Abstract image of a woman sitting on books and studying on a laptop

Taking back control

Download as PPTX, PDF
P
Paul Bernal

This document proposes a rights-based approach to personal data on the internet. It suggests establishing three connected rights: the right to roam the internet with privacy by limiting unnecessary data gathering; the right to monitor how personal data is being used and processed with options to turn monitoring off; and the right to delete personal data held by companies. These rights aim to shift assumptions around data practices to ones of individual control and consent. Businesses would need to gain ongoing consent rather than one-time consent. While rights need balancing with business and government needs, clear rights can help build trust between individuals and internet companies.

EducationTechnologyBusiness
1 of 20
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
Taking back controlA rights-based approach to the gathering, processing and holding of personal data in the online environment
Two questions:To what extent is the Internet a ‘public’ space to roam and enjoy?To what extent is personal data ‘ours’?
Three connected issues:The gathering of personal dataThe processing and utilisation of personal dataThe holding of personal data
Data gatheringWithout our knowledge?Without our permission?Without our understanding?
Data gatheringThe beginning of a solution:The right to roam the Internet with privacy
A change in assumptionsA new default: no data gatheringThe fundamental tools of the Internet should be available without data gathering
How could this work?E.g. for a search engine, two search boxes:‘Basic’ search, without data gathering‘Super’ search, with data gathering and tailoringOne big questions:What are the ‘fundamental tools’ of the Internet?
Data processing and utilisationInstant utilisation – tailored advertising, tailored contentSubsequent utilisation – the impact of profiling
Data processing and utilisationThe beginning of a solution:The right to monitor the monitors
A change in approach to consentConsent is not one-off, but continuousData gatherers must continually alert you to the fact that gathering is taking placeThe opportunity to turn the monitoring OFF and to revoke consent must be providedLinks to information and options to gathering and use must be provided
How could this work?A little alert box, flashing up to indicate when something is happening, allow the option to click on/off, or link to further informationUse the communicative opportunities of the internet – and its immediacyConsent in ‘real time’.
Data holdingThe beginning of a solution:The right to delete data
A change in assumptionsThe default: data CAN be deletedHolding data is a privilege, not a rightPutting data minimisation into the hands of the individual
When can data NOT be deleted?Paternalistic reasons – e.g. medical dataCommunitarian reasons – e.g. criminal recordsAdministrative reasons – e.g. tax records, electoral rollsArchival reasons – but strictly controlledSecurity reasons – strictly controlled
How could this work?Immediate access to data held should be provided – with the option to deleteData deletion should be simple and direct – not complex or opaqueCould be combined with the monitoring of monitors
Three connected rightsThe right to roam with privacyThe right to monitor the monitorsThe right to delete
Why rights?What is needed is not detailed law, but a change in paradigmChanges in the net are driven by business models more than by lawBusinesses are sensitive to the perceptions of the publicInternet businesses are cross-jurisdictional, but can set worldwide standards
Rights in balanceThe needs to business and governments must balance with those of individualsAll these rights are subject to balance - and where necessary may be overriddenBoth businesses and individuals need to be able to trust and use the net - clear and appropriate rights can help build that trust
Business models in balanceWith rights in place, business models will changeIf data gathering must be notified and may be refused, models reliant on secret gathering won’t be createdIf a user can delete data, models reliant on long-term holding of data won’t be usedIf businesses have to gain consent, then users must be gaining benefits if they are to gain that consent
Taking back controlA rights-based approach to the gathering, processing and holding of personal data in the online environmentPaul Bernal: p.a.bernal@lse.ac.uk

More Related Content

PDF
How To Perform GDPR "Right To Be Forgotten" Requests
Angela Sun
 
PDF
How does the data protection reform strengthen citizens rights?
- Mark - Fullbright
 
PDF
Geek Sync: Database Auditing Essentials: Tracking Who Did What to Which Data ...
IDERA Software
 
PPTX
Cybersecurity, Privacy and Data Security from a Business Lawyer's Perspective
Data Con LA
 
PDF
Hipaa it risk analysis and risk analysis
John_mith
 
PPTX
The right to delete
Paul Bernal
 
PPT
Can we keep your data please?
Paul Bernal
 
PPTX
Collaborative Consent
Paul Bernal
 
How To Perform GDPR "Right To Be Forgotten" Requests
Angela Sun
 
How does the data protection reform strengthen citizens rights?
- Mark - Fullbright
 
Geek Sync: Database Auditing Essentials: Tracking Who Did What to Which Data ...
IDERA Software
 
Cybersecurity, Privacy and Data Security from a Business Lawyer's Perspective
Data Con LA
 
Hipaa it risk analysis and risk analysis
John_mith
 
The right to delete
Paul Bernal
 
Can we keep your data please?
Paul Bernal
 
Collaborative Consent
Paul Bernal
 

Viewers also liked (8)

PPT
Rise and Phall
Paul Bernal
 
PPT
The Symbiotic Web
Paul Bernal
 
PPT
The internet: a new frontier for human rights
Paul Bernal
 
PPTX
Media A2 Portfolio
hugojarvis
 
PPT
Autonomy, Privacy, The Symbiotic Web
Paul Bernal
 
PDF
Digital Scholarship powered by reflection and reflective practice through the...
Judy O'Connell
 
PDF
The Next Big Thing is Web 3.0. Catch It If You Can
Judy O'Connell
 
PDF
Study: The Future of VR, AR and Self-Driving Cars
LinkedIn
 
Rise and Phall
Paul Bernal
 
The Symbiotic Web
Paul Bernal
 
The internet: a new frontier for human rights
Paul Bernal
 
Media A2 Portfolio
hugojarvis
 
Autonomy, Privacy, The Symbiotic Web
Paul Bernal
 
Digital Scholarship powered by reflection and reflective practice through the...
Judy O'Connell
 
The Next Big Thing is Web 3.0. Catch It If You Can
Judy O'Connell
 
Study: The Future of VR, AR and Self-Driving Cars
LinkedIn
 
Ad

Similar to Taking back control (20)

PPTX
GDPR: Training Materials by Qualsys
Qualsys Ltd
 
PPTX
Data Privacy: Protecting Information in the Digital Age
Sajal Jain
 
PDF
Gdpr in a nutshell
Matthew Butler
 
PPTX
A quick look at gdpr
CookieYes
 
PPTX
Reddico GDPR Presentation
Luke Kyte
 
DOCX
General data protection regulation - European union
Rohana K Amarakoon
 
PDF
Web Analytics and Privacy
Piwik PRO
 
PPTX
Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...
Qualsys Ltd
 
PPTX
Data protection & security breakfast briefing master slides 28 june-final
Dr. Donald Macfarlane
 
PPTX
Data Protection & Security Breakfast Briefing - Master Slides_28 June_final
Dr. Donald Macfarlane
 
PPTX
Ethics in Data Management.pptx
Ravindra Babu
 
PDF
ETHICAL ISSUES WITH CUSTOMER DATA COLLECTION
Pranav Godse
 
PDF
Gdpr presentation
Iain Wicks MCIPR
 
PPTX
Data set module 4
Data-Set
 
PDF
Marcus Comiter, "Data Policy for Internet of Things Healthcare Devices: Align...
The Petrie-Flom Center for Health Law Policy, Biotechnology, and Bioethics
 
PPTX
Data set Legislation
Data-Set
 
PPTX
Data set Legislation
Data-Set
 
PDF
10 Key GDPR Requirements You Must Know to Protect Your Business
VISTA InfoSec
 
PPTX
Whose data is it anyways? Public vs Private data collection.
Megha Sharma
 
PDF
An AI-assisted Approach for Checking the Completeness of Privacy Policies Aga...
Lionel Briand
 
GDPR: Training Materials by Qualsys
Qualsys Ltd
 
Data Privacy: Protecting Information in the Digital Age
Sajal Jain
 
Gdpr in a nutshell
Matthew Butler
 
A quick look at gdpr
CookieYes
 
Reddico GDPR Presentation
Luke Kyte
 
General data protection regulation - European union
Rohana K Amarakoon
 
Web Analytics and Privacy
Piwik PRO
 
Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...
Qualsys Ltd
 
Data protection & security breakfast briefing master slides 28 june-final
Dr. Donald Macfarlane
 
Data Protection & Security Breakfast Briefing - Master Slides_28 June_final
Dr. Donald Macfarlane
 
Ethics in Data Management.pptx
Ravindra Babu
 
ETHICAL ISSUES WITH CUSTOMER DATA COLLECTION
Pranav Godse
 
Gdpr presentation
Iain Wicks MCIPR
 
Data set module 4
Data-Set
 
Marcus Comiter, "Data Policy for Internet of Things Healthcare Devices: Align...
The Petrie-Flom Center for Health Law Policy, Biotechnology, and Bioethics
 
Data set Legislation
Data-Set
 
Data set Legislation
Data-Set
 
10 Key GDPR Requirements You Must Know to Protect Your Business
VISTA InfoSec
 
Whose data is it anyways? Public vs Private data collection.
Megha Sharma
 
An AI-assisted Approach for Checking the Completeness of Privacy Policies Aga...
Lionel Briand
 
Ad

Recently uploaded (20)

PDF
Myanmar Dental Journal, The Journal of the Myanmar Dental Association (2013).pdf
Nay Aung
 
PDF
HVAC Specification 2024 according to central public works department
amitrobanipl
 
PDF
Climate and Adaptation MCQs class 7 from chatgpt
AkashDTejwani
 
PDF
LEARNERS WITH ADDITIONAL NEEDS ProfEd Topic
Johnlloyd489543
 
PDF
AI-driven educational solutions for real-life interventions in the Philippine...
EleniIlkou
 
PDF
LIFE & LIVING TRILOGY - PART (3) REALITY & MYSTERY.pdf
sureshkumarsoni26
 
PPTX
Climate Change and Its Global Impact.pptx
vaishalidobhal148
 
PPTX
A powerpoint presentation on the Revised K-10 Science Shaping Paper
JericEstaco2
 
PDF
BP 704 T. NOVEL DRUG DELIVERY SYSTEMS (UNIT 2).pdf
CMEmpire
 
PDF
My India Quiz Book_20210205121199924.pdf
AtandraDey2
 
PPTX
Computer Architecture Input Output Memory.pptx
Gunasundari Selvaraj
 
PPTX
Core Concepts of Personalized Learning and Virtual Learning Environments
Dr. Bushra Sumaiya
 
PPTX
ELIAS-SEZIURE AND EPilepsy semmioan session.pptx
eyoba2172
 
PDF
Race Reva University – Shaping Future Leaders in Artificial Intelligence
RACE REVA University
 
PDF
1.3 FINAL REVISED K-10 PE and Health CG 2023 Grades 4-10 (1).pdf
JohnJerryDalawampu
 
PPTX
Introduction to pro and eukaryotes and differences.pptx
AvaniKarumathil
 
PDF
David L Page_DCI Research Study Journey_how Methodology can inform one's prac...
David L Page
 
PDF
Literature_Review_methods_ BRACU_MKT426 course material
mokoto4834
 
PDF
BP 505 T. PHARMACEUTICAL JURISPRUDENCE (UNIT 1).pdf
CMEmpire
 
PDF
Skin Care and Cosmetic Ingredients Dictionary ( PDFDrive ).pdf
SahianAlondraPichard
 
Myanmar Dental Journal, The Journal of the Myanmar Dental Association (2013).pdf
Nay Aung
 
HVAC Specification 2024 according to central public works department
amitrobanipl
 
Climate and Adaptation MCQs class 7 from chatgpt
AkashDTejwani
 
LEARNERS WITH ADDITIONAL NEEDS ProfEd Topic
Johnlloyd489543
 
AI-driven educational solutions for real-life interventions in the Philippine...
EleniIlkou
 
LIFE & LIVING TRILOGY - PART (3) REALITY & MYSTERY.pdf
sureshkumarsoni26
 
Climate Change and Its Global Impact.pptx
vaishalidobhal148
 
A powerpoint presentation on the Revised K-10 Science Shaping Paper
JericEstaco2
 
BP 704 T. NOVEL DRUG DELIVERY SYSTEMS (UNIT 2).pdf
CMEmpire
 
My India Quiz Book_20210205121199924.pdf
AtandraDey2
 
Computer Architecture Input Output Memory.pptx
Gunasundari Selvaraj
 
Core Concepts of Personalized Learning and Virtual Learning Environments
Dr. Bushra Sumaiya
 
ELIAS-SEZIURE AND EPilepsy semmioan session.pptx
eyoba2172
 
Race Reva University – Shaping Future Leaders in Artificial Intelligence
RACE REVA University
 
1.3 FINAL REVISED K-10 PE and Health CG 2023 Grades 4-10 (1).pdf
JohnJerryDalawampu
 
Introduction to pro and eukaryotes and differences.pptx
AvaniKarumathil
 
David L Page_DCI Research Study Journey_how Methodology can inform one's prac...
David L Page
 
Literature_Review_methods_ BRACU_MKT426 course material
mokoto4834
 
BP 505 T. PHARMACEUTICAL JURISPRUDENCE (UNIT 1).pdf
CMEmpire
 
Skin Care and Cosmetic Ingredients Dictionary ( PDFDrive ).pdf
SahianAlondraPichard
 

Taking back control

  • 1. Taking back controlA rights-based approach to the gathering, processing and holding of personal data in the online environment
  • 2. Two questions:To what extent is the Internet a ‘public’ space to roam and enjoy?To what extent is personal data ‘ours’?
  • 3. Three connected issues:The gathering of personal dataThe processing and utilisation of personal dataThe holding of personal data
  • 4. Data gatheringWithout our knowledge?Without our permission?Without our understanding?
  • 5. Data gatheringThe beginning of a solution:The right to roam the Internet with privacy
  • 6. A change in assumptionsA new default: no data gatheringThe fundamental tools of the Internet should be available without data gathering
  • 7. How could this work?E.g. for a search engine, two search boxes:‘Basic’ search, without data gathering‘Super’ search, with data gathering and tailoringOne big questions:What are the ‘fundamental tools’ of the Internet?
  • 8. Data processing and utilisationInstant utilisation – tailored advertising, tailored contentSubsequent utilisation – the impact of profiling
  • 9. Data processing and utilisationThe beginning of a solution:The right to monitor the monitors
  • 10. A change in approach to consentConsent is not one-off, but continuousData gatherers must continually alert you to the fact that gathering is taking placeThe opportunity to turn the monitoring OFF and to revoke consent must be providedLinks to information and options to gathering and use must be provided
  • 11. How could this work?A little alert box, flashing up to indicate when something is happening, allow the option to click on/off, or link to further informationUse the communicative opportunities of the internet – and its immediacyConsent in ‘real time’.
  • 12. Data holdingThe beginning of a solution:The right to delete data
  • 13. A change in assumptionsThe default: data CAN be deletedHolding data is a privilege, not a rightPutting data minimisation into the hands of the individual
  • 14. When can data NOT be deleted?Paternalistic reasons – e.g. medical dataCommunitarian reasons – e.g. criminal recordsAdministrative reasons – e.g. tax records, electoral rollsArchival reasons – but strictly controlledSecurity reasons – strictly controlled
  • 15. How could this work?Immediate access to data held should be provided – with the option to deleteData deletion should be simple and direct – not complex or opaqueCould be combined with the monitoring of monitors
  • 16. Three connected rightsThe right to roam with privacyThe right to monitor the monitorsThe right to delete
  • 17. Why rights?What is needed is not detailed law, but a change in paradigmChanges in the net are driven by business models more than by lawBusinesses are sensitive to the perceptions of the publicInternet businesses are cross-jurisdictional, but can set worldwide standards
  • 18. Rights in balanceThe needs to business and governments must balance with those of individualsAll these rights are subject to balance - and where necessary may be overriddenBoth businesses and individuals need to be able to trust and use the net - clear and appropriate rights can help build that trust
  • 19. Business models in balanceWith rights in place, business models will changeIf data gathering must be notified and may be refused, models reliant on secret gathering won’t be createdIf a user can delete data, models reliant on long-term holding of data won’t be usedIf businesses have to gain consent, then users must be gaining benefits if they are to gain that consent
  • 20. Taking back controlA rights-based approach to the gathering, processing and holding of personal data in the online environmentPaul Bernal: p.a.bernal@lse.ac.uk