The control over personal data: True remedy or fairy tale ?

This research report undertakes an interdisciplinary review of the concept of "control" (i.e. the idea that people should have greater "control" over their data), proposing an analysis of this con-cept in the field of law and computer science. Despite the omnipresence of the notion of control in the EU policy documents, scholarly literature and in the press, the very meaning of this concept remains surprisingly vague and under-studied in the face of contemporary socio-technical environments and practices. Beyond the current fashionable rhetoric of empowerment of the data subject, this report attempts to reorient the scholarly debates towards a more comprehensive and refined understanding of the concept of control by questioning its legal and technical implications on data subject\^as agency

Sharing, privacy and trust issues for photo collections

Digital libraries are quickly being adopted by the masses. Technological developments now allow community groups, clubs, and even ordinary individuals to create their own, publicly accessible collections. However, users may not be fully aware of the potential privacy implications of submitting their documents to a digital library, and may hold misconceptions of the technological support for preserving their privacy. We present results from 18 autoethnographic investigations and 19 observations / interviews into privacy issues that arise when people make their personal photo collections available online. The Adams' privacy model is used to discuss the findings according to information receiver, information sensitivity, and information usage. Further issues of trust and ad hoc poorly supported protection strategies are presented. Ultimately while photographic data is potentially highly sensitive, the privacy risks are often hidden and the protection mechanisms are limited

Surveillance and the Self: Understanding Privacy and Identity in Digital Environments

The widespread use of internet enabled devices among contemporary US adults has given rise to a series of questions about issues of identity, privacy and group behaviors. The increasing use of algorithmic systems in social media and the attendant privacy concerns among users may also contribute to increased levels of strategic management of identity among users. In order to contribute to this discussion, this project examines perceptions and practices of privacy and self-representation in digital spaces among college age adults 18-24. This project utilizes semi-structured interview data collected with college students in the Eastern United States and focuses on both behavioral and attitudinal patterns. I specifically consider the impact of strategic interventions of corporate media platforms to collect, distribute, manage and utilize individual level data on participants\u27 information consumption, individual identity representation and group affiliation. Preliminary data suggests that participants engage partial and strategic representations of self across diverse media platforms. Patterns of self-representation are shaped by a wide variety of factors including in-group online community norms, perceptions of visibility and privacy, algorithmic distributions of information and individual perceptions of technology. Furthermore, online identity, while partial and strategically created, has the potential to impact self-identity and group affiliation in a diverse set of offline and online contexts

Evaluating 'Prefer not to say' Around Sensitive Disclosures

As people's offline and online lives become increasingly entwined, the sensitivity of personal information disclosed online is increasing. Disclosures often occur through structured disclosure fields (e.g., drop-down lists). Prior research suggests these fields may limit privacy, with non-disclosing users being presumed to be hiding undesirable information. We investigated this around HIV status disclosure in online dating apps used by men who have sex with men. Our online study asked participants (N=183) to rate profiles where HIV status was either disclosed or undisclosed. We tested three designs for displaying undisclosed fields. Visibility of undisclosed fields had a significant effect on the way profiles were rated, and other profile information (e.g., ethnicity) could affect inferences that develop around undisclosed information. Our research highlights complexities around designing for non-disclosure and questions the voluntary nature of these fields. Further work is outlined to ensure disclosure control is appropriately implemented around online sensitive information disclosures

Cyberpsychology and Human Factors

The online environment has become a significant focus of the everyday behaviour and activities of individuals and organisations in contemporary society. The increasing mediation of communication has led to concerns about the potential risks and associated negative experiences which can occur to users, particularly children and young people. This is related to the emergence of the online environment as a location for criminal and abusive behaviour (e.g., harassment, sexual exploitation, fraud, hacking, malware). One of the key aspects of understanding online victimisation and engagement in criminal behaviours is the characteristics of online communication that are related to the affordances of the technologies, services and applications which constitute digital environments. The aim of this paper is to examine the influence of these characteristics on individual and group behaviour, as well as the associated opportunities for victimisation and criminal behaviour. These issues are of relevance for those involved in the design and implementation of technologies and services, as the ability to assess their potential use in this way can enhance strategies for improving the security of systems and users. It can also inform educational strategies for increasing user understanding of potential informational, privacy and personal risks, and associated steps to improve their security and privacy. Each of the main characteristics of mediated communication is examined, as well as their potential impact on individual and group behaviour, and associated opportunities for victimisation and offending. The article ends by considering the importance of recognising these issues when designing and implementing new technologies, services and applications

Mining social network data for personalisation and privacy concerns: A case study of Facebook’s Beacon

This is the post-print version of the final published paper that is available from the link below.The popular success of online social networking sites (SNS) such as Facebook is a hugely tempting resource of data mining for businesses engaged in personalised marketing. The use of personal information, willingly shared between online friends' networks intuitively appears to be a natural extension of current advertising strategies such as word-of-mouth and viral marketing. However, the use of SNS data for personalised marketing has provoked outrage amongst SNS users and radically highlighted the issue of privacy concern. This paper inverts the traditional approach to personalisation by conceptualising the limits of data mining in social networks using privacy concern as the guide. A qualitative investigation of 95 blogs containing 568 comments was collected during the failed launch of Beacon, a third party marketing initiative by Facebook. Thematic analysis resulted in the development of taxonomy of privacy concerns which offers a concrete means for online businesses to better understand SNS business landscape - especially with regard to the limits of the use and acceptance of personalised marketing in social networks

Could the doctrine of moral rights be used as a basis for understanding the notion of control within data protection law?

This is an Accepted Manuscript of an article published by Taylor & Francis Group in Information & Communications Technology Law on 1 April 2018, available online at:https://doi.org/10.1080/13600834.2018.1458449. Under embargo until 1 October 2019.This article considers the notion of individual control of personal data as envisaged by the European data protection framework and makes the argument that it is a poorly-understood and under-developed concept, but that our understanding of it may be improved by way of analyses and comparisons with the doctrine of moral rights, an important constituent element of intellectual property law. The article starts by examining the concept of personal data itself, and why an enhanced level of individual control over personal data is thought to be a desirable regulatory objective. Following this, the article examines the scholarly literature pertaining to individual control of personal data, as well as a range of relevant EU policy documents. Having done so, the article argues that the notion of control is muddled and confused from both theoretical and practical perspectives. Following this, the article considers the doctrine of moral rights, and through an exploration of its theoretical and practical elements highlights why it may be of assistance in terms of enhancing our understanding of individual control in the data protection context.Peer reviewedFinal Accepted Versio