Online Personal Data Processing and EU Data Protection Reform. CEPS Task Force Report, April 2013

This report sheds light on the fundamental questions and underlying tensions between current policy objectives, compliance strategies and global trends in online personal data processing, assessing the existing and future framework in terms of effective regulation and public policy. Based on the discussions among the members of the CEPS Digital Forum and independent research carried out by the rapporteurs, policy conclusions are derived with the aim of making EU data protection policy more fit for purpose in today’s online technological context. This report constructively engages with the EU data protection framework, but does not provide a textual analysis of the EU data protection reform proposal as such

Privacy CURE: Consent Comprehension Made Easy

Although the General Data Protection Regulation (GDPR) defines several potential legal bases for personal data processing, in many cases data controllers, even when they are located outside the European Union (EU), will need to obtain consent from EU citizens for the processing of their personal data. Unfortunately, existing approaches for obtaining consent, such as pages of text followed by an agreement/disagreement mechanism, are neither specific nor informed. In order to address this challenge, we introduce our Consent reqUest useR intErface (CURE) prototype, which is based on the GDPR requirements and the interpretation of those requirements by the Article 29 Working Party (i.e., the predecessor of the European Data Protection Board). The CURE prototype provides transparency regarding personal data processing, more control via a customization, and, based on the results of our usability evaluation, improves user comprehension with respect to what data subjects actually consent to. Although the CURE prototype is based on the GDPR requirements, it could potentially be used in other jurisdictions also

Mobile Privacy and Business-to-Platform Dependencies: An Analysis of SEC Disclosures

This Article systematically examines the dependence of mobile apps on mobile platforms for the collection and use of personal information through an analysis of Securities and Exchange Commission (SEC) filings of mobile app companies. The Article uses these disclosures to find systematic evidence of how app business models are shaped by the governance of user data by mobile platforms, in order to reflect on the role of platforms in privacy regulation more generally. The analysis of SEC filings documented in the Article produces new and unique insights into the data practices and data-related aspects of the business models of popular mobile apps and shows the value of SEC filings for privacy law and policy research more generally. The discussion of SEC filings and privacy builds on regulatory developments in SEC disclosures and cybersecurity of the last decade. The Article also connects to recent regulatory developments in the U.S. and Europe, including the General Data Protection Regulation, the proposals for a new ePrivacy Regulation and a Regulation of fairness in business-to-platform relations

Information for Impact: Liberating Nonprofit Sector Data

This paper explores the costs and benefits of four avenues for achieving open Form 990 data: a mandate for e-filing, an IRS initiative to turn Form 990 data into open data, a third-party platform that would create an open database for Form 990 data, and a priori electronic filing. Sections also discuss the life and usage of 990 data. With bibliographical references

The internet and public bureaucracies: towards balancing competing values

Innovation in public administration is one of the central aspects of public sector reforms. Given the procedural nature of government tasks, the adoption of the Internet and related information and communication technologies (ICT) has become critical for government organisations. The aim of this paper is to discuss the implications of the diffusion Internet led innovations in the public sector on balancing public values. Rather than diminishing their benefits, we aim at highlighting challenges and dilemmas that can emerge from ICT implementation in the public sector. The paper starts by reviewing the main trends of e-government research and show a dominant view towards managerial and private sector values embedded in the literature. To propose an alternative approach, we then draw on an empirical example from Mexico, that of the Federal Transparency and Access to Government Information Law. Using Mexico’s available statistics and secondary data, the case explores how a quicker ICT-mediated interaction between citizens and government can result in social and political dilemmas. We propose to bring into play the public value paradigm to highlight these issues. Conclusions follow

Big Data and Analytics in the Age of the GDPR

The new European General Data Protection Regulation places stringent restrictions on the processing of personally identifiable data. The GDPR does not only affect European companies, as the regulation applies to all the organizations that track or provide services to European citizens. Free exploratory data analysis is permitted only on anonymous data, at the cost of some legal risks.We argue that for the other kinds of personal data processing, the most flexible and safe legal basis is explicit consent. We illustrate the approach to consent management and compliance with the GDPR being developed by the European H2020 project SPECIAL, and highlight some related big data aspects