NUDGE: IMPROVING DECISIONS ABOUT HEALTH, WEALTH, AND HAPPINESS by Richard H. Thaler and Cass R. Sunstein Penguin Books, 2009, 312 pp, ISBN 978-0-14-311526-7This book is best described formally as a general explanation of and advocacy for libertarian paternalism, a term coined by the authors in earlier publications. Informally, it is about how leaders, systems, organizations, and governments can nudge people to do the things the nudgers want and need done for the betterment of the nudgees, or of society. It is paternalism in the sense that "it is legitimate for choice architects to try to influence people's behavior in order to make their lives longer, healthier, and better", (p. 5) It is libertarian in that "people should be free to do what they like - and to opt out of undesirable arrangements if they want to do so", (p. 5) The built-in possibility of opting out or making a different choice preserves freedom of choice even though people's behavior has been influenced by the nature of the presentation of the information or by the structure of the decisionmaking system. I had never heard of libertarian paternalism before reading this book, and I now find it fascinating.Written for a general audience, this book contains mostly social and behavioral science theory and models, but there is considerable discussion of structure and process that has roots in mathematical and quantitative modeling. One of the main applications of this social system is economic choice in investing, selecting and purchasing products and services, systems of taxes, banking (mortgages, borrowing, savings), and retirement systems. Other quantitative social choice systems discussed include environmental effects, health care plans, gambling, and organ donations. Softer issues that are also subject to a nudge-based approach are marriage, education, eating, drinking, smoking, influence, spread of information, and politics. There is something in this book for everyone.The basis for this libertarian paternalism concept is in the social theory called "science of choice", the study of the design and implementation of influence systems on various kinds of people. The terms Econs and Humans, are used to refer to people with either considerable or little rational decision-making talent, respectively. The various libertarian paternalism concepts and systems presented are tested and compared in light of these two types of people. Two foundational issues that this book has in common with another book, Network of Echoes: Imitation, Innovation and Invisible Leaders, that was also reviewed for this issue of the Journal are that 1 ) there are two modes of thinking (or components of the brain) - an automatic (intuitive) process and a reflective (rational) process and 2) the need for conformity and the desire for imitation are powerful forces in human behavior. …

Nudge: Improving Decisions about Health, Wealth, and Happiness

This is the first chapter of the book 'Improving Privacy Protection in the area of Behavioural Targeting.' The book, based on the author's PhD dissertation, discusses how European law could improve privacy protection in the area of behavioural targeting. Behavioural targeting, also referred to as online profiling, involves monitoring people’s online behaviour, and using the collected information to show people individually targeted advertisements. To protect privacy in the area of behavioural targeting, the EU lawmaker mainly relies on the consent requirement for the use of tracking technologies in the e-Privacy Directive, and on general data protection law. With informed consent requirements, the law aims to empower people to make choices in their best interests. But behavioural studies cast doubt on the effectiveness of the empowerment approach as a privacy protection measure. Many people click “I agree” to any statement that is presented to them. Therefore, to mitigate privacy problems such as chilling effects, this study argues for a combined approach of protecting and empowering the individual. Compared to the current approach, the lawmaker should focus more on protecting people.

Improving Privacy Protection in the Area of Behavioural Targeting

Fostering data sharing is a scientific and ethical imperative. Health gains can be achieved more comprehensively and quickly by combining large, information-rich datasets from across conventionally siloed disciplines and geographic areas. While collaboration for data sharing is increasingly embraced by policymakers and the international biomedical community, we lack a common ethical and legal framework to connect regulators, funders, consortia, and research projects so as to facilitate genomic and clinical data linkage, global science collaboration, and responsible research conduct. Governance tools can be used to responsibly steer the sharing of data for proper stewardship of research discovery, genomics research resources, and their clinical applications. In this article, we propose that an international code of conduct be designed to enable global genomic and clinical data sharing for biomedical research. To give this proposed code universal application and accountability, however, we propose to position it within a human rights framework. This proposition is not without precedent: international treaties have long recognized that everyone has a right to the benefits of scientific progress and its applications, and a right to the protection of the moral and material interests resulting from scientific productions. It is time to apply these twin rights to internationally collaborative genomic and clinical data sharing.

/pdf/a-human-rights-approach-to-an-international-code-of-conduct-3e2mrj1ufc.pdf

A human rights approach to an international code of conduct for genomic and clinical data sharing.

Big Data and security policies:: Towards a framework for regulating the phases of analytics and use of Big Data

The authors analyze innovations in data processing as a result of developments such as 'big data' and the 'Internet of Things' and discuss why these developments undermine the effectiveness and legitimacy of the current as well as upcoming EU data protection regime, thereby focusing on the private sector. The authors undertake a detailed analysis of key data processing principles used in the European data protection regime (purpose limitation, informational self-determination and data quality) and argue that due to social trends and technological developments the principle of purpose limitation should be abandoned as a separate criterion. Also, other principles (such as consent and the performance of an agreement) should no longer be recognised as independent legal grounds to legitimize data processing. The authors propose, instead, a test based on whether there is a legitimate interest for data collection and processing (as well as further processing) of data. The authors argue that such a test will provide for a more effective data protection regime that will have more legitimacy than the assessment under the existing legal regime that is primarily based on the purposes for which data may be collected and further used. Based on their analysis, the authors develop a framework to be used by companies as the principal (and only) test for the whole life cycle of personal data processing (collection, use, further use and destruction of data). This test has been drafted in such a way that it enables companies to comply with the new requirements under the upcoming EU General Data Protection Regulation, that will become effective in 2018. The authors conclude their analysis with proposals to increase the (effectiveness of) enforcement of the data protection rules

Privacy for the Homo digitalis: Proposal for a new regulatory framework for data protection in the light of big data and the internet of things

† Discusses the key concepts of the provision for applicability of EU data protection laws to nonEU websites and provides for a uniform interpretation thereof based on the legislative history of the Directive. † Discusses the differences in the manner in which the applicability rule is implemented in the Member States and the resulting divergent interpretations by the national Data Protection Authorities.

/pdf/the-long-arm-of-eu-data-protection-law-does-the-data-nytzte0qwo.pdf

The Long Arm of EU Data Protection Law: Does the Data Protection Directive Apply to Processing of Personal Data of EU citizens by Websites Worldwide?

The author analyzes innovations in data processing and discusses what the impact of these developments is on individuals and society. She discusses what the role is of data protection in these developments as well as four privacy paradoxes, and how to best regulate the complex relationship between IT and society going forward. Her conclusion is that the technical innovations and social trends undermine the effectiveness and legitimacy of both the current as well as upcoming EU data protection regime. The author argues that the principle of purpose limitation should be abandoned as a separate criterion. Also, other principles (such as consent and the performance of an agreement) should no longer be recognised as independent legal grounds to legitimize data processing. The author proposes, instead, a test based on whether there is a legitimate interest for data collection and processing (as well as further processing) of data and lists concrete suggestions for improvement of the EU General Data Protection Regulation.

/pdf/big-data-protection-how-to-make-the-draft-eu-regulation-on-206einbd77.pdf

Big Data Protection. How to Make the Draft EU Regulation on Data Protection Future Proof

1. Introduction 2. Binding Corporate Rules: An Overview 3. The Worldwide Data Protection Regulatory Landscape 4. Trends and Developments in the Legal Landscape 5. Trends and Developments in Multinational Corporate Practice 6. Implementation of Self-Regulation 7. BCR and Contract Law 8. BCR and EU Rules of Private International Law 9. BCR and the 'Accountability Principle' 10. BCR as a Form of Transnational Private Regulation 11. BCR and Corporate Social Responsibility 12. Conclusion Appendix I: Overview of Recommendations to EU legislators Appendix II: BCR for Employee Data Appendix III: BCR for Customer Data

Binding Corporate Rules: Corporate Self-Regulation of Global Data Transfers

† Discusses the key concepts of the main default rule for the applicability of EU data protection law, and provides for a uniform interpretation thereof based on the legislative history of the Data Protection Directive. † Discusses the differences in the manner in which the rules on applicability are implemented in the Member States and the resulting divergent interpretations by the national Data Protection Authorities. † Evaluates the present position of the Article 29 Working Party in the SWIFT opinion (which seems contrary to the legislative history of the Directive). † Recommends that the European legislator revise the applicability regime of the Directive.

Lokke Moerel

Papers

Privacy for the Homo digitalis: Proposal for a new regulatory framework for data protection in the light of big data and the internet of things

The Long Arm of EU Data Protection Law: Does the Data Protection Directive Apply to Processing of Personal Data of EU citizens by Websites Worldwide?

Big Data Protection. How to Make the Draft EU Regulation on Data Protection Future Proof

Binding Corporate Rules: Corporate Self-Regulation of Global Data Transfers

Back to basics: when does EU data protection law apply?