Big Data Ethics in Research

The main problems faced by scientists in working with Big Data sets, highlighting the main ethical issues, taking into account the legislation of the European Union. After a brief Introduction to Big Data, the Technology section presents specific research applications. There is an approach to the main philosophical issues in Philosophical Aspects, and Legal Aspects with specific ethical issues in the EU Regulation on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (Data Protection Directive - General Data Protection Regulation, "GDPR"). The Ethics Issues section details the specific aspects of Big Data. After a brief section of Big Data Research, I finalize my work with the presentation of Conclusions on research ethics in working with Big Data. CONTENTS: Abstract 1. Introduction - 1.1 Definitions - 1.2 Big Data dimensions 2. Technology - 2.1 Applications - - 2.1.1 In research 3. Philosophical aspects 4. Legal aspects - 4.1 GDPR - - Stages of processing of personal data - - Principles of data processing - - Privacy policy and transparency - - Purposes of data processing - - Design and implicit confidentiality - - The (legal) paradox of Big Data 5. Ethical issues - Ethics in research - Awareness - Consent - Control - Transparency - Trust - Ownership - Surveillance and security - Digital identity - Tailored reality - De-identification - Digital inequality - Privacy 6. Big Data research Conclusions Bibliography DOI: 10.13140/RG.2.2.11054.4640

Big Data and Analytics in the Age of the GDPR

The new European General Data Protection Regulation places stringent restrictions on the processing of personally identifiable data. The GDPR does not only affect European companies, as the regulation applies to all the organizations that track or provide services to European citizens. Free exploratory data analysis is permitted only on anonymous data, at the cost of some legal risks.We argue that for the other kinds of personal data processing, the most flexible and safe legal basis is explicit consent. We illustrate the approach to consent management and compliance with the GDPR being developed by the European H2020 project SPECIAL, and highlight some related big data aspects

A Human-centric Perspective on Digital Consenting: The Case of GAFAM

According to different legal frameworks such as the European General Data Protection Regulation (GDPR), an end-user's consent constitutes one of the well-known legal bases for personal data processing. However, research has indicated that the majority of end-users have difficulty in understanding what they are consenting to in the digital world. Moreover, it has been demonstrated that marginalized people are confronted with even more difficulties when dealing with their own digital privacy. In this research, we use an enactivist perspective from cognitive science to develop a basic human-centric framework for digital consenting. We argue that the action of consenting is a sociocognitive action and includes cognitive, collective, and contextual aspects. Based on the developed theoretical framework, we present our qualitative evaluation of the consent-obtaining mechanisms implemented and used by the five big tech companies, i.e. Google, Amazon, Facebook, Apple, and Microsoft (GAFAM). The evaluation shows that these companies have failed in their efforts to empower end-users by considering the human-centric aspects of the action of consenting. We use this approach to argue that their consent-obtaining mechanisms violate principles of fairness, accountability and transparency. We then suggest that our approach may raise doubts about the lawfulness of the obtained consent—particularly considering the basic requirements of lawful consent within the legal framework of the GDPR

Performance Degradation and Cost Impact Evaluation of Privacy Preserving Mechanisms in Big Data Systems

Big Data is an emerging area and concerns managing datasets whose size is beyond commonly used software tools ability to capture, process, and perform analyses in a timely way. The Big Data software market is growing at 32% compound annual rate, almost four times more than the whole ICT market, and the quantity of data to be analyzed is expected to double every two years. Security and privacy are becoming very urgent Big Data aspects that need to be tackled. Indeed, users share more and more personal data and user-generated content through their mobile devices and computers to social networks and cloud services, losing data and content control with a serious impact on their own privacy. Privacy is one area that had a serious debate recently, and many governments require data providers and companies to protect users’ sensitive data. To mitigate these problems, many solutions have been developed to provide data privacy but, unfortunately, they introduce some computational overhead when data is processed. The goal of this paper is to quantitatively evaluate the performance and cost impact of multiple privacy protection mechanisms. A real industry case study concerning tax fraud detection has been considered. Many experiments have been performed to analyze the performance degradation and additional cost (required to provide a given service level) for running applications in a cloud system

A Privacy by Design Methodology Application in Telecom Domain

Telecommunication has been considerably developed over the last decades, notably through optical fiber submarine cables and wireless connections offering voice and data wide range services. Telecommunication infrastructures are the necessary backbone that make possible any voice and data exchange. Unfortunately, these infrastructures are still suffering from various vulnerabilities and continue to be target of specific cyber-attacks. Some of these attacks could lead to service deniability, integrity and privacy loss. Against this fact, it’s also established that telecom service providers, as the owner of this infrastructure,can have access to huge data,                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            even personal data related to customer and  to their employees. Basically, this personal data is related directly to the customer’s and employee’s identity, geolocation, interest areas and contact circle, etc.,  when it comes to the use of this personal data, the privacy concerns become a big challenge for telecom service providers due to heavy impact that can induce. Given the personal data protection criticality in telecom domain, privacy by design PbD should be incorporate. Then, this article aims to apply in telecom service providers ISPM methodology "Information System Privacy Methodology" which focuses on PbD implementation in enterprises architecture, specifically in information systems taking into account all technical and organizational aspects

Small Pool for Big Data: Researching for Sustainable Data Focused on Open Government Data (OGD) Movement

When Sir Isaac Newton said his famous statement standing on the shoulders of giants, it was a modest phrase and explained the necessity of sharing knowledge or information to make the next intellectual progress. The data industry is now the fastest developing area, but many ambiguities are a subject in law. The protection of data is a fascinating and still unsolved challenge for intellectual property law. Data is essential in the matter of new industry and our lifestyle at individual, corporate, and institutional levels. And the legal protection needs to work to offer vivid transactions of data for creative interactions. However, many enterprises consider data an asset for business profit as the data industry grows vast and fast. Data raises diverse policy debates that arise in the better-known intellectual property areas, for instance, copyrights, unfair competition, and trade secret. The vague aspects of data implicate a number of intellectual property approaches. It also extends to the economic problem \u27tragedy of anti-commons\u27 that fragmented ownership is disrupting sound usage. In this regard, Open Governmental Data (OGD) is one way to resolve inefficiency in the data industry. The government collects massive personal data and reproduces datasets in the process of administration. Many governments give back the public data for private sectors anticipating the data works for new enterprise seed money. This work looks at three considerations about the legal aspects of data. At first, we will see the necessity of big data in current and reasons for the government to pay attention to open data to the public. The data industry market\u27s inefficiency discourages cumulative innovation in our society and approaches the benefits of sharing data in the private economy or OGD movement. Second, the paper conducts principles of OGD and takes a functional approach in analyzing the related IP laws in database protection and public accessibility. Interestingly various governments are opening data that compares various OGD models from different countries led by other stakeholders, including government, large companies, small to medium enterprises ( SMEs ), and how they work as a member of OGD. Finally, it critiques the current OGD movement and suggests that corporate OGD strategies granting autonomous would help resolve the anti-commons of IP in the big data industry

Data protection in the age of Big Data: legal challenges and responses in the context of online behavioural advertising

This thesis addresses the question of how data protection law should respond to the challenges arising from the ever-increasing prevalence of big data. The investigation is conducted with the case study of online behavioural advertising (OBA) and within the EU data protection legal framework, especially the General Data Protection Regulation (GDPR). It is argued that data protection law should respond to the big data challenges by leveraging the regulatory options that are either already in place in the current legal regime or potentially available to policymakers. With the highly complex, powerful and opaque OBA network, in both technical and economic terms, the use of big data may pose fundamental threats to certain individualistic, collective or societal values. Despite a limited number of economic benefits such as free access to online services and the growth of the digital market, the latent risks of OBA call for an effective regulatory regime on big data. While the EU’s GDPR represents the latest and most comprehensive legal framework regulating the use of personal data, it has still fallen short on certain important aspects. The regulatory model characterised by individualised consent and the necessity test remains insufficient in fully protecting data subjects as autonomous persons, consumers and citizens in the context of OBA. There is thus a pressing need for policymakers to review their regulatory toolbox in the light of the potential threats. On the one hand, it is necessary to reconsider the possibilities to blacklist or whitelist certain data uses with mechanisms that are either in place in the legal framework or can be introduced additionally. On the other hand, it is also necessary to realise the full range of policy options that can be adopted to assist individuals in making informed decisions in the age of big data

Outsourcing, Data Insourcing, and the Irrelevant Constitution

Long before revelations of the National Security Agency\u27s data collection programs grabbed headlines, scholars and the press decried the burgeoning harms to privacy that metadata mining and new surveillance technologies present. Through publicly accessible social media sites, web-tracking technologies, private data mining consolidators, and its own databases, the government is just a mouse click away from a wealth of intimate personal information that was virtually inaccessible only a decade ago. At the heart of the conundrum is the government\u27s ability to source an unprecedented amount of personal data from private third parties. This trail of digital information is being insourced into government coffers with no constitutional accountability-much like governmental powers are being outsourced to private contractors without constitutional restraint. These phenomena reveal a troubling trend: the diminishment of the Constitution\u27s relevance when the government works in tandem with third parties. Outmoded Fourth Amendment doctrine offers no pathway around this problem. Nor has legislation kept apace with technological advancements to forestall abuses before they occur. Moreover, the primary theories for challenging the private exercise of public power-the private delegation and state action doctrines-rarely persuade modern courts. Rather than focusing on the privacy aspects of big data, this Article proceeds from the standpoint of the structural Constitution, and reframes existing doctrines for rendering the government constitutionally accountable for actions taken through a third party, on the theory that exclusive reliance on the political branches for the protection of individual privacy rights in the age of big data is insufficient

Privacy Harm and Non-Compliance from a Legal Perspective

In today\u27s data-sharing paradigm, personal data has become a valuable resource that intensifies the risk of unauthorized access and data breach. Increased data mining techniques used to analyze big data have posed significant risks to data security and privacy. Consequently, data breaches are a significant threat to individual privacy. Privacy is a multifaceted concept covering many areas, including the right to access, erasure, and rectify personal data. This paper explores the legal aspects of privacy harm and how they transform into legal action. Privacy harm is the negative impact to an individual as a result of the unauthorized release, gathering, distillation, or expropriation of personal information. Privacy Enhancing Technologies (PETs) emerged as a solution to address data privacy issues and minimize the risk of privacy harm. It is essential to implement privacy enhancement mechanisms to protect Personally Identifiable Information (PII) from unlawful use or access. FIPPs (Fair Information Practice Principles), based on the 1973 Code of Fair Information Practice (CFIP), and the Organization for Economic Cooperation and Development (OECD), are a collection of widely accepted, influential US codes that agencies use when evaluating information systems, processes, programs, and activities affecting individual privacy. Regulatory compliance places a responsibility on organizations to follow best practices to ensure the protection of individual data privacy rights. This paper will focus on FIPPs, relevance to US state privacy laws, their influence on OECD, and reference to the EU General Data Processing Regulation. (GDPR). Keywords —Privacy harm, Privacy Enhancing Technologies(PETs),Fair Information Practice Principles (FIPPs

Legal bases for the GDPR implementation in marketing

Business entities carrying out marketing activities are among those which are fundamentally affected by the protection of personal data provided by the GDPR Regulation. Personal data is part of a personal identity and a very valuable and strategically important commodity these days. The importance of this legislation therefore is that it unifies the protection of personal data of individuals across the EU, it is directly applicable legislation. Business entities work with personal data from existing or potential customer when implementing marketing activities. The successful application of GDPR to marketing of business entities assumes a very good knowledge of this legislation and the ability to apply it correctly to the various processes and procedures that the business entity or marketing agency implements in the marketing field. All personal data controllers and processors are required to introduce technical, organizational and procedural measures in accordance with the GDPR. No matter how big the institution or business entity is. This subject is very broad. With a view to the limitation of this contribution, the main aim is therefore to present and discuss only some selected aspects of this issue (knowing that a number of other sub-themes will be worked in the future), to highlight a number of questions that arise in relation to this theme, to outline the potential direction and methods of the future research