A Human-centric Perspective on Digital Consenting: The Case of GAFAM

According to different legal frameworks such as the European General Data Protection Regulation (GDPR), an end-user's consent constitutes one of the well-known legal bases for personal data processing. However, research has indicated that the majority of end-users have difficulty in understanding what they are consenting to in the digital world. Moreover, it has been demonstrated that marginalized people are confronted with even more difficulties when dealing with their own digital privacy. In this research, we use an enactivist perspective from cognitive science to develop a basic human-centric framework for digital consenting. We argue that the action of consenting is a sociocognitive action and includes cognitive, collective, and contextual aspects. Based on the developed theoretical framework, we present our qualitative evaluation of the consent-obtaining mechanisms implemented and used by the five big tech companies, i.e. Google, Amazon, Facebook, Apple, and Microsoft (GAFAM). The evaluation shows that these companies have failed in their efforts to empower end-users by considering the human-centric aspects of the action of consenting. We use this approach to argue that their consent-obtaining mechanisms violate principles of fairness, accountability and transparency. We then suggest that our approach may raise doubts about the lawfulness of the obtained consent—particularly considering the basic requirements of lawful consent within the legal framework of the GDPR

Transparent government, not transparent citizens: a report on privacy and transparency for the Cabinet Office

1. Privacy is extremely important to transparency. The political legitimacy of a transparency programme will depend crucially on its ability to retain public confidence. Privacy protection should therefore be embedded in any transparency programme, rather than bolted on as an afterthought. 2. Privacy and transparency are compatible, as long as the former is carefully protected and considered at every stage. 3. Under the current transparency regime, in which public data is specifically understood not to include personal data, most data releases will not raise privacy concerns. However, some will, especially as we move toward a more demand-driven scheme. 4. Discussion about deanonymisation has been driven largely by legal considerations, with a consequent neglect of the input of the technical community. 5. There are no complete legal or technical fixes to the deanonymisation problem. We should continue to anonymise sensitive data, being initially cautious about releasing such data under the Open Government Licence while we continue to take steps to manage and research the risks of deanonymisation. Further investigation to determine the level of risk would be very welcome. 6. There should be a focus on procedures to output an auditable debate trail. Transparency about transparency – metatransparency – is essential for preserving trust and confidence. Fourteen recommendations are made to address these conclusions

The application of BIM tools to explore the dynamic characteristics of smart materials in a contemporary Shanashil building design element

Traditional architecture is known for its crafted facade features that respond to environmental, social and cultural requirements. Contemporary architecture produced façade features that attempted to enhance local design identity and local culture. Despite the advantages of modern technology, architectural elements have difficulties in fulfilling the idea of sustainable elegance that once traditional elements provided. This problem calls for an interdisciplinary design approach to deliver sustainable design solutions that positively adapt to the surrounding environment as well as maintain the state of elegance in design. With this in mind, the research aims to explore the role of new glass technologies to improve the performance and at the same time maintain the design value of traditional façade element “shanashil” in Baghdadi buildings. This research utilises BIM tools and uses smart materials to restore the lost value in design, which mimics the dynamic characteristics observed in nature, inspired by biomimetics strategies. Such qualities are found in the characteristics of smart dynamic glazing material particularly in the switchable, reversible properties of transparency and coloration efficiency. The material characteristics are attached to a 3D digital prototype to visualise the difference between dynamic and static properties through the use of technology tools Revit plugin and smart glazing virtual reality prototype. This research concludes that the dynamic characteristics of smart glazing materials are effective in delivering a multifunctional design quality to collectively blend in harmony with the surrounding environment

Big Data, Small Credit: The Digital Revolution and Its Impact on Emerging Market Consumers

This research report sheds light on a new cadre of technology companies who are disrupting the credit scoring business in emerging markets. Using non-financial data -- such as social media activity and mobile phone usage patterns -- complex algorithms and big data analytics are forever changing the economics of how we identify, score, and underwrite credit to consumers who have been invisible to lenders until now

End-to-End Privacy for Open Big Data Markets

The idea of an open data market envisions the creation of a data trading model to facilitate exchange of data between different parties in the Internet of Things (IoT) domain. The data collected by IoT products and solutions are expected to be traded in these markets. Data owners will collect data using IoT products and solutions. Data consumers who are interested will negotiate with the data owners to get access to such data. Data captured by IoT products will allow data consumers to further understand the preferences and behaviours of data owners and to generate additional business value using different techniques ranging from waste reduction to personalized service offerings. In open data markets, data consumers will be able to give back part of the additional value generated to the data owners. However, privacy becomes a significant issue when data that can be used to derive extremely personal information is being traded. This paper discusses why privacy matters in the IoT domain in general and especially in open data markets and surveys existing privacy-preserving strategies and design techniques that can be used to facilitate end to end privacy for open data markets. We also highlight some of the major research challenges that need to be address in order to make the vision of open data markets a reality through ensuring the privacy of stakeholders.Comment: Accepted to be published in IEEE Cloud Computing Magazine: Special Issue Cloud Computing and the La

Privacy CURE: Consent Comprehension Made Easy

Although the General Data Protection Regulation (GDPR) defines several potential legal bases for personal data processing, in many cases data controllers, even when they are located outside the European Union (EU), will need to obtain consent from EU citizens for the processing of their personal data. Unfortunately, existing approaches for obtaining consent, such as pages of text followed by an agreement/disagreement mechanism, are neither specific nor informed. In order to address this challenge, we introduce our Consent reqUest useR intErface (CURE) prototype, which is based on the GDPR requirements and the interpretation of those requirements by the Article 29 Working Party (i.e., the predecessor of the European Data Protection Board). The CURE prototype provides transparency regarding personal data processing, more control via a customization, and, based on the results of our usability evaluation, improves user comprehension with respect to what data subjects actually consent to. Although the CURE prototype is based on the GDPR requirements, it could potentially be used in other jurisdictions also

Conditions of Full Disclosure:The Blockchain Remuneration Model

One of the fundamental applications for a practically useful system of money is remuneration. Information pertaining to the amount of compensation awarded to different individuals is often considered sensitive, commanding a certain degree of privacy. As Bitcoin and similarly designed cryptocurrencies evolve into a recognized medium of exchange for larger swaths of the world economy, an increasing number of people will earn income in the form of blockchain-based payments. The nature of these transactions is such that the minute details of an affected individuals compensation package and spending habits will be exposed to public scrutiny. In some cases this violates cultural norms which respect the confidentiality of salaries, yet in other cases it could be regarded as providing the benefits associated with greater transparency. In this work we analyse the Bitcoin blockchain record of periodic payments accruing to an individual address in exchange for goods or services rendered. For differing levels of available information we seek to determine the extent of insights that can be gleaned about the transacting counter-parties and the privacy implications this entails

Algorithms that Remember: Model Inversion Attacks and Data Protection Law

Many individuals are concerned about the governance of machine learning systems and the prevention of algorithmic harms. The EU's recent General Data Protection Regulation (GDPR) has been seen as a core tool for achieving better governance of this area. While the GDPR does apply to the use of models in some limited situations, most of its provisions relate to the governance of personal data, while models have traditionally been seen as intellectual property. We present recent work from the information security literature around `model inversion' and `membership inference' attacks, which indicate that the process of turning training data into machine learned systems is not one-way, and demonstrate how this could lead some models to be legally classified as personal data. Taking this as a probing experiment, we explore the different rights and obligations this would trigger and their utility, and posit future directions for algorithmic governance and regulation.Comment: 15 pages, 1 figur