This book addresses issues on the nexus of freedom of and property in information, while acknowledging that both hiding and exposing information may affect our privacy. It inquires into the physics, the technologies, the business models, the governmental strategies and last but not least the legal frameworks concerning access, organisation and control of information. It debates whether it is in the very nature of information to be either free or monopolized, or both. Analysing upcoming power (...) structures, new types of colonization and attempts to replace legal norms with techno-nudging, this book also presents the idea of an infra-ethics capable of pre-empting our pre-emption. It discusses the interrelations between open access, the hacker ethos, the personal data economy, and freedom of information, highlighting the ephemeral but pivotal role played by information in a data-driven society. This book is a must-read for those working on the contemporary dimensions of freedom of information, data protection, and intellectual property rights. (shrink)

Public policies designed to regulate the use of information technology to protect personal data have been based on different theoretical assumptions in different states, depending on whether the problem is defined in technological, civil libertarian, or bureaucratic terms. However, the rapid development, dispersal, and decentralization of information technology have facilitated a range of new surveillance practices that have in turn rendered the approaches of the 1960s and 1970s obsolete. The networking of the postindustrial state will require a (...) reconceptualization of the dynamic relationship between organizational practices and information technology and a more comprehensive appreciation of the privacy problem. With the call for the development of a more coherent information policy in a number of countries, there is evidence that policymakers have been taking this more holistic view. (shrink)

Privacy, Due process and the Computational Turn: The Philosophy of Law Meets the Philosophy of Technology engages with the rapidly developing computational aspects of our world including data mining, behavioural advertising, iGovernment, profiling for intelligence, customer relationship management, smart search engines, personalized news feeds, and so on in order to consider their implications for the assumptions on which our legal framework has been built. The contributions to this volume focus on the issue of privacy, which is (...) often equated with data privacy and data security, location privacy, anonymity, pseudonymity, unobservability, and unlinkability. Here, however, the extent to which predictive and other types of data analytics operate in ways that may or may not violate privacy is rigorously taken up, both technologically and legally, in order to open up new possibilities for considering, and contesting, how we are increasingly being correlated and categorizedin relationship with due process – the right to contest how the profiling systems are categorizing and deciding about us. (shrink)

It has been argued that neural data are an especially sensitive kind of personal information that could be used to undermine the control we should have over access to our mental states, and therefore need a stronger legal protection than other kinds of personal data. The Morningside Group, a global consortium of interdisciplinary experts advocating for the ethical use of neurotechnology, suggests achieving this by treating legally ND as a body organ. Although the proposal is (...) currently shaping ND-related policies, it is not clear what its conceptual and legal basis is. Treating legally something as something else requires some kind of analogical reasoning, which is not provided by the authors of the proposal. In this paper, I will try to fill this gap by addressing ontological issues related to neurocognitive processes. The substantial differences between ND and body organs or organic tissue cast doubt on the idea that the former should be covered by bodily integrity. Crucially, ND are not constituted by organic material. Nevertheless, I argue that the ND of a subject s are analogous to neurocognitive properties of her brain. I claim that s’ ND are a ‘medium independent’ property that can be characterized as natural semantic personal information about her brain and that s’ brain not only instantiates this property but also has an exclusive ontological relationship with it: This information constitutes a domain that is unique to her neurocognitive architecture. (shrink)

Informed consent bears significant relevance as a legal basis for the processing of personal data and health data in the current privacy, data protection and confidentiality legislations. The consent requirements find their basis in an ideal of personal autonomy. Yet, with the recent advent of the global pandemic and the increased use of eHealth applications in its wake, a more differentiated perspective with regards to this normative approach might soon gain momentum. This paper discusses the (...) compatibility of a moral duty to share data for the sake of the improvement of healthcare, research, and public health with autonomy in the field of data protection, privacy and medical confidentiality. It explores several ethical-theoretical justifications for a duty of data sharing, and then reflects on how existing privacy, data protection, and confidentiality legislations could obstruct such a duty. Consent, as currently defined in the General Data Protection Regulation – a key legislative framework providing rules on the processing of personal data and data concerning health – and in the recommendation of the Council of Europe on the protection of health-related data – explored here as soft-law – turns out not to be indispensable from various ethical perspectives, while the requirement of consent in the General Data Protection Regulation and the recommendation nonetheless curtails the full potential of a duty to share medical data. Also other legal grounds as possible alternatives for consent seem to constitute an impediment. (shrink)

This book is about power and freedoms in our technological world and has two main objectives. The first is to demonstrate that a theoretical exploration of the algorithmic governmentality hypothesis combined with the capability approach is useful for a better understanding of power and freedoms in Ambient Intelligence, a world where information and communication technologies are invisible, interconnected, context aware, personalized, adaptive to humans and act autonomously. The second is to argue that these theories are useful for a better (...) comprehension of privacy and data protection concepts and the evolution of their regulation. Having these objectives in mind, the book outlines a number of theses based on two threads: first, the elimination of the social effects of uncertainty and the risks to freedoms and, second, the vindication of rights. Inspired by and building on the outcomes of different philosophical and legal approaches, this book embodies an effort to better understand the challenges posed by Ambient Intelligence technologies, opening paths for more effective realization of rights and rooting legal norms in the preservation of the potentiality of human capabilities. (shrink)

Built-in privacy has for too long been neglected by regulators. They have concentrated on reacting to violations of rules. Even imposing severe fines will however not address the basic issue that preventative privacy protection is much more meaningful. The paper discusses this in the context of the International Working Group on Data Protection in Telecommunications (“Berlin Group”) which has published numerous recommendations on privacy-compliant design of technical innovations. Social network services, road pricing schemes, and the distribution of (...) digital media content have figured prominently in the group’s latest working papers. More recently, a judgment of the European Court of Human Rights has thrown light on weaknesses in the protection of patients’ data in hospitals that requires urgent action by designers of IT systems. Built-in privacy is no magic button, no panacea, but it has turned out to be a necessary condition for meaningful privacy protection. (shrink)

The aim of UK-REACH (“The United Kingdom Research study into Ethnicity And COVID-19 outcomes in Healthcare workers”) is to understand if, how, and why healthcare workers (HCWs) in the United Kingdom (UK) from ethnic minority groups are at increased risk of poor outcomes from COVID-19. In this article, we present findings from the ethical and legal stream of the study, which undertook qualitative research seeking to understand and address legal, ethical, and social acceptability issues around data (...) class='Hi'>protection, privacy, and information governance associated with the linkage of HCWs’ registration data and healthcare data. We interviewed 22 key opinion leaders in healthcare and health research from across the UK in two-to-one semi-structured interviews. Transcripts were coded using qualitative thematic analysis. Participants told us that a significant aspect of Big Data research in public health is varying drivers of mistrust—of the research itself, research staff and funders, and broader concerns of mistrust within participant communities, particularly in the context of COVID-19 and those situated in more marginalised community settings. However, despite the challenges, participants also identified ways in which legally compliant and ethically informed approaches to research can be crafted to mitigate or overcome mistrust and establish greater confidence in Big Data public health research. Overall, our research indicates that a “Big Data Ethics by Design” approach to research in this area can help assure (1) that meaningful community and participant engagement is taking place and that extant challenges are addressed, and (2) that any new challenges or hitherto unknown unknowns can be rapidly and properly considered to ensure potential (but material) harms are identified and minimised where necessary. Our findings indicate such an approach, in turn, will help drive better scientific breakthroughs that translate into medical innovations and effective public health interventions, which benefit the publics studied, including those who are often marginalised in research. (shrink)

BackgroundIncreasingly, hospitals and research institutes are developing technical solutions for sharing patient data in a privacy preserving manner. Two of these technical solutions are homomorphic encryption and distributed ledger technology. Homomorphic encryption allows computations to be performed on data without this data ever being decrypted. Therefore, homomorphic encryption represents a potential solution for conducting feasibility studies on cohorts of sensitive patient data stored in distributed locations. Distributed ledger technology provides a permanent record on all transfers and (...) processing of patient data, allowing data custodians to audit access. A significant portion of the current literature has examined how these technologies might comply with data protection and research ethics frameworks. In the Swiss context, these instruments include the Federal Act on Data Protection and the Human Research Act. There are also institutional frameworks that govern the processing of health related and genetic data at different universities and hospitals. Given Switzerland’s geographical proximity to European Union (EU) member states, the General Data Protection Regulation (GDPR) may impose additional obligations.MethodsTo conduct this assessment, we carried out a series of qualitative interviews with key stakeholders at Swiss hospitals and research institutions. These included legal and clinical data management staff, as well as clinical and research ethics experts. These interviews were carried out with two series of vignettes that focused on data discovery using homomorphic encryption and data erasure from a distributed ledger platform.ResultsFor our first set of vignettes, interviewees were prepared to allow data discovery requests if patients had provided general consent or ethics committee approval, depending on the types of data made available. Our interviewees highlighted the importance of protecting against the risk of reidentification given different types of data. For our second set, there was disagreement amongst interviewees on whether they would delete patient data locally, or delete data linked to a ledger with cryptographic hashes. Our interviewees were also willing to delete data locally or on the ledger, subject to local legislation.ConclusionOur findings can help guide the deployment of these technologies, as well as determine ethics and legal requirements for such technologies. (shrink)

This edited collection brings together a series of interdisciplinary contributions in the field of Information Technology Law. The topics addressed in this book cover a wide range of theoretical and practical legal issues that have been created by cutting-edge Internet technologies, primarily Big Data, the Internet of Things, and Cloud computing. Consideration is also given to more recent technological breakthroughs that are now used to assist, and - at times - substitute for, human work, such as automation, (...) robots, sensors, and algorithms. The chapters presented in this edition address these issues from the perspective of different legal backgrounds. The first part of the book discusses some of the shortcomings that have prompted legislators to carry out reforms with regard to privacy, data protection, and data security. Notably, some of the complexities and salient points with regard to the new European General Data Protection Regulation (EU GDPR) and the new amendments to the Japan's Personal Information Protection Act (PIPA) have been scrutinized. The second part looks at the vital role of Internet intermediaries (or brokers) for the proper functioning of the globalized electronic market and innovation technologies in general. The third part examines an electronic approach to evidence with an evaluation of how these technologies affect civil and criminal investigations. The authors also explore issues that have emerged in e-commerce, such as Bitcoin and its blockchain network effects. The book aims to explain, systemize and solve some of the lingering legal questions created by the disruptive technological change that characterizes the early twenty-first century. (shrink)

Purpose – Ubiquitous computing and “big data” have been widely recognized as requiring new concepts of privacy and new mechanisms to protect it. While improved concepts of privacy have been suggested, the paper aims to argue that people acting in full conformity to those privacy norms still can infringe the privacy of others in the context of ubiquitous computing and “big data”. Design/methodology/approach – New threats to privacy are described. Helen Nissenbaum's concept of “privacy as contextual integrity” is (...) reviewed concerning its capability to grasp these problems. The argument is based on the assumption that the technologies work, persons are fully informed and capable of deciding according to advanced privacy considerations. Findings – Big data and ubiquitous computing enable privacy threats for persons whose data are only indirectly involved and even for persons about whom no data have been collected and processed. Those new problems are intrinsic to the functionality of these new technologies and need to be addressed on a social and political level. Furthermore, a concept of data minimization in terms of the quality of the data is proposed. Originality/value – The use of personal data as a threat to the privacy of others is established. This new perspective is used to reassess and recontextualize Helen Nissenbaum's concept of privacy. Data minimization in terms of quality of data is proposed as a new concept. (shrink)

This book presents the latest research on the challenges and solutions affecting the equilibrium between freedom of speech, freedom of information, information security, and the right to informational privacy. Given the complexity of the topics addressed, the book shows how old legal and ethical frameworks may need to be not only updated, but also supplemented and complemented by new conceptual solutions. Neither a conservative attitude (“more of the same”) nor a revolutionary zeal (“never seen before”) is likely (...) to lead to satisfactory solutions. Instead, more reflection and better conceptual design are needed, not least to harmonise different perspectives and legal frameworks internationally. The focus of the book is on how we may reconcile high levels of information security with robust degrees of informational privacy, also in connection with recent challenges presented by phenomena such as “big data” and security scandals, as well as new legislation initiatives, such as those concerning “the right to be forgotten” and the use of personal data in biomedical research. The book seeks to offer analyses and solutions of the new tensions, in order to build a fair, shareable, and sustainable balance in this vital area of human interactions. (shrink)

This article is the result of an international research between law and ethics scholars from Universities in France and Switzerland, who have been closely collaborating with technical experts on the design and use of information and communication technologies in the fields of human health and security. The interdisciplinary approach is a unique feature and guarantees important new insights in the social, ethical and legal implications of these technologies for the individual and society as a whole. Its aim is (...) to shed light on the tension between secrecy and transparency in the digital era. A special focus is put from the perspectives of psychology, medical ethics and European law on the contradiction between individuals’ motivations for consented processing of personal data and their fears about unknown disclosure, transferal and sharing of personal data via information and communication technologies (named the “privacy paradox”). Potential benefits and harms for the individual and society resulting from the use of computers, mobile phones, the Internet and social media are being discussed. Furthermore, the authors point out the ethical and legal limitations inherent to the processing of personal data in a democratic society governed by the rule of law. Finally, they seek to demonstrate that the impact of information and communication technology use on the individuals’ well-being, the latter being closely correlated with a high level of fundamental rights protection in Europe, is a promising feature of the socalled “e-democracy” as a new way to collectively attribute meaning to large-scale online actions, motivations and ideas. (shrink)

Privacy concerns involving data mining are examined in terms of four questions: What exactly is data mining? How does data mining raise concerns for personal privacy? How do privacy concerns raised by data mining differ from those concerns introduced by traditional information-retrieval techniques in computer databases? How do privacy concerns raised by mining personal data from the Internet differ from those concerns introduced by mining such data from data warehouses? It is argued (...) that the practice of using data-mining techniques, whether on the Internet or in data warehouses, to gain information about persons raises privacy concerns that go beyond concerns introduced in traditional information-retrieval techniques in computer databases and are not covered by present data-protection guidelines and privacy laws. (shrink)

Recent algorithmic technologies have challenged law’s anthropocentric assumptions. In this article, we develop a set of theoretical tools drawn from new materialisms and the philosophy of information to unravel the complex intra-actions between law and computer code. Accordingly, we first propose a framework for understanding the enmeshing of law and code based on a diffractive reading of Barad’s agential realism and Simondon’s theory of information. We argue that once law and code are understood as material entities that intra-act (...) through in-formation, the concept of transduction allows us to trace how they push each other towards change. After developing the theoretical tools, we deploy them to make sense of how law and code have changed in response to increasing automation of decision-making and the appearance of unexplainable artificial intelligence (AI) code. Thus, we employ a case study to trace transformations of the right to explanation under the European data protection regulations. This provides the backdrop for our account of how law transduces into code (and vice versa) and a proving ground for our framework. (shrink)

This essay critically examines some classic philosophical and legal theories of privacy, organized into four categories: the nonintrusion, seclusion, limitation, and control theories of privacy. Although each theory includes one or more important insights regarding the concept of privacy, I argue that each falls short of providing an adequate account of privacy. I then examine and defend a theory of privacy that incorporates elements of the classic theories into one unified theory: the Restricted Access/Limited Control (RALC) theory of privacy. (...) Using an example involving data-mining technology on the Internet, I show how RALC can help us to frame an online privacy policy that is sufficiently comprehensive in scope to address a wide range of privacy concerns that arise in connection with computers and information technology. (shrink)

This book examines the role of the EU in ensuring privacy and data protection on the internet. It describes and demonstrates the importance of privacy and data protection for our democracies and how the enjoyment of these rights is challenged by, particularly, big data and mass surveillance. The book takes the perspective of the EU mandate under Article 16 TFEU. It analyses the contributions of the specific actors and roles within the EU framework: the judiciary, (...) the EU legislator, the independent supervisory authorities, the cooperation mechanisms of these authorities, as well as the EU as actor in the external domain. Article 16 TFEU enables the Court of the Justice of the EU to play its role as constitutional court and to set high standards for fundamental rights protection. It obliges the European Parliament and the Council to lay down legislation that encompasses all processing of personal data. It confirms control by independent supervisory authorities as an essential element of data protection and it gives the EU a strong mandate to act in the global arena. The analysis shows that EU powers can be successfully used in a legitimate and effective manner and that this subject could be a success story for the EU, in times of widespread euroskepsis. It demonstrates that the Member States remain important players in ensuring privacy and data protection. In order to be a success story, the key stakeholders should be prepared to go the extra mile, so it is argued in the book. The book is based on academic research for which the author received a double doctorate at the University of Amsterdam and the Vrije Universiteit Brussels. It builds on a long inside experience within the European institutions, as well as within the community of data protection and data protection authorities. It is a must read in a time where the setting of EU privacy and data protection is changing dramatically, not only as a result of the rapidly evolving information society, but also because of important legal developments such as the entry into force of the General Data Protection Regulation. This book will appeal to all those who are in some way involved in making this regulation work. It will also appeal to people interested in the institutional framework of the European Union and in the role of the Union of promoting fundamental rights, also in the wider world.. (shrink)

This paper is aimed to understand the state of the art and the resulting consequences of the legal framework in Europe, with regard to the protection of children's data. Especially when they interact with networked and robotic toys, like in 'My friend Cayla' case. In order to evaluate the practical implications of the use of IoT devices by children or teenager users, the first part of the paper presents an analysis of the international guiding principles of the (...) protection of minors, a category which enjoys a higher level of protection of their fundamental rights, due to their condition of lack of physical and psychological maturity. Secondly, the focus is moved upon the protection of personal data of children. Only after confronting previous data protection legal instruments and having compared them with the novelties set forth in General Data Protection Regulation, it is reasonable to assume that new provisions such as "privacy by design" principle, adequacy of security measures and codes of conduct, can support data controllers in ensuring compliance in the field of IoT toys. In conclusion, the paper supports a view of Data Protection Authorities as a relevant player in enhancing these renovated tools in order to achieve the protection of children's rights, as to ensure their substantial protection against the threats of the interconnected world. (shrink)

We all know that Google stores huge amounts of information about everyone who uses its search tools, that Amazon can recommend new books to us based on our past purchases, and that the U.S. government engaged in many data-mining activities during the Bush administration to acquire information about us, including involving telecommunications companies in monitoring our phone calls. Control over access to our bodies and to special places, like our homes, has traditionally been the focus of concerns (...) about privacy, but access to information about us is raising new challenges for those anxious to protect our privacy. In _Privacy Rights,_ Adam Moore adds informational privacy to physical and spatial privacy as fundamental to developing a general theory of privacy that is well grounded morally and legally. (shrink)

The concept of privacy as a basic human right which has to be protected by law is a recently adopted concept in Thailand, as the protection of human rights was only legally recognized by the National Human Rights Act in 1999. Moreover, along with other drafted legislation on computer crime, the law on privacy protection has not yet been enacted. The political reform and the influences of globalization have speeded up the process of westernization of the urban, educated (...) middle-class professionals. However, the strength of traditional Thai culture means that a mass awareness of the concept of privacy rights remains scarce. This paper explicates the Thai cultural perspective on privacy and discusses the influence of Buddhism on privacy rights, including the impacts of globalization and the influence of Western values on the country’s political and legal developments. The paper also discusses the legal provisions regarding privacy protection, and the debates on the smart ID cards policy and SIM cards registration for national security. (shrink)

This paper addresses the question of delegation of morality to a machine, through a consideration of whether or not non-humans can be considered to be moral. The aspect of morality under consideration here is protection of privacy. The topic is introduced through two cases where there was a failure in sharing and retaining personal data protected by UK data protection law, with tragic consequences. In some sense this can be regarded as a failure in the process (...) of delegating morality to a computer database. In the UK, the issues that these cases raise have resulted in legislation designed to protect children which allows for the creation of a huge database for children. Paradoxically, we have the situation where we failed to use digital data in enforcing the law to protect children, yet we may now rely heavily on digital technologies to care for children. I draw on the work of Floridi, Sanders, Collins, Kusch, Latour and Akrich, a spectrum of work stretching from philosophy to sociology of technology and the “seamless web” or “actor–network” approach to studies of technology. Intentionality is considered, but not deemed necessary for meaningful moral behaviour. Floridi’s and Sanders’ concept of “distributed morality” accords with the network of agency characterized by actor–network approaches. The paper concludes that enfranchizing non-humans, in the shape of computer databases of personal data, as moral agents is not necessarily problematic but a balance of delegation of morality must be made between human and non-human actors. (shrink)

The corona pandemic altered many traditional and historical norms of society and law. COVID-19 created a humanitarian crisis in some parts of globe, while pandemic privacy and civil liberties were under threat all over world. To combat the deadly virus, individual liberty and equality were compromised. This paper focuses on how India’s health problem has compromised people’s right to privacy. It will highlight how strict executive policies led to the creation of a massive surveillance system in the name of combating (...) the COVID-19 pandemic, as well as how the absence of any policy or legal framework led to the exclusion of individuals and their families who were suspected of having the virus or caring for those who were infected with the deadly virus. The paper uses case studies and data collected from primary as well as secondary sources. The authors will also point out how the absence of privacy regulation puts millions of citizens’ private information at risk of being compromised or exploited against their will. (shrink)

Rapid advances and exponential growth in computer and telecommunications technology have taken individual records and papers revealing the most intimate details of one’s life, habits, and genetic predisposition from the private sector into the public arena in derogation of privacy considerations. Although computerized medical information offers a means of streamlining and improving the health care delivery system through speed and enormous storage capacity, it also presents new challenges as it affects the right of privacy and expectation of confidentiality, creating (...) serious ethical and legal issues. Other considerations include constitutional matters such as loss of liberty when one is compelled to remain in an undesirable or unsuitable job so that insurance will not be canceled or the inability to secure another more suitable position due to genetic predisposition and denial of equal protection of the laws if one is stigmatized because one belongs to a certain ethnic or racial group that exhibits a particular genetic propensity. Collateral questions concern the propriety of disclosure of confidential health care information, including genetic data. This article also considers the proposed federal guidelines for a health information privacy law. (shrink)

Human biological tissue samples are an invaluable resource for biomedical research designed to find causes of diseases and their treatments. Controversy has arisen, however, when research has been conducted with laboratory specimens either without the consent of the source of the specimen or when the research conducted with the specimen has expanded beyond the scope of the original consent agreement. Moreover, disputes have arisen regarding which party, the researcher or the source of the specimen, has control over who may use (...) the specimens and for what purposes. The purposes of this article are: to summarize the most important litigation regarding the use of laboratory specimens, and to demonstrate how legal theory regarding control of laboratory specimens has evolved from arguments based upon property interests in biological samples to claims that the origins of laboratory specimens have privacy interests in their genetic information that should be protected. (shrink)

This Article takes the perspective of law and philosophy, integrating insights from computer science. First, I will argue that in the era of big data analytics we need an understanding of privacy that is capable of protecting what is uncountable, incalculable or incomputable about individual persons. To instigate this new dimension of the right to privacy, I expand previous work on the relational nature of privacy, and the productive indeterminacy of human identity it implies, into an ecological understanding of (...) privacy, taking into account the technological environment that mediates the constitution of human identity. Second, I will investigate how machine learning actually works, detecting a series of design choices that inform the accuracy of the outcome, each entailing trade-offs that determine the relevance, validity and reliability of the algorithm’s accuracy for real life problems. I argue that incomputability does not call for a rejection of machine learning per se but calls for a research design that enables those who will be affected by the algorithms to become involved and to learn how machines learn — resulting in a better understanding of their potential and limitations. A better understanding of the limitations that are inherent in machine learning will deflate some of the eschatological expectations, and provide for better decision-making about whether and if so how to implement machine learning in specific domains or contexts. I will highlight how a reliable research design aligns with purpose limitation as core to its methodological integrity. This Article, then, advocates a practice of “agonistic machine learning” that will contribute to responsible decisions about the integration of data-driven applications into our environments while simultaneously bringing them under the Rule of Law. This should also provide the best means to achieve effective protection against overdetermination of individuals by machine inferences. (shrink)

Telecommunications services are for long subject to privacy regulations. At stake are traditionally: privacy of the communication and the protection of traffic data. Privacy of the communication is legally founded. Traffic data subsume under the notion of data protection and are central in the discussion. The telecommunications environment is profoundly changing. The traditionally closed markets with closed networks change into an open market with open networks. Within these open networks more privacy sensitive data are (...) generated and have to be exchanged between growing numbers of parties. Also telecommunications and computer networks are rapidly being integrated and thus the distinction between telephony and computing disappears. Traditional telecommunications privacy regulations are revised to cover internet applications. In this paper telecommunications issues are recalled to aid the on-going debate. Cellular mobile phones have recently be introduced. Cellular networks process a particular category of traffic data namely location data, thereby introducing the issue of territorial privacy into the telecommunications domain. Location data are bound to be used for pervasive future services. Designs for future services are discussed and evaluated for their impact on privacy protection. (shrink)

In this article we examine the effectiveness of consent in data protection legislation. We argue that the current legal framework for consent, which has its basis in the idea of autonomous authorisation, does not work in practice. In practice the legal requirements for consent lead to ‘consent desensitisation’, undermining privacy protection and trust in data processing. In particular we argue that stricter legal requirements for giving and obtaining consent as proposed in the European (...) Data protection regulation will further weaken the effectiveness of the consent mechanism. Building on Miller and Wertheimer’s ‘Fair Transaction’ model of consent we will examine alternatives to explicit consent. (shrink)

An online world exists in which businesses have become burdened with managerial and legal duties regarding the seeking of informed consent and the protection of privacy and personal data, while growing public cynicism regarding personal data collection threatens the healthy development of marketing and e-commerce. This research seeks to address such cynicism by assisting organisations to devise ethical consent management processes that consider an individual’s attitudes, their subjective norms and their perceived sense of control during the (...) elicitation of consent. It does so by developing an original conceptual model for online informed consent, argued through logical reasoning, and supported by an illustrative example, which brings together the autonomous authorisation (AA) model of informed consent and the theory of planned behaviour (TPB). Accordingly, it constructs a model for online informed consent, rooted in the ethic of autonomy, which employs behavioural theory to facilitate a mode of consent elicitation that prioritises users’ interests and supports ethical information management and marketing practices. The model also introduces a novel concept, the informed attitude, which must be present for informed consent to be valid. It also reveals that, under certain tolerated conditions, it is possible for informed consent to be provided unwillingly and to remain valid: this has significant ethical, information management and marketing implications. (shrink)

Professor Vuori's paper, first presented at the fourth Medico-legal Conference in Prague in the spring of this year, deals with the problem of the maintenance of confidentiality in computerized health records. Although more and more information is required, the hardware of the computer systems is so sophisticated that it would be very expensive indeed to 'break in' and steal from a modern data bank. Those concerned with programming computers are becoming more aware of their responsibilities concerning confidentiality (...) and privacy, to the extent that a legal code of ethics for programmers is being formulated. They are also aware that the most sensitive of all relationships--the doctor-patient relationship--could be in danger if they failed to maintain high standards of integrity. An area of danger is where administrative boundaries between systems must be crossed--say between those of health and employment. Protection of privacy must be ensured by releasing full information about the type of data being stored, and by maintaining democratic control over the establishment of information systems. (shrink)

This book on privacy and data protection offers readers conceptual analysis as well as thoughtful discussion of issues, practices, and solutions. It features results of the seventh annual International Conference on Computers, Privacy, and Data Protection, CPDP 2014, held in Brussels January 2014. The book first examines profiling, a persistent core issue of data protection and privacy. It covers the emergence of profiling technologies, on-line behavioral tracking, and the impact of profiling on fundamental rights (...) and values. Next, the book looks at preventing privacy risks and harms through impact assessments. It contains discussions on the tools and methodologies for impact assessments as well as case studies. The book then goes on to cover the purported trade-off between privacy and security, ways to support privacy and data protection, and the controversial right to be forgotten, which offers individuals a means to oppose the often persistent digital memory of the web. Written during the process of the fundamental revision of the current EU data protection law by the Data Protection Package proposed by the European Commission, this interdisciplinary book presents both daring and prospective approaches. It will serve as an insightful resource for readers with an interest in privacy and data protection. (shrink)

In this article, we use the theory of Information Ethics to argue that deceased people have a prima facie moral right to privacy in the context of health data research, and that this should be reflected in regulation and guidelines. After death, people are no longer biological subjects but continue to exist as informational entities which can still be harmed/damaged. We find that while the instrumental value of recognising post-mortem privacy lies in the preservation of the social contract (...) for health research, its intrinsic value is grounded in respect for the dignity of the post-mortem informational entity. However, existing guidance on post-mortem data protection is available only in the context of genetic studies. In comparing the characteristics of genetic data and other health-related data, we identify two features of DNA often given as arguments for this genetic exceptionalism: relationality and embodiment. We use these concepts to show that at the appropriate Level of Abstraction, there is no morally relevant distinction between posthumous genetic and other health data. Thus, genetic data should not automatically receive special moral status after death. Instead we make a plea for ‘contextual exceptionalism’. Our analysis concludes by reflecting on a real-world case and providing suggestions for contextual factors that researchers and oversight bodies should take into account when designing and evaluating research projects with health data from deceased subjects. (shrink)

In this chapter, Macnish and Asgarinia introduce current thinking and debate around issues of privacy as these relate to the media. Starting with controversies over the definition of privacy, they consider what the content of privacy should be and why it is we consider privacy to be valuable. This latter includes the social implications of privacy and the only recently-recognised concept of group privacy, contrasting it with individual privacy, as well as legal implications arising through laws such as the (...) European Union’s General Data Protection Regulation, concerning the collection of personal data and data subjects’ rights. Finally they turn to specific instances of privacy consideration in the media. These include: -/- The use of telephoto lenses to take pictures of celebrities at a distance without those celebrities’ permission (and the related question as to what is a reasonable expectation of privacy when in a public place); -/- Sharing information on social media (and the related question of whether those who share their data on social networking sites care about their privacy), as well as the availability of data online to research, even though that data has not always been posted for the purposes of research; -/- The challenges posed by anonymity online, including the trade-off between free expression and offensive expression; -/- Hacking and the meaning of fishing expeditions as a practice by the media and exploring what, if anything, is wrong with these; -/- The implications of invading the privacy of politicians, both as a defence of democracy and as a threat to democracy. (shrink)

Since approval of the EU General Data Protection Regulation (GDPR) in 2016, it has been widely and repeatedly claimed that the GDPR will legally mandate a ‘right to explanation’ of all decisions made by automated or artificially intelligent algorithmic systems. This right to explanation is viewed as an ideal mechanism to enhance the accountability and transparency of automated decision-making. However, there are several reasons to doubt both the legal existence and the feasibility of such a right. In (...) contrast to the right to explanation of specific automated decisions claimed elsewhere, the GDPR only mandates that data subjects receive meaningful, but properly limited, information (Articles 13-15) about the logic involved, as well as the significance and the envisaged consequences of automated decision-making systems, what we term a ‘right to be informed’. Further, the ambiguity and limited scope of the ‘right not to be subject to automated decision-making’ contained in Article 22 (from which the alleged ‘right to explanation’ stems) raises questions over the protection actually afforded to data subjects. These problems show that the GDPR lacks precise language as well as explicit and well-defined rights and safeguards against automated decision-making, and therefore runs the risk of being toothless. We propose a number of legislative and policy steps that, if taken, may improve the transparency and accountability of automated decision-making when the GDPR comes into force in 2018. (shrink)

Profiling technologies are the facilitating force behind the vision of Ambient Intelligence in which everyday devices are connected and embedded with all kinds of smart characteristics enabling them to take decisions in order to serve our preferences without us being aware of it. These technological practices have considerable impact on the process by which our personhood takes shape and pose threats like discrimination and normalisation. The legal response to these developments should move away from a focus on entitlements to (...) personal data, towards making transparent and controlling the profiling process by which knowledge is produced from these data. The tendency in intellectual property law to commodify information embedded in software and profiles could counteract this shift to transparency and control. These rights obstruct the access and contestation of the design of the code that impacts one’s personhood. This triggers a political discussion about the public nature of this code and forces us to rethink the relations between property, privacy and personhood in the digital age. (shrink)

Profiling technologies are the facilitating force behind the vision of Ambient Intelligence in which everyday devices are connected and embedded with all kinds of smart characteristics enabling them to take decisions in order to serve our preferences without us being aware of it. These technological practices have considerable impact on the process by which our personhood takes shape and pose threats like discrimination and normalisation. The legal response to these developments should move away from a focus on entitlements to (...) personal data, towards making transparent and controlling the profiling process by which knowledge is produced from these data. The tendency in intellectual property law to commodify information embedded in software and profiles could counteract this shift to transparency and control. These rights obstruct the access and contestation of the design of the code that impacts one’s personhood. This triggers a political discussion about the public nature of this code and forces us to rethink the relations between property, privacy and personhood in the digital age. (shrink)

Clicks, comments, transactions, and physical movements are being increasingly recorded and analyzed by Big Data processors who use this information to trace the sentiment and activities of markets and voters. While the benefits of Big Data have received considerable attention, it is the potential social costs of practices associated with Big Data that are of interest to us in this paper. Prior research has investigated the impact of Big Data on individual privacy rights, however, there (...) is also growing recognition of its capacity to be mobilized for surveillance purposes. Our paper delineates the underlying issues of privacy and surveillance and presents them as in tension with one another. We postulate that efforts at controlling Big Data may create a trade-off of risks rather than an overall improvement in data protection. We explore this idea in relation to the principles of the European Union’s General Data Protection Regulation as it arguably embodies the new ‘gold standard’ of cyber-laws. We posit that safeguards advocated by the law, anonymization and pseudonymization, while representing effective counter measures to privacy concerns, also incentivize the use, collection, and trade of behavioral and other forms of de-identified data. We consider the legal status of these ownerless forms of data, arguing that data protection techniques such as anonymization and pseudonymization raise significant concerns over the ownership of behavioral data and its potential use in the large-scale modification of activities and choices made both on and offline. (shrink)

This study evaluated the online privacy policies of business-to-consumer e-commerce firms in five industries of mainland China, Taiwan, and Hong Kong. Based on the neo-institutional theory, we also tested whether the four institutional factors, top management’s legal education, managerial ethics, rule of law in information privacy protection and peer practices, had any effects on e-information and e-communication content. Results from a content analysis of 229 websites found that the privacy policy contents that complied with generally accepted (...) privacy standards were lesser in mainland China firms than those of Taiwan and Hong Kong firms. There were also significant differences in the amount of contents among the five industries. The results of regression analyses showed the importance of all four factors on e-information content. They also showed the importance of coercive, mimetic, and normative isomorphisms on e-information content. The validation of normative isomorphism highlighted the importance of managerial ethics and legal education. Our findings supplemented extant literature which identified economic motive as the main factor in influencing privacy practice disclosures. (shrink)

This paper undertakes a comparative legal study to analyze the challenges of privacy and personal data protection posed by Artificial Intelligence embedded in Robots, and to offer policy suggestions. After identifying the benefits from various AI usages and the risks posed by AI-related technologies, I then analyze legal frameworks and relevant discussions in the EU, USA, Canada, and Japan, and further consider the efforts of Privacy by Design originating in Ontario, Canada. While various AI usages provide (...) great convenience, many issues, including profiling, discriminatory decisions, lack of transparency, and impeding consent, have emerged. The unpredictability arising from the AI machine learning function poses further difficulties, which have only been partially addressed by legal frameworks in the aforementioned jurisdictions. However, analyzing the relevant discussions yielded several suggestions. The first priority is adopting PbD as the most flexible, soft-legal, and preferable approach toward AI-oriented issues. Implementing PbD will protect individual privacy and personal data without specific efforts, and achieve both the development of AI and the advancement of privacy and personal data protection. Technical measures that can adapt to an individual’s dynamic choices according to the “context” should be further developed. Furthermore, alternative technical measures, including those to solve the “algorithmic black box” or achieve differential privacy, warrant thorough examination. If AI surpasses human intelligence, a terminating function, such as a “kill switch” will be the last resort to preserve individual choice. Despite numerous difficulties, we must prepare for the coming AI-prevalent society by taking a flexible approach. (shrink)

Truly transforming the healthcare delivery and payment system turns on the ability to engage in the interoperable electronic exchange of patient health information across and beyond the care continuum. Achieving transformation requires a legal framework that supports information sharing with appropriate privacy and security protections and a trusted governance structure.

The paper has three parts. First, a survey and analysis is given ofthe structure of individual rights in the recent EU Directive ondata protection. It is argued that at the core of this structure isan unexplicated notion of what the data subject can `reasonablyexpect' concerning the further processing of information about himor herself. In the second part of the paper it is argued thattheories of privacy popular among philosophers are not able to shed much light on the (...) issues treated in the Directive, whichare, arguably, among the central problems pertaining to theprotection of individual rights in the information society. Inthe third part of the paper, some suggestions are made for a richerphilosophical theory of data protection and privacy. It is arguedthat this account is better suited to the task of characterizingthe central issues raised by the Directive. (shrink)

Since the 1970s and more rigorously since the 1990s, many countries have regulated data protection and privacy laws in order to ensure the safety and privacy of personal data. First, a comparison is made of different acts regarding genetic information that are in force in the EU, the USA, and China. In Turkey, changes were adopted only recently following intense debates. This study aims to explore the experts’ opinions on the regulations of the health information (...) systems, data security, privacy, and confidentiality in Turkey, with a particular focus on genetic data, which is more sensitive than other health data as it is a permanent identifier that is inherited to next of kin and shared with other family members. Two focus groups with 18 experts and stakeholders were conducted, discussing topics such as central data collection, legalized data sharing, and the management of genetic information in health information systems. The article concludes that the new Turkish personal data protection law is problematic as the frame of collectible data is wide-ranging, and the exceptions are extensive. Specific laws or articles dedicated to genetic data that also overlook the dimension of discrimination based on genetic differences in Turkey should be taken into consideration. In broader terms, it is intended to put up for discussion that in addition to ethical aspects, economic aspects and legal aspects of health should be included in the discussion to be carried out within the framework of socio-political analyses with culture-specific approaches and cross-culture boundaries simultaneously. (shrink)

This encyclopedia entry provides an introductory examination information communication technology (ICT) as a subject of moral, social, and legal analysis. The entry begins with a survey of philosophical perspectives on human-computer interaction such as the moral agency of artifacts, mediation theory, trans or posthumanism, and extension theory. The entry then turns to survey normative and epistemic issues in ICT including the nature of socially disruptive technology, the outsourcing of human capabilities, privacy, echo chambers, epistemic bubbles, and the effect (...) of ICTs on moral virtue and attention. (shrink)

In view of rapid and dramatic technological change, it is important to take the special requirements of privacy protection into account early on, because new technological systems often contain hidden dangers which are very difficult to overcome after the basic design has been worked out. So it makes all the more sense to identify and examine possible data protection problems when designing new technology and to incorporate privacy protection into the overall design, instead of having to (...) come up with laborious and time-consuming “patches” later on. This approach is known as “_Privacy by Design_” (PbD). (shrink)

Data analytics and data-driven approaches in Machine Learning are now among the most hailed computing technologies in many industrial domains. One major application is predictive analytics, which is used to predict sensitive attributes, future behavior, or cost, risk and utility functions associated with target groups or individuals based on large sets of behavioral and usage data. This paper stresses the severe ethical and data protection implications of predictive analytics if it is used to predict sensitive (...) information about single individuals or treat individuals differently based on the data many unrelated individuals provided. To tackle these concerns in an applied ethics, first, the paper introduces the concept of “predictive privacy” to formulate an ethical principle protecting individuals and groups against differential treatment based on Machine Learning and Big Data analytics. Secondly, it analyses the typical data processing cycle of predictive systems to provide a step-by-step discussion of ethical implications, locating occurrences of predictive privacy violations. Thirdly, the paper sheds light on what is qualitatively new in the way predictive analytics challenges ethical principles such as human dignity and the (liberal) notion of individual privacy. These new challenges arise when predictive systems transform statistical inferences, which provide knowledge about the cohort of training data donors, into individual predictions, thereby crossing what I call the “prediction gap”. Finally, the paper summarizes that data protection in the age of predictive analytics is a collective matter as we face situations where an individual’s (or group’s) privacy is violated using dataotherindividuals provide about themselves, possibly even anonymously. (shrink)

For more than thirty years an extensive and significant philosophical debate about the notion of privacy has been going on. Therefore it seems puzzling that most current authors on information technology and privacy assume that all individuals intuitively know why privacy is important. This assumption allows privacy to be seen as a liberal “nice to have” value: something that can easily be discarded in the face of other really important matters like national security, the doing of justice and the (...) effective administration of the state and the corporation. In this paper I want to argue that there is something fundamental in the notion of privacy and that due to the profoundness of the notion it merits extraordinary measures of protection and overt support. I will also argue that the notion of transparency (as advocated by Wasserstrom) is a useless concept without privacy and that accountability and transparency can only be meaningful if encapsulated in the context of privacy. From philosophical and legal literature I will discuss and argue the value of privacy as the essential context and foundation of human autonomy in social relationships. In the conclusion of the paper I will discuss implications of this notion of privacy for the information society in general, and for the discipline of information systems in particular. (shrink)

Genetics is a biomedical science that investigates heredity, variability, occurrence of genetic diseases and their prevention. Genetic science has many fields of science, which deal with different genetic processes, methods, aspects and fields of application. The genetic research in Europe related to the individual as the main subject of the research is exposed to a wide range of ethical and legal issues. From the developments in genetic science other sciences have evolved, thanks to which the modern world is able (...) to protect the genetic information of data, and to receive the sanction while ignoring the laws of such data. However, many problems still persist in the field of protection of personal genetic information, such as regulatory standards, the inviolability of an individual, the assurance of freedom and privacy of information. This manuscript attempts to reveal the main aspects of genetic human data protection, to research conduct regulations, ethics and issues related to the protection of individuals, such as protection of privacy, discrimination, confidentiality, etc. The article mainly focuses on the Conventions and Protocols elaborated by the Council of Europe because of its role in bioethics and focus on human rights. The author examined the documents such as the Convention on Human Rights and Biomedicine, the Additional Protocol to the Convention on Human Rights and Biomedicine concerning Biomedical Research, Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and others. Genetic discrimination is strictly forbidden by international conventions and declarations, which means that discrimination on the grounds of personal genetic information (diseases, abnormalities) is not possible in all areas, including employment and insurance. However, individuals face some problems in getting a job due to the publicity and information disclosure to their employers, or in increasing the amount of insurance premiums. However, the disclosure of genetic information may have relevant, statutory consequences and the victims may apply to court for defending these rights. It is essential to protect genetic rights, as any form of discrimination against a person on the grounds of their genetic heritage is prohibited and intervention in the health field or disclosure of such information is only possible after the person concerned has given their free and informed consent. (shrink)

Contemporary privacy theories and European discussions about data protection employ the notion of ‘personal information’ to designate their areas of concern. The notion of personal information is demarcated from non-personal information—or just information—indicating that we are dealing with a specific kind of information. However, within privacy scholarship the notion of personal information appears undertheorized, rendering the concept somewhat unclear. We argue that in an age of datafication, protection of personal information (...) and privacy is crucial, making the understanding of what is meant by ‘personal information’ more important than ever. To contribute to this aim, we analyse the conception of personal information and its nature, including the distinction between personal and non-personal information from a philosophy of language perspective. Through analyses of aboutness and relative aboutness we point to challenges related to the demarcation between personal and non-personal information, which may in practice lead to all information being personal. (shrink)

An introductory message from Peter Hustinx, European Data Protection Supervisor, delivered at Privacy by Design: The Definitive Workshop. This presentation looks back at the origins of Privacy by Design, notably the publication of the first report on “Privacy Enhancing Technologies” by a joint team of the Information and Privacy Commissioner of Ontario, Canada and the Dutch Data Protection Authority in 1995. It looks ahead and adresses the question of how the promises of these concepts could (...) be delivered in practice. (shrink)

BackgroundData processing of health research databases often requires a Data Protection Impact Assessment to evaluate the severity of the risk and the appropriateness of measures taken to comply with the European Union General Data Protection Regulation. We aimed to define and apply a comprehensive method for the evaluation of privacy, data governance and ethics among research networks involved in the EU Project Bridge Health.MethodsComputerised survey among associated partners of main EU Consortia, using a targeted instrument (...) designed by the principal investigator and progressively refined in collaboration with an international advisory panel. Descriptive measures using the percentage of adoption of privacy, data governance and ethical principles as main endpoints were used for the analysis and interpretation of the results.ResultsA total of 15 centres provided relevant information on the processing of sensitive data from 10 European countries. Major areas of concern were noted for: data linkage, access and accuracy of personal data and anonymisation procedures. A high variability was noted in the application of privacy principles.ConclusionsA comprehensive methodology of Privacy and Ethics Impact and Performance Assessment was successfully applied at international level. The method can help implementing the GDPR and expanding the scope of Data Protection Impact Assessment, so that the public benefit of the secondary use of health data could be well balanced with the respect of personal privacy. (shrink)