Showing papers by "Frederik Zuiderveen Borgesius published in 2018"

Online Political Microtargeting: Promises and Threats for Democracy

Abstract: Online political microtargeting involves monitoring people’s online behaviour, and using the collected data, sometimes enriched with other data, to show people-targeted political advertisements Online political microtargeting is widely used in the US; Europe may not be far behind This paper maps microtargeting’s promises and threats to democracy For example, microtargeting promises to optimise the match between the electorate’s concerns and political campaigns, and to boost campaign engagement and political participation But online microtargeting could also threaten democracy For instance, a political party could, misleadingly, present itself as a different one-issue party to different individuals And data collection for microtargeting raises privacy concerns We sketch possibilities for policymakers if they seek to regulate online political microtargeting We discuss which measures would be possible, while complying with the right to freedom of expression under the European Convention on Human Rights

Tracking Walls, Take-It-Or-Leave-It Choices, the GDPR, and the ePrivacy Regulation

Abstract: On the internet, we encounter take-it-or-leave-it choices regarding our privacy on a daily basis. In Europe, online tracking for targeted advertising generally requires the internet users’ consent to be lawful. Some websites use a tracking wall, a barrier that visitors can only pass if they consent to tracking by third parties. When confronted with such a tracking wall, many people click ‘I agree’ to tracking. A survey that we conducted shows that most people find tracking walls unfair and unacceptable. We analyse under which conditions the ePrivacy Directive and the General Data Protection Regulation allow tracking walls. We provide a list of circumstances to assess when a tracking wall makes consent invalid. We also explore how the EU lawmaker could regulate tracking walls, for instance in the ePrivacy Regulation. It should be seriously considered to ban tracking walls, at least in certain circumstances.

The European Union General Data Protection Regulation: What It Is And What It Means

Abstract: This paper introduces the strategic approach to regulating personal data and the normative foundations of the European Union’s General Data Protection Regulation (“GDPR”). The article is written for lawyers and academics from in- and outside the EU, whether privacy specialists or not. We explain the genesis of the GDPR, which is best understood as an extension and refinement of existing requirements imposed by the 1995 Data Protection Directive; describe the GDPR’s approach and provisions; and make predictions about the GDPR’s short and medium-term implications. We also highlight where the GDPR takes a different approach than U.S. privacy law. The GDPR is the most consequential regulatory development in information policy in a generation. The GDPR brings personal data into a detailed regulatory regime, not unlike an intellectual property regime, that will influence personal data usage worldwide. Understood properly, the GDPR encourages firms to develop information governance frameworks, to in-house data use, and to keep humans in the loop in decision making. Companies with direct relationships with consumers have strategic advantages under the GDPR, compared to third party advertising firms on the internet. To reach these objectives, the GDPR uses big sticks, structural elements that make proving violations easier, but only a few carrots. The GDPR will complicate and restrain some information-intensive business models. But the GDPR will also enable approaches previously impossible under less-protective approaches.

Privacy, Freedom of Expression, and the Right to Be Forgotten in Europe

Abstract: In this chapter, Stefan Kulk & Frederik Zuiderveen Borgesius discuss the relation between privacy and freedom of expression in Europe. In principle, the two rights have equal weight in Europe – which right prevails depends on the circumstances of a case. To illustrate the difficulties when balancing privacy and freedom of expression, the authors discuss the Google Spain judgment of the Court of Justice of the European Union, sometimes called the ‘right to be forgotten’ judgment. The court decided in Google Spain that people have, under certain conditions, the right to have search results for their name delisted. The authors discuss how Google and Data Protection Authorities deal with such delisting requests in practice. Delisting requests illustrate that balancing privacy and freedom of expression interests will always remain difficult.

The Right to Communications Confidentiality in Europe: Protecting Trust, Privacy, and Freedom of Expression

Abstract: In the European Union, the General Data Protection Regulation (GDPR) provides comprehensive rules for the processing of personal data. In addition, the EU lawmaker intends to adopt specific rules to protect confidentiality of communications, in a separate ePrivacy Regulation. Some have argued that there is no need for such additional rules for communications confidentiality. This paper discusses the protection of the right to confidentiality of communications in Europe. We look at the right’s origins as a fundamental right to assess the rationale for protecting the right. We also analyse how the right is currently protected under the European Convention on Human Rights and under EU law. We show that the right to communications confidentiality protects three values: trust in communication services, privacy, and freedom of expression. The right aims to ensure that individuals and businesses can safely entrust communication to service providers. Initially, the right protected only postal letters, but it has gradually developed into a strong safeguard for the protection of confidentiality of communications, regardless of the technology used. Hence, the right does not merely serve individual privacy interests, but also other interests that are crucial for the functioning of our information society. We conclude that separate EU rules to protect communications confidentiality, next to the GDPR, are justified and necessary to protect trust, privacy and freedom and expression.