1 / 43

Big Data/Tracking/Targeting

Big Data/Tracking/Targeting. Information Privacy and Data Protection Lexpert Seminar. É loïse Gratton December 9, 2013. What is Big Data ?. More information + more sophisticated technology = more knowledge and business opportunities and privacy concerns.

kitty
Download Presentation

Big Data/Tracking/Targeting

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Big Data/Tracking/Targeting Information Privacy and Data ProtectionLexpert Seminar ÉloïseGratton December 9, 2013

  2. What is Big Data? • More information + more sophisticated technology = • more knowledge andbusiness opportunities and • privacy concerns

  3. Aredata protection laws adapted to issues triggered by Big Data?

  4. Whatisprivacy? • First Wave: “Right to be Let Alone” • Landmark 1890 article that Warren and Brandeis published in the Harvard Law Review, entitled “The Right To Privacy”. • Second Wave: “Right for Respect for Private and Family Life” • General Assembly of the United Nations adopted the Universal Declaration of Human Rights in 1948 + Council of Europe, founded in 1949 (Strasbourg) adopted the Convention for the Protection of Human Rights and Fundamental Freedoms, article 8. • Third Wave: “Control over Personal Information” • As the growing number of automated data banks and computers represented the biggest concern for policymakers in the early 1970s, The way to address this specific threat has led to conceptualizing privacy as the individuals in “control of their personal information” + Fair Information Practices (FIPs).

  5. …….. New reality (Internet-Big-data-fourth-wave?)

  6. Big Data and Personal Information • Increase in Volume of Information • New Types of Information and Data Collection Tools • Aggregation and Correlation of Data + Extensive Data-mining Capabilities • Convergence in Technologies • New Business Models (Customization and Sponsored Services)

  7. 1) The definition of “personal information”

  8. Definition of “personal information” • Canada: • QC: “Any information which relates to a natural person and allows that person to be identified.” • PIPEDA:“Information about an identifiable individual, but does not include the name, title or business address or telephone number of an employee of an organization.” • CB:“information about an identifiable individualand includesemployeepersonal information but does not include (a) contact information, or (b) workproduct information; » • AL:“information about an identifiable individual”(vs. personalemployee information) • EC Directive 1995: “Any information relating to an identified or identifiable natural person”which is “one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity.”

  9. over-reaching definition

  10. under-reaching definition

  11. uncertaindefinition

  12. What are the solutions? • BoštjanBercic & Carlisle George, “Identifying Personal Data Using Relational Database Design Principles” (2009) 17:3 International Journal of Law and Information Technology 233. • Lundevall-Unger and Tranvik,“IP Addresses: Just a Number?” (2011) 19:1 International Journal of Law and Information Technology 53. • Paul Ohm,“Broken Promises of Privacy” (2010) 57 UCLA L. Rev. 1701. • Paul Schwartz & Daniel Solove, “The PII Problem: Privacy and a New Concept of Personally Identifiable Information” (2011) 86 N.Y.U. Law Review 1814. • EloïseGratton, “If Personal Information is Privacy's Gatekeeper, then Risk of Harm is the Key: A proposed method for determining what counts as personal information”, Albany Law Journal of Science & Technology, Vol. 24, No. 1, 2013.

  13. 2) Privacy as individuals in “control” of their personal information (notice & choice model)

  14. Inadequacy of Privacy Policies as a Means to Communicate Choices

  15. Current policies are broad on the “uses” made with the PI

  16. “How we use information we collect • We use the information we collect from all of our services to provide, maintain, protect and improve them, to develop new ones, and to protect Google and our users. We also use this information to offer you tailored content – like giving you more relevant search results and ads. (…) • We use information collected from cookies and other technologies, like pixel tags, to improve your user experience and the overall quality of our services. (…) When showing you tailored ads, we will not associate a cookie or anonymous identifier with sensitive categories, such as those based on race, religion, sexual orientation or health. • We will ask for your consent before using information for a purpose other than those that are set out in this Privacy Policy.”

  17. High Volume of Privacy Policies are Not Read

  18. Dynamic Aspect of Privacy Policies and Business Models

  19. Does the “notice and choice” model still makes sense?

  20. Impliedordeemedconsent as a solution?

  21. Reasonable-nesstest • PIPEDA: Under s. 5(3) an organization may collect, use or disclose personal information “only for purposes that a reasonable person would consider appropriate in the circumstances.” • Alberta or the B.C. DPL: In meeting its responsibilities under the DPL, an organization must act “in a reasonable manner”, and must develop and follow policies and practices “that are reasonable for the organization” to meet its obligations. The golden standard is as follows: “what a reasonable person would consider appropriate in the circumstances”. • Directive 95/46/EC states that “any processing of personal data must be lawful and fair to the individuals concerned”.

  22. Whenis a data collection activity"reasonable"?

  23. 3) Other privacy challenges with Big Data: PersonalizationandDigital Market Manipulation

  24. Online behavioral advertising

  25. Subliminaladvertising and manipulation

  26. Document #

  27. Subliminal message in presidentialcampaign

  28. Subliminal advertising or manipulation

  29. Subliminal advertising

  30. Facial similaritymanipulation

  31. Facial similarity manipulation

  32. Facial similarity manipulation

  33. Disclosure ratcheting • Experiments show that it is possible to leverage cognitive bias or otherwise manipulate conditions in order to get subjects to disclose more personal information.

  34. Dynamicpricing: an old practice making a come back online…

  35. Dynamicpricing: Case Studies

  36. Whendoesdynamicpricingwork?

  37. Whendoesdynamicpricingwork? • Customers must have a difference in their willingness to pay; • The market must be segmentable; • Limited potential for arbitrage; • Cost of segmenting and policing must not exceed revenue increases due to customization; • Must not breed violations of perceived fairness.

  38. What’s next? Do we need new laws? • Vance Packard (The Hidden Persuaders, 1957) acknowledges that the marketers of the late 1950s were “mostly decent, likeable people” who “want to control us just a little bit”; they might be appalled, he suggests, by the technologies and techniques of the future. • But Packard closes on what amounts to a legal question: “when you are manipulating, where do you stop? Who is to fix the point at which manipulative attempts become socially undesirable?” • Ryan Calo, Digital Market Manipulation, University of Washington School of Law, Legal Studies Research Paper No. 2013-27.

  39. Thank you! • Éloïse Gratton • +514 987-5093 • eloise.gratton@mcmillan.ca

More Related