A proteção de dados pessoais do empregado no direito brasileiro: um estudo sobre os limites na obtenção e no uso pelo empregador da informação relativa ao empregado / The protection of employees personal data in the Brazilian law: a study on the limits of employers collecting and using employees personal information

Ana Francisca Moreira de Souza Sanden

15 October 2012

O estudo explora a questão de como o Direito do Trabalho brasileiro protege a informação pessoal do empregado perante o empregador e se essa proteção considera deliberadamente os riscos subjacentes ao uso da informação em ambiente de crescente processamento automático. No Capítulo I, apresenta-se no contexto internacional o problema da obtenção e do uso pelo empregador da informação relativa ao empregado em um ambiente de crescente automatização e justifica-se a necessidade de sua abordagem no Direito brasileiro. No Capítulo II é examinado o arcabouço da proteção de dados pessoais do empregado nas normas internacionais. No Capítulo III, buscam-se os fundamentos do conceito de dados pessoais no ordenamento jurídico brasileiro, principalmente na órbita constitucional, sob a fórmula do direito à autodeterminação informativa. O Capítulo IV traça um quadro geral da proteção da informação relativa ao empregado no Direito do Trabalho brasileiro, considerando os limites à obtenção e ao uso da informação pessoal, os deveres do empregador como responsável pelo acervo de informações pessoais que mantém e os direitos diretamente relacionados à autodeterminação informativa. O Capítulo V investiga as potencialidades do quadro normativo brasileiro atual para oferecer uma proteção ao empregado que se aproxime das finalidades almejadas nas normas internacionais setoriais. / The study is concerned with the question of how the Brazilian Labor Law protects the employees personal information from collection and use by the employer and whether it considers the threats to the employee that arise from increasing automatic processing. Chapter I presents, in the international context, the problem of the employers collecting and using the employees personal information in a world of increasing automation and justifies the need for its approach in the Brazilian Law. Chapter II presents the employees data protection framework proposed in international agreements. Chapter III discusses the fundaments of the concept of personal data and its formulation as informational self-determination in the Brazilian Law and in the Brazilian Constitution. Chapter IV offers a general picture of the protection of the employees information in the Brazilian Labor Law, considering the limits to its collection and use, the obligations of the employer as responsible for the retrieval of the stored data, and the employee`s rights regarding informational self- determination. Chapter V investigates the possibilities of the present Brazilian Legal framework in offering protection to the employee on the same basis as proposed in sectorial international agreements.

Autodeterminação

Dados pessoais

Direito do trabalho

Direitos da personalidade

Privacidade

Privacidade do empregado

Employees privacy

Informational self-determination

Personal data

Right to privacy

Is this your smart phone? : On connecting MAC-addresses to a specific individual using access point data

Vesterlund, Martin, Wiklund, Viktor

January 2015

Context. The potential to track individuals become greater and greater in the society today. We want to develop a method that is easy to understand so more people can participate in the discussion about the collection, and storing, of seemingly non-invasive device data and personal integrity. Objectives. In this work we investigate the potential to connect a WiFi enabled device to a known individual by analysing log files. Since we want to keep the method as simple as possible we choose to not use machine learning because this might add unnecessary layers of complexity. Methods. The conducted experiments were performed against a test group consisting of six persons. The dataset used consisted of authentication logs from a university WiFi-network collected during a month and data acquired by capturing WiFi-traffic. Results. We were able to connect 67% of the targeted test persons to their smart phones and 60% to their laptops. Conclusions. In this work we conclude that a device identifier in combination with data that can tie it to a location at a given time is to be seen as sensitive information with regard to personal integrity. We also conclude that it is possible to create and use an easy method to connect a device to a given person.

Surveillance mechanisms

Network privacy and anonymity

Social aspects of security and privacy

Mobile devices

Communication Systems

Kommunikationssystem

Computer Sciences

Datavetenskap (datalogi)

Personalized Advertising Online and its Difficulties with Customer Privacy

Dahlgren, Sanne, Tabell, Beatrice

January 2018

Purpose: The aim of this paper is to explain and to create an understanding if personalized advertising online creates value for customers.  Design/methodology/approach: A qualitative study through 14 semi-structured interviews.  Findings: The study found personalized advertising to be seen as value co-creation in some cases, but because privacy concerns exist and affect the perception of advertising, it can in many cases lead to value co-destruction instead. It is thus a consideration between privacy concerns and the perceived value of the personalized advertising that decides if the offering will co-create or co-destroy value.  Research limitations/implications for future research: Our study did not involve respondents’ younger than 21 years old, which could have affected the result as this is a generation seen as technology savvy. Through a quantitative study, future research could try to find extremes in personalities by conducting a survey with a large sample of people in different ages, nationalities, gender, active online, etc. in order to see if there are correlations between for example age and privacy concerns.  Practical implications: One purpose of the study is to provide companies with insights of how different customers perceive personalized advertising online in terms of customer value in order for companies to know how to think when targeting their customers.  Keywords: online advertising, personalized advertising, personalized-privacy paradox, privacy concerns, value creation, value co-creation, value co-destruction.

online advertising

personalized advertising

personalized-privacy paradox

privacy concerns

value creation

value co-creation

value co-destruction

Business Administration

Företagsekonomi

Les jeunes diplômés et les réseaux sociaux professionnels : la recherche d'emploi à l'ère numérique / Young graduated and social networks : seeking for a job at the numerical era

Povéda, Arnaud

23 October 2015

Résume de thèse non disponible / No summary

Jeunes

Réseaux sociaux

Réseaux socionumériques

Viadéo

Emploi

Privacy

Traçabilité

Young

Social network

Social network sites

Viadéo

Employement

Privacy

Traceability

Towards Assured Informed Consent in Privacy Notice Design : An Eye Movement Detection Approach

Makame, Makame

January 2016

To be able to provide data collecting services to customers, service provides are required by law to design privacy policies and present their content to users as privacy notices that informs the user on privacy consequences and demonstrate that an explicit informed consent of the user has been collected before processing of the data. However, despite the increase in data collection by services and hence increase of privacy impact, yet privacy notices do not implement proper mechanisms that can assure that data subjects are well informed and their consent are provided with comprehension. The root of this problem is the fact that typically only theoretical description of what consent is and what it involves is offered by existing literature but no “practical” design guides are available for decision makers and practitioners on how to effectively integrate a targeted consent level in privacy notices. This thesis work addresses the need for explicit integration of consent in privacy notice designs by presenting the Extended Privacy Notice Design Space (XPNDS) construct that guides on explicitly incorporating different levels of consent in privacy notices. This thesis uses theories of eye movement in reading and technical references from computer vision for comprehension and attention determination to prove the feasibility of integrating higher level of consent in the design space that may guide to assured informed consent. The construct can be used by managers to communicate, practitioners to design, and regulators to analyze informed consent incorporation in privacy notice designs. Unlike most works available in the literature on consent which only provide theoretical opinion of what informed consent is, this work cast the conceptual consent guidelines in to a practical privacy notice design space to provide an XPNDS that guides to the practicality of achieving assured informed consent in privacy notices. It is the hope of the author that the XPNDS will be useful to both practitioners and academicians in incorporating informed consent in privacy notice designs to an assured level. / <p>Validerat; 20160622 (global_studentproject_submitter)</p>

Social Behaviour Law

Privacy Notice

Informed Consent

Privacy Notice Design Space

Design Science Research

Samhälls-

beteendevetenskap

juridik

Hur påverkas systemutvecklingsprocessen av implementeringen av GDPR / Does the implementation of GDPR affect the system development process?

Andersson, Adam, Syldevik, Christoffer

January 2019

On May 25th 2018 a new general data protection regulation called GDPR took effect. The regulation contains rules regarding usage, storage and handling of data from individuals resident within The European Union. The new regulation caused big headlines regarding the impact GDPR would have on the affected enterprises and organizations. One aspect that hasn’t been mentioned considerably is how GDPR has and will affect the system development process. The difficulty with implementing GDPR has shown to have its origin in the fact that the regulation is fairly new which means that it’s still ambiguous and difficult to apply. That means that there has been room for different takes on GDPR and its rules which has contributed to various opinions on how GDPR should be implemented. The purpose of this thesis was to study how the implementation of GDPR has affected the system development process among enterprises and organizations. The method that has been used in the thesis is a qualitative interview study of two enterprises. The acquired data have been collected mainly from four interviewing persons, two from each enterprise. The data collected from the interviews has been analyzed with the method grounded theory. The conclusion of the thesis is that the system development process has been affected by the implementation of GDPR. The regulation is however not believed to affect the enterprises to the extent that any extensive restructuring has been necessary. Based on the result from the interviews it is rather believable that GDPR actually had a positive effect among the enterprises. The thesis also resulted in a model which illustrates the system development process and the aspects of GDPR considered to have a substantial effect.

System development process

GDPR

Privacy by design

Privacy by default

Data protection

Computer and Information Sciences

Data- och informationsvetenskap

Measures of Privacy Protection on Social Environments

Alemany Bordera, José

13 October 2020

[EN] Nowadays, online social networks (OSNs) have become a mainstream cultural phenomenon for millions of Internet users. Social networks are an ideal environment for generating all kinds of social benefits for users. Users share experiences, keep in touch with their family, friends and acquaintances, and earn economic benefits from the power of their influence (which is translated into new job opportunities). However, the use of social networks and the action of sharing information imply the loss of the users’ privacy. Recently, a great interest in protecting the privacy of users has emerged. This situation has been due to documented cases of regrets in users’ actions, company scandals produced by misuse of personal information, and the biases introduced by privacy mechanisms. Social network providers have included improvements in their systems to reduce users’ privacy risks; for example, restricting privacy policies by default, adding new privacy settings, and designing quick and easy shortcuts to configure user privacy settings. In the privacy researcher area, new advances are proposed to improve privacy mechanisms, most of them focused on automation, fine-grained systems, and the usage of features extracted from the user’s profile information and interactions to recommend the best privacy policy for the user. Despite these advances, many studies have shown that users’ concern for privacy does not match the decisions they ultimately make in social networks. This misalignment in the users’ behavior might be due to the complexity of the privacy concept itself. This drawback causes users to disregard privacy risks, or perceive them as temporarily distant. Another cause of users’ behavior misalignment might be due to the complexity of the privacy decision-making process. This is because users should consider all possible scenarios and the factors involved (e.g., the number of friends, the relationship type, the context of the information, etc.) to make an appropriate privacy decision. The main contributions of this thesis are the development of metrics to assess privacy risks, and the proposal of explainable privacy mechanisms (using the developed metrics) to assist and raise awareness among users during the privacy decision process. Based on the definition of the concept of privacy, the dimensions of information scope and information sensitivity have been considered in this thesis to assess privacy risks. For explainable privacy mechanisms, soft paternalism techniques and gamification elements that make use of the proposed metrics have been designed. These mechanisms have been integrated into the social network PESEDIA and evaluated in experiments with real users. PESEDIA is a social network developed in the framework of the Master’s thesis of the Ph.D. student [15], this thesis, and the national projects “Privacy in Social Educational Environments during Childhood and Adolescence” (TIN2014-55206- R) and “Intelligent Agents for Privacy Advice in Social Networks” (TIN2017-89156-R). The findings confirm the validity of the proposed metrics for computing the users’ scope and the sensitivity of social network publications. For the scope metric, the results also showed the possibility of estimating it through local and social centrality metrics for scenarios with limited information access. For the sensitivity metric, the results also remarked the users’ misalignment for some information types and the consensus for a majority of them. The usage of these metrics as part of messages about potential consequences of privacy policy choices and information sharing actions to users showed positive effects on users’ behavior regarding privacy. Furthermore, the findings of exploring the users’ trade-off between costs and benefits during disclosure actions of personal information showed significant relationships with the usual social circles (family members, friends, coworkers, and unknown users) and their properties. This allowed designing better privacy mechanisms that appropriately restrict access to information and reduce regrets. Finally, gamification elements applied to social networks and users’ privacy showed a positive effect on the users’ behavior towards privacy and safe practices in social networks. / [ES] En la actualidad, las redes sociales se han convertido en un fenómeno cultural dominante para millones de usuarios de Internet. Las redes sociales son un entorno ideal para la generación de todo tipo de beneficios sociales para los usuarios. Los usuarios comparten experiencias, mantienen el contacto con sus familiares, amigos y conocidos, y obtienen beneficios económicos gracias al poder de su influencia (lo que se traduce en nuevas oportunidades de trabajo). Sin embargo, el uso de las redes sociales y la acción de compartir información implica la perdida de la privacidad de los usuarios. Recientemente ha emergido un gran interés en proteger la privacidad de los usuarios. Esta situación se ha debido a los casos de arrepentimientos documentados en las acciones de los usuarios, escándalos empresariales producidos por usos indebidos de la información personal, y a los sesgos que introducen los mecanismos de privacidad. Los proveedores de redes sociales han incluido mejoras en sus sistemas para reducir los riesgos en privacidad de los usuarios; por ejemplo, restringiendo las políticas de privacidad por defecto, añadiendo nuevos elementos de configuración de la privacidad, y diseñando accesos fáciles y directos para configurar la privacidad de los usuarios. En el campo de la investigación de la privacidad, nuevos avances se proponen para mejorar los mecanismos de privacidad la mayoría centrados en la automatización, selección de grano fino, y uso de características extraídas de la información y sus interacciones para recomendar la mejor política de privacidad para el usuario. A pesar de estos avances, muchos estudios han demostrado que la preocupación de los usuarios por la privacidad no se corresponde con las decisiones que finalmente toman en las redes sociales. Este desajuste en el comportamiento de los usuarios podría deberse a la complejidad del propio concepto de privacidad. Este inconveniente hace que los usuarios ignoren los riesgos de privacidad, o los perciban como temporalmente distantes. Otra causa del desajuste en el comportamiento de los usuarios podría deberse a la complejidad del proceso de toma de decisiones sobre la privacidad. Esto se debe a que los usuarios deben considerar todos los escenarios posibles y los factores involucrados (por ejemplo, el número de amigos, el tipo de relación, el contexto de la información, etc.) para tomar una decisión apropiada sobre la privacidad. Las principales contribuciones de esta tesis son el desarrollo de métricas para evaluar los riesgos de privacidad, y la propuesta de mecanismos de privacidad explicables (haciendo uso de las métricas desarrolladas) para asistir y concienciar a los usuarios durante el proceso de decisión sobre la privacidad. Atendiendo a la definición del concepto de la privacidad, las dimensiones del alcance de la información y la sensibilidad de la información se han considerado en esta tesis para evaluar los riesgos de privacidad. En cuanto a los mecanismos de privacidad explicables, se han diseñado utilizando técnicas de paternalismo blando y elementos de gamificación que hacen uso de las métricas propuestas. Estos mecanismos se han integrado en la red social PESEDIA y evaluado en experimentos con usuarios reales. PESEDIA es una red social desarrollada en el marco de la tesina de Master del doctorando [15], esta tesis y los proyectos nacionales “Privacidad en Entornos Sociales Educativos durante la Infancia y la Adolescencia” (TIN2014-55206-R) y “Agentes inteligentes para asesorar en privacidad en redes sociales” (TIN2017-89156-R). Los resultados confirman la validez de las métricas propuestas para calcular el alcance de los usuarios y la sensibilidad de las publicaciones de las redes sociales. En cuanto a la métrica del alcance, los resultados también mostraron la posibilidad de estimarla mediante métricas de centralidad local y social para escenarios con acceso limitado a la información. En cuanto a la métrica de sensibilidad, los resultados también pusieron de manifiesto la falta de concordancia de los usuarios en el caso de algunos tipos de información y el consenso en el caso de la mayoría de ellos. El uso de estas métricas como parte de los mensajes sobre las posibles consecuencias de las opciones de política de privacidad y las acciones de intercambio de información a los usuarios mostró efectos positivos en el comportamiento de los usuarios con respecto a la privacidad. Además, los resultados de la exploración de la compensación de los usuarios entre los costos y los beneficios durante las acciones de divulgación de información personal mostraron relaciones significativas con los círculos sociales habituales (familiares, amigos, compañeros de trabajo y usuarios desconocidos) y sus propiedades. Esto permitió diseñar mejores mecanismos de privacidad que restringen adecuadamente el acceso a la información y reducen los arrepentimientos. Por último, los elementos de gamificación aplicados a las redes sociales y a la privacidad de los usuarios mostraron un efecto positivo en el comportamiento de los usuarios hacia la privacidad y las prácticas seguras en las redes sociales. / [CA] En l’actualitat, les xarxes socials s’han convertit en un fenomen cultural dominant per a milions d’usuaris d’Internet. Les xarxes socials són un entorn ideal per a la generació de tota mena de beneficis socials per als usuaris. Els usuaris comparteixen experiències, mantenen el contacte amb els seus familiars, amics i coneguts, i obtenen beneficis econòmics gràcies al poder de la seva influència (el que es tradueix en noves oportunitats de treball). No obstant això, l’ús de les xarxes socials i l’acció de compartir informació implica la perduda de la privacitat dels usuaris. Recentment ha emergit un gran interès per protegir la privacitat dels usuaris. Aquesta situació s’ha degut als casos de penediments documentats en les accions dels usuaris, escàndols empresarials produïts per usos indeguts de la informació personal, i als caires que introdueixen els mecanismes de privacitat. Els proveïdors de xarxes socials han inclòs millores en els seus sistemes per a reduir els riscos en privacitat dels usuaris; per exemple, restringint les polítiques de privacitat per defecte, afegint nous elements de configuració de la privacitat, i dissenyant accessos fàcils i directes per a configurar la privacitat dels usuaris. En el camp de la recerca de la privacitat, nous avanços es proposen per a millorar els mecanismes de privacitat la majoria centrats en l’automatització, selecció de gra fi, i ús de característiques extretes de la informació i les seues interaccions per a recomanar la millor política de privacitat per a l’usuari. Malgrat aquests avanços, molts estudis han demostrat que la preocupació dels usuaris per la privacitat no es correspon amb les decisions que finalment prenen en les xarxes socials. Aquesta desalineació en el comportament dels usuaris podria deure’s a la complexitat del propi concepte de privacitat. Aquest inconvenient fa que els usuaris ignorin els riscos de privacitat, o els percebin com temporalment distants. Una altra causa de la desalineació en el comportament dels usuaris podria deure’s a la complexitat del procés de presa de decisions sobre la privacitat. Això es deu al fet que els usuaris han de considerar tots els escenaris possibles i els factors involucrats (per exemple, el nombre d’amics, el tipus de relació, el context de la informació, etc.) per a prendre una decisió apropiada sobre la privacitat. Les principals contribucions d’aquesta tesi són el desenvolupament de mètriques per a avaluar els riscos de privacitat, i la proposta de mecanismes de privacitat explicables (fent ús de les mètriques desenvolupades) per a assistir i conscienciar als usuaris durant el procés de decisió sobre la privacitat. Atesa la definició del concepte de la privacitat, les dimensions de l’abast de la informació i la sensibilitat de la informació s’han considerat en aquesta tesi per a avaluar els riscos de privacitat. Respecte als mecanismes de privacitat explicables, aquests s’han dissenyat utilitzant tècniques de paternalisme bla i elements de gamificació que fan ús de les mètriques propostes. Aquests mecanismes s’han integrat en la xarxa social PESEDIA i avaluat en experiments amb usuaris reals. PESEDIA és una xarxa social desenvolupada en el marc de la tesina de Màster del doctorant [15], aquesta tesi i els projectes nacionals “Privacitat en Entorns Socials Educatius durant la Infància i l’Adolescència” (TIN2014-55206-R) i “Agents Intel·ligents per a assessorar en Privacitat en xarxes socials” (TIN2017-89156-R). Els resultats confirmen la validesa de les mètriques propostes per a calcular l’abast de les accions dels usuaris i la sensibilitat de les publicacions de les xarxes socials. Respecte a la mètrica de l’abast, els resultats també van mostrar la possibilitat d’estimarla mitjançant mètriques de centralitat local i social per a escenaris amb accés limitat a la informació. Respecte a la mètrica de sensibilitat, els resultats també van posar de manifest la falta de concordança dels usuaris en el cas d’alguns tipus d’informació i el consens en el cas de la majoria d’ells. L’ús d’aquestes mètriques com a part dels missatges sobre les possibles conseqüències de les opcions de política de privacitat i les accions d’intercanvi d’informació als usuaris va mostrar efectes positius en el comportament dels usuaris respecte a la privacitat. A més, els resultats de l’exploració de la compensació dels usuaris entre els costos i els beneficis durant les accions de divulgació d’informació personal van mostrar relacions significatives amb els cercles socials habituals (familiars, amics, companys de treball i usuaris desconeguts) i les seves propietats. Això ha permés dissenyar millors mecanismes de privacitat que restringeixen adequadament l’accés a la informació i redueixen els penediments. Finalment, els elements de gamificació aplicats a les xarxes socials i a la privacitat dels usuaris van mostrar un efecte positiu en el comportament dels usuaris cap a la privacitat i les pràctiques segures en les xarxes socials. / Alemany Bordera, J. (2020). Measures of Privacy Protection on Social Environments [Tesis doctoral no publicada]. Universitat Politècnica de València. https://doi.org/10.4995/Thesis/10251/151456 / TESIS

Privacy

Online Social Networks

Access Control

Users' Scope

Information Sensitivity

Privacy Calculus

Nudge Mechanisms

Gamification

LENGUAJES Y SISTEMAS INFORMATICOS

WWW Privacy - P3P Platform of Privacy Preferencers

Foerster, Marian

10 July 2000

Gemeinsamer Workshop von Universitaetsrechenzentrum und Professur Rechnernetze und verteilte Systeme (Fakultaet fuer Informatik) der TU Chemnitz. Workshop-Thema: Infrastruktur der ¨Digitalen Universitaet¨ WWW Privacy - P3P Platform of Privacy Preferencers Der Vortrag soll einen Einblick in das z.Zt. noch in der Entwicklung stehenden Protokolls P3P des W3C geben. Dabei wird das Grundprinzip von P3P, einige technische Realisierungsmoeglichkeiten sowie ein Demo-Einkaufssystem vorgestellt.

info:eu-repo/classification/ddc/004

ddc:004

P3P

Digitale Universitaet

WWW Privacy

Platform of Privacy Preferencers

Online Privatsphaere

Role Management in a Privacy-Enhanced Collaborative Environment

Lorenz, Anja, Borcea-Pfitzmann, Katrin

January 2010

Nowadays, social software is in demand in very different settings. Managing relationships (e.g., social networking sites) and content sharing (e.g., photo sharing), but also collaborative working via the Internet became a widely accepted part of the social lives of people. Especially, collaborative environments provide platforms supporting users in creating and exchanging new ideas, material, and conducting discussions, but also in representing themselves by allowing for according profile management etc., cf. [KR07]. Supporting the users’ privacy in such interactive environments stands in sharp contrast to the objectives of collaboration. However, previous work has shown that different approaches may overcome this ostensible contradiction. One further approach is subject of this paper and consists of a differentiated role management. Accordingly, this paper describes the particular settings of applications shaping Privacy-Enhanced Collaborative Environments (PECE), for which a comprehensive role management has to be realized. The paper discusses the implications on the role concept resulting from the privacy-related settings and introduces a three-dimensional approach for roles in a collaborative environment.

info:eu-repo/classification/ddc/000

ddc:000

Rollenmanagement, PECE, Privacy

Role Management, PECE, Privacy

Brain Computer Interface (BCI) Applications: Privacy Threats and Countermeasures

Bhalotiya, Anuj Arun

05 1900

In recent years, brain computer interfaces (BCIs) have gained popularity in non-medical domains such as the gaming, entertainment, personal health, and marketing industries. A growing number of companies offer various inexpensive consumer grade BCIs and some of these companies have recently introduced the concept of BCI "App stores" in order to facilitate the expansion of BCI applications and provide software development kits (SDKs) for other developers to create new applications for their devices. The BCI applications access to users' unique brainwave signals, which consequently allows them to make inferences about users' thoughts and mental processes. Since there are no specific standards that govern the development of BCI applications, its users are at the risk of privacy breaches. In this work, we perform first comprehensive analysis of BCI App stores including software development kits (SDKs), application programming interfaces (APIs), and BCI applications w.r.t privacy issues. The goal is to understand the way brainwave signals are handled by BCI applications and what threats to the privacy of users exist. Our findings show that most applications have unrestricted access to users' brainwave signals and can easily extract private information about their users without them even noticing. We discuss potential privacy threats posed by current practices used in BCI App stores and then describe some countermeasures that could be used to mitigate the privacy threats. Also, develop a prototype which gives the BCI app users a choice to restrict their brain signal dynamically.

Brain computer interface (BCI)

Brainwave Signal

Electroencephalography (EEG)

Privacy

Mobile Application

Computer Science

Brain-computer interfaces.

Privacy.

Computer security.