Abstract image of a woman sitting on books and studying on a laptop

Can we keep your data please?

Download as PPT, PDF
P
Paul Bernal

The document discusses issues around personal data collection on the internet and proposes giving individuals more control over their data. It suggests establishing a "right to delete" that would allow data subjects to easily delete personal data held by companies. This would shift the assumption that data can be held unless the individual wants it deleted, forcing data holders to justify retention. It could encourage new business models that use data temporarily rather than stockpiling it indefinitely. The right to delete would complement but not replace data protection principles by empowering individuals over how their data is used.

EducationTechnology
1 of 18
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
‘ Can we keep your data please?’ ….and other necessary questions Paul Bernal – University of East Anglia
Personal data on the internet Massive amounts are held Current commercial models rely on it The data that is held is vulnerable – and may be increasingly so The existence and use of that data is something that concerns people – and rightly so It’s our data, isn’t it??
Personal data in the new internet The Google/Facebook model Behavioural tracking Commercial data gathering The market in personal data Government/private sector cooperation
Data vulnerability Physical loss – e.g. HMRC/MOD data losses Hacking Vulnerability to government action: Subpoenas, USA PATRIOT act, Data retention Swiss banking data/Chinese Google hackers Commercial vulnerability T-Mobile data-selling scandal Changes of ownership etc Leaking For good reasons.. (Wikileaks??) … and bad (ACS: Law??)
What can be done? Systematic culture change – emphasis on data security More powerful, better resourced and better supported data protection systems Better use of technological protection – encryption etc More community awareness of the issue
But there will always be problems: Human errors Human malice Technological errors Community pressures New technological and business ideas
The only way for data to be truly safe…. … .is for it not to exist
Data minimisation Already a principle within data protection, but one that is effectively paid only lip-service It needs to be better enforced – both better detected and more harshly punished. Punishment for data protection breaches are generally for losses or inappropriate processing, not for failures of data minimisation Needs to be put more in the hands of the data subjects
New business models The drive behind the current web model has been the business concepts of Google and Facebook New business models could bring about new changes – but how to get them to happen? We need a change in assumptions – that unless you have a strong NEED to hold data, you should not hold that data Data holders need to ask ‘Can we keep your data please? … ..and respect the answer!
A right to delete? Currently it is the business that decides whether data should be held, anonymised or deleted If that decision is put in the hands of the data subject, businesses would think twice before using business models that rely on the data being held Instead, they might look for ways to use the data immediately, then discard it
A right to delete? Not the same as a ‘right to be forgotten’ – qualitatively different ‘ Forgotten’ is an emotive word, the right can be misunderstood, and opposed unnecessarily This is not re-writing history, or restricting journalists Not a tool for the rich and powerful to retain their power – though that risk is always present
A right to delete A change in paradigm. The assumption is that data can and should be deleted if the data subject wants it, unless there are pressing reasons the other way The right needs to be made easily applied – access to data and then the ability to delete it directly on the web Part of a shift in the nature of data protection – putting the focus on the rights of the individual, not on the obligations of the data controllers
When can data be held? Paternalistic reasons – for the benefit of the individual (e.g. medical data) Communitarian reasons – for the benefit of the community (e.g. criminal records) Administrative or economic reasons – for the benefit of society (e.g. tax records, electoral rolls) Archival reasons – for a good, accurate and useful historical record (e.g. newspaper records, British Library ‘right to archive’) Security reasons – for national security or criminal investigations (e.g. data retention laws)
Business reasons…. … .are not enough
Deletion and anonymisation Closely related – and complex Data can relate to more than one individual Data controllers might offer the option to anonymise rather than delete – but it should be the data subject’s option Anonymisation in itself is contentious and more often reversible than people suspect
Data protection principles The right to delete extends and improves implementation of data protection principles First point is better data access rights Second is putting data minimisation in the hand of the data subject Important to ensure that this right does not replace the data controller’s responsibility for data minimisation, but adds to it
Implications Gives individuals more control and autonomy Forces those holding data to justify why they’re holding it – in such a way that users understand Encourages the development of better business models Could end up supporting individuals even in places where data protection doesn’t apply – because the big businesses develop global business models
… and other necessary questions ‘ Can we gather your data please?’ … a right to roam the internet with privacy ‘ Can we do THIS with your data?’ … collaborative consent ‘ Do you mind if we watch you?’ … a right to monitor the monitors [email_address]

More Related Content

PPTX
The right to delete
Paul Bernal
 
PDF
Data Privacy
cliff_rudolph
 
PPTX
Data set Legislation
Data-Set
 
PPTX
Data set Legislation
Data-Set
 
PPTX
Data set module 4
Data-Set
 
PDF
Cybersecurity and Data Privacy
WilmerHale
 
PDF
Data & Privacy: Striking the Right Balance - Jonny Leroy
Thoughtworks
 
PPT
S719a
ecommerce
 
The right to delete
Paul Bernal
 
Data Privacy
cliff_rudolph
 
Data set Legislation
Data-Set
 
Data set Legislation
Data-Set
 
Data set module 4
Data-Set
 
Cybersecurity and Data Privacy
WilmerHale
 
Data & Privacy: Striking the Right Balance - Jonny Leroy
Thoughtworks
 
S719a
ecommerce
 

What's hot (20)

PPT
Data Protection: Process Information
Cristina Villavicencio
 
PPTX
Data set Legislation
Data-Set
 
PPTX
Privacy issues in data analytics
shekharkanodia
 
PDF
Data Privacy and Security by Design
Data Con LA
 
PPTX
Information Governance -- Necessary Evil or a Bridge to the Future?
John Mancini
 
PPT
The ugly, the bad and the good of cloud computing for government institutions
Dan Michaluk
 
PPTX
Automotive sales crashing into data? Driving customer engagement & growth in...
IgnitionOne
 
PDF
Governing the Chaos
John Hansen
 
PPTX
Data Privacy: What you need to know about privacy, from compliance to ethics
AT Internet
 
PPTX
Data Privacy and Protection Presentation
mlw32785
 
PPTX
Privacy & Data Ethics
Erik Kokkonen
 
PDF
[Presentation] GDPR - How to Ensure Compliance
AIIM International
 
PDF
(Big) Data infographic - EnjoyDigitAll by BNP Paribas
EnjoyDigitAll by BNP Paribas
 
PPT
Data protection process information
yourlegalconsultants
 
PPT
“Privacy Today” Slide Presentation
tomasztopa
 
PPTX
Be aware of the laws in South Africa that apply to email
Lance Michalson
 
PPT
Consumer Privacy
Ashish Jain
 
PPTX
Privacy in the digital space
Yves Sinka
 
PPT
Autonomy, Privacy, The Symbiotic Web
Paul Bernal
 
PDF
Ekwensi ACC article
Ronke Ekwensi
 
Data Protection: Process Information
Cristina Villavicencio
 
Data set Legislation
Data-Set
 
Privacy issues in data analytics
shekharkanodia
 
Data Privacy and Security by Design
Data Con LA
 
Information Governance -- Necessary Evil or a Bridge to the Future?
John Mancini
 
The ugly, the bad and the good of cloud computing for government institutions
Dan Michaluk
 
Automotive sales crashing into data? Driving customer engagement & growth in...
IgnitionOne
 
Governing the Chaos
John Hansen
 
Data Privacy: What you need to know about privacy, from compliance to ethics
AT Internet
 
Data Privacy and Protection Presentation
mlw32785
 
Privacy & Data Ethics
Erik Kokkonen
 
[Presentation] GDPR - How to Ensure Compliance
AIIM International
 
(Big) Data infographic - EnjoyDigitAll by BNP Paribas
EnjoyDigitAll by BNP Paribas
 
Data protection process information
yourlegalconsultants
 
“Privacy Today” Slide Presentation
tomasztopa
 
Be aware of the laws in South Africa that apply to email
Lance Michalson
 
Consumer Privacy
Ashish Jain
 
Privacy in the digital space
Yves Sinka
 
Autonomy, Privacy, The Symbiotic Web
Paul Bernal
 
Ekwensi ACC article
Ronke Ekwensi
 
Ad

Viewers also liked (9)

PPTX
Taking back control
Paul Bernal
 
PPT
Rise and Phall
Paul Bernal
 
PPTX
Collaborative Consent
Paul Bernal
 
PPT
The Symbiotic Web
Paul Bernal
 
PPT
The internet: a new frontier for human rights
Paul Bernal
 
PPTX
Media A2 Portfolio
hugojarvis
 
PDF
Digital Scholarship powered by reflection and reflective practice through the...
Judy O'Connell
 
PDF
The Next Big Thing is Web 3.0. Catch It If You Can
Judy O'Connell
 
PDF
Study: The Future of VR, AR and Self-Driving Cars
LinkedIn
 
Taking back control
Paul Bernal
 
Rise and Phall
Paul Bernal
 
Collaborative Consent
Paul Bernal
 
The Symbiotic Web
Paul Bernal
 
The internet: a new frontier for human rights
Paul Bernal
 
Media A2 Portfolio
hugojarvis
 
Digital Scholarship powered by reflection and reflective practice through the...
Judy O'Connell
 
The Next Big Thing is Web 3.0. Catch It If You Can
Judy O'Connell
 
Study: The Future of VR, AR and Self-Driving Cars
LinkedIn
 
Ad

Similar to Can we keep your data please? (20)

PPTX
Privacy and data protection primer - City of Portland
Hector Dominguez
 
PDF
Business considerations for privacy and open data: how not to get caught out
theODI
 
PPTX
Chapter 08 – Data Protection, Privacy and Freedom of Information - BIT IT5104
Upekha Vandebona
 
PDF
Esc Rennes gdpr oct 2018
Prof. Jacques Folon (Ph.D)
 
PDF
Data science and privacy regulation
blogzilla
 
PPTX
Ethics and Big Data
Pew Research Center's Internet & American Life Project
 
PDF
Future of privacy - Insights from Discussions Building on an Initial Perspect...
Future Agenda
 
PPTX
Designing for Privacy in an Increasingly Public World
Robert Stribley
 
PPTX
Keeping our secrets? Shaping Internet technologies for the public good
blogzilla
 
PDF
Ichec dig strat gdpr
Prof. Jacques Folon (Ph.D)
 
PPT
Track H Huib Gardeniers
ePSI Platform
 
PDF
Privacy and Surveillance
Irem Gokce Aydin
 
PPTX
The 3 Secrets of Online Privacy
Laurent Liscia
 
PPTX
Keeping it Private - A Discussion About Data and the Internet
Daniel Ayala
 
PPT
Updating the EU Data Protection Directive
blogzilla
 
PPT
Personal privacy and computer technologies
sidra batool
 
PPTX
The Privacy Law Landscape: Issues for the research community
ARDC
 
PPT
Dp5
Tommy Vandepitte
 
PPTX
Age Friendly Economy - Legislation and Ethics of Data Use
AgeFriendlyEconomy
 
PPT
Data privacy & social media
Prof. Jacques Folon (Ph.D)
 
Privacy and data protection primer - City of Portland
Hector Dominguez
 
Business considerations for privacy and open data: how not to get caught out
theODI
 
Chapter 08 – Data Protection, Privacy and Freedom of Information - BIT IT5104
Upekha Vandebona
 
Esc Rennes gdpr oct 2018
Prof. Jacques Folon (Ph.D)
 
Data science and privacy regulation
blogzilla
 
Ethics and Big Data
Pew Research Center's Internet & American Life Project
 
Future of privacy - Insights from Discussions Building on an Initial Perspect...
Future Agenda
 
Designing for Privacy in an Increasingly Public World
Robert Stribley
 
Keeping our secrets? Shaping Internet technologies for the public good
blogzilla
 
Ichec dig strat gdpr
Prof. Jacques Folon (Ph.D)
 
Track H Huib Gardeniers
ePSI Platform
 
Privacy and Surveillance
Irem Gokce Aydin
 
The 3 Secrets of Online Privacy
Laurent Liscia
 
Keeping it Private - A Discussion About Data and the Internet
Daniel Ayala
 
Updating the EU Data Protection Directive
blogzilla
 
Personal privacy and computer technologies
sidra batool
 
The Privacy Law Landscape: Issues for the research community
ARDC
 
Dp5
Tommy Vandepitte
 
Age Friendly Economy - Legislation and Ethics of Data Use
AgeFriendlyEconomy
 
Data privacy & social media
Prof. Jacques Folon (Ph.D)
 

Recently uploaded (20)

PDF
Race Reva University – Shaping Future Leaders in Artificial Intelligence
RACE REVA University
 
PDF
MBA _Common_ 2nd year Syllabus _2021-22_.pdf
DrAnubha4
 
PDF
Myanmar Dental Journal, The Journal of the Myanmar Dental Association (2013).pdf
Nay Aung
 
PDF
Climate and Adaptation MCQs class 7 from chatgpt
AkashDTejwani
 
PDF
LIFE & LIVING TRILOGY - PART - (2) THE PURPOSE OF LIFE.pdf
sureshkumarsoni26
 
PDF
Complications of Minimal Access-Surgery.pdf
Laparoscopy Hospital
 
PDF
LEARNERS WITH ADDITIONAL NEEDS ProfEd Topic
Johnlloyd489543
 
PPTX
Introduction to pro and eukaryotes and differences.pptx
AvaniKarumathil
 
PPTX
ELIAS-SEZIURE AND EPilepsy semmioan session.pptx
eyoba2172
 
PPTX
Core Concepts of Personalized Learning and Virtual Learning Environments
Dr. Bushra Sumaiya
 
PDF
My India Quiz Book_20210205121199924.pdf
AtandraDey2
 
PDF
Hazard Identification & Risk Assessment .pdf
estagiarioprotegesms
 
PPTX
A powerpoint presentation on the Revised K-10 Science Shaping Paper
JericEstaco2
 
PDF
Vision Prelims GS PYQ Analysis 2011-2022 www.upscpdf.com.pdf
navneetgupta711851
 
PPTX
Climate Change and Its Global Impact.pptx
vaishalidobhal148
 
PDF
Journal of Dental Science - UDMY (2021).pdf
Nay Aung
 
PDF
BP 505 T. PHARMACEUTICAL JURISPRUDENCE (UNIT 2).pdf
CMEmpire
 
PDF
LIFE & LIVING TRILOGY- PART (1) WHO ARE WE.pdf
sureshkumarsoni26
 
PDF
Empowerment Technology for Senior High School Guide
solthereseamericandr
 
PDF
David L Page_DCI Research Study Journey_how Methodology can inform one's prac...
David L Page
 
Race Reva University – Shaping Future Leaders in Artificial Intelligence
RACE REVA University
 
MBA _Common_ 2nd year Syllabus _2021-22_.pdf
DrAnubha4
 
Myanmar Dental Journal, The Journal of the Myanmar Dental Association (2013).pdf
Nay Aung
 
Climate and Adaptation MCQs class 7 from chatgpt
AkashDTejwani
 
LIFE & LIVING TRILOGY - PART - (2) THE PURPOSE OF LIFE.pdf
sureshkumarsoni26
 
Complications of Minimal Access-Surgery.pdf
Laparoscopy Hospital
 
LEARNERS WITH ADDITIONAL NEEDS ProfEd Topic
Johnlloyd489543
 
Introduction to pro and eukaryotes and differences.pptx
AvaniKarumathil
 
ELIAS-SEZIURE AND EPilepsy semmioan session.pptx
eyoba2172
 
Core Concepts of Personalized Learning and Virtual Learning Environments
Dr. Bushra Sumaiya
 
My India Quiz Book_20210205121199924.pdf
AtandraDey2
 
Hazard Identification & Risk Assessment .pdf
estagiarioprotegesms
 
A powerpoint presentation on the Revised K-10 Science Shaping Paper
JericEstaco2
 
Vision Prelims GS PYQ Analysis 2011-2022 www.upscpdf.com.pdf
navneetgupta711851
 
Climate Change and Its Global Impact.pptx
vaishalidobhal148
 
Journal of Dental Science - UDMY (2021).pdf
Nay Aung
 
BP 505 T. PHARMACEUTICAL JURISPRUDENCE (UNIT 2).pdf
CMEmpire
 
LIFE & LIVING TRILOGY- PART (1) WHO ARE WE.pdf
sureshkumarsoni26
 
Empowerment Technology for Senior High School Guide
solthereseamericandr
 
David L Page_DCI Research Study Journey_how Methodology can inform one's prac...
David L Page
 

Can we keep your data please?

  • 1. ‘ Can we keep your data please?’ ….and other necessary questions Paul Bernal – University of East Anglia
  • 2. Personal data on the internet Massive amounts are held Current commercial models rely on it The data that is held is vulnerable – and may be increasingly so The existence and use of that data is something that concerns people – and rightly so It’s our data, isn’t it??
  • 3. Personal data in the new internet The Google/Facebook model Behavioural tracking Commercial data gathering The market in personal data Government/private sector cooperation
  • 4. Data vulnerability Physical loss – e.g. HMRC/MOD data losses Hacking Vulnerability to government action: Subpoenas, USA PATRIOT act, Data retention Swiss banking data/Chinese Google hackers Commercial vulnerability T-Mobile data-selling scandal Changes of ownership etc Leaking For good reasons.. (Wikileaks??) … and bad (ACS: Law??)
  • 5. What can be done? Systematic culture change – emphasis on data security More powerful, better resourced and better supported data protection systems Better use of technological protection – encryption etc More community awareness of the issue
  • 6. But there will always be problems: Human errors Human malice Technological errors Community pressures New technological and business ideas
  • 7. The only way for data to be truly safe…. … .is for it not to exist
  • 8. Data minimisation Already a principle within data protection, but one that is effectively paid only lip-service It needs to be better enforced – both better detected and more harshly punished. Punishment for data protection breaches are generally for losses or inappropriate processing, not for failures of data minimisation Needs to be put more in the hands of the data subjects
  • 9. New business models The drive behind the current web model has been the business concepts of Google and Facebook New business models could bring about new changes – but how to get them to happen? We need a change in assumptions – that unless you have a strong NEED to hold data, you should not hold that data Data holders need to ask ‘Can we keep your data please? … ..and respect the answer!
  • 10. A right to delete? Currently it is the business that decides whether data should be held, anonymised or deleted If that decision is put in the hands of the data subject, businesses would think twice before using business models that rely on the data being held Instead, they might look for ways to use the data immediately, then discard it
  • 11. A right to delete? Not the same as a ‘right to be forgotten’ – qualitatively different ‘ Forgotten’ is an emotive word, the right can be misunderstood, and opposed unnecessarily This is not re-writing history, or restricting journalists Not a tool for the rich and powerful to retain their power – though that risk is always present
  • 12. A right to delete A change in paradigm. The assumption is that data can and should be deleted if the data subject wants it, unless there are pressing reasons the other way The right needs to be made easily applied – access to data and then the ability to delete it directly on the web Part of a shift in the nature of data protection – putting the focus on the rights of the individual, not on the obligations of the data controllers
  • 13. When can data be held? Paternalistic reasons – for the benefit of the individual (e.g. medical data) Communitarian reasons – for the benefit of the community (e.g. criminal records) Administrative or economic reasons – for the benefit of society (e.g. tax records, electoral rolls) Archival reasons – for a good, accurate and useful historical record (e.g. newspaper records, British Library ‘right to archive’) Security reasons – for national security or criminal investigations (e.g. data retention laws)
  • 14. Business reasons…. … .are not enough
  • 15. Deletion and anonymisation Closely related – and complex Data can relate to more than one individual Data controllers might offer the option to anonymise rather than delete – but it should be the data subject’s option Anonymisation in itself is contentious and more often reversible than people suspect
  • 16. Data protection principles The right to delete extends and improves implementation of data protection principles First point is better data access rights Second is putting data minimisation in the hand of the data subject Important to ensure that this right does not replace the data controller’s responsibility for data minimisation, but adds to it
  • 17. Implications Gives individuals more control and autonomy Forces those holding data to justify why they’re holding it – in such a way that users understand Encourages the development of better business models Could end up supporting individuals even in places where data protection doesn’t apply – because the big businesses develop global business models
  • 18. … and other necessary questions ‘ Can we gather your data please?’ … a right to roam the internet with privacy ‘ Can we do THIS with your data?’ … collaborative consent ‘ Do you mind if we watch you?’ … a right to monitor the monitors [email_address]

Editor's Notes

  • #12: Autonomy by design?
  • #13: Autonomy by design?
  • #17: Again, autonomy by design. And bring in the concept of collaborative consent (refer them to the paper)
  • #19: Can talk about the other rights – the right to roam with privacy: ‘Can we gather your data please?’