Realising the right to data portability for the domestic Internet of Things

There is an increasing role for the IT design community to play in regulation of emerging IT. Article 25 of the EU General Data Protection Regulation (GDPR) 2016 puts this on a strict legal basis by establishing the need for information privacy by design and default (PbD) for personal data-driven technologies. Against this backdrop, we examine legal, commercial and technical perspectives around the newly created legal right to data portability (RTDP) in GDPR. We are motivated by a pressing need to address regulatory challenges stemming from the Internet of Things (IoT). We need to find channels to support the protection of these new legal rights for users in practice. In Part I we introduce the internet of things and information PbD in more detail. We briefly consider regulatory challenges posed by the IoT and the nature and practical challenges surrounding the regulatory response of information privacy by design. In Part II, we look in depth at the legal nature of the RTDP, determining what it requires from IT designers in practice but also limitations on the right and how it relates to IoT. In Part III we focus on technical approaches that can support the realisation of the right. We consider the state of the art in data management architectures, tools and platforms that can provide portability, increased transparency and user control over the data flows. In Part IV, we bring our perspectives together to reflect on the technical, legal and business barriers and opportunities that will shape the implementation of the RTDP in practice, and how the relationships may shape emerging IoT innovation and business models. We finish with brief conclusions about the future for the RTDP and PbD in the IoT

Telaah Yuridis Aplikasi Zoom Dalam Mengumpulkan Data Pribadi Ditinjau Dari Peraturan Pemerintah No. 71 Tahun 2019 Tentang Penyelenggaraan Sistem Dan Transaksi Elektronik

Saat ini dunia dilanda wabah Covid-19 yang membuat pertemuan secara fisik (offline) menjadi sangat terbatas. Tantangan ini menimbulkan peluang, salah satunya bagi Zoom Cloud Meetings (Zoom) sebagai salah satu aplikasi yang banyak digunakan di Indonesia untuk pertemuan secara daring. Zoom merupakan hasil perkembangan teknologi informasi yang menciptakan komunikasi gaya baru, sehingga muncul fenomena Zoomdemic. Aplikasi ini menjadi penyelamat di tengah penerapan Work From Home (WFH) di Indonesia. Penggunaan Zoom mensyaratkan proses pendaftaran yang memerlukan pengumpulan Data Pribadi dari Pengguna. Zoom termasuk ke dalam Penyelenggara Sistem Elektronik yang menyediakan, mengelola dan mengoperasikan layanan komunikasi meliputi panggilan suara, panggilan video dalam bentuk platform digital. Penulis membahas mengenai proses mengumpulkan Data Pribadi yang dilakukan Zoom menggunakan aturan hukum mengenai penyelenggaraan sistem dan transaksi elektronik yang berlaku di Indonesia

In principle vs in practice: User, expert and policymaker attitudes towards the right to data portability in the internet of things

The right to data portability (RtDP) was enshrined in law with the introduction of the EU's General Data Orotection Regulation (GDPR, Article 20) in 2018. RtDP gives a user the right to obtain and transfer their data to a different service, and the data controller the obligation to facilitate this transfer. Since GDPR's implementation, RtDP has been highlighted in the Digital Markets Act (DMA; 2022) and the proposed Data Act. Despite these reinforcements, there are gaps in understanding of RtDP amongst digital service users. Additionally, many organisations struggle to facilitate data transfer, particularly when it comes to the Internet of Things (IoT). This study examines the attitudes towards IoT data portability by conducting semi-structured interviews with users of consumer IoT devices (n = 28), academics/industry experts (n = 11) and policymakers (n = 8). Results indicate that whilst policymakers and consumers value this right in principle, it is rendered meaningless without a data subject's ability to exercise it in practice. A lack of guidance for data controllers and consumers has created an atmosphere of uncertainty which urgently needs to be addressed

Adaptive architecture: Regulating human building interaction

In this paper we explore regulatory, technical and interactional implications of Adaptive Architecture, a novel trend emerging in the built environment. We provide a comprehensive description of the emergence and history of the term, with reference to the current state of the art and policy foundations supporting it e.g. smart city initiatives and building regulations. As Adaptive Architecture is underpinned by the Internet of Things (IoT), we are interested in how regulatory and surveillance issues posed by the IoT manifest in buildings too. To support our analysis, we utilise a prominent concept from architecture, Stuart Brand’s Shearing Layers model, which describes the different physical layers of a building and how they relate to temporal change. To ground our analysis, we use three cases of Adaptive Architecture, namely an IoT device (Nest Smart Cam IQ); an Adaptive Architecture research prototype, (ExoBuilding); and a commercial deployment (the Edge). In bringing together Shearing Layers, Adaptive Architecture and the challenges therein, we frame our analysis under 5 key themes. These are guided by emerging information privacy and security regulations. We explore the issues Adaptive Architecture needs to face for: A – ‘Physical & information security’; B – ‘Establishing responsibility’; C – ‘occupant rights over flows, collection, use & control of personal data’; D- ‘Visibility of Emotions and Bodies’; & E – ‘Surveillance of Everyday Routine Activities’. We conclude by summarising key challenges for Adaptive Architecture, regulation and the future of human building interaction

Slave to the Algorithm? Why a \u27Right to an Explanation\u27 Is Probably Not the Remedy You Are Looking For

Algorithms, particularly machine learning (ML) algorithms, are increasingly important to individuals’ lives, but have caused a range of concerns revolving mainly around unfairness, discrimination and opacity. Transparency in the form of a “right to an explanation” has emerged as a compellingly attractive remedy since it intuitively promises to open the algorithmic “black box” to promote challenge, redress, and hopefully heightened accountability. Amidst the general furore over algorithmic bias we describe, any remedy in a storm has looked attractive. However, we argue that a right to an explanation in the EU General Data Protection Regulation (GDPR) is unlikely to present a complete remedy to algorithmic harms, particularly in some of the core “algorithmic war stories” that have shaped recent attitudes in this domain. Firstly, the law is restrictive, unclear, or even paradoxical concerning when any explanation-related right can be triggered. Secondly, even navigating this, the legal conception of explanations as “meaningful information about the logic of processing” may not be provided by the kind of ML “explanations” computer scientists have developed, partially in response. ML explanations are restricted both by the type of explanation sought, the dimensionality of the domain and the type of user seeking an explanation. However, “subject-centric explanations (SCEs) focussing on particular regions of a model around a query show promise for interactive exploration, as do explanation systems based on learning a model from outside rather than taking it apart (pedagogical versus decompositional explanations) in dodging developers\u27 worries of intellectual property or trade secrets disclosure. Based on our analysis, we fear that the search for a “right to an explanation” in the GDPR may be at best distracting, and at worst nurture a new kind of “transparency fallacy.” But all is not lost. We argue that other parts of the GDPR related (i) to the right to erasure ( right to be forgotten ) and the right to data portability; and (ii) to privacy by design, Data Protection Impact Assessments and certification and privacy seals, may have the seeds we can use to make algorithms more responsible, explicable, and human-centered

Legal Application of the Right to Data Portability In Peer To Peer Lending in Indonesia

Once Personal Data entered into an Electronic System has become Electronic Information in digital form. It can be seen using parameters that the Personal Data is no longer in atom base format but has changed to byte base format. Electronic Information in IT Law approach can be transmitted between Electronic Systems in a possible connection. Data Portability arise, one of which is to allow Data Subject as the Application User to transmit his Personal Data from one Electronic System to another for his own benefit, with the consent and or request of the Data Subject. The development of Data Portability is influenced by the European Union through the General Data Protection Regulation (GDPR), where this is one of the factors that must be considered along with the development of Data is The New Oil phenomenon. P2P Lending business model as a part of Financial Technology (Fintech) in the registration process for Lending accounts is also related to Data Portability. This journal discusses on how the application of The Right to Data Portability in P2P Lending in Indonesia

Adaptive Architecture:Regulating human building interaction

In this paper, we explore the regulatory, technical and interactional implications of Adaptive Architecture (AA) and how it will recalibrate the nature of human-building interaction. We comprehensively unpack the emergence and history of this novel concept, reflecting on the current state of the art and policy foundations supporting it. As AA is underpinned by the Internet of Things (IoT), we consider how regulatory and surveillance issues posed by the IoT are manifesting in the built environment. In our analysis, we utilise a prominent architectural model, Stuart Brand’s Shearing Layers, to understand temporal change and informational flows across different physical layers of a building. We use three AA applications to situate our analysis, namely a smart IoT security camera; an AA research prototype; and an AA commercial deployment. Focusing on emerging information privacy and security regulations, particularly the EU General Data Protection Regulation 2016, we examine AA from 5 perspectives: physical & information security risks; challenges of establishing responsibility; enabling occupant rights over flows, collection, use & control of personal data; addressing increased visibility of emotions and bodies; understanding surveillance of everyday routine activities. We conclude with key challenges for AA regulation and the future of human–building interaction