Measuring the Brussels Effect through Access Requests

The introduction of the GDPR reheated the ongoing debate about the extraterritorial effect of European data protection law. In this debate, Anu Bradford argued that European data protection law affects global markets through the so-called "Brussels Effect", according to which policies diffuse primarily through market mechanisms. Specifically, this phenomenon operates even when the laws of non-EU countries, which set the rules for companies operating in those markets, have not changed to adopt provisions which equal those of EU law. In this paper we investigate empirically whether the introduction of the GDPR has initiated a “Brussels Effect”, improving compliance with data protection law and exporting GDPR standards outside of Europe. By measuring compliance with the right of access for residents of the EU and Canada, we find that this is indeed the case. We suggest that the GDPR’s stronger enforcement provisions are the key driver of this effect, which allows the EU to de facto unilaterally affect companies' behavior globally

A Knowledge Structuring Framework to Support the Design of Social Media for Online Deliberation

Although online social media have achieved spectacular success in some instances, the design of such systems remains an art. In some specialized areas, such as online deliberation systems for participatory democracy, experiences from many projects have been reported in the research literature. Designers can benefit from knowledge accumulated from these experiences. However, the knowledge is dispersed and not organized for ready access by practicing professionals. This thesis proposes a framework for structuring and codifying design knowledge from published studies to help designers make design choices that will attain design objectives.MAS

Every step you fake: a comparative analysis of fitness tracker privacy and security

Introduction Canadians, and many people around the world, are increasingly purchasing, and using, electronic devices meant to capture and record the relative levels of a person’s fitness. Unlike past fitness devices, such as pedometers, electronic fitness trackers are designed to display aggregate fitness information automatically on mobile devices and, frequently, on websites developed and controlled by the company that makes the given device. This automatic collection and dissemination of fitness data began with simply monitoring the steps a person had taken in a day. Contemporary consumer fitness wearables collect a broad range of data. The number of floors, or altitudinal changes, a person climbs a day is measured, levels and deepness of sleep, and heart rate activity are all captured by best-of-class consumer-level fitness trackers. And all of this data is of interest to the wearers of the devices, to companies interested in mining and selling collected fitness data, to insurance companies, to authorities and courts of law, and even potentially to criminals motivated to steal or access data retained by fitness companies. This report explores what information is collected by the companies which develop and sell some of the most popular wearables in North America. Moreover, it explores whether there are differences between the information that is collected by the devices and what companies say they collect, and what they subsequently provide to consumers when compelled to disclose all the personal information that companies hold about residents of Canada. In short, the project asks: Were data which are technically collected noted in companies’ privacy policies and terms of service and, if so, what protections or assurances do individuals have concerning the privacy or security of that data? What of that data is classified by the company as ‘personal’ data, which is tested by issuing legally compelling requests for the company to disclose all the personal data held on a requesting individual? Does the information received by the individual match what a company asserts is ‘personally identifiable information’ in their terms of service or privacy policies

Safer Without: Korean Child Monitoring and Filtering Apps

We are grateful to Mino Choi, Esther Lim, Adam Lynn, Jakub Dalek, Adam Senft, Jeffrey Knockel for assistance and comments, and to Professor Ron Deibert for supervision.South Korea requires minors to have content filtering apps installed on their phones. A security audit of two child monitoring apps published by major Korean telecoms —KT Olleh Kidsafe and Clean Mobile Plus—finds serious security and privacy issues that put children at risk.This report is part of the Net Alert project funded by the Open Technology Fund

A Hybrid Direct Search and Model-Based Derivative-Free Optimization Method with Dynamic Decision Processing and Application in Solid-Tank Design

A derivative-free optimization (DFO) method is an optimization method that does not make use of derivative information in order to find the optimal solution. It is advantageous for solving real-world problems in which the only information available about the objective function is the output for a specific input. In this paper, we develop the framework for a DFO method called the DQL method. It is designed to be a versatile hybrid method capable of performing direct search, quadratic-model search, and line search all in the same method. We develop and test a series of different strategies within this framework. The benchmark results indicate that each of these strategies has distinct advantages and that there is no clear winner in the overall performance among efficiency and robustness. We develop the Smart DQL method by allowing the method to determine the optimal search strategies in various circumstances. The Smart DQL method is applied to a problem of solid-tank design for 3D radiation dosimetry provided by the UBCO (University of British Columbia—Okanagan) 3D Radiation Dosimetry Research Group. Given the limited evaluation budget, the Smart DQL method produces high-quality solutions

Evaluation of accuracy and precision in polymer gel dosimetry

PURPOSE: To assess the overall reproducibility and accuracy of an X-ray computed tomography (CT) polymer gel dosimetry (PGD) system and investigate what effects the use of generic, interbatch, and intrabatch gel calibration have on dosimetric and spatial accuracy.METHODS: A N-isopropylacrylamide (NIPAM)-based gel formulation optimized for X-ray CT gel dosimetry was used, and the results over four different batches of gels were analyzed. All gels were irradiated with three 6 MV beams in a calibration pattern at both the bottom and top of the dosimeter. Postirradiation CT images of the gels were processed using background subtraction, image averaging, adaptive mean filtering, and remnant artifact removal. The gel dose distributions were calibrated using a Monte Carlo (Vancouver Island Monte Carlo system) calculated dose distribution of the calibration pattern. Using the calibration results from all gels, an average or "generic" calibration curve was calculated and this generic calibration curve was used to calibrate each of the gels within the sample. For each of the gels, the irradiation pattern at the bottom of the dosimeter was also calibrated using the irradiation pattern at the top of the dosimeter to evaluate intragel calibration.RESULTS: Comparison of gel measurements with Monte Carlo dose calculations found excellent dosimetric accuracy when using an average (or generic) calibration with a mean dose discrepancy of 1.8% in the low-dose gradient region which compared to a "best-case scenario" self-calibration method with a mean dose discrepancy of 1.6%. The intragel calibration method investigated produced large dose discrepancies due to differences in dose response at the top and bottom of the dosimeter, but the use of a dose-dependent correction reduced these dose errors. Spatial accuracy was found to be excellent for the average calibration method with a mean distance-to-agreement (DTA) of 0.63 mm and 99.6% of points with a DTA < 2 mm in high-dose gradient regions. This compares favorably to the self-calibration method which produced a mean DTA of 0.61 mm and 99.8% of points with a DTA < 2 mm. Gamma analysis using a 3%/3 mm criterion also found good agreement between the gel measurement and Monte Carlo dose calculation when using either the average calibration or self-calibration methods (96.8% and 98.2%, respectively).CONCLUSIONS: An X-ray CT PGD system was evaluated and found to have excellent dosimeteric and spatial accuracy when compared to Monte Carlo dose calculations and the use of generic and interbatch calibration methods were found to be effective. The establishment of the accuracy and reproducibility of this system provides important information for clinical implementation

Measuring the brussels effect through access requests: Has the European General Data Protection Regulation Influenced the Data Protection Rights of Canadian Citizens?

We investigate empirically whether the introduction of the General Data Protection Regulation (GDPR) improved compliance with data protection rights of people who are not formally protected under GDPR. By measuring compliance with the right of access for European Union (EU) and Canadian residents, we find that this is indeed the case. We argue this is likely caused by the Brussels Effect, a mechanism whereby policy diffuses primarily through market mechanisms. We suggest that a willingness to back up its rules with strong enforcement, as it did with the introduction of the GDPR, was the primary driver in allowing the EU to unilaterally affect companies' global behavior.Organisation and Governanc