Towards Data Protection Compliance

Privacy and data protection are fundamental issues nowadays for every organization. This paper calls for the development of methods, techniques and infrastructure to allow the deployment of privacy-aware IT systems, in which humans are integral part of the organizational processes and accountable for their possible misconduct. In particular, we discuss the challenges to be addressed in order to improve organizations privacy practices, as well as the approach to ensure compliance with legal requirements and increasing efficiency

Eavesdropping Whilst You're Shopping: Balancing Personalisation and Privacy in Connected Retail Spaces

Physical retailers, who once led the way in tracking with loyalty cards and `reverse appends', now lag behind online competitors. Yet we might be seeing these tables turn, as many increasingly deploy technologies ranging from simple sensors to advanced emotion detection systems, even enabling them to tailor prices and shopping experiences on a per-customer basis. Here, we examine these in-store tracking technologies in the retail context, and evaluate them from both technical and regulatory standpoints. We first introduce the relevant technologies in context, before considering privacy impacts, the current remedies individuals might seek through technology and the law, and those remedies' limitations. To illustrate challenging tensions in this space we consider the feasibility of technical and legal approaches to both a) the recent `Go' store concept from Amazon which requires fine-grained, multi-modal tracking to function as a shop, and b) current challenges in opting in or out of increasingly pervasive passive Wi-Fi tracking. The `Go' store presents significant challenges with its legality in Europe significantly unclear and unilateral, technical measures to avoid biometric tracking likely ineffective. In the case of MAC addresses, we see a difficult-to-reconcile clash between privacy-as-confidentiality and privacy-as-control, and suggest a technical framework which might help balance the two. Significant challenges exist when seeking to balance personalisation with privacy, and researchers must work together, including across the boundaries of preferred privacy definitions, to come up with solutions that draw on both technology and the legal frameworks to provide effective and proportionate protection. Retailers, simultaneously, must ensure that their tracking is not just legal, but worthy of the trust of concerned data subjects.Comment: 10 pages, 1 figure, Proceedings of the PETRAS/IoTUK/IET Living in the Internet of Things Conference, London, United Kingdom, 28-29 March 201

Privacy, Ideology, and Technology: A Response to Jeffrey Rosen

This essay reviews Jeffrey Rosen’s The Unwanted Gaze: The Destruction of Privacy in America (2000). Rosen offers a compelling (and often hair-raising) account of the pervasive dissolution of the boundary between public and private information. This dissolution is both legal and social; neither the law nor any other social institution seems to recognize many limits on the sorts of information that can be subjected to public scrutiny. The book also provides a rich, evocative characterization of the dignitary harms caused by privacy invasion. Rosen’s description of the sheer unfairness of being “judged out of context” rings instantly true. Privacy, Rosen concludes, is indispensable to human well-being and is at risk of being destroyed unless we act fast. The book is far less convincing, however, when it moves beyond description and attempts to identify the causes of the destruction of privacy and propose solutions. Why is privacy under siege today? The incidents that Rosen chooses as illustrations both reveal and obscure. From Monica Lewinsky’s unsent, deleted e-mails to the private online activities of corporate employees and the Dean of the Harvard Divinity School, the examples offer a rich stew of technology, corporate mind control, public scapegoating, and political intrigue. But for the most part, Rosen seems to think that it is sex that is primarily to blame for these developments—though how, exactly, Rosen cannot seem to decide. He suggests, variously, that we seek private information out of prurient fascination with other people’s intimate behavior, or to enforce upon others authoritarian notions of “correct” interpersonal behavior, or to inform moral judgments about others based on a hasty and ill-conceived equivalence between the personal and the political. Or perhaps Rosen is simply upset about the loss of privacy for a specific sort of (sexual or intimate) behavior, whatever the origin of society’s impulse to pry. Yet there are puzzling anomalies in Rosen’s account. Most notably, appended to Rosen’s excavation of recent sex-related privacy invasions is a chapter on privacy in cyberspace. This chapter sits uneasily in relation to the rest of the book. Its focus is not confined to sex-related privacy, and Rosen does not explain how the more varied information-gathering activities chronicled there bear on his earlier analysis. Rosen acknowledges as much and offers, instead, the explanation that intimate privacy and cyberspace privacy are simply two examples of the same problem: the risk of being judged out of context in a world of short attention spans, and the harms to dignity that follow. This explanation seems far too simple, and more than a bit circular. Why this rush to judge others out of context? Necessity is one answer—if attention spans are limited, we cannot avoid making decisions based on incomplete information—but where does the necessity to judge come from? And what do computers and digital networking technologies—factors that recur not only in the chapter on cyberspace privacy, but also in most of Rosen’s other examples—have to do with it? This Review Essay argues, first, that the use of personal information to sort and classify individuals is inextricably bound up with the fabric of our political economy. As Part II explains, the unfettered use of “true” information to predict risk and minimize uncertainty is a hallmark of the liberal state and its constituent economic and political markets. Not sex, but money, and more broadly an ideology about the predictive power of isolated facts, generate the perceived necessity to judge individuals based on incomplete profiles. The harms of this rush to judgment—harms not only to dignity, but also to economic welfare and more fundamentally to individual autonomy—may undermine liberal individualism (as Rosen argues), but they are products of it as well. Part III argues, further, that the problem of vanishing informational privacy in digital networked environments is not sui generis, but rather is central to understanding the destruction of privacy more generally. This is not simply because new technologies reduce the costs of collecting, exchanging, and processing the traditional sorts of consumer information. The profit-driven search for personal information via digital networks is also catalyzing an erosion of the privacy that individuals have customarily enjoyed in their homes, their private papers, and even their thoughts. This process is transforming not only the way we experience privacy, but also the way we understand it. Privacy is becoming not only harder to protect, but also harder to justify protecting. Part IV concludes that shifting these mutually reinforcing ideological and technological vectors will require more drastic intervention than Rosen suggests

THE DANGERS OF FIGHTING TERRORISM WITH TECHNOCOMMUNITARIANISM: CONSTITUTIONAL PROTECTIONS OF FREE EXPRESSION, EXPLORATION, AND UNMONITORED ACTIVITY IN URBAN SPACES

Part I of this article examines how some commentators can plausibly argue that constitutional liberty and privacy protections do not protect the individual liberty and privacy that modern individuals have come to expect in many public spaces, particularly in urban environments. Constitutional liberalism, this section points out, makes this question a difficult one, because it is marked by scrupulous neutrality towards different visions of “the good life.” In other words, the constitutional order does not condemn those who choose a communitarian way of life and favor those who prefer individualism. Rather, it tolerates both of these (and other) preferences about one’s social and cultural environment, and leaves citizens free to opt for the life of their choice. Part II suggests that it is difficult to make sense of our modern jurisprudence of First Amendment rights, especially as they relate to anonymous communication and association on the Internet and elsewhere, unless one allows room in our constitutional law for a jurisprudence that “captures” and preserves social incarnations of liberty and privacy that were not yet in existence when theConstitution was drafted. Therefore, it is possible for for courts and others to find that freedom-enabling institutions that did not exist earlier in American history, and might cease to exist in the future, deserve certain constitutional protection while they are here. Part III explains that like the virtual liberation offered by the Internet, city life offered and continues to offer an invaluable refuge for substantial expressive activity and intellectual exploration that would be far more elusive without this type of urban existence. It provides individuals with an incredibly rich bazaar of ideas, and allows them to browse among these deas, substantially free from outside monitoring or control. While First Amendment law does not single out urban environments for protection, it protects such environments indirectly by preserving certain opportunities that are characteristic of modern urban life: opportunities for giving speeches to large crowds, for confronting strangers with ideas they may find unfamiliar or provocative, or for speaking or gathering information in the anonymity of the crowd

Children, family and the state : revisiting public and private realms

The state is often viewed as part of the impersonal public sphere in opposition to the private family as a locus of warmth and intimacy. In recent years this modernist dichotomy has been challenged by theoretical and institutional trends which have altered the relationship between state and family. This paper explores changes to both elements of the dichotomy that challenge this relationship: a more fragmented family structure and more individualised and networked support for children. It will also examine two new elements that further disrupt any clear mapping between state/family and public/private dichotomies: the third party role of the child in family/state affairs and children's application of virtual technology that locates the private within new cultural and social spaces. The paper concludes by examining the rise of the 'individual child' hitherto hidden within the family/state dichotomy and the implications this has for intergenerational relations at personal and institutional levels

Privacy in (mobile) telecommunications services

Telecommunications services are for long subject to privacy regulations. At stake are traditionally: privacy of the communication and the protection of traffic data. Privacy of the communication is legally founded. Traffic data subsume under the notion of data protection and are central in the discussion. The telecommunications environment is profoundly changing. The traditionally closed markets with closed networks change into an open market with open networks. Within these open networks more privacy sensitive data are generated and have to be exchanged between growing numbers of parties. Also telecommunications and computer networks are rapidly being integrated and thus the distinction between telephony and computing disappears. Traditional telecommunications privacy regulations are revised to cover internet applications. In this paper telecommunications issues are recalled to aid the on-going debate. Cellular mobile phones have recently be introduced. Cellular networks process a particular category of traffic data namely location data, thereby introducing the issue of territorial privacy into the telecommunications domain. Location data are bound to be used for pervasive future services. Designs for future services are discussed and evaluated for their impact on privacy protection.</p