A public interest approach to data protection law : the meaning, value and utility of the public interest for research uses of data

Stevens, Leslie Anne

January 2017

Due to legal uncertainty surrounding the application of key provisions of European and UK data protection law, the public interest in protecting individuals’ informational privacy is routinely neglected, as are the public interests in certain uses of data. Consent or anonymisation are often treated as the paradigmatic example of compliance with data protection law, even though both are unable to attend to the full range of rights and interests at stake in data processing. Currently, where data processing may serve a realisable public interest, and consent or anonymisation are impracticable (if not impossible to obtain) the public interest conditions to processing are the rational alternative justifications for processing. However, the public interest conditions are poorly defined in the legislation, and misunderstood and neglected in practice. This thesis offers a much-needed alternative to the predominant consent-or-anonymise paradigm by providing a new understanding of the public interest concept in data protection law and to suggest a new approach to deploying the concept in a way that is consistent with the protective and facilitative aims of the legislation. Through undertaking legislative analysis new insight is provided on the purpose of the public interest conditions in data protection law, revealing critical gaps in understanding. By engaging with public interest theory and discovering the conceptual contours of the public interest, these gaps are addressed. Combined with the insight obtained from the legislative history, we can determine the reasonable range of circumstances and types of processing where it may be justifiable to use personal data based on the public interest. On this basis, and to develop a new approach for deploying the concept, other legal uses of the public interest are examined. The lessons learned suggest legislative and procedural elements that are critical to successful deployment of the public interest concept in data protection. The thesis concludes with the identification of key components to allow a clearer understanding of the public interest in this field. Further, these insights enable recommendations to be made, to reform the law, procedure and guidance. In doing so, the concept of the public interest can be confidently deployed in line with the aims of data protection law, to both protect and facilitate the use of personal data.

Privacy-aware Linked Widgets

Fernandez Garcia, Javier D., Ekaputra, Fajar J., Aryan, Peb Ruswono, Azzam, Amr, Kiesling, Elmar

January 2019

The European General Data Protection Regulation (GDPR) brings new challenges for companies, who must demonstrate that their systems and business processes comply with usage constraints specified by data subjects. However, due to the lack of standards, tools, and best practices, many organizations struggle to adapt their infrastructure and processes to ensure and demonstrate that all data processing is in compliance with users' given consent. The SPECIAL EU H2020 project has developed vocabularies that can formally describe data subjects' given consent as well as methods that use this description to automatically determine whether processing of the data according to a given policy is compliant with the given consent. Whereas this makes it possible to determine whether processing was compliant or not, integration of the approach into existing line of business applications and ex-ante compliance checking remains an open challenge. In this short paper, we demonstrate how the SPECIAL consent and compliance framework can be integrated into Linked Widgets, a mashup platform, in order to support privacy-aware ad-hoc integration of personal data. The resulting environment makes it possible to create data integration and processing workflows out of components that inherently respect usage policies of the data that is being processed and are able to demonstrate compliance. We provide an overview of the necessary meta data and orchestration towards a privacy-aware linked data mashup platform that automatically respects subjects' given consents. The evaluation results show the potential of our approach for ex-ante usage policy compliance checking within the Linked Widgets Platforms and beyond.

Privacy; GDPR; Compliance; Linked Data

Arquitetura de ambientes de IPTV com serviços de privacidade. / Architecture for IPTV environments with privacy services.

Fernando Frota Redígolo

25 July 2008

A crescente digitalização das mídias, disponibilidade de banda larga e convergência tecnológica possibilitam o surgimento de novos serviços, como o IPTV (Internet Protocol TeleVision), que visa disponibilizar serviços de televisão via TCP/IP sobre uma rede de banda larga privativa. Sem os devidos cuidados, entidades ou indivíduos monitorando o tráfego deste serviço passam a ter uma maior quantidade de informações sobre os indivíduos que os utilizam, muitas vezes violando a privacidade dos mesmos em um ambiente no qual tradicionalmente não há esta preocupação, como a sala de estar ou outro ambiente doméstico. O objetivo deste trabalho é propor uma arquitetura de IPTV que apresente mecanismos capazes de garantir um nível de privacidade maior do que o existente em sistemas de IPTV tradicionais, de maneira a inviabilizar para um observador o correlacionamento entre um usuário do serviço e os conteúdos por ele assistidos. / The increase in media digitalization, broadband availability and technological convergence, allows new services, such as the IPTV (Internet Protocol Television) service, which offers television-related services over a private broadband TCP/IP network. Without proper care, entities or individuals monitoring these services traffic obtain a large amount of information on the service users, and could violate their privacies in an environment in which traditionally there is no such preoccupation, like in a living-room or another domestic environment. The goal of this work is to propose an IPTV architecture capable of guaranteeing a higher privacy level than the existing in traditional IPTV systems, so that it is not viable for an observer to correlate a service user with the content he/she watches.

Privacidade

Redes multimídia

IPTV

Privacy

A Privacy Conscious Bluetooth Infrastructure for Location Aware Computing

Huang, Albert, Rudolph, Larry

01 1900

We present a low cost and easily deployed infrastructure for location aware computing that is built using standard Bluetooth® technologies and personal computers. Mobile devices are able to determine their location to room-level granularity with existing bluetooth technology, and to even greater resolution with the use of the recently adopted bluetooth 1.2 specification, all while maintaining complete anonymity. Various techniques for improving the speed and resolution of the system are described, along with their tradeoffs in privacy. The system is trivial to implement on a large scale – our network covering 5,000 square meters was deployed by a single student over the course of a few days at a cost of less than US$1,000. / Singapore-MIT Alliance (SMA)

bluetooth

location aware computing

privacy

Social-based trustworthy data forwarding in vehicular delay tolerant networks

Alganas, Abdulelah

01 March 2011

Vehicular ad hoc network (VANET) is an emerging new communication technol-ogy which has attracted a lot of research attention from academic community and indus-try. For many applications in VANETs, information has to be transmitted through mul-tiple hops before it reaches its destination that makes it a subject to various security at-tacks and privacy breaches. Thus, security and privacy issues could limit its adaption by the public community. In this study, we propose and evaluate social based trustworthy data forwarding scheme for VANET. First, by using social network analysis techniques, we provide a framework to strategically deploy Road-Side Units (RSUs) infrastructure in order to im-prove reliability, efficiency, and high packet delivery for VANET. It is based on multiple social centrality assessments of street network which help in placing RSUs at high social intersections. This social placement of RSUs will dramatically improve data dissemina-tion as the opportunity of contacting vehicles increase while costs of RSU deployment can be kept under control. Second, we propose a secure and privacy-preserving message forwarding protocol, which utilizes RSUs to forward messages between vehicles. The protocol takes advantage of high performance capability of RSUs to store and forward messages to their destinations, where these RSUs utilize re-encryption technique to form a mix network to provide adequate privacy for senders and receivers. Then detailed anal-ysis in terms of security, message overhead, delivery ratio, and average delay are per-formed to evaluate the efficiency and effectiveness of our proposed scheme. Lastly, we tackled the security and privacy challenges existing in social-aware data diffusion by proposing an efficient vehicle social evaluation (EVSE) scheme. Our scheme enables each vehicle to show its authentic social evaluation to others while not disclosing its past location information. As a result, it can meet the prerequisites for the success of social aware data diffusion in VANETs. / UOIT

VANET

RSU

Privacy

Security

DTN

"'Tis set down so in heaven, but not in earth" : political theology in measure for measure

Goossen, Jonathan T

13 September 2006

One of Measure for Measures central concerns is the changing shape of political theology in Shakespeares England. From its origin until the high middle ages, Christian thought had described the work of the church (the care of souls) and that of the state (the maintenance of the common good) as complementary but essentially different tasks. This division implicitly separated and held in tension the private spiritual obligations of the individual Christian and the public duty of the Christian ruler. This understanding fell under fire in the late middle ages, however, first from the papacy and then from Protestant reformers.<p>Shakespeares Lord Angelo is often linked with this latter groups Puritan faction in England, which was known for its demand that the state enforce private Christian virtue (primarily sexual) as public law. The Duke Vincentio has frequently been described as representative of the more moderate Reformed political thought of Elizabeth I and James I. <p>This thesis argues that in both assuming the disguise of a priest and insisting that a magistrates judgments are only valid if he is himself innocent of the condemneds crime, the Duke shares Angelos and thus the Puritans rejection of the traditional division between the private and public obligations of a Christian ruler. Act V particularly reveals both the similarities between Angelo and the Duke and the fundamental problems of their approach to law. In the end, Isabella is not simply the student of the Dukes political theology but rather the exemplar of how the traditional distinction between the roles of church and state and an individuals private and public moral obligations better defends both personal freedom and the common good.

Shuger

Shakespeare

James I

privacy

"'Tis set down so in heaven, but not in earth" : political theology in measure for measure

Goossen, Jonathan T

13 September 2006

One of Measure for Measures central concerns is the changing shape of political theology in Shakespeares England. From its origin until the high middle ages, Christian thought had described the work of the church (the care of souls) and that of the state (the maintenance of the common good) as complementary but essentially different tasks. This division implicitly separated and held in tension the private spiritual obligations of the individual Christian and the public duty of the Christian ruler. This understanding fell under fire in the late middle ages, however, first from the papacy and then from Protestant reformers.<p>Shakespeares Lord Angelo is often linked with this latter groups Puritan faction in England, which was known for its demand that the state enforce private Christian virtue (primarily sexual) as public law. The Duke Vincentio has frequently been described as representative of the more moderate Reformed political thought of Elizabeth I and James I. <p>This thesis argues that in both assuming the disguise of a priest and insisting that a magistrates judgments are only valid if he is himself innocent of the condemneds crime, the Duke shares Angelos and thus the Puritans rejection of the traditional division between the private and public obligations of a Christian ruler. Act V particularly reveals both the similarities between Angelo and the Duke and the fundamental problems of their approach to law. In the end, Isabella is not simply the student of the Dukes political theology but rather the exemplar of how the traditional distinction between the roles of church and state and an individuals private and public moral obligations better defends both personal freedom and the common good.

Shuger

Shakespeare

James I

privacy

Anonymous, authentic, and accountable resource management based on the E-cash paradigm

Lam, Tak Cheung

15 May 2009

The prevalence of digital information management in an open network has driven the need to maintain balance between anonymity, authenticity and accountability (AAA). Anonymity allows a principal to hide its identity from strangers before trust relationship is established. Authenticity ensures the correct identity is engaged in the transaction even though it is hidden. Accountability uncovers the hidden identity when misbehavior of the principal is detected. The objective of this research is to develop an AAA management framework for secure resource allocations. Most existing resource management schemes are designed to manage one or two of the AAA attributes. How to provide high strength protection to all attributes is an extremely challenging undertaking. Our study shows that the electronic cash (E-cash) paradigm provides some important knowledge bases for this purpose. Based on Chaum-Pederson’s general transferable E-cash model, we propose a timed-zero-knowledge proof (TZKP) protocol, which greatly reduces storage spaces and communication overheads for resource transfers, without compromising anonymity and accountability. Based on Eng-Okamoto’s general divisible E-cash model, we propose a hypercube-based divisibility framework, which provides a sophisticated and flexible way to partition a chunk of resources, with different trade-offs in anonymity protection and computational costs, when it is integrated with different sub-cube allocation schemes. Based on the E-cash based resource management framework, we propose a privacy preserving service oriented architecture (SOA), which allows the service providers and consumers to exchange services without leaking their sensitive data. Simulation results show that the secure resource management framework is highly practical for missioncritical applications in large scale distributed information systems.

Security

Privacy

Resource Management

E-cash

Changes in use and perception of privacy : exploring differences between heavy and light users of Facebook

Oz, Mustafa, M.A. in Journalism

05 November 2012

Information privacy is a paradoxical issue. Especially after Facebook, information privacy has become more important than before. College student Facebook users share a great deal of information on Facebook, and Facebook collects users’personal information. Users’ personal information on Facebook is linked to their identity; therefore negative consequences (privacy problems) have become possible on Facebook. This study focused on college students’ privacy concerns and awareness of privacy issues and settings. Moreover, heavy and light users’ privacy concerns were compared in this study. According to the survey results, privacy is still important to Facebook users and different privacy concerns exist among heavy and light users. Results also show that privacy on Facebook is not a simple thing. It is related to identity construction, users’ experience, and awareness of privacy implications. / text

Facebook

Privacy

Social network sites

Social Networking And The Employment Relationship: Is Your Boss Creeping Up On You?

Keliher, Michael

23 August 2012

There are currently over 900 million Facebook users worldwide (and counting). With increased use of social networking comes new concerns for personal privacy and control of social networking information. More and more, Facebook activity trickles its way into offline contexts, perhaps none more so than the employment context. A new trend in the hiring process is social networking background checks, where some employers go so far as to request a candidate’s Facebook password. Not only this, but the frequency of Facebook activity resulting in employment law disputes is increasing, and has even been found to constitute sufficient grounds for discipline and termination. This thesis examines the current privacy protection given to social networking information in the context of the employment relationship, highlights problems with the current legal landscape in this regard, and offers an emerging theory, New Virtualism, as a conceptual basis for the regulation of this issue going forward.