Your Data Is My Data: A Framework for Addressing Interdependent Privacy Infringements

Kamleitner, Bernadette, Mitchell, Vince

January 2019

Everyone holds personal information about others. Each person's privacy thus critically depends on the interplay of multiple actors. In an age of technology integration, this interdependence of data protection is becoming a major threat to privacy. Yet current regulation focuses on the sharing of information between two parties rather than multiactor situations. This study highlights how current policy inadequacies, illustrated by the European Union General Data Protection Regulation, can be overcome by means of a deeper understanding of the phenomenon. Specifically, the authors introduce a new phenomenological framework to explain interdependent infringements. This framework builds on parallels between property and privacy and suggests that interdependent peer protection necessitates three hierarchical steps, "the 3Rs": realize, recognize, and respect. In response to observed failures at these steps, the authors identify four classes of intervention that constitute a toolbox addressing what can be done by marketers, regulators, and privacy organizations. While the first three classes of interventions address issues arising from the corresponding 3Rs, the authors specifically advocate for a fourth class of interventions that proposes radical alternatives that shift the responsibilities for privacy protection away from consumers.

Effects of blockchain technology on Sweden's digital healthcare

Ben Basat, Yaël, Ronca, Maja

January 2019

Blockchain technology has recently gained increased attention. Experts praise it as the “new Internet” for goods. The potential of blockchain technology today is undeniable. Yet, initiatives in other areas, outside the financial sector, are slow to evolve. Academic research shows a lack of studies on how blockchain, as a new disruptive innovation could affect the healthcare system. This paper sets out with the ambition to explore how blockchain technology can affect Sweden’s digital healthcare. More specifically, the study is based on a theoretical analysis. By firstly presenting a literature review on the topic, the theoretical framework based on trust theories, digitalization of the healthcare industry, globalization, data ownership and blockchain technology is developed through an analysis of established theoretical developments. The study proceeds from a constructivist perspective, acknowledging that the healthcare industry, with trends such as globalization and data ownership, could potentially be affected from a disruptive new technology such as blockchain. The findings suggest that blockchain technology could find a promising implementation in the healthcare industry, by creating trust for patient data ownership. However, the technology is still shows limitations and vulnerabilities, and thus cannot be applied immediately.

Blockchain technology

Digital healthcare

Trust

Globalization

Data ownership

Economics and Business

Ekonomi och näringsliv

Evaluating the Ownership of Personal data in the Cloud by Optimizing the IT Architecture : Applying a reference architecture to make the ownership of personal data more clear within an organization

Myrsell, Tilda, Hulteberg, Sofie

January 2023

​​Cloud computing is an area that many companies use in order to stay in line with technological development. To keep these systems productive and easily managed, a reference architecture can be used as a framework and also as a manual on how to structure an organization to suit its specific needs and goals. The reference architecture can make it easier to divide responsibility as well as working tasks within an organization. One company facing the challenges that comes with cloud based systems is Vattenfall, one of the biggest energy companies in Europe. An organization like Vattenfall handles a great load of customer data which is to be controlled and protected in every way. In order to keep on making sure that these systems are efficient and secure, a reference architecture could be a helpful tool.   ​With the purpose of investigating how a section within Vattenfall’s IT department can use a reference architecture to determine the ownership of customers’ personal data more easily, an interview study was conducted. The interviews focused on evaluation of how employees’ reason when handling customers’ personal data within cloud environments. The reference architecture found most suitable for handling personal data was the international standard ISO/IEC 17789. It describes multiple work roles within cloud computing which can make the process of handling sensitive information clearer and easier. The data collected from the interviews was later applied to this reference architecture in order to see how it can be used in order to more easily divide responsibility. The study could in the end present several recommendations as to how the department should divide responsibilities and raise awareness regarding the topic amongst employees in order to increase data security.   ​Finally, the expected value created from implementing these recommendations and applying the reference architecture to the organization is expected to be high. The thesis concluded that the chosen reference architecture can be applied to the Vattenfall organization. With a few organizational changes, the responsibility regarding customers’ personal data can be divided more easily amongst the employees and the security can be improved. The recommendations presented could benefit the organization and raise awareness of the topic amongst employees.

Cloud computing

reference architecture

personal data

international standard ISO/IEC 17789

data security

data ownership

Computer and Information Sciences

Data- och informationsvetenskap

An investigation of the assumptions that inform contemporary hospital infection control programs.

Macbeth, Deborough Anne

January 2005

The purpose of the study was to investigate the assumptions that underpin contemporary hospital infection control programs from the perspective of the influence of clinical culture on the integration and ownership of the infection control program. The results of numerous studies have linked low levels of adherence with infection control principles amongst health care providers as the most significant factor contributing to nosocomial infection. Despite early successes in reducing nosocomial infection rates, results derived from current research demonstrate that nosocomial infection has remained a challenge to healthcare providers and patients alike and outbreaks are regularly reported in the infection control literature. Serious economic and social impact has resulted from the increasing levels of antibiotic resistance that have been reported amongst pathogens associated with nosocomial infection. This interpretive study takes an ethnographic approach, using multiple data sources to provide insight into the culture and context of infection control practice drawing upon clinicians' work and the clinician's perspective. There were three approaches to data collection. A postal survey of surgeons was conducted, a group of nurses participated in a quality activity, and a clinical ethnography was conducted in an intensive care unit and an operating theatre complex. Data were analysed in accordance with the qualitative and quantitative approaches to data management. Findings indicate that the clinical culture exerts significant influence over the degree to which the infection control program activities change practice and that rather than imposing the infection control program on the clinical practice setting from outside, sustained practice change is more likely to be achieved if the motivation and impetus for change is culturally based. Moreover surveillance, if it is to influence clinicians and their practice, must provide confidence in its accuracy. It must be meaningful to them and linked to patient care outcomes. Contemporary hospital infection control programs, based on assumptions about a combination of surveillance and control activities have resulted in decreased nosocomial infection rates. However, sustained infection control practice change has not been achieved despite the application of a range of surveillance and control strategies. This research project has utilized an ethnographic approach to provide an emic perspective of infection control practice within a range of practice contexts. The findings from this study are significant within the context of spiraling health costs and increasing antibiotic resistance associated with nosocomial infection.

Infection Control

Ethnography

Antisepsis

Health Geography

Space

Infection Surveillance

Clinical Governance

Data Awareness

Data Ownership

Clinical Culture

Technology

Environmental Cues

Emergency Context

Auditable Computations on (Un)Encrypted Graph-Structured Data

Servio Ernesto Palacios Interiano (8635641)

29 July 2020

<div>Graph-structured data is pervasive. Modeling large-scale network-structured datasets require graph processing and management systems such as graph databases. Further, the analysis of graph-structured data often necessitates bulk downloads/uploads from/to the cloud or edge nodes. Unfortunately, experience has shown that malicious actors can compromise the confidentiality of highly-sensitive data stored in the cloud or shared nodes, even in an encrypted form. For particular use cases —multi-modal knowledge graphs, electronic health records, finance— network-structured datasets can be highly sensitive and require auditability, authentication, integrity protection, and privacy-preserving computation in a controlled and trusted environment, i.e., the traditional cloud computation is not suitable for these use cases. Similarly, many modern applications utilize a "shared, replicated database" approach to provide accountability and traceability. Those applications often suffer from significant privacy issues because every node in the network can access a copy of relevant contract code and data to guarantee the integrity of transactions and reach consensus, even in the presence of malicious actors.</div><div><br></div><div>This dissertation proposes breaking from the traditional cloud computation model, and instead ship certified pre-approved trusted code closer to the data to protect graph-structured data confidentiality. Further, our technique runs in a controlled environment in a trusted data owner node and provides proof of correct code execution. This computation can be audited in the future and provides the building block to automate a variety of real use cases that require preserving data ownership. This project utilizes trusted execution environments (TEEs) but does not rely solely on TEE's architecture to provide privacy for data and code. We thoughtfully examine the drawbacks of using trusted execution environments in cloud environments. Similarly, we analyze the privacy challenges exposed by the use of blockchain technologies to provide accountability and traceability.</div><div><br></div><div>First, we propose AGAPECert, an Auditable, Generalized, Automated, Privacy-Enabling, Certification framework capable of performing auditable computation on private graph-structured data and reporting real-time aggregate certification status without disclosing underlying private graph-structured data. AGAPECert utilizes a novel mix of trusted execution environments, blockchain technologies, and a real-time graph-based API standard to provide automated, oblivious, and auditable certification. This dissertation includes the invention of two core concepts that provide accountability, data provenance, and automation for the certification process: Oblivious Smart Contracts and Private Automated Certifications. Second, we contribute an auditable and integrity-preserving graph processing model called AuditGraph.io. AuditGraph.io utilizes a unique block-based layout and a multi-modal knowledge graph, potentially improving access locality, encryption, and integrity of highly-sensitive graph-structured data. Third, we contribute a unique data store and compute engine that facilitates the analysis and presentation of graph-structured data, i.e., TruenoDB. TruenoDB offers better throughput than the state-of-the-art. Finally, this dissertation proposes integrity-preserving streaming frameworks at the edge of the network with a personalized graph-based object lookup.</div>

Applied Computer Science

Distributed Computing

Computer System Security

Open Software

Data Encryption

Database Management

Oblivious Smart Contract

Private Automated Certification

supply chain processes

graph structured data

authentication scheme

data ownership

graph analysis applications

Auditable Computation

encrypted graph-structured data

auditable graph analysis

graph data science

AuditGraph.io

TruenoDB

Graph database

supply chain

auditable graph computation

Blockchain