Data Privacy and Temptation

John Zhuang Liuy | Michael Sockinz | Wei Xiong |

This paper analyzes how different data-sharing schemes of a digital platform may affect consumer surplus and social surplus when a fraction of the consumers have weak self-control and su§ers from targeted advertising of temptation goods, such as gambling and video games. While sharing consumer data with firms improves the e¢ ciency of matching consumers with normal consumption goods, it also exposes weak-willed consumers to temptation goods. Despite the seeming appeal of the opt-in policy of allowing each consumer to opt in or out of data sharing, our analysis shows that this policy may not be effective in protecting severely tempted consumers. When other consumers, motivated by the improved access to normal goods, choose to share their data, their opt-in reduces the anonymity of the weak-willed consumers who choose to opt out. To alleviate this externality, privacy protection regulation needs to limit the bundling of the consumer authorization to share data with normal good and temptation good sellers. |

Big data analytics in electronic communications: A reality in need of granular regulation (even if this includes an interim period of no regulation at all)

Computer Law & Security Review, Volume 36, April 2020. |

Vagelis Papakonstantinou | Paul de Hert |

In this article, we provide an overview of the literature on chilling effects and corporate profiling, while also connecting the two topics. We start by explaining how profiling, in an increasingly data-rich environment, creates substantial power asymmetries between users and platforms (and corporations more broadly). Inferences and the increasingly automated nature of decision-making, both based on user data, are essential aspects of profiling. We then connect chilling effects theory and the relevant empirical findings to corporate profiling. In this article, we first stress the relationship and similarities between profiling and surveillance. Second, we describe chilling effects as a result of state and peer surveillance, specifically. We then show the interrelatedness of corporate and state profiling, and finally spotlight the customization of behaviour and behavioural manipulation as particularly significant issues in this discourse. This is complemented with an exploration of the legal foundations of profiling through an analysis of European and US data protection law. We find that while Europe has a clear regulatory framework in place for profiling, the US primarily relies on a patchwork of sector-specific or state laws. Further, there is an attempt to regulate differential impacts of profiling via anti-discrimination statutes, yet few policies focus on combating generalized harms of profiling, such as chilling effects. Finally, we devise four concise propositions to guide future research on the connection between corporate profiling and chilling effects. |

Cookies e publicidade comportamental estão na mira da proteção de dados

É comum que, após uma busca na internet por algum produto ou serviço, outros sites, aplicativos e plataformas promovam propaganda de diversos outros fornecedores que oferecem o mesmo produto ou serviço pesquisado anteriormente. Esta coincidência tem nome: cookies. Cookies, no âmbito da informática, parece um daqueles termos difíceis que leigos não compreendem mesmo se fizerem um esforço. Mas, na prática, ao simplesmente navegar pela internet, o internauta fica sujeito a…

A Study on the Methods for Ensuring the Transparency of the Privacy Policies in Android Environment: Based on General Data Protection Regulation

Journal of the Korea Institute of Information Security & Cryptology, Volume 29, Issue 6, Pages 1477-1489, 2019. |

In this study, we analyzed the privacy policies of 50 Android applications that are on the top chart in EU members to present the methods for enhancing transparency based on GDPR (General Data Protection Regulation). Based on the guidelines in relation to transparency stipulated in WP29, this study extracted factors of transparency in order to ensure transparency of privacy data processing and carried out the verification procedures for each factor. The results revealed that the privacy policies provided in Google Play Store and applications need to be matched, the descriptions of the privacy policies need to be written in clear and plain language for readers to understand easily. and that it is necessary to provide information quickly and improve the descriptions of information which the data controller discloses. The research findings of this study could be used as a preliminary data for proactive responses to the EU’s GDPR by substantially complying with the transparency of GDPR. |

Gartner publica relatório “Predicts 2020” com previsões para o futuro da proteção de dados

Privacy and data protection are enforced by a growing number of regulations around the world. These predictions highlight for security and risk management leaders the correlation between new technology and regulatory impact, customer dependency, and commercial opportunity.

Predicts 2020: Embrace Privacy and Overcome Ambiguity to Drive Digital Transformation

Anatel define interface com a ANDP e responsável por dados pessoais sob guarda da agência

A Anatel definiu que a sua Assessoria de Relações com os Usuários (ARU) será o órgão encarregado de tudo o que disser respeito a tratamento de dados pessoais no âmbito da agência, conforme disposto na Lei Geral de Proteção de Dados. A decisão está na Portaria 1197 de 25 de agosto de 2020 assinada pelo presidente da agência, Leonardo Euler. Atualmente a titular da ARU é a servidora Maria Lúcia Valadares e Silva, nomeada para a função no dia anterior, em 24 de agosto. A servidora estava anteriormente no gabinete da presidência da Anatel e também trabalhou no ano passado na Secretaria de Comunicação Social (SECOM). Ela também já foi superintendente de gestão interna da agência.

The Ethics of Medical Data Donation

Part of the Philosophical Studies Series book series (PSSP, volume 137) (also available in .epub format) |

This open access book presents an ethical approach to utilizing personal medical data. It features essays that combine academic argument with practical application of ethical principles. The contributors are experts in ethics and law. They address the challenges in the re-use of medical data of the deceased on a voluntary basis. This pioneering study looks at the many factors involved when individuals and organizations wish to share information for research, policy-making, and humanitarian purposes. |

This book was published under a CC-BY 4.0 license. |

Governo define estrutura da Autoridade Nacional de Proteção de Dados

Depois que o Senado Federal decidiu não adiar a vigência da Lei Geral de Proteção de Dados Pessoais (LGPD), prevista na MP 959/2020, o governo federal finalizou o decreto que trata da estrutura regimental da Autoridade Nacional de Proteção de Dados (ANPD). O órgão, vinculado à Presidência da República, tem o objetivo de cumprir e dar efetividade à LGPD. A iniciativa foi publicada no Diário Oficial da União (íntegra) desta quinta-feira (27).

Senado rejeita prorrogação da LGPD e lei entrará em vigor em 15 dias

Isso significa que empresas públicas e privadas precisam estar em conformidade com a Lei Geral de Proteção de Dados, nomeando os DPOs, reescrevendo as políticas de privacidade e finalizando as implementações estabelecidas no texto da lei. Para especialistas, LGPD sem ANPD traz um cenário de instabilidade e risco.

The One-Year Impact of the General Data Protection Regulation (GDPR) on European Ventures

This report summarizes economic analyses of the consequences of GDPR for investment in new technology ventures in the European Union (EU). The analyses distinguish between the impacts on foreign and non-foreign investment, between younger and more established ventures, and between more and less data-reliant ventures. The results, utilizing global venture data, indicate that GDPR’s effects on investment in EU ventures are broadly negative, and particularly so for foreign investments, younger ventures, and data-reliant firms. The findings demonstrate a post-GDPR average reduction of 26.10% in the overall number of monthly EU deals and a 33.80% reduction in the average dollar amount raised per deal. |