In this paper we explore the extent to which privacy enhancing technologies (PETs) could be effective in providing privacy to citizens. Rapid development of ubiquitous computing and ‘the internet of things’ are leading to Big Data and the application of Predictive Analytics, effectively merging the real world with cyberspace. The power of information technology is increasingly used to provide personalised services to citizens, leading to the availability of huge amounts of sensitive data about individuals, with potential and actual privacy-eroding effects. To protect the private sphere, deemed essential in a state of law, information and communication systems (ICTs) should meet the requirements laid down in numerous privacy regulations. Sensitive personal information may be captured by organizations, provided that the person providing the information consents to the information being gathered, and may only be used for the express purpose the information was gathered for. Any other use of information about persons without their consent is prohibited by law; notwithstanding legal exceptions. If regulations are properly translated into written code, they will be part of the outcomes of an ICT, and that ICT will therefore be privacy compliant. We conclude that privacy compliance in the ‘technological’ sense cannot meet citizens’ concerns completely, and should therefore be augmented by a conceptual model to make privacy impact assessments at the level of citizens’ lives possible.
DOCUMENT
In this project we take a look at the laws and regulations surrounding data collection using sensors in assistive technology and the literature on concerns of people about this technology. We also look into the Smart Teddy device and how it operates. An analysis required by the General Data Protection Regulation (GDPR) [5] will reveal the risks in terms of privacy and security in this project and how to mitigate them. https://nl.linkedin.com/in/haniers
MULTIFILE
According to Johnson & Grandison (2007), failure to safeguard privacy of users of services provided by private and governmental organisations, leaves individuals with the risk of exposure to a number of undesirable effects of information processing. Loss of control over information about a person may lead to fraud, identity theft, reputation damage, and may cause psychosocial consequences ranging from mild irritation, unease, social exclusion, physical harm or even, in extreme cases, death. Although pooh-poohed upon by some opinion leaders from search engine and ICT industries for over a decade (Sprenger, 1999; Esguerra, 2009), the debate in the wake of events like the tragic case of Amanda Todd could be interpreted as supporting a case for proper attention to citizens’ privacy. Truth be told, for a balanced discussion on privacy in the age of Facebook one should not turn towards the social media environment that seems to hail any new development in big data analysis and profiling-based marketing as a breathtaking innovation. If the myopic view of technology pundits is put aside, a remarkably lively debate on privacy and related issues may be discerned in both media and scientific communities alike. A quick keyword search on ‘privacy’, limited to the years 2000-2015, yields huge numbers of publications: Worldcat lists 19,240; Sciencedirect 52,566, IEEE explore 71,684 and Google scholar a staggering 1,880,000. This makes clear that privacy is still a concept considered relevant by both the general public and academic and professional audiences. Quite impressive for a subject area that has been declared ‘dead’.
MULTIFILE
Design and development practitioners such as those in game development often have difficulty comprehending and adhering to the European General Data Protection Regulation (GDPR), especially when designing in a private sensitive way. Inadequate understanding of how to apply the GDPR in the game development process can lead to one of two consequences: 1. inadvertently violating the GDPR with sizeable fines as potential penalties; or 2. avoiding the use of user data entirely. In this paper, we present our work on designing and evaluating the “GDPR Pitstop tool”, a gamified questionnaire developed to empower game developers and designers to increase legal awareness of GDPR laws in a relatable and accessible manner. The GDPR Pitstop tool was developed with a user-centered approach and in close contact with stakeholders, including practitioners from game development, legal experts and communication and design experts. Three design choices worked for this target group: 1. Careful crafting of the language of the questions; 2. a flexible structure; and 3. a playful design. By combining these three elements into the GDPR Pitstop tool, GDPR awareness within the gaming industry can be improved upon and game developers and designers can be empowered to use user data in a GDPR compliant manner. Additionally, this approach can be scaled to confront other tricky issues faced by design professionals such as privacy by design.
LINK
Following the rationale of the current EU legal framework protecting personal data, children are entitled to the same privacy and data protection rights as adults. However, the child, because of his physical and mental immaturity, needs special safeguards and care, including appropriate legal protection. In the online environment, children are less likely to make any checks or judgments before entering personal information. Therefore, this paper presents an analysis of the extent to which EU regulation can ensure children’s online privacy and data protection.
DOCUMENT
Op 25 mei 2018 moet bij organisaties de ingrijpend gewijzigde privacywet gevinggeïmplementeerd zijn. Veel contracten met leveranciers omvatten de verwerkingvan persoonsgegevens. Inkoopadviseur Gert Walhof en jurist Robert Grandiapresenteren een stappenplan om op tijd klaar te zijn voor de nieuwe regels.
DOCUMENT
Human rights groups are increasingly calling for the protection of their right to privacy in relation to the bulk surveillance and interception of their personal communications. Some are advocating through strategic litigation. This advocacy tool is often chosen when there is weak political or public support for an issue. Nonetheless, as a strategy it remains a question if a lawsuit is strategic in the context of establishing accountability for indiscriminate bulk data interception. The chapter concludes that from a legal perspective the effect of the decision to litigate on the basis of the claim that a collective right to group privacy was violated has not (yet) resulted in significant change. Yet the case study, the British case of human rights groups versus the intelligence agencies, does seem to suggest that they have been able to create more public awareness about mass surveillance and interception programs and its side-effects
LINK
The flexible deployment of drones in the public domain, is in this article assessed from a legal philosophical perspective. On the basis of theories of Dworkin and Moore the distinction between individual rights and collective security policy goals is discussed. Mobile cameras in the public domain reflect how innovative technological tools challenge public authorities in new ways to balance between privacy and security. Furthermore, the different dimensions of privacy and the distinction between the three types of the value of privacy are reviewed. On the basis of the case study of the Dutch Drones Act, the article concludes that the flexible deployment of mobile cameras in the public domain is not legitimate from a normative perspective. The legal safeguards in the Netherlands are insufficient to protect the value of privacy. Therefore, further restrictions such as prior judicial review should be considered.
LINK
Data collected from fitness trackers worn by employees could be very useful for businesses. The sharing of this data with employers is already a well-established practice in the United States, and companies in Europe are showing an interest in the introduction of such devices among their workforces. Our argument is that employers processing their employees’ fitness trackers data is unlikely to be lawful under the General Data Protection Regulation (GDPR). Wearable fitness trackers, such as Fitbit and AppleWatch devices, collate intimate data about the wearer’s location, sleep and heart rate. As a result, we consider that they not only represent a novel threat to the privacy and autonomy of the wearer, but that the data gathered constitutes ‘health data’ regulated by Article 9. Processing health data, including, in our view, fitness tracking data, is prohibited unless one of the specified conditions in the GDPR applies. After examining a number of legitimate bases which employers can rely on, we conclude that the data processing practices considered do not comply with the principle of lawfulness that is central to the GDPR regime. We suggest alternative schema by which wearable fitness trackers could be integrated into an organization to support healthy habits amongst employees, but in a manner that respects the data privacy of the individual wearer.
MULTIFILE
Real-time location systems (RTLS) can be implemented in aged care for monitoring persons with wandering behaviour and asset management. RTLS can help retrieve personal items and assistive technologies that when lost or misplaced may have serious financial, economic and practical implications. Various ethical questions arise during the design and implementation phases of RTLS. This study investigates the perspectives of various stakeholders on ethical questions regarding the use of RTLS for asset management in nursing homes. Three focus group sessions were conducted concerning the needs and wishes of (1) care professionals; (2) residents and their relatives; and (3) researchers and representatives of small and medium-sized enterprises (SMEs). The sessions were transcribed and analysed through a process of open, axial and selective coding. Ethical perspectives concerned the design of the system, the possibilities and functionalities of tracking, monitoring in general and the user-friendliness of the system. In addition, ethical concerns were expressed about security and responsibilities. The ethical perspectives differed per focus group. Aspects of privacy, the benefit of reduced search times, trust, responsibility, security and well-being were raised. The main focus of the carers and residents was on a reduced burden and privacy, whereas the SMEs stressed the potential for improving products and services. Original article at MDPI: https://doi.org/10.3390/info9040080
MULTIFILE
