Top

Published in:

2021 | OriginalPaper | Chapter

The Right to Customization: Conceptualizing the Right to Repair for Informational Privacy

Authors : Aurelia Tamò-Larrieux, Zaira Zihlmann, Kimberly Garcia, Simon Mayer

Published in: Privacy Technologies and Policy

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Terms of use of a digital service are often framed in a binary way: Either one agrees to the service provider's data processing practices, and is granted access to the service, or one does not, and is denied the service. Many scholars have lamented these ‘take-it-or-leave-it’ situations, as this goes against the ideals of data protection law. To address this inadequacy, computer scientists and legal scholars have tried to come up with approaches to enable more privacy-friendly products and services. In this article, we call for a right to customize the processing of user data. Our arguments build upon technology-driven approaches as well as on the ideals of privacy by design and the now codified data protection by design and default norm within the General Data Protection Regulation. In addition, we draw upon the right to repair that is propagated to empower consumers and enable a more circular economy. We propose two technologically-oriented approaches, termed ‘variants’ and ‘alternatives’ that could enable the technical implementation of a right to customization. We posit that these approaches cannot be demanded without limitation, and that restrictions will depend on how reasonable a customization demand is.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

next chapter A Case Study on the Implementation of the Right of Access in Privacy Dashboards

https://www.w3.org/TR/P3P/.

https://www.w3.org/TR/P3P11/.

https://www.w3.org/TR/tracking-dnt/.

https://news.ycombinator.com/item?id=16110570.

https://globalprivacycontrol.org/.

E.g., the service https://bitsabout.me/ in Switzerland.

E.g., European Parliament report on a longer lifetime for products ((2016/2272(INI)) <https://www.europarl.europa.eu/doceo/document/A-8-2017-0214_EN.html>; European Parliament resolution of 31 May 2018 on the implementation of the Ecodesign Directive (2009/125/EC) (2017/2087(INI)) <https://www.europarl.europa.eu/doceo/document/TA-8-2018-0241_EN.html>; European Parliament, towards a more sustainable single market for business and consumers (2020/2021(INI)) <https://www.europarl.europa.eu/doceo/document/TA-9-2020-0318_EN.pdf>.

European Commission, Communication from the Commission, The European Green Deal (COM/2019/640 final) <https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:52019DC0640&from=EN>.

Directive (EU) 2019/771 of the European Parliament and of the Council of 20 May 2019 on certain aspects concerning contracts for the sale of goods, amending Regulation (EU) 2017/2394 and Directive 2009/22/EC, and repealing Directive 1999/44/EC (Text with EEA relevance) OJ L 136, 22.5.2019, p. 28–50.

https://faq.whatsapp.com/general/security-and-privacy/answering-your-questions-about-whatsapps-privacy-policy (last access 29.01.2021).

https://www.w3.org/wiki/WebAccessControl.

https://dpvcg.github.io/dpv/.

Council of the European Union, Draft regulation concerning respect for private life and the protection of personal data in electronic communications and repealing directive 2002/58/EC (regulation on privacy and electronic communications) – Council mandate<https://data.consilium.europa.eu/doc/document/ST-6087-2021-INIT/en/pdf>.

Abadi, M., et al.: Deep learning with differential privacy. In: Proceedings of the ACM SIGSAC Conference on Computer and Communications Security, pp. 308–318. Association for Computing Machinery (2016)

Acquisti, A., Brandimarte, L., Loewenstein, G.: Privacy and human behavior in the age of information. Science 347(6221), 509–514 (2015)CrossRef

Agrawal, N., Binns, R., Van Kleek, M., Laine, K., Shadbolt, N.: Exploring design and governance challenges in the development of privacy-preserving computation. arXiv preprint arXiv:2101.08048 (2021)

Article 29 Working Party: WP29 Opinion 15/2011 on the definition of consent (WP 187) (2011). https://ec.europa.eu/justice/article-29/documentation/opinion-recommendation/files/2011/wp187_en.pdf

Berliner Beauftragte für Datenschutz und Informationsfreiheit: Berliner Datenschutzbeauftragte verhängt Bussgeld gegen Immobiliengesellschaft, 5 November 2019 (2019). https://www.datenschutz-berlin.de/fileadmin/user_upload/pdf/pressemitteilungen/2019/20191105-PM-Bussgeld_DW.pdf

Bietti, E.: Consent as a free pass: platform power and the limits of the informational turn. Pace Law Rev. 40, 307–397 (2020)

Bizer, C., Heath, T., Berners-Lee, T.: Linked data: the story so far. In: Semantic Services, Interoperability and Web Applications: Emerging Concepts, pp. 205–227. IGI global (2011)

Borgesius, F., Kruikemeier, S., Boerman, S., Helberger, N.: Tracking walls, take-it-or-leave-it choices, the GDPR, and the ePrivacy regulation. Eur. Data Protect. Law Rev. 3, 353–368 (2017)CrossRef

Brownsword, R.: Consent in data protection law: privacy, fair processing and confidentiality. In: Gutwirth, S., Poullet, Y., de Hert, P., de Terwangne, C., Nouwt, S. (eds.) Reinventing Data Protection?, pp. 83–110. Springer, Dordrecht (2009). https://doi.org/10.1007/978-1-4020-9498-9_4CrossRef

10.

Burkert, H.: Privacy-enhancing technologies: typology, critique, vision. In: Agre, P., Rotenberg, M. (eds.) Technology and Privacy: The New Landscape, pp. 126–143. MIT Press, Boston (1997)

11.

Buyle, R., et al.: Streamlining governmental processes by putting citizens in control of their personal data. In: Chugunov, A., Khodachek, I., Misnikov, Y., Trutnev, D. (eds.) EGOSE. CCIS, vol. 1135, pp. 346–359. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-39296-3_26CrossRef

12.

Bygrave, L.A.: Hardwiring privacy. In: Brownsword, R., Scotford, E., Yeung, K. (eds.) The Oxford Handbook of Law, Regulation, and Technology, pp. 754–775. Oxford University Press, Oxford (2017)

13.

Bygrave, L.A.: Privacy-enhancing technologies: caught between a rock and a hard place. Priv. Law Policy Rep. 9, 135–137 (2002)

14.

Bygrave, L.A.: Article 25 data protection by design and by default. In: Kuner, C., Bygrave, L.A., Dockyes, C. (eds.) The EU General Data Protection Regulation (GDPR): A Commentary, pp. 571–581. Oxford University Press, Oxford (2020)

15.

Carolan, E.: The continuing problems with online consent under the EU’s emerging data protection principles. Comput. Law Secur. Rev. 32(3), 462–473 (2016)CrossRef

16.

Cavoukian, A.: Privacy by design: the 7 foundational principles, August 2009 (2011). https://www.ipc.on.ca/wp-content/uploads/Resources/7foundationalprinciples.pdf

17.

Choi, H., Park, J., Jung, Y.: The role of privacy fatigue in online privacy behavior. Comput. Hum. Behav. 81, 42–51 (2018)CrossRef

18.

Clifford, D., Graef, I., Valcke, P.: Pre-formulated declarations of data subject consent: citizen-consumer empowerment and the alignment of data, consumer and competition law protections. German Law J. 20(5), 679–721 (2019)CrossRef

19.

Custers, B., Dechesne, F., Pieters, W., Schermer, B., van der Hof, S.: Consent and privacy. In: Müller, A., Schaber, P. (eds.) The Routledge Handbook of the Ethics of Consent, pp. 247–258. Routledge, London (2018)CrossRef

20.

Custers, B.: Click here to consent forever: Expiry dates for informed consent. Big Data Soc. 3(1), 1–6 (2016)CrossRef

21.

Danezis, G., et al.: Privacy and data protection by design - from policy to engineering, European Union Agency for network and information security, ENISA, 12 January 2015 (2014). www.enisa.europa.eu/activities/identity-and-trust/library/deliverables/privacy-and-data-protection-by-design

22.

Datatilsynet: Advance notification of an administrative fine, 20/02136-5, 24 January 2021 (2021). https://www.datatilsynet.no/contentassets/da7652d0c072493c84a4c7af506cf293/advance-notification-of-an-administrative-fine.pdf

23.

De Hert, P., Papakonstantinou, V.: The new general data protection regulation: still a sound system for the protection of individuals? Comput. Law Secur. Rev. 32(2), 179–194 (2016)CrossRef

24.

De Hert, P., Papakonstantinou, V., Malgieri, G., Beslay, L., Sanchez, I.: The right to data portability in the GDPR: towards user-centric interoperability of digital services. Comput. Law Secur. Rev. 34(2), 193–203 (2018)CrossRef

25.

De Montjoye, Y.A., Shmueli, E., Wang, S.S., Pentland, A.S.: OpenPDS: protecting the privacy of metadata through safeanswers. PloS One 9(7), e98790 (2014)CrossRef

26.

De Oliveira Rodrigues, C.M., de Freitas, F.L.G., Spósito Barreiros, E.F., de Azevedo, R.R., de Almeida Filho, A.T.: Legal ontologies over time: a systematic mapping study. Expert Syst. Appl. 130, 12–30 (2019)

27.

Diker Vanberg, A.: The right to data portability in the GDPR: what lessons can be learned from the EU experience? J. Internet Law 21, 11–19 (2018)

28.

Edenberg, E., Jones, M.L.: Analyzing the legal roots and moral core of digital consent. New Media Soc. 21, 1804–1823 (2019)CrossRef

29.

Efroni, Z., Metzger, J., Mischau, L., Schirmbeck, M.: Privacy icons: a risk-based approach to visualisation of data processing. Eur. Data Protect. Law Rev. 5(3), 352–366 (2019)CrossRef

30.

European Commission: Circular Economy Action Plan: For a cleaner and more competitive Europe (2020). https://ec.europa.eu/environment/circular-economy/pdf/new_circular_economy_action_plan.pdf

31.

European Data Protection Board (EDPB): Guidelines 4/2019 on Article 25 Data Protection by Design and by Default (2019). https://edpb.europa.eu/sites/edpb/files/consultation/edpb_guidelines_201904_dataprotection_by_design_and_by_default.pdf

32.

European Union Agency for Fundamental Rights (FRA): Freedom to conduct a business: exploring the dimensions of a fundamental right (2015). https://fra.europa.eu/sites/default/files/fra_uploads/fra-2015-freedom-conduct-business_en.pdf

33.

Garcia, K., Zihlmann, Z., Mayer, S., Tamo-Larrieux, A.: Towards privacy-friendly smart products. Manuscript submitted for publication (2021). https://www.alexandria.unisg.ch/262898/

34.

Graef, I.: The opportunities and limits of data portability for stimulating competition and innovation. Compet. Policy Int. - Antitrust Chronicle 2, 1–8 (2020). https://pure.uvt.nl/ws/portalfiles/portal/45777953/CPI_Graef_data_portability.pdf

35.

Gray, C., Santos, C., Bielova, N., Toth, M., Clifford, D.: Dark patterns and the legal requirements of consent banners: an interaction criticism perspective. arXiv preprint arXiv:2009.10194 (2020)

36.

Grinvald, L.C., Tur-Sinai, O.: Intellectual property law and the right to repair. Fordham Law Rev. 88(1), 64–128 (2019)

37.

Gürses, S., Troncoso, C., Diaz, C.: Engineering privacy by design. In: Fourth Conference on Computers, Privacy and Data Protection, 25–27 January 2011 (2011). www.cosic.esat.kuleuven.be/publications/article-1542.pdf

38.

Hartzog, W.: Privacy’s Blueprint the Battle to Control the Design of New Technologies. Harvard University Press, Cambridge (2018)CrossRef

39.

Hern, A.: WhatsApp loses millions of users after terms update. The Guardian, 24 January 2021 (2021). https://www.theguardian.com/technology/2021/jan/24/whatsapp-loses-millions-of-users-after-terms-update

40.

Hernandez, R., Miranda, C., Goñi, J.: Empowering sustainable consumption by giving back to consumers the ‘right to repair’. Sustainability 12(3), 850 (2020)CrossRef

41.

Janal, R.: Data portability - a tale of two concepts. JIPITEC 8, 59–69 (2017)

42.

Jasmontaite, L., Kamara, I., Zanfir-Fortuna, G., Leucci, S.: Data protection by design and by default: framing guiding principles into legal obligations in the GDPR. Eur. Data Protect. Law Rev. 4, 168–189 (2018)CrossRef

43.

Johnston, S.F.: The technological fix as social cure-all: origins and implications. IEEE Technol. Soc. Mag. 37, 47–54 (2018)CrossRef

44.

Kokolakis, S.: Privacy attitudes and privacy behaviour: a review of current research on the privacy paradox phenomenon. Comput. Secur. 64, 122–134 (2017)CrossRef

45.

Koops, B.-J.: The trouble with european data protection law. Int. Data Priv. Law 4(4), 250–261 (2014)CrossRef

46.

Koops, B.-J., Leenes, R.: Privacy regulation cannot be hardcoded. A critical comment on the ‘privacy by design’ provision in data-protection law. Int. Rev. Law Comput. Technol. 28, 159–171 (2014)CrossRef

47.

Kosta, E.: Consent in European Data Protection Law. Martinus Nijhoff Publishers, Leiden (2013)CrossRef

48.

Kostova, B., Gürses, S., Troncoso, C.: Privacy engineering meets software engineering. On the challenges of engineering privacy by design. arXiv preprint arXiv:2007.08613 (2020).

49.

Kotschy, W.: Article 6 lawfulness of processing. In: Kuner, C., Bygrave, L.A., Dockyes, C. (eds.) The EU General Data Protection Regulation (GDPR): A Commentary, pp. 321–344. Oxford University Press, Oxford (2020)

50.

Lutz, C., Hoffmann, C.P., Ranzini, G.: Data capitalism and the user: an exploration of privacy cynicism in Germany. New Media Soc. 22(7), 1168–1187 (2020)CrossRef

51.

Mathur, A., et al.: Dark patterns at scale. In: Proceedings of the ACM on Human-Computer Interaction, pp. 1–32. arXiv preprint arXiv:1907.07032 (2019)

52.

McDonald, A.M., Cranor, L.F.: The cost of reading privacy policies. I/S J. Law Policy Inf. Soc. 4, 540–565 (2008)

53.

Montello, S.: The right to repair and the corporate stranglehold over the consumer: profits over people. Tulane J. Technol. Intellect. Prop. 22, 165–184 (2020)

54.

Morais Carvalho, J.: Sale of goods and supply of digital content and digital services – overview of directives 2019/770 and 2019/771. SSRN (2019). https://ssrn.com/abstract=3428550

55.

Mourey, J.A., Waldman, A.E.: Past the privacy paradox: the importance of privacy changes as a function of control and complexity. J. Assoc. Consum. Res. 5(2), 162–180 (2020)CrossRef

56.

Norberg, P.A., Horne, D.R., Horne, D.A.: The privacy paradox: personal information disclosure intentions versus behaviors. J. Consum. Affairs 41, 100–126 (2007)CrossRef

57.

Norwegian Forbrukerrådet: Deceived by design: How tech companies use dark patterns to discourage us from exercising our rights to privacy (2018). https://fil.forbrukerradet.no/wp-content/uploads/2018/06/2018-06-27-deceived-by-design-final.pdf

58.

Nouwens, M., Liccardi, I., Veale, M., Karger, D., Kagal, L.: Dark patterns after the GDPR: scraping consent pop-ups and demonstrating their influence. In: Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems, pp. 1–13. arXiv preprint arXiv:2001.02479 (2020)

59.

Raynes-Goldie, K.: Aliases, creeping, and wall cleaning: understanding privacy in the age of Facebook. First Monday 15(1) (2010). https://firstmonday.org/ojs/index.php/fm/article/view/2775

60.

Reda, J., Selinger, J.: Article’s 17’s impact on freedom to conduct a business - part 2, Kluwer Copyright Blog, 21 January 2021 (2021). https://copyrightblog.kluweriplaw.com/2021/01/19/article-17s-impact-on-freedom-to-conduct-a-business-part-2/

61.

Rosa-Aquino, P.: Fix, or toss? The ‘right to repair’ movement gains ground. New York Times, 23 October 2020 (2020). https://www.nytimes.com/2020/10/23/climate/right-to-repair.html

62.

Rubinstein, I., Good, N.: The trouble with Article 25 (and how to fix it): the future of data protection by design and default. Int. Data Priv. Law 10(1), 37–56 (2020)CrossRef

63.

Šajn, N.: Consumers and repairs of products, Briefing of European Parliamentary Research Service (2019). https://www.europarl.europa.eu/RegData/etudes/BRIE/2019/640158/EPRS_BRI(2019)640158_EN.pdf

64.

Sambra, A.V., et al.: Solid: a platform for decentralized social applications based on linked data. MIT CSAIL & Qatar Computing Research Institute, Techical report (2016).

65.

Schartum, D.: Making privacy by design operative. Int. J. Law Inf. Technol. 24, 151–175 (2016)CrossRef

66.

Schaub, F., Balebako, R., Durity, A., Cranor, L.: A Design space for effective privacy notices. In: Selinger, E., Polonetsky, J., Tene, O. (eds.) The Cambridge Handbook of Consumer Privacy, pp. 365–393. Cambridge University Press, Cambridge (2018)CrossRef

67.

Schermer, B., Custers, B., van der Hof, S.: The crisis of consent: how stronger legal protection may lead to weaker consent in data protection. Ethics Inf. Technol. 16(2), 171–182 (2014). https://doi.org/10.1007/s10676-014-9343-8CrossRef

68.

Schiffner, S., et al.: Towards a roadmap for privacy technologies and the general data protection regulation: a transatlantic initiative. In: Medina, M., Mitrakas, A., Rannenberg, K., Schweighofer, E., Tsouroulas, N. (eds.) APF. LNCS, vol. 11079, pp. 24–42. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-02547-2_2CrossRef

69.

Simonite, T.: Lawmakers take aim at insidious digital ‘dark patterns’. WIRED, 29 January 2021. https://www.wired.com/story/lawmakers-take-aim-insidious-digital-dark-patterns/

70.

Solove, D.J.: Privacy self-management and the consent dilemma. Harv. Law Rev. 126, 1880–1903 (2013)

71.

Solove, D.J.: The Myth of the Privacy Paradox. George Washington Law Rev. 89, 1–42 (2021)

72.

Svensson, S., Richter, J.L., Maitre-Ekern, E., Pihlajarinne, T., Maigret, A., Dalhammer, C.: The emerging ‘right to repair’ legislation in the EU and the U.S. Paper presented at Going Green CARE Innovation (2018). https://portal.research.lu.se/portal/files/63585584/Svensson_et_al._Going_Green_CARE_INNOVATION_2018_PREPRINT.pdf

73.

Tamò-Larrieux, A.: Designing for Privacy and Its Legal Framework: Data Protection by Design and Default for the Internet of Things. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-98624-1CrossRef

74.

Tamò-Larrieux, A., Mayer, S., Zihlmann, Z.: Softcoding not hardcoding privacy. Workshop Paper Presented at the Digital Legal Talks (2020). https://www.alexandria.unisg.ch/cgi/users/home?screen=EPrint::View&eprintid=262254#t

75.

Teletrust and ENISA: IT Security Act (Germany) and EU General Data Protection Regulation: Guideline “state of the art” technical and organisational measures (2020). https://www.teletrust.de/fileadmin/docs/fachgruppen/ag-stand-der-technik/2020-10_TeleTrusT_Guideline_State_of_the_art_in_IT_security_EN.pdf

76.

The Royal Society: Protecting privacy in practice: the current use, development and limits of privacy enhancing technologies in data analysis. Technical report. The Royal Society (2019)

77.

Utz, C., Degeling, M., Fahl, S., Schaub, F., Holz, T.: (Un)informed consent: studying GDPR consent notices in the field. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security (CCS 2019), pp. 973–990 (2019)

78.

Vanberg, A., Ünver, M.: The right to data portability in the GDPR and EU competition law: odd couple or dynamic duo? Eur. J. Law Technol. 8(1), 1–22 (2017)

79.

Van Hoboken, J.V.J.: Privacy disconnect. In: Human Rights in the Age of Platforms, pp. 255–284. The MIT Press, Cambridge (2019)

80.

Veltri, G.A., Ivchenko, A.: The impact of different forms of cognitive scarcity on online privacy disclosure. Comput. Hum. Behav. 73, 238–246 (2017)CrossRef

81.

Waldman, A.E.: Cognitive biases, dark patterns, and the ‘privacy paradox.’ Curr. Opin. Psychol. 31, 105–109 (2020)CrossRef

Title: The Right to Customization: Conceptualizing the Right to Repair for Informational Privacy
Authors: Aurelia Tamò-Larrieux
Zaira Zihlmann
Kimberly Garcia
Simon Mayer
Publisher: Springer International Publishing
Book: Privacy Technologies and Policy
Print ISBN: 978-3-030-76662-7

Electronic ISBN: 978-3-030-76663-4

Copyright Year: 2021
DOI: https://doi.org/10.1007/978-3-030-76663-4_1

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner