Search results

Perpetrators of technology-facilitated gender-based violence are taking advantage of increasingly automated and sophisticated privacy-invasive tools to carry out their abuse. Whether this be monitoring movements through stalkerware, using drones to nonconsensually film or harass, or manipulating and distributing intimate images online such as deepfakes and creepshots, invasions of privacy have become a significant form of gender-based violence. Accordingly, our normative and legal concepts of privacy must evolve to counter the harms arising from this misuse of new technology. Canada's Supreme Court recently addressed technology-facilitated violations of privacy in the context of voyeurism in R v Jarvis (2019) . The discussion of privacy in this decision appears to be a good first step toward a more equitable conceptualization of privacy protection. Building on existing privacy theories, this chapter examines what the reasoning in Jarvis might mean for “reasonable expectations of privacy” in other areas of law, and how this concept might be interpreted in response to gender-based technology-facilitated violence. The authors argue the courts in Canada and elsewhere must take the analysis in Jarvis further to fully realize a notion of privacy that protects the autonomy, dignity, and liberty of all.

Mobile dating apps are widely used in the queer community. Whether for sexual exploration or dating, mobile and geosocial dating apps facilitate connection. But they also bring attendant privacy risks. This chapter is based on original research about the ways gay and bisexual men navigate their privacy on geosocial dating apps geared toward the LGBTQI community. It argues that, contrary to the conventional wisdom that people who share semi-nude or nude photos do not care about their privacy, gay and bisexual users of geosocial dating apps care very much about their privacy and engage in complex, overlapping privacy navigation techniques when sharing photos. They share semi-nude and nude photos for a variety of reasons, but generally do so only after building organic trust with another person. Because trust can easily break down without supportive institutions, this chapter argues that law and design must help individuals protect their privacy on geosocial dating apps.

The purpose of this paper is to explore different health care professionals’ discourse about privacy – its definition and importance in health care, and its role in their day-to-day work. Professionals’ discourse about privacy reveals how new technologies and laws challenge existing practices of information control within and between professional groups in health care, with implications not only for patient privacy, but also for the role of information control in professions more generally.

The authors conducted in-depth, semi-structured interviews with n=83 doctors, nurses, and health information professionals in two academic medical centers and one veteran’s administration hospital/clinic in the Northeastern USA. Interview responses were qualitatively coded for themes and patterns across groups were identified.

The health care providers and the authors studied actively sought to uphold the protection (and control) of patient information through professional ethics and practices, as well as through the use of technologies and compliance with legal regulations. They used discourses of professionalism, as well as of law and technology, to sometimes accept and sometimes resist changes to practice required in the changing technological and legal context of health care. The authors found differences across professional groups; for some, protection of patient information is part of core professional ethics, while for others it is simply part of their occupational work, aligned with organizational interests.

This qualitative study of physicians, nurses, and health information professionals revealed some differences in views and practices for protecting patient information in the changing technological and legal context of health care that suggest some professional groups (doctors) may be more likely to resist such changes and others (health information professionals) will actively adopt them.

New technologies and regulations are changing how information is used in health care delivery, challenging professional practices for the control of patient information that may change the value or meaning of medical records for different professional groups.

Qualitative findings suggest that professional groups in health care vary in the extent of information control they have, as well in how they view such control. Some groups may be more likely to (be able to) resist changes in the professional control of information that stem from new technologies or regulatory policies. Some professionals recognize that new IT systems and regulations challenge existing social control of information in health care, with the potential to undermine (or possibly bolster) professional self-control for some but not necessarily all occupational groups.

Since the European Union’s (EU) Charter of Fundamental Rights became binding in 2009, data protection has attained the status of a fundamental right (Article 8) throughout the EU. This chapter discusses the relevance of data protection in the context of security. It shows that data protection has been of particular relevance in the German context – not only against the backdrop of rapidly evolving information technology, but also of the historical experiences with political regimes collecting information in order to oppress citizens.

Data breaches in the US healthcare sector have more than tripled in the last decade across all states. However, to this day, no established framework ranks all states from most to least at risk for healthcare data breaches. This gap has led to a lack of proper risk identification and understanding of cyber environments at state levels.

Based on the security action cycle, the National Institute of Standards and Technology (NIST) cybersecurity framework, the risk-planning model, and the multicriteria decision-making (MCDM) literature, the paper offers an integrated multicriteria framework for prioritization in cybersecurity to address this lack and other prioritization issues in risk management in the field. The study used historical breach data between 2015 and 2021.

The findings showed that California, Texas, New York, Florida, Indiana, Pennsylvania, Massachusetts, Minnesota, Ohio, and Georgia are the states most at risk for healthcare data breaches.

The findings highlight each US state faces a different level of healthcare risk. The findings are informative for patients, crucial for privacy officers in understanding the nuances of their risk environment, and important for policy-makers who must grasp the grave disconnect between existing issues and legislative practices. Furthermore, the study suggests an association between positioning state risk and such factors as population and wealth, both avenues for future research.

Theoretically, the paper offers an integrated framework, whose basis in established security models in both academia and industry practice enables utilizing it in various prioritization scenarios in the field of cybersecurity. It further emphasizes the importance of risk identification and brings attention to different healthcare cybersecurity environments among the different US states.

It has become increasingly clear that the objectives of privacy and competition policy are in conflict with one another with regard to platform data. While privacy policies aim at limiting the use of platform data for purposes other than those for which the data were collected in order to protect the privacy of platform users, competition policy aims at making such data widely available in order to curb the power of platforms.

We draw on Commons' Institutional Economics to contrast the current control-based approaches to ensuring the protection as well as the sharing of platform data with an ownership approach. We also propose the novel category of platform use data and contrast this with the dichotomy of personal/non-personal data which underlies current regulatory initiatives.

We find that current control- and ownership-based approaches are ineffective with regard to their capacity to balance these conflicting objectives and propose an alternative approach which makes platform data saleable. We discuss this approach in view of its capacity to balance the conflicting objectives of privacy and competition policy and its effectiveness in supporting each separately.

Our approach clarifies the fundamental difference between data markets and other concepts such as data exchanges.

This article advocates that privacy literacy research and praxis mobilize people toward changing the technological and social conditions that discipline subjects toward advancing institutional, rather than community, goals.

This article analyzes theory and prior work on datafication, privacy, data literacy, privacy literacy and critical literacy to provide a vision for future privacy literacy research and praxis.

This article (1) explains why privacy is a valuable rallying point around which people can resist datafication, (2) locates privacy literacy within data literacy, (3) identifies three ways that current research and praxis have conceptualized privacy literacy (i.e. as knowledge, as a process of critical thinking and as a practice of enacting information flows) and offers a shared purpose to animate privacy literacy research and praxis toward social change and (4) explains how critical literacy can help privacy literacy scholars and practitioners orient their research and praxis toward changing the conditions that create privacy concerns.

This article uniquely synthesizes existing scholarship on data literacy, privacy literacy and critical literacy to provide a vision for how privacy literacy research and praxis can go beyond improving individual understanding and toward enacting social change.