Thoughts on General Data Protection Regulation and Online Human Surveillance

The European Union General Data Protection Regulation (GDPR) has introduced online privacy and transparency for consumers as well as legal considerations that companies must address

Surveillance, big data and democracy: lessons for Australia from the US and UK

This article argues that current laws are ill-equipped to deal with the multifaceted threats to individual privacy by governments, corporations and our own need to participate in the information society. Introduction In the era of big data, where people find themselves surveilled in ever more finely granulated aspects of their lives, and where the data profiles built from an accumulation of data gathered about themselves and others are used to predict as well as shape their behaviours, the question of privacy protection arises constantly. In this article we interrogate whether the discourse of privacy is sufficient to address this new paradigm of information flow and control. What we confront in this area is a set of practices concerning the collection, aggregation, sharing, interrogation and uses of data on a scale that crosses private and public boundaries, jurisdictional boundaries, and importantly, the boundaries between reality and simulation. The consequences of these practices are emerging as sometimes useful and sometimes damaging to governments, citizens and commercial organisations. Understanding how to regulate this sphere of activity to address the harms, to create an infrastructure of accountability, and to bring more transparency to the practices mentioned, is a challenge of some complexity. Using privacy frameworks may not provide the solutions or protections that ultimately are being sought. This article is concerned with data gathering and surveillance practices, by business and government, and the implications for individual privacy in the face of widespread collection and use of big data. We will firstly outline the practices around data and the issues that arise from such practices. We then consider how courts in the United Kingdom (‘UK’) and the United States (‘US’) are attempting to frame these issues using current legal frameworks, and finish by considering the Australian context. Notably the discourse around privacy protection differs significantly across these jurisdictions, encompassing elements of constitutional rights and freedoms, specific legislative schemes, data protection, anti-terrorist and criminal laws, tort and equity. This lack of a common understanding of what is or what should be encompassed within privacy makes it a very fragile creature indeed. On the basis of the exploration of these issues, we conclude that current laws are ill-equipped to deal with the multifaceted threats to individual privacy by governments, corporations and our own need to participate in the information society

All or nothing: this is the question? The application of article 3(2) Data Protection Directive 95/46/EC to the Internet

The Data Protection Directive 95/46/EC (hereinafter the “Directive”) was passed in 1995 to harmonise the national data protection laws within the European Community with the aim of protecting the fundamental rights and freedoms of individuals including their privacy as set out under Art. 1 of the Data Protection Directive. The rules governing the processing of personal data are deemed to be inapplicable in the two instances outlined by Art.3(2). Processing of personal data taking place as part of activities falling outside of Community law are excluded from the DPD. The Directive is also deemed to be inapplicable if the processing of personal data is undertaken by a natural person in the course of a purely personal or household activity. It is the second part of Art. 3(2), which is examined in more detail. The ruling by the European Court of Justice in Lindqvist provides us with a fresh opportunity to re-examine whether the policy justifications for the exclusion under Art 3(2) continue to remain relevant in the light of widespread use of new technologies such as blogs, podcasts and web pages for processing and distributing information. Greater clarity regarding the implication of new communication technologies for DPD policy is necessary if the laws on data protection are to evolve in a coherent and principled manner

DRM and Privacy

Interrogating the relationship between copyright enforcement and privacy raises deeper questions about the nature of privacy and what counts, or ought to count, as privacy invasion in the age of networked digital technologies. This Article begins, in Part II, by identifying the privacy interests that individuals enjoy in their intellectual activities and exploring the different ways in which certain implementations of DRM technologies may threaten those interests. Part III considers the appropriate scope of legal protection for privacy in the context of DRM, and argues that both the common law of privacy and an expanded conception of consumer protection law have roles to play in protecting the privacy of information users. As Parts II and III demonstrate, consideration of how the theory and law of privacy should respond to the development and implementation of DRM technologies also raises the reverse question: How should the development and implementation of DRM technologies respond to privacy theory and law? As artifacts designed to regulate user behavior, DRM technologies already embody value choices. Might privacy itself become one of the values embodied in DRM design? Part IV argues that with some conceptual and procedural adjustments, DRM technologies and related standard-setting processes could be harnessed to preserve and protect privacy

Filtering, Piracy Surveillance and Disobedience

There has always been a cyclical relationship between the prevention of piracy and the protection of civil liberties. While civil liberties advocates previously warned about the aggressive nature of copyright protection initiatives, more recently, a number of major players in the music industry have eventually ceded to less direct forms of control over consumer behavior. As more aggressive forms of consumer control, like litigation, have receded, we have also seen a rise in more passive forms of consumer surveillance. Moreover, even as technology has developed more perfect means for filtering and surveillance over online piracy, a number of major players have opted in favor of “tolerated use,” a term coined by Professor Tim Wu to denote the allowance of uses that may be otherwise infringing, but that are allowed to exist for public use and enjoyment. Thus, while the eventual specter of copyright enforcement and monitoring remains a pervasive digital reality, the market may fuel a broad degree of consumer freedom through the toleration or taxation of certain kinds of activities. This Article is meant largely to address and to evaluate these shifts by drawing attention to the unique confluence of these two important moments: the growth of tolerated uses, coupled with an increasing trend towards more passive forms of piracy surveillance in light of the balance between copyright enforcement and civil liberties. The content industries may draw upon a broad definition of disobedience in their campaigns to educate the public about copyright law, but the market’s allowance of DRM-free content suggests an altogether different definition. The divide in turn between copyright enforcement and civil liberties results in a perfect storm of uncertainty, suggesting the development of an even further division between the role of the law and the role of the marketplace in copyright enforcement and innovation, respectively

Data-driven personalisation and the law - a primer: collective interests engaged by personalisation in markets, politics and law

Interdisciplinary Workshop on â��Data-Driven Personalisation in Markets, Politics and Law' on 28 June 2019Southampton Law School will be hosting an interdisciplinary workshop on the topic of â��Data-Driven Personalisation in Markets, Politics and Law' on Friday 28 June 2019, which will explore the pervasive and growing phenomenon of â��personalisationâ�� â�� from behavioural advertising in commerce and micro-targeting in politics, to personalised pricing and contracting and predictive policing and recruitment. This is a huge area which touches upon many legal disciplines as well as social science concerns and, of course, computer science and mathematics. Within law, it goes well beyond data protection law, raising questions for criminal law, consumer protection, competition and IP law, tort law, administrative law, human rights and anti-discrimination law, law and economics as well as legal and constitutional theory. Weâ��ve written a position paper, https://eprints.soton.ac.uk/428082/1/Data_Driven_Personalisation_and_the_Law_A_Primer.pdf which is designed to give focus and structure to a workshop that we expect will be strongly interdisciplinary, creative, thought-provoking and entertaining. We like to hear your thoughts! Call for papers! Should you be interested in disagreeing, elaborating, confirming, contradicting, dismissing or just reflecting on anything in the paper and present those ideas at the workshop, send us an abstract by Friday 5 April 2019 (Ms Clare Brady [email protected] ). We aim to publish an edited popular law/social science book with the most compelling contributions after the workshop.Prof Uta Kohl, Prof James Davey, Dr Jacob Eisler<br/