Privacy

Privacy, privacy enhancing technologies and the individual

Web Science Trust White Paper #1

2022

Themes: Privacy, Semantic Web/linked data

Category: White paper/report

Law has granted individuals some rights over the use of data about them, but data protection rights have not redressed the balance between the individual and the tech giants. A number of approaches aim to augment personal rights to allow individuals to police their own information space, facilitating informational self-determination. This reports reviews this approach to privacy protection, explaining how controls have generally been conceived either as the use of technology to aid individuals in this policing task, or the creation of further legal instruments to augment their powers. It focuses on two recent attempts to secure or support data protection rights, one using technology and the other the law. The former is called Solid, a decentralised platform for linked data, while the latter is a novel application of trust law to develop data trusts in which individuals’ data is managed by a trustee with the individuals as beneficiaries. The report argues that structural impediments make it hard for thriving, diverse ecosystems of Solid apps or data trusts to achieve critical mass – a problem that has traditionally haunted this empowering approach.

Data trusts

European Data Protection Law Review, 6(4), 484-491

2020

Themes: Data trusts, Privacy

Category: Journal article, Open access

Recent years have seen the burgeoning of a literature on data trusts, and the unwary might therefore be led to believe that it is an idea whose time has come. Unfortunately, the ideas of the various authors who have contributed to this literature, who include the present author, haven’t always coincided, and have been aimed at different problems at different levels of detail and hand-waving. We might therefore say more accurately that ‘data trust’ is a brand whose time has come, which in itself is a not uninteresting phenomenon, worthy of consideration.

Between the editors

Mireille Hildebrandt & Kieron O'Hara (eds.), Life and the Law in the Era of Data-Driven Agency, 16-43

2020

Co-authors: Mireille Hildebrandt,

Themes: Privacy, Society

Category: Book chapter, Open access

This chapter contains a crossing of swords and thoughts between the editors, who come from different disciplinary backgrounds and different philosophical traditions, but nevertheless occupy much common ground. The conversation is too short to enable the cutting edge of Occam’s razor, but refers to other work with more extensive argumentation. We agree on a great deal. In particular, we share a precautionary approach that requires proactive consideration of how one’s experimental business models or progressive politics may impact others. However, as the reader will see, at that point we part company! The ensuing dialogue has been illuminating for us, and hopefully will whet the reader’s appetite for the excellent chapters that follow in our edited book Life and the Law in the Era of Data-Driven Agency.

Preface

Mireille Hildebrandt & Kieron O'Hara (eds.), Life and the Law in the Era of Data-Driven Agency, xii-xiv

2020

Co-authors: Mireille Hildebrandt

Themes: Privacy, Society

Category: Book chapter, Open access

Preface to the volume Life and the Law in the Era of Data-Driven Agency, edited by Mireille Hildebrandt and Kieron O’Hara.

Introduction: Life and the law in the era of data-driven agency

Mireille Hildebrandt & Kieron O'Hara (eds.), Life and the Law in the Era of Data-Driven Agency, 1-15

2020

Co-authors: Mireille Hildebrandt

Themes: Privacy, Society

Category: Book chapter, Open access

This chapter introduces the core topics of the volume Life and the Law in the Era of Data-Driven Agency, providing a hopefully appetizing overview of the chapters and their interrelations.

On blockchains and the General Data Protection Regulation

EU Blockchain Observatory and Forum

2018

Co-authors: Luis-Daniel Ibáñez, Elena Simperl

Themes: Blockchain/cryptocurrency, Data protection

Category: Open access, Peer reviewed, White paper/report

In this paper, we review the legal and technological state of play of the GDPR-Blockchain relationship. Next, we analyse three interaction scenarios between data subjects and blockchain systems, and propose possible ways of achieving GDPR compliance by using state of the art technologies. Finally we review current efforts in the use of blockchains to enforce GDPR principles, in particular ‘Data Protection by Design’.

Functional anonymisation: personal data and the data environment

Computer Law and Security Review, 34(2), 204-221

2018

Co-authors: Mark Elliot, Charles Raab, Christine M. O'Keefe, Elaine Mackey, Chris Dibben, Heather Gowans, Kingsley Purdam, Karen Mc Cullagh

Themes: Data anonymisation

Category: Journal article, Peer reviewed

Anonymisation of personal data has a long history stemming from the expansion of the types of data products routinely provided by National Statistical Institutes. Variants on anonymisation have received serious criticism reinforced by much-publicised apparent failures. We argue that both the operators of such schemes and their critics have become confused by being overly focused on the properties of the data itself. We claim that, far from being able to determine whether data is anonymous (and therefore non-personal) by looking at the data alone, any anonymisation technique worthy of the name must take account of not only the data but also its environment.

This paper proposes an alternative formulation called functional anonymisation that focuses on the relationship between the data and the environment within which the data exists (the data environment). We provide a formulation for describing the relationship between the data and its environment that links the legal notion of personal data with the statistical notion of disclosure control. Anonymisation, properly conceived and effectively conducted, can be a critical part of the toolkit of the privacy-respecting data controller and the wider remit of providing accurate and usable data.

You are being watched: review of Macnish, The Ethics of Surveillance

Metascience, 27(2), 271-274

2018

Themes: Privacy

Category: Book review, Open access

Review of Kevin Macnish’s book The Ethics of Surveillance.

The digitally extended self: a lexicological analysis of personal data

Journal of Information Science, 44(4), 552-565

2017

Co-authors: Brian Parkinson, David E. Millard, Richard Giordano

Themes: Privacy

Category: Journal article, Open access, Peer reviewed

Individuals’ privacy, especially with regard to their personal data, is increasingly an area of concern as people interact with a wider and more pervasive set of digital services. Unfortunately, the terminology around personal data is used inconsistently, the concepts are unclear and there is a poor understanding of their relationships. This is a challenge to those who need to discuss personal data in precise terms, for example, legislators, academics and service providers who seek informed consent from their users. In this article, we present a lexicological analysis of the terms used to describe personal data, use this analysis to identify common concepts and propose a model of the digitally extended self that shows how these concepts of personal data fit together. We then validate the model against key publications and show in practice how it can be used to describe personal data in three scenarios. Our work shows that there is no clearly delineated kernel of personal data, but rather that there are layers of personal data, with different qualities, sources and claims of ownership, which extend out from the individual and form the digitally extended self.

Social machines as an approach to group privacy

Linnet Taylor, Luciano Floridi & Bart van der Sloot (eds.), Group Privacy: New Challenges of Data Technologies, 101-122

2016

Co-authors: Dave Robertson

Themes: Privacy, Social machines

Category: Book chapter, Peer reviewed

This chapter introduces the notion of social machines as a way of conceptualising and formalising the interactions between people and private networked technology for problem-solving. It is argued that formalisation of such ‘social computing’ will generate requirements for information flow within social machines and across their boundaries with the outside world. These requirements provide the basis for a notion of group privacy that is neither derivative from the idea of individual privacy preferences, nor founded in political or moral argument, but instead related to the integrity of the social machine and its capabilities for bottom-up problem-solving. This notion of group privacy depends on a particular technological setup, and is not intended to be a general definition, but it has purchase in the context of pervasive technology and big data which has made the question of group privacy pressing and timely.

The seven veils of privacy

IEEE Internet Computing, 20(2), 86-91

2016

Themes: Privacy

Category: Journal article, Open access, The Digital Citizen

Here, Kieron O’Hara details a framework of seven levels to help separate the effects and affects of privacy from the facts. In looking at when a privacy boundary is crossed or not, this framework helps citizens think about when that’s problematic, and why this differs not only across cultures, but also across generations and even for the same individuals.

The right to be forgotten: the good, the bad and the ugly

IEEE Internet Computing, 19(4), 73-79

2015

Themes: Data protection

Category: Journal article, Open access, The Digital Citizen

Viviane Reding’s (three-time European Commissioner) muscular speeches advocating a right to be forgotten for Europeans kick-started a ruckus that has pitched the European Union (EU) against the US and privacy activists against Big Data advocates. This issue gained momentum in May 2014, when an appeal by Google Spain against a decision of the Spanish Data Protection Authority (DPA), la Agencia Española de Protección de Datos (AEPD), was rejected by the Court of Justice of the European Union (CJEU), thereby enshrining the right to be forgotten in law. This paper discusses in depth considers the right to be forgotten, including its potential ramifications and successes.

The fridge’s brain sure ain’t the icebox

IEEE Internet Computing, 18(6), 81-84

2014

Themes: Computing/The Internet, Privacy

Category: Journal article, Open access, The Digital Citizen

The emergence of the Internet of Things (IoT) promises new and exciting possibilities for our personal health, transport, the environment, and many other areas. However, it does of course pose privacy and security problems. This article argues that there are six complex and difficult privacy concerns that are specific to the IoT. The situation is made even more complex because it isn’t clear who should regulate the IoT, and how best to do it.

The future of social Is personal: the potential of the Personal Data Store

Daniele Miorandi, Vincenzo Maltese, Michael Rovatsos, Anton Nijholt & James Stewart (ed.), Social Collective Intelligence: Combining the Powers of Humans and Machines to Build a Smarter Society, 125-158

2014

Co-authors: Max Van Kleek

Themes: Computing/The Internet, Privacy

Category: Book chapter, Peer reviewed

This chapter argues that technical architectures that facilitate the longitudinal, decentralised and individual-centric personal collection and curation of data will be an important, but partial, response to the pressing problem of the autonomy of the data subject, and the asymmetry of power between the subject and large scale service providers/data consumers. Towards framing the scope and role of such Personal Data Stores (PDSs), the legalistic notion of personal data is examined, and it is argued that a more inclusive, intuitive notion expresses more accurately what individuals require in order to preserve their autonomy in a data-driven world of large aggregators. Six challenges towards realising the PDS vision are set out: the requirement to store data for long periods; the difficulties of managing data for individuals; the need to reconsider the regulatory basis for third-party access to data; the need to comply with international data handling standards; the need to integrate privacy-enhancing technologies; and the need to future-proof data gathering against the evolution of social norms. The open experimental PDS platform INDX is introduced and described, as a means of beginning to address at least some of these six challenges.

Are we getting privacy the wrong way round?

IEEE Internet Computing, 17(4), 89-92

2013

Themes: Privacy

Category: Journal article, Open access, The Digital Citizen

Individualists, communitarians, and technological determinists agree that privacy’s benefits accrue to individuals, and that its costs (in terms of less security or efficiency) fall on society. As such, it is the individual’s choice to give privacy away. However, privacy does benefit wider society in important respects, and so this consensus is flawed.