Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Bücher
Zeitschriften
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
MTZ-Fachkongress

Antriebe und Energiesysteme von morgen


Austausch von Automobil- und Energiewirtschaft

Am 14./15. Mai geht es in Chemnitz um die Mobilitätswende durch Elektro- und Wasserstofffahrzeuge.
Erweiterte Suche
Anmelden
nach oben

2018 | Buch

Setting the Stage Kapitel lesen Erstes Kapitel lesen

Designing for Privacy and its Legal Framework

Data Protection by Design and Default for the Internet of Things

verfasst von: Dr. Aurelia Tamò-Larrieux

Verlag: Springer International Publishing

Buchreihe : Law, Governance and Technology Series

Enthalten in: Springer Professional "Wirtschaft+Technik" , Springer Professional "Technik" , Springer Professional "Wirtschaft"

Einloggen, um Zugang zu erhalten
insite
SUCHEN

Über dieses Buch

This book discusses the implementation of privacy by design in Europe, a principle that has been codified within the European Data Protection Regulation (GDPR). While privacy by design inspires hope for future privacy-sensitive designs, it also introduces the need for a common understanding of the legal and technical concepts of privacy and data protection. By pursuing an interdisciplinary approach and comparing the problem definitions and objectives of both disciplines, this book bridges the gap between the legal and technical fields in order to enhance the regulatory and academic discourse. The research presented reveals the scope of legal principles and technical tools for privacy protection, and shows that the concept of privacy by design goes beyond the principle of the GDPR. The book presents an analysis of how current regulations delegate the implementation of technical privacy and data protection measures to developers and describes how policy design must evolve in order to implement privacy by design and default principles.

Inhaltsverzeichnis

Frontmatter
Chapter 1. Setting the Stage
Abstract
This chapter addresses the current state of privacy in the digital age and how it came to be. The focus rests predominantly on technical and economic issues, as they greatly influence the discourse on the “digital privacy challenge.” [The term digital privacy challenge is framed by Gasser, Schweizerischer Juristentag 2015, ZSR Band 134 II, pp. 339 et seqq, 2015. Note that other forces at play, such as societal and legal aspects, exist and will be discussed in Chap. 3 in particular. Cf. for a complete analysis of technological, economic, behavioral, and legal forces Gasser, Schweizerischer Juristentag 2015, ZSR Band 134 II, pp. 355 et seqq., 2015.] First, we describe the technical revolution, specifically the shift from big mainframe computers towards ever-smaller data processing devices. Second, we discuss how economic developments led to the emergence of new business models which use data as their new raw material. Both developments feed into each other and compound the other’s effect on the erosion of privacy. We then examine how the movement towards a digital environment raises issues with respect to privacy protection. Finally, we explore the regulatory developments which are a result of concerns over the loss of privacy in a digital ecosystem.
Aurelia Tamò-Larrieux
Chapter 2. Research Approach
Abstract
The engineering approach referenced in Chap. 1 does not in itself provide an established framework on how policymakers can or should employ technology to address privacy and data protection issues. This regulatory strategy (or policy solution) needs, therefore, a systematic analysis of: (1) the rationales behind privacy and data protection, (2) the legal principles in place that protect privacy and personal data, and (3) the technical tools that can be implemented to address privacy and data protection concerns. These three aspects are necessary to concretize the engineering approach and are thus the subject matter of this book. The basic assumptions of the engineering approach, as well as the toolsets on which it relies, must be dissected and interpreted in order for this policy solution to succeed. The following sections provide a brief outline of the research presented in this book.
Aurelia Tamò-Larrieux
Chapter 3. Mapping the Privacy Rationales
Abstract
Why should we protect informational privacy? Scholars from various fields have explored this question and arrived at different answers. This chapter groups the rationales and aims of privacy and data protection into four different perspectives. Here, a perspective on privacy denotes a desire to achieve a specific, valued condition. Each perspective refers to a particular set of assumptions behind the protection of privacy which are generally accepted in Western societies (Cf. i.a. Bygrave, Data Protection Law—Approaching Its Rationale, Logic and Limits. The Hague: Kluwer Law International, pp. 125 et seqq., pp. 150 et seqq., 2002; Bygrave, Data Privacy Law—An International Perspective. Oxford: University Press, pp. 8 et seqq., 2014; Tavani, The Handbook of Information and Computer Ethics, pp. 135 et seqq., 2008). All perspectives together lead to a holistic picture of what constitutes privacy and why its protection is important. The goal here is not to provide an exhaustive survey of the philosophies behind privacy protection (and informational privacy protection in particular), but rather to structure the most relevant themes in the literature by focusing on the underlying interests of informational privacy and data protection.
Aurelia Tamò-Larrieux
Chapter 4. Privacy Protection in an Internet of Things Environment
Abstract
This chapter puts privacy protection into context of an Internet of Things environment and elaborates on three technologies in particular: (1) Radio Frequency Identification (RFID), which is typically used to identify objects and monitor their paths, (2) smart energy architectures, which measure and communicate energy data, and (3) smart wearable devices that are used to track health and fitness data of users. These case studies show the privacy concerns triggered by these technologies and how they are addressed by regulations, standards, and technical mechanisms. The goal of these case studies is to illustrate how regulation and technologies attempt to protect the privacy interests discussed in Chap. 3. In other words, the case studies aim to generate an understanding of how law and technology address privacy issues in various contexts. At a later stage, we will build upon these case studies when discussing the legal protection mechanisms (Chap. 5) and technical protection mechanisms (Chap. 6).
Aurelia Tamò-Larrieux
Chapter 5. Privacy and Data Protection Regulation in Europe
Abstract
In Europe, everyone has a right to privacy and data protection. These rights are based on the rationales for informational privacy protection described in Chap. 3. Privacy and data protection legislation put why we protect privacy into concrete principles, which then become how we protect privacy. In the context of information, in particular, data protection legislation generates an enforceable framework for guarding against informational privacy harms. Therefore, the focus of this chapter will focus on data protection legislation. First we introduce both legal concepts and describe the evolution of data protection legislation in Europe. We then develop a taxonomy of the legal principles for privacy and data protection.
Aurelia Tamò-Larrieux
Chapter 6. Technical Tools and Designs for Data Protection
Abstract
This chapter delves into the specific technical tools and designs for data protection key for a privacy by design and default approach. After presenting an introductory scenario, we go on to classify the available privacy and data protection technologies into security, anonymity, autonomy, and transparency tools and designs. Following this taxonomy, the subsequent sections describe the individual tools, techniques, and designs in more details.
Aurelia Tamò-Larrieux
Chapter 7. Mapping the Privacy Protection Tools Throughout the Life Cycle of Data
Abstract
This chapter combines the legal principles and technical tools discussed in Chaps. 5 and 6 in order to explore areas where the principles and tools may apply. This chapter shifts to a broader perspective in order to present the regulatory mechanisms at the stage where they are required. Thereby, this chapter examines the context of privacy protection and highlights the relevance of each principle and tool to the corresponding phase of the data life cycle. This analysis shall, in turn, help policymakers and developers to understand not only the significance of the principles and tools, but also when to apply them in order to better the understanding of both disciplines.
Aurelia Tamò-Larrieux
Chapter 8. Interplay of Legal and Technical Privacy Protection Tools
Abstract
This chapter describes the interplay between legal principles and technical tools for privacy and data protection. We begin with a section on the preliminary insights, which are based on the previous chapters (Chaps. 4 and 7 in particular), and describe the approach that will be followed throughout the rest of this chapter. We continue on to describe how regulation invokes technical objectives (i.e., security, anonymity, autonomy, and transparency), which provide a baseline with which developers and engineers may work. Then the similarities and differences of both approaches will be highlighted. Lastly, we provide a synthesis and recommendations for policymakers based on lessons learned from these findings.
Aurelia Tamò-Larrieux
Chapter 9. Privacy by Design for the Internet of Things: A Startup Scenario
Abstract
This chapter builds upon Chaps. 7 and 8 by applying their findings to a specific case study. The following sections delve into a fictional startup’s products and services in order to illustrate which technical and organizational measures must be implemented to comply with the privacy by design and default requirements of the GDPR. After an introductory description of the startup’s business model, we analyze their data processing methods through the lens of the life cycle of data. The remaining sections explore the relevant questions that startups must ask themselves when launching new products or services. We also elaborate on the technical and organizational measures businesses should employ to design for a privacy-friendly Internet of Things environment.
Aurelia Tamò-Larrieux
Chapter 10. Strengthening Privacy by Design
Abstract
In this chapter, we focus on how policy design must evolve and extend beyond the technical focus applied thus far. In order for privacy protection to be internalized into the design of smart devices, and ultimately into the mindsets of developers, policy solutions that strengthen the implementation of the concept of privacy and data protection by design and default for an Internet of Things environment are necessary. This chapter closes the loop, merging the findings of the previous chapters on the legal principles, technical tools, and their interplay, in order to establish guidelines that support the development of privacy-friendly designs.
Aurelia Tamò-Larrieux
Chapter 11. Conclusion
Abstract
Privacy evolves; it is not static, but rather it adapts to internal and external influences. The internal influences consist of the ever-changing understanding of privacy and infringements of it, while external influences refer to the technological, economic, or regulatory changes that affect how data is (or can be) processed, and how we interact with data processing machines (e.g., smart devices, robots, artificial intelligence applications). In this respect, this final chapter looks ahead to the future and highlights some technical, regulatory, and perspective shifts in the privacy landscape.
Aurelia Tamò-Larrieux
Metadaten
Titel
Designing for Privacy and its Legal Framework
verfasst von
Dr. Aurelia Tamò-Larrieux
Copyright-Jahr
2018
Electronic ISBN
978-3-319-98624-1
Print ISBN
978-3-319-98623-4
DOI
https://doi.org/10.1007/978-3-319-98624-1

Premium Partner

    Bildnachweise