Visions and Challenges in Managing and Preserving Data to Measure Quality of Life

Health-related data analysis plays an important role in self-knowledge, disease prevention, diagnosis, and quality of life assessment. With the advent of data-driven solutions, a myriad of apps and Internet of Things (IoT) devices (wearables, home-medical sensors, etc) facilitates data collection and provide cloud storage with a central administration. More recently, blockchain and other distributed ledgers became available as alternative storage options based on decentralised organisation systems. We bring attention to the human data bleeding problem and argue that neither centralised nor decentralised system organisations are a magic bullet for data-driven innovation if individual, community and societal values are ignored. The motivation for this position paper is to elaborate on strategies to protect privacy as well as to encourage data sharing and support open data without requiring a complex access protocol for researchers. Our main contribution is to outline the design of a self-regulated Open Health Archive (OHA) system with focus on quality of life (QoL) data.Comment: DSS 2018: Data-Driven Self-Regulating System

PrivExtractor:Towards Redressing the Imbalance of Understanding Between Virtual Assistant Users and Vendors

The use of voice-controlled virtual assistants (VAs) is significant, and user numbers increase every year. Extensive use of VAs has provided the large, cash-rich technology companies who sell them with another way of consuming users' data, providing a lucrative revenue stream. Whilst these companies are legally obliged to treat users' information "fairly and responsibly,"artificial intelligence techniques used to process data have become incredibly sophisticated, leading to users' concerns that a lack of clarity is making it hard to understand the nature and scope of data collection and use.There has been little work undertaken on a self-contained user awareness tool targeting VAs. PrivExtractor, a novel web-based awareness dashboard for VA users, intends to redress this imbalance of understanding between the data "processors"and the user. It aims to achieve this using the four largest VA vendors as a case study and providing a comparison function that examines the four companies' privacy practices and their compliance with data protection law.As a result of this research, we conclude that the companies studied are largely compliant with the law, as expected. However, the user remains disadvantaged due to the ineffectiveness of current data regulation that does not oblige the companies to fully and transparently disclose how and when they use, share, or profit from the data. Furthermore, the software tool developed during the research is, we believe, the first that is capable of a comparative analysis of VA privacy with a visual demonstration to increase ease of understanding for the user

Governing autonomous vehicles: emerging responses for safety, liability, privacy, cybersecurity, and industry risks

The benefits of autonomous vehicles (AVs) are widely acknowledged, but there are concerns about the extent of these benefits and AV risks and unintended consequences. In this article, we first examine AVs and different categories of the technological risks associated with them. We then explore strategies that can be adopted to address these risks, and explore emerging responses by governments for addressing AV risks. Our analyses reveal that, thus far, governments have in most instances avoided stringent measures in order to promote AV developments and the majority of responses are non-binding and focus on creating councils or working groups to better explore AV implications. The US has been active in introducing legislations to address issues related to privacy and cybersecurity. The UK and Germany, in particular, have enacted laws to address liability issues, other countries mostly acknowledge these issues, but have yet to implement specific strategies. To address privacy and cybersecurity risks strategies ranging from introduction or amendment of non-AV specific legislation to creating working groups have been adopted. Much less attention has been paid to issues such as environmental and employment risks, although a few governments have begun programmes to retrain workers who might be negatively affected.Comment: Transport Reviews, 201

Beyond \u3ci\u3eMicrosoft\u3c/i\u3e: A Legislative Solution to the SCA’s Extraterritoriality Problem

The Stored Communications Act governs U.S. law enforcement’s access to cloud data, but the statute is ill equipped to handle the global nature of the modern internet. A pending U.S. Supreme Court case, United States v. Microsoft, raises the question whether a warrant under the statute may be used to reach across international borders to obtain data that is stored in another country, regardless of the user’s nationality. While the Court will determine whether this is an impermissible extraterritorial application of the current law, many have called for a legislative resolution to this issue. Due to the insufficiency of the current law, the limits of traditional judicial doctrines, and the inherent advantages the legislature has over the judiciary in addressing technological change, this Note also recommends a legislative resolution. Building upon a legislative proposal, this Note proposes a framework with two separate sets of legal procedures based on user identity. These separate domestic and extraterritorial procedures provide a framework that would set clear guidelines for law enforcement and service providers while giving due respect to foreign sovereignty

Is Data Localization a Solution for Schrems II?

For the second time this decade, the Court of Justice of the European Union has struck a blow against the principal mechanisms for personal data transfer to the United States. In Data Protection Commissioner v Facebook Ireland, Maximillian Schrems, the Court declared the EU-US Privacy Shield invalid and placed significant hurdles to the process of transferring personal data from the European Union to the United States via the mechanism of Standard Contractual Clauses. Many have begun to suggest data localization as the solution to the problem of data transfer; that is, don’t transfer the data at all. I argue that data localization neither solves the problem of foreign surveillance, nor enhances personal privacy, while undermining other values embraced by the European Union

The enchanted house:An analysis of the interaction of intelligent personal home assistants (IPHAs) with the private sphere and its legal protection

Abstract In less than five years, Alexa has become a familiar presence in many households, and even those who do not own one have stumbled into it, be it at a friend’s house or in the news. Amazon Alexa and its friend Google Assistant represent an evolution of IoT: they have an advanced ‘intelligence’ based on Cloud computing and Machine Learning; they collect data and process them to profile and understand users, and they are placed inside our home. I refer to them as intelligent personal and home assistants, or IPHAs.  This research applies multidisciplinary resources to explore the phenomenon of IPHAs from two perspectives. From a more socio-technical angle, the research reflects upon what happens to the private sphere and the home once IPHAs enter it. To do so, it looks at theories and concepts borrowed from history, behavioural science, STSs, philosophy, and behavioural design. All these disciplines contribute to highlight different attributes that individuals and society associate with the private sphere and the home. When the functioning of IPHAs is mapped against these attributes it is possible to identify where Alexa and Assistant might have an impact: there is a potential conflict between the privacy expectations and norms existing in the home (as sanctuary of the private sphere) and the marketing interests introduced in the home by IPHAs’ profiling. Because of the voice-interaction, IPHAs are also potentially highly persuasive, can influence and manipulate users and affect their autonomy and control in their daily lives. From the legal perspective, the research explores the application of the GDPR and proposal for e-Privacy Regulation to IPHAs, as legislative tools for the protection of the private sphere in horizontal relationships. The analysis focuses in particular on those provisions whose application to IPHAs is more challenging, based on the technology but also on the sociotechnical analysis above. Special attention is dedicated to the consent of users to the processing, the general principles of the GDPR, attributing the role of controllers or processors to the stakeholders involved, profiling and automated decisions, data protection by design and default, as well as spam and robocalls. For some of the issues, suggestions are offered on how to interpret and apply the legal framework, in order to mitigate undesired effects. This is the case, for instance, of determining whether the owners of IPHAs should be considered controllers vis-à-vis the data of their guests, or of the implications of data protection by design and default on the design of IPHAs. Some questions, however, require a wider debate at societal and political level. This is the case of the behavioural design techniques used to entice users and stimulate them to use the vocal assistants, which present high levels of persuasion and can affect the agency and autonomy of individuals. The research brings forward the necessity to determine where the line should be drawn between acceptable practices and unacceptable ones