1,968 research outputs found

    Big Data Ethics in Research

    Get PDF
    The main problems faced by scientists in working with Big Data sets, highlighting the main ethical issues, taking into account the legislation of the European Union. After a brief Introduction to Big Data, the Technology section presents specific research applications. There is an approach to the main philosophical issues in Philosophical Aspects, and Legal Aspects with specific ethical issues in the EU Regulation on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (Data Protection Directive - General Data Protection Regulation, "GDPR"). The Ethics Issues section details the specific aspects of Big Data. After a brief section of Big Data Research, I finalize my work with the presentation of Conclusions on research ethics in working with Big Data. CONTENTS: Abstract 1. Introduction - 1.1 Definitions - 1.2 Big Data dimensions 2. Technology - 2.1 Applications - - 2.1.1 In research 3. Philosophical aspects 4. Legal aspects - 4.1 GDPR - - Stages of processing of personal data - - Principles of data processing - - Privacy policy and transparency - - Purposes of data processing - - Design and implicit confidentiality - - The (legal) paradox of Big Data 5. Ethical issues - Ethics in research - Awareness - Consent - Control - Transparency - Trust - Ownership - Surveillance and security - Digital identity - Tailored reality - De-identification - Digital inequality - Privacy 6. Big Data research Conclusions Bibliography DOI: 10.13140/RG.2.2.11054.4640

    A Consent Framework for the Internet of Things in the GDPR Era

    Get PDF
    The Internet of Things (IoT) is an environment of connected physical devices and objects that communicate amongst themselves over the internet. The IoT is based on the notion of always-connected customers, which allows businesses to collect large volumes of customer data to give them a competitive edge. Most of the data collected by these IoT devices include personal information, preferences, and behaviors. However, constant connectivity and sharing of data create security and privacy concerns. Laws and regulations like the General Data Protection Regulation (GDPR) of 2016 ensure that customers are protected by providing privacy and security guidelines to businesses. Data subjects (users) should be informed on what information is being collected about them and if they consent or not. This dissertation proposes a consent framework that consists of data collection, consent collection, consent management, consent enforcement, and consent auditing. In the framework, there are GDPR requirements embedded in different components of the framework. The consent framework can help organizations to be GDPR consent compliant. In our evaluation of the solution, the results show that our solution has coverage over GDPR consent based on our use case. Our main contributions are the consent framework, consent manager, and the consent auditing tool

    Rethinking data and rebalancing digital power

    Get PDF
    This report highlights and contextualises four cross-cutting interventions with a strong potential to reshape the digital ecosystem: 1. Transforming infrastructure into open and interoperable ecosystems. 2. Reclaiming control of data from dominant companies. 3. Rebalancing the centres of power with new (non-commercial) institutions. 4. Ensuring public participation as an essential component of technology policymaking. The interventions are multidisciplinary and they integrate legal, technological, market and governance solutions. They offer a path towards addressing present digital challenges and the possibility for a new, healthy digital ecosystem to emerge. What do we mean by a healthy digital ecosystem? One that privileges people over profit, communities over corporations, society over shareholders. And, most importantly, one where power is not held by a few large corporations, but is distributed among different and diverse models, alongside people who are represented in, and affected by the data used by those new models. The digital ecosystem we propose is balanced, accountable and sustainable, and imagines new types of infrastructure, new institutions and new governance models that can make data work for people and society. Some of these interventions can be located within (or built from) emerging and recently adopted policy initiatives, while others require the wholesale overhaul of regulatory regimes and markets. They are designed to spark ideas that political thinkers, forward-looking policymakers, researchers, civil society organisations, funders and ethical innovators in the private sector consider and respond to when designing future regulations, policies or initiatives around data use and governance. This report also acknowledges the need to prepare the ground for the more ambitious transformation of power relations in the digital ecosystem. Even a well-targeted intervention won't change the system unless it is supported by relevant institutions and behavioural change

    The future of Cybersecurity in Italy: Strategic focus area

    Get PDF
    This volume has been created as a continuation of the previous one, with the aim of outlining a set of focus areas and actions that the Italian Nation research community considers essential. The book touches many aspects of cyber security, ranging from the definition of the infrastructure and controls needed to organize cyberdefence to the actions and technologies to be developed to be better protected, from the identification of the main technologies to be defended to the proposal of a set of horizontal actions for training, awareness raising, and risk management

    After Over-Privileged Permissions: Using Technology and Design to Create Legal Compliance

    Get PDF
    Consumers in the mobile ecosystem can putatively protect their privacy with the use of application permissions. However, this requires the mobile device owners to understand permissions and their privacy implications. Yet, few consumers appreciate the nature of permissions within the mobile ecosystem, often failing to appreciate the privacy permissions that are altered when updating an app. Even more concerning is the lack of understanding of the wide use of third-party libraries, most which are installed with automatic permissions, that is permissions that must be granted to allow the application to function appropriately. Unsurprisingly, many of these third-party permissions violate consumers’ privacy expectations and thereby, become “over-privileged” to the user. Consequently, an obscurity of privacy expectations between what is practiced by the private sector and what is deemed appropriate by the public sector is exhibited. Despite the growing attention given to privacy in the mobile ecosystem, legal literature has largely ignored the implications of mobile permissions. This article seeks to address this omission by analyzing the impacts of mobile permissions and the privacy harms experienced by consumers of mobile applications. The authors call for the review of industry self-regulation and the overreliance upon simple notice and consent. Instead, the authors set out a plan for greater attention to be paid to socio-technical solutions, focusing on better privacy protections and technology embedded within the automatic permission-based application ecosystem

    Blockchains and the European Data Protection and Privacy Law

    Get PDF
    Technology is the application of scientific knowledge. New scientific knowledge produces new technologies and new technologies necessarily expose new vulnerabilities in our laws and legal thinking. Blockchain technology, by allowing us to reduce and even eliminate the role of the middleman in our transactions, triggers a significant paradigm shift in how we deal with value. It is often said in online communities that internet democratizes access to information and blockchain democratizes the access to truth. The aim of this work is to shed light on the unchartered territory of the blockchain with the lenses of the EU data protection and privacy law, and offer an in-depth analysis of the greatest issues the blockchain presents with possible solutions and policy recommendations

    Blockchain and public procurement

    Get PDF
    Public procurement relies in an apparent irreconcilability between competition, which implies some confidentiality, and transparency. The latest Public Procurement Directives have made e-procurement a mandatory feature. Since blockchain technology has been developed and designed to accomplish integrity, transparency, efficiency and data accuracy, goals which are very much appreciated in public procurement, an interesting question then arises: is there room to apply this technology within public procurement procedures? Will smart contracts be an interesting tool within public procurement? Considering public duties such as data protection, which must be complied with by contracting authorities, and some blockchain features such as non-withdrawable information and the likely broad access to the information there enclosed, one can be drawn to conclude that there is no possible conciliation between these two procedures. The mandatory e-procurement implies some neighbouring problems with this technology. Yet, are there any technological solutions for some of the drawbacks?info:eu-repo/semantics/acceptedVersio

    Decentralized Inverse Transparency With Blockchain

    Full text link
    Employee data can be used to facilitate work, but their misusage may pose risks for individuals. Inverse transparency therefore aims to track all usages of personal data, allowing individuals to monitor them to ensure accountability for potential misusage. This necessitates a trusted log to establish an agreed-upon and non-repudiable timeline of events. The unique properties of blockchain facilitate this by providing immutability and availability. For power asymmetric environments such as the workplace, permissionless blockchain is especially beneficial as no trusted third party is required. Yet, two issues remain: (1) In a decentralized environment, no arbiter can facilitate and attest to data exchanges. Simple peer-to-peer sharing of data, conversely, lacks the required non-repudiation. (2) With data governed by privacy legislation such as the GDPR, the core advantage of immutability becomes a liability. After a rightful request, an individual's personal data need to be rectified or deleted, which is impossible in an immutable blockchain. To solve these issues, we present Kovacs, a decentralized data exchange and usage logging system for inverse transparency built on blockchain. Its new-usage protocol ensures non-repudiation, and therefore accountability, for inverse transparency. Its one-time pseudonym generation algorithm guarantees unlinkability and enables proof of ownership, which allows data subjects to exercise their legal rights regarding their personal data. With our implementation, we show the viability of our solution. The decentralized communication impacts performance and scalability, but exchange duration and storage size are still reasonable. More importantly, the provided information security meets high requirements. We conclude that Kovacs realizes decentralized inverse transparency through secure and GDPR-compliant use of permissionless blockchain.Comment: Peer-reviewed version accepted for publication in ACM Distributed Ledger Technologies: Research and Practice (DLT). arXiv admin note: substantial text overlap with arXiv:2104.0997

    Seeing Humans in the Data: Ethical Blind Spots of Taiwan Academic Researchers in the Era of Behavioral Big Data

    Get PDF
    The advent of Behavioral Big Data (BBD) has profoundly impacted research ethics. At the same time, academic disciplines with no experience in human subjects research increasingly make use of BBD datasets. In this first-of-its-kind study, we evaluate Taiwan academic researchers’ knowledge and awareness of data ethics using a series of four BBD-based hypothetical research scenarios. We uncover several data ethics blind spots affecting academic researchers. Through the results of this research we hope to strengthen academic researchers’ data ethics awareness and knowledge in the context of BBD, and provide suggestions for improving the ethics training of academic researchers conducting BBD studies. We also contribute a re-conceptualization of data ethics encompassing both traditional human subjects research ethics and new paradigms for the regulation of personal data, such as the General Data Protection Regulation (GDPR)

    Impossible Asks: Can the Transparency and Consent Framework Ever Authorise Real-Time Bidding After the Belgian DPA Decision?

    Get PDF
    On 2 February 2022, the Belgian Data Protection Authority handed down a decision concerning IAB Europe and its Transparency and Consent Framework (TCF), a system designed to facilitate compliance of real-time bidding (RTB), a widespread online advertising approach, with the GDPR. Here, we summarise and analyse this large, complex case. We argue that by characterising IAB Europe as a joint controller with RTB actors, this important decision gives DPAs an agreed-upon blueprint to deal with a structurally difficult enforcement challenge. Furthermore, under the DPA’s simple-looking remedial orders are deep technical and organisational tensions. We analyse these “impossible asks”, concluding that absent a fundamental change to RTB, IAB Europe will be unable to adapt the TCF to bring RTB into compliance with the decision
    • 

    corecore