Search results

In light of the data economy, data protection law is a key legal element for being able to leverage data-driven innovation and is often regarded as a limitation for businesses and service design. Contrasting this traditional view, this chapter argues why designing with privacy in mind is a win-win situation, not only, but especially in the context of data-based services. On the backdrop of new regulations around the globe setting incentives, we show how research in the domain of usable privacy can be leveraged to embed innovative privacy features for customers into digital services as competitive advantage. Building upon these insights, we argue that a well-designed privacy and/or data protection process should be a key element for customer experience management.

Advances in Big Data, artificial Intelligence and data-driven innovation bring enormous benefits for the overall society and for different sectors. By contrast, their misuse can lead to data workflows bypassing the intent of privacy and data protection law, as well as of ethical mandates. It may be referred to as the ‘creep factor’ of Big Data, and needs to be tackled right away, especially considering that we are moving towards the ‘datafication’ of society, where devices to capture, collect, store and process data are becoming ever-cheaper and faster, whilst the computational power is continuously increasing. If using Big Data in truly anonymisable ways, within an ethically sound and societally focussed framework, is capable of acting as an enabler of sustainable development, using Big Data outside such a framework poses a number of threats, potential hurdles and multiple ethical challenges. Some examples are the impact on privacy caused by new surveillance tools and data gathering techniques, including also group privacy, high-tech profiling, automated decision making and discriminatory practices. In our society, everything can be given a score and critical life changing opportunities are increasingly determined by such scoring systems, often obtained through secret predictive algorithms applied to data to determine who has value. It is therefore essential to guarantee the fairness and accurateness of such scoring systems and that the decisions relying upon them are realised in a legal and ethical manner, avoiding the risk of stigmatisation capable of affecting individuals’ opportunities. Likewise, it is necessary to prevent the so-called ‘social cooling’. This represents the long-term negative side effects of the data-driven innovation, in particular of such scoring systems and of the reputation economy. It is reflected in terms, for instance, of self-censorship, risk-aversion and lack of exercise of free speech generated by increasingly intrusive Big Data practices lacking an ethical foundation. Another key ethics dimension pertains to human-data interaction in Internet of Things (IoT) environments, which is increasing the volume of data collected, the speed of the process and the variety of data sources. It is urgent to further investigate aspects like the ‘ownership’ of data and other hurdles, especially considering that the regulatory landscape is developing at a much slower pace than IoT and the evolution of Big Data technologies. These are only some examples of the issues and consequences that Big Data raise, which require adequate measures in response to the ‘data trust deficit’, moving not towards the prohibition of the collection of data but rather towards the identification and prohibition of their misuse and unfair behaviours and treatments, once government and companies have such data. At the same time, the debate should further investigate ‘data altruism’, deepening how the increasing amounts of data in our society can be concretely used for public good and the best implementation modalities.

In June 2017, The Human Data Commons Foundation released its first annual Quantified Self Report Card. This project consisted of a qualitative review of the privacy policy documentation of 55 private sector companies in the self-tracking and biometric data industry. Two researchers recorded their ratings on concrete criteria for each company’s website, as well as providing a blend of objective and subjective ratings on the overall ease of readability and navigability within each site’s documentation. This chapter explains the unique context of user privacy rights within the Quantified Self tracking industry, and summarises the overall results from the 2017 Quantified Self Report Card. The tension between user privacy and data sharing in commercial data-collection practices is explored and the authors provide insight into possibilities for resolving these tensions. The self-as-instrument in research is touched on in autoethnographic narrative confronting and interrogating the difficult process of immersive qualitative analytics in relation to such intensely complex and personal issues as privacy and ubiquitous dataveillance. Drawing upon excerpted reflections from the Report Card’s co-author, a few concluding thoughts are shared on freedom and choice. Finally, goals for next year’s Quantified Self Report Card are revealed, and a call extended for public participation.

This paper will provide an overview of the contemporary surveillance environment in the age of Big Data and an insight into the complexities and overlap between security, bodily and informational surveillance as well as the subsequent impacts on privacy and democracy. These impacts include the ethical dilemmas facing librarians and information scientists as they endeavour to uphold principles of equality of access to information, and the support of intellectual freedom in private in an increasingly politicised informational environment. If we accept that privacy is integral to the notion of learning, free thought and intellectual exploration and a crucial element in the separation of the state and the individual in democratic society, then the emergence of the data age and the all-encompassing surveillance and exposure of once private acts will undoubtedly lead to the reimagining of the social and political elements of society.

Since the European Union’s (EU) Charter of Fundamental Rights became binding in 2009, data protection has attained the status of a fundamental right (Article 8) throughout the EU. This chapter discusses the relevance of data protection in the context of security. It shows that data protection has been of particular relevance in the German context – not only against the backdrop of rapidly evolving information technology, but also of the historical experiences with political regimes collecting information in order to oppress citizens.

Nowadays, there are billions interconnected devices forming Cyber-Physical Systems (CPS), Internet of Things (IoT) and Industrial Internet of Things (IIoT) ecosystems. With an increasing number of devices and systems in use, amount and the value of data, the risks of security breaches increase. One of these risks is posed by open data sources, which are databases that are not properly protected. These poorly protected databases are accessible to external actors, which poses a serious risk to the data holder and the results of data-related activities such as analysis, forecasting, monitoring, decision-making, policy development, and the whole contemporary society. This chapter aims at examining the state of the security of open data databases representing both relational databases and NoSQL, with a particular focus on a later category.

Purpose: This chapter sets out to lay out and analyse the effectiveness of the General Data Protection Regulation (GDPR), a recently established European Union (EU) regulation, in the local insurance industry.

Methodology: This was done through a systematic literature review to determine what has already been done and then a survey as a primary research tool to gather information. The survey was aimed at clients and employees of insurance entities.

Findings: The general results are that effectiveness can be segmented into different factors and vary regarding the respondents’ confidence. Other findings include that the GDPR has increased costs, and its expectations are unclear. These findings suggest that although the GDPR was influential in the insurance market, some issues about this regulation still exist.

Conclusions: GDPR fulfils its purposes; however, the implementation process of this regulation can be facilitated if better guidelines are issued for entities to follow to understand its expectations better and follow the law and fulfil its purposes most efficiently.

Practical implications: These conclusions imply that the GDPR can be improved in the future. Overall, as a regulation, it is suitable for the different member states of the EU, including small states like Malta.