Blodspår i arkiven : Om integritet, personuppgifter och DNA-släktforskning i brottsutredningar / Bloodlines in the archives : About integrity, personal data and DNA genealogy in criminal investigation

Petersson, Rebecka, Persson, Cecilia

January 2021

In 2004 there was a double homicide in a Swedish town called Linköping, a small amount of DNA was found at the scene. Despite a largescale investigation, this murder would go unsolved for 16 years. In 2020 a Swedish genealogist was hired by the Swedish police and through an American commercial DNA database he was able to find the man that had gone unfound for so long. This was made possible through a change of Swedish laws in connection with the European Union’s Data Protection Regulation (GDPR), a regulation that protect the integrity of the personal data of Europeans. We have investigated how the evolution of these two legal frameworks coincides with each other, making this rather paradoxical situation possible. We have also investigated how this rather invasive technology is viewed by Swedish genealogists. These websites with their immense databases, and the technological developments in DNA technology, have changed genealogy. But they have also changed the genealogist, the foremost user of the archives today. We wanted to find out how.The investigation was conducted on three analytical levels: the legal/political, the medial and the individual level. On the legal/political level the material consists of legal texts, transcribed protocols from the Swedish Riksdag, but also two different reports on the legal status of using genetic genealogy as a method of criminal investigation. On the medial level the material consists of commercials for genealogy databases, documentaries and talk shows concerning the investigation of the murder in Linköping. On the individual level the material consists of surveys and interviews with genealogists. Follow us as we alongside police and genetic genealogists follow the bloodlines running through the archives. This is a two years master's thesis in Archival science.

Genetic genealogy

DNA genealogy

GDPR

Personal data

Integrity

Archival science

Information science

DNA-släktforskning

genetisk genealogi

GDPR

Brottsdatalagen

biopolitik

integritet

personuppgifter

arkivvetenskap

informationsvetenskap

Other Humanities not elsewhere specified

Övrig annan humaniora

Den digitalt suveräna staten : En undersökning av inställningen till nationell datalagring av personuppgifter hos statliga myndigheter / The digitally sovereign state : An investigation into the attitude towards national data storage of personal data within Swedish public authorities

Gordon Hultsjö, Joel

January 2021

The number of scandals during the past years regarding the use and misuse of digital storage of personal infor-mation in combination with the implementation of the General Data Protection Regulation (GDPR) within the EU member states, has resulted in a resurfaced discussion of sovereignty within the public sphere in relation to the storage of digital information. This master thesis examines the attitudes towards national data storage of personal data within twenty Swedish public agencies in the context of the analytical term Digital sovereignty.The thesis uses semi-structured interviews with employees working with data protection and qualitative con-tent analysis of internal documents connected to personal data management, in order to examine Swedish govern-ment agencies attitudes towards national data storage of personal information. The responses of the interviews and the internal policy documents in the area of personal data protections is viewed through the analytic term Digital sovereignty. The government agency the Swedish social security agency’s definition of Digital sovereignty is used in the thesis, which focuses on national governments ability to have control over both the technical and geograph-ical processing and storage of their citizen’s personal data.The thesis concludes that Swedish authorities takes the risk of transfer of personal data to third countries outside of the EU very seriously, while they also see the need to find legal ways to transfer personal data to these same countries. The thesis also concludes that Swedish government agencies try to avoid cloud services and are cautious in their use due to the implications they have for information and data security, while other research have shown that cloud services are used extensively within Swedish government agencies. The thesis also concludes that there is a lack of interest in national data storage of personal information within Swedish government, which can partially be attributed to the relationship between the General Data Protections Regulation and data storage regulation on a national level in Sweden. This leads to the final conclusion in this thesis, which is that there is some indication that the future of storage of personal data with the EU member states lies not in nationally managed cloud services, but rather in a federated cloud service on EU-level such as the currently ongoing project Gaia-X. This is a two years master's thesis in Archival science.

Digital Sovereignty

Cloud Service

Data storage

GDPR

Government Agencies

Information security

Digital suveränitet

Molntjänst

Datalagring

Dataskyddsförordningen

GDPR

Personuppgifter

Statliga myndigheter

Informationssäkerhet

Tredjelandsöverföring.

Other Humanities not elsewhere specified

Övrig annan humaniora

Právo na zapomnění v prostředí internetu / The right to be forgotten on the internet

Jůzová, Jana

January 2016

Diploma thesis The Right to be Forgotten on the Internet applies to the functions of Internet search engines, search algorithms and the impact of the digital footprint that on the Internet user essentially leaves. With this issue is, on the one hand, inseparably linked the protection of personal data in the online environment, on the other hand the constitutionally enshrined right to information and other fundamental rights. Not ignored should be also the risk of censorship of the Internet. An application of the right to be forgotten adds a whole new dimension to this problems. The right to be forgotten is inferred from the judgment of the European Court of Justice on 13 May 2014 in the case Costeja versus Google Spain, where an Internet user named Mario Costeja Gonzáles first succeeded with a request of removal of unflattering information about himself from results of the search engine Google. Thus a reform precedent will have a big impact on seeking information on the Internet in the future, since the pronouncement of the judgment about the removal of his personal data may ask any European Internet user. The thesis aims to analyze the issue of right to be forgotten in the context of searching for information on the Internet in the European Internet environment - it means not to be searched on the...

HYPERCONNECTIVITY GIVETH AND TAKETH AWAY: RECONCILING BEING AN “ALWAYS-ON” EMPOWERED CONSUMER AND PRIVACY IN AN ERA OF PERVASIVE PERSONAL DATA EXCHANGES

Iucolano, Donna M.

23 May 2019

No description available.

Management

Marketing

Technology

Information Science

always-on consumer

consumer connectivity

privacy

personal data exchanges

consumer empowerment

disempowerment

fairness of exchanges

consumer acceptance

consumer decision making

shopping

digital commerce

mixed methods

cluster analysis

"Jag vill inte alltid behöva se mig om utifrån mitt yrkesval" : En kvalitativ studie om socialsekreterares upplevelser av klientutövat hot och våld / “I don’t want to have to look over my shoulder based of my career choice" : A qualitative study of social workers experiences of client-perpetrated threats and violence

Darwich, Helin, Tutuncu, Dilara

January 2023

Syftet med denna studie var att undersöka socialsekreterares erfarenheter och upplevelser av klientutövat hot och våld i arbetet med barn och unga. Det har gjorts en kvalitativ studie med en semistrukturerad intervjumetod och det har genomförts sex intervjuer. Empirin har tolkats utifrån en tematisk analys och en hermeneutisk meningstolkning. Materialet har analyserats utifrån tidigare forskning och socialkonstruktionismen som vetenskaplig grund samt coping och rollteorin som teoretiskt perspektiv. Studien visar att socialsekreterarna beskriver klientutövat hot och våld som tvetydigt eftersom de har delade meningar om vad hot och våld är samt att allvarlighetsgraden är en påverkande faktor i det. Tröskeln kopplat till hotet och våldets omfattning inom organisationen och medarbetarna har visat sig vara hög vilket medfört att socialsekreteraren i många fall reducerar händelser av hotfull- och våldsam karaktär. Det kan handla om att tillämpa strategier i sitt vardagliga arbete för att lättare kunna hantera riskfyllda situationer och nyttja organisatoriska säkerhetsåtgärder i ett förbyggande syfte. Vidare framkom det att det egna ansvaret är centralt i hot- och våldssituationer vilket har resulterat i underrapporteringar och mindre anmälningar. Resultatet visar också att tillgängligheten av socialsekreterares personuppgifter är ett orosmoment för socialsekreterare och används som innehåll i hot som framförs. / The purpose of this study was to examine social workers experiences of client-perpetrated threats and violence in their work with children and youths. A qualitative study has been made with a semi-structured interview method and have conducted six interviews. The material has been interpreted through a thematic analysis and hermeneutic interpretation of meaning. The material has been analyzed based on previous research and social constructionism as a scientific basis and coping and role theory as a theoretical perspective. The study shows that the social workers describe client-perpetrated threats and violence as ambiguous, because they have divided opinions about what threat and violence is and that the degree of seriousness is an influencing factor. The bar for the threat and violence extent within the organization and the employees has proven to be high which has resulted in that social workers in many cases reduces incidents of threatening and violent nature. It can be about applying strategies in your everyday work to be able to handle riskful situations more easily and to use organizational security measures in a preventive purpose. Furthermore it appears that your own responsibility is central in threat and violence situations which has resulted in under-reportings and less reports. The results also show that the availability of social workers personal data is a point of concern for social workers and is being used as content in threats that are made.

Social worker

Exposure

Client-perpetrated threats and violence

Threats

Violence

Indirect violence

Culture of silence

Professional role

Availability of personal data

Socialsekreterare

Utsatthet

Klientutövat hot och våld

Hot

Våld

Indirekt våld

Tystnadskultur

Yrkesroll

Tillgänglighet av personuppgifter

Social Work

Socialt arbete

Cloud Computing and Sensitive Data : A Case of Beneficial Co-Existence or Mutual Exclusiveness?

Vaskovich, Daria

January 2015

I dag anses molntjänster vara ett omtalat ämne som har ändrat hur IT-tjänster levereras och som skapat nya affärsmodeller. Några av molntjänsternas mest frekvent nämnda fördelar är flexibilitet och skalbarhet. Molntjänster är i dagsläget extensivt använda av privatpersoner genom tjänster så som Google Drive och Dropbox. Å andra sidan kan en viss försiktighet gentemot molntjänster uppmärksammas hos de organisationer som innehar känslig data. Denna försiktighet kan anses leda till en långsammare tillämpningshastighet för dessa organisationer. Detta examensarbete har som syfte att undersöka sambandet mellan molntjänster och känslig data för att kunna erbjuda stöd och kunskapsbas för organisationer som överväger en övergång till molntjänster. Känslig data är definierat som information som omfattas av den svenska Personuppgiftslagen. Tidigare studier visar att organisationer värdesätter en hög säkerhetsgrad vid en övergång till molntjänster och ofta föredrar att leverantören kan erbjuda ett antal säkerhetsmekanismer. En molntjänsts lagliga överensstämmelse är en annan faktor som uppmärksammas. Datainsamlingen skedde genom en enkät, som var riktad till 101 av de svenska organisationerna i syfte att kartlägga användningen av molntjänster samt att identifiera möjliga bromsande faktorer. Dessutom genomfördes tre (3) intervjuer med experter och forskare inom IT-lag och/eller molnlösningar. En analys och diskussion, baserad på resultaten, har genomförts, vilket ledde till slutsatserna att en molnlösning av hybrid karaktär är bäst lämpad för den försiktiga organisationen, de olika villkoren i serviceavtalet bör grundligt diskuteras innan en överenskommelse mellan parter uppnås samt att i syfte att undvika att lösningen blir oförenlig med lagen bör främst en leverantör som är väl etablerad i Sverige väljas. Slutligen, bör varje organisation utvärdera om molntjänster kan tillgodose organisationens säkerhetsbehov, då det i stor mån berör ett risktagande. / Cloud computing is today a hot topic, which has changed how IT is delivered and created new business models to pursue. The main listed benefits of Cloud computing are, among others, flexibility and scalability. It is widely adopted by individuals in services, such as Google Drive and Dropbox. However, there exist a certain degree of precaution towards Cloud computing at organizations, which possess sensitive data, which may decelerate the adoption. Hence, this master thesis aims to investigate the topic of Cloud computing in a combination with sensitive data in order to support organizations in their decision making with a base of knowledge when a transition into the Cloud is considered. Sensitive data is defined as information protected by the Swedish Personal Data Act. Previous studies show that organizations value high degree of security when making a transition into Cloud computing, and request several measures to be implemented by the Cloud computing service provider. Legislative conformation of a Cloud computing service is another important aspect. The data gathering activities consisted of a survey, directed towards 101 Swedish organizations in order to map their usage of Cloud computing services and to identify aspects, which may decelerate the adoption. Moreover, interviews with three (3) experts within the fields of law and Cloud computing were conducted. The results were analyzed and discussed, which led to conclusions that hybrid Cloud is a well chosen alternative for a precautious organization, the SLA between the organizations should be thoroughly negotiated and that primarily providers well established on the Swedish market should be chosen in order to minimize the risk of legally non-consisting solution. Finally, each organization should decide whether the security provided by the Cloud computing provider is sufficient for organization’s purposes.

Cloud computing

public Cloud

private Cloud

delivery models

sensitive data

Personal Data Act

PuL

adaption.

Cloud computing

publikt moln

privat moln

leveranssätt

molntjänster

känslig data

personuppgifter

PuL

tillämpning av molntjänster.

Engineering and Technology

Teknik och teknologier

[en] ELECTIONS AND DATA: CONSOLIDATION OF DATA-DRIVEN CAMPAIGNS IN BRAZIL AND CHALLENGES OF THE ELECTIORAL LEGISLATION TOWARDS PERSONAL DATA PROTECTION / [pt] ELEIÇÕES E DADOS: A CONSOLIDAÇÃO DAS CAMPANHAS ORIENTADAS POR DADOS NO BRASIL E OS DESAFIOS DA LEGISLAÇÃO ELEITORAL NA TUTELA DOS DADOS PESSOAIS

NATALIA DE ANDRADE PENQUE

14 December 2023

[pt] As novas tecnologias da informação e comunicação, associadas à perda de protagonismo das mídias de massa tradicionais, impuseram às campanhas eleitorais novas formas de estruturação, de modo a atender às demandas de uma população cada vez mais habituada a consumir informação de forma rápida e simplificada. A necessária reprogramação da comunicação política fez surgir o que se entende como campanhas orientadas por dados, caracterizadas pela utilização de grandes volumes de dados pessoais na elaboração das estratégias de propaganda eleitoral. No Brasil, a positivação do impulsionamento de conteúdo on-line, em conjunto com a prática de difusão em massa de conteúdo eleitoral por aplicativos de mensagens instantâneas – observada de forma contundente nas eleições de 2018 – indicam a consolidação das campanhas orientadas por dados no cenário político-eleitoral nacional e as recentes reformas na Lei de Eleições revelam a intenção do legislador em adequar o regramento eleitoral à nova realidade das campanhas. As alterações legislativas, no entanto, não vieram acompanhada na necessária preocupação em promover uma ampla atualização da legislação eleitoral para fazer frente aos riscos que as práticas adotadas pelas campanhas orientadas por dados podem acarretar ao processo democrático, principalmente no tocante à autonomia do eleitor e à proteção de dados pessoais, demandando maiores estudos sobre o tema. / [en] New informational and communication technologies associated with traditional mass media s faltering prominence precipitated new methods of structuring electoral campaigns to meet the demands of a population increasingly used to consuming information in a fast and simplified way. The required reprogramming of political communication gave rise to what are understood as data-driven campaigns,characterized by the use of large volumes of personal data to drive electoral propaganda strategies. In Brazil, the legalization of online content boosting, along side mass dissemination of electoral content through instant messaging applications – strikingly observed in the 2018 elections – indicate the consolidation of data-driven campaigns inthe national political-electoral environment. Further, recent reforms in the Electoral Lawreveal legislators intent to adapt electoral rules to the new reality presented by these campaigns. The changes, however, were not accompanied by a much-needed, broader investigation and update of the electoral legislation to confront the risks that these data driven campaign practices bring to the democratic process, especially with regard to voter autonomy and protection of personal data.

[pt] PROTECAO DE DADOS PESSOAIS

[pt] LEGISLACAO ELEITORAL

[pt] DISPARO DE MENSAGEM EM MASSA

[pt] IMPULSIONAMENTO DE CONTEUDO ON-LINE

[pt] MICRODIRECIONAMENTO DE PROPAGANDA

[pt] CAMPANHAS ORIENTADAS POR DADOS

[en] PROTECTION OF PERSONAL DATA

[en] ELECTORAL LEGISLATION

[en] MASS MESSAGE TRIGGER

[en] ON-LINE CONTENT BOOST

[en] MICROTARGETING PROPAGANDA

[en] DATA-DRIVEN CAMPAIGN

[pt] A PROTEÇÃO DOS DADOS PESSOAIS COMO UM DIREITO FUNDAMENTAL AUTÔNOMO: BOAS PRÁTICAS DE COMPLIANCE FRENTE AO CAPITALISMO DE VIGILÂNCIA / [en] PERSONAL DATA PROTECTION AS A FUNDAMENTAL RIGHT ITSELF: COMPLIANCE GUIDELINES AGAINST THE SURVEILLANCE CAPITALISM

RAFAELA SARTORE FURQUIM

04 July 2023

[pt] Em razão do desenvolvimento tecnológico das últimas décadas, a sociedade contemporânea passou por profundas mudanças que deram origem, segundo Shoshana Zuboff, ao Capitalismo de vigilância. Diante deste cenário, o presente estudo tem por objetivo analisar os reflexos desse fenômeno no ordenamento jurídico brasileiro que justificaram a promulgação da Emenda Constitucional 115/22 e da Lei Geral de Proteção de Dados, constituindo um modelo regulatório híbrido, fortemente baseado em princípios, no qual, além de estabelecer obrigações para os agentes de tratamento, cria um ambiente de incentivo à adoção de boas práticas e de governança. Para tanto, será analisado como o compliance de dados pode ser um eficiente instrumento para promover, na prática, a adoção dos princípios da LGPD e da regulação já existente da ANPD em prol uma cultura de proteção de dados no Brasil. / [en] The technological development of recent decades, contemporary society has faced profound changes that have given rise, according to Shoshana Zuboff, to Surveillance Capitalism. Therefore, this study aims to analyze the impacts of surveillance capitalism in the brazilian legal system that justified the promulgation of Constitutional Amendment 115/22 and the Brazilian General Data Protection Law (LGPD), based on the strong principled on a hybrid regulatory model in which, in addition to establishing obligations for treatment agents, creates an environment that encourages the adoption of good practices and governance. This way, it will be analyzed how data compliance can be an efficient instrument to promote, in practice, the adoption of the LGPD principles and the ANPD regulation in a data protection culture in Brazil.

[pt] COMPLIANCE

[pt] ANPD

[pt] CAPITALISMO DE VIGILANCIA

[pt] PROTECAO DE DADOS PESSOAIS

[en] COMPLIANCE

[en] ANPD

[en] SURVEILLANCE CAPITALISM

[en] PROTECTION OF PERSONAL DATA

Vem bryr sig om etisk data? : En explorativ metodstudie om hur företag kan reflektera kring omsorg i syfte att fatta etiska beslut om data / Who cares about ethical data? : An exploratory method study on how companies can reflect on care in order to make ethical decisions about data

Berglund, Elvira, Vergara, Juliet

January 2022

When the data protection regulation was introduced in 2018, the aim was to create uniformprotection for privacy in personal data. Despite this, there is still a lack of trust among manyusers about how companies actually process their personal data. This highlights the need fornew methods and tools that can support companies to handle personal data in an ethical andresponsible manner. Based on a theoretical and relational framework for ethics of care, thisstudy developed a set of questions to emphasize ethical reflection in the development ofdata-driven services. Through a design exploratory perspective, the set of questions weredeveloped during iterations, and through two workshops as research methods. The workshopsessions were conducted with researchers from Sweden's research institute as well asrepresentatives from two pseudonymous companies that collaborate in collecting citizens'location data. The result showed that the question package fulfilled different functions ofpromoting care, and thus ethical reflection around the handling of personal data. Theparticipants were aware of the ethical challenges that exist when collecting users' locationdata, based on users' needs. The participants had the ability to illuminate these challengesthemselves, but did not know how to respond to the challenges in practice.

Care

ethics

tools

responsibility

decision making

critical reflection

discussion

GDPR

data

personal data

location data

workshop

Omsorg

etik

verktyg

ansvar

beslutsfattande

kritisk reflektion

diskussion

GDPR

data

persondata

platsdata

workshop

Computer Sciences

Datavetenskap (datalogi)

La portabilité des données personnelles des consommateurs, ses aspects juridiques dans l'Union européenne, au Canada et au Québec : applications, possibilités et risques

da Silva Amorim Boueres, João Flávio

04 1900

La portabilité des données personnelles des consommateurs est encore une question récente dans le domaine de la protection de la vie privée. Parmi les normes étudiées dans ce travail, le Règlement Général sur la Protection des Données a été le premier à aborder la portabilité et le concept qu'il a établi guide d'autres législations, telles que celles du Québec et du Canada. L'objet de ce mémoire est de discuter de la mise en œuvre de ce nouveau droit lié aux technologies de l'information et à la circulation des données personnelles, en se concentrant sur les consommateurs et les entreprises qui feront partie de la portabilité des données personnelles. Cette étude est divisée en trois chapitres. Le premier explore les concepts de base liés au droit à la portabilité, tels que les données personnelles, les données liées à la relation avec le consommateur, la conceptualisation de la portabilité, son application et des exemples d'opérabilité. Le deuxième chapitre décrit comment le droit à la portabilité a été adopté dans la législation de l'Union européenne, dans le projet de loi fédérale actuellement examiné par le Parlement canadien et dans la nouvelle loi québécoise. La troisième traite de la mise en œuvre de la portabilité. Elle aborde le point de vue des entreprises, le maintien de la portabilité en tant que droit, le besoin de régulation, l'interopérabilité et les risques. / The portability of consumers' personal data is still a recent subject in the field of privacy protection. Among the standards studied in this work, the General Data Protection Regulation was the first to address portability and the concept it established guides other legislation, such as that of Quebec and Canada. The purpose of this dissertation is to discuss the implementation of this new right linked to information technologies and the circulation of personal data, focusing on the consumers and businesses that will be affected by the portability of personal data. This study is divided into three chapters. The first explores the basic concepts related to the right to portability, such as personal data, data related to the relationship with the consumer, the conceptualisation of portability, its application and examples of operability. The second chapter describes how the right to portability has been adopted in European Union legislation, in the federal bill currently before the Canadian Parliament and in the new Quebec law. The third deals with the implementation of portability. It addresses the point of view of businesses, the maintenance of portability as a right, the need for regulation, interoperability, and risks.

Portabilité

Données personnelles

Vie privée

Projet de loi 64

Projet de loi C-27

GDPR

Interopérabilité

Portability

Personal data

Privacy

Bill 64

Bill C-27

RGPD

Interoperability

Law / Droit (UMI : 0398)