scispace - formally typeset
Search or ask a question
Journal ArticleDOI

Nobody puts data in a corner? Why a new approach to categorising personal data is required for the obligation to inform

Emma Cradock1, Sophie Stalla-Bourdillon1, David E. Millard1
University of Southampton1
01 Apr 2017-Computer Law & Security Review (Elsevier Advanced Technology)-Vol. 33, Iss: 2, pp 142-158
TL;DR: It is posits that in clarifying the law, a new approach to categorising personal data is required to achieve the benefits of categorisation and increase the transparency of personal data processing for data subjects.
About: This article is published in Computer Law & Security Review.The article was published on 2017-04-01 and is currently open access. It has received 18 citations till now. The article focuses on the topics: Data Protection Act 1998 & Obligation.

Summary (7 min read)

Jump to: [1. Transparency and the obligation to inform][1 REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL][2 The benefits of categorising personal data][2.1 Benefits from knowing the category][2.2 Benefits from using categories as anchors for further information][2.3 Summary][3.1 The Data Protection Directive][3.1.1 Further uncertainty under the Data Protection Directive][3.2 The Article 29 Working Party Guidance][3.3 The United Kingdom Data Protection Act][3.4 The General Data Protection Regulation][3.5 The UK Information Commissioner’s Office Guidance][3.6 Summary][4 How to categorise personal data?][4.1 What is a category of personal data?][62 REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL][4.2 Are any of these categorisations useful?][4.2.1 Categorising personal data in relation to identifiability][4.2.2 Categorising in relation to sensitivity][4.2.3 Other categorisations, data types and taxonomies][4.2.4 Categorising in relation to the manner in which the data originated][4.3 IP addresses][4.4 How does Google handle this?] and [5 Conclusion]

1. Transparency and the obligation to inform

  • ‘Transparency’ has always been a key principle of the European Union (EU) data protection framework, but its importance has been made explicit under the new General Data Protection Regulation (GDPR)1.
  • The GDPR replaces Directive 95/46/EC (DPD)2 as the main instrument of data protection regulation within the EU.

1 REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

  • Where there is no choice, the information helps data subjects: understand what is happening with their personal data; enforce their data protection rights (when necessary)12; and detect any unlawful, or questionable practices.
  • //ico.org.uk/media/for-organisations/data-protection-reform/overview-of-the-gdpr-1-0.pdf> accessed 29 September 2016 6 Mistale Taylor ‘Safeguarding the Right to Data Protection in the EU, 30th and 31st October 2014, Paris, France’ [2015], also known as <https.
  • In its role of redressing the balance of information between data subjects and data controllers, it is the task of the ‘obligation to inform’ to reverse this presumption, and require that data controllers provide information to individuals that makes what personal data is being collected and processed transparent.
  • This article begins by highlighting the benefits of categorising personal data.

2 The benefits of categorising personal data

  • The purpose of creating categories in relation to any phenomena is to reduce the number of discriminations in the world, so that each individual thing does not have a separate label18.
  • Given the purposes of categorisation in general, in theory, an appropriate categorisation of personal data could provide a number of benefits, increasing the transparency of personal data 14 As defined by the OECD Expert Roundtable (see supra), ‘Observed’ data is personal data that is observed by others and recorded in a digital format e.g. cookie data or sensor data.
  • ‘Inferred Data’ are the product of probability-based analytic processes.

2.1 Benefits from knowing the category

  • Appropriately categorising personal data and knowing the category can: Enable an assessment of the risk involved in the processing.
  • Understanding the differences between categories of personal data allows for an assessment of the different risks involved in their processing.
  • Inform an assessment of the appropriate technical and organisational measures that should be in place to ensure security.
  • One of the key criticisms of the manifestation of the obligation to inform is that it generally results in long and complicated privacy notices, which are never read21.

2.2 Benefits from using categories as anchors for further information

  • There are also benefits of categorisation that can be realised by appropriately categorising personal data and then using the categories as an anchor, to which further information can be attached.
  • Further information that can be provided includes: Further information about processing.
  • Thus, first specifying the categories of personal data processed then allows other information such as ‘time limits for erasure’ to be attached to them.
  • Appropriate categorisation could be used for this purpose.

2.3 Summary

  • It can enable an assessment of the risk involved in the processing; dictate appropriate technical and organisational measures; and inform decisions on whether a secondary purpose is compatible.
  • Where different rights or obligations apply to different categories it also allows the data subject to assess compliance of the data controller in light of their applicable obligations when they are informed of the categories processed.
  • Given these benefits, and the goal of transparency being to enable data subjects to identify organisations that are compliant who can be trusted with their personal data23, it would seem logical that there would be a consistent and robust approach to categorising personal data under the obligation to inform.
  • It would also seem logical that there would be a requirement that the subject must always be informed of the category or categories of personal data being processed.
  • This last point is especially so, as other stakeholders such as data controllers and supervisory authorities are seen to need (and be entitled to) this information.

3.1 The Data Protection Directive

  • Article 10 governs cases of collection from the data subject, and Article 11 governs cases where the data is not obtained from the data subject.
  • 23 Information Commissioner’s Office, ‘Overview of the General Data Protection Regulation (GDPR)’.
  • Whereas, Article 11(c) DPD includes an example that when information is obtained ‘not from the data subject’, they may need to be informed of the ‘the categories of data concerned’.
  • Moreover, even if there were, it would depend on the circumstances in which it was deemed necessary as to how far this obligation would extend.

3.1.1 Further uncertainty under the Data Protection Directive

  • Further uncertainty arises under the DPD when considering whether it is Article 10 or Article 11 DPD that applies.
  • The obligation to inform distinguishes between situations where the data is ‘collected from the data subject’ (Article 10 DPD) and where the data is ‘obtained not from the data subject’ (Article 11 DPD).
  • This confusion is also true for data that is ‘inferred’ or ‘derived’.
  • Therefore, it is not always clear which Article the data controller’s processing activities are governed by, making it unclear exactly what their obligations are.

3.2 The Article 29 Working Party Guidance

  • And whether, data controllers need to inform individuals of the ‘categories of data concerned’, the Article 29 Working Party27 (WP) has repeatedly referred to a need for data controllers to be informing individuals of the 25 OECD Working Party On Security And Privacy In The Digital Economy ‘Protecting Privacy in a Datadriven Economy: Taking Stock of Current Thinking’.
  • //ec.europa.eu/justice/data-protection/article-29/documentation/opinionrecommendation/files/2013/wp202_en.pdf> accessed 29 May 2016 32 European Commission, ‘First report on the implementation of the Data Protection Directive (95/46/EC)’, also known as <http.
  • Therefore, it would seem logical that to create transparency, this obligation should be extended to all online processing, and at least, to any other scenarios where this reasoning applies.
  • Second, like the hard law of the DPD, instead of constantly referring to this as a requirement to inform an individual of the ‘categories’ of personal data processed, the WP has used inconsistent terms in its guidance.

3.3 The United Kingdom Data Protection Act

  • Of course, the nature of the DPD (as a Directive) meant that it had to be implemented into each EU Member State’s (MS) national law.
  • Thus, examining these implementations could provide some clarity here.
  • The UK implemented the DPD through the Data Protection Act 199836 (DPA) and the Article 10 and 34Article 29 Data Protection Working Party ‘Opinion 02/2013 on apps and smart devices’.
  • This is an important difference, as it was these examples that suggested that ‘any further information necessary’ might differ depending on whether data is obtained from the data subject or elsewhere under the DPD.
  • Even more importantly, it was these examples that indicated that informing data subjects of the ‘categories of data concerned’ might even be a requirement at all.

3.4 The General Data Protection Regulation

  • Whilst confusing, in some ways it can be seen as quite logical that the WP might be inferring something not stated explicitly within the DPD.
  • It is therefore not surprising that the DPD also reflects the presumption that data is collected from individuals with some degree of involvement or awareness.
  • Yet, despite this, the GDPR still does list the categories of personal data as something data subjects may need to be informed of when personal data is obtained from them.
  • This seems completely at odds with the WP’s guidance, which has repeatedly referred to Article 10 DPD when inferring this requirement.
  • The European Parliament Committee on Civil Liberties, Justice and Home Affairs (LIBE) rapporteur’s draft report on amendments to the Commission’s proposed GDPR39, suggested in Amendment 126 to insert ‘(aa) category of data processed’ into the (then) Article 14(1) GDPR (now Article 13(1) GDPR).

3.5 The UK Information Commissioner’s Office Guidance

  • Guidance from the UK’s Information Commissioner’s Office (ICO) only creates further confusion.
  • The Code states that to cover all the elements of fairness, an 40 European Parliament Committee on Civil Liberties, Justice and Home Affairs, ‘Report on the proposal for a regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data’.
  • Interestingly, on the matter of which Article applies to the processing, in relation to the GDPR, the latest version of the ICO Code states that ‘there are also some differences in what you are required to provide, depending on whether you are collecting the information directly from data subjects or from a third party’51.
  • Thus, although the new version of the Code has made some improvement on the previous version by acknowledging this as an information requirement, it is still unclear when exactly a data controller should inform the individual of the ‘categories’ of personal data processed and what this consists of.

3.6 Summary

  • Accessed 20 October 2016 Commission, Parliament, nor Council chose to follow the WP’s guidance in its entirety.
  • Whilst the GDPR has contributed some definitive clarification here, it will still be unclear whether data controllers ever have to inform data subjects of the categories of personal data processed when personal data is obtained from them.

4 How to categorise personal data?

  • Understanding when a data controller is under an obligation to inform the data subject of the ‘categories’ of personal data is not the only issue that needs attention.
  • Even if the law was clarified, so that: (a) It was clear which Article data controllers processing practices were governed by; and (b) When they are required to provide the data subjects with the ‘categories of data concerned’ when collecting personal data from them (Article 13 GDPR and Article 10 DPD).
  • There is still the issue of exactly what a ‘category of personal data’ is in relation to the obligation to inform, and the question of whether any of the current approaches to categorising personal data provide meaningful information for the purposes of transparency.

4.1 What is a category of personal data?

  • Whilst it may initially seem obvious what a ‘category’ of personal data is for this obligation, upon further thought this is a valid question, the answer to which requires clarification.
  • Indeed, an informal roundtable discussion hosted by the OECD55, involving a cross-section of more than sixty- 54 European Commission ‘Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions - Online Platforms and the Digital Single Market Opportunities and Challenges for Europe (COM(2016)288)’.
  • The notion that ‘categorising’ personal data is the correct approach to describing the personal data that is processed under the obligation to inform comes from the hard law of the DPD and the GDPR.
  • Pages visited, how long users stay on each page Interactive Data N/A Queries to a search engine, or logs of account activity.

62 REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

  • The rise of the personal data store’63 N/A Data that identifies me Name, address N/A Data conferred by other parties Passport number, my credit reference rating N/A Information gathered by me Search and research results N/A Data generated by my dealings with other parties Transaction and interaction records).
  • Thus, with so many different approaches, even if the law were to be clarified so that a data controller could understand when they are under an obligation to inform the data subject of the categories of personal data they process, without further clarification, it is still unclear exactly what information they would need to be providing.

4.2 Are any of these categorisations useful?

  • In clarifying what a ‘category of personal data’ is for the purposes of the obligation to inform, it is important to consider whether any of these categorisations actually provide meaningful information that will increase the transparency of data processing for data subjects, allowing them to assess the compliance and trustworthiness of the data controller.
  • After all, this is the purpose of this obligation, 63 Mydex,‘The Case for Personal Information Empowerment: May 2016 and it is achieved by redressing the balance of information between the data subject and the data controller.
  • Whilst each of the categorisations in Table 1 have their use, they are not necessarily useful for making data processing practices more transparent on their own.
  • In doing so, it explains why each of these on their own are insufficient to increase the transparency of personal data processing to a level that equates the information available to subjects to that of data controllers, allowing them to assess compliance and trustworthiness of the controller.

4.2.1 Categorising personal data in relation to identifiability

  • Personal data can be categorised in relation to the degree of identifiability e.g. by distinguishing between identifying data, de-identified data, anonymous data and pseudonymous data.
  • Informing data subjects of which of these categories are processed may be useful for helping them ascertain when data protection laws apply.
  • To check whether the data controller is compliant, including whether security obligations are complied with, more information will be required.
  • This approach alone does not help individuals understand exactly what is being collected or how it will be processed, to allow them to make subjective and granular decisions about these aspects.
  • Without this granularity, although data subjects may know when data protection laws apply, they will not be able to assess compliance.

4.2.2 Categorising in relation to sensitivity

  • Under the DPD and GDPR, the only categories of personal data that are clearly defined (as Table 1 shows) are the ‘special categories’.
  • Thus, when the example or requirement of being informed of the ‘categories of data’ is referred to under the obligation to inform, it could be interpreted that the requirement refers to informing the individual of whether ‘special categories’ of personal data are processed.
  • Indeed, distinguishing between ‘personal data’ and ‘sensitive personal data’ and informing individuals of which category a data controller processes could prove useful for data subjects.
  • Furthermore, being informed of these categories does not make it clear exactly what personal data is collected, but simply that how it is processed places it in a category of ‘sensitive’ or ‘special’ data.
  • Informing data subjects that a data controller processes ‘data revealing ethnic origin’ does not make it clear to the individual whether it is their provided ethnic origin is being processed for this purpose or whether, assumptions are being made on their name or residential status.

4.2.3 Other categorisations, data types and taxonomies

  • In providing a lower level of abstraction for ‘non-sensitive’ personal data, some of the other categorisations in Table 1, such as those of Leon et al64, P3P65, and the e-Privacy Directive66, could prove useful.
  • First, there is the issue of creating a taxonomy that is simultaneously able to: Accommodate new forms of personal data as new technologies emerge; Remain simple enough for data controllers and data subjects to comprehend; and A protocol allowing websites to declare their intended use of information they collect about web browser users.
  • This fails to make what might, and what is, going to be done with the personal data transparent.
  • Interestingly, combining this approach and the current approach to special categories discussed in Section 4.2.2 could prove useful here in making what is collected and what it is being processed to reveal transparent.

4.2.4 Categorising in relation to the manner in which the data originated

  • In relation to the last issue of focusing beyond the point of collection of the personal data alone, the categories produced by the OECD’s Privacy Expert Roundtable, of ‘provided’, ‘observed’, ‘derived’ and ‘inferred’ personal data74 could also prove useful.
  • They could be used to make the individual aware of whether the personal data collected will remain in that form, or whether it will be used to create or predict other personal data.
  • 72 Michal Kosinski, David Stillwell, Thore Graepel.
  • <http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2007/wp136_en.pdf> accessed 31 May 2016 74 World Economic Forum, ‘Rethinking Personal Data: A New Lens for Strengthening Trust’ <http://www3.weforum.org/docs/WEF_RethinkingPersonalData_ANewLens_Report_2014.pdf>.
  • Accessed 9 April 2016 individuals understand exactly what is being ‘observed’, ‘derived’ and ‘inferred’.

4.3 IP addresses

  • The example of IP Addresses75 highlights the need for a better approach to categorising personal data under the obligation to inform, one that encompasses the benefits of the individual approaches to categorisation.
  • Based on this location, predictions can then be made, and more personal data ‘inferred’ (possibly based on the personal data of other individuals who share that location).
  • A data controller could just be collecting a data subject’s IP address and doing nothing further with it.
  • Currently, using any of the approaches to categorisation analysed in this article alone would not make it clear simultaneously what is being collected, whether it will be processed further and the limits on how it will be processed.

4.4 How does Google handle this?

  • Of course, if despite the lack of clarity in the legal framework, data controllers were describing ‘categories of personal data’ in a way that makes data processing transparent, then these issues would not be as pressing.
  • The much larger amount of text under the latter heading alone, confirms that ‘Information you give us’ is merely the tip of the iceberg in relation to data collection.
  • First, it is not an exhaustive list of the types of information provided, as the words ‘this includes’ and ‘for example’ (among others to the same effect) within this list confirm.
  • Therefore, in practice data subjects are not being provided with the information they need for their data processing to be transparent by data controllers.

5 Conclusion

  • This article has highlighted that despite the benefits of categorising personal data, a coherent and consistent approach to doing so under the obligation to inform has not emerged.
  • Ultimately, this uncertainty results in reduced transparency for data subjects and confusion for data controllers regarding their legal obligations, defeating the purpose of the obligation to inform.
  • This article highlights these issues and calls for clarification on them.
  • This article also posits that a new approach to categorising personal data is required, given the deficiencies of the current approaches in increasing transparency on their own.
  • Indeed, the recent version of the ICO ‘Privacy Notices Code of Practice’ states that ICO will consider producing further guidance on the obligation’s individual information requirements under the GDPR78.

Did you find this useful? Give us your feedback

Figures (1)
Citations
More filters
Double-blind peer-reviewed proceedings part II of the International Scientific Conference Hradec Economic Days 2018 : January 30-31, 2018, Hradec Králové, Czech Republic

[...]

Pavel Jedliĉka, Petra Mareŝová, Ivan Soukal
01 Jan 2018
TL;DR: In this article, the authors focused on identification of current role of social media in public marketing and analyzed the Facebook pages of 13 regions of the Czech Republic and analyzed five blocks of Kietzmann's honeycomb framework: identity, conversation, sharing, presence, and reputation.
Abstract: Social media has become a new phenomenon of the society, which significantly affects not individuals only, but also organizations, including public institutions. An article aims on identification of current role of social media in public marketing. Specifically, it focuses on the sample of 13 regions of the Czech Republic and analyzes Facebook pages of its regional authorities. The content analysis concentrates on five blocks (out of seven original ones) of Kietzmann ́s honeycomb framework: identity, conversation, sharing, presence, and reputation. Findings confirmed that all the regions have their Facebook page set up, one third of regions react on citizen ́s request up to few minutes, the other one third up to one day. Regional authorities regularly publish its posts (11 posts per week in average) and share their own content, mainly.

31 citations

Journal ArticleDOI
The Effects of Different Personal Data Categories on Information Privacy Concern and Disclosure

[...]

Hui Na Chua1, Jie Sheng Ooi1, Anthony Herbland2
Sunway University1, University of Hertfordshire2
01 Nov 2021-Computers & Security
TL;DR: The study provides new evidence of validated personal data categories and their significant differences in perceived information privacy concern and disclosure intention, and discovers that Age, Gender, and Working Industry, as demographic factors, have significant effects on disclosure intention associated with Tracking, Finance, Authenticating, and Medical-health information.

12 citations

Journal ArticleDOI
Privacy Engineering for Domestic IoT: Enabling Due Diligence.

[...]

Tom Lodge1, Andy Crabtree1
University of Nottingham1
10 Oct 2019-Sensors
TL;DR: A privacy-oriented, flow-based integrated development environment (IDE) for building domestic IoT applications that enables due diligence in helping developers reason about personal data during the actual in vivo construction of IoT applications is presented.
Abstract: The EU’s General Data Protection Regulation (GDPR) has recently come into effect and insofar as Internet of Things (IoT) applications touch EU citizens or their data, developers are obliged to exercise due diligence and ensure they undertake Data Protection by Design and Default (DPbD). GDPR mandates the use of Data Protection Impact Assessments (DPIAs) as a key heuristic enabling DPbD. However, research has shown that developers generally lack the competence needed to deal effectively with legal aspects of privacy management and that the difficulties of complying with regulation are likely to grow considerably. Privacy engineering seeks to shift the focus from interpreting texts and guidelines or consulting legal experts to embedding data protection within the development process itself. There are, however, few examples in practice. We present a privacy-oriented, flow-based integrated development environment (IDE) for building domestic IoT applications. The IDE enables due diligence in (a) helping developers reason about personal data during the actual in vivo construction of IoT applications; (b) advising developers as to whether or not the design choices they are making occasion the need for a DPIA; and (c) attaching and making available to others (including data processors, data controllers, data protection officers, users and supervisory authorities) specific privacy-related information that has arisen during an application’s development.

11 citations

Cites background from "Nobody puts data in a corner? Why a..."

  • ...[39] note that categorising personal data is one way of contextualising it and understanding its nature....

    [...]

  • ...There is considerable divergence across approaches and weaknesses in each [39]....

    [...]

Journal ArticleDOI
Exploring solutions to the privacy paradox in the context of e-assessment: informed consent revisited

[...]

Ekaterina Muravyeva1, José Janssen1, Marcus Specht2, Bart Custers3
Open University1, Delft University of Technology2, Leiden University3
24 Apr 2020-Ethics and Information Technology
TL;DR: A requirements analysis for informed consent from both a legal and usability perspective, considering the application context of educational assessment is presented, based on European Union (EU) law and a review of current practices.
Abstract: Personal data use is increasingly permeating our everyday life. Informed consent for personal data use is a central instrument for ensuring the protection of personal data. However, current informed consent practices often fail to actually inform data subjects about the use of personal data. This article presents the results of a requirements analysis for informed consent from both a legal and usability perspective, considering the application context of educational assessment. The requirements analysis is based on European Union (EU) law and a review of current practices. As the main outcome, the article presents a blueprint which will be the basis for the development of an informed consent template that supports data controllers in establishing an effective and efficient informed consent form. Because the blueprint, and subsequently, the template, distinguishes between legal and usability requirements, it also provides the basis for the mapping of legal requirements in other (non-European) contexts.

7 citations

Journal ArticleDOI
Technological innovation within the Spanish tax administration and data subjects' right to access: An opportunity knocks

[...]

Bernardo David Olivares Olivares
01 Dec 2017-Computer Law & Security Review
TL;DR: There are still difficulties related to the scope of this right, the establishment of proper storage criteria, and in the procedures used by the data controllers to provide accurate information to the data subjects, which highlights the necessity to incorporate such technological innovation as metadata labelling and automatic computerised procedures.

7 citations

References
More filters
Book
Cognition and Categorization

[...]

Eleanor Rosch, Barbara B. Lloyd
01 Dec 1978
TL;DR: This article found that the event name itself combined most readily with superordinate noun categories; thus, one gets dressed with clothes and needs various kitchen utensils to make breakfast, and when such activities were analyzed into their script elements, the basic level appeared as the level of abstraction of objects necessary to script the events.
Abstract: ion of those listed by the students? In general, we found that the event name itself combined most readily with superordinate noun categories; thus, one gets dressed with clothes and needs various kitchen utensils to make breakfast. When such activities were analyzed into their script elements, the basic level appeared as the level of abstraction of objects necessary to script the events; e.g., in getting dressed, one puts on pants, sweater, and shoes, and in making breakfast, one cooks eggs in a frying pan. With respect to prototypes, it appears to be those category members judged the more prototypical that have attributes that enable them to fit into the typical and agreed upon script elements. We are presently collecting normative data on the intersection of common events, the objects associated with those events and the other sets of events associated with those objects.2 In addition, object names for eliciting events are varied in level of abstraction and in known prototypicality in given categories. Initial results show a similar pattern to that obtained in the earlier research in which it was found that the more typical members of superordinate categories could replace the superordinate in sentence frames generated by subjects told to "make up a sentence" that used the superordinate (Rosch, 1977). That is, the task of using a given concrete noun in a sentence appears to be an indirect method of eliciting a statement about the events in which objects play a part; that indirect method showed clearly that prototypical category members are those that can play the role in events expected of members of that category. The use of deviant forms of object names in narratives accounts for several recently explored effects in the psychological literature. Substituting object names at other than the basic level within scripts results in obviously deviant descriptions. Substitution of superordinates produces just those types of narrative that Bransford and Johnson (1973) have claimed are not comprehended; for example, " The procedure is actually quite simple. First you arrange things into different groups. Of course, one pile may be sufficient [p. 400]." It should be noted in the present context that what Bransford and Johnson call context cues are actually names of basic-level events (e.g., washing clothes) and that one function of hearing the event name is to enable the reader to translate the superordinate terms into basic-level objects and actions. Such a translation appears to be a necessary aspect of our ability to match linguistic descriptions to world knowledge in a way that produces the "click of comprehension." On the other hand, substitution of subordinate terms for basic-level object names in scripts gives the effect of satire or snobbery. For example, a review ( Garis, 1975) of a pretentious novel accused of actually being about nothing more than brand-name snobbery concludes, "And so, after putting away my 10

3,080 citations

Journal ArticleDOI
Private traits and attributes are predictable from digital records of human behavior

[...]

Michal Kosinski1, David Stillwell1, Thore Graepel2
University of Cambridge1, Microsoft2
09 Apr 2013-Proceedings of the National Academy of Sciences of the United States of America
TL;DR: It is shown that easily accessible digital records of behavior, Facebook Likes, can be used to automatically and accurately predict a range of highly sensitive personal attributes including: sexual orientation, ethnicity, religious and political views, personality traits, intelligence, happiness, use of addictive substances, parental separation, age, and gender.
Abstract: We show that easily accessible digital records of behavior, Facebook Likes, can be used to automatically and accurately predict a range of highly sensitive personal attributes including: sexual orientation, ethnicity, religious and political views, personality traits, intelligence, happiness, use of addictive substances, parental separation, age, and gender. The analysis presented is based on a dataset of over 58,000 volunteers who provided their Facebook Likes, detailed demographic profiles, and the results of several psychometric tests. The proposed model uses dimensionality reduction for preprocessing the Likes data, which are then entered into logistic/linear regression to predict individual psychodemographic profiles from Likes. The model correctly discriminates between homosexual and heterosexual men in 88% of cases, African Americans and Caucasian Americans in 95% of cases, and between Democrat and Republican in 85% of cases. For the personality trait “Openness,” prediction accuracy is close to the test–retest accuracy of a standard personality test. We give examples of associations between attributes and Likes and discuss implications for online personalization and privacy.

2,232 citations

Journal ArticleDOI
Solutions to problematic polypharmacy: learning from the expertise of patients.

[...]

Joanne Reeve1, Michelle Dickenson1, Jim Harris, Ed Ranson1, Ulrica Dohnhammer1, Lucy Cooper1, Janet Krska2, Richard Byng3, Nicky Britten4 
University of Liverpool1, University of Kent2, University of Plymouth3, University of Exeter4
01 Jun 2015-British Journal of General Practice
TL;DR: The audience were invited to propose solutions to current concerns about overmedicalisation, treatment burden, and over- and under-diagnosis and two of the final eight proposals related to reducing prescribing.
Abstract: A lively debate in the final plenary at last year’s Royal College of General Practitioners (RCGP) Annual Primary Care Conference considered the provocation: ‘My Doctor Makes Me Sick — what can we do about it?’. The event was run by the Heseltine Institute for Public Policy & Practice at Liverpool University, in conjunction with Mersey Faculty and the RCGP. It followed on from a public debate ‘My doctor makes me sick’ held in Liverpool at the opening of the conference. The audience were invited to propose solutions to current concerns about overmedicalisation, treatment burden, and over- and under-diagnosis. Two of the final eight proposals related to reducing prescribing. GPs called for incentives not to use medicines and for deprescribing; both seen as necessary to support the individually-tailored care that GPs and patients1 seek. But GPs have described needing help in tailoring prescribing to individual needs, particularly when individual needs may appear to be at odds with the ‘ideal’ described by guidelines for best practice.2 So how can we help professionals and patients tackle a problem of perceived overprescribing and problematic polypharmacy?

419 citations

Proceedings ArticleDOI
What matters to users?: factors that affect users' willingness to share information with online advertisers

[...]

Pedro Giovanni Leon1, Blase Ur1, Yang Wang2, Manya Sleeper1, Rebecca Balebako1, Richard Shay1, Lujo Bauer1, Mihai Christodorescu3, Lorrie Faith Cranor1 
Carnegie Mellon University1, Syracuse University2, Qualcomm3
24 Jul 2013
TL;DR: The results of a 2,912-participant online study investigating how facets of privacy practices---data retention, access to collected data, and scope of use---affect users' willingness to allow the collection of behavioral data are presented.
Abstract: Much of the debate surrounding online behavioral advertising (OBA) has centered on how to provide users with notice and choice. An important element left unexplored is how advertising companies' privacy practices affect users' attitudes toward data sharing. We present the results of a 2,912-participant online study investigating how facets of privacy practices---data retention, access to collected data, and scope of use---affect users' willingness to allow the collection of behavioral data. We asked participants to visit a health website, explained OBA to them, and outlined policies governing data collection for OBA purposes. These policies varied by condition. We then asked participants about their willingness to permit the collection of 30 types of information. We identified classes of information that most participants would not share, as well as classes that nearly half of participants would share. More restrictive data-retention and scope-of-use policies increased participants' willingness to allow data collection. In contrast, whether the data was collected on a well-known site and whether users could review and modify their data had minimal impact. We discuss public policy implications and improvements to user interfaces to align with users' privacy preferences.

139 citations

Journal ArticleDOI
“Safeguarding the Right to Data Protection in the EU”, 30th and 31st October 2014, Paris, France

[...]

Mistale Taylor1
Utrecht University1
27 Feb 2015-Utrecht Journal of International and European Law
TL;DR: The conference "Safeguarding the right to Data Protection" as mentioned in this paper, held in Paris on 30th and 31st October 2014, looked at developments in EU data protection law with a focus on data protection as a fundamental right and discussed recent jurisprudence from the Court of Justice of the European Union (CJEU), the European Court of Human Rights (ECtHR), and national courts.
Abstract: This contribution is based on presentations and discussions at the conference “Safeguarding the Right to Data Protection”, held in Paris on the 30th and 31st October, 2014. Vladimir Marinescu, of the Academy of European Law (hereafter: ERA), in cooperation with the Cour de Cassation , organised the event. The conference looked at developments in EU data protection law with a focus on data protection as a fundamental right. Speakers discussed recent jurisprudence from the Court of Justice of the European Union (hereafter: CJEU or the Court), the European Court of Human Rights (hereafter: ECtHR) and national courts. The conference covered four main focus areas: EU data protection law; civil and criminal law aspects of data protection and the internet; data protection as a cornerstone of European fundamental rights protection; and data protection remedies. This contribution elaborates upon some of the most pertinent issues speakers discussed.

3 citations

Related Papers (5)
Keep System Status Visible: Impact of Notifications on the Perception of Personal Data Transparency

[...]

26 Jul 2019
Lucia Vilela Leite Filgueiras, Adriano da Silva Ferreira Leal, Thiago Adriano Coleti, Marcelo Morandini, Pedro Luiz Pizzigatti Corrêa, Solange N. Alves-Souza 
Towards A New Approach To The Legal Definition Of Personal Data And A Jurisdictional Model Of Data Protection Law: Surpassing The Requirement For An Assessment Of Identifiability From Data With An Effects-Based Approach

[...]

01 Nov 2017
Alison Knight
Trust and ethical data handling in the healthcare context

[...]

05 Jul 2017-Health technology
Robin Wilton
Big Data: Ethics and Law

[...]

01 Aug 2019-Social Science Research Network
Rainer Lenz
If Personal Information is Privacy's Gatekeeper, then Risk of Harm is the Key: A Proposed Method for Determining What Counts as Personal Information

[...]

01 Jul 2013-Social Science Research Network
Eloïse Gratton
Frequently Asked Questions (11)
Q1. What are the contributions in this paper?

The purpose of this obligation is to provide data subjects with information that allows them to assess the compliance and trustworthiness of the data controller. It is unclear what a ‘ category ’ of personal data is and when this information must be provided. This article highlights these issues and calls for clarification on them. 

As a rights-based, complaint-driven system6, the framework’s success is reliant upon data subjects enforcing their rights and keeping a check on data controllers. 

The purpose of creating categories in relation to any phenomena is to reduce the number of discriminations in the world, so that each individual thing does not have a separate label18. 

‘Derived data’ are data generated from other data, after which they become new data elements related to a particular individual e.g. a calculation of customer profitability based on the ration between number of visits and items bought. 

Ifpersonal data were appropriately divided into categories that allowed individuals to understand more about the personal data processing simply from knowing which category (or categories) were processed, this could reduce the amount of information currently required to create this understanding. 

Given the purposes of categorisation in general, in theory, an appropriate categorisation of personal data could provide a number of benefits, increasing the transparency of personal data14 As defined by the OECD Expert Roundtable (see supra), ‘Observed’ data is personal data that is observed by others and recorded in a digital format e.g. cookie data or sensor data. 

A key principle of the currentand future EU data protection framework is purpose limitation (Article 5(1)(b) GDPR and Article 6(1)(b) DPD). 

appropriately categorising personal data has the potential to reduce the amount of information that needs to be provided, removing a disincentive for engaging with this information. 

In particular, the increased importance of transparency is signified by the introduction of the words ‘and in a transparent manner’ to the end of the first data protection principle. 

In calling for clarification, the article examines the current approaches to categorisation and concludes that a new approach to categorising personal data is required, through which meaningful information that increases the transparency of data processing can be provided. 

One of the key criticisms of the manifestation of the obligation to inform is that it generally results in long and complicated privacy notices, which are never read21.