the Death of Privacy in Three Acts

ive

Professor Lilian Edwards –

University of Strathclyde

The Death of Privacy in Three Acts

How Data Protection is meant to WorkFound currently in Data Protection Directive 95/46/EC ; implemented in UK law by DPAct 1998; potentially to be replaced by 2016 by new DP Regulation (DPReg)

NB DP law only applies to “personal data” which is “information relating to an identified or identifiable natural person (data subject)” – ?anonymous/pseudonymous data?

1. Personal Data shall be processed lawfully and fairly.– Most common lawful ground is consent (freely given, specific, unambiguous but

not necc “explicit”); but others exist, including “legitimate interests of data controller (unless or ridden by fundamental rights of data subject”)

2. Personal Data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in a manner incompatible with those purposes.

3. Personal data shall be adequate, relevant and not excessive in relation to the purpose for which it was processed

4. Personal data shall be accurate and kept to date if necessary.

DP Principles (cont.)

5. Personal data shall not be kept for a longer time than it is necessary for its purpose. (“Retention”)

6. Personal data can only be processed in accordance with the rights of the data subjects.

7. Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing (“security”).

8. Restriction on transferring personal data to countries that do not provide adequate data protection.

The death of privacy and the failure of data protection (DP) law

Data protection principles based on earlier paradigm ie “notice and choice (OECD). “Choice” - invoked in DPD /DPA by consent as ground for lawful processing, having been given notice of purposes of data collection.

But –how far is consent a real opportunity for control by data subjects in digital and ambient environments?

• Decline of real and informed consent online eg FB, Google, apps• Decline of prior, informed consent in ubiquitous

computing/ambient intelligence/the Internet of Things • Decline of purpose limitation due to Big Data In each case fundamental elements of the “notice and choice” paradigm are

elided or destroyed“Smart cities” are an example of combining all three elements.

1. Consent online in theory & real life•DPD , Art 2 “any freely given, specific and informed indication of his

wishes by which the data subject signifies his agreement to personal data relating to him being processed.”

•Art 8(2)(a) as ground for processing of sensitive PD, “explicit”

•DP Reg would make all consent explicit

• BUT

•Privacy policies unreadable,unread and constantly change•Users prize immediate gains over future gains-> faulty risk assessment•Lock-in network effect –=> non competitive market on provacy •See further Edwards “Anti social networking” in Brown I ed Research

Handbook on Governance of the Internet (2013)•Bad enough in online digital environment – what about real

world/ambient environments?

2. “Ambient environments” and the death of notice and choice?

• Ubiquity = “invisible and seamlessly adaptive” (Spiekerman and Pallas) . Adaptive – learn from ambient total data collection, data not forgotten while useful

• Weiser – weaving themselves “into the fabric of everyday life until they are indistinguishable from it”

• The more useful, the less obvious and the less controlled by individual notice and choice.

• How can this match DP idea of privacy as individual right to prior informed control of collection of data?

• Cas “ubiquitous computing will erode all central pillars of current privacy protection”

• -> Authorisation of PD collection (for non police) likely to come from “legitimate interests”

• And towards categorisation of data as anonymised rather than personal (yet big data? Mosaic effect)

• Draft DP Reg shows tendency towards poor control if any over “pseudonymous” data and presumption of “legit interests” of DC not being over ruled by fundamental rights of users

3. Big Data• “about applying maths to

huge amounts of data to infer probabilities..”

• Essentially machine learning

• Everything from generating new pharma compounds to predictive policing to twitter mining

• What happens to “notice” in notice and choice? ?

• “in a Big Data age , most innovative secondary uses haven’t been imagined when the data is first collected"

• “there is a treasure hunt underway” *(p 15)

Cas “Ubiquitous Computing, Privacy and DP”, 2009: “Biometric procedures replace the need to remember passwords or actively prove authorisation.. [ambient intelligence environments] require previously inconceivable levels of knowledge about the inhabitants”

Chinese face recognition enabled door – on sale,

.. Again, exacerbated in ambient environment?

-> “Smart cities” as the unholy alliance of all three issues?

Smart meters

Smart cities issues• How to collect prior free informed consent in such environments? • Alternatives? “Legitimate interests”• Privacy “by design” and “by default” (draft DP reg) (how? Is it an HCI issue? How

to avoid the cookies wars all over again? Will focus shift to data use rather than initial data collection?);

• Will avoidance/resistance/ self help arise to impede data collection in smart cities (eg hoodies)?

• How can interests in privacy of individuals be balanced against interests of all esp in high problem areas like Glasgow? (health, poverty etc)

• Could privacy scares also impede social good? – the “GM crops” effect?• Can EU RFID PIA code of practice (Spiekerman) be adapted to smart cities? Has

anyone carried out a PIA on a smart city?• “Retro fitted” smart cities (eg Glasgow, Rio etc) vs new or “top down” smart cities

(eg Songdo in North Korea – designed by and for Cisco Systems? Modern panopticons??)

• Will all data collected by sensors in smart city public areas be deemed “public” and available to police without interception warrant or RIPA Ch 2 authorisation? Cf “public” tweets?