nach oben

Erschienen in:

2018 | OriginalPaper | Buchkapitel

RESPECT4U – Privacy as Innovation Opportunity

verfasst von : Marc van Lieshout, Sophie Emmert

Erschienen in: Privacy Technologies and Policy

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

The right to privacy is enshrined in the European charter of fundamental rights. The right to data protection is a relatively novel right, also enshrined in the same European charter. While these rights seem to focus on a defensive and protective approach, they also give rise to a positive and constructive interpretation. The GDPR may act as driver for innovation. Not only for assuring a better way of dealing with personal data, but including a more encompassing approach of assuring privacy. RESPECT4U offers a framework of seven privacy principles that help organisations in promoting this positive attitude towards the reconciliation of privacy and innovation: Responsible processing, Empowering data subjects, Secure data handling, Pro-active risk management, Ethical awareness, Cost-benefit assessment, Transparent data processing. This paper introduces the background of RESPECT4U, and elaborates the seven principles that form its foundation. Together they demonstrate that privacy can act as innovation driver.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Towards a Roadmap for Privacy Technologies and the General Data Protection Regulation: A Transatlantic Initiative

Nächstes Kapitel Tailoring Taint Analysis to GDPR

See the blog post of Daniel Solove on this issue: https://teachprivacy.com/the-hidden-force-that-will-drive-gdpr-compliance/; last accessed 2018/04/08.

GDPR, art 24(1): “… the controller shall implement appropriate technical and organisational measures to ensure and to be able to demonstrate that processing is performed in accordance with this Regulation.”, Art 28 (1) “… the controller shall use only processors providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that processing will meet the requirements of this Regulation and ensure the protection of the rights of the data subject.”

See for instance https://www.privacylaws.com/Publications/enews/International-E-news/Dates/2018/4/Facebook-shifts-15-billion-users-to-avoid-GDPR/ and https://martech-today.com/facebook-well-implement-gdpr-privacy-protections-globally-213545, showing both sides of the coin. Last accessed 2018/05/20.

See for instance https://gdprindex.com/, a website that provides an overview of firms active in providing consultancy services of various kinds.

The ‘Cambridge Analytica’ casus is a clear point in respect. This organisation has acted quite irresponsibly in its strive to influence people’s behaviour by illegitimately using knowledge on their postings on social media. While one could question whether ‘nudging people’ is unethical by itself, the unlawful processing of personal data by Cambridge Analytica is a clear infringement of legal obligations in offering choice and consent to people.

The second meaning given in the dictionary is to liberate. The meaning of ‘being robbed’ is however also present in the Spanish meaning of the word ‘privar’.

The statement was made during a debate in the House of Parliament in 1773 where it was discussed whether the Crown’s forces were entitled to search in houses for evidence of the production of cider in order to levy taxes. See https://www.chroniclesmaga-zine.org/blogs/thomas-fleming/defending-the-family-castle-part-i/; last accessed 2018/04/08.

See (Finn et al. 2013) for an elaboration of seven dimensions of privacy including the right to relational privacy. In this paper we will stick to the four privacy dimensions that are commonly recognized as relevant ones: information privacy, relational privacy, spatial privacy and bodily privacy.

See https://epic.org/privacy/hew1973report/ for a web-based version of the report. Last accessed 2018/04/08.

See https://www.coe.int/en/web/conventions/full-list/-/conventions/treaty/108/signatures; last accessed 2018/04/08.

This similarity may be larger than it seems to be at first glance. The GDPR may have a similar impact on business processes: from resistance to embracement and inclusion in the very heart of business activities.

See for instance https://www.computerweekly.com/opinion/Why-Europes-GDPR-privacy-regulation-is-good-for-business; https://www.computerweekly.com/news/252435774/GDPR will-have-positive-ripple-effect-say-US-consumer-group. Last accessed 2018/04/14.

https://iapp.org/news/a/why-the-gdpr-is-good-for-businesses/. Last accessed 2018/04/14.

https://www.edq.com/uk/blog/8-reasons-why-the-gdpr-can-help-boost-your-business/; last accessed 2018/04/14.

Costs and benefits do not only relate to financial or monetary aspects, as we will demonstrate further on.

This refers to the famous saying that data is the new oil. Quoted by many, the origin of the quote is not fully known. See https://www.quora.com/Who-should-get-credit-for-the-quotedata-is-the-new-oil. Last accessed 2018/04/14.

The recent uproar concerning the activities of Cambridge Analytica and the role Facebook played is a point in respect.

Public (and political) awareness concerning the need to change to sustainable production modes has had a decisive influence on the dominant role of becoming and being sustainable. While differences with ‘data pollution’ we are experiencing today are obvious, both practices share some similarities as well. See for instance the presentation of Van den Hove during a Conference on sustainability organized by EWI Vlaanderen. https://www.ewivlaanderen.be/sites/default/files/rri_sep2016_vandenhoven.pdf. Last accessed 2018/05/21.

We are participating in a research project for the European Commission in which we study the manner in which art 42 and 43 of the GDPR should be understood and should be operationalized. The results of this study are not publicly available yet, as the study has not been completed. Finalization is foreseen for June 2018.

See https://www.european-privacy-seal.eu/EPS-en/Home; last accessed 2018/04/16.

See https://cip-overheid.nl/privacy-baseline; last accessed 2018/04/16.

Initially developed for scoring the maturity of business processes in the Capability Maturity Model (Paulk 2002).

These experiments were performed for commercial organisations. We cannot support these claims by public data yet. We hope to do so in the near future.

See https://www.dtls.nl/fair-data/personal-health-train/; last accessed 2018/04/15.

See https://privacybydesign.foundation/irma/; last accessed 2018/04/15.

The Article 29 Working Party has produced guidelines fort his identification but these guidelines are also not decisive and leave many items open (such as the definition of ‘systematic’ and ‘large-scale’). The GDPR indicates that a list will be developed that may contain processing operations in need of a DPIA and a list of operations not in need of a DPIA, but it may take some time before such a list has been concluded. (Art29WP 2018)

Our research organization, TNO, collaborates with the Radboud University and Tilburg University in the Privacy & Identity Lab, PI.lab, on digital privacy and electronic identity issues. The PI.lab brings together researchers of various disciplinary backgrounds in order to create a multi-disciplinary approach of privacy in current day data processing. See https: www.pilab.nl; last accessed 2018/04/16.

See IPEN, International Privacy Engineering Network https://edps.europa.eu/data-protection/ipen-internet-privacy-engineering-network_en; last accessed 2018/04/15.

See the literature on for instance k-anonymity and trusted third parties that play a role in organizing these patterns. (Barker et al. 2009; Palmer et al. 2000).

See e.g. https://www.nytimes.com/2018/03/19/technology/facebook-cambridge-analytica-explained.html and https://www.washingtonpost.com/business/understanding-the-facebook-cambridge-analytica-story-quicktake/2018/04/09/; last accessed 2018/04/16.

See https://www.washingtonpost.com/news/the-switch/wp/2018/04/10/transcript-of-mark-zuckerbergs-senate-hearing/?utm_term=.cf7c8e3ff87c and https://www.independ-ent.co.uk/news/uk/politics/mark-zuckerberg-eu-parliament-house-commons-uk-hearing-fa-cebook-data-a8361066.html; last accessed 2018/05/21.

The bankruptcy of Cambridge Analytica demonstrates that consequences of social condemnation may be severe. See https://www.reuters.com/article/us-cambridge-analytica-bank-ruptcy/cambridge-analytica-files-for-chapter-7-bankruptcy-idUSKCN1IJ0IS; last accessed 2018/05/21.

See http://blogs.lse.ac.uk/mediapolicyproject/2016/07/27/the-economics-of-privacy/; last accessed 2018/04/16.

See https://privasee.blog/2015/11/18/do-you-have-privacy-champions-in-your-organisation/; last accessed 2018/04/16.

The RESPECT4U white paper outlines the basic elements of the RESPECT4U privacy principles. See https://pilab.nl/research/respect4u.html/; last accessed 2018/05/21.

Article 29 Working Party: Guidelines on Data Protection Impact Assessment (DPIA) and determining whether processing is” likely to result in a high risk” for the purposes of Regula- tion 2016/679, wp248rev.01. http://ec.europa.eu/newsroom/article29/item-de-tail.cfm?item_id = 611236. Accessed 15 Apr 2018

Acquisti, A., Friedman, A., Telang, R.: Is there a cost to privacy breaches? an event study. In: ICIS 2006 Proceedings, p. 94 (2006). http://aisel.aisnet.org/icis2006/94. Accessed 16 Apr 2018

Aquisti, A.: Nudging privacy – the behavioral economics of privacy. In: IEEE Privacy & Security, November/December, pp. 72–75 (2009)

Acquisti, A., Taylor, C., Wagman, L.: The economics of privacy. J. Econ. Lit. 54(2), 442–492 (2016)CrossRef

Barker, K., et al.: A data privacy taxonomy. In: Sexton, A.P. (ed.) BNCOD 2009. LNCS, vol. 5588, pp. 42–54. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-02843-4_7CrossRef

Baduri, G., Ha-Brookshire, J.E.: Do transparent business practices pay? Exploration of transparency and consumer purchase intention. Cloth. Text. Res. J. 29(2), 135–149 (2011)CrossRef

Bennet, C.J., Raab, C.D.: The Governance of Privacy. The MIT Press, Cambridge/London (2006)

Bost, R., Popa, R.A., Tu, S., Goldwasser, S.: Machine learning classification over encrypted data. Crypto ePrint Archive (2014). https://eprint.iacr.org/2014/331.pdf

Cavoukian, A.: Privacy by Design – The 7 Foundational Principles (2011). https://ipc.on.ca/wp-con-tent/uploads/Resources/7foundationalprinciples.pdf

Colesky, M., Hoepman, J.-H., Hillen, C.: A critical analysis of privacy design strategies. In: IEEE Security and Privacy Workshops (SPW) (2016). https://doi.org/10.1109/spw.2016.23

Council of Europe: Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data. Strassbourg (2013)

Danezis, G., et al.: Privacy and Data Protection by Design – from policy to engineering. ENISA (2014)

De Vos, H., et al.: 16244 – PIME - A1602, Guidelines on inclusion of users’ perception and attitude on offering control and choice with respect to health data and health data services, EIT PIME Deliverable 2 (2016)

Eggert, E., Helm, S.: Exploring the impact of relationship transparency on business relationships: a cross-sectional study among purchasing managers in German. Ind. Mark. Manag. 32(2), 101–108 (2003)CrossRef

Executive Office of the President: Big Data: A Report on Algorithmic Systems, Opportunity and Civil Rights, US Presidency (2016)

Erikin, Z., Veugen, T., Toft, T., Lagendijk, R.L.: Generating private recommendations efficiently using homomorphic encryption and data packing. IEEE Trans. Inf. Forensics Secur. 7(3), 1053–1066 (2012)CrossRef

Finn, R.L., Wright, D., Friedewald, M.: Seven types of privacy. In: Gutwirth, S., Leenes, R., De Hert, P., Poulett, Y. (eds.) Data Protection: Coming of Age. Springer, Dordrecht (2013). https://doi.org/10.1007/978-94-007-5170-5_1

Jentsch, N., Preibusch, S., Harasser, A.: Study on monetizing privacy – an economic model for pricing personal information. ENISA (2012)

Galic, M.: Covert surveillance of privileged consultations and the weakening of the legal professional privilege. Eur. Data Prot. Law Rev. 4, 602–607 (2016)CrossRef

Gellert, R., Gutwirth, S.: The legal construction of privacy and data protection. Comput. Law Secur. Rev. 29, 522–530 (2013)CrossRef

Hildebrandt, M.: Smart Technologies and the End(s) of Law. Edward Elgar Publishing, Cheltenham, Northampton (2015)CrossRef

Keymolen, E.: Trust on the line – a philosophical exploration of trust in the networked era. Erasmus University, Rotterdam (2016)

Kumaraguru, P., Cranor, L.F.: Privacy Indexes: A Survey of Westin’s Studies, CMU-ISRI-5– 138, Carnegie Mellon University (2005)

London Economics: Study on the Economic Benefits of PET; Study for the European Commission, DG Justice, Freedom and Security. EC, Brussel (2010)

Paulk, M.: Capability maturity model. In: J.-J. Macinaik (ed.) Encyclopedia of Software Engineering, Wiley Online Library (first published 2002). https://onlineli-brary.wiley.com/doi/book/, https://doi.org/10.1002/0471028959. Accessed 15 Apr 2018

Palmer, J.W., Bailey, J.P., Faraj, S.: The role of intermediaries in the development of trust on the www: the use and prominence of trusted third parties and privacy statements. J. Comput.-Mediat. Commun. 5(3) (2000). https://doi.org/10.1111/j.1083-6101.2000.tb00342.x. Accessed 15 Apr 2018CrossRef

Stone, M.: The new (and ever-evolving) direct and digital marketing ecosystem. J. Direct, Data Digit. Mark. Pract. 16(2), 71–74 (2014)CrossRef

Saunders, J., Hunt, P., Hollywood, J.S.: Predictions put into practice: a quasi-experimental evaluation of Chicago’s predictive policing pilot. J. Exp. Criminol. 12(3), 347–371 (2016)CrossRef

Steen, M., Van der Poel, I.: Making values explicit during the design process. IEEE Technol. Soc. Mag. 31(4), 63–72 (2012)CrossRef

Turilli, M., Floridi, L.: The ethics of information transparency. Ethics Inf. Technol. 11(2), 105–112 (2009)CrossRef

Youyou, W., Kosinski, M., Stillwella, D.: Computer-based personality judgments are more accurate than those made by humans, PNAS (2015). https://doi.org/10.1073/pnas.1418680112. Accessed 15 Apr 2018CrossRef

Van den Broek, T., Ooms, M., Friedewald, M., Van Lieshout, M., Rung, S.: Privacy and security – citizens’ desires for an equal footing. In: Friedewald, M., Burgess, J.P., Cas, J., Bellanova, R., Preissl, W. (eds.) Surveillance, Privacy and Security, pp. 15–35. Routledge, Abingdon, Oxon/New York, (2017)CrossRef

Van der Hoven, M.J., Lokhorst, G.J., Van de Poel, I.R.: Engineering and the problem of moral overload. Sci. Eng. Ethics 18(1), 153–155 (2012)

Van der Hoven, J., Manders-Huits, N.: Value sensitive design. In: Berg Olsen, J.K., Pedersen, S.A., Hendricks, V.F. (eds.) A Companion to the Philosophy of Technology, Wiley Online, Chapter 86, https://doi.org/10.1002/9781444310795.ch86. Accessed 16 Apr 2018

Verheul, E., Jacobs, B.: Polymorphic encryption and pseudonymisation in identity management and medical research. NAW 5/18(3), 168–72 (2017)

Veugen, T., De Haan, R., Cramer, R., Muller, F.: A framework for secure computations with two non-colluding servers and multiple clients, applied to recommendations. IEEE Trans. Inf. Forensics Secur. 10(3), 445–457 (2015)CrossRef

Wright, D., De Hert, P. (eds.): Privacy Impact Assessment, Law, Governance & Technology Series, vol. 6. Springer, Heidelberg (2012). https://doi.org/10.1007/978-94-007-2543-0CrossRef

Titel: RESPECT4U – Privacy as Innovation Opportunity
verfasst von: Marc van Lieshout
Sophie Emmert
Verlag: Springer International Publishing
Buch: Privacy Technologies and Policy
Print ISBN: 978-3-030-02546-5

Electronic ISBN: 978-3-030-02547-2

Copyright-Jahr: 2018
DOI: https://doi.org/10.1007/978-3-030-02547-2_3

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner