Loading...
Please wait, while we are loading the content...
Similar Documents
When Data Protection by Design and Data Subject Rights Clash
| Content Provider | Scilit |
|---|---|
| Author | Veale, Michael Binns, Reuben Ausloos, Jef |
| Copyright Year | 2018 |
| Description | Journal: SSRN Electronic Journal Data Protection by Design (DPbD), a holistic approach to embedding principles in technical and organisational measures undertaken by data controllers, building on the notion of Privacy by Design, is now a qualified duty in the GDPR.Practitioners have seen DPbD less holistically, instead framing it through the confidentiality-focussed lens of Privacy Enhancing Technologies (PETs).While focussing primarily on confidentiality risk, we show that some DPbD strategies deployed by large data controllers result in personal data which, despite remaining clearly reidentifiable by a capable adversary, make it difficult for the controller to grant data subjects rights (eg access, erasure, objection) over for the purposes of managing this risk.Informed by case studies of Apple's Siri voice assistant and Transport for London's Wi-Fi analytics, we suggest three main ways to make deployed DPbD more accountable and data subject-centric: building parallel systems to fulfil rights, including dealing with volunteered data; making inevitable trade-offs more explicit and transparent through Data Protection Impact Assessments; and through ex ante and ex post information rights (arts 13-15), which we argue may require the provision of information concerning DPbD trade-offs.Despite steep technical hurdles, we call both for researchers in PETs to develop rigorous techniques to balance privacy-as-control with privacy-as-confidentiality, and for DPAs to consider tailoring guidance and future frameworks to better oversee the trade-offs being made by primarily well-intentioned data controllers employing DPbD. |
| Related Links | http://discovery.ucl.ac.uk/10043844/13/Veale_VealeBinnsAusloos.pdf https://papers.ssrn.com/sol3/Delivery.cfm?abstractid=3081069 |
| ISSN | 10914358 |
| e-ISSN | 15565068 |
| DOI | 10.2139/ssrn.3081069 |
| Journal | SSRN Electronic Journal |
| Language | English |
| Publisher | Elsevier BV |
| Publisher Date | 2018-02-20 |
| Access Restriction | Open |
| Subject Keyword | Journal: SSRN Electronic Journal Information and Library Science Privacy By Design Data Protection By Design Privacy-enhancing Technologies Privacy Enhancing Technologies Data Protection Impact Assessments Information Rights Right To Be Forgotten |
| Content Type | Text |
| Resource Type | Article |
| Subject | Public Health, Environmental and Occupational Health Psychiatry and Mental Health |
