Blodspår i arkiven : Om integritet, personuppgifter och DNA-släktforskning i brottsutredningar / Bloodlines in the archives : About integrity, personal data and DNA genealogy in criminal investigation

Petersson, Rebecka, Persson, Cecilia

January 2021

In 2004 there was a double homicide in a Swedish town called Linköping, a small amount of DNA was found at the scene. Despite a largescale investigation, this murder would go unsolved for 16 years. In 2020 a Swedish genealogist was hired by the Swedish police and through an American commercial DNA database he was able to find the man that had gone unfound for so long. This was made possible through a change of Swedish laws in connection with the European Union’s Data Protection Regulation (GDPR), a regulation that protect the integrity of the personal data of Europeans. We have investigated how the evolution of these two legal frameworks coincides with each other, making this rather paradoxical situation possible. We have also investigated how this rather invasive technology is viewed by Swedish genealogists. These websites with their immense databases, and the technological developments in DNA technology, have changed genealogy. But they have also changed the genealogist, the foremost user of the archives today. We wanted to find out how.The investigation was conducted on three analytical levels: the legal/political, the medial and the individual level. On the legal/political level the material consists of legal texts, transcribed protocols from the Swedish Riksdag, but also two different reports on the legal status of using genetic genealogy as a method of criminal investigation. On the medial level the material consists of commercials for genealogy databases, documentaries and talk shows concerning the investigation of the murder in Linköping. On the individual level the material consists of surveys and interviews with genealogists. Follow us as we alongside police and genetic genealogists follow the bloodlines running through the archives. This is a two years master's thesis in Archival science.

Genetic genealogy

DNA genealogy

GDPR

Personal data

Integrity

Archival science

Information science

DNA-släktforskning

genetisk genealogi

GDPR

Brottsdatalagen

biopolitik

integritet

personuppgifter

arkivvetenskap

informationsvetenskap

Other Humanities not elsewhere specified

Övrig annan humaniora

Den digitalt suveräna staten : En undersökning av inställningen till nationell datalagring av personuppgifter hos statliga myndigheter / The digitally sovereign state : An investigation into the attitude towards national data storage of personal data within Swedish public authorities

Gordon Hultsjö, Joel

January 2021

The number of scandals during the past years regarding the use and misuse of digital storage of personal infor-mation in combination with the implementation of the General Data Protection Regulation (GDPR) within the EU member states, has resulted in a resurfaced discussion of sovereignty within the public sphere in relation to the storage of digital information. This master thesis examines the attitudes towards national data storage of personal data within twenty Swedish public agencies in the context of the analytical term Digital sovereignty.The thesis uses semi-structured interviews with employees working with data protection and qualitative con-tent analysis of internal documents connected to personal data management, in order to examine Swedish govern-ment agencies attitudes towards national data storage of personal information. The responses of the interviews and the internal policy documents in the area of personal data protections is viewed through the analytic term Digital sovereignty. The government agency the Swedish social security agency’s definition of Digital sovereignty is used in the thesis, which focuses on national governments ability to have control over both the technical and geograph-ical processing and storage of their citizen’s personal data.The thesis concludes that Swedish authorities takes the risk of transfer of personal data to third countries outside of the EU very seriously, while they also see the need to find legal ways to transfer personal data to these same countries. The thesis also concludes that Swedish government agencies try to avoid cloud services and are cautious in their use due to the implications they have for information and data security, while other research have shown that cloud services are used extensively within Swedish government agencies. The thesis also concludes that there is a lack of interest in national data storage of personal information within Swedish government, which can partially be attributed to the relationship between the General Data Protections Regulation and data storage regulation on a national level in Sweden. This leads to the final conclusion in this thesis, which is that there is some indication that the future of storage of personal data with the EU member states lies not in nationally managed cloud services, but rather in a federated cloud service on EU-level such as the currently ongoing project Gaia-X. This is a two years master's thesis in Archival science.

Digital Sovereignty

Cloud Service

Data storage

GDPR

Government Agencies

Information security

Digital suveränitet

Molntjänst

Datalagring

Dataskyddsförordningen

GDPR

Personuppgifter

Statliga myndigheter

Informationssäkerhet

Tredjelandsöverföring.

Other Humanities not elsewhere specified

Övrig annan humaniora

Privacy Paradox : En kvalitativ studie om svenskars medvetenhet och värnande om integritet / Privacy Paradox : A qualitative study on Swedes awareness and protection of integrity

Harzdorf, Hjördis, Talal Abdulrahman, Hanin, Duric, Sumejja

January 2019

Genom digitalisering av samhället och teknologins utveckling har marknadsföringsstrategier progressivt reformerats, från att uppmärksamma produkter mot konsumenten till att istället sätta konsumenten i fokus. Genom avancerade algoritmer, Business Intelligence och digitala DNA spår har det blivit möjligt att individualisera och rikta marknadsföring mot konsumentens intressen och även förutse individens konsumentbeteende. Samtidigt uttrycker individer ett stort värde för anonymitet och integritet online. Trots detta fortsätter konsumenter att frivilligt att lämna sin persondata, främst via olika kundklubbar, internet och sociala medier. Detta beteende påvisar en så kallad “privacy paradox”. Privacy paradox syftar på medvetenhet och oro kring utgivandet av persondata samtidigt som man agerar annorlunda. Avsikten med denna studie var att utforska om fenomenet privacy paradox existerar inom svenska konsumenters handlingar och konsumentens medvetenhet kring användning av personlig data för riktad marknadsföring online. Det empiriska materialet i denna studie består av semi-strukturerade intervjuer med sju olika respondenter gällande deras medvetenhet, tillit och integritet online. Resultatet analyserades med hjälp av den tematiska strategin för att lättare identifiera beetendemönster som respondenterna utgav. Slutligen besvaras fenomenet privacy paradox hos svenska konsumenter genom tre forskningsfrågor 1.​“Hur medvetna är svenska konsumenter om den information som de delar med sig av, i synnerhet inom riktad marknadsföring?” 2.​“Hur mycket värnar svenska konsumenter om sin integritet?” ​3.​“ Påvisar svenska konsumenter privacy paradox och varför?”. Majoriteten av respondenterna var medvetna om personliga uppgifter online, dock varierade medvetenheten om vad för information som fanns tillgänglig både för privata användare och verksamheter. Man sa sig även värna om sin integritet men ens handlingar stödde inte detta till fullo. Med hjälp av denna studie fann man att fenomenet privacy paradox existerar hos de svenska konsumenter som deltog under denna studie. Anledningar till dessa var bland annat att man inte vill bli exkluderad från samhället och det kognitiva förtroendet till verksamheter. Man litar på att de gör rätt för sig. Värnande om integritet visades då genom att man minskade mängden personinformation som andra privatpersoner kunde komma åt. En annan anledning som uppkom var svårigheten i att bryta vanor och beteendemönster. Därför fortsätter man agera på samma sätt som tidigare, trots ny kunskap samt GDPR. Respondenter hade olika nivåer av förståelse riktad marknadsföring. Det majoriteten inte var medvetna om var mängden av lagrad information samt hur den samlas in t.ex. genom cookies. / Through digitalisation of the society and the technological development, the marketing strategies has progressively been reformed. From mainly giving attention to the product towards the consumers to instead place the consumer in the center of attention. Subsequently advanced algorithms, Business Intelligence and digital DNA tracing has enabled individualisation and target marketing, for the interest of the consumer, this also gave access to predict consumer behaviour. Meanwhile individuals put a big value on anonymity and integrity online. Despite this consumers keep sharing their data voluntary, primarily through customer clubs, the internet and social media. This behaviour demonstrates a so called “privacy paradox”. Privacy paradox refers consumers awareness and concern about sharing personal data, while still sharing their information. The purpose of this study was to examine whether the phenomenon of privacy paradox exists in Swedish consumers actions and the consumer’s awareness of the use of personal data for targeted online marketing. The empirical material in this study exists of semi-structured interviews with 7 different respondents regarding their consciousness, trust and integrity online. The results were analyzed through the thematic strategy to easily identify behavioural patterns that the respondents showed. Lastly, the phenomenon of privacy paradox in Swedish consumers is answered through three research questions 1. ​“How aware are Swedish consumers regarding the information they share, particularly in target marketing? ​2. ​“How much does the Swedish consumer care about their integrity?” ​3. ​“Does the Swedish consumer show privacy paradox and why?”. The majority of the respondents were aware that personal information exists online. The awareness regarding what kind of information that is available for both private users and organisations varied. While respondents mentioned that they want to protect their privacy, their actions proved otherwise. With the help of this study, we could conclude that the phenomenon named privacy paradox exists through the information gathered from the swedish consumers that participated in this study. Reasons being the willingness to not be excluded from society and the cognitive trust towards organizations. You trust that they do the right thing. Respondents protected privacy by reducing the amount of personal information other individuals could access. Another reason that was brought up was the difficulty in changing habits and behaviour. Therefore respondents continued doing the same things as before, despite new knowledge and GDPR. Respondents showed different levels of understanding regarding targeted marketing. However the majority was not aware of the amount of stored information and how it is collected, for example through cookies.

Consumer behaviour

Online marketing

Targeted marketing

Privacy paradox

Cookies

Metadata. Awareness

Integrity

Cognitive Trust

Konsumentbeteende

Internetmarknadsföring

Riktad marknadsföring

Privacy paradox

GDPR/Dataskyddsförordningen

Cookies

Metadata

Medvetenhet

Integritet

Kognitivt förtroende

Business Administration

Företagsekonomi

Registr smluv a anonymizace smluv / Veřejná správa a spisová služba

Gajárková, Pavla

January 2021

My master thesis is dedicated to the registry and anonymisation of contracts in general, but also discusses the various reasons of origin, significance and function of the register of agreements. It also addresses contract registry from the standpoint of Czech legal order. Moreover, this paper examines contract disclosure, eGovernment development in Czech republic, as well as the implementation of person data protection. In my research I am analyzing the subject of anonymisation of contracts in the National film archive, and also the methods and options of anonymisation. In addition, the part of my research deals with the statistics of the published contracts and orders. I hereby declare that this master thesis only include current scientific literature, online resources and relative legal norms.

Konceptualisering av etiska problem kring mobil hälsa med finansiella incitament : En kvalitativ kartläggning / Conceptualization of ethical problems regarding mobile health with financial incentives : A qualitative survey

Sjöberg, Sebastian, Seldevall, Johannes

January 2022

Fysisk inaktivitet har blivit ett hälsoproblem, vilket har lett till att olika aktörer intresserat sig av att nyttja modern teknik för att främja hälsosamma val. Mobil hälsa utgörs av aktivitetsspårare i form av exempelvis vristarmband och smarttelefoner som samlar in hälsodata (steg, puls, sömn, etcetera) från användaren. Studier visar på att mobil hälsa kombinerat med finansiella incitament kan öka motivationen hos användare. Hälsodata betraktas i regel vara av särskild känslig karaktär med risker för etisk problematik. Vilka aktörer som är inblandade och vilka finansiella incitament som används är faktorer som har påverkan på de etiska problemen. Den här studien belyser detta genom en konceptualisering av etiska problem med hänsyn till mobil hälsa kombinerat med finansiella incitament. Data från intervjuer har sammanställts med stöd av teori som PAPAS och därefter analyserats med annan forskning. Sammanställningen visar på sex typer av etiska problem som kan tas i åtanke vid utveckling av mobil hälsa med finansiella incitament. / Physical inactivity has become a health problem, which has led to various actors starting to use technology to promote healthy choices. Mobile health consists of activity trackers in the form of, for example, smartwatches and smartphones that collect health data (steps, heart rate, sleep, etc.) from the user. Studies show that mobile health combined with financial incentives can increase user motivation. Health data is generally considered to be a particularly sensitive type of data. The actors involved and the financial incentives used are factors that have an impact on how ethical problems take form. This study highlights this by conceptualizing ethical issues linked to mobile health with financial incentives. Questions for interviews were created primarily using the PAPAS framework and thereafter analyzed using thematic analysis in order to identify the ethical problems. The compilation resulted in six forms of ethical problems that need to be considered when developing mobile health with financial incentives.

ethics

mobile health

mhealth

activity tracking

health promotion

financial incentives

thematic analysis

GDPR

etik

mobil hälsa

aktivitetsspårare

hälsofrämjande

finansiella incitament

tematisk analys

GDPR

Information Systems

Ethics

Etik

Vem bryr sig om etisk data? : En explorativ metodstudie om hur företag kan reflektera kring omsorg i syfte att fatta etiska beslut om data / Who cares about ethical data? : An exploratory method study on how companies can reflect on care in order to make ethical decisions about data

Berglund, Elvira, Vergara, Juliet

January 2022

When the data protection regulation was introduced in 2018, the aim was to create uniformprotection for privacy in personal data. Despite this, there is still a lack of trust among manyusers about how companies actually process their personal data. This highlights the need fornew methods and tools that can support companies to handle personal data in an ethical andresponsible manner. Based on a theoretical and relational framework for ethics of care, thisstudy developed a set of questions to emphasize ethical reflection in the development ofdata-driven services. Through a design exploratory perspective, the set of questions weredeveloped during iterations, and through two workshops as research methods. The workshopsessions were conducted with researchers from Sweden's research institute as well asrepresentatives from two pseudonymous companies that collaborate in collecting citizens'location data. The result showed that the question package fulfilled different functions ofpromoting care, and thus ethical reflection around the handling of personal data. Theparticipants were aware of the ethical challenges that exist when collecting users' locationdata, based on users' needs. The participants had the ability to illuminate these challengesthemselves, but did not know how to respond to the challenges in practice.

Care

ethics

tools

responsibility

decision making

critical reflection

discussion

GDPR

data

personal data

location data

workshop

Omsorg

etik

verktyg

ansvar

beslutsfattande

kritisk reflektion

diskussion

GDPR

data

persondata

platsdata

workshop

Computer Sciences

Datavetenskap (datalogi)

Hur arbetar IT-leverantörer med att skydda deras kommunikationsvägar? / How do IT-suppliers protect their communication paths?

Jonsson, Rasmus

January 2024

Kommunikationsvägar i business-to-business-kommunikation (B2B-kommunikation), så som e-post och telefoni, är idag utsatta för ett ökande hot från cyberattacker. Tidigare forskning har visat att många vanliga kommunikationsvägar är sårbara för hot, inklusive social manipulation och ransomware.  Studien undersökte hur IT-leverantörer arbetar för att säkerställa att deras B2Bkommunikationsvägar är säkrade, vilka sårbarheter de ser i sin befintliga miljö och vilka metoder de använder för att förhindra attacker. För att besvara frågorna genomfördes en kvalitativ fallstudie med en IT-leverantör. Semi-strukturerade intervjuer genomfördes för att ta reda på respondenternas åsikter och erfarenheter i relation till kommunikationsvägarna. Totalt 19 frågor inom olika kategorier ställdes till respondenterna.  Resultaten och analysen av intervjuerna indikerar att e-post och telefoni är de primära kommunikationssätten hos den IT-leverantör som deltog i fallstudien. Det skiljer sig också åt hur olika avdelningar föredrar att kommunicera. Resultaten visar även en oro över den växande hotbilden inom IT-sektorn. Som en följd är respondenterna medvetna om relevanta cyberattacker, så som ransomware eller andra attacker som involverar social manipulation. Respondenterna delar också hur de arbetar för att skydda sina kommunikationsvägar, samt identifierar områden för förbättring i en nära framtid. Slutligen kräver lagar och regler att IT-leverantören förbättrar och stärker sin IT-säkerhet, med framträdande exempel som GDPR och NIS-2-direktiven. / Communication paths in business-to-business communication (B2B-communication), such as email and telephony, are today exposed by an increasing threat of cyber attacks. Previous research has demonstrated that many common communication paths are vulnerable to threats, including social engineering and ransomware.  The study examined how IT-suppliers work to ensure that their B2B-communication paths are secured, what vulnerabilities in their existing environment do they see and what mitigation techniques they are using to prevent attacks. To answer the questions a qualitative case study was conducted with an IT-supplier. Semi-structured interviews were conducted to find out the respondents’ opinions and experiences in relation to the communication paths. A total of 19 questions across various categories were posed to the respondents.  The results and analysis of the interviews indicate that email and telephony are the primary modes of communication at the IT-supplier involved in the case study. It also differs in how different departments prefer to communicate. The results also indicate a concern about the growing threat landscape in the IT sector. As a result, the respondents are aware of relevant cyber attacks, such as ransomware or other attacks involving social engineering. The respondents also share how they work to protect their communication paths, as well as identify areas for improvement in the near future. Finally, laws and regulations requiere the IT-supplier to enhance and improve their IT-security, with prominent examples being GDPR and the NIS-2 directives.

Communication paths

email

telephony

phishing

social engineering

NIS-2

GDPR

Kommunikationsvägar

e-post

telefoni

nätfiske

social manipulation

NIS-2

GDPR

Information Systems, Social aspects

Data Subject Rights in Mental Health Applications : Assessing the Exercise of Data Subject Rights under the GDPR / Rättigheter för Registrerade Personer i Mentala Hälsoappar : En Bedömning Enligt GDPR

Gustafsson, Oliver

January 2024

The rapid growth of Mobile Health (mHealth) applications, particularly those focusedon mental health, has provided accessible and affordable support for users’ well-being.However, this growth has raised substantial privacy concerns, especially regardinghandling sensitive personal health data. This thesis evaluates the extent to whichmental health apps allow users to exercise their Data Subject Rights (DSRs) under theEuropean General Data Protection Regulation (GDPR) and provides recommendationsfor enhancing data protection and user privacy. The primary objectives are to identifythe relevant DSRs for mental health apps, empirically assess the extent to which suchrights are respected on the existing apps, and propose actionable recommendationsfor improvement. The study’s methodology involved a comprehensive review ofprivacy policies, using automated tools for privacy assessment, and submitting DataSubject Access Requests (DSARs) to app providers. Findings indicate that whilesome apps demonstrate high conformity with DSRs, the majority still falls short invarious aspects. Common issues include inadequate transparency in privacy policies,incomplete responses to DSARs, and non-compliance with the right to data portability.Specifically, only 45.5% of apps responded to the DSARs with a partial or completeanswer, and only 40% of the responses contained data in machine-readable formats,meeting the requirements for data portability. The study emphasizes the need formental health app developers to enhance privacy practices, ensuring users are fullyinformed about data collection and usage, can easily access and delete their personaldata, and receive their data in portable formats. Recommendations include improvingthe clarity and accessibility of privacy policies, adopting best practices for datasecurity, and implementing user-friendly mechanisms for data access and deletion. Inconclusion, while progress has been made in GDPR compliance among mental healthapps, significant improvement is still needed. Addressing these challenges will betterprotect user privacy, build trust, and support the responsible development of digitalhealth technologies. / Den snabba tillväxten av mobila hälsoappar, särskilt de som fokuserar på psykisk hälsa,har gjort det möjligt för användare att få tillgång till prisvärt och lättillgängligt stöd förderas välbefinnande. Men denna tillväxt har också väckt betydande integritetsfrågor,särskilt när det gäller hantering av känsliga personuppgifter om hälsa. Dettaexamensarbete utvärderar i vilken utsträckning hälsoappar för psykisk ohälsa tillåteranvändare att utöva sina rättigheter enligt den europeiska dataskyddsförordningenoch bidrar med rekommendationer för att förbättra dataskydd och användarintegritet.De primära målen är att identifiera relevanta rättigheter för hälsoappar för psykiskohälsa, empiriskt bedöma i vilken utsträckning sådana rättigheter respekteras ibefintliga appar och föreslå konkreta rekommendationer för förbättring. Studienhar genomförts med en omfattande granskning av integritetspolicys, användning avautomatiserade verktyg för integritetsbedömning och inlämning av begäranden omregisterutdrag till applikationsleverantörer. Resultaten visar att även om vissa apparuppvisar hög överensstämmelse med rättigheterna från GDPR, faller majoritetenfortfarande kort på flera områden. Vanliga problem inkluderar otillräcklig transparensi integritetspolicys, ofullständiga svar på DSARs och bristande efterlevnad av rätten tilldataportabilitet. Specifikt svarade endast 45,5% av apparna på DSARs med ett delviseller komplett svar, och endast 40% av svaren innehöll data i maskinläsbara format,vilket uppfyller kraven för dataportabilitet. Studien betonar behovet för utvecklare avhälsoappar för psykisk ohälsa att förbättra deras integritet, säkerställa att användareär fullt informerade om datainsamling och användning, lätt kan komma åt och raderasina personuppgifter samt ta emot sin data i portabla format. Rekommendationerinkluderar att förbättra tydligheten och tillgängligheten av integritetspolicys, antabästa praxis för datasäkerhet och implementera användarvänliga mekanismer fördataåtkomst och radering. Sammanfattningsvis, även om framsteg har gjorts i GDPR-efterlevnad bland hälsoappar för psykisk ohälsa, behövs betydande förbättringar. Attta itu med dessa utmaningar kommer att bättre skydda användarnas integritet, byggaförtroende och stödja den ansvarsfulla utvecklingen av digitala hälsoteknologier.

data protection

privacy

Data Subject Rights

GDPR

mobile health

mHealth

mental health apps

empirical study

dataskydd

integritet

Datasubjektets rättigheter

GDPR

mobil hälsa

mentala hälsoappar

empirisk studie

Computer Sciences

Datavetenskap (datalogi)

User perception of location-based services : attitudes, behavior and privacy concerns

Thulin, Sofie, Rashid, Nadine

January 2019

Compared to the use of a traditional mobile phone, a smartphone user may experience advanced computing capability and connectivity. Internet connection along with advanced technology allows users to access the web, GPS navigation system, WIFI hotspot, etc. Today it is considerably easier for smartphone users to benefit from the global Internet connection with its extended range. A service that has expanded enormously and shaped a whole new industry in a short period of time, is location-based services (LBS). The service shows location information using coordinates providing the geographical position of a mobile device. Depending on the user’s location and preferences, mobile service providers may introduce context-related information to the user. However, LBS does not only involve opportunities, improvements, and benefits for societies. The use of digital technologies, with such spread as location-based services has obtained, may result in major integrity issues.   The aim of this qualitative investigation is to explain and describe location-based services. The purpose is to, through structured interviews, create an understanding of the users’ perception of LBS and investigate their attitudes, behavior and privacy concerns. The following understanding might be of value to application development companies regarding the comprehension of user behavior and attitudes. In turn, it could be of assistance for these companies in reaching the users in order to maximize the use of their applications.   The analysis showed that the respondents of this study are receptive to location-based services as long as it provides them with value. However, privacy concerns might intervene but are in most cases overlooked. The user’s perceived value is by the informants considered to be more important than the minor obstacles of LBS. In terms of LBS usage behavior, the respondents willingness to share location information differs among them and is based on different reasonings. The indication of user acceptance also differs. However, the informants’ perception of LBS purpose was discussed from both user and business perspective. It was concluded that it might be an indication of user acceptance since the respondents were able to recognize value deriving from location-based services. Additional LBS behavior is recognized in the process of allowing LBS access to apps.

location-based services

LBS

user acceptance

user value

privacy

personal integrity

information technology

GDPR

Information Systems

Data protection in the age of Big Data : legal challenges and responses in the context of online behavioural advertising

Chen, Jiahong

January 2018

This thesis addresses the question of how data protection law should respond to the challenges arising from the ever-increasing prevalence of big data. The investigation is conducted with the case study of online behavioural advertising (OBA) and within the EU data protection legal framework, especially the General Data Protection Regulation (GDPR). It is argued that data protection law should respond to the big data challenges by leveraging the regulatory options that are either already in place in the current legal regime or potentially available to policymakers. With the highly complex, powerful and opaque OBA network, in both technical and economic terms, the use of big data may pose fundamental threats to certain individualistic, collective or societal values. Despite a limited number of economic benefits such as free access to online services and the growth of the digital market, the latent risks of OBA call for an effective regulatory regime on big data. While the EU's GDPR represents the latest and most comprehensive legal framework regulating the use of personal data, it has still fallen short on certain important aspects. The regulatory model characterised by individualised consent and the necessity test remains insufficient in fully protecting data subjects as autonomous persons, consumers and citizens in the context of OBA. There is thus a pressing need for policymakers to review their regulatory toolbox in the light of the potential threats. On the one hand, it is necessary to reconsider the possibilities to blacklist or whitelist certain data uses with mechanisms that are either in place in the legal framework or can be introduced additionally. On the other hand, it is also necessary to realise the full range of policy options that can be adopted to assist individuals in making informed decisions in the age of big data.