Den digitalt suveräna staten : En undersökning av inställningen till nationell datalagring av personuppgifter hos statliga myndigheter / The digitally sovereign state : An investigation into the attitude towards national data storage of personal data within Swedish public authorities

Gordon Hultsjö, Joel

January 2021

The number of scandals during the past years regarding the use and misuse of digital storage of personal infor-mation in combination with the implementation of the General Data Protection Regulation (GDPR) within the EU member states, has resulted in a resurfaced discussion of sovereignty within the public sphere in relation to the storage of digital information. This master thesis examines the attitudes towards national data storage of personal data within twenty Swedish public agencies in the context of the analytical term Digital sovereignty.The thesis uses semi-structured interviews with employees working with data protection and qualitative con-tent analysis of internal documents connected to personal data management, in order to examine Swedish govern-ment agencies attitudes towards national data storage of personal information. The responses of the interviews and the internal policy documents in the area of personal data protections is viewed through the analytic term Digital sovereignty. The government agency the Swedish social security agency’s definition of Digital sovereignty is used in the thesis, which focuses on national governments ability to have control over both the technical and geograph-ical processing and storage of their citizen’s personal data.The thesis concludes that Swedish authorities takes the risk of transfer of personal data to third countries outside of the EU very seriously, while they also see the need to find legal ways to transfer personal data to these same countries. The thesis also concludes that Swedish government agencies try to avoid cloud services and are cautious in their use due to the implications they have for information and data security, while other research have shown that cloud services are used extensively within Swedish government agencies. The thesis also concludes that there is a lack of interest in national data storage of personal information within Swedish government, which can partially be attributed to the relationship between the General Data Protections Regulation and data storage regulation on a national level in Sweden. This leads to the final conclusion in this thesis, which is that there is some indication that the future of storage of personal data with the EU member states lies not in nationally managed cloud services, but rather in a federated cloud service on EU-level such as the currently ongoing project Gaia-X. This is a two years master's thesis in Archival science.

Digital Sovereignty

Cloud Service

Data storage

GDPR

Government Agencies

Information security

Digital suveränitet

Molntjänst

Datalagring

Dataskyddsförordningen

GDPR

Personuppgifter

Statliga myndigheter

Informationssäkerhet

Tredjelandsöverföring.

Other Humanities not elsewhere specified

Övrig annan humaniora

Právo na zapomnění v prostředí internetu / The right to be forgotten on the internet

Jůzová, Jana

January 2016

Diploma thesis The Right to be Forgotten on the Internet applies to the functions of Internet search engines, search algorithms and the impact of the digital footprint that on the Internet user essentially leaves. With this issue is, on the one hand, inseparably linked the protection of personal data in the online environment, on the other hand the constitutionally enshrined right to information and other fundamental rights. Not ignored should be also the risk of censorship of the Internet. An application of the right to be forgotten adds a whole new dimension to this problems. The right to be forgotten is inferred from the judgment of the European Court of Justice on 13 May 2014 in the case Costeja versus Google Spain, where an Internet user named Mario Costeja Gonzáles first succeeded with a request of removal of unflattering information about himself from results of the search engine Google. Thus a reform precedent will have a big impact on seeking information on the Internet in the future, since the pronouncement of the judgment about the removal of his personal data may ask any European Internet user. The thesis aims to analyze the issue of right to be forgotten in the context of searching for information on the Internet in the European Internet environment - it means not to be searched on the...

HYPERCONNECTIVITY GIVETH AND TAKETH AWAY: RECONCILING BEING AN “ALWAYS-ON” EMPOWERED CONSUMER AND PRIVACY IN AN ERA OF PERVASIVE PERSONAL DATA EXCHANGES

Iucolano, Donna M.

23 May 2019

No description available.

Management

Marketing

Technology

Information Science

always-on consumer

consumer connectivity

privacy

personal data exchanges

consumer empowerment

disempowerment

fairness of exchanges

consumer acceptance

consumer decision making

shopping

digital commerce

mixed methods

cluster analysis

"Jag vill inte alltid behöva se mig om utifrån mitt yrkesval" : En kvalitativ studie om socialsekreterares upplevelser av klientutövat hot och våld / “I don’t want to have to look over my shoulder based of my career choice" : A qualitative study of social workers experiences of client-perpetrated threats and violence

Darwich, Helin, Tutuncu, Dilara

January 2023

Syftet med denna studie var att undersöka socialsekreterares erfarenheter och upplevelser av klientutövat hot och våld i arbetet med barn och unga. Det har gjorts en kvalitativ studie med en semistrukturerad intervjumetod och det har genomförts sex intervjuer. Empirin har tolkats utifrån en tematisk analys och en hermeneutisk meningstolkning. Materialet har analyserats utifrån tidigare forskning och socialkonstruktionismen som vetenskaplig grund samt coping och rollteorin som teoretiskt perspektiv. Studien visar att socialsekreterarna beskriver klientutövat hot och våld som tvetydigt eftersom de har delade meningar om vad hot och våld är samt att allvarlighetsgraden är en påverkande faktor i det. Tröskeln kopplat till hotet och våldets omfattning inom organisationen och medarbetarna har visat sig vara hög vilket medfört att socialsekreteraren i många fall reducerar händelser av hotfull- och våldsam karaktär. Det kan handla om att tillämpa strategier i sitt vardagliga arbete för att lättare kunna hantera riskfyllda situationer och nyttja organisatoriska säkerhetsåtgärder i ett förbyggande syfte. Vidare framkom det att det egna ansvaret är centralt i hot- och våldssituationer vilket har resulterat i underrapporteringar och mindre anmälningar. Resultatet visar också att tillgängligheten av socialsekreterares personuppgifter är ett orosmoment för socialsekreterare och används som innehåll i hot som framförs. / The purpose of this study was to examine social workers experiences of client-perpetrated threats and violence in their work with children and youths. A qualitative study has been made with a semi-structured interview method and have conducted six interviews. The material has been interpreted through a thematic analysis and hermeneutic interpretation of meaning. The material has been analyzed based on previous research and social constructionism as a scientific basis and coping and role theory as a theoretical perspective. The study shows that the social workers describe client-perpetrated threats and violence as ambiguous, because they have divided opinions about what threat and violence is and that the degree of seriousness is an influencing factor. The bar for the threat and violence extent within the organization and the employees has proven to be high which has resulted in that social workers in many cases reduces incidents of threatening and violent nature. It can be about applying strategies in your everyday work to be able to handle riskful situations more easily and to use organizational security measures in a preventive purpose. Furthermore it appears that your own responsibility is central in threat and violence situations which has resulted in under-reportings and less reports. The results also show that the availability of social workers personal data is a point of concern for social workers and is being used as content in threats that are made.

Social worker

Exposure

Client-perpetrated threats and violence

Threats

Violence

Indirect violence

Culture of silence

Professional role

Availability of personal data

Socialsekreterare

Utsatthet

Klientutövat hot och våld

Hot

Våld

Indirekt våld

Tystnadskultur

Yrkesroll

Tillgänglighet av personuppgifter

Social Work

Socialt arbete

Cloud Computing and Sensitive Data : A Case of Beneficial Co-Existence or Mutual Exclusiveness?

Vaskovich, Daria

January 2015

I dag anses molntjänster vara ett omtalat ämne som har ändrat hur IT-tjänster levereras och som skapat nya affärsmodeller. Några av molntjänsternas mest frekvent nämnda fördelar är flexibilitet och skalbarhet. Molntjänster är i dagsläget extensivt använda av privatpersoner genom tjänster så som Google Drive och Dropbox. Å andra sidan kan en viss försiktighet gentemot molntjänster uppmärksammas hos de organisationer som innehar känslig data. Denna försiktighet kan anses leda till en långsammare tillämpningshastighet för dessa organisationer. Detta examensarbete har som syfte att undersöka sambandet mellan molntjänster och känslig data för att kunna erbjuda stöd och kunskapsbas för organisationer som överväger en övergång till molntjänster. Känslig data är definierat som information som omfattas av den svenska Personuppgiftslagen. Tidigare studier visar att organisationer värdesätter en hög säkerhetsgrad vid en övergång till molntjänster och ofta föredrar att leverantören kan erbjuda ett antal säkerhetsmekanismer. En molntjänsts lagliga överensstämmelse är en annan faktor som uppmärksammas. Datainsamlingen skedde genom en enkät, som var riktad till 101 av de svenska organisationerna i syfte att kartlägga användningen av molntjänster samt att identifiera möjliga bromsande faktorer. Dessutom genomfördes tre (3) intervjuer med experter och forskare inom IT-lag och/eller molnlösningar. En analys och diskussion, baserad på resultaten, har genomförts, vilket ledde till slutsatserna att en molnlösning av hybrid karaktär är bäst lämpad för den försiktiga organisationen, de olika villkoren i serviceavtalet bör grundligt diskuteras innan en överenskommelse mellan parter uppnås samt att i syfte att undvika att lösningen blir oförenlig med lagen bör främst en leverantör som är väl etablerad i Sverige väljas. Slutligen, bör varje organisation utvärdera om molntjänster kan tillgodose organisationens säkerhetsbehov, då det i stor mån berör ett risktagande. / Cloud computing is today a hot topic, which has changed how IT is delivered and created new business models to pursue. The main listed benefits of Cloud computing are, among others, flexibility and scalability. It is widely adopted by individuals in services, such as Google Drive and Dropbox. However, there exist a certain degree of precaution towards Cloud computing at organizations, which possess sensitive data, which may decelerate the adoption. Hence, this master thesis aims to investigate the topic of Cloud computing in a combination with sensitive data in order to support organizations in their decision making with a base of knowledge when a transition into the Cloud is considered. Sensitive data is defined as information protected by the Swedish Personal Data Act. Previous studies show that organizations value high degree of security when making a transition into Cloud computing, and request several measures to be implemented by the Cloud computing service provider. Legislative conformation of a Cloud computing service is another important aspect. The data gathering activities consisted of a survey, directed towards 101 Swedish organizations in order to map their usage of Cloud computing services and to identify aspects, which may decelerate the adoption. Moreover, interviews with three (3) experts within the fields of law and Cloud computing were conducted. The results were analyzed and discussed, which led to conclusions that hybrid Cloud is a well chosen alternative for a precautious organization, the SLA between the organizations should be thoroughly negotiated and that primarily providers well established on the Swedish market should be chosen in order to minimize the risk of legally non-consisting solution. Finally, each organization should decide whether the security provided by the Cloud computing provider is sufficient for organization’s purposes.

Cloud computing

public Cloud

private Cloud

delivery models

sensitive data

Personal Data Act

PuL

adaption.

Cloud computing

publikt moln

privat moln

leveranssätt

molntjänster

känslig data

personuppgifter

PuL

tillämpning av molntjänster.

Engineering and Technology

Teknik och teknologier

[en] ELECTIONS AND DATA: CONSOLIDATION OF DATA-DRIVEN CAMPAIGNS IN BRAZIL AND CHALLENGES OF THE ELECTIORAL LEGISLATION TOWARDS PERSONAL DATA PROTECTION / [pt] ELEIÇÕES E DADOS: A CONSOLIDAÇÃO DAS CAMPANHAS ORIENTADAS POR DADOS NO BRASIL E OS DESAFIOS DA LEGISLAÇÃO ELEITORAL NA TUTELA DOS DADOS PESSOAIS

NATALIA DE ANDRADE PENQUE

14 December 2023

[pt] As novas tecnologias da informação e comunicação, associadas à perda de protagonismo das mídias de massa tradicionais, impuseram às campanhas eleitorais novas formas de estruturação, de modo a atender às demandas de uma população cada vez mais habituada a consumir informação de forma rápida e simplificada. A necessária reprogramação da comunicação política fez surgir o que se entende como campanhas orientadas por dados, caracterizadas pela utilização de grandes volumes de dados pessoais na elaboração das estratégias de propaganda eleitoral. No Brasil, a positivação do impulsionamento de conteúdo on-line, em conjunto com a prática de difusão em massa de conteúdo eleitoral por aplicativos de mensagens instantâneas – observada de forma contundente nas eleições de 2018 – indicam a consolidação das campanhas orientadas por dados no cenário político-eleitoral nacional e as recentes reformas na Lei de Eleições revelam a intenção do legislador em adequar o regramento eleitoral à nova realidade das campanhas. As alterações legislativas, no entanto, não vieram acompanhada na necessária preocupação em promover uma ampla atualização da legislação eleitoral para fazer frente aos riscos que as práticas adotadas pelas campanhas orientadas por dados podem acarretar ao processo democrático, principalmente no tocante à autonomia do eleitor e à proteção de dados pessoais, demandando maiores estudos sobre o tema. / [en] New informational and communication technologies associated with traditional mass media s faltering prominence precipitated new methods of structuring electoral campaigns to meet the demands of a population increasingly used to consuming information in a fast and simplified way. The required reprogramming of political communication gave rise to what are understood as data-driven campaigns,characterized by the use of large volumes of personal data to drive electoral propaganda strategies. In Brazil, the legalization of online content boosting, along side mass dissemination of electoral content through instant messaging applications – strikingly observed in the 2018 elections – indicate the consolidation of data-driven campaigns inthe national political-electoral environment. Further, recent reforms in the Electoral Lawreveal legislators intent to adapt electoral rules to the new reality presented by these campaigns. The changes, however, were not accompanied by a much-needed, broader investigation and update of the electoral legislation to confront the risks that these data driven campaign practices bring to the democratic process, especially with regard to voter autonomy and protection of personal data.

[pt] PROTECAO DE DADOS PESSOAIS

[pt] LEGISLACAO ELEITORAL

[pt] DISPARO DE MENSAGEM EM MASSA

[pt] IMPULSIONAMENTO DE CONTEUDO ON-LINE

[pt] MICRODIRECIONAMENTO DE PROPAGANDA

[pt] CAMPANHAS ORIENTADAS POR DADOS

[en] PROTECTION OF PERSONAL DATA

[en] ELECTORAL LEGISLATION

[en] MASS MESSAGE TRIGGER

[en] ON-LINE CONTENT BOOST

[en] MICROTARGETING PROPAGANDA

[en] DATA-DRIVEN CAMPAIGN

[pt] A PROTEÇÃO DOS DADOS PESSOAIS COMO UM DIREITO FUNDAMENTAL AUTÔNOMO: BOAS PRÁTICAS DE COMPLIANCE FRENTE AO CAPITALISMO DE VIGILÂNCIA / [en] PERSONAL DATA PROTECTION AS A FUNDAMENTAL RIGHT ITSELF: COMPLIANCE GUIDELINES AGAINST THE SURVEILLANCE CAPITALISM

RAFAELA SARTORE FURQUIM

04 July 2023

[pt] Em razão do desenvolvimento tecnológico das últimas décadas, a sociedade contemporânea passou por profundas mudanças que deram origem, segundo Shoshana Zuboff, ao Capitalismo de vigilância. Diante deste cenário, o presente estudo tem por objetivo analisar os reflexos desse fenômeno no ordenamento jurídico brasileiro que justificaram a promulgação da Emenda Constitucional 115/22 e da Lei Geral de Proteção de Dados, constituindo um modelo regulatório híbrido, fortemente baseado em princípios, no qual, além de estabelecer obrigações para os agentes de tratamento, cria um ambiente de incentivo à adoção de boas práticas e de governança. Para tanto, será analisado como o compliance de dados pode ser um eficiente instrumento para promover, na prática, a adoção dos princípios da LGPD e da regulação já existente da ANPD em prol uma cultura de proteção de dados no Brasil. / [en] The technological development of recent decades, contemporary society has faced profound changes that have given rise, according to Shoshana Zuboff, to Surveillance Capitalism. Therefore, this study aims to analyze the impacts of surveillance capitalism in the brazilian legal system that justified the promulgation of Constitutional Amendment 115/22 and the Brazilian General Data Protection Law (LGPD), based on the strong principled on a hybrid regulatory model in which, in addition to establishing obligations for treatment agents, creates an environment that encourages the adoption of good practices and governance. This way, it will be analyzed how data compliance can be an efficient instrument to promote, in practice, the adoption of the LGPD principles and the ANPD regulation in a data protection culture in Brazil.

[pt] COMPLIANCE

[pt] ANPD

[pt] CAPITALISMO DE VIGILANCIA

[pt] PROTECAO DE DADOS PESSOAIS

[en] COMPLIANCE

[en] ANPD

[en] SURVEILLANCE CAPITALISM

[en] PROTECTION OF PERSONAL DATA

Vem bryr sig om etisk data? : En explorativ metodstudie om hur företag kan reflektera kring omsorg i syfte att fatta etiska beslut om data / Who cares about ethical data? : An exploratory method study on how companies can reflect on care in order to make ethical decisions about data

Berglund, Elvira, Vergara, Juliet

January 2022

When the data protection regulation was introduced in 2018, the aim was to create uniformprotection for privacy in personal data. Despite this, there is still a lack of trust among manyusers about how companies actually process their personal data. This highlights the need fornew methods and tools that can support companies to handle personal data in an ethical andresponsible manner. Based on a theoretical and relational framework for ethics of care, thisstudy developed a set of questions to emphasize ethical reflection in the development ofdata-driven services. Through a design exploratory perspective, the set of questions weredeveloped during iterations, and through two workshops as research methods. The workshopsessions were conducted with researchers from Sweden's research institute as well asrepresentatives from two pseudonymous companies that collaborate in collecting citizens'location data. The result showed that the question package fulfilled different functions ofpromoting care, and thus ethical reflection around the handling of personal data. Theparticipants were aware of the ethical challenges that exist when collecting users' locationdata, based on users' needs. The participants had the ability to illuminate these challengesthemselves, but did not know how to respond to the challenges in practice.

Care

ethics

tools

responsibility

decision making

critical reflection

discussion

GDPR

data

personal data

location data

workshop

Omsorg

etik

verktyg

ansvar

beslutsfattande

kritisk reflektion

diskussion

GDPR

data

persondata

platsdata

workshop

Computer Sciences

Datavetenskap (datalogi)

La portabilité des données personnelles des consommateurs, ses aspects juridiques dans l'Union européenne, au Canada et au Québec : applications, possibilités et risques

da Silva Amorim Boueres, João Flávio

04 1900

La portabilité des données personnelles des consommateurs est encore une question récente dans le domaine de la protection de la vie privée. Parmi les normes étudiées dans ce travail, le Règlement Général sur la Protection des Données a été le premier à aborder la portabilité et le concept qu'il a établi guide d'autres législations, telles que celles du Québec et du Canada. L'objet de ce mémoire est de discuter de la mise en œuvre de ce nouveau droit lié aux technologies de l'information et à la circulation des données personnelles, en se concentrant sur les consommateurs et les entreprises qui feront partie de la portabilité des données personnelles. Cette étude est divisée en trois chapitres. Le premier explore les concepts de base liés au droit à la portabilité, tels que les données personnelles, les données liées à la relation avec le consommateur, la conceptualisation de la portabilité, son application et des exemples d'opérabilité. Le deuxième chapitre décrit comment le droit à la portabilité a été adopté dans la législation de l'Union européenne, dans le projet de loi fédérale actuellement examiné par le Parlement canadien et dans la nouvelle loi québécoise. La troisième traite de la mise en œuvre de la portabilité. Elle aborde le point de vue des entreprises, le maintien de la portabilité en tant que droit, le besoin de régulation, l'interopérabilité et les risques. / The portability of consumers' personal data is still a recent subject in the field of privacy protection. Among the standards studied in this work, the General Data Protection Regulation was the first to address portability and the concept it established guides other legislation, such as that of Quebec and Canada. The purpose of this dissertation is to discuss the implementation of this new right linked to information technologies and the circulation of personal data, focusing on the consumers and businesses that will be affected by the portability of personal data. This study is divided into three chapters. The first explores the basic concepts related to the right to portability, such as personal data, data related to the relationship with the consumer, the conceptualisation of portability, its application and examples of operability. The second chapter describes how the right to portability has been adopted in European Union legislation, in the federal bill currently before the Canadian Parliament and in the new Quebec law. The third deals with the implementation of portability. It addresses the point of view of businesses, the maintenance of portability as a right, the need for regulation, interoperability, and risks.

Portabilité

Données personnelles

Vie privée

Projet de loi 64

Projet de loi C-27

GDPR

Interopérabilité

Portability

Personal data

Privacy

Bill 64

Bill C-27

RGPD

Interoperability

Law / Droit (UMI : 0398)

Essays in Market Design and Industrial Organization

Dimakopoulos, Philipp Dimitrios

27 April 2018

Diese Dissertation besteht aus drei unabhängigen Kapiteln in den Bereichen Matching Market Design, Industrieökonomie und Wettbewerbspolitik. Kapitel 1 behandelt den Matching-Markt für juristische Referendariatsstellen in Deutschland. Wegen übermäßiger Nachfrage müssen Anwälte oft warten, bevor sie zugewiesen werden. Der aktuell verwendete Algorithmus berücksichtigt nicht die Zeitpräferenzen der Anwälte. Daher werden viele wünschenswerte Eigenschaften nicht erfüllt. Basierend auf dem matching with contracts Modell schlage ich dann einen neuen Mechanismus vor, der die Wartezeit als Vertragsterm verwendet, so dass die Mängel des gegenwärtigen Mechanismus überwunden werden können. In Kapitel 2 analysiere ich den Wettbewerb von zweiseitigen Online-Plattformen, wie sozialen Netzwerken oder Suchmaschinen. Werbetreibende zahlen Geld, um ihre Anzeigen zu platzieren, während Nutzer mit ihren privaten Daten "bezahlen", um Zugang zu der Plattform zu erhalten. Ich zeige, dass das Gleichgewichtsniveau der Datenerhebung verzerrt ist, abhängig von der Intensität des Wettbewerbs und den Targeting-Vorteilen. Weniger Wettbewerb auf jeder Marktseite führt zu mehr Datensammeln. Wenn jedoch Plattformen Geldzahlungen auf beiden Marktseiten verwenden, wird die effiziente Menge an Daten gesammelt. Kapitel 3 untersucht die dynamische Preissetzung auf Märkten für Flug- oder Reisebuchungen, auf denen Wettbewerb während einer endlichen Verkaufszeit mit einer Frist stattfindet. Unter Berücksichtigung der intertemporalen Probleme von Firmen und vorausschauenden Konsumenten hängen die Gleichgewichtspreispfade von der Anzahl der nicht verkauften Kapazitäten und der verbleibenden Verkaufszeit ab. Ich ermittle, dass mehr Voraussicht der Konsumenten die Konsumentenrente erhöht, aber die Effizienz reduziert. Ferner ist Wettbewerbspolitik besonders wertvoll, wenn die Marktkapazitäten zu hoch sind. Des Weiteren kann die ex-ante Produktion von Kapazitäten ineffizient niedrig sein. / This thesis consists of three independent chapters in the fields of matching market design, industrial organization and competition policy. Chapter 1 covers the matching market for lawyer trainee-ship positions in Germany. Because of excess demand lawyers often must wait before being allocated. The currently used algorithm does not take lawyers’ time-preferences into account. Hence, many desirable properties are not satisfied. Then, based on the matching with contacts model, I propose a new mechanism using waiting time as the contractual term, so that the shortcomings of the current mechanism can be overcome. In Chapter 2 I analyze competition of two-sided online platforms, such as social networks or search engines. Advertisers pay money to place their ads, while users “pay” with their private data to gain access to the platform. I show that the equilibrium level of data collection is distorted, depending on the competition intensity and targeting benefits. Less competition on either market side leads to more data collection. However, if platforms use monetary payments on both market sides, data collection would be efficient. Chapter 3 studies dynamic pricing as in markets for airline or travel bookings, where competition takes place throughout a finite selling time with a deadline. Considering the inter-temporal problems of firms and forward-looking consumers, the equilibrium price paths depend on the number of unsold capacities and remaining selling time. I find that more consumer foresight increases consumer surplus yet reduces efficiency. Further, competition policy is especially valuable when market capacities are excessive. Moreover, ex-ante capacity production can be inefficiently low.

Matching mit Verträgen

Matching mit Wartezeiten

zweiseitiger Plattformwettbewerb

personenbezogene Daten

dynamische Preissetzung

vorausschauende Konsumenten

matching with contracts

matching with waiting times

two-sided platform competition

personal data

dynamic pricing

forward-looking consumers

330 Wirtschaft

QB 910

ddc:330