Global ETD Search

131	Publicité comportementale en ligne : analyse de la complexité et de l’encadrement juridique applicable au secteur privé au Québec et au Canada Poirier, Isabel 04 1900 (has links) Le présent mémoire traite de la publicité comportementale en ligne (ci-après « PCL ») suite à la récente et importante vague de resserrements législatifs, des décisions judiciaires et enquêtes du CPVP, ainsi qu’aux récentes modifications technologiques impactant les pratiques de PCL. À la manière d’un guide, il y est recensé, décrit et analysées les obligations des entreprises participants à la PCL sous l’angle du droit à la vie privée et à la protection des renseignements personnels. Les enjeux et les principales zones d’ombre problématiques y sont identifiés et analysés, tel le critère de nécessité, l’exigence d’anonymisation et l’obligation de consentement, en incluant les enseignements des récentes décisions et enquêtes du CPVP. Une comparaison avec le cadre règlementaire de l’Union européenne est proposée sur certains points jugés plus pertinents. Le présent mémoire inclut une réflexion non seulement sur les obligations clés et leur évolution récente et rapide au Québec et au Canada dans un contexte de resserrement à l’international, mais également sur la PCL en soi en émettant des questionnements et des pistes de réflexion pour l’amélioration des pratiques. Ainsi, ce mémoire contient un volet pratique prononcé et un volet théorique qui se nourrissent l’un de l’autre. La partie I est un état des lieux où sont mises en lumière la complexité factuelle et juridique entourant la PCL, incluant une observation et une réflexion sur les interactions entre les différents acteurs (organisations, organismes d’autoréglementation, autorités de contrôle) et leur rôle dans la création et l’évolution des normes formelles et informelles. La partie II est consacrée à l’analyse des principales obligations incombant aux entreprises du secteur privé participant à la PCL en vertu de la LPRPDE et du Projet de loi C-27 au fédéral ainsi que des récentes modifications apportées par la Loi 25 au Québec en matière de protection des renseignements personnels. Finalement, la partie III propose une analyse de l’exercice de contrôle de l’utilisateur et des limites du consentement. / This master’s thesis is about online behavioral advertising (hereafter “OBA”). Like a guide, it lists, describes and analyzes the obligations of companies participating in the OBA from the perspective of the right to privacy and the protection of personal information. The issues and the main problematic gray areas are identified and analyzed, such as the criterion of necessity, the requirement of anonymization and the obligation of consent, including the lessons of recent decisions and investigations by the OPC. A comparison with the regulatory framework of the European Union is proposed on certain points deemed more relevant. This thesis includes a reflection not only on the key obligations and their recent and rapid evolution in Quebec and Canada in a context of international tightening, but also on the OBA itself by raising questions and lines of thought for improving practices. Thus, this dissertation contains a pronounced practical component and a theoretical component which feed off each other. Part I is an inventory highlighting the factual and legal complexity surrounding the OBA, including an observation and reflection on the interactions between the different actors (organizations, self-regulatory bodies, supervisory authorities) and their role in the creation and evolution of formal and informal norms. Part II is devoted to the analysis of the main obligations incumbent on private sector companies participating in the OBA under PIPEDA and draft law C-27 at the federal level and Bill 25 in Quebec with regards to the protection of personal information. Finally, Part III analyzes the exercise of user control and the limits of consent. Publicité comportementale en ligne Ciblage publicitaire Droit à la vie privée Protection des renseignements personnels Online behavioral advertising Interest-based advertising Targeted advertising Privacy Protection of personal information Information technology law Law / Droit (UMI : 0398)
132	La protection du droit à la vie privée à l’ère de l’intelligence artificielle Blouin, Noémie 04 1900 (has links) Dans plusieurs juridictions comme le Québec, la vie privée est considérée comme un droit humain fondamental. Toutefois, la portée de ce droit est complexe et elle varie en fonction de plusieurs facteurs, notamment sociaux et technologiques. Ainsi, au cours des dernières décennies, le concept de vie privée a connu d’importants changements, notamment avec l’avènement d’Internet, qui rejoint désormais des milliards d’utilisateurs à travers le globe. Avec la convergence des nouvelles technologies, les organisations privées et publiques détiennent de plus en plus d’information sur les individus. Il est désormais possible de suivre tous les déplacements, les comportements et les préférences d’une personne, bien souvent à son insu. L’intelligence artificielle, qui se nourrit de ces données, a pour sa part conduit à de nouvelles façons d’analyser rapidement des masses d’information sous diverses formes et même d’inférer de nouveaux renseignements encore plus sensibles. Ainsi, les données massives et les puissantes capacités de corrélation des outils d’intelligence artificielle remettent en cause la frontière entre la vie privée et la vie publique. L’objectif de ce mémoire est donc d’abord de comprendre l’incidence que l’intelligence artificielle peut avoir sur la vie privée. Il s’agira ensuite d’exposer les raisons pour lesquelles nous sommes d’avis que le modèle de protection privilégié par le législateur québécois, basé sur la protection des renseignements personnels, s’avère insuffisant pour protéger la vie privée au sens large du terme. Puis, nous analyserons les avenues législatives potentielles afin de garantir la protection de ce droit. / In several jurisdictions such as Quebec, privacy is considered a fundamental human right. However, the scope of this right is complex and varies according to several factors, including social and technological ones. Thus, in recent decades, the concept of privacy has undergone significant changes, particularly with the advent of the Internet, which now reaches billions of users across the globe. With the convergence of new technologies, private and public organizations hold more and more information about individuals. It is now possible to follow all the movements, behaviors and preferences of a person, often without this person’s knowledge. Artificial intelligence, which feeds on data, has for its part led to new ways of rapidly analyzing masses of information in various forms and even inferring new, even more sensitive information. Thus, massive data and the powerful correlation capabilities of artificial intelligence tools challenge the boundary between private life and public life. Therefore, this thesis aims to understand the impact that artificial intelligence can have on privacy. We will then present the reasons why, in our opinion, the protection model favored by the Quebec legislator, based on the protection of personal information, is insufficient to protect privacy in the broad sense of the term. Finally, we will analyze the potential legislative avenues to guarantee the protection of this right. Vie privée Intelligence artificielle Nouvelles technologies Données massives Renseignements personnels Protection Surveillance Cadre normatif Privacy Artificial intelligence New technologies Big data Personal information Surveillance Protection Normative framework
133	Development of a diagnostic instrument and privacy model for student personal information privacy perceptions at a Zimbabwean university Maguraushe, Kudakwashe 05 1900 (has links) Orientation: The safety of any natural being with respect to the processing of their personal information is an essential human right as specified in the Zimbabwe Data Protection Act (ZDPA) bill. Once enacted, the ZDPA bill will affect universities as public entities. It will directly impact how personal information is collected and processed. The bill will be fundamental in understanding the privacy perceptions of students in relation to privacy awareness, privacy expectations and confidence within university. These need to be understood to give guidelines to universities on the implementation of the ZPDA. Problem Statement: The current constitution and the ZDPA are not sufficient to give organisations guidelines on ensuring personal information privacy. There is need for guidelines to help organisations and institutions to implement and comply with the provisions of the ZDPA in the context of Zimbabwe. The privacy regulations, regarded as the three concepts (awareness, expectations and confidence), were used to determine the student perceptions. These three concepts have not been researched before in the privacy context and the relationship between the three concepts has not as yet been established. Research purpose: The main aim of the study was to develop and validate an Information Privacy Perception Survey (IPPS) diagnostic tool and a Student Personal Information Privacy Perception (SPIPP) model to give guidelines to universities on how they can implement the ZDPA and aid universities in comprehending student privacy perceptions to safeguard personal information and assist in giving effect to their privacy constitutional right. Research Methodology: A quantitative research method was used in a deductive research approach where a survey research strategy was applied using the IPPS instrument for data collection. The IPPS instrument was designed with 54 items that were developed from the literature. The preliminary instrument was taken through both the expert review and pilot study. Using the non-probability convenience sampling method, 287 students participated in the final survey. SPSS version 25 was used for data analysis. Both descriptive and inferential statistics were done. Exploratory factor analysis (EFA) was used to validate the instrument while confirmatory factor analysis (CFA) and the structural equation modelling (SEM) were used to validate the model. Main findings: diagnostic instrument was validated and resulted in seven new factors, namely university confidence (UC), privacy expectations (PE), individual awareness (IA), external awareness (EA), privacy awareness (PA), practice confidence (PC) and correctness expectations (CE). Students indicated that they had high expectations of the university on privacy. The new factors showed a high level of awareness of privacy and had low confidence in the university safeguarding their personal information privacy. A SPIPP empirical model was also validated using structural equation modelling (SEM) and it indicated an average overall good fit between the proposed SPIPP conceptual model and the empirically derived SPIPP model Contribution: A diagnostic instrument that measures the perceptions (privacy awareness, expectations and confidence of students) was developed and validated. This study further contributed a model for information privacy perceptions that illustrates the relationship between the three concepts (awareness, expectations and confidence). Other universities can use the model to ascertain the perceptions of students on privacy. This research also contributes to improvement in the personal information protection of students processed by universities. The results will aid university management and information regulators to implement measures to create a culture of privacy and to protect student data in line with regulatory requirements and best practice. / School of Computing / Ph. D. (Information Systems) Confirmatory factor analysis Correctness expectations Diagnostic instrument Exploratory factor analysis External awareness Individual awareness Practice confidence Perceptions Personal information Privacy Privacy education Privacy expectations Instrument Structural equation modelling University confidence 005.807116891 Zimbabwe Data Protection Act
134	An Information Privacy Examination of the Practices of Pharmaceutical Companies Regarding Use of Information Collected Through Their Websites Brown, Shonda Dellena 01 May 2015 (has links) Consumers have begun to take a more proactive approach to their healthcare by accessing pharmaceutical companies Websites to obtain health and drug information, support groups, rebates, coupons, as well as free drug trials. In exchange for these benefits, companies require consumers to voluntarily disclose information. However, research has shown that consumers continue to be concerned about how their information is managed, used, and distributed by companies, especially if accessed via the Web. To date, there has been limited empirical research to examine the actual online practices of companies when it comes to privacy, especially those of pharmaceutical companies. Using Delphi expert panel process, the components of a benchmarking index were identified to examine the documented and actual online practices of 100 Website registrations with pharmaceutical companies. The evolution for the development of an index to measure the personal information privacy violations of pharmaceutical companies is presented. Second, empirical evidence is provided regarding the magnitude of voluntary adherence to the Fair Information Practices (FIPs) by pharmaceutical companies based upon the personal information privacy violations. The results revealed that companies with headquarters in Europe had fewer personal information privacy violations than those in Asia, UK, and the US. Moreover, the results indicate that fewer personal information privacy violations occur for chronic conditions than for non-chronic conditions, as well as fewer violations occur with Website registrations for updates than for discounts. Finally, both Europe and UK demonstrated more overall adherence to FIPs than the US and Asia. This suggests that self-regulation may not be sufficient, while more enforcement may be necessary to decrease personal information privacy violations. Consumer Control Fair Information Practices Information Privacy Information Sharing Personal Information Privacy Violations Privacy Policy Information science Organizational behavior Marketing Computer Sciences Health Information Technology Marketing Medicine and Health Sciences Organizational Behavior and Theory Pharmacy and Pharmaceutical Sciences
135	The human element in information security : an analysis of social engineering attacks in the greater Tshwane area of Gauteng, South Africa Van Rensburg, Kim Shandre Jansen 06 1900 (has links) Criminology and Security Science / D. Litt. et Phil. (Criminology) Criminological theories Hacking Impersonation Information security Personal information Phishing Privacy Risk Social engineering Social networks Threat Vulnerability Multi-inter-transdisciplinary (MIT) 005.80968227
136	The right to privacy and identity on social network sites : a comparative legal perspective Skosana, Milton Themba 12 April 2018 (has links) This study focuses on the use of Social Network Sites (SNSs) and certain personality rights (specifically the right to privacy and the right to identity) that may be infringed by this use. The study also discusses data protection law as the protection of the rights to privacy and identity are interlinked with data protection in that data protection assumes importance when there is processing of personal information on SNSs. The study seeks to determine whether South African law provides adequate protection for the interests that form the object of these personality rights, and highlights certain shortcomings, particularly in the context of SNSs. It also suggests solutions where there are shortcomings by learning from other jurisdictions. Related issues investigated are: who should be held responsible for the user-generated content uploaded on SNSs; the role of the Internet Service Provider (ISP); and how to deal with anonymous defendants. / Private Law / LL. M. Anonymous user Discovery Data law Protection of personal information Social network sites Social media Right to privacy Right to identity Internet service provider liability 342.858068 Privacy, Right of -- South Africa Liability (Law) -- South Africa
137	健康資料之個人資料類別屬性研究──以IoT設備之蒐集、處理或利用為中心 / A Study on Personal Health Data Attributes: Focus on the Data Collection, Process or Use of IoT Device 張幼文, Chang, Yu Wen Unknown Date (has links) 我國於2015年底通過新修正之個人資料保護法（以下簡稱「個資法」），將病歷納入特種個人資料中保護。目前個資法第六條特種個人資料列舉包含病歷、醫療、基因、性生活、健康檢查及犯罪前科之個人資料。雖然該條文係取法自國際賦予敏感性個人資料特別保護的模式，惟在個人相關健康資料保護部分，我國個資法不若歐盟一般資料保護規則（EU General Data Protection Regulation, GDPR）保護寬廣，納入資料之類型仍較國際立法例狹窄。尤其此次GDPR修法擴大特種個人資料空間，增列基因資料、生物性資料和性傾向，檢視我國特種個人資料列舉類型是否符合現今科技社會需求有其必要性。過去研究針對健康資料個資法適用問題較少。大數據資料來源來自各處，以一般健康保健物聯網模式為例，自行操作之檢查數據或穿戴式裝置所蒐集之資料，若非須由醫師或其他之醫事人員施以檢查，而可由一般民眾自行測量之行為，該民眾自行測量之結果應不屬於個資法所謂之病歷、醫療或健康檢查個人資料，即非為特種個人資料。惟大數據分析技術進步之環境下，健康資料亦攸關資料主體生理健康之敏感性，且容易連結並識別個人，考量健康資料敏感性提升，蒐集、處理、利用健康資料易侵犯到個人隱私，因此有加強保護之需求。將來可刪除個資法第六條第一項各種個人資料例示之「醫療」、「病歷」與「健康」資料，並新增「健康」或「與健康相關」之列舉項目。但解釋「與健康相關」資料之內涵時不能無限上綱，在適用時應考量情境說，依據不同使用情境判斷是否為係作為特種個人資料利用，以排除一般性描述健康的使用情境。 / The change to the regulation of special categories of data (sensitive data) in the Taiwan Personal Information Protection Act (PIPA) in 2015 comes with the inclusion of medical records. The definition of sensitive data in the PIPA Article 6(1) refers to personal information of medical records, medical treatment, genetic information, sexual life, health examination and criminal records. However, the list of sensitive data in PIPA do not contain categories as broad as foreign legislation such as EU General Data Protection Regulation (GDPR). It is important to review the continuing relevance of existing categories of sensitive data in the light of change in social structures and advances in technology. Differ from “medical data” such as medical records, medical treatment and health examination, the collection, process and use of “health data” which is measured from wearable device, is not included in the sensitive data. Concerning the development of big data analysis, the “health data” which sensitivity enhanced is easy to identify an individual. It needs to give a higher level of protection to “health data” under PIPA. Therefore, this thesis suggests that medical records, medical treatment and health examination in PIPA Article 6(1) should be consolidated and amended to health records or data concerning health. However, this is not to say that the processing of all kinds of medical and health data should be regarded as the processing of sensitive data. But data, under certain contexts/circumstances may be treated as the processing of sensitive data. 個人資料保護法特種個人資料敏感性資料健康資料大數據物聯網 Personal information protection act Special categories of data Sensitive data Health data Big data Internet of Things
138	Redefining personal information in the context of the Internet Gratton, Eloïse 10 1900 (has links) Réalisée en cotutelle avec l'Université de Panthéon-Assas (Paris II) / Vers la fin des années soixante, face à l’importance grandissante de l’utilisation des ordinateurs par les organisations, une définition englobante de la notion de donnée personnelle a été incorporée dans les lois en matière de protection de données personnelles (« LPDPs »). Avec Internet et la circulation accrue de nouvelles données (adresse IP, données de géolocalisation, etc.), il y a lieu de s’interroger quant à l’adéquation entre cette définition et cette réalité. Aussi, si la notion de donnée personnelle, définie comme étant « une donnée concernant un individu identifiable » est toujours applicable à un tel contexte révolutionnaire, il n’en demeure pas moins qu’il importe de trouver des principes interprétatifs qui puissent intégrer ces changements factuels. La présente thèse vise à proposer une interprétation tenant compte de l’objectif recherché par les LPDPs, à savoir protéger les individus contre les risques de dommage découlant de la collecte, de l’utilisation ou de la divulgation de leurs données. Alors que la collecte et la divulgation des données entraîneront surtout un risque de dommage de nature subjective (la collecte, un sentiment d’être sous observation et la divulgation, un sentiment d’embarras et d’humiliation), l’utilisation de ces données causera davantage un dommage objectif (dommage de nature financière, physique ou discriminatoire). La thèse propose plusieurs critères qui devraient être pris en compte pour évaluer ce risque de dommage ; elle servira de guide afin de déterminer quelles données doivent être qualifiées de personnelles, et fera en sorte que les LPDPs soient le plus efficaces possibles dans un contexte de développements technologiques grandissants. / In the late sixties, with the growing use of computers by organizations, a very broad definition of personal information as “information about an identifiable individual” was elaborated and has been incorporated in data protection laws (“DPLs”). In more recent days, with the Internet and the circulation of new types of information (IP addresses, location information, etc), the efficiency of this definition may be challenged. This thesis aims at proposing a new way of interpreting personal information. Instead of using a literal interpretation, an interpretation which takes into account the purpose behind DPLs will be proposed, in order to ensure that DPLs do what they are supposed to do: address or avoid the risk of harm to individuals triggered by organizations handling their personal information. While the collection or disclosure of information may trigger a more subjective kind of harm (the collection, a feeling of being observed and the disclosure, embarrassment and humiliation), the use of information will trigger a more objective kind of harm (financial, physical, discrimination, etc.). Various criteria useful in order to evaluate this risk of harm will be proposed. The thesis aims at providing a guide that may be used in order to determine whether certain information should qualify as personal information. It will provide for a useful framework under which DPLs remain efficient in light of modern technologies and the Internet. Définition Renseignement personnel Donnée personnelle Protection Vie privée Risque de dommage Interprétation Definition Personal information Personal Data Data protection Privacy Internet Risk of harm Interpretation Purpose of data protection laws
139	When data crimes are real crimes: voter surveillance and the Cambridge Analytica conflict Gordon, Jesse 28 August 2019 (has links) This thesis asks what conditions elevated the Cambridge Analytica (CA) conflict into a sustained and global political issue? Was this a privacy conflict and if so, how was it framed as such? This work demonstrates that the public outcry to CA formed out of three underlying structural conditions: The rise of the alt-right as an ideology, surveillance capitalism, and a growing and unregulated voter analytics industry. A network of actors seized the momentum of this conflict to drive the message that voter surveillance is a threat to democratic elections. These actors humanized the CA conflict and created a catalyst for a large scale public outrage to these previously ignored structures. Their focus on democratic threat also allowed this conflict to transcend the typical contours of a privacy conflict and demonstrate that the consequences of CA are societal, rather than personal. Despite the democratic threat of voter surveillance, Canada and the United States have yet to address the wider implications of voter surveillance adequately. Thus, how these systems are used will be a question of central importance in upcoming elections. / Graduate Cambridge Analytica Voter Surveillance Big data Privacy Surveillance alt-right Political marketing Elections Campaign 2016 election Donald Trump democracy SCL Privacy Advocates democratic threat politics Facebook social media psychographics democratic erosion Graph API v1.0 Personal Information data crimes data regulators political party Republican Democratic Party Voter analytics mydigitallife app frames data broker Micro-targeting
140	Posmrtný život dat: analýza vývoje přístupu sociálních sítí k posmrtným datům uživatelů / Afterlife of digital user data: analysis of evolution of posthumous data policies on social media Fléglová, Radka January 2021 (has links) This diploma thesis focuses on the topic of posthumous user data management concerning social media platforms. This topic is rarely discussed from the viewpoint of new media studies in academic literature. My thesis endeavours to unveil, contextualize, and critically assess the development of the posthumous data policies in order to uncover the level of control users and survivors have over the deceased users' data. Thus, three case studies of chronological posthumous policy development of major social media (Facebook, Twitter, and LinkedIn) were conducted and results were compared. The analysis has shown that platforms are rather reluctant to change their posthumous policies. One of the primary triggers for change comes from the users' feedback. Across all three cases every platform provided limited or no information about these policies in their terms of use or privacy policies. The case studies demonstrated that users have very limited choices regarding their data after death directly on the examined social media platforms. Individuals who were close to the deceased account users have the ability to request account deletion or have limited access to the account granted by the platform. The level of data preservation demanded by platforms seems dependent on a given social media's communication specificity...

Search results