Privacy: An ontological problem

Approaches to addressing privacy issues tend to assume privacy is well understood and typically approach the problem from a security perspective. However, security is more concerned with safety than with privacy. Given the lack of satisfaction with advanced privacy-enhancing-technologies, we argue that an ontological framework is fundamental to advancing the capabilities of technologyenabled solutions. In recognition that privacy is a right to control information about oneself, this paper develops a new ontological foundation for privacy - an initial and important step to modeling privacy as a means to improving the privacy protection effectiveness of information systems

Personal Information Markets AND Privacy: A New Model to Solve the Controversy

From the early days of the information economy, personal data has been its most valuable asset. Despite data protection laws, companies trade personal information and often intrude on the privacy of individuals. As a result, consumers feel out of control and lose trust in electronic environments. Technologists and regulators are struggling to develop solutions that meet businesses’ demand for more personal information while maintaining privacy. However, no promising proposals seem to be in sight. We propose a 3-tier personal information market model with privacy. In our model, clear roles, rights and obligations for all actors re-establish trust. The ‘relationship space’ enables data subjects and visible business partners to build trusting relationships. The ‘service space’ supports customer relationships with distributed information processing. The ‘rich information space’ enables anonymized information exchange. To transition to this model, we show how existing privacy-enhancing technologies and legal requirements can be integrated

The legality of online Privacy-Enhancing Technologies

L’utilisation d’Internet prend beaucoup d’ampleur depuis quelques années et le commerce électronique connaît une hausse considérable. Nous pouvons présentement acheter facilement via Internet sans quitter notre domicile et avons accès à d’innombrables sources d’information. Cependant, la navigation sur Internet permet également la création de bases de données détaillées décrivant les habitudes de chaque utilisateur, informations ensuite utilisées par des tiers afin de cerner le profil de leur clientèle cible, ce qui inquiète plusieurs intervenants. Les informations concernant un individu peuvent être récoltées par l’interception de données transactionnelles, par l’espionnage en ligne, ainsi que par l’enregistrement d’adresses IP. Afin de résoudre les problèmes de vie privée et de s’assurer que les commerçants respectent la législation applicable en la matière, ainsi que les exigences mises de l’avant par la Commission européenne, plusieurs entreprises comme Zero-knowledge Systems Inc. et Anonymizer.com offrent des logiciels permettant la protection de la vie privée en ligne (privacy-enhancing technologies ou PETs). Ces programmes utilisent le cryptage d’information, une méthode rendant les données illisibles pour tous à l’exception du destinataire. L’objectif de la technologie utilisée a été de créer des systèmes mathématiques rigoureux pouvant empêcher la découverte de l’identité de l’auteur même par le plus déterminé des pirates, diminuant ainsi les risques de vol d’information ou la divulgation accidentelle de données confidentielles. Malgré le fait que ces logiciels de protection de la vie privée permettent un plus grand respect des Directives européennes en la matière, une analyse plus approfondie du sujet témoigne du fait que ces technologies pourraient être contraires aux lois concernant le cryptage en droit canadien, américain et français.The use of the Internet has spread widely in the past few years and commerce on the World Wide Web has boomed. We are now able to buy products easily from home over the Internet and have access to all kinds of information sources. The well-known concern is that browsing the Internet has created detailed databases describing each user's browsing patterns and that third parties are now able to assemble comprehensive profiles about online users. Information about the user is gathered through the collection of transactional data, Internet tracking, and tracking IP addresses. In order to solve privacy problems and make sure companies are obligated to comply with privacy laws, or more specifically with the standards established by the European Commission, many companies, like Zero-knowledge Systems Inc. and Anonymizer.com, are marketing privacy-enhancing technologies (PETs) in order to protect and assure the privacy of the individual in the digital world. These privacy-enhancing technologies use a method called encryption, which scrambles the data, making it illegible to everyone except the intended recipient. The goal has been to create mathematically rigorous systems that will prevent even the most determined attackers from discovering the user's identity, therefore significantly reducing the risk of data theft or accidental leaks of sensitive information from the Internet user’s computer. While these online privacy software do help to protect the privacy of the Internet users in making sure that data collectors comply with the European Privacy Directives, a further analysis may determine that they are illegal according to Canadian, American or French encryption control laws and regulations

Digital privacy and new media: an empirical study assessing the impact of privacy seals on personal information disclosure.

Advances in technology have facilitated the rapid growth of a global new media industry. Many new media firms rely heavily on networked technologies to enable a primary income driver based on advertising revenues. This has attracted criticisms from privacy campaigners who argue that elements of the way some of these firms operate constitute an invasion of user’s privacy. Early economic approaches to privacy are primarily informed by the rational choice theory and viewed individuals as utility maximizers when making decisions involving personal information disclosure. Theoretical approaches have since developed to account for factors explored by bounded rationality and behavioural economics where individuals engage in complex trade-offs when making privacy disclosure decisions. Both EU and US regulators believe rapid technological advances have rendered existing regulatory provisions inadequate. In the EU, the 2018 General Data Protection Regulation (GDPR) set out to improve ‘information transparency’ and give individuals to exercise greater ‘control’ over their personal data. The regulation set out provisions for the establishment of a privacy seal accreditation scheme. There is little empirical evidence to demonstrate that the use of privacy seals is privacy enhancing. Existing research reveals inconsistent and at times counter-intuitive findings. This research conducted online experimental research to establish if a causal link exists between the presence of a privacy seals and personal information disclose. Experiment results show that contrary to previous research in this area, the presence of privacy seals does not result in lower personal information disclosure. Survey findings also show that the GDPR has failed to expand ‘sensitive’ categories of data in line with both EU and US data subjects expectations. This research makes a number of original contributions to knowledge. Information disclosure is examined in relation to sensitive data categories as defined in the GDPR. Using commercially available privacy seals, it adds to the existing body of literature on the impact of iconography on user behaviour. The findings suggest there is an opportunity for new media firms to use independently accredited privacy seals as a differentiator in this industry sector

When Data Protection by Design and Data Subject Rights Clash

• Data Protection by Design (DPbD), a holistic approach to embedding principles in technical and organisational measures undertaken by data controllers, building on the notion of Privacy by Design, is now a qualified duty in the GDPR. • Practitioners have seen DPbD less holistically, instead framing it through the confidentiality-focussed lens of Privacy Enhancing Technologies (PETs). • While focussing primarily on confidentiality risk, we show that some DPbD strategies deployed by large data controllers result in personal data which, despite remaining clearly reidentifiable by a capable adversary, make it difficult for the controller to grant data subjects rights (eg access, erasure, objection) over for the purposes of managing this risk. • Informed by case studies of Apple’s Siri voice assistant and Transport for London’s Wi-Fi analytics, we suggest three main ways to make deployed DPbD more accountable and data subject–centric: building parallel systems to fulfil rights, including dealing with volunteered data; making inevitable trade-offs more explicit and transparent through Data Protection Impact Assessments; and through ex ante and ex post information rights (arts 13–15), which we argue may require the provision of information concerning DPbD trade-offs. • Despite steep technical hurdles, we call both for researchers in PETs to develop rigorous techniques to balance privacy-as-control with privacyas-confidentiality, and for DPAs to consider tailoring guidance and future frameworks to better oversee the trade-offs being made by primarily wellintentioned data controllers employing DPbD

Analysis of Cyber Security In E-Governance Utilizing Blockchain Performance

E-Government refers to the administration of Information and Communication Technologies (ICT) to the procedures and functions of the government with the objective of enhancing the transparency, efficiency and participation of the citizens. E-Government is tough systems that require distribution, protection of privacy and security and collapse of these could result in social and economic costs on a large scale. Many of the available e-government systems like electronic identity system of management (eIDs), websites are established at duplicated databases and servers. An established validation and management system could face a single failure point and the system is prone to Distributed Denial of Service Attacks (DDoS), denial of service attacks (DoS), malware and other cyber attacks. The execution of a privacy preserving and a secure decentralized system is enabled by the block chain technology. Here any third-party organizations do not have any control over the transactions of the Government. With the help of block chain technology, new and existing data are encapsulated within ledger or blocks, which are evenly distributed through the network in an enduring and sustainable way. The privacy and security of information are improved with the help of block chain technology, where distribution and encryption of data are performed through the total network. This analytical paper maps out the analysis of the security in the e-government system, utilizing the block chain technology that provides privacy and security of information and thereby enhancing the trust among the public sector. Qualitative and theoretical analysis is made for the proposed topic and implications of privacy and security of the proposed system is made

The control over personal data: True remedy or fairy tale ?

This research report undertakes an interdisciplinary review of the concept of "control" (i.e. the idea that people should have greater "control" over their data), proposing an analysis of this con-cept in the field of law and computer science. Despite the omnipresence of the notion of control in the EU policy documents, scholarly literature and in the press, the very meaning of this concept remains surprisingly vague and under-studied in the face of contemporary socio-technical environments and practices. Beyond the current fashionable rhetoric of empowerment of the data subject, this report attempts to reorient the scholarly debates towards a more comprehensive and refined understanding of the concept of control by questioning its legal and technical implications on data subject\^as agency

Eavesdropping Whilst You're Shopping: Balancing Personalisation and Privacy in Connected Retail Spaces

Physical retailers, who once led the way in tracking with loyalty cards and `reverse appends', now lag behind online competitors. Yet we might be seeing these tables turn, as many increasingly deploy technologies ranging from simple sensors to advanced emotion detection systems, even enabling them to tailor prices and shopping experiences on a per-customer basis. Here, we examine these in-store tracking technologies in the retail context, and evaluate them from both technical and regulatory standpoints. We first introduce the relevant technologies in context, before considering privacy impacts, the current remedies individuals might seek through technology and the law, and those remedies' limitations. To illustrate challenging tensions in this space we consider the feasibility of technical and legal approaches to both a) the recent `Go' store concept from Amazon which requires fine-grained, multi-modal tracking to function as a shop, and b) current challenges in opting in or out of increasingly pervasive passive Wi-Fi tracking. The `Go' store presents significant challenges with its legality in Europe significantly unclear and unilateral, technical measures to avoid biometric tracking likely ineffective. In the case of MAC addresses, we see a difficult-to-reconcile clash between privacy-as-confidentiality and privacy-as-control, and suggest a technical framework which might help balance the two. Significant challenges exist when seeking to balance personalisation with privacy, and researchers must work together, including across the boundaries of preferred privacy definitions, to come up with solutions that draw on both technology and the legal frameworks to provide effective and proportionate protection. Retailers, simultaneously, must ensure that their tracking is not just legal, but worthy of the trust of concerned data subjects.Comment: 10 pages, 1 figure, Proceedings of the PETRAS/IoTUK/IET Living in the Internet of Things Conference, London, United Kingdom, 28-29 March 201