Machine-Readable Privacy Certificates for Services

Privacy-aware processing of personal data on the web of services requires managing a number of issues arising both from the technical and the legal domain. Several approaches have been proposed to matching privacy requirements (on the clients side) and privacy guarantees (on the service provider side). Still, the assurance of effective data protection (when possible) relies on substantial human effort and exposes organizations to significant (non-)compliance risks. In this paper we put forward the idea that a privacy certification scheme producing and managing machine-readable artifacts in the form of privacy certificates can play an important role towards the solution of this problem. Digital privacy certificates represent the reasons why a privacy property holds for a service and describe the privacy measures supporting it. Also, privacy certificates can be used to automatically select services whose certificates match the client policies (privacy requirements). Our proposal relies on an evolution of the conceptual model developed in the Assert4Soa project and on a certificate format specifically tailored to represent privacy properties. To validate our approach, we present a worked-out instance showing how privacy property Retention-based unlinkability can be certified for a banking financial service.Comment: 20 pages, 6 figure

A European perspective on data processing consent through the re-conceptualization of European data protection’s looking glass after the Lisbon Treaty: Taking rights seriously

Copyright @ 2012 Kluwer Law International. Reprinted from European Review of Private Law, 20(2): 473 - 506, 2012, with permission of Kluwer Law International.EU data protection law is undergoing a process of reform to meet the challenges of the modern economy and rapid technological developments. This study re-conceptualizes data protection in the EU in light of the enactment of the Treaty of Lisbon and the Charter of Fundamental Rights of the EU. It focuses on data subjects' consent as a key component of data processing legislation - alongside the principles of purpose specification and data quality - to reinforce the view that it is a necessary, though not sufficient, tool to guarantee the declared high level of protection of individuals. To prevent confusion, conflation, or abuse of consent and safeguard the fundamental values to which it is tied, this paper puts forward that additional legal constraints and qualifications would be necessary for the enhancement of its application and enforcement. Soft or libertarian paternalism may be the key to nudge individuals towards the desired social outcome while preserving their individual autonomy. The ultimate suggestion is that EU policy makers should take rights seriously and not be seduced by and surrender to conflicting economic interests

Online Personal Data Processing and EU Data Protection Reform. CEPS Task Force Report, April 2013

This report sheds light on the fundamental questions and underlying tensions between current policy objectives, compliance strategies and global trends in online personal data processing, assessing the existing and future framework in terms of effective regulation and public policy. Based on the discussions among the members of the CEPS Digital Forum and independent research carried out by the rapporteurs, policy conclusions are derived with the aim of making EU data protection policy more fit for purpose in today’s online technological context. This report constructively engages with the EU data protection framework, but does not provide a textual analysis of the EU data protection reform proposal as such

New Methods in Human Subjects Research: Do We Need a New Ethics?

Online surveys and interviews, the observations of chat rooms or online games, data mining, knowledge discovery in databases (KDD), collecting biomarkers, employing biometrics, using RFID technology - even as implants in the human body - and other related processes all seem to be more promising, cheaper, faster, and comprehensive than conventional methods of human subjects research. But at the same time these new means of gathering information may pose powerful threats to privacy, autonomy, and informed consent. Online research, particularly involving children and minors but also other vulnerable groups such as ethnic or religious minorities, is in urgent need of an adequate research ethics that can provide reasonable and morally justified constraints for human subjects research. The paper at hand seeks to provide some clarification of these new means of information gathering and the challenges they present to moral concepts like -privacy, autonomy, informed consent, beneficence, and justice. Some existing codes of conduct and ethical guidelines are examined to determine whether they provide answers to those challenges and/or whether they can be helpful in the development of principles and regulations governing human subjects research. Finally, some conclusions and recommendations are presented that can help in the ask of formulating an adequate research ethics for human subjects research.Human Subjects Research, Online Research, Biomarkers, Biometrics, Autonomy, Privacy, Informed Consent, Research Ethics

Drones for parcel and passenger transportation: A literature review

Delivery drones and ‘air taxis’ are currently among the most intensely discussed emerging technologies, likely to expand mobility into the ‘third dimension’ of low-level airspace. This paper presents a systematic literature review of 111 interdisciplinary publications (2013 - 03/2019). The review systematizes the current socio-technical debate on civil drones for transportation purposes allowing for a (critical) interim assessment. To guide the review process four dimensions of analysis were defined. A total of 2581 relevant quotations were subdivided into anticipated barriers (426), potential problems (1037), proposed solutions (737) and expected benefits (381). We found that the debate is characterized by predominantly technical and regulatory problems and barriers which are considered to prevent or impede the use of drones for parcel and passengers transportation. At the same time, definite economic expectations are juxtaposed with quite complex and differentiated concerns regarding societal and environmental impacts. Scrutinizing the most prevalent transportation-related promises of traffic reduction, travel time saving and environmental relief we found that there is a strong need to provide scientific evidence for the promises linked to the use of drones for transportation. We conclude that the debate on drones for transportation needs further qualification, emphasizing societal benefits and public involvement more strongly.TU Berlin, Open-Access-Mittel - 201

Corporate Social (Ir)Responsibility in Media and Communication Industries

Microsoft is the most socially responsible company in the world, followed by Google on rank 2 and The Walt Disney Company on rank 3 – at least according to the perceptions of 47,000 people from 15 countries that participated in a survey conducted by the consultancy firm Reputation Institute. In this paper I take a critical look at Corporate Social Responsibility in media and communication industries. Within the debate on CSR media are often only discussed in regard to their role of raising awareness and enabling public debate about corporate social responsibility. What is missing are theoretical and empirical studies about the corporate social (ir)responsibility of media and communication companies themselves. This paper contributes to overcoming this blind spot. First I systematically describe four different ways of relating profit goals and social goals of media and communication companies. I argue for a dialectical perspective that considers how profit interests and social responsibilities mutually shape each other. Such a perspective can draw on a critical political economy of media and communication. Based on this approach I take a closer look at Microsoft, Google and The Walt Disney Company and show that their actual practices do not correspond to their reputation. This analysis points at flaws in the concept CSR. I argue that despite these limitations CSR still contains a rational element that can however only be realised by going beyond CSR. I therefore suggest a new concept that turns CSR off its head and places it upon its feet