Privacy Policies Across the Ages: Content of Privacy Policies 1996-2021

It is well-known that most users do not read privacy policies, but almost always tick the box to agree with them. While the length and readability of privacy policies have been well studied, and many approaches for policy analysis based on natural language processing have been proposed, existing studies are limited in their depth and scope, often focusing on a small number of data practices at single point in time. In this paper, we fill this gap by analyzing the 25-year history of privacy policies using machine learning and natural language processing and presenting a comprehensive analysis of policy contents. Specifically, we collect a large-scale longitudinal corpus of privacy policies from 1996 to 2021 and analyze their content in terms of the data practices they describe, the rights they grant to users, and the rights they reserve for their organizations. We pay particular attention to changes in response to recent privacy regulations such as the GDPR and CCPA. We observe some positive changes, such as reductions in data collection post-GDPR, but also a range of concerning data practices, such as widespread implicit data collection for which users have no meaningful choices or access rights. Our work is an important step towards making privacy policies machine-readable on the user-side, which would help users match their privacy preferences against the policies offered by web services

Big data for monitoring educational systems

This report considers “how advances in big data are likely to transform the context and methodology of monitoring educational systems within a long-term perspective (10-30 years) and impact the evidence based policy development in the sector”, big data are “large amounts of different types of data produced with high velocity from a high number of various types of sources.” Five independent experts were commissioned by Ecorys, responding to themes of: students' privacy, educational equity and efficiency, student tracking, assessment and skills. The experts were asked to consider the “macro perspective on governance on educational systems at all levels from primary, secondary education and tertiary – the latter covering all aspects of tertiary from further, to higher, and to VET”, prioritising primary and secondary levels of education

MCTs and universities: new risks, new visibilities and new vulnerabilities

Universities have long used new technologies to enhance teaching but mobile communication technologies (MCTs) are posing new ethical and policy challenges. The capture functions on MCTs bring considerable benefits in terms of a student being able to play back and review what was said in the teaching rooms. However, the convergence and connectivity of web 2.0 and its successors add new, as yet largely uncharted dimensions. It not only extends the classroom but also renders previously bounded teaching and residential spaces porous as anybody who has access to these rooms and a MCT can capture and open to outside scrutiny what previously would have been relatively private spaces. This has contradictory ethical implications. Abuses of power and indiscretions can be held to account before wider public opinion. However, the capture and dissemination of sensitive personal information in the form of the opinions, beliefs and ideas of students and staff can expose individuals to risk. Furthermore, the technologies also enable acceptable content to be edited and/or reformed into mashups that may not be intended to be malicious but have the potential for reputational damage. This paper explores these issues first in terms of a range of events and incidents that highlight new vulnerabilities and visibilities. It then outlines some of the policy responses in the United States in terms of cyberbullying; in the UK under data protection; and the implications of a proposed new EU directive. However, it argues, that the fundamental limitation with all of these is that ultimately the institution does not own the device and therefore its control of how it is used is limited. The paper concludes with some preliminary findings on how a handful of British universities are adopting a proactive response here

Mandate-driven networking eco-system : a paradigm shift in end-to-end communications

The wireless industry is driven by key stakeholders that follow a holistic approach of "one-system-fits-all" that leads to moving network functionality of meeting stringent End-to-End (E2E) communication requirements towards the core and cloud infrastructures. This trend is limiting smaller and new players for bringing in new and novel solutions. For meeting these E2E requirements, tenants and end-users need to be active players for bringing their needs and innovations. Driving E2E communication not only in terms of quality of service (QoS) but also overall carbon footprint and spectrum efficiency from one specific community may lead to undesirable simplifications and a higher level of abstraction of other network segments may lead to sub-optimal operations. Based on this, the paper presents a paradigm shift that will enlarge the role of wireless innovation at academia, Small and Medium-sized Enterprises (SME)'s, industries and start-ups while taking into account decentralized mandate-driven intelligence in E2E communications

Security and Online learning: to protect or prohibit

The rapid development of online learning is opening up many new learning opportunities. Yet, with this increased potential come a myriad of risks. Usable security systems are essential as poor usability in security can result in excluding intended users while allowing sensitive data to be released to unacceptable recipients. This chapter presents findings concerned with usability for two security issues: authentication mechanisms and privacy. Usability issues such as memorability, feedback, guidance, context of use and concepts of information ownership are reviewed within various environments. This chapter also reviews the roots of these usability difficulties in the culture clash between the non-user-oriented perspective of security and the information exchange culture of the education domain. Finally an account is provided of how future systems can be developed which maintain security and yet are still usable

Made in the USA? The influence of the US on the EU's data protection regime. CEPS Liberty and Security, November 2009

Recent developments have shown that the EU’s border security policy is greatly influenced by the US. This influence simultaneously has implications for other EU policies, including those on data protection. This paper highlights that policy-making at the transatlantic level is increasingly taking place through informal networks, such as the High-Level Political Dialogue on Border and Transportation Security and the High-Level Contact Group on data protection, which allow US involvement in EU policy-making. This tendency stems from the growing personal relationships among policy-makers, the gradual substitution of formal instruments with less formal contracts and informal understandings shaping the content of formal agreements. Drawing from empirical examples of EU–US cooperation on data protection in the context of homeland security, the paper analyses the repercussions of these developments and the issues that remain unresolved, and offers policy recommendations