Curated findings and actionable knowledge at the intersection of technology, innovation, and governance
Neuroscience innovation relies upon neuroinformatics, large-scale data collection
Significant dilemmas and challenges with far-reaching implications are also inherent, including reconciling the ethical imperative for openness and validation with data protection
Paper by Shona Kalkman, Menno Mostert, Christoph Gerlinger, Johannes J. M. van Delden
We observed an abundance of principles and norms with considerable convergence at the aggregate level of four overarching themes: societal benefits and value; distribution of risks, benefits and burdens; respect for individuals and groups; and public trust and engagement. However, at the level of principles and
While providing some helpful leads for further work on a coherent governance framework for data sharing, the current collection of principles and norms prompts important questions about how to streamline terminology regarding de-identification and how to
Efforts to develop privacy grades, scores, labels, icons, certifications, seals, and dashboards have wrestled with various deficiencies and obstacles for the wide-scale deployment as meaningful and trustworthy privacy indicators. This paper seeks to identify and explain these deficiencies and obstacles that have hampered past and current attempts. With these lessons, the article then offers criteria that will need to be established in law and policy for trustworthy indicators to be successfully deployed and adopted through technological tools. The lack of standardization prevents user-recognizability and dependability in the online marketplace, diminishes the ability to create automated tools for privacy, and reduces incentives for consumers and industry to invest in a privacy indicators. Flawed methods in selection and weighting of privacy evaluation criteria and issues interpreting language that is often ambiguous and vague jeopardize success and reliability when baked into an indicator of privacy protectiveness or invasiveness. Likewise, indicators fall short when those organizations rating or certifying the privacy practices are not objective, trustworthy, and sustainable.
Nonetheless, trustworthy privacy rating systems that are meaningful, accurate, and
Press Release: “The Council of Europe has issued a set of guidelines to its 47 member states urging them to ensure, in law and practice, that the processing of health-related data is done in full respect of human rights, notably the right to privacy and data protection.
With the development of new technological tools in the health sector the volume of health-related data processed has grown exponentially showing the need for guidance for health administrations and professionals.
In a Recommendation, applicable to both the public and private sectors, the Council of Europe´s Committee of Ministers, calls on governments to transmit these guidelines to health-care systems and to actors processing health-related data, in particular health-care professionals and data protection officers.
The recommendation contains a set of principles to protect health-related data incorporating the novelties introduced in the updated Council of Europe data protection convention, known as “Convention 108+”, opened for signature in October 2018.
The Committee of Ministers underlines that health-related data should be protected by appropriate security measures taking into account the latest technological developments, their sensitive nature and the assessment of potential risks. Protection measures should be incorporated by design to any information system which processes health-related data.
The recommendation contains guidance with regard to various issues including the legitimate basis for the data processing of health-care data – notably consent by the data subject -, data concerning unborn children, health-related genetic data, the sharing of health-related data by professionals and the storage of data.
The guidelines list a number of rights of data subjects, crucially the transparency of data processing. They also contain a number of principles that should be respected when data are processed for scientific research, when they are collected by mobile devices or when they are transferred across borders….(More)”.
Jeanette Beebe at Fast Company: “Every time you shuffle through a line at the pharmacy, every time you try to get comfortable in those awkward doctor’s office chairs, every time you scroll through the web while you’re put on hold with a question about your medical bill, take a second to think about the person ahead of you and behind you.
Chances are, at least one of you is being monitored by a third party like data analytics giant Optum, which is owned by UnitedHealth Group, Inc. Since 1993, it’s captured medical data—lab results, diagnoses, prescriptions, and more—from 150 million Americans. That’s almost half of the U.S. population.
“They’re the ones that are tapping the data. They’re in there. I can’t remove them from my own health insurance contracts. So I’m stuck. It’s just part of the system,” says Joel Winston, an attorney who specializes in privacy and data protection law.
Healthcare providers can legally sell their data to a now-dizzyingly vast spread of companies, who can use it to make decisions, from designing new drugs to pricing your insurance rates to developing highly targeted advertising.
It’s written in the fine print: You don’t own your medical records. Well, except if you live in New Hampshire. It’s the only state that mandates its residents own their medical data. In 21 states, the law explicitly says that healthcare providers own these records, not patients. In the rest of the country, it’s up in the air.
Every time you visit a doctor or a pharmacy, your record grows. The details can be colorful: Using sources like Milliman’s IntelliScript and ExamOne’s ScriptCheck, a fuller picture of you emerges. Your interactions with the health are system, your medical payments, your prescription drug purchase history. And the market for the data is surging.
Its buyers and sharers—pharma giants, insurers, credit reporting agencies, and other data-hungry companies or “fourth parties” (like Facebook)—say that these massive health data sets can improve healthcare delivery and fuel advances in so-called “precision medicine.”
Still, this glut of health data has raised alarms among privacy advocates, who say many consumers are in the dark about how much of their health-related info is being gathered and mined….
Gardner predicted that traditional health data systems—electronic health records and electronic medical records—are less than ideal, given the “rigidity of the vendors and the products” and the way our data is owned and secured. Don’t count on them being around much longer, she said, “beyond the next few years.”
The future, Gardner suggested, is a system that runs on blockchain, which she defined for the committee as “basically a secure, visible, irrefutable ledger of transactions and ownership.” Still, a recent analysis of over 150 white papers revealed most healthcare blockchain projects “fall somewhere between half-baked and overly optimistic.”
As larger companies like IBM sign on, the technology may be edging closer to reality. Last year, Proof Work outlined a HIPAA-compliant system that manages patients’ medical histories over time, from acute care in the hospital to preventative checkups. The goal is to give these records to patients on their
Essay by Nora N. Khan for Brooklyn Rail: “…. Throughout this essay, I use “machine eye” as a metaphor for the unmoored orb, a kind of truly omnidirectional camera (meaning, a camera that can look in every direction and vector that defines the dimensions of a sphere), and as a symbolic shorthand for the sum of four distinct realms in which automated vision is deployed as a service. (Vision as a Service, reads the selling tag for a new AI surveillance camera company).10 Those four general realms are:
1. Massive AI systems fueled by the public’s flexible datasets of their personal images, creating a visual culture entirely out of digitized images.
2. Facial recognition technologies and neural networks improving atop their databases.
3. The advancement of predictive policing to sort people by types.
4. The combination of location-based tracking, license plate-reading, and heat sensors to render skein-like, live, evolving maps of people moving, marked as likely to do X.
Though we live the results of its seeing, and its interpretation of its seeing, for now I would hold on blaming ourselves for this situation. We are, after all, the living instantiations of a few thousand years of such violent seeing globally, enacted through imperialism, colonialism, caste stratification, nationalist purges, internal class struggle, and all the evolving theory to support and galvanize the above. Technology simply recasts, concentrates, and amplifies these “tendencies.” They can be hard to see at first because the eye’s seeing seems innocuous, and is designed to seem so. It is a direct expression of the ideology of software, which reflects its makers’ desires. These makers are lauded as American pioneers, innovators, genius-heroes living in the Bay Area in the late 1970s, vibrating at a highly specific frequency, the generative nexus of failed communalism and an emerging Californian Ideology. That seductive ideology has been exported all over the world, and we are only now contending with its impact.
Because the workings of machine visual culture are so remote from our sense perception, and because it so acutely determines our material (economic, social), and
Alex Pasternack in Fast Company: “In the face of all the data abuse, many of us have, quite reasonably, thrown up our hands. But privacy didn’t die. It’s just been beaten up, sold, obscured, diffused unevenly across society. What privacy is and why it matters increasingly depends upon who you are, your age, your income, gender, ethnicity, where you’re from, and where you live. To borrow William Gibson’s famous quote about the future and its unevenness and inequalities, privacy is alive—it’s just not evenly distributed. And while we don’t all care about it the same way—we’re even divided on what exactly privacy is—its harms are still real. Even when our own privacy isn’t violated, privacy violations can still hurt us.
Privacy is personal, from the creepy feeling that our phones are literally listening to the endless parade of data breaches that test our ability to care anymore. It’s the unsettling feeling of giving “consent” without knowing what that means, “agreeing” to contracts we didn’t read with companies we don’t really trust. (Forget about understanding all the details; researchers have shown that most privacy policies surpass the reading level of the average person.)
It’s the data about us that’s harvested, bought, sold, and traded by an obscure army of data brokers without our knowledge, feeding marketers, landlords, employers, immigration officials, insurance companies, debt collectors, as well as stalkers and who knows who else. It’s the body camera or the sports arena or the social network capturing your face for who knows what kind of analysis. Don’t think of personal data as just “data.” As it gets more detailed and more correlated, increasingly, our data is us.
And “privacy” isn’t just privacy. It’s also tied up with security, freedom, social justice, free speech, and free thought. Privacy harms aren’t only personal, but societal. It’s not just the multibillion-dollar industry that aims to nab you and nudge you, but the multibillion-dollar spyware industry that helps governments nab dissidents and send them to prison or worse. It’s the supposedly fair and transparent algorithms that aren’t, turning our personal data into risk scores that can help perpetuate race, class, and gender divides, often without our knowing it.
Privacy is about dark ads bought with dark money and the micro-targeting of voters by overseas propagandists or by political campaigns at home. That kind of influence isn’t just the promise of a shadowy Cambridge Analytica or state-run misinformation campaigns, but also the premise of modern-day digital ad campaigns. (Note that Facebook’s research division later hired one of the researchers behind the Cambridge app.) And as the micro-targeting gets more micro, the tech giants that deal in ads are only getting more macro….(More)”
(This story is part of The Privacy Divide, a series that explores the fault lines and disparities–economic, cultural, philosophical–that have developed around digital privacy and its impact on society.)
Our goal in this paper is to bring these regulatory frameworks to the attention of the data management
Russell C. Bogue in The Hedgehog Review: “On May 20, 2013, a pale, nervous American landed in Hong Kong and made his way to the Mira Hotel. Once there, he met with reporters from The Guardian and the Washington Post and turned over thousands of documents his high-level security clearance had enabled him to acquire while working as a contractor for the National Security Agency. Soon after this exchange, the world learned about PRISM, a top-secret NSA program that granted (court-ordered) direct access to Facebook, Apple, Google, and other US Internet giants, including users’ search histories, e-mails, file transfers, and live chats.1 Additionally, Verizon had been providing information to the NSA on an “ongoing, daily basis” about customers’ telephone calls, including location data and call duration (although not the content of conversations).2 Everyone, in short, was being monitored. Glenn Greenwald, one of the first journalists to meet with Edward Snowden, and one of his most vocal supporters, wrote later that “the NSA is collecting all forms of electronic communications between Americans…and thereby attempting by definition to destroy any remnants of privacy both in the US and globally.”3
According to a 2014 Pew Research Center poll, fully 91 percent of Americans believe they have lost control over their personal information.4 What is such a public to do? Anxious computer owners have taken to covering their devices’ built-in cameras with bits of tape.5Messaging services tout their end-to-end encryption.6 Researchers from Harvard Business School have started investigating the effectiveness of those creepy online ads that seem to know a little too much about your preferences.7
For some, this pushback has come far too late to be of any use. In a recent article in The Atlantic depressingly titled “Welcome to the Age of Privacy Nihilism,” Ian Bogost observes that we have already become unduly reliant on services that ask us to relinquish personal data in exchange for convenience. To reassert control over one’s privacy, one would have to abstain from credit card activity and use the Internet only sparingly. The worst part? We don’t get the simple pleasure of blaming this state of affairs on Big Government or the tech giants. Instead, our enemy is, as Bogost intones, “a hazy murk, a chilling, Lovecraftian murmur that can’t be seen, let alone touched, let alone vanquished.”8
The enemy may be a bit closer to home, however. While we fear being surveilled, recorded, and watched, especially when we are unaware, we also compulsively expose ourselves to others….(More)”.
In Focus by the Congressional Research Service: “
Both the United States and the 28-member EU assert that they are committed to upholding individual privacy rights and ensuring the protection of personal data, including electronic data. However, data privacy and protection issues have long been sticking points in U.S.-EU economic and security relations, in part because of differences in U.S. and EU legal regimes and approaches to data privacy.
The GDPR highlights some of those differences and poses challenges for U.S. companies doing business in the EU. The United States does not broadly restrict cross-border data flows and has traditionally regulated privacy at a sectoral level to cover certain types of data. The EU considers the privacy of communications and the protection of personal data to be fundamental rights, which are codified in EU law. Europe’s history with fascist and totalitarian regimes informs the EU’s views on data protection and contributes to the demand for strict data privacy controls. The EU regards current U.S. data protection safeguards as inadequate; this has complicated the conclusion of U.S.-EU information-sharing agreements and raised concerns about U.S.-EU data flows….(More).