Dohled a etika / Surveillance and Ethics

Slavíček, Daniel

January 2012

The theme of the dissertation is surveillance. Its aim is to answer the following question: up to what extend do we live in a society, which may be described as a surveillance society. For this purpose it defines, what is meant by surveillance, how surveillance evolved through history, which theories relevantly describe this phenomenon and in which spheres surveillance is notable. The dissertation introduces the main theories of the multi-disciplinary field of surveillance studies, which has been developing over the last twenty years. Special attention is focused on CCTV systems. At the same time, the thesis focuses on ethical problems of surveillance, i.e. privacy, discrimination, social exclusion, transparency and responsibility.

Estimating Accuracy of Personal Identifiable Information in Integrated Data Systems

Shatnawi, Amani "Mohammad Jum'h" Amin

01 August 2017

Without a valid assessment of accuracy there is a risk of data users coming to incorrect conclusions or making bad decision based on inaccurate data. This dissertation proposes a theoretical method for developing data-accuracy metrics specific for any given person-centric integrated system and how a data analyst can use these metrics to estimate the overall accuracy of person-centric data. Estimating the accuracy of Personal Identifiable Information (PII) creates a corresponding need to model and formalize PII for both the real-world and electronic data, in a way that supports rigorous reasoning relative to real-world facts, expert opinions, and aggregate knowledge. This research provides such a foundation by introducing a temporal first-order logic language (FOL), called Person Data First-order Logic (PDFOL). With its syntax and semantics formalized, PDFOL provides a mechanism for expressing data- accuracy metrics, computing measurements using these metrics on person-centric databases, and comparing those measurements with expected values from real-world populations. Specifically, it enables data analysts to model person attributes and inter-person relations from real-world population or database representations of such, as well as real-world facts, expert opinions, and aggregate knowledge. PDFOL builds on existing first-order logics with the addition of temporal predicated based on time intervals, aggregate functions, and tuple-set comparison operators. It adapts and extends the traditional aggregate functions in three ways: a) allowing any arbitrary number free variables in function statement, b) adding groupings, and c) defining new aggregate function. These features allow PDFOL to model person-centric databases, enabling formal and efficient reason about their accuracy. This dissertation also explains how data analysts can use PDFOL statements to formalize and develop formal accuracy metrics specific to a person-centric database, especially if it is an integrated person- centric database, which in turn can then be used to assess the accuracy of a database. Data analysts apply these metrics to person-centric data to compute the quality-assessment measurements, YD. After that, they use statistical methods to compare these measurements with the real-world measurements, YR. Compare YD and YR with the hypothesis that they should be very similar, if the person-centric data is an accurate and complete representations of the real-world population. Finally, I show that estimated accuracy using metrics based on PDFOL can be good predictors of database accuracy. Specifically, I evaluated the performance of selected accuracy metrics by applying them to a person-centric database, mutating the database in various ways to degrade its accuracy, and the re-apply the metrics to see if they reflect the expected degradation. This research will help data analyst to develop an accuracy metrics specific to their person-centric data. In addition, PDFOL can provide a foundation for future methods for reasoning about other quality dimensions of PII.

data accuracy

integrated personal data

personal identifiable information

estimated accuracy of person data

Computer Sciences

Databases and Information Systems

[en] CIVIL LIABILITY IN THE PROTECTION OF HUMAN DATA / [pt] RESPONSABILIDADE CIVIL NA PROTEÇÃO DE DADOS DA PESSOA HUMANA

MARIA REGINA PINTO GUIMARAES

28 June 2023

[pt] A dissertação analisa o sistema de responsabilidade civil previsto na Lei Geral de Proteção de Dados Pessoais (LGPD). No cenário das novas tecnologias na Sociedade da Informação, a proteção de dados assume enorme relevância e exige tutela específica, para além da privacidade e da autodeterminação informativa. O objetivo do sistema desenvolvido pela LGPD foi o de estabelecer regras e limites para determinar como os dados pessoais devem ser tratados a fim de prevenir e evitar ocorrências de danos. Com o objetivo da prevenção, além do ressarcimento, a lei não entabulou expressamente a natureza da responsabilidade civil dos agentes de tratamento de dados pessoais, se subjetiva ou objetiva. Pretendeu-se neste trabalho responder à seguinte questão: de que modo está articulada a dinâmica da responsabilidade civil na Lei Geral de Proteção de Dados Pessoais? A hipótese deste estudo considera que compreender a normativa atinente à responsabilidade civil na Lei Geral de Proteção de Dados Pessoais não passa, necessariamente, pela escolha entre as espécies tradicionais de responsabilidade civil, se subjetiva ou objetiva. Considerou, ao contrário, que o legislador da LGPD criou um sistema novo de responsabilização, de tipo preventivo-precautório, com vistas a assegurar de modo primordial a garantia da privacidade dos dados pessoais, o que nem mesmo poderia se realizar plenamente no tradicional perfil do ressarcimento do dano. Assumiu, portanto, importância fundamental a função preventiva da responsabilidade civil no sentido de que os danos devem ser evitados, de modo a cumprir o objetivo constitucional de solidariedade social e concretizar os valores existenciais. Esta análise tem caráter eminentemente compreensivo com enfoque qualitativo, tendo em vista que parte da interpretação constitucionalizada da responsabilidade civil ante a atualização de seu fundamento como instituto essencial de proteção e promoção dos direitos fundamentais da pessoa humana. / [en] The dissertation analyzes the system of civil liability provided for in the General Law for the Protection of Personal Data (LGPD). In the scenario of new technologies in the Information Society, data protection is of enormous relevance and requires specific protection and privacy and informational self-determination. The object of the system developed by the LGPD was to determine rules and limits to determine how personal data should be treated to prevent and prevent damage. With the objective of prevention, in addition to reimbursement, the law has not expressly implied the nature of the civil liability of agents of personal data processing, whether subjective or objective. This paper aims to answer the following question: how are the dynamics of civil liability articulated in the General Law for the Protection of Personal Data? The hypothesis of this study considers that understanding the norms related to civil liability in the General Law on the Protection of Personal Data does not necessarily pass through the choice between traditional types of civil liability, whether subjective or objective. It considered, on the contrary, that the LGPD legislature created a new system of accountability, of a preventive-precautionary type, intending to guarantee the privacy of personal data, which could not even be fully realized in the traditional profile of compensation for damage. The preventive function of civil liability has assumed fundamental importance in that damages must be avoided to meet the constitutional objective of social solidarity and achieve existential values. This analysis has an eminently comprehensive character with a qualitative focus, considering that part of the constitutionalized interpretation of civil liability before updating its foundation as an essential instance for the protection and promotion of the fundamental rights of the human person.

[pt] RESPONSABILIDADE CIVIL

[pt] TUTELA PREVENTIVA

[pt] LGPD

[pt] PROTECAO DE DADOS PESSOAIS

[en] LIABILITY

[en] PREVENTIVE PROTECTION

[en] LGPD

[en] PROTECTION OF PERSONAL DATA

Dohled a etika / Surveillance and Ethics

Slavíček, Daniel

January 2012

The theme of the dissertation is surveillance. Its aim is to answer the following question: up to what extend do we live in a society, which may be described as a surveillance society. For this purpose it defines, what is meant by surveillance, how surveillance evolved through history, which theories relevantly describe this phenomenon and in which spheres surveillance is notable. The dissertation introduces the main theories of the multi-disciplinary field of surveillance studies, which has been developing over the last twenty years. Special attention is focused on CCTV systems. At the same time, the thesis focuses on ethical problems of surveillance, i.e. privacy, discrimination, social exclusion, transparency and responsibility.

Evaluating the Ownership of Personal data in the Cloud by Optimizing the IT Architecture : Applying a reference architecture to make the ownership of personal data more clear within an organization

Myrsell, Tilda, Hulteberg, Sofie

January 2023

​​Cloud computing is an area that many companies use in order to stay in line with technological development. To keep these systems productive and easily managed, a reference architecture can be used as a framework and also as a manual on how to structure an organization to suit its specific needs and goals. The reference architecture can make it easier to divide responsibility as well as working tasks within an organization. One company facing the challenges that comes with cloud based systems is Vattenfall, one of the biggest energy companies in Europe. An organization like Vattenfall handles a great load of customer data which is to be controlled and protected in every way. In order to keep on making sure that these systems are efficient and secure, a reference architecture could be a helpful tool.   ​With the purpose of investigating how a section within Vattenfall’s IT department can use a reference architecture to determine the ownership of customers’ personal data more easily, an interview study was conducted. The interviews focused on evaluation of how employees’ reason when handling customers’ personal data within cloud environments. The reference architecture found most suitable for handling personal data was the international standard ISO/IEC 17789. It describes multiple work roles within cloud computing which can make the process of handling sensitive information clearer and easier. The data collected from the interviews was later applied to this reference architecture in order to see how it can be used in order to more easily divide responsibility. The study could in the end present several recommendations as to how the department should divide responsibilities and raise awareness regarding the topic amongst employees in order to increase data security.   ​Finally, the expected value created from implementing these recommendations and applying the reference architecture to the organization is expected to be high. The thesis concluded that the chosen reference architecture can be applied to the Vattenfall organization. With a few organizational changes, the responsibility regarding customers’ personal data can be divided more easily amongst the employees and the security can be improved. The recommendations presented could benefit the organization and raise awareness of the topic amongst employees.

Cloud computing

reference architecture

personal data

international standard ISO/IEC 17789

data security

data ownership

Computer and Information Sciences

Data- och informationsvetenskap

Consumers Data: When the Private Goes Public : An exploratory study on consumers’ concerns in the public and private spheres of e-commerce.

Nablsi, Ray, Al-Bardan, Ouras

January 2023

In the digital era, e-commerce has gained significant traction, displacing traditional brick-and-mortar stores. However, this transition has raised concerns among consumers regarding e-privacy and e-security. Disclosing personal information on public e-commerce platforms exposes individuals to potential risks, such as data breaches. It is crucial to address and understand these concerns to foster consumer trust and ensure the sustained growth and success of e-commerce. Therefore, this research employs a qualitative deductive approach which is valuable in achieving the purpose of this paper, in exploring consumers' concerns in e-commerce when the private goes public. Thus, semi-structured interviews were conducted with eight (8) participants to ensure the gathering of in-depth information.  The key findings of this study emphasise that despite their concerns, consumers continue to engage in e-commerce due to its convenience. Trust in reputable e-commerce platforms is critical in alleviating privacy concerns. Individual knowledge and past experiences shape consumers' concerns, highlighting the significance of utilising trusted platforms and third-party payment methods. However, there remains a lingering caution stemming from potential hidden costs and fears of data misuse. The study underlines the importance for businesses to prioritise privacy and security measures, enhance transparency, and build trust. Additionally, it recommends implementing more explicit privacy policies and increasing consumer education on these matters.

Consumers’ concerns

e-privacy

e-security

e-commerce

personal data

private sphere

public sphere.

Media and Communications

Medie- och kommunikationsvetenskap

Economics and Business

Ekonomi och näringsliv

Proteção de dados pessoais: um direito relevante no mundo digital / Protection of personal data: a relevant law in the digital Word

Henrique, Lygia Maria Moreno Molina

22 February 2016

Made available in DSpace on 2016-04-26T20:24:13Z (GMT). No. of bitstreams: 1 Lygia Maria Moreno Molina Henrique.pdf: 615418 bytes, checksum: c987b4fdb53a154420790f23c0ef6d1f (MD5) Previous issue date: 2016-02-22 / This work has as its central point the study of the right to protection of personal data and how this right is related to the flow of personal data, driven by dynamic new Internet economy. Reflectively, we will analyze issues relevant to the topic and to the current moment, starting with a social approach, broader and more comprehensive, which unfolded form will culminate in the development of the protection of personal data, both in international law, as in Brazil. Also, it will be object of study the use of data as a raw material for the provision of the services offered by companys.com, in order to create innovation and increase competition between them. As well as, we will demonstrate which options of control and protection of personal data the consumer / user has to protect their privacy. Conclusively, by evaluation of brazilian legislative propositions about personal data protection, we will issue a critical-reflective judgment about the failures and successes of each one front to the topics relevant to the protection of personal data / Essa dissertação tem como ponto central o estudo do direito à proteção de dados pessoais e de que modo este direito se relaciona com a circulação de dados pessoais, impulsionada pela nova e dinâmica economia da Internet. De forma reflexiva, analisaremos questões pertinentes ao tema e ao momento atual, iniciando com uma abordagem social, mais ampla e abrangente, a qual de forma desdobrada culminará na evolução da tutela de dados pessoais, tanto na legislação internacional, como na brasileira. Será ainda, objeto de estudo a utilização dos dados como matéria-prima para prestação dos serviços das empresas.com, de modo a criar inovações e acirrar a concorrência entre estas. Assim como, vamos demonstrar quais as opções de controle e tutela em relação à circulação de dados pessoais o consumidor/usuário possui a resguardar sua privacidade. De modo conclusivo, mediante a avaliação das proposituras legislativas brasileiras acerca da proteção de dados pessoais, emitiremos um juízo crítico-reflexivo sobre as falhas e êxitos de cada propositura, frente aos temas relevantes à tutela de dados pessoais

Proteção de dados pessoais

Economia da Internet

Privacidade

Circulação de dados pessoais

Dados como matéria-prima

Evolução da tutela de dados pessoais

Buscadores

Busca enviesada

Direito de escolha do consumidor

Prosumer

Web 2.0

Direito ao esquecimento

Personal data protection

Internet economy

Privacy

Personal data circulation

Data as a raw material

Evolution of personal data protection

Searcher

Search bias

Right of choice of the consumer

Prosumer

Right to be forgotten

Řízení provozu IT v modelu MBI se zaměřením na prostředí středních škol / IT Management in MBI Focused on Secondary Schools

Černohorský, Jan

January 2014

The aim of my thesis is to elucitade MBI model to primary and secondary educational system, it means to schools and their elected IT processes from practical point of view. The reference model of Management Business Information is developed at the Department of Information at the Faculty of Information and Statistics at the School of Economics in Prague. The theoretical part of my thesis deals with elucitading of the reference MBI model to a reader. It briefly summarizes IT processes at educational system and refers to sources used while defining new MBI objects. This chapter also defines elected IT processes at educational system for which there are made MBI objects in a practical part of my thesis. In practical part of my thesis there are made proposals of defined objects including samples of documentation patterns. These objects are presented in charts that correspond with a format of MBI objects. In the last part of my thesis there is an example of applying the defined objects in practice while solving the process of installation the safety (camera) system with recording -- personal data processing. The proposals of defined objects are also published on MBI portal.

Управление деятельностью по обработке персональных данных на примере региональных органов Роскомнадзора : магистерская диссертация / Management of personal data processing on the example of regional bodies of Roskomnadzor

Бураков, В. В., Burakov, V. V.

January 2019

The master's work consists of 74 sheets, 59 bibliographic sources are used. The relevance of the research topic. The activity of Roskomnadzor in protecting the rights of personal data subjects, with the increasing influence of information technology on all spheres of society, is more important than ever. At the same time, the activities of this body are not as effective as modern realities require. Protocol of amendments to the said Convention in October 2018. The purpose of this master's thesis is to explore the management of personal data processing activities and formulate recommendations for its improvement. To achieve this goal it is necessary to solve the following tasks: get acquainted with the theoretical foundations of the processing of personal data; to compile a characteristic of Roskomnadzor as a state body and business entity using the example of the Roskomnadzor Office in the Urals Federal District; to analyze the results of Roskomnadzor's activities in the field of personal data; develop recommendations for improving the activities of Roskomnadzor in the field of personal data. The studies carried out allowed the formation of a number of measures to improve the activities of Roskomnadzor in protecting the rights of personal data subjects. The significance of the developed measures is characterized by an increase in the effectiveness of the fight against offenses in all spheres of society. / Магистерская работа состоит из 74 листа, использовано 59 библиографических источников. Актуальность темы исследование. Деятельность Роскомнадзора по защите прав субъектов персональных данных, с увеличением влияния информационных технологий на все сферы жизни общества важна как никогда. При этом, деятельность этого органа не так эффективна, как того требуют современные реалии. Протокола изменений к упомянутой Конвенции в октябре 2018 года. Цель данной магистерской диссертации – исследовать управление деятельностью по обработке персональных данных и сформировать рекомендации по её совершенствованию. Для достижения поставленной цели необходимо решить следующие задачи: ознакомиться с теоретическими основами обработки персональных данных; составить характеристику Роскомнадзора как государственного органа и хозяйствующего субъекта на примере Управления Роскомнадзора по Уральскому федеральному округу; провести анализ результатов деятельности Роскомнадзора в области персональных данных; разработать рекомендации по совершенствованию деятельности Роскомнадзора в сфере персональных данных. Проведенные исследования позволили сформировать ряд мероприятий по совершенствованию деятельности Роскомнадзора по защите прав субъектов персональных данных. Значимость разработанных мероприятий характеризуется повышением эффективности борьбы с правонарушениями во всех сферах жизни общества.

MASTER'S THESIS

PERSONAL DATA

PROFESSIONAL ACTIVITIES

PERSONAL DATA SUBJECT

DIRECTIVE 95/46/EC

INVIOLABILITY PRINCIPLE

LIABILITY PRINCIPLE

BIG DATA

PERSONAL DATA LAW

ПЕРСОНАЛЬНЫЕ ДАННЫЕ

ДИРЕКТИВА 95/46/ЕС

БОЛЬШИЕ ДАННЫЕ

Personuppgiftslagens efterlevnad i samband med IT-övervakning : En studie av medelstora callcenterverksamheter

Eklund, Per, Forsman, Olof

January 2010

<p>I Datainspektionens rapporter 2003:3 och 2005:3 har myndigheten granskat hur personuppgifter behandlas i samband med arbetsgivares övervakning av anställda. Resultaten av dessa rapporter har visat på förekommande brister i förhållande till personuppgiftslagen i många av de granskade verksamheterna.</p><p>Mot denna bakgrund har en fallstudie av ett medelstort callcenterföretag genomförts för att ur ett tekniskt perspektiv undersöka hur väl personuppgiftslagen följs i samband med företagets övervakning av sin personal. Utifrån brister identifierade i fallstudien har en mindre kartläggning av liknande företag genomförts i ett försök att mäta graden av generaliserbarhet i de identifierade bristerna.</p><p>De brister som har identifierats i fallstudien rör i första hand otillfredsställande rutiner för gallring av personuppgifter vid e-postövervakning samt avsaknad av information till de anställda om vilka kontroller som sker i samband med detta. Behov av en uppdatering av företagets IT-policy samt ett behov av en övervakningslösning för personalens internetanvändande kunde också noteras.</p><p>Kartläggningen har givit antydningar om att liknande brister vad gäller rutiner för gallring samt bristande information kan tänkas förekomma även hos andra medelstora callcenterföretag.</p><p>Slutsatsen av arbetet är att flera av de brister som uppdagades av Datainspektionen för fem år sedan tycks göra sig gällande bland vissa medelstora callcenterföretag även idag.</p> / <p>In the 2003:3 and 2005:3 reports issued by the Swedish Data Inspection Board, the authority examined the treatment of personal data related to employer surveillance of employees. The reports indicated flaws occurring in regard to the Personal Data Act in several of the examined businesses.</p><p>In reference to this, a case study of a mid-sized call center was conducted to examine, from a technical point of view, the degree of compliance with the Personal Data Act regarding the company's surveillance of its employees. Based upon flaws found in the case study, a minor survey of similar companies was conducted in an attempt to measure the degree of generalizability of the identified flaws.</p><p>The flaws identified in the case study are mainly related to unsatisfactory routines for sorting out personal data during e-mail surveillance and lack of information given to employees about the conducting of checks related to this. A need to update the company's corporate IT policy and a need for a web surveillance solution were also noted.</p><p>The survey has indicated that similar flaws regarding screening routines and lack of information also might occur at other mid-sized call center companies.</p><p>The conclusion of the study is that several of the flaws the Swedish Data Inspection Board discovered five years ago still seem to be applicable among some mid-sized call center companies.</p>

Personal Data Act

Data Inspection Board

surveillance

call center

integrity

logging

Personuppgiftslagen

PuL

Datainspektionen

övervakning

callcenter

integritet

loggning

Computer science

Datavetenskap