robots • How can this match DP idea of privacy as individual right to control collection of data? Notions of data minimisation in collection, limitation of purpose and use? • Note that ambient environments also often collect data about those most vulnerable and unable to exercise control – young, sick, geriatric, Alzheimers (eg the iPot, smart chairs, robots, geo-tagged schools and libraries) • Cas “ubiquitous computing will erode all central pillars of current privacy protection” • Resistance? – Default off – but what happens to social gain? – Controls on use rather than collection – how to enforce? (anonymisation – see later) – “Negotiation”? Eg wearing hoodies round CCTV; injecting false info (“noise”) into social networks etc – what is equivalent for ubicomp? – Privacy impact assessments prior to building systems plus privacy by design? Spiekerman’s RFID experience.
  • 27. Big Data What is Big Data? • “about applying maths to huge amounts of data to infer probabilities.. The key is these systems perform well because they are fed with lots of data on which to base their predictions” – Eg Google Flu Trends – most common 50 m search query terms analysed • “big data refers to things one can do at a large scale that cannot be done at a small one” • “in a Big Data age , most innovative secondary uses haven’t been imagined when the data is first collected” – Eg Captcha - > ReCaptcha • Internet industries produce these huge amounts of data : Google, 24 Petabytes/day; FB, 10m photos uploaded /hr; 400 m tweets/day (2012) • “there is a treasure hunt underway” *(p 15)
  • 28. Effect on DP/FIPs? • “How can companies provide notice for a purpose that has yet to exist? How can individuals give informed consent to an unknown?” (p 153) • Seeking new consent for each re use at big data scale seems impossible • Seeking blanket consents for any re use destroys whole point of consent as effective control – Yet heading this way?: eg Google combining all its privacy consents (policies) to mail, video, search, blogging etc , Jan 24 2012 • Anonymisation of data collected? Common excuse. Yet re- identification ever easier esp with big data recombined - see Ohm “Broken Promises”(2010) – AOL, Netflix scandals. – Eg anonymise FB data and reidentification from friends, and friemds of friends – “social graph” – often easy.
  • 29. Solutions? • Ohm “Utility and privacy are, at bottom, two goals at war with one another” (p 1752) • M-S and Cukier: “From privacy to accountability” – abandon dependency on individual consent at time of collection & hold data users (controllers) accountable (p 173) – Means what? – Risk assessment by users of whether data products should be issued? External/internal audit by “algorithmists”? – Prior privacy impact assessments for “risky” processing? – Privacy by design – eg “differential privacy”, fuzzing some results? – Justified by benefits of big data to users - Paternalistic trust? • What would legal liability be for getting it wrong? Strict liability? Causation? Slamming door after horse has bolted? • My own “thought experiment” on “privacy tax” on data users, 2004, “The Problem with Privacy” (SSRN)

Notas do Editor

  1. Another way to look at it is to consider what data Facebook discloses by default when you sign up. In other words, if you create a profile or do things on the site, how much of it is public before you the user do anything? Again this keeeps changing. TAnother useful graphic from a private user called Matt McKeon using data gathered by US digital rights org the EFF produced some very useful graphics tracking how much data the PP demanded the user to disclose as the policy canaged from 2005 through to 2010. He has it for every year but ‘ll just shopw you 2005 and 2010..
  2. In December 2009 FB changed the defaults the sites so that much data that was once by default private now became public – even some one to one chats between users, eg – and some data was shared automatically with other websites when users visited them. This is why some of the people on OpenBook are saying things they probably never expected anyone except thjeir friends to read – they don’t realise the terms of using the site have changed and now some of their very personal data is public.Protecting your privacy now on FB – ie changing the default settings , and keeping on top of new changes - is complicated enough that people are writing software to do it for you – tools liike ReclaimYourPrivacy.Org & SaveFace..-> Can it really be this difficult you ask?? see NYT times graphic.
  3. Defaults? Spotify to FB – Fitbit sharing sexual activity
  4. Big successesGoogle Flu Trends – predicted in real time where ful epidemic likely to be at its worst from search terms entered (G didn’t pick them , just used figures from gov to correlate w prior outbreaks and “learnt” the 45 search terms most correlatedDrugs – from existing abstracts of all existing chemical compounds -> new ones eg