#privacy – Page 2 – Virtual Shadows

‘Privacy by design’: does all begin with corporate privacy culture?

4 June 2020

12:15

2 Comments on ‘Privacy by design’: does all begin with corporate privacy culture?

#privacy, data protection, Privacy by Design, privacy management

In scope – a useful hands-on guidance from IAPP authors for privacy pros on what to focus when taking very first steps to internalize PbD principle.

It may come as a surprise for us being buried under tons of privacy-related papers that the author suggests to begin with the inner privacy culture and getting C-level buy-in with this regard. However, it can be confirmed that this is in fact very true. At least, this will make people listen, but this is, of course, not entirely enough. Click below to know what should be brought to your attention next.

https://iapp.org/news/a/how-to-operationalize-privacy-by-design/

A “purpose” element: what is inside the controller’s mind?

by Konstantin Tiazhelnikov

2 June 2020

16:19

3 Comments on A “purpose” element: what is inside the controller’s mind?

Article 5

#gdpr, #privacy, data protection, data protection regulation, personal data, wp29

In ‘Opinion 4/2007’ on the concept of personal data, Working Party 29 (‘WP29’) identified four building blocks in the definition of personal data – ‘any information’, ‘relating to’, identified or identifiable’, ‘natural person’. They remained the same in the GDPR, thus rendering ‘Opinion 4/2007’ relevant for understanding the concept of personal data.

However, WP29, instead of eliminating all subjectivity to the extent possible, seemed to add some unclarity to the explanation of what ‘relating to’ means.

WP29 sets out that ‘in order to consider that the data “relate” to an individual, a “content” element OR a “purpose” element OR a “result” element should be present’. In turn, ‘“purpose” element can be considered to exist when the data are used or are likely to be used, taking into account all the circumstances surrounding the precise case, with the purpose to evaluate, treat in a certain way or influence the status or behaviour of an individual’.

By itself, an idea to decide on whether the data are personal or not through the interpretation of the “purpose” element is quite controversial due to the subjective (rather than objective) nature of the notion of purpose.

An example given by WP29 brings this problem front and center:

Passenger vehicles owned by a transportation company suffer repeated damage when they are dirtied with graffiti. In order to evaluate the damage and to facilitate the exercise of legal claims against their authors, the company organises a register containing information about the circumstances of the damage, as well as images of the damaged items and of the “tags” or “signature” of the author. At the moment of entering the information into the register, the authors of the damage are not known nor to whom the “signature” corresponds. It may well happen that it will never be known. However, the purpose of the processing is precisely to identify individuals to whom the information relates as the authors of the damage, so as to be able to exercise legal claims against them. Such processing makes sense if the data controller expects as “reasonably likely” that there will one day be means to identify the individual. The information contained in the pictures should be considered as relating to “identifiable” individuals, the information in the register as “personal data”, and the processing should be subject to the data protection rules, which allow such processing as legitimate under certain circumstances and subject to certain safeguards.

Most likely, it is only common sense that can lead to the conclusion that the purpose is to precisely identify authors of the graffiti. However, the controller can potentially argue that it keeps the register and images for some other internal purposes not connected with the purpose of future identification. As a result, we may end up being engaged in a discussion about true intentions of the controller which might not be established easily due to a lack of the factual grounds.

The issue described above may prima facie seem to be solely theoretical. Moreover, the language used by the GDPR contains various ‘floating’ criteria implying the necessity to conduct evaluations on a case-by-case basis. However, one should not overlook that, by applying the concept of purpose as described above, we decide on whether the data are personal or not, and a positive answer inevitably triggers set of responsibilities vested in the controller under the GDPR and Member States laws. It can be assumed that more certainty is need when addressing such a fundamental issue which may (or may not) trigger application of the data protection legislation in general.

Interestingly, the GDPR suffers from the same flaw like the WP29 ‘Opinion 4/2007’. Under Article 9(1), processing of biometric data for the purpose of uniquely identifying a natural person is prohibited (unless one of the exemptions under Article 9(2) applies). This brings us back to the issue of identification of the controller’s intention. Ironically enough, Recital 51 applies more objective criteria when addressing the same issue:

“The processing of photographs should not systematically be considered to be processing of special categories of personal data as they are covered by the definition of biometric data only when processed through a specific technical means allowing the unique identification or authentication of a natural person“

In other words, under Recital 51, it is ability of technical means to identify individuals that plays a key role (and not just purposes pursued by the controller). Unfortunately, this wording has been changed in Article 9(1) requiring to identify the subjective purposes (instead of objective abilities).

Privacy, Civics, the STEM Disciplines, and the Future

by Jim

27 May 2020

13:05

2 Comments on Privacy, Civics, the STEM Disciplines, and the Future

U.S.

#civics, #privacy, #R&D, #STEM

By James Casey, Esq., CPP

The recent passage of Resolution 108 at the ABA House of Delegates meeting in Austin, Texas, presented a wonderful opportunity to speak again to the importance of Civics in American life. Supported by the Standing Committee on Election Law, Section of Civil Rights and Social Justice, Standing Committee on Public Education, Section of State and Local Government Law, and the Law Student Division, the Resolution urges all levels of government to facilitate the preregistration of voting by youth between the ages of 16 and 18. This preregistration will lead to increased youth voting in elections at all levels, but it is critical that Civics education be significantly increased in schools to facilitate informed voting. Two paragraphs in Resolution 108 are most important:

FURTHER RESOLVED, That the American Bar Association urges state and local educational institutions to adopt robust civic education programs to promote literacy in the institutions of American government, the methods of active civic participation in elections and governance, and a solid foundational understanding of the role and crucial importance of the rule of law; and

FURTHER RESOLVED, That the American Bar Association urges federal, state, local, territorial, and tribal governments to enact legislation, promulgate regulations, and appropriate sufficient funds to implement voter preregistration and civics education as called for by this resolution.

The Connection Between Privacy, Civics, STEM, and Innovation

You may be asking yourself at this point: What is the connection between Privacy, Civics, and the STEM disciplines (Science, Technology, Engineering, Mathematics)? There are a few important connections that may be named now: 1) STEM disciplines are at the forefront of technological initiatives to enhance privacy protection (regardless of the country); 2) An educated public (and youth particularly) about Civics and government also means an educated public when it comes to privacy and data protection; 3) Academic institutions conduct research into areas such as AI (artificial intelligence), which will transfer into privacy issues and strengthen the classroom experience; 4) Privacy and data protection in the future will increasingly adopt scientific improvements, which are often developed in universities; and 5) Privacy and data protection are interdisciplinary areas, just like Civics and the “hard sciences” (STEM). To the author, these areas are highly complementary. These connections will be amplified in a future blog post.

The importance of Civics education in the nation’s schools goes beyond enhanced voting. The next section addresses the STEM disciplines, innovation, and how Civics education is just as important as STEM education. Similarly, Privacy education is equal to the education required in Civics and STEM.

The STEM Disciplines and Innovation

Alan Leshner’s well written editorial in the 27 May 2011 issue of Science Magazine, entitled “Innovation Needs Novel Thinking,” highlights the important linkages between the STEM disciplines and innovation in ensuring that the American economy remains at the forefront of global economic growth. This section of his editorial struck me as vitally important:

In addition, innovation often comes from nontraditional thinking, and many new ideas will come from new participants in science and engineering who often are less tied to traditional ways. That argues for increasing the diversity of the scientific human resource pool, adding more women, minority, and disabled scientists, as well as researchers from smaller and less-well-known institutions. The benefits of increasing diversity by fostering innovation and economic success have been argued well elsewhere (see citation in original article). Both research institutions and funders need to attend more to these sources of novel thinking and may have to refine recruitment, reward, and funding systems accordingly (Leshner, p. 1009).

The ideas he outlined in his editorial, furthermore, can find a kinship with points made by Federal Reserve Chairman Ben S. Bernanke in his speech entitled “Promoting Research and Development: The Government’s Role,” given at Georgetown University on 16 May 2011. As Mr. Bernanke says on pages 10-11 of his speech:

… At the same time, critics of K-12 education in the United States have long argued that not enough is being done to encourage and support student interest in science and mathematics. Taken together, these trends suggest that more could be done to increase the number of U.S. students entering scientific and engineering professions.

The commentary by Mr. Bernanke and Mr. Leshner are absolutely on point. The United States needs increasing numbers of graduates who are skilled in the STEM disciplines if it is to remain a dominant economic power. But that objective is only part of the goal of increasing innovation and economic wealth. The innovation environment needs to be expanded beyond STEM.

Expanding the Context of Innovation

While focusing on the STEM disciplines is a meritorious approach to increasing innovation and wealth creation in the United States, it does not cover the entire universe of what is necessary to create an innovation society. Attention to non-STEM areas – such as Civics – is critical to creating an innovation society. Civics is the broad area encompassing such disciplines as history, law, and political science. An educated and engaged citizenry is critical to the creation of an innovation economy in the United States. And advances in privacy are critical to an innovation economy anywhere in the world.

One can find the genesis of law and innovation in the U.S. Constitution. Article I, Section 8, Clause 8, of the Constitution empowers the U.S. Congress to:

To promote the Progress of Science and useful Arts, by securing for limited Times to Authors and Inventors the exclusive Right to their respective Writings and Discoveries.

This clause serves as the constitutional bedrock for U.S. intellectual property law. This is the first clue that technology and innovation is not solely a STEM concern.

The May 2011 issue of the ABA Journal discusses these issues in an excellent article entitled, “Flunking Civics: Why America’s Kids Know So Little.”[i] The article says the following with regards to a focus on certain disciplines (p. 34):

Since the late 1990s, when American students tested poorly in reading, science and math against students from 20 other Western nations, federal education policy has focused strongly on those three subjects at the expense of history, social studies, government and civics.

That trend began in 2001 with the Bush Administration’s landmark No Child Left Behind Act, which gives priority to federal funding for efforts to improve student performance in reading and math, skills that are considered fundamental to student success in the workplace. The program continued under the Obama Administration’s support for so-called STEM programs, which rewarded student achievement in the fields of science, technology, engineering and math.

Educators fear that this long-range focus on a few limited subjects that are considered fundamental to student success is squeezing out the amount of time and effort devoted to subjects considered non-fundamental, such as history, social science, government and civics.

This concern over the “squeezing out” of non-STEM subjects is matched by documented evidence that U.S. students and adults have a very poor grasp of law, history, or government, all of which are considered essential for civic engagement. The ABA Journal article (p. 34) notes that a 2005 survey by the ABA found that nearly half of all Americans were unable to correctly identify the three branches of government, and a FindLaw survey that same year found that only 57% of Americans could name any U.S. Supreme Court justice. Retired U.S. Supreme Court Justice Sandra Day O’Connor is quoted in the article as saying (p. 37):

There are all kinds of polls out there showing that barely one out of three Americans can name the three branches of government, let alone describe what they do.

If the polls are correct in large measure, meaning that most Americans are illiterate when it comes to their government and what it does, how can they function and benefit in an innovation economy? There is more to government than releasing funds to beneficiaries.

The American Bar Association has long had a significant interest in civics education. As noted in the ABA Journal article (p. 37), the ABA Commission on Civic Education in the Nation’s Schools is co-sponsoring a series of academic events around the country where community leaders can teach students about the law, the Constitution, and the importance of civic engagement. The Commission has supported these activities with other resources, such as a resource guide and a website where law schools, courts, civic organizations, and other organizations interested in sponsoring such a forum can find suggested curriculum, formats, lesson plans, strategies, and other information (p. 37).

The Connection Between Civics, Voting, and Innovation

It is easy to design a high school or undergraduate course drawing the connection between civics, voting and innovation. This includes such topics as: 1) Why it is important that Civics be taught in grade and high schools and why it is important for the rule of law; 2) The constitutional basis of copyrights and patents in the U.S. (Article I, Section 8, Clause 8); 3) The history of inventions in the United States, particularly those of significance; 4) Basic STEM dimensions that bear upon innovation today; 5) The major laws and regulations impacting innovation today; 6) Current issues in innovation; and 7) The future of innovation.

This approach – tailored for a specific educational level – would help engage all students in the concepts of innovation and raise the level of civic engagement in the area of innovation. Such a course would educate all, not just students engaged in the STEM disciplines or majoring in those areas.

Conclusion

A strong Civics curriculum at the grade, high school, and college levels would benefit America in several ways.

As exemplified by ABA Resolution 108, a robust dedication to teaching Civics at all levels, coupled with voter preregistration between the ages of 16 and 18, would lead to increased and informed youth voting. American democracy is strengthened by these improvements. There is more to American democracy than the internet, Facebook, and Twitter. Students must be well versed in American history, law, politics, and Civic engagement. Privacy and data protection are strengthened by having educated youth and an engaged citizenry.

An American citizenry educated in Civics and STEM (or STEAM as the new acronym – adding Arts) will also go a long way to creating a culture of innovation. If America truly wants an innovation society that creates wealth for all its people, then the education of America’s youth will have to go far beyond the STEM disciplines. Privacy is a critical component in that education. Students will learn that true innovation in the United States stems from democracy and a largely capitalist economic system. Increased Privacy and Civics education, increased voting, and increased STEM education will lead to continued American success in a global economy.

The current pandemic is a time of monumental change, sadness, and uncertainty. Despite those characteristics, it is also a time of great opportunity, with Privacy at the forefront.

__________________________________________________________________________

James Casey, Esq., CPP, is an attorney, certified privacy practitioner (CPP), and consultant based in Washington, DC. He is also an Adjunct Associate Professor in the CUNY M.S. Program in Research Administration and Compliance. He is presently a State Bar of Wisconsin representative to the ABA House of Delegates and holds several positions within the ABA Science and Technology Law Section. He is a past president of the State Bar of Wisconsin Nonresident Lawyers Division and is a Life Fellow of the Wisconsin Law Foundation and a Fellow of the American Bar Foundation. The opinions expressed in this article are solely his.

[i] Mark Hansen, “Flunking Civics: Why America’s Kids Know So Little.” ABA Journal, May 2011, pp. 32-37.

Google Search for Dummies

by Karen

28 July 2013

19:25

Leave a comment on Google Search for Dummies

Advertising, search

#privacy, Google

Look here, a really nice simple explanation on how Google search works and a very little but strong message at the end on the potential privacy impacts.

Google autocomplete and personal integrity

by Karen

20 May 2013

12:40

1 Comment on Google autocomplete and personal integrity

Germany, Spain

#privacy, a right to be forgotten, personal integrity, reputation

Wow, Germany courts have done it again! They are so good at protecting the personal privacy of their citizens! Read on, it connects to an individual’s ‘right to be forgotten’.

Google have been been over-ruled concerning how the ‘autocomplete’ function in the search dialog works. Basically this is generated by what other users have been searching for. The reason why this has become a case for personal integrity, and also a person’s reputation is because words associated with a particular person, either by rumor or otherwise, and thus searched by users impacts that person’s reputation.

The case in question was when the complainants’ names were typed into Google’s search bar, the autocomplete function added the ensuing words “Scientology” and “fraud”.The continuing association of their names with these terms infringed their rights to personality and reputation as protected by German law (Articles 823(1) and 1004 of the German Civil Code).

What does this mean for Google? Well once Google has been alerted to the fact that an autocomplete suggestion links someone to libellous words, it must remove that suggestion.

According to Panopticon blog this German ruling is extending the “frontiers of legal protection for personal integrity and how we allocate responsibility for harm. Google says that, in these contexts, it is a facilitator not a generator. It says it should not liable for what people write (scroll down to “Google and the ‘right to be forgotten’” here, in Spain a previous case), not for what they search for (the recent German case). Not for the first time, courts in Europe have allocated responsibility differently.”

A clampdown on ‘privacy policy’?

by Karen

18 May 2013

20:23

Leave a comment on A clampdown on ‘privacy policy’?

Information Privacy

.ico, #privacy, policies

Well I don’t think so, but at least someone, some authority seems to care 😉

So which law applies?

by Karen

28 April 2013

19:52

Leave a comment on So which law applies?

Germany

#privacy, Facebook, law enforcement

Now this is a really interesting legal case. Facebook has a marketing and advertising business established as a separate legal entity in Germany. In December 2012, the Schleswig DPA issued orders against Facebook Inc. in the U.S. and Facebook Ltd. in Ireland, in which the DPA demanded that Facebook allow its German users to use pseudonyms.

So which law applies? Germany, Ireland, or US? In the end Germany lost. It was decided that the Irish DPU laws applied. The ruling stated that it was not considered a sufficient presence to warrant the application of German data protection law.