Proposal for an International Taxonomy on the Various Forms of the ‘Right to Be Forgotten’: A Study on the Convergence of Norms

Curated on Posted on by Stefaan Verhulst

Paper by W. Gregory Voss and Céline Castets-Renard: “The term “right to be forgotten” is used today to represent a multitude of rights, and this fact causes difficulties in interpretation, analysis, and comprehension of such rights. These rights have become of utmost importance due to the increased risks to the privacy of individuals on the Internet, where social media, blogs, fora, and other outlets have entered into common use as part of human expression. Search engines, as Internet intermediaries, have been enrolled to assist in the attempt to regulate the Internet, and the rights falling under the moniker of the “right to be forgotten,” without truly knowing the extent of the related rights. In part to alleviate such problems, and focusing on digital technology and media, this paper proposes a taxonomy to identify various rights from different countries, which today are often regrouped under the banner “right to be forgotten,” and to do so in an understandable and coherent way. As an integral part of this exercise, this study aims to measure the extent to which there is a convergence of legal rules internationally in order to regulate private life on the Internet and to elucidate the impact that the important Google Spain “right to be forgotten” ruling of the Court of Justice of the European Union has had on law in other jurisdictions on this matter.

This paper will first introduce the definition and context of the “right to be forgotten.” Second, it will trace some of the sources of the rights discussed around the world to survey various forms of the “right to be forgotten” internationally and propose a taxonomy. This work will allow for a determination on whether there is a convergence of norms regarding the “right to be forgotten” and, more generally, with respect to privacy and personal data protection laws. Finally, this paper will provide certain criteria for the relevant rights and organize them into a proposed analytical grid to establish more precisely the proposed taxonomy of the “right to be forgotten” for the use of scholars, practitioners, policymakers, and students alike….(More)”.

How I Learned to Stop Worrying and Love the GDPR

Curated on Posted on by Stefaan Verhulst

Ariane Adam at DataStewards.net: “The General Data Protection Regulation (GDPR) was approved by the EU Parliament on 14 April 2016 and came into force on 25 May 2018….

The coming into force of this important regulation has created confusion and concern about penalties, particularly in the private sector….There is also apprehension about how the GDPR will affect the opening and sharing of valuable databases. At a time when open data is increasingly shaping the choices we make, from finding the fastest route home to choosing the best medical or education provider, misinformation about data protection principles leads to concerns that ‘privacy’ will be used as a smokescreen to not publish important information. Allaying the concerns of private organisations and businesses in this area is particularly important as often the datasets that most matter, and that could have the most impact if they were open, do not belong to governments.

Looking at the regulation and its effects about one year on, this paper advances a positive case for the GDPR and aims to demonstrate that a proper understanding of its underlying principles can not only assist in promoting consumer confidence and therefore business growth, but also enable organisations to safely open and share important and valuable datasets….(More)”.

Trusted data and the future of information sharing

Curated on Posted on by Stefaan Verhulst

 MIT Technology Review: “Data in some form underpins almost every action or process in today’s modern world. Consider that even farming, the world’s oldest industry, is on the verge of a digital revolution, with AI, drones, sensors, and blockchain technology promising to boost efficiencies. The market value of an apple will increasingly reflect not only traditional farming inputs but also some value of modern data, such as weather patterns, soil acidity levels and agri-supply-chain information. By 2022 more than 60% of global GDP will be digitized, according to IDC.

Governments seeking to foster growth in their digital economies need to be more active in encouraging safe data sharing between organizations. Tolerating the sharing of data and stepping in only where security breaches occur is no longer enough. Sharing data across different organizations enables the whole ecosystem to grow and can be a unique source of competitive advantage. But businesses need guidelines and support in how to do this effectively.   

This is how Singapore’s data-sharing worldview has evolved, according to Janil Puthucheary, senior minister of state for communications and information and transport, upon launching the city-state’s new Trusted Data Sharing Framework in June 2019.

The Framework, a product of consultations between Singapore’s Infocomm Media Development Authority (IMDA), its Personal Data Protection Commission (PDPC), and industry players, is intended to create a common data-sharing language for relevant stakeholders. Specifically, it addresses four common categories of concerns with data sharing: how to formulate an overall data-sharing strategy, legal and regulatory considerations, technical and organizational considerations, and the actual operationalizing of data sharing.

For instance, companies often have trouble assessing the value of their own data, a necessary first step before sharing should even be considered. The framework describes the three general approaches used: market-, cost-, and income-based. The legal and regulatory section details when businesses can, among other things, seek exemptions from Singapore’s Personal Data Protection Act.

The technical and organizational chapter includes details on governance, infrastructure security, and risk management. Finally, the section on operational aspects of data sharing includes guidelines for when it is appropriate to use shared data for a secondary purpose or not….(More)”.

Why data ownership is the wrong approach to protecting privacy

Curated on Posted on by Stefaan Verhulst

Article by John B. Morris Jr. and Cameron F. Kerry: “It’s my data.” It’s an idea often expressed about information privacy.

Indeed, in congressional hearings last year, Mark Zuckerberg said multiple times that “people own all of their own content” on Facebook. A survey by Insights Network earlier this year found that 79% of consumers said they want compensation when their data is shared. Musician and tech entrepreneur will.i.am took to the website of The Economist to argue that payment for data is a way to “redress the balance” between individuals and “data monarchs.”

Some policymakers are taking such thinking to heart. Senator John Kennedy (R-LA) introduced a three-page bill, the “Own Your Own Data Act of 2019,” which declares that “each individual owns and has an exclusive property right in the data that individual generates on the internet” and requires that social media companies obtain licenses to use this data. Senators Mark Warner (D-VA) and Josh Hawley (R-MO) are filing legislation to require Facebook, Google, and other large collectors of data to disclose the value of personal data they collect, although the bill would not require payments. In California, Governor Gavin Newsome wants to pursue a “data dividend” designed to “share in the wealth that is created from [people’s] data.”

Treating our data as our property has understandable appeal. It touches what the foundational privacy thinker Alan Westin identified as an essential aspect of privacy, a right “to control, edit, manage, and delete information about [individuals] and decide when, how, and to what extent information is communicated to others.” It expresses the unfairness people feel about an asymmetrical marketplace in which we know little about the data we share but the companies that receive the data can profit by extracting marketable information.

The trouble is, it’s not your data; it’s not their data either.  Treating data like it is property fails to recognize either the value that varieties of personal information serve or the abiding interest that individuals have in their personal information even if they choose to “sell” it. Data is not a commodity. It is information. Any system of information rights—whether patents, copyrights, and other intellectual property, or privacy rights—presents some tension with strong interest in the free flow of information that is reflected by the First Amendment. Our personal information is in demand precisely because it has value to others and to society across a myriad of uses.

Treating personal information as property to be licensed or sold may induce people to trade away their privacy rights for very little value while injecting enormous friction into free flow of information. The better way to strengthen privacy is to ensure that individual privacy interests are respected as personal information flows to desirable uses, not to reduce personal data to a commodity….(More)”.

How Much Is Data Privacy Worth? A Preliminary Investigation

Curated on Posted on by Stefaan Verhulst

Paper by Angela G. Winegar and Cass R. Sunstein: “Do consumers value data privacy? How much? In a survey of 2,416 Americans, we find that the median consumer is willing to pay just $5 per month to maintain data privacy (along specified dimensions), but would demand $80 to allow access to personal data. This is a “superendowment effect,” much higher than the 1:2 ratio often found between willingness to pay and willingness to accept. In addition, people demand significantly more money to allow access to personal data when primed that such data includes health-related data than when primed that such data includes demographic data. We analyze reasons for these disparities and offer some notations on their implications for theory and practice.

A general theme is that because of a lack of information and behavioral biases, both willingness to pay and willingness to accept measures are highly unreliable guides to the welfare effects of retaining or giving up data privacy. Gertrude Stein’s comment about Oakland, California may hold for consumer valuations of data privacy: “There is no there there.” For guidance, policymakers should give little or no attention to either of those conventional measures of economic value, at least when steps are not taken to overcome deficits in information and behavioral biases….(More)”.

Google and the University of Chicago Are Sued Over Data Sharing

Curated on Posted on by Stefaan Verhulst

Daisuke Wakabayashi in The New York Times: “When the University of Chicago Medical Center announced a partnership to share patient data with Google in 2017, the alliance was promoted as a way to unlock information trapped in electronic health records and improve predictive analysis in medicine.

On Wednesday, the University of Chicago, the medical center and Google were sued in a potential class-action lawsuit accusing the hospital of sharing hundreds of thousands of patients’ records with the technology giant without stripping identifiable date stamps or doctor’s notes.

The suit, filed in United States District Court for the Northern District of Illinois, demonstrates the difficulties technology companies face in handling health data as they forge ahead into one of the most promising — and potentially lucrative — areas of artificial intelligence: diagnosing medical problems.

Google is at the forefront of an effort to build technology that can read electronic health records and help physicians identify medical conditions. But the effort requires machines to learn this skill by analyzing a vast array of old health records collected by hospitals and other medical institutions.

That raises privacy concerns, especially when is used by a company like Google, which already knows what you search for, where you are and what interests you hold.

In 2016, DeepMind, a London-based A.I. lab owned by Google’s parent company, Alphabet, was accused of violating patient privacy after it struck a deal with Britain’s National Health Service to process medical data for research….(More)”.

Postsecondary Data Infrastructure: What is Possible Today

Curated on Posted on by Stefaan Verhulst

Report by Amy O’Hara: “Data sharing across government agencies allows consumers, policymakers, practitioners, and researchers to answer pressing questions. Creating a data infrastructure to enable this data sharing for higher education data is challenging, however, due to legal, privacy, technical, and perception issues. To overcome these challenges, postsecondary education can learn from other domains to permit secure, responsible data access and use. Working models from both the public sector and academia show how sensitive data from multiple sources can be linked and accessed for authorized uses.

This brief describes best practices in use today and the emerging technology that could further protect future data systems and creates a new framework, the “Five Safes”, for controlling data access and use. To support decisions facing students, administrators, evaluators, and policymakers, a postsecondary infrastructure must support cycles of data discovery, request, access, analysis, review, and release. It must be cost-effective, secure, and efficient and, ideally, it will be highly automated, transparent, and adaptable. Other industries have successfully developed such infrastructures, and postsecondary education can learn from their experiences.

A functional data infrastructure relies on trust and control between the data providers, intermediaries, and users. The system should support equitable access for approved users and offer the ability to conduct independent analyses with scientific integrity for reasonable financial costs. Policymakers and developers should ensure the creation of expedient, convenient data access modes that allow for policy analyses. …

The “Five Safes” framework describes an approach for controlling data access and use. The five safes are: safe projects, safe people, safe settings, safe data, and afe outputs….(More)”.

Measuring and Protecting Privacy in the Always-On Era

Curated on Posted on by Stefaan Verhulst

Paper by Dan Feldman and Eldar Haber: “Datamining practices have become greatly enhanced in the interconnected era. What began with the internetnow continues through the Internet of Things (IoT), whereby users can constantly be connected to the internet through various means like televisions, smartphones, wearables and computerized personal assistants, among other “things.” As many of these devices operate in a so-called “always-on” mode, constantly receiving and transmitting data, the increased use of IoT devices might lead society into an “always-on” era, where individuals are constantly datafied. As the current regulatory approach to privacy is sectoral in nature, i.e., protects privacy only within a specific context of information gathering or use, and directed only to specific pre-defined industries or a specific cohort, the individual’s privacy is at great risk. On the other hand, strict privacy regulation might negatively impact data utility which serves many purposes, and, perhaps mainly, is crucial for technological development and innovation. The tradeoff between data utility and privacy protection is most unlikely to be resolved under the sectoral approach to privacy, but a technological solution that relies mostly on a method called differential privacy might be of great help. It essentially suggests adding “noise” to data deemed sensitive ex-ante, depending on various parameters further suggested in this Article. In other words, using computational solutions combined with formulas that measure the probability of data sensitivity, privacy could be better protected in the always-on era.

This Article introduces legal and computational methods that could be used by IoT service providers and will optimally balance the tradeoff between data utility and privacy. It comprises several stages. The first Part discusses the protection of privacy under the sectoral approach, and estimates what values are embedded in it. The second Part discusses privacy protection in the “always-on” era. First it assesses how technological changes have shaped the sectoral regulation, then discusses why privacy is negatively impacted by IoT devices and the potential applicability of new regulatory mechanisms to meet the challenges of the “always-on” era. After concluding that the current regulatory framework is severely limited in protecting individuals’ privacy, the third Part discusses technology as a panacea, while offering a new computational model that relies on differential privacy and a modern technique called private coreset. The proposed model seeks to introduce “noise” to data on the user’s side to preserve individual’s privacy — depending on the probability of data sensitivity of the IoT device — while enabling service providers to utilize the data….(More)”.

The language we use to describe data can also help us fix its problems

Curated on Posted on by Stefaan Verhulst

Luke Stark & Anna Lauren Hoffmann at Quartz: “Data is, apparently, everything.

It’s the “new oil” that fuels online business. It comes in floods or tsunamis. We access it via “streams” or “fire hoses.” We scrape it, mine it, bank it, and clean it. (Or, if you prefer your buzzphrases with a dash of ageism and implicit misogyny, big data is like “teenage sex,” while working with it is “the sexiest job” of the century.)

These data metaphors can seem like empty cliches, but at their core they’re efforts to come to grips with the continuing onslaught of connected devices and the huge amounts of data they generate.

In a recent article, we—an algorithmic-fairness researcher at Microsoft and a data-ethics scholar at the University of Washington—push this connection one step further. More than simply helping us wrap our collective heads around data-fueled technological change, we set out to learn what these metaphors can teach us about the real-life ethics of collecting and handling data today.

Instead of only drawing from the norms and commitments of computer science, information science, and statistics, what if we looked at the ethics of the professions evoked by our data metaphors instead?…(More)”.

The Ethics of Big Data Applications in the Consumer Sector

Curated on Posted on by Stefaan Verhulst

Paper by Markus Christen et al : “Business applications relying on processing of large amounts of heterogeneous data (Big Data) are considered to be key drivers of innovation in the digital economy. However, these applications also pose ethical issues that may undermine the credibility of data-driven businesses. In our contribution, we discuss ethical problems that are associated with Big Data such as: How are core values like autonomy, privacy, and solidarity affected in a Big Data world? Are some data a public good? Or: Are we obliged to divulge personal data to a certain degree in order to make the society more secure or more efficient?

We answer those questions by first outlining the ethical topics that are discussed in the scientific literature and the lay media using a bibliometric approach. Second, referring to the results of expert interviews and workshops with practitioners, we identify core norms and values affected by Big Data applications—autonomy, equality, fairness, freedom, privacy, property-rights, solidarity, and transparency—and outline how they are exemplified in examples of Big Data consumer applications, for example, in terms of informational self-determination, non-discrimination, or free opinion formation. Based on use cases such as personalized advertising, individual pricing, or credit risk management we discuss the process of balancing such values in order to identify legitimate, questionable, and unacceptable Big Data applications from an ethics point of view. We close with recommendations on how practitioners working in applied data science can deal with ethical issues of Big Data….(More)”.