Following the rationale of the current EU legal framework protecting personal data, children are entitled to the same privacy and data protection rights as adults. However, the child, because of his physical and mental immaturity, needs special safeguards and care, including appropriate legal protection. In the online environment, children are less likely to make any checks or judgments before entering personal information. Therefore, this paper presents an analysis of the extent to which EU regulation can ensure children’s online privacy and data protection.
DOCUMENT
Human rights groups are increasingly calling for the protection of their right to privacy in relation to the bulk surveillance and interception of their personal communications. Some are advocating through strategic litigation. This advocacy tool is often chosen when there is weak political or public support for an issue. Nonetheless, as a strategy it remains a question if a lawsuit is strategic in the context of establishing accountability for indiscriminate bulk data interception. The chapter concludes that from a legal perspective the effect of the decision to litigate on the basis of the claim that a collective right to group privacy was violated has not (yet) resulted in significant change. Yet the case study, the British case of human rights groups versus the intelligence agencies, does seem to suggest that they have been able to create more public awareness about mass surveillance and interception programs and its side-effects
LINK
In this project we take a look at the laws and regulations surrounding data collection using sensors in assistive technology and the literature on concerns of people about this technology. We also look into the Smart Teddy device and how it operates. An analysis required by the General Data Protection Regulation (GDPR) [5] will reveal the risks in terms of privacy and security in this project and how to mitigate them. https://nl.linkedin.com/in/haniers
MULTIFILE
Data collected from fitness trackers worn by employees could be very useful for businesses. The sharing of this data with employers is already a well-established practice in the United States, and companies in Europe are showing an interest in the introduction of such devices among their workforces. Our argument is that employers processing their employees’ fitness trackers data is unlikely to be lawful under the General Data Protection Regulation (GDPR). Wearable fitness trackers, such as Fitbit and AppleWatch devices, collate intimate data about the wearer’s location, sleep and heart rate. As a result, we consider that they not only represent a novel threat to the privacy and autonomy of the wearer, but that the data gathered constitutes ‘health data’ regulated by Article 9. Processing health data, including, in our view, fitness tracking data, is prohibited unless one of the specified conditions in the GDPR applies. After examining a number of legitimate bases which employers can rely on, we conclude that the data processing practices considered do not comply with the principle of lawfulness that is central to the GDPR regime. We suggest alternative schema by which wearable fitness trackers could be integrated into an organization to support healthy habits amongst employees, but in a manner that respects the data privacy of the individual wearer.
MULTIFILE
This paper argues online privacy controls are based on a transactional model of privacy, leading to a collective myth of consensual data practices. It proposes an alternative based on the notion of privacy coordination as an alternative vision and realizing this vision as a grand challenge in Ethical UX
DOCUMENT
Big data heeft niet alleen geleid tot uitdagende technische vraagstukken, ook gaat het gepaard met allerlei nieuwe ethische en morele kwesties. Om verantwoord met big data om te gaan, moet ook over deze kwesties worden nagedacht. Want slecht datagebruik kan nadelige gevolgen hebben voor grote groepen mensen en voor organisaties. In de slotaflevering van deze serie verkennen Klaas Jan Mollema en Niek van Antwerpen op een pragmatische manier de ethische kant van big data, zonder te blijven steken in de negatieve effecten ervan.
DOCUMENT
Design and development practitioners such as those in game development often have difficulty comprehending and adhering to the European General Data Protection Regulation (GDPR), especially when designing in a private sensitive way. Inadequate understanding of how to apply the GDPR in the game development process can lead to one of two consequences: 1. inadvertently violating the GDPR with sizeable fines as potential penalties; or 2. avoiding the use of user data entirely. In this paper, we present our work on designing and evaluating the “GDPR Pitstop tool”, a gamified questionnaire developed to empower game developers and designers to increase legal awareness of GDPR laws in a relatable and accessible manner. The GDPR Pitstop tool was developed with a user-centered approach and in close contact with stakeholders, including practitioners from game development, legal experts and communication and design experts. Three design choices worked for this target group: 1. Careful crafting of the language of the questions; 2. a flexible structure; and 3. a playful design. By combining these three elements into the GDPR Pitstop tool, GDPR awareness within the gaming industry can be improved upon and game developers and designers can be empowered to use user data in a GDPR compliant manner. Additionally, this approach can be scaled to confront other tricky issues faced by design professionals such as privacy by design.
LINK
In this paper we explore the extent to which privacy enhancing technologies (PETs) could be effective in providing privacy to citizens. Rapid development of ubiquitous computing and ‘the internet of things’ are leading to Big Data and the application of Predictive Analytics, effectively merging the real world with cyberspace. The power of information technology is increasingly used to provide personalised services to citizens, leading to the availability of huge amounts of sensitive data about individuals, with potential and actual privacy-eroding effects. To protect the private sphere, deemed essential in a state of law, information and communication systems (ICTs) should meet the requirements laid down in numerous privacy regulations. Sensitive personal information may be captured by organizations, provided that the person providing the information consents to the information being gathered, and may only be used for the express purpose the information was gathered for. Any other use of information about persons without their consent is prohibited by law; notwithstanding legal exceptions. If regulations are properly translated into written code, they will be part of the outcomes of an ICT, and that ICT will therefore be privacy compliant. We conclude that privacy compliance in the ‘technological’ sense cannot meet citizens’ concerns completely, and should therefore be augmented by a conceptual model to make privacy impact assessments at the level of citizens’ lives possible.
DOCUMENT
Smart speakers are heralded to make everyday life more convenient in households around the world. These voice-activated devices have become part of intimate domestic contexts in which users interact with platforms.This chapter presents a dualstudy investigating the privacy perceptions of smart speaker users and non-users. Data collected in in-depth interviews and focus groups with Dutch users and non-users show that they make sense of privacy risks through imagined sociotechnical affordances. Imagined affordances emerge with the interplay between user expectations, technologies, and designer intentions. Affordances like controllability, assistance, conversation, linkability, recordability, and locatability are associated with privacy considerations. Viewing this observation in the light of privacy calculus theory, we provide insights into how users’ positive experiences of the control over and assistance in the home offered by smart speakers outweighs privacy concerns. On the contrary, non-users reject the devices because of fears that recordability and locatability would breach the privacy of their homes by tapping data to platform companies. Our findings emphasize the dynamic nature of privacy calculus considerations and how these interact with imagined affordances; establishing a contrast between rational and emotional responses relating to smart speaker use.Emotions play a pivotal role in adoption considerations whereby respondents balance fears of unknown malicious actors against trust in platform companies.This study paves the way for further research that examines how surveillance in the home is becoming increasingly normalized by smart technologies.
DOCUMENT
Hoe meer data er beschikbaar komt, des te meer de beslissing verbeterd kan worden. Hoe beter (slimmer) de beslissing wordt gemaakt, des te meer waarde de beslissing heeft voor uw organisatie. Dit wordt het data-netwerk-effect genoemd. Vaak wordt het data-netwerk-effect gerealiseerd door het gebruik van data van onbewuste data-donoren. In dit artikel wordt een ander soort data-donor belicht: de bewuste data-donor.
LINK
