1,654 research outputs found
Realising the right to data portability for the domestic Internet of Things
There is an increasing role for the IT design community to play in regulation
of emerging IT. Article 25 of the EU General Data Protection Regulation (GDPR)
2016 puts this on a strict legal basis by establishing the need for information
privacy by design and default (PbD) for personal data-driven technologies.
Against this backdrop, we examine legal, commercial and technical perspectives
around the newly created legal right to data portability (RTDP) in GDPR. We are
motivated by a pressing need to address regulatory challenges stemming from the
Internet of Things (IoT). We need to find channels to support the protection of
these new legal rights for users in practice. In Part I we introduce the
internet of things and information PbD in more detail. We briefly consider
regulatory challenges posed by the IoT and the nature and practical challenges
surrounding the regulatory response of information privacy by design. In Part
II, we look in depth at the legal nature of the RTDP, determining what it
requires from IT designers in practice but also limitations on the right and
how it relates to IoT. In Part III we focus on technical approaches that can
support the realisation of the right. We consider the state of the art in data
management architectures, tools and platforms that can provide portability,
increased transparency and user control over the data flows. In Part IV, we
bring our perspectives together to reflect on the technical, legal and business
barriers and opportunities that will shape the implementation of the RTDP in
practice, and how the relationships may shape emerging IoT innovation and
business models. We finish with brief conclusions about the future for the RTDP
and PbD in the IoT
Telaah Yuridis Aplikasi Zoom Dalam Mengumpulkan Data Pribadi Ditinjau Dari Peraturan Pemerintah No. 71 Tahun 2019 Tentang Penyelenggaraan Sistem Dan Transaksi Elektronik
Saat ini dunia dilanda wabah Covid-19 yang membuat pertemuan secara fisik (offline) menjadi sangat terbatas. Tantangan ini menimbulkan peluang, salah satunya bagi Zoom Cloud Meetings (Zoom) sebagai salah satu aplikasi yang banyak digunakan di Indonesia untuk pertemuan secara daring. Zoom merupakan hasil perkembangan teknologi informasi yang menciptakan komunikasi gaya baru, sehingga muncul fenomena Zoomdemic. Aplikasi ini menjadi penyelamat di tengah penerapan Work From Home (WFH) di Indonesia. Penggunaan Zoom mensyaratkan proses pendaftaran yang memerlukan pengumpulan Data Pribadi dari Pengguna. Zoom termasuk ke dalam Penyelenggara Sistem Elektronik yang menyediakan, mengelola dan mengoperasikan layanan komunikasi meliputi panggilan suara, panggilan video dalam bentuk platform digital. Penulis membahas mengenai proses mengumpulkan Data Pribadi yang dilakukan Zoom menggunakan aturan hukum mengenai penyelenggaraan sistem dan transaksi elektronik yang berlaku di Indonesia
In principle vs in practice: User, expert and policymaker attitudes towards the right to data portability in the internet of things
The right to data portability (RtDP) was enshrined in law with the introduction of the EU's General Data Orotection Regulation (GDPR, Article 20) in 2018. RtDP gives a user the right to obtain and transfer their data to a different service, and the data controller the obligation to facilitate this transfer. Since GDPR's implementation, RtDP has been highlighted in the Digital Markets Act (DMA; 2022) and the proposed Data Act. Despite these reinforcements, there are gaps in understanding of RtDP amongst digital service users. Additionally, many organisations struggle to facilitate data transfer, particularly when it comes to the Internet of Things (IoT). This study examines the attitudes towards IoT data portability by conducting semi-structured interviews with users of consumer IoT devices (n = 28), academics/industry experts (n = 11) and policymakers (n = 8). Results indicate that whilst policymakers and consumers value this right in principle, it is rendered meaningless without a data subject's ability to exercise it in practice. A lack of guidance for data controllers and consumers has created an atmosphere of uncertainty which urgently needs to be addressed
Adaptive architecture: Regulating human building interaction
In this paper we explore regulatory, technical and interactional implications of Adaptive Architecture, a novel trend emerging in the built environment. We provide a comprehensive description of the emergence and history of the term, with reference to the current state of the art and policy foundations supporting it e.g. smart city initiatives and building regulations. As Adaptive Architecture is underpinned by the Internet of Things (IoT), we are interested in how regulatory and surveillance issues posed by the IoT manifest in buildings too. To support our analysis, we utilise a prominent concept from architecture, Stuart Brandâs Shearing Layers model, which describes the different physical layers of a building and how they relate to temporal change. To ground our analysis, we use three cases of Adaptive Architecture, namely an IoT device (Nest Smart Cam IQ); an Adaptive Architecture research prototype, (ExoBuilding); and a commercial deployment (the Edge). In bringing together Shearing Layers, Adaptive Architecture and the challenges therein, we frame our analysis under 5 key themes. These are guided by emerging information privacy and security regulations. We explore the issues Adaptive Architecture needs to face for: A â âPhysical & information securityâ; B â âEstablishing responsibilityâ; C â âoccupant rights over flows, collection, use & control of personal dataâ; D- âVisibility of Emotions and Bodiesâ; & E â âSurveillance of Everyday Routine Activitiesâ. We conclude by summarising key challenges for Adaptive Architecture, regulation and the future of human building interaction
Slave to the Algorithm? Why a \u27Right to an Explanation\u27 Is Probably Not the Remedy You Are Looking For
Algorithms, particularly machine learning (ML) algorithms, are increasingly important to individualsâ lives, but have caused a range of concerns revolving mainly around unfairness, discrimination and opacity. Transparency in the form of a âright to an explanationâ has emerged as a compellingly attractive remedy since it intuitively promises to open the algorithmic âblack boxâ to promote challenge, redress, and hopefully heightened accountability. Amidst the general furore over algorithmic bias we describe, any remedy in a storm has looked attractive. However, we argue that a right to an explanation in the EU General Data Protection Regulation (GDPR) is unlikely to present a complete remedy to algorithmic harms, particularly in some of the core âalgorithmic war storiesâ that have shaped recent attitudes in this domain. Firstly, the law is restrictive, unclear, or even paradoxical concerning when any explanation-related right can be triggered. Secondly, even navigating this, the legal conception of explanations as âmeaningful information about the logic of processingâ may not be provided by the kind of ML âexplanationsâ computer scientists have developed, partially in response. ML explanations are restricted both by the type of explanation sought, the dimensionality of the domain and the type of user seeking an explanation. However, âsubject-centric explanations (SCEs) focussing on particular regions of a model around a query show promise for interactive exploration, as do explanation systems based on learning a model from outside rather than taking it apart (pedagogical versus decompositional explanations) in dodging developers\u27 worries of intellectual property or trade secrets disclosure. Based on our analysis, we fear that the search for a âright to an explanationâ in the GDPR may be at best distracting, and at worst nurture a new kind of âtransparency fallacy.â But all is not lost. We argue that other parts of the GDPR related (i) to the right to erasure ( right to be forgotten ) and the right to data portability; and (ii) to privacy by design, Data Protection Impact Assessments and certification and privacy seals, may have the seeds we can use to make algorithms more responsible, explicable, and human-centered
Legal Application of the Right to Data Portability In Peer To Peer Lending in Indonesia
Once Personal Data entered into an Electronic System has become Electronic Information in digital form. It can be seen using parameters that the Personal Data is no longer in atom base format but has changed to byte base format. Electronic Information in IT Law approach can be transmitted between Electronic Systems in a possible connection. Data Portability arise, one of which is to allow Data Subject as the Application User to transmit his Personal Data from one Electronic System to another for his own benefit, with the consent and or request of the Data Subject. The development of Data Portability is influenced by the European Union through the General Data Protection Regulation (GDPR), where this is one of the factors that must be considered along with the development of Data is The New Oil phenomenon. P2P Lending business model as a part of Financial Technology (Fintech) in the registration process for Lending accounts is also related to Data Portability. This journal discusses on how the application of The Right to Data Portability in P2P Lending in Indonesia
Adaptive Architecture:Regulating human building interaction
In this paper, we explore the regulatory, technical and interactional implications of Adaptive Architecture (AA) and how it will recalibrate the nature of human-building interaction. We comprehensively unpack the emergence and history of this novel concept, reflecting on the current state of the art and policy foundations supporting it. As AA is underpinned by the Internet of Things (IoT), we consider how regulatory and surveillance issues posed by the IoT are manifesting in the built environment. In our analysis, we utilise a prominent architectural model, Stuart Brandâs Shearing Layers, to understand temporal change and informational flows across different physical layers of a building. We use three AA applications to situate our analysis, namely a smart IoT security camera; an AA research prototype; and an AA commercial deployment. Focusing on emerging information privacy and security regulations, particularly the EU General Data Protection Regulation 2016, we examine AA from 5 perspectives: physical & information security risks; challenges of establishing responsibility; enabling occupant rights over flows, collection, use & control of personal data; addressing increased visibility of emotions and bodies; understanding surveillance of everyday routine activities. We conclude with key challenges for AA regulation and the future of humanâbuilding interaction
- âŠ