310 likes | 326 Views
“ You have zero privacy, ” “ You own your data, ” and other Myths. Dr. Gilad L. Rosner Visiting Researcher Horizon Digital Economy Research Institute gilad@giladrosner.com http:// bit.ly / grosner @ GiladRosner. Where were you last night at 10pm?. What hygiene products do you buy?.
E N D
“You have zero privacy,”“You own your data,”and other Myths • Dr. Gilad L. Rosner • Visiting Researcher • Horizon Digital Economy Research Institute • gilad@giladrosner.com • http://bit.ly/grosner • @GiladRosner
Have you always been • faithful to your partner?
“Instantaneous photographs and newspaper enterprise have invaded the sacred precincts of private and domestic life; and numerous mechanical devices threaten to make good the prediction that "what is whispered in the closet shall be proclaimed from the house-tops....” The press is overstepping in every direction the obvious bounds of propriety and of decency.… The intensity and complexity of life ... have rendered necessary some retreat from the world, and man, under the refining influence of culture, has become more sensitive to publicity, so that solitude and privacy have become more essential to the individual…” Warren & Brandeis, 1890
“There exists a threshold beyond which social contact becomes irritating for all parties; therefore, some provision for removing oneself from interaction and observation must be built into every establishment...” Schwartz, 1968
An appetite for limitless collection • A blurring of separate informational spheres • Inter-organizational sharing • Fishing expeditions in data originally collected for other uses – “dragnet behavior” • Poor security • System abuses leading to reduced confidence in government • Impersonal machine-based choices about people’s lives • The spectre of a master dossier about individuals
a right “to control, edit, manage, and delete information about [oneself] and decide when, how, and to what extent information is communicated to others” solitude・intimacy・anonymity・reserve
Fair Information Principles • 1. There shall be no personal-data record-keeping system whose very existence is secret and there shall be a policy of openness about an organization's personal-data record-keeping policies, practices, and systems. (The Openness Principle) • 2. An individual about whom information is maintained by a record- keeping organization in individually identifiable form shall have a right to see and copy that information. (The Individual Access Principle) • 3. An individual about whom information is maintained by a record- keeping organization shall have a right to correct or amend the substance of that information. (The Individual Participation Principle) • 4. There shall be limits on the types of information an organization may collect about an individual, as well as certain requirements with respect to the manner in which it collects such information. (The Collection Limitation Principle) • 5. There shall be limits on the internal uses of information about an individual within a record-keeping organization. (The Use Limitation Principle) • 6. There shall be limits on the external disclosures of information about an individual a record-keeping organization may make. (The Disclosure Limitation Principle) • 7. A record-keeping organization shall bear an affirmative responsibility for establishing reasonable and proper information management policies and practices which assure that its collection, maintenance, use, and dissemination of information about an individual is necessary and lawful and the information itself is current and accurate. (The Information Management Principle) • 8. A record-keeping organization shall be accountable for its personal-data record-keeping policies, practices, and systems. (The Accountability Principle)
Article 8 of the European Convention on Human Rights “Everyone has the right to respect for his private and family life, his home and his correspondence.”
State Constitutions that Contain Privacy Rights Alaska Arizona California Florida Hawaii Illinois Louisiana Montana South Carolina Washington
Montana “The right of individual privacy is essential to the well-being of a free society and shall not be infringed without the showing of a compelling state interest.”
Right of informational self-determination “... the authority of the individual to decide [for] himself, on the basis of the idea of self-determination, when and within what limits information about his private life should be communicated to others” Westin, 1968: “to control, edit, manage, and delete information about [oneself] and decide when, how, and to what extent information is communicated to others.”
“If someone cannot predict with sufficient certainty which information about himself … is known to his social milieu and cannot estimate sufficiently the knowledge of parties to whom communication may be possibly made, he is crucially inhibited in his freedom to plan or to decide freely and without being subject to any pressure or influence.” German Constitutional Court, 1983
“... data protection is ... a precondition for citizens’ unbiased participation in the political processes of the democratic constitutional state. The ... state relies to a great extent on the participation of all citizens and its legitimacy is based on respecting each person’s individual liberty ... the right to informational self-determination is not only granted for the sake of the individual, but also in the interest of the public, to guarantee a free and democratic communication order.” Hornung and Schnabel, 2009
Consumer Privacy Bill of Rights INDIVIDUAL CONTROL: Consumers have a right to exercise control over what personal data companies collect from them and how they use it. TRANSPARENCY: Consumers have a right to easily understandable and accessible information about privacy and security practices. RESPECT FOR CONTEXT: Consumers have a right to expect that companies will collect, use, and disclose personal data in ways that are consistent with the context in which consumers provide the data. SECURITY: Consumers have a right to secure and responsible handling of personal data. ACCESS AND ACCURACY: Consumers have a right to access and correct personal data in usable formats, in a manner that is appropriate to the sensitivity of the data and the risk of adverse consequences to consumers if the data is inaccurate. FOCUSED COLLECTION: Consumers have a right to reasonable limits on the personal data that companies collect and retain. ACCOUNTABILITY: Consumers have a right to have personal data handled by companies with appropriate measures in place to assure they adhere to the Consumer Privacy Bill of Rights.
Privacy by design Privacy by default Code is law
Confidentiality Integrity Availability Transparency Unlinkability Intervenability
Thank you! Dr. Gilad L. Rosner gilad@giladrosner.com http://bit.ly/grosner @GiladRosner