The concept of privacy by design is becoming increasingly popular among regulators of information and communications technologies. This paper aims at analysing and discussing the ethical implications of this concept for personal health monitoring. I assume a privacy theory of restricted access and limited control. On the basis of this theory, I suggest a version of the concept of privacy by design that constitutes a middle road between what I call broad privacy by (...) class='Hi'>design and narrow privacy by design. The key feature of this approach is that it attempts to balance automated privacy protection and autonomously chosen privacy protection in a way that is context-sensitive. In personal health monitoring, this approach implies that in some contexts like medication assistance and monitoring of specific health parameters one single automatic option is legitimate, while in some other contexts, for example monitoring in which relatives are receivers of health-relevant information rather than health care professionals, a multi-choice approach stressing autonomy is warranted. (shrink)

In view of rapid and dramatic technological change, it is important to take the special requirements of privacy protection into account early on, because new technological systems often contain hidden dangers which are very difficult to overcome after the basic design has been worked out. So it makes all the more sense to identify and examine possible data protection problems when designing new technology and to incorporate privacy protection into the overall design, instead of having to (...) come up with laborious and time-consuming “patches” later on. This approach is known as “_Privacy by Design_” (PbD). (shrink)

An accountability-based privacy governance model is one where organizations are charged with societal objectives, such as using personal information in a manner that maintains individual autonomy and which protects individuals from social, financial and physical harms, while leaving the actual mechanisms for achieving those objectives to the organization. This paper discusses the essential elements of accountability identified by the Galway Accountability Project, with scholarship from the Centre for Information Policy Leadership at Hunton & Williams LLP. Conceptual _Privacy by Design_ (...) principles are offered as criteria for building privacy and accountability into organizational information management practices. The authors then provide an example of an organizational control process that uses the principles to implement the essential elements. Initially developed in the ‘90s to advance privacy-enhancing information and communication technologies, Dr. Ann Cavoukian has since expanded the application of _Privacy by Design_ principles to include business processes. (shrink)

In November, 2009, a prominent group of privacy professionals, business leaders, information technology specialists, and academics gathered in Madrid to discuss how the next set of threats to privacy could best be addressed.The event, Privacy by Design: The Definitive Workshop, was co-hosted by my office and that of the Israeli Law, Information and Technology Authority. It marked the latest step in a journey that I began in the 1990’s, when I first focused on enlisting the support (...) of technologies that could enhance privacy. Back then, privacy protection relied primarily upon legislation and regulatory frameworks—in an effort to offer remedies for data breaches, after they had occurred. As information technology became increasingly interconnected and the volume of personal information collected began to explode, it became clear that a new way of thinking about privacy was needed.Privacy-Enhancing Technologies paved the way for that new direction, highlighting how the universal pr .. (shrink)

Este artigo apresenta o mapeamento das possibilidades de pesquisa no âmbito da Ciência da Informação (CI) que tratam sobre o conceito de Privacy by Design (PbD). Se busca responder como a CI e os usos da teoria do PbD podem influenciar no alcance de maior privacidade aos usuários de sistemas de informação desde a concepção de produtos científicos até a pesquisa aplicada. Para responder esta pergunta, foram analisados 202 artigos, que balizaram a composição do mapa de possibilidades de (...) pesquisa. O mapeamento abrange temas como o controle e o acesso aos dados, privacidade como um bem social e a visão de que a privacidade toma forma de acordo com as tecnologias. Foram problematizados os aspectos éticos da privacidade no ambiente tecnológico e contextualizada a presença do conceito de PbD nas legislações de proteção de dados. Conclui-se que este estudo contribui ao reunir proposições para o ponto de partida na busca por pesquisas científicas transdisciplinares em CI e privacidade, que os profissionais de CI podem estar envolvidos na observância da privacidade em todas as camadas de negócio no desenvolvimento de sistemas, e que a área pode contribuir com os debates relacionados ao PbD em razão da privacidade ser bem social fundamental. (shrink)

An introductory message from Peter Hustinx, European Data Protection Supervisor, delivered at Privacy by Design: The Definitive Workshop. This presentation looks back at the origins of Privacy by Design, notably the publication of the first report on “Privacy Enhancing Technologies” by a joint team of the Information and Privacy Commissioner of Ontario, Canada and the Dutch Data Protection Authority in 1995. It looks ahead and adresses the question of how the promises of these concepts (...) could be delivered in practice. (shrink)

Current advances in connectivity, sensor technology, computing power and the development of complex algorithms for processing health-related data are paving the way for the delivery of innovative long-term health care services in the future. Such technological developments will, in particular, assist the elderly and infirm to live independently, at home, for much longer periods. The home is, in fact, becoming a locus for health care innovation that may in the future compete with the hospital. However, along with these advances come (...) valid privacy and security questions arising from the fact that the data collected and transmitted through these technologies could also allow for individual monitoring as well as unauthorized access to critical diagnostic and other health data. (shrink)

Morgan et al. examine the notion of corporate citizenship and suggest that for it to be effective companies need to minimize harm and maximize benefits through its activities and, in so doing, take account of and be responsive to a full range of stakeholders. Specifically, they call for a “next generation” approach to corporate citizenship that embeds structures, systems, processes and policies into and across the company’s value chain. We take this notion of corporate citizenship and apply it to (...) class='Hi'>Privacy by Design concepts in a value chain model. Privacy by Design is comprised of Seven Foundational Principles, and as we develop the Privacy by Design Value Chain, those principles are incorporated. First, we examine the primary activities in the value chain and consider each of these seven principles, and then we extend the analysis to the support activities. Finally, we consider privacy implications and the challenges to be faced in supply chain and federated environments. Designing privacy into the value chain model is a practical, business view of organizational and privacy issues. This puts privacy where it belongs in an organization—everywhere personal information exists. We conclude that further research is needed to consider the internal stakeholders’ communications among the various departments within an organization with the goal of better communications and shared values, and we believe the value chain approach helps to further this research agenda. Also, federated environments necessitate that organizations can “trust” their third parties providers. Research and case studies are needed regarding how these organizations can create value and competitive advantages by voluntarily providing their customers with privacy practice compliance reports. For the most part, the future is bright for the protection of personal information because solutions, not problems are being proposed, researched, developed and implemented. (shrink)

Particular applications of Privacy by Design (PbD) have proven to be valuable tools to protect privacy in many technological applications. However, PbD is not as promising when applied to technologies used for surveillance. After specifying how surveillance and privacy are understood in this paper, I will highlight the shortcomings of PbD when applied to surveillance, using a web-scanning system for counter-terrorism purposes as an example. I then suggest reworking PbD into a different approach: the Minimum Harm (...) by Design (MHbD) model. MHbD differs from PbD principally in that it acknowledges that the potential harms of surveillance bear not only upon privacy but also values that define the very constitution of a society and its political character. MHbD aims to identify and systematise the different categories of such harms and links them to current theories on surveillance on the one hand and on possible design measures on the other. (shrink)

There is growing consensus that teaching computer ethics is important, but there is little consensus on how to do so. One unmet challenge is increasing the capacity of computing students to make decisions about the ethical challenges embedded in their technical work. This paper reports on the design, testing, and evaluation of an educational simulation to meet this challenge. The privacy by design simulation enables more relevant and effective computer ethics education by letting students experience and make (...) decisions about common ethical challenges encountered in real-world work environments. This paper describes the process of incorporating empirical observations of ethical questions in computing into an online simulation and an in-person board game. We employed theValues at Playframework to transform empirical observations of design into a playable educational experience. First, we conducted qualitative research to discover when and how values levers—practices that encourage values discussions during technology development—occur during the design of new mobile applications. We then translated these findings into gameplay elements, including the goals, roles, and elements of surprise incorporated into a simulation. We ran the online simulation in five undergraduate computer and information science classes. Based on this experience, we created a more accessible board game, which we tested in two undergraduate classes and two professional workshops. We evaluated the effectiveness of both the online simulation and the board game using two methods: a pre/post-test of moral sensitivity based on the Defining Issues Test, and a questionnaire evaluating student experience. We found that converting real-world ethical challenges into a playable simulation increased student’s reported interest in ethical issues in technology, and that students identified the role-playing activity as relevant to their technical coursework. This demonstrates that roleplaying can emphasize ethical decision-making as a relevant component of technical work. (shrink)

Medical research data is sensitive personal data that needs to be protected from unauthorized access and unintentional disclosure. In a research setting, sharing of data within the scientific community is necessary in order to make progress and maximize scientific benefits derived from valuable and costly data. At the same time, convincingly protecting the privacy of people participating in medical research is a prerequisite for maintaining trust and willingness to share. In this commentary, we will address this issue and the (...) pitfalls involved in the context of the PEP project1 that provides the infrastructure for the Personalized Parkinson’s Project,2 a large cohort study on Parkinson’s disease from Radboud University Medical Center, in cooperation with Verily life Sciences, an Alphabet subsidiary. (shrink)

This paper introduces Nymity’s Privacy Risk Optimization Process (PROP), a process that enables the implementation of privacy into operational policies and procedures, which embodies in Privacy by Design for business practices. The PROP is based on the International Organization for Standardization (ISO) concept that risk can be positive and negative; and further defines Risk Optimization as a process whereby organizations strive to maximize positive risks and mitigate negative ones. The PROP uses these concepts to implement (...) class='Hi'>privacy into operational policies and procedures. This paper was produced by Nymity and the Office of the Information and Privacy Commissioner of Ontario, Canada. It was presented by Terry McQuay, President of Nymity, at Privacy by Design: The Definitive Workshop, in Madrid, Spain, on November 2nd, 2009. The workshop was hosted by Dr. Ann Cavoukian, Information and Privacy Commissioner of Ontario, Canada, and Yoram Hacohen, Head of the Israeli Law, Information and Technology Authority. (shrink)

Social robots as companions play an increasingly important role in our everyday life. However, reaching the full potential of social robots and the interaction between humans and robots requires permanent collection and processing of personal data of users, e.g. video and audio data for image and speech recognition. In order to foster user acceptance, trust and to address legal requirements as the General Data Protection Regulation of the EU, privacy needs to be integrated in the design process of (...) social robots. The Privacy by Design approach by Cavoukian indicates the relevance of a privacy-respecting development and outlines seven abstract principle.In this paper two methods as a hands-on guideline to fulfill the principles are presented and discussed in the content of the Privacy by Design approach. Privacy risks of a typical robot scenario are identified, analyzed and solutions are proposed on the basis of theseven types of privacyand theprivacy protection goals. (shrink)

Purpose The purpose of this paper is to lay out an approach to addressing the problem of privacy protection in the global digital environment based on the importance that information has to improve users’ informational self-determination. Following this reasoning, this paper focuses on the suitable way to provide user with the correct amount of information they may need to maintain a desirable grade of autonomy as far as their privacy protection is concerned and decide whether or not to (...) put their personal data on the internet. Design/methodology/approach The authors arrive at this point in their analysis by qualitative discourse analysis of the most relevant scientific papers and dossiers relating to privacy protection. Findings The goal of this paper is twofold. The first is to illustrate the importance of privacy by default and informed consent working together to protect information and communication technology users’ privacy. The second goal is to develop a suitable way to administrate the mentioned “informed consent” to users. Originality/value To fulfil this purpose, the authors present a new concept of informed consent: active “informed consent” or “Opt-in” model by layers. “Opt-in” regimens have already been used with cookies but never with 2.0 applications, as, for instance, social network sites. (shrink)

Pervasive, easy-to-use privacy services are keys to enabling users to maintain control of their private data in the online environment. This paper proposes (1) an online privacy lifecycle from the user perspective that drives and categorizes the development of these services, (2) a layered platform design solution for online privacy, (3) the evolution of the PeCAN (Personal Context Agent Networking) architecture to a platform for pervasively providing multiple contexts for user privacy preferences and online informational (...) privacy services, and (4) use of platform network effects for increasing wide-scale user adoption of privacy services. One implication of this paper’s concepts is that platform-mediated networks, which are reportedly the vehicles for most of the revenue earned by 60 of the world’s largest companies, and other platforms that commonly host millions of users, will not have to individually reinvent and manage sophisticated user services for privacy protection since universal privacy platforms can be layered on them in future. (shrink)

In this article, we develop the concept of Transparency by Design that serves as practical guidance in helping promote the beneficial functions of transparency while mitigating its challenges in automated-decision making environments. With the rise of artificial intelligence and the ability of AI systems to make automated and self-learned decisions, a call for transparency of how such systems reach decisions has echoed within academic and policy circles. The term transparency, however, relates to multiple concepts, fulfills many functions, and holds (...) different promises that struggle to be realized in concrete applications. Indeed, the complexity of transparency for ADM shows tension between transparency as a normative ideal and its translation to practical application. To address this tension, we first conduct a review of transparency, analyzing its challenges and limitations concerning automated decision-making practices. We then look at the lessons learned from the development of Privacy by Design, as a basis for developing the Transparency by Design principles. Finally, we propose a set of nine principles to cover relevant contextual, technical, informational, and stakeholder-sensitive considerations. Transparency by Design is a model that helps organizations design transparent AI systems, by integrating these principles in a step-by-step manner and as an ex-ante value, not as an afterthought. (shrink)

Privacy by Design, a globally accepted framework for personal data management and privacy protection, advances the view that privacy cannot be assured solely by compliance with regulatory frameworks but must become an organisation’s default mode of operation. We are proposing a similar template for the research ethics review process. The Research Ethics by Design framework involves research ethics committees engaging researchers during the design phase of the proposal so that ethical considerations may be directly (...) embedded in the science as opposed to being viewed as addendums after the fact. This collaborative research design proposal results in the establishment of a culture of ethical research rather than research with ethical oversight. Both researchers and research ethics committees come to view the review process as one in which individual protection and collective benefit co-exist in a doubly-enabling positive-sum manner. (shrink)

This paper explores, through empirical research, how values, engineering practices, and technological design decisions shape one another in the development of privacy technologies. We propose the concept of “privacy worlds” to explore the values and design practices of the engineers of one of the world’s most notable privacy technologies: the Tor network. By following Tor’s design and development we show a privacy world emerging—one centered on a construction of privacy understood through the (...) topology of structural power in the Internet backbone. This central “cipher” discourse renders privacy as a problem that can be “solved” through engineering, allowing the translation and representation of different groups of imagined users, adversaries, and technical aspects of the Internet in the language of the system. It also stabilizes a “flattened,” neutralized conception of privacy, risking stripping it of its political and cultural depth. We argue for an enriched empirical focus on design practices in privacy technologies, both as sites where values and material power are shaped, and as a place where the various worlds that will go on to cluster around them—of users, maintainers, and others—are imagined and reconciled. (shrink)

Purpose– The medical advances and historical fluctuations in the demographics are contributing to the rise of the average age. These changes are increasing the pressure to organize adequate care to a growing number of individuals. As a way to provide efficient and cost-effective care, eHealth systems are gaining importance. However, this trend is creating new ethical concerns. Major issues are privacy and patients’ control over their data. To deploy these systems on a large scale, they need to offer strict (...) privacy protection. Even though many research proposals focus on eHealth systems and related ethical requirements, there is an evident lack of practical solutions for protecting users’ personal information. The purpose of this study is to explore the ethical considerations related to these systems and extract the privacy requirements. This paper also aims to put forth a system design which ensures appropriate privacy protection.Design/methodology/approach– This paper investigates the existing work in the area of eHealth systems and the related ethical considerations, which establish privacy as one of the main requirements. It lists the ethical requirements and data protection standards that a system needs to fulfil and uses them as a guideline for creating the proposed design.Findings– Even though privacy is considered to be a paramount aspect of the eHealth systems, the existing proposals do not tackle this issue from the outset of the design. Consequently, introducing privacy at the final stages of the system deployment imposes significant limitations and the provided data protection is not always to the standards expected by the users.Originality/value– This paper motivates the need for addressing ethical concerns in the eHealth domain with special focus on establishing strict privacy protection. It lists the privacy requirements and offers practical solutions for developing a privacy-friendly system and takes the approach of privacy-by-design. Additionally, the proposed design is evaluated against ethical principles as proposed in the existing literature. The aim is to show that technological advances can be used to improve quality and efficiency of care, while the usually raised concerns can be avoided. (shrink)

In this position paper, we would like to promote the alternative approach positioned between the two extreme positions consisting in refusing any innovation or in adopting technology without questioning it. This approach proposes a reflexive and responsible innovation based on a compromise between industrial and economic potentialities and a common respect of our human rights and values. We argue that the “silence of the chips right” is timely, relevant and sustainable to face ethical challenges raised by IoT such as protecting (...) privacy, trust, social justice, autonomy or human agency. We believe this technical solution may support establishing an ethics of IoT embedded in the technology itself. Our position is not ‘technocratic’: we do not agree with discourses arguing technology can fix problems. Through the responsible research and innovation approach we promote the idea that only human agency and user empowerment constitute a valid answer to the ethical, legal and social issues raised by IoT. (shrink)

The debate on whether and how the Internet can protect and foster human rights has become a defining issue of our time. This debate often focuses on Internet governance from a regulatory perspective, underestimating the influence and power of the governance of the Internet’s architecture. The technical decisions made by Internet Standard Developing Organisations that build and maintain the technical infrastructure of the Internet influences how information flows. They rearrange the shape of the technically mediated public sphere, including which rights (...) it protects and which practices it enables. In this article, we contribute to the debate on SDOs’ ethical responsibility to bring their work in line with human rights. We defend three theses. First, SDOs’ work is inherently political. Second, the Internet Engineering Task Force, one of the most influential SDOs, has a moral obligation to ensure its work is coherent with, and fosters, human rights. Third, the IETF should enable the actualisation of human rights through the protocols and standards it designs by implementing a responsibility-by-design approach to engineering. We conclude by presenting some initial recommendations on how to ensure that work carried out by the IETF may enable human rights. (shrink)

Objectives: To foster the development of a privacy-protective, sustainable cross-border information system in the framework of a European public health project. Materials and methods: A targeted privacy impact assessment was implemented to identify the best architecture for a European information system for diabetes directly tapping into clinical registries. Four steps were used to provide input to software designers and developers: a structured literature search, analysis of data flow scenarios or options, creation of an ad hoc questionnaire and conduction (...) of a Delphi procedure. Results: The literature search identified a core set of relevant papers on privacy. Technicians envisaged three candidate system architectures, with associated data flows, to source an information flow questionnaire that was submitted to the Delphi panel for the selection of the best architecture. A detailed scheme envisaging an “aggregation by group of patients” was finally chosen, based upon the exchange of finely tuned summary tables. Conclusions: Public health information systems should be carefully engineered only after a clear strategy for privacy protection has been planned, to avoid breaching current regulations and future concerns and to optimise the development of statistical routines. The BIRO project delivers a specific method of privacy impact assessment that can be conveniently used in similar situations across Europe. (shrink)

Unprecedented advances in the ability to store, analyze, and retrieve data is the hallmark of the information age. Along with enhanced capability to identify meaningful patterns in large data sets, contemporary data science renders many classical models of privacy protection ineffective. Addressing these issues through privacy-sensitive design is insufficient because advanced data science is mutually exclusive with preserving privacy. The special privacy problem posed by data analysis has so far escaped even leading accounts of informational (...) privacy. Here, I argue that accounts of privacy must include norms about information processing in addition to norms about information flow. Ultimately, users need the resources to control how and when personal information is processed and the knowledge to make information decisions about that control. While privacy is an insufficient design constraint, value-sensitive design around control and transparency can support privacy in the information age. (shrink)

At the beginning of the COVID-19 pandemic, high hopes were placed on digital contact tracing. Digital contact tracing apps can now be downloaded in many countries, but as further waves of COVID-19 tear through much of the northern hemisphere, these apps are playing a less important role in interrupting chains of infection than anticipated. We argue that one of the reasons for this is that most countries have opted for decentralised apps, which cannot provide a means of rapidly informing users (...) of likely infections while avoiding too many false positive reports. Centralised apps, in contrast, have the potential to do this. But policy making was influenced by public debates about the right app configuration, which have tended to focus heavily on privacy, and are driven by the assumption that decentralised apps are “privacy preserving by design”. We show that both types of apps are in fact vulnerable to privacy breaches, and, drawing on principles from safety engineering and risk analysis, compare the risks of centralised and decentralised systems along two dimensions, namely the probability of possible breaches and their severity. We conclude that a centralised app may in fact minimise overall ethical risk, and contend that we must reassess our approach to digital contact tracing, and should, more generally, be cautious about a myopic focus on privacy when conducting ethical assessments of data technologies. (shrink)

The 2003 blackout in the northern and eastern U.S. and Canada which caused a $6 billion loss in economic revenue is one of many indicators that the current electrical grid is outdated. Not only must the grid become more reliable, it must also become more efficient, reduce its impact on the environment, incorporate alternative energy sources, allow for more consumer choices, and ensure cyber security. In effect, it must become smart. Significant investments in the billions of dollars are being made (...) to lay the infrastructure of the future Smart Grid. However, the authors argue that we must take great care not to sacrifice consumer privacy amidst an atmosphere of unbridled enthusiasm for electricity reform. Information proliferation, lax controls and insufficient oversight of this information could lead to unprecedented invasions of consumer privacy. Smart meters and smart appliances will constitute a data explosion of intimate details of daily life, and it is not yet clear who will have access to this information beyond a person’s utility provider. The authors of this paper urge the adoption of Dr. Ann Cavoukian’s conceptual model ‘SmartPrivacy’ to prevent potential invasions of privacy while ensuring full functionality of the Smart Grid. SmartPrivacy represents a broad arsenal of protections, encapsulating everything necessary to ensure that all of the personal information held by an organization is appropriately managed. These include: Privacy by Design; law, regulation and independent oversight; accountability and transparency; market forces, education and awareness; audit and control; data security; and fair information practices. Each of these elements is important, but the concept of Privacy by Design represents its sine qua non. When applying SmartPrivacy to the Smart Grid, not only will the grid be able to, for example, become increasingly resistant to attack and natural disasters—it will be able to do so while also becoming increasingly resistant to data leakage and breaches of personal information. The authors conclude that SmartPrivacy must be built into the Smart Grid during its current nascent stage, allowing for both consumer control of electricity consumption and consumer control of their personal information, which must go hand in hand. Doing so will ensure that consumer confidence and trust is gained, and that their participation in the Smart Grid contributes to the vision of creating a more efficient and environmentally friendly electrical grid, as well as one that is protective of privacy. This will result in a positive-sum outcome, where both environmental efficiency and privacy can coexist. (shrink)

This paper undertakes a comparative legal study to analyze the challenges of privacy and personal data protection posed by Artificial Intelligence embedded in Robots, and to offer policy suggestions. After identifying the benefits from various AI usages and the risks posed by AI-related technologies, I then analyze legal frameworks and relevant discussions in the EU, USA, Canada, and Japan, and further consider the efforts of Privacy by Design originating in Ontario, Canada. While various AI usages provide great (...) convenience, many issues, including profiling, discriminatory decisions, lack of transparency, and impeding consent, have emerged. The unpredictability arising from the AI machine learning function poses further difficulties, which have only been partially addressed by legal frameworks in the aforementioned jurisdictions. However, analyzing the relevant discussions yielded several suggestions. The first priority is adopting PbD as the most flexible, soft-legal, and preferable approach toward AI-oriented issues. Implementing PbD will protect individual privacy and personal data without specific efforts, and achieve both the development of AI and the advancement of privacy and personal data protection. Technical measures that can adapt to an individual’s dynamic choices according to the “context” should be further developed. Furthermore, alternative technical measures, including those to solve the “algorithmic black box” or achieve differential privacy, warrant thorough examination. If AI surpasses human intelligence, a terminating function, such as a “kill switch” will be the last resort to preserve individual choice. Despite numerous difficulties, we must prepare for the coming AI-prevalent society by taking a flexible approach. (shrink)

Recent advances in wireless technologies have led to the development of intelligent, in-vehicle safety applications designed to share information about the actions of nearby vehicles, potential road hazards, and ultimately predict dangerous scenarios or imminent collisions. These vehicle safety communication (VSC) technologies rely on the creation of autonomous, self-organizing, wireless communication networks connecting vehicles with roadside infrastructure and with each other. As the technical standards and communication protocols for VSC technologies are still being developed, certain ethical implications of these new (...) information technologies emerge: Coupled with the predicted safety benefits of VSC applications is a potential rise in the ability to surveil a driver engaging in her everyday activities on the public roads. This paper will explore how the introduction of VSC technologies might disrupt the “contextual integrity” of personal information flows in the context of highway travel and threaten one’s “privacy in public.” Since VSC technologies and their related protocols and standards are still in the developmental stage, the paper will conclude by revealing how close attention to the ethical implications of the remaining design decisions can inform and guide designers of VSC technologies to create innovate safety applications that increase public safety, but without compromising the value of one’s privacy in public. (shrink)

Safe-by-Design (SBD) frameworks for the development of emerging technologies have become an ever more popular means by which scholars argue that transformative emerging technologies can safely incorporate human values. One such popular SBD methodology is called Value Sensitive Design (VSD). A central tenet of this design methodology is to investigate stakeholder values and design those values into technologies during early stage research and development (R&D). To accomplish this, the VSD framework mandates that designers consult the philosophical (...) and ethical literature to best determine how to weigh moral trade-offs. However, the VSD framework also concedes the universalism of moral values, particularly the values of freedom, autonomy, equality trust and privacy justice. This paper argues that the VSD methodology, particularly applied to nano-bio-info-cogno (NBIC) technologies, has an insufficient grounding for the determination of moral values. As such, an exploration of the value-investigations of VSD are deconstructed to illustrate both its strengths and weaknesses. This paper also provides possible modalities for the strengthening of the VSD methodology, particularly through the application of moral imagination and how moral imagination exceed the boundaries of moral intuitions in the development of novel technologies. (shrink)

In this chapter I identify three problems affecting the plausibility of group privacy and argue in favour of their resolution. The first problem concerns the nature of the groups in question. I shall argue that groups are neither discovered nor invented, but designed by the level of abstraction (LoA) at which a specific analysis of a social system is developed. Their design is therefore justified insofar as the purpose, guiding the choice of the LoA, is justified. This should (...) remove the objection that groups cannot have a right to privacy because groups are mere artefacts (there are no groups, only individuals) or that, even if there are groups, it is too difficult to deal with them. The second problem concerns the possibility of attributing rights to groups. I shall argue that the same logic of attribution of a right to individuals may be used to attribute a right to a group, provided one modifies the LoA and now treats the whole group itself as an individual. This should remove the objection that, even if groups exist and are manageable, they cannot be treated as holders of rights. The third problem concerns the possibility of attributing a right to privacy to groups. I shall argue that sometimes it is the group and only the group, not its members, that is correctly identified as the correct holder of a right to privacy. This should remove the objection that privacy, as a group right, is a right held not by a group as a group but rather by the group’s members severally. The solutions of the three problems supports the thesis that an interpretation of privacy in terms of a protection of the information that constitutes an individual—both in terms of a single person and in terms of a group—is better suited than other interpretations to make sense of group privacy. (shrink)

The first few years of the 21st century were characterised by a progressive loss of privacy. Two phenomena converged to give rise to the data economy: the realisation that data trails from users interacting with technology could be used to develop personalised advertising, and a concern for security that led authorities to use such personal data for the purposes of intelligence and policing. In contrast to the early days of the data economy and internet surveillance, the last few years (...) have witnessed a rising concern for privacy. As bad data practices have come to light, citizens are starting to understand the real cost of using online digital technologies. Two events stamped 2018 as a landmark year for privacy: the Cambridge Analytica scandal, and the implementation of the European Union’s General Data Protection Regulation (GDPR). The former showed the extent to which personal data has been shared without data subjects’ knowledge and consent and many times for unacceptable purposes, such as swaying elections. The latter inaugurated the beginning of robust data protection regulation in the digital age. Getting privacy right is one of the biggest challenges of this new decade of the 21st century. The past year has shown that there is still much work to be done on privacy to tame the darkest aspects of the data economy. As data scandals continue to emerge, questions abound as to how to interpret and enforce regulation, how to design new and better laws, how to complement regulation with better ethics, and how to find technical solutions to data problems. The aim of the research project Data, Privacy, and the Individual is to contribute to a better understanding of the ethics of privacy and of differential privacy. The outcomes of the project are seven research papers on privacy, a survey, and this final report, which summarises each research paper, and goes on to offer a set of reflections and recommendations to implement best practices regarding privacy. (shrink)

Safe-by-Design (SBD) frameworks for the development of emerging technologies have become an ever more popular means by which scholars argue that transformative emerging technologies can safely incorporate human values. One such popular SBD methodology is called Value Sensitive Design (VSD). A central tenet of this design methodology is to investigate stakeholder values and design those values into technologies during early stage research and development (R&D). To accomplish this, the VSD framework mandates that designers consult the philosophical (...) and ethical literature to best determine how to weigh moral trade-offs. However, the VSD framework also concedes the universalism of moral values, particularly the values of freedom, autonomy, equality trust and privacy justice. This paper argues that the VSD methodology, particularly applied to nano-bio-info-cogno (NBIC) technologies, has an insufficient grounding for the determination of moral values. As such, an exploration of the value-investigations of VSD are deconstructed to illustrate both its strengths and weaknesses. This paper also provides possible modalities for the strengthening of the VSD methodology, particularly through the application of moral imagination and how moral imagination exceed the boundaries of moral intuitions in the development of novel technologies. (shrink)

Risk management is a well-known method to face technological challenges through a win–win combination of protective and proactive approaches, fostering the collaboration of operators, researchers, regulators, and industries for the exploitation of new markets. In the field of autonomous and unmanned aerial systems, or UAS, a considerable amount of work has been devoted to risk analysis, the generation of ground risk maps, and ground risk assessment by estimating the fatality rate. The paper aims to expand this approach with a tool (...) for managing data protection risks raised by drones through the design of flight maps. The tool should allow UAS operators choosing the best air corridor for their drones based on the so-called privacy by design principle pursuant to Article 25 of the EU data protection regulation, the GDPR. Among the manifold applications of this approach, the design of fly zones for drones can be tailored for public authorities in the phase of authorization of new operations, much as for national Data Protection authorities that have to control the lawfulness of personal data processing by UAS operations. The overall aim is to present the first win–win approach to data protection issues, aerospace engineering challenges, and risk management methods for the threats posed by this technology. (shrink)

Risk management is a well-known method to face technological challenges through a win–win combination of protective and proactive approaches, fostering the collaboration of operators, researchers, regulators, and industries for the exploitation of new markets. In the field of autonomous and unmanned aerial systems, or UAS, a considerable amount of work has been devoted to risk analysis, the generation of ground risk maps, and ground risk assessment by estimating the fatality rate. The paper aims to expand this approach with a tool (...) for managing data protection risks raised by drones through the design of flight maps. The tool should allow UAS operators choosing the best air corridor for their drones based on the so-called privacy by design principle pursuant to Article 25 of the EU data protection regulation, the GDPR. Among the manifold applications of this approach, the design of fly zones for drones can be tailored for public authorities in the phase of authorization of new operations, much as for national Data Protection authorities that have to control the lawfulness of personal data processing by UAS operations. The overall aim is to present the first win–win approach to data protection issues, aerospace engineering challenges, and risk management methods for the threats posed by this technology. (shrink)

Risk management is a well-known method to face technological challenges through a win–win combination of protective and proactive approaches, fostering the collaboration of operators, researchers, regulators, and industries for the exploitation of new markets. In the field of autonomous and unmanned aerial systems, or UAS, a considerable amount of work has been devoted to risk analysis, the generation of ground risk maps, and ground risk assessment by estimating the fatality rate. The paper aims to expand this approach with a tool (...) for managing data protection risks raised by drones through the design of flight maps. The tool should allow UAS operators choosing the best air corridor for their drones based on the so-called privacy by design principle pursuant to Article 25 of the EU data protection regulation, the GDPR. Among the manifold applications of this approach, the design of fly zones for drones can be tailored for public authorities in the phase of authorization of new operations, much as for national Data Protection authorities that have to control the lawfulness of personal data processing by UAS operations. The overall aim is to present the first win–win approach to data protection issues, aerospace engineering challenges, and risk management methods for the threats posed by this technology. (shrink)

With the proliferation of networked electronic communication came daunting capabilities to collect, process, combine and store data, resulting in hitherto unseen transformational pressure on the concepts of trust, security and privacy as we know them. The Future Internet will bring about a world where real life will integrate physical and digital life. Technology development for data linking and mining, together with unseen data collection, will lead to unwarranted access to personal data, and hence, privacy intrusion. Trust and identity (...) lie at the basis of many human interactions and transactions, and societies have developed legitimate concern for privacy being essential for freedom and creativity. The burgeoning development of the Information Society, particularly during the past fifteen years, transcended the societal readiness to respond to the transformational change evoked by ICT. We have reached the eleventh hour for the preservation of trust and privacy as elements that can be transposed into our digital future. Europe has been at the forefront in recognizing the importance of privacy protection in relation to digital data, witness the advanced European legislation in this domain. The European Commission recognizes that appropriate measures need to combine technology development with legal means, user awareness and tools supporting data controllers to comply with law in an accountable and transparent way, and that empower users with a controlling stake in managing their personal data. Activities are underway at many levels. European RTD programmes play their role in supporting research in trustworthy ICT, privacy enhancing technologies, privacy-by-design in service layers as well as in networks, enabling technologies such as cryptography, and in generalized frameworks for trust and privacy-protective identity management. (shrink)

This Article takes the perspective of law and philosophy, integrating insights from computer science. First, I will argue that in the era of big data analytics we need an understanding of privacy that is capable of protecting what is uncountable, incalculable or incomputable about individual persons. To instigate this new dimension of the right to privacy, I expand previous work on the relational nature of privacy, and the productive indeterminacy of human identity it implies, into an ecological (...) understanding of privacy, taking into account the technological environment that mediates the constitution of human identity. Second, I will investigate how machine learning actually works, detecting a series of design choices that inform the accuracy of the outcome, each entailing trade-offs that determine the relevance, validity and reliability of the algorithm’s accuracy for real life problems. I argue that incomputability does not call for a rejection of machine learning per se but calls for a research design that enables those who will be affected by the algorithms to become involved and to learn how machines learn — resulting in a better understanding of their potential and limitations. A better understanding of the limitations that are inherent in machine learning will deflate some of the eschatological expectations, and provide for better decision-making about whether and if so how to implement machine learning in specific domains or contexts. I will highlight how a reliable research design aligns with purpose limitation as core to its methodological integrity. This Article, then, advocates a practice of “agonistic machine learning” that will contribute to responsible decisions about the integration of data-driven applications into our environments while simultaneously bringing them under the Rule of Law. This should also provide the best means to achieve effective protection against overdetermination of individuals by machine inferences. (shrink)

Today’s computer network technologies are sociologically founded on hunter-gatherer principles; common users may be possible subjects of surveillance and sophisticated internet-based attacks are almost impossible to prevent. At the same time, information and communication technology, ICT offers the technical possibility of embedded privacy protection. Making technology legitimate by design is a part of the intentional design for democracy. This means incorporating options for socially acceptable behaviour in technical systems, and making the basic principles of privacy protection, (...) rights and responsibilities, transparent to the user. The current global e-polis already has, by means of different technologies, de facto built-in policies that define the level of user-privacy protection. That which remains is to make their ethical implications explicit and understandable to citizens of the global village through interdisciplinary disclosive ethical methods, and to make them correspond to the high ethical norms that support trust, the essential precondition of any socialization. The good news is that research along these lines is already in progress. Hopefully, this will result in a future standard approach to the privacy of network communications. (shrink)

Profiling technologies are the facilitating force behind the vision of Ambient Intelligence in which everyday devices are connected and embedded with all kinds of smart characteristics enabling them to take decisions in order to serve our preferences without us being aware of it. These technological practices have considerable impact on the process by which our personhood takes shape and pose threats like discrimination and normalisation. The legal response to these developments should move away from a focus on entitlements to personal (...) data, towards making transparent and controlling the profiling process by which knowledge is produced from these data. The tendency in intellectual property law to commodify information embedded in software and profiles could counteract this shift to transparency and control. These rights obstruct the access and contestation of the design of the code that impacts one’s personhood. This triggers a political discussion about the public nature of this code and forces us to rethink the relations between property, privacy and personhood in the digital age. (shrink)

With the proliferation of networked electronic communication came daunting capabilities to collect, process, combine and store data, resulting in hitherto unseen transformational pressure on the concepts of trust, security and privacy as we know them. The Future Internet will bring about a world where real life will integrate physical and digital life. Technology development for data linking and mining, together with unseen data collection, will lead to unwarranted access to personal data, and hence, privacy intrusion. Trust and identity (...) lie at the basis of many human interactions and transactions, and societies have developed legitimate concern for privacy being essential for freedom and creativity. The burgeoning development of the Information Society, particularly during the past fifteen years, transcended the societal readiness to respond to the transformational change evoked by ICT. We have reached the eleventh hour for the preservation of trust and privacy as elements that can be transposed into our digital future. Europe has been at the forefront in recognizing the importance of privacy protection in relation to digital data, witness the advanced European legislation in this domain. The European Commission recognizes that appropriate measures need to combine technology development with legal means, user awareness and tools supporting data controllers to comply with law in an accountable and transparent way, and that empower users with a controlling stake in managing their personal data. Activities are underway at many levels. European RTD programmes play their role in supporting research in trustworthy ICT, privacy enhancing technologies, privacy-by-design in service layers as well as in networks, enabling technologies such as cryptography, and in generalized frameworks for trust and privacy-protective identity management. (shrink)

Profiling technologies are the facilitating force behind the vision of Ambient Intelligence in which everyday devices are connected and embedded with all kinds of smart characteristics enabling them to take decisions in order to serve our preferences without us being aware of it. These technological practices have considerable impact on the process by which our personhood takes shape and pose threats like discrimination and normalisation. The legal response to these developments should move away from a focus on entitlements to personal (...) data, towards making transparent and controlling the profiling process by which knowledge is produced from these data. The tendency in intellectual property law to commodify information embedded in software and profiles could counteract this shift to transparency and control. These rights obstruct the access and contestation of the design of the code that impacts one’s personhood. This triggers a political discussion about the public nature of this code and forces us to rethink the relations between property, privacy and personhood in the digital age. (shrink)

The Australian Royal Commission into Aged Care Quality and Safety acknowledged understaffing and substandard care in residential aged care and home care services, and recommendations were made that that the Australian Government should promote assistive technology within aged care. Robotic care assistants can provide care and companionship for the elderly—both in their own homes and within health and aged care institutions. Although more research is required into their use, studies indicate benefits, including enabling the elderly to live independently at home, (...) assistance with medication and monitoring of safety. Nevertheless, there are inherent ethical challenges in the use of robots as carers, including loss of privacy, unwarranted restrictions on autonomy, lack of dignity, deception, and the exacerbation of loneliness. Ethics by design can counter these issues in development of robotics and clinical ethics committees have been put forward as a way of dealing with the ethical use of robotic care in healthcare institutions. In this paper I outline the ethical challenges of robotic care assistants and how these may be mediated in their design and use. (shrink)

The sense of shame is part of human nature. What, then, is the role and significance of such a particular sensation, one that causes mental anxiety in a sick person’s weakest and the most vulnerable state? We know from historical documents going back as far as ancient Greece and Egypt that respecting patient privacy should be regarded as a moral duty for physicians in charge of treatment. However much today’s healthcare may have changed compared to centuries past, we note (...) that patient privacy has not lost its importance. In the current healthcare system, digital recording of private information and images enables others, in principle, to access these personal data quite easily. While we cannot reject the advantages offered by modern medicine, we need to consider how to design a healthcare system that respects patient privacy. What should be the standards of privacy in emergency services where urgent decisions and interventions have to be made? How should we guarantee patient privacy during medical education? The chapters of this book approach questions like these from the perspectives of different disciplines. The writings illustrate the increasing complexity of patient privacy issues in modern healthcare systems, particularly the growing difficulty to protect confidential data. At the same time, we can observe that patients are becoming more aware of their rights and their sensitivity in this area has increased. In our opinion, an approach that requires us to choose between the two values –health and privacy – would be wrong. Therefore, the question we should focus on is: “what kind of healthcare system should be developed to ensure the greatest respect for humans’ natural right to privacy?” If we want to answer this question and find sustainable solutions for these problems, it is crucial to use a multidisciplinary approach. From this perspective, the present volume is a first contribution to be published in Turkey to pursue this aim, including articles offered from various disciplines. (shrink)

Purpose Privacy has been understood as about one’s own information, information that is not one’s own is not typically considered with regards to an individual’s privacy. This paper aims to draw attention to this issue for conceptualizing privacy when one’s privacy is breached by others’ information. Design/methodology/approach To illustrate the issue that others' information can breach one's own privacy, this paper uses real-world applications of forensic genealogy and recommender systems to motivate the discussion. Findings (...) In both forensic genealogy and recommender systems, the individual’s privacy is breached by information that is not one’s own. The information that breached one’s privacy, by its nature, is beyond the scope of an individual, which is a phenomenon that has already been captured by emerging discussions about group privacy. This paper further argues that the underlying issue reflected by the examples of forensic genealogy is an extreme case even under the consideration of group privacy. This is because, unlike recommender systems that rely on large amounts of data to make inferences about an individual, forensic genealogy exposes one’s identity by using only one other individual’s information. This paper echoes existing discussions that this peculiar situation where others’ information breaches one’s own privacy reveals the problematic nature of conceptualizing privacy relying only on individualistic assumptions. Moreover, this paper suggests a relational perspective as an alternative for theorizing privacy. Originality/value This situation that others’ information breached one’s own privacy calls for an updated understanding of not only privacy but also the relationship between the person and their information. Privacy scholars need to renew their ethical language and vocabularies to properly understand the issue, which recent privacy conceptualizations are already doing (e.g. group privacy). (shrink)

Purpose The proliferation of surveillance-enhancing laws, policies and technologies across African countries deepens the risk of privacy rights breaches, as well as the risks of adverse profiling and social sorting. There is a heightened need for dedicated advocacy and activism to consistently demand accountability and transparency from African states, governments and their allies regarding surveillance. The purpose of this paper is to understand the issue frames that accompany anti-surveillance and privacy advocacy in Ghana and the related implications. (...) class='Hi'>Design/methodology/approach Using a qualitative and interpretivist approach, the author focuses on three different surveillance-oriented incidents/programs in Ghana and analyzes the frames underpinning the related advocacy and narratives of various non-state actors. Findings Privacy and anti-surveillance advocacy in Ghana tends to be less framed in the context of privacy rights and is more driven by concerns about corruption and value for money. Such pecuniary emphasis is rational per issue salience calculations as it elevates principles of economic probity, transparency and accountability and pursues a high public shock value and resonance. Practical implications Economics-centered critiques of surveillance could be counterproductive as they create a low bar for surveillance promoters and sustains a culture of permissible statist intrusions into citizens’ lives once economic virtues are satisfied. Originality/value While anti-surveillance and privacy advocacy is budding across African countries, little is known about its nature, frames and modus compared to such advocacy in European and North American settings. To the best of the author’s knowledge, this is likely the first paper or one of the first dedicated fully to anti-surveillance and advocacy in Africa. (shrink)

Built-in privacy has for too long been neglected by regulators. They have concentrated on reacting to violations of rules. Even imposing severe fines will however not address the basic issue that preventative privacy protection is much more meaningful. The paper discusses this in the context of the International Working Group on Data Protection in Telecommunications (“Berlin Group”) which has published numerous recommendations on privacy-compliant design of technical innovations. Social network services, road pricing schemes, and the distribution (...) of digital media content have figured prominently in the group’s latest working papers. More recently, a judgment of the European Court of Human Rights has thrown light on weaknesses in the protection of patients’ data in hospitals that requires urgent action by designers of IT systems. Built-in privacy is no magic button, no panacea, but it has turned out to be a necessary condition for meaningful privacy protection. (shrink)

PurposeThere are a lot of discussions about privacy in relation to contemporary communication systems (such as Facebook and other “social media” platforms), but discussions about privacy on the internet in most cases misses a profound understanding of the notion of privacy and where this notion is coming from. The purpose of this paper is to challenge the liberal notion of privacy and explore foundations of an alternative privacy conception.Design/methodology/approachA typology of privacy definitions is (...) elaborated based on Giddens' theory of structuration. The concept of privacy fetishism that is based on critical political economy is introduced. Limits of the liberal concept of privacy are discussed. This discussion is connected to the theories of Marx, Arendt and Habermas. Some foundations of an alternative privacy concept are outlined.FindingsThe notion of privacy fetishism is introduced for criticizing naturalistic accounts of privacy. Marx and Engels have advanced four elements of the critique of the liberal privacy concept that were partly taken up by Arendt and Habermas: privacy as atomism that advances; possessive individualism that harms the public good; legitimizes and reproduces the capitalist class structure; and capitalist patriarchy.Research limitations/implicationsGiven the criticisms advanced in this paper, the need for an alternative, socialist privacy concept is ascertained and it is argued that privacy rights should be differentiated according to the position individuals occupy in the power structure, so that surveillance makes transparent wealth and income gaps and company's profits and privacy protects workers and consumers from capitalist domination.Originality/valueThe paper contributes to the establishment of a concept of privacy that is grounded in critical political economy. Owing to the liberal bias of the privacy concept, the theorization of privacy has thus far been largely ignored in critical political economy. The paper contributes to illuminating this blind spot. (shrink)

As libraries begin to embrace Web 2.0 technologies to serve patrons—ushering in the era of Library 2.0—unique dilemmas arise in the realm of information ethics, especially regarding patron privacy. The norms of Web 2.0 promote the open sharing of information—often personal information—and the design of many Library 2.0 services capitalize on access to patron information and might require additional tracking, collection, and aggregation of patron activities. Thus, embracing Library 2.0 potentially threatens the traditional ethics of librarianship, where protecting (...) patron privacy and intellectual freedom has been held paramount. The question is not whether libraries will move toward Library 2.0, but how they will do it, and whether they can preserve the contextual integrity of patron privacy and maintain their professional librarian ethic, while also providing enhanced services to their patrons. This article will provide an ethical examination of the emergence of new Library 2.0 tools and technologies in relation to existing ethical norms of information flow within the library context. By doing so, librarians and information professionals will be better situated to avoid—or at least renegotiate—the impending Faustian bargain regarding patron privacy in the "2.0" era. (shrink)

Social networking sites like Facebook are rapidly gaining in popularity. At the same time, they seem to present significant privacy issues for their users. We analyze two of Facebooks’s more recent features, Applications and News Feed, from the perspective enabled by Helen Nissenbaum’s treatment of privacy as “contextual integrity.” Offline, privacy is mediated by highly granular social contexts. Online contexts, including social networking sites, lack much of this granularity. These contextual gaps are at the root of many (...) of the sites’ privacy issues. Applications, which nearly invisibly shares not just a users’, but a user’s friends’ information with third parties, clearly violates standard norms of information flow. News Feed is a more complex case, because it involves not just questions of privacy, but also of program interface and of the meaning of “friendship” online. In both cases, many of the privacy issues on Facebook are primarily design issues, which could be ameliorated by an interface that made the flows of information more transparent to users. (shrink)

Few studies have examined the relationship between personality traits and social networking sites (SNSs) with a dominant concentration on the personality alterations under SNSs influence. The relationship between personality and privacy control was less focused and discussed. In order to figure out the internal mechanism of such link among youth SNSs users, the Theory of Planned Behavior (TPB) was extended by including Five-Factor Model of Personality to explore how personality traits interact with privacy control behavior on SNSs. The (...) investigation using the theoretical method mentioned led to several hypotheses which were later assessed by an online study conducted within randomly chosen college students (N = 201) from two randomly chosen universities in China. This sampling strategy was designed to mimic the situation of targeted research population in the most reasonable way. The results suggested neuroticism and openness predicted SNSs privacy. Neuroticism and openness predicted “networked privacy” was also found. Theoretical implications of these findings were addressed. (shrink)

Purpose The purpose of this paper is to demonstrate privacy concerns arising from the rapidly increasing advancements and use of artificial intelligence technology and the challenges of existing privacy regimes to ensure the on-going protection of an individual’s sensitive private information. The authors illustrate this through a case study of energy smart meters and suggest a novel combination of four solutions to strengthen privacy protection. Design/methodology/approach The authors illustrate how, through smart meter obtained energy data, home (...) energy providers can use AI to reveal private consumer information such as households’ electrical appliances, their time and frequency of usage, including number and model of appliance. The authors show how this data can further be combined with other data to infer sensitive personal information such as lifestyle and household income due to advances in AI technologies. Findings The authors highlight data protection and privacy concerns which are not immediately obvious to consumers due to the capabilities of advanced AI technology and its ability to extract sensitive personal information when applied to large overlapping granular data sets. Social implications The authors question the adequacy of existing privacy legislation to protect sensitive inferred consumer data from AI-driven technology. To address this, the authors suggest alternative solutions. Originality/value The original value of this paper is that it illustrates new privacy issues brought about by advances in AI, failings in current privacy legislation and implementation and opens the dialog between stakeholders to protect vulnerable consumers. (shrink)