The failure of privacy law from a design perspective

Privacy is a fundamental human right, included in the 1948 Universal Declaration of Human Rights, whose article 12 states that “No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence […].” The idea of privacy in 1948 is different from the contemporary concept of privacy and data protection. After WWII, the most worrying violations of privacy rights were performed by governments. The possibilities for private companies to abusively breach privacy rights were limited and, more importantly, there was no real business need for it. Surveillance capitalism, as described by Prof. Shoshana Zuboff in her 2019 book “The Age of Surveillance Capitalism” was not born yet.

Canadian privacy law reform is coming – are you ready?

In the next two years, it is likely organizations across Canada will become subject to more detailed and more stringent privacy laws. When the change comes, many businesses – having benefitted from a relatively lax form of regulation – will be unprepared. The public sector, too, is mostly subject to laws shaped into their current form prior to the new millennium.

[artigo] Privacy and data protection in India and Germany: A comparative analysis

This research report offers a comparative analysis of privacy and data protection in Germany and India. It compares the two regimes on four counts. First, it examines how the right to privacy and/or its allied rights have developed in the two countries historically. In this, it explores the political factors contributing to the understanding and acceptability of the principles of privacy in the decades after the Second World War. Second, it delves into the instruments and forms of state surveillance employed by both the countries and analyses how the presence of parliamentary and judicial oversight on intelligence agencies impacts individual privacy. In the third section, it compares how biometric identity systems have been deployed in the two countries, the safeguards designed around the same, and the legal challenges they have thrown up. Lastly, it evaluates data subject rights as defined under the General Data Protection Regulation (GDPR) together with the Bundesdatenschutzgesetz-Neu (BDSG-Neu) and how they compare with those as defined under the Draft Personal Data Protection Bill, 2018 in the Indian context.

[artigo] ML Privacy Meter: Aiding Regulatory Compliance by Quantifying the Privacy Risks of Machine Learning

In this paper, we focus on this indirect leakage about training data from machine learning models. We present ML Privacy Meter, a tool that can quantify the privacy riskto data from models through state of the art membership inference attack techniques. We discuss how this tool can help practitioners in compliance with data protection regulations, when deploying machine learning model.

[artigo] From privacy to data protection: the road ahead for the Inter-American System of human rights

The right to privacy and data protection are key elements to understand how data has become the centerpiece of many changes in human interaction, new business models and technological development in an increasingly hyperconnected world. In a so-called data driven economy, the task of asserting principles, concepts and legal bases for data processing is fundamental to devise how such rights can be indeed protected. The Inter-American System of Human Rights recognises this right. In contrast to the European system that since 2000 recognises the right to data protection as an autonomous right – differentiating it from the right to privacy – the Inter-American System is on track to improve the standards of protection of both rights. Considering all thirty-five States of the Americas, eighteen have a specific data protection regulation; seven are discussing the Bill and eleven do not have a specific data protection regulation. The purpose of this article is to present the stage of development of the inter-American System of Human Rights in relation to the protection of the right to privacy and data protection and also demonstrate the challenges that such system will have to face as it move towards the effective guarantee of such rights.


State of Privacy and Data Protection in E-Government, Policy and Law in India: A Review

Asst. Pro. Mrs. Varsha Athavale |

Vol. 68 No. 9 (2020): International Conference On E-Business, E-Management, E-Education and E-Governance (ICE4-2020) |

Information and communication technology (ICT) is potent instrumentfor providing borderless, interconnected and de-territorialised delivery of services. Use of Information and Communication Technology (ICT) in government operations facilitates efficient, speedy and transparent process for providing services and for performing government administration. This enables e-governance which is an important part ofe-government.Many developing countries are using it to achieve Sustainable Development Goals which are decided by UN. These 17 Sustainable Development Goals (SDG) are reflected in India’s development plans through National Institution of Transformation (NITI) Ayog. Various ministries are given targets to provide missions, schemes and programs and Government of India launched several projects, missions to achieve these targets. For this, several ICT tools are developed and deployed, which have helped to enhance efficiency of government missions and projects.National Policies regarding Information Technology and Policy for data sharing areframed. |

The General Data Protection Regulation: American Compliance Overview and the Future of the American Business

Cymone Gosnell |

In 2016, the European Union (“EU”) created heightened data privacy rights for its citizens by enacting the General Data Privacy Regulation (“GDPR”). The most drastic change from the previous regulation, enacted in 1995, lies within the expanded territorial scope. The change now subjects companies to fines for violations of the regulation, even if those companies are not domiciled in the EU. Data privacy has always been considered a fundamental human right in the EU; however, within the United States, there is no fundamental right to privacy. Rather, the country’s privacy laws are based on a complicated sectoral structure that often leads the country’s citizens confused as to what rights they actually have. This paper will review the EU and United States’ fundamental differences in privacy laws, the changes implemented by the GDPR (including the expanded territorial scope), the compliance plans of some major players within the United States, and what the future looks like for American businesses that hold or process the data of EU citizens under the GDPR. |

Data Privacy and Temptation

John Zhuang Liuy | Michael Sockinz | Wei Xiong |

This paper analyzes how different data-sharing schemes of a digital platform may affect consumer surplus and social surplus when a fraction of the consumers have weak self-control and su§ers from targeted advertising of temptation goods, such as gambling and video games. While sharing consumer data with firms improves the e¢ ciency of matching consumers with normal consumption goods, it also exposes weak-willed consumers to temptation goods. Despite the seeming appeal of the opt-in policy of allowing each consumer to opt in or out of data sharing, our analysis shows that this policy may not be effective in protecting severely tempted consumers. When other consumers, motivated by the improved access to normal goods, choose to share their data, their opt-in reduces the anonymity of the weak-willed consumers who choose to opt out. To alleviate this externality, privacy protection regulation needs to limit the bundling of the consumer authorization to share data with normal good and temptation good sellers. |

Big data analytics in electronic communications: A reality in need of granular regulation (even if this includes an interim period of no regulation at all)

Computer Law & Security Review, Volume 36, April 2020. |

Vagelis Papakonstantinou | Paul de Hert |

In this article, we provide an overview of the literature on chilling effects and corporate profiling, while also connecting the two topics. We start by explaining how profiling, in an increasingly data-rich environment, creates substantial power asymmetries between users and platforms (and corporations more broadly). Inferences and the increasingly automated nature of decision-making, both based on user data, are essential aspects of profiling. We then connect chilling effects theory and the relevant empirical findings to corporate profiling. In this article, we first stress the relationship and similarities between profiling and surveillance. Second, we describe chilling effects as a result of state and peer surveillance, specifically. We then show the interrelatedness of corporate and state profiling, and finally spotlight the customization of behaviour and behavioural manipulation as particularly significant issues in this discourse. This is complemented with an exploration of the legal foundations of profiling through an analysis of European and US data protection law. We find that while Europe has a clear regulatory framework in place for profiling, the US primarily relies on a patchwork of sector-specific or state laws. Further, there is an attempt to regulate differential impacts of profiling via anti-discrimination statutes, yet few policies focus on combating generalized harms of profiling, such as chilling effects. Finally, we devise four concise propositions to guide future research on the connection between corporate profiling and chilling effects. |

A Study on the Methods for Ensuring the Transparency of the Privacy Policies in Android Environment: Based on General Data Protection Regulation

Journal of the Korea Institute of Information Security & Cryptology, Volume 29, Issue 6, Pages 1477-1489, 2019. |

In this study, we analyzed the privacy policies of 50 Android applications that are on the top chart in EU members to present the methods for enhancing transparency based on GDPR (General Data Protection Regulation). Based on the guidelines in relation to transparency stipulated in WP29, this study extracted factors of transparency in order to ensure transparency of privacy data processing and carried out the verification procedures for each factor. The results revealed that the privacy policies provided in Google Play Store and applications need to be matched, the descriptions of the privacy policies need to be written in clear and plain language for readers to understand easily. and that it is necessary to provide information quickly and improve the descriptions of information which the data controller discloses. The research findings of this study could be used as a preliminary data for proactive responses to the EU’s GDPR by substantially complying with the transparency of GDPR. |