Defining a new paradigm for data protection in the world of Big Data analytics

All the ongoing proposals for a reform of data protection regulations, both in the U.S. and Europe, are still focused on the purpose limitation principle and the “notice and choice” model. This approach is inadequate in the present Big Data context. The paper suggests a revision of the existing model and proposes the provision of a subset of rules for Big Data processing, which is based on the opt-out model and on a deeper level of control by data protection authorities

Change of Purpose - The effects of the Purpose Limitation Principle in the General Data Protection Regulation on Big Data Profiling

Over the past few years, many companies have started to adopt Big Data technologies. Big Data is a method and technology that allows the collection and analysis of huge amounts of all kinds of data, mainly in digital form. Big Data can be used, for example, to create profiles of online shopping users to target ads. I call this Big Data Profiling. Facebook and Google, for example, are able to estimate attributes, such as gender, age and interests, from data provided by their users. This can be worrisome for many users who feel that their privacy is infringed when the Big Data Profiling companies, for example, are able to send advertisements to the users that are scarily relevant to them. Big Data Profiling relies on a vast amount of collected data. Often, at the time of collection, it is not clear how exactly this data will be used and analyzed. The new possibilities with Big Data Profiling have led to companies collecting as much data as possible, and then later figuring out how to extract value from this data. This model can be described as “collect-before select”, since the data is first collected, and then “mined” for correlations that can be used to profile users. In this thesis I analyze whether this form of collection and usage of Personal Data is legal under the General Data Protection Regulation (GDPR), which enters into force in the European Union on 25 May 2018. While many of the provisions of the GDPR already existed in the Data Protection Directive (DPD) since 1995, they have been reinforced and extended in the GDPR. One of the main principles of the GDPR is that of Purpose Limitation. While the principle already exists under the DPD in a very similar fashion, it is likely that it will be enforced more under the GDPR, since the GDPR is directly applicable in member states instead of having to be implemented. The enforcement mechanisms, such as sanctions, have also been significantly strengthened. The Purpose Limitation Principle requires the data controller (such as companies processing Personal Data, like Facebook and Google) to have a specified purpose for and during the collection of Personal Data. Further, the Personal Data cannot be processed beyond this purpose after it has been collected. This seems to run contrary to Big Data Profiling, which regularly looks for purposes only after the Personal Data has been collected. However, I have identified three potential ways the “collect before select” model could still be possible under the GDPR. The first possibility is the anonymization of Personal Data. If data can be efficiently anonymized, it will fall outside of the scope of the GDPR because it will not contain Personal Data after the anonymization. The controller is then free to analyze the data for any purpose, including creating models that could be used to profile other users. However, I found that Big Data methods can often reidentify Personal Data that has been previously anonymized. In such cases even purportedly anonymized data may still fall under the scope of the GDPR. If on the other hand enough Personal Data is removed to make reidentification impossible, the value of the data for large parts of the business world is likely destroyed. The second possibility is collecting Personal Data for a specified purpose that is defined so widely that it covers all potential future use cases. If a controller can collect Personal Data for a vague purpose, such as “marketing”, the controller will have a lot of flexibility in using the data while still being covered by the initial purpose. I found that the GDPR requires data controllers (such as companies) to have a purpose for the data collection that is specific enough so that the data subject is able to determine exactly which kinds of processing the controller will undertake. Having a non-existent or too vague purpose is not sufficient under the GDPR. Companies that collect data with no, or an only vaguely defined, purpose and then try to find a specific purpose for the collected data later will therefore have to stop this practice. The third possibility can be used if the controller wants to re-use Personal Data for further purposes, after the controller has collected the Personal Data initially in compliance with the GDPR for a specified purpose. In this case, the GDPR offers certain possibilities of further processing this data outside of the initial purpose. The GDPR allows this for example if the data subject has given consent to the new purpose. However, I found that Big Data Profiling companies often come up with new purposes later by “letting the data speak”, which means by analyzing the data itself to find new purposes. Before performing an analysis, often the company might not even know how the processing will be done later. In that case, it is impossible to request the data subject’s specific consent, which is required under the GDPR. Even without the data subject’s consent, there are however other possibilities of further processing data under the GDPR, such as determining whether the new processing is compatible with the initial purpose. My thesis examines some of those possibilities for a change of purpose under Big Data Profiling. My conclusion is that the GDPR likely means a drastic impact and limitation on Big Data Profiling as we know it. Personal Data cannot be collected without a purpose or with a vague purpose. Even Personal Data that was collected for a specific purpose cannot be re-used for another purpose except for in very few circumstances. Time will tell how the courts interpret the GDPR and decide different situations, how the companies will adapt to them and if the legislator will react to this reality

Systems thinking, big data, and data protection law: Using Ackoff’s Interactive Planning to respond to emergent policy challenges.

This document is the Accepted Manuscript of the following article: Henry Pearce, ‘Systems Thinking, Big Data, and Data Protection Law Using Ackoff’s Interactive Planning to Respond to Emergent Policy Challenges’, European Journal of Law Reform, Issue 4, 2016, available online at: https://www.elevenjournals.com/tijdschrift/ejlr/2016/4/EJLR_1387-2370_2016_018_004_004This article examines the emergence of big data and how it poses a number of significant novel challenges to the smooth operation of some the European data protection framework’s fundamental tenets. Building on previous research in the area, the article argues that recent proposals for reform in this area, as well as proposals based on conventional approaches to policy making and regulatory design more generally, will likely be ill-equipped to deal with some of big data’s most severe emergent difficulties. Instead, it is argued that novel, and possibly unorthodox approaches to regulation and policy design premised on systems thinking methodologies may represent attractive and alternative ways forward. As a means of testing this general hypothesis, the article considers Interactive Planning, a systems thinking methodology popularised by the organisational theorist Russel Ackoff, as a particular embryonic example of one such methodological approach, and, using the challenges posed by big data to the principle of purpose limitation as a case study, explores whether its usage may be beneficial in the development of data protection law and policy in the big data environment.Peer reviewedFinal Accepted Versio

The future of consumer data protection in the E.U. Rethinking the “notice and consent” paradigm in the new era of predictive analytics

The new E.U. proposal for a general data protection regulation has been introduced to give an answer to the challenges of the evolving digital environment. In some cases, these expectations could be disappointed, since the proposal is still based on the traditional main pillars of the last generation of data protection laws. In the field of consumer data protection, these pillars are the purpose specification principle, the use limitation principle and the “notice and consent” model. Nevertheless, the complexity of data processing, the power of modern analytics and the “transformative” use of personal information drastically limit the awareness of consumers, their capability to evaluate the various consequences of their choices and to give a free and informed consent. To respond to the above, it is necessary to clarify the rationale of the “notice and consent” paradigm, looking back to its origins and assessing its effectiveness in a world of predictive analytics. From this perspective, the paper considers the historical evolution of data protection and how the fundamental issues coming from the technological and socio-economic contexts have been addressed by regulations. On the basis of this analysis, the author suggests a revision of the “notice and consent” model focused on the opt-in and proposes the adoption of a different approach when, such as in Big Data collection, the data subject cannot be totally aware of the tools of analysis and their potential output. For this reason, the author sustains the provision of a subset of rules for Big Data analytics, which is based on a multiple impact assessment of data processing, on a deeper level of control by data protection authorities, and on the different opt-out model

Averting Robot Eyes

Home robots will cause privacy harms. At the same time, they can provide beneficial services—as long as consumers trust them. This Essay evaluates potential technological solutions that could help home robots keep their promises, avert their eyes, and otherwise mitigate privacy harms. Our goals are to inform regulators of robot-related privacy harms and the available technological tools for mitigating them, and to spur technologists to employ existing tools and develop new ones by articulating principles for avoiding privacy harms. We posit that home robots will raise privacy problems of three basic types: (1) data privacy problems; (2) boundary management problems; and (3) social/relational problems. Technological design can ward off, if not fully prevent, a number of these harms. We propose five principles for home robots and privacy design: data minimization, purpose specifications, use limitations, honest anthropomorphism, and dynamic feedback and participation. We review current research into privacy-sensitive robotics, evaluating what technological solutions are feasible and where the harder problems lie. We close by contemplating legal frameworks that might encourage the implementation of such design, while also recognizing the potential costs of regulation at these early stages of the technology

Universal Constants, Standard Models and Fundamental Metrology

Taking into account four universal constants, namely the Planck's constant $h$, the velocity of light $c$, the constant of gravitation $G$ and the Boltzmann's constant $k$ leads to structuring theoretical physics in terms of three theories each taking into account a pair of constants: the quantum theory of fields ($h$ and $c$), the general theory of relativity ($c$ and $G$) and quantum statistics ($h$ and $k$). These three theories are not yet unified but, together, they underlie the standard models that allow a satisfactory phenomenological description of all experimental or observational data, in particle physics and in cosmology and they provide, through the modern interpretation of quantum physics, fundamental metrology with a reliable theoretical basis

FSL-BM: Fuzzy Supervised Learning with Binary Meta-Feature for Classification

This paper introduces a novel real-time Fuzzy Supervised Learning with Binary Meta-Feature (FSL-BM) for big data classification task. The study of real-time algorithms addresses several major concerns, which are namely: accuracy, memory consumption, and ability to stretch assumptions and time complexity. Attaining a fast computational model providing fuzzy logic and supervised learning is one of the main challenges in the machine learning. In this research paper, we present FSL-BM algorithm as an efficient solution of supervised learning with fuzzy logic processing using binary meta-feature representation using Hamming Distance and Hash function to relax assumptions. While many studies focused on reducing time complexity and increasing accuracy during the last decade, the novel contribution of this proposed solution comes through integration of Hamming Distance, Hash function, binary meta-features, binary classification to provide real time supervised method. Hash Tables (HT) component gives a fast access to existing indices; and therefore, the generation of new indices in a constant time complexity, which supersedes existing fuzzy supervised algorithms with better or comparable results. To summarize, the main contribution of this technique for real-time Fuzzy Supervised Learning is to represent hypothesis through binary input as meta-feature space and creating the Fuzzy Supervised Hash table to train and validate model.Comment: FICC201

BUILDING SCOUTING ACHIEVEMENT SYSTEM (Potentials and Obstacles)

The purpose of this research is to rising up a scouting achievement system that coming from potentials and obstacles at SMA N 1 Sukoharjo and SMA N 1 Wonogiri which both of them have a really good achievement at scouting competition. The system that coming up from this research very helpful for human resource management especialy on developing organizational system for educational level. This research using qualitative method which the collective data method using interview, self-conduct observation, life history, personal experience, documents and important note deeply for certain period of time to get further information about scouting achievement system from it potentials and obstacles. This research object are schools which have achievement in scouting there are SMA N 1 Sukoharjo and SMA N 1 Wonogiri. Come after the informant for this research are scout master, scout leader, and alumni who still active for helping on scouting activities on each school. The result indicates gradually a scouting achievement system must have a good organization system and training and education system. Organization system component are recruitment and member positioning, financial and facilities management, followed by having a good relationship within scouting member in or out school. Training and education system component are routine training, leadership, competition preparation exercise followed by team competition development