Towards Privacy in Personal Data Management

We present a personal data management framework called Polis, which abides by the following principle: Ev-ery individual has absolute control over her personal data, which reside only at her own side. Preliminary results in-dicate that beyond the apparent advantages of such an en-vironment for users ’ privacy, everyday transactions remain both feasible and straightforward.

Informational privacy and security amid growing activities on electronic platforms in Nigeria: A case for data protection law

Data protection is a fundamental approach created to provide security and protection over information that are personal to individuals and are capable of identifying or leading towards the identification of individuals. Informational privacy in this context connotes the protection accorded to individuals in the processing, storage and dissemination of private information. Put differently, it suggests the misuse or unwanted use of private information. This mechanism is extremely crucial to Nigeria in today’s growing trends in information and communication technology. Essentially, this paper seeks to re-echo and underpin the importance of adopting a formidable regulation(s) towards the way and manner personal information of people are being processed, stored and disseminated. This is having regards to Nigeria’s growing interests in electronic approach to citizen’s identity management, education, business and social activities, and governance at all levels. This paper further answers questions on how porous Nigeria has become in the overall management of people’s personal information compared to other countries with effective data protection regulations. It also highlights the importance of a data protection regulation to the nation’s economy. Furthermore, unprotected use of personal information on internet has prompted another side of reservation about right to privacy. This paper equally looks at how data protection legislation will advance the right to privacy in the use of internet and information technology.Keywords: Personal Data, Human Right, Privacy, Information Technolog

Identity principles in the digital age: a closer view

Identity and its management is now an integral part of web-based services and applications. It is also a live political issue that has captured the interest of organisations, businesses and society generally. As identity management systems assume functionally equivalent roles, their significance for privacy cannot be underestimated. The Centre for Democracy and Technology has recently released a draft version of what it regards as key privacy principles for identity management in the digital age. This paper will provide an overview of the key benchmarks identified by the CDT. The focus of this paper is to explore how best the Data Protection legislation can be said to provide a framework which best maintains a proper balance between 'identity' conscious technology and an individual's expectation of privacy to personal and sensitive data. The central argument will be that increased compliance with the key principles is not only appropriate for a distributed privacy environment but will go some way towards creating a space for various stakeholders to reach consensus applicable to existing and new information communication technologies. The conclusion is that securing compliance with the legislation will prove to be the biggest governance challenge. Standard setting and norms will go some way to ease the need for centralised regulatory oversight

Decentralized Identities for Self-sovereign End-users (DISSENS)

This paper describes a comprehensive architecture and reference implementation for privacy-preserving identity management that bucks the trend towards centralization present in contemporary proposals. DISSENS integrates a technology stack which combines privacy-friendly online payments with self-sovereign personal data management using a decentralized directory service. This enables users to be in complete control of their digital identity and personal information while at the same time being able to selectively share information necessary to easily use commercial services. Our pilot demonstrates the viability of a sustainable, user-centric, standards-compliant and accessible use case for public service employees and students in the domain of retail e-commerce. We leverage innovative technologies including self-sovereign identity, privacy credentials, and privacy-friendly digital payments in combination with established standards to provide easy-to-adapt templates for the integration of various scenarios and use cases

Evaluating a Reference Architecture for Privacy Level Agreement\u27s Management

With the enforcement of the General Data Protection Regulation and the compliance to specific privacyand security-related principles, the adoption of Privacy by Design and Security by Design principles can be considered as a legal obligation for all organisations keeping EU citizens’ personal data. A formal way to support Data Controllers towards their compliance to the new regulation could be a Privacy Level Agreement (PLA), a mutual agreement of the privacy settings between a Data Controller and a Data Subject, that supports privacy management, by analysing privacy threats, vulnerabilities and Information Systems’ trust relationships. However, the concept of PLA has only been proposed on a theoretical level. In this paper, we propose a novel reference architecture to enable PLA management in practice, and we report on the application and evaluation of PLA management within the context of real-life case studies from two different domains, the public administration and the healthcare, where sensitive data is kept. The results are rather positive, indicating that the adoption of such an agreement promotes the transparency of an organisation while enhances data subjects’ trust

Beware of the Ostrich Policy: End-Users' Perceptions Towards Data Transparency and Control

End users' awareness about the data they share, the purpose of sharing that data, and their control over it, is key to establishing trust and eradicating privacy concerns. We experimented on personal data management by prototyping a Point-of-Interest recommender system in which data collected on the user can be viewed, edited, deleted, and shared via elements in the User Interface. Based on our qualitative findings, in this paper we discuss "The ostrich policy" adopted by end users who do not want to manage their personal data. We sound a waking whistle to design and model for personal data management by understanding end users' perceptions towards data transparency and control.Comment: Human Centered AI workshop (HCAI) at the 35th Conference on Neural Information Processing Systems (NeurIPS), 13 December, 202

Creating a vocabulary for data privacy : the first-year report of data privacy vocabularies and controls community group (DPVCG)

Managing privacy and understanding handling of personal data has turned into a fundamental right, at least within the European Union, with the General Data Protection Regulation (GDPR) being enforced since May 25th 2018. This has led to tools and services that promise compliance to GDPR in terms of consent management and keeping track of personal data being processed. The information recorded within such tools, as well as that for compliance itself, needs to be interoperable to provide sufficient transparency in its usage. Additionally, interoperability is also necessary towards addressing the right to data portability under GDPR as well as creation of user-configurable and manageable privacy policies. We argue that such interoperability can be enabled through agreement over vocabularies using linked data principles. The W3C Data Privacy Vocabulary and Controls Community Group (DPVCG) was set up to jointly develop such vocabularies towards interoperability in the context of data privacy. This paper presents the resulting Data Privacy Vocabulary (DPV), along with a discussion on its potential uses, and an invitation for feedback and participation

Trust, Identity, Privacy, and Security Considerations For Designing a Peer Data Sharing Platform Between People Living With HIV

Resulting from treatment advances, the Human Immunodeficiency Virus(HIV) is now a long-term condition, and digital solutions are being developed to support people living with HIV in self-management. Sharing their health data with their peers may support self-management, but the trust, identity, privacy and security (TIPS) considerations of people living with HIV remain underexplored. Working with a peer researcher who is expert in the lived experience of HIV, we interviewed 26 people living with HIV in the United Kingdom (UK) to investigate how to design a peer data sharing platform. We also conducted rating activities with participants to capture their atitudes towards sharing personal data. Our mixed methods study showed that participants were highly sophisticated in their understanding of trust and in their requirements for robust privacy and security. Tey indicated willingness to share digital identity atributes, including gender, age, medical history, health and well-being data, but not details that could reveal their personal identity. Participants called for TIPS measures to foster and to sustain responsible data sharing within their community. Tese findings can inform the development of trustworthy and secure digital platforms that enable people living with HIV to share data with their peers and provide insights for researchers who wish to facilitate data sharing in other communities with stigmatised health conditions

Trust, Identity, Privacy, and Security Considerations for Designing a Peer Data Sharing Platform Between People Living With HIV

Resulting from treatment advances, the Human Immunodeficiency Virus (HIV) is now a long-term condition, and digital solutions are being developed to support people living with HIV in self-management. Sharing their health data with their peers may support self-management, but the trust, identity, privacy and security (TIPS) considerations of people living with HIV remain underexplored. Working with a peer researcher who is expert in the lived experience of HIV, we interviewed 26 people living with HIV in the United Kingdom (UK) to investigate how to design a peer data sharing platform. We also conducted rating activities with participants to capture their attitudes towards sharing personal data. Our mixed methods study showed that participants were highly sophisticated in their understanding of trust and in their requirements for robust privacy and security. They indicated willingness to share digital identity attributes, including gender, age, medical history, health and well-being data, but not details that could reveal their personal identity. Participants called for TIPS measures to foster and to sustain responsible data sharing within their community. These findings can inform the development of trustworthy and secure digital platforms that enable people living with HIV to share data with their peers and provide insights for researchers who wish to facilitate data sharing in other communities with stigmatised health conditions

Enabling personal privacy for pervasive computing environments

Protection of personal data in the Internet is already a challenge today. Users have to actively look up privacy policies of websites and decide whether they can live with the terms of use. Once discovered, they are forced to make a ”‘take or leave”’ decision. In future living and working environments, where sensors and context-aware services are pervasive, this becomes an even greater challenge and annoyance. The environment is much more personalized and users cannot just ”‘leave”’. They require measures to prevent, avoid and detect misuse of sensitive data, as well as to be able to negotiate the purpose of use of data. We present a novel model of privacy protection, complementing the notion of enterprise privacy with the incorporation of personal privacy towards a holistic privacy management system. Our approach allows non-expert users not only to negotiate the desired level of privacy in a rather automated and simple way, but also to track and monitor the whole life-cycle of data