“Lost in Transla-on?”
Privacy in the age of mobility, interconnec-vity and
computa-onal predic-on
3/4/11 1 Privacy Seminar Hoepman
Mireille Hildebrandt [email protected]
• Professor Smart Environments, Data Protec2on and the Rule of Law ,Ins-tute for Computer and Informa-on Sciences (ICIS), Radboud University Nijmegen
• Associate Professor of Jurisprudence, Erasmus School of Law, RoRerdam
• Senior Researcher, Law Science Technology and Society (LSTS), Vrije Universiteit Brussels
3/4/11 2 Privacy Seminar Hoepman
• Computer science and Law • Privacy in CS and Law • Concep-ons of privacy • ECHR and D 95/46 EC • Computa-onal Turn
• Privacy implica-ons
• Legal protec-on by design
3/4/11 Privacy Seminar Hoepman 3
End of privacy? Beginning of what?
3/4/11 Privacy Seminar Hoepman 4
Computer Science and Law
3/4/11 Privacy Seminar Hoepman 5
Discrete, indiscreet and analogue
• hRp://tvtropes.org/pmwiki/pmwiki.php/Main/AliceAndBob
3/4/11 Privacy Seminar Hoepman 6
• Anderson, R. 2008. Security engineering : A guide to building dependable distributed systems. 2nd ed. Indianapolis, IN: Wiley Pub. hRp://www.loc.gov/catdir/enhancements/fy0827/2008006392-‐d.html
• Schneier, B. 2000. Secrets and lies : Digital security in a networked world. New York: John Wiley. hRp://www.loc.gov/catdir/descrip-on/wiley0310/00042252.html
• Hayles, N.K. 1999. How we became posthuman. Virtual bodies in cyberne-cs, literature, and informa-cs. Chicago: University of Chicago Press.
• Dworkin, R. 1982. Law as interpreta-on. Texas Law Review 60: 527-‐50. • White, J.B. 1990. Jus-ce as transla-on: An essay in cultural and legal
cri-cism. Chicago: University of Chicago Press. hRp://mirlyn.lib.umich.edu/Record/002168401
3/4/11 Privacy Seminar Hoepman 7
Privacy in CS and Law
3/4/11 Privacy Seminar Hoepman 8
Anonymity?
3/4/11 9 Privacy Seminar Hoepman
Unobservability?
• Cheng Wei Yin, China hRp://www.ccwpf-‐cclpm.ca/cartoons-‐2011/cartoons-‐2009
3/4/11 10 Privacy Seminar Hoepman
Unobservability?
• Chris Slane hRp://amberhawk.typepad.com/amberhawk/cartoons/
3/4/11 11 Privacy Seminar Hoepman
• Fischer-‐Hübner, S. 2001. It-‐security and privacy : Design and use of privacy-‐enhancing security mechanisms Lecture notes in computer science 1958. New York: Springer. hRp://www.loc.gov/catdir/enhancements/fy0812/2001034161-‐d.html
• Beresford, A.R. and F. Stajano. 2003. Loca-on privacy in pervasive compu-ng. Pervasive compu-ng: 46-‐55.
• Gutwirth, S. 2009. Reinven-ng data protec-on? [Dordrecht?]: Springer.
• Agre, P.E. and M. Rotenberg eds. 2001. Technology and privacy: The new landscape. Cambridge, MassachuseRs: MIT.
3/4/11 Privacy Seminar Hoepman 12
Concep-ons of privacy
3/4/11 Privacy Seminar Hoepman 13
Illusions of control?
• Ludo Goderis, Belgium hRp://www.ccwpf-‐cclpm.ca/cartoons-‐2011/cartoons-‐2009
3/4/11 14 Privacy Seminar Hoepman
Data minimisa-on?
• Chris Slane hRp://amberhawk.typepad.com/amberhawk/cartoons/
3/4/11 15 Privacy Seminar Hoepman
Security without privacy?
• Clay BenneR, USA/EUA hRp://www.ccwpf-‐cclpm.ca/cartoons-‐2011/cartoons-‐2009
3/4/11 16 Privacy Seminar Hoepman
• Altman, I. 1975. The environment and social behavior. Privacy personal space territory crowding. Montery: Brooks/Cole.
• Solove, D.J. 2002. Conceptualizing privacy. California Law Review 90: 1087-‐156. • Nissenbaum, H. 1997. Towards an approach to privacy in public: The challenges of
informa-on technology. Ethics and Behavior 7: 207-‐19. • -‐-‐-‐. 2004. Privacy as contextual integrity. Washington Law Review 79: 101-‐40. • Cohen, J. 2000. Examined lives: Informa-onal privacy and the subject as object.
Stanford Law Review 52
• Gurses, S. and B. Berendt. (2010). The social web and privacy: Prac-ces, reciprocity and conflict detec-on in social networks. In Privacy-‐aware knowledge discovery: Novel applica-ons and new techniques. Florida, USA: Chapman and Hall/CRC Data Mining and Knowledge Discovery book series.
3/4/11 Privacy Seminar Hoepman 17
ECHR and D 95/46/EC
3/4/11 Privacy Seminar Hoepman 18
Art. 8 ECHR
1. Everyone has the right to respect for his private and family life, his home and his correspondence.
2. There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democra-c society in the interests of na2onal security, public safety or the economic well-‐being of the country, for the preven2on of disorder or crime, for the protec2on of health or morals, or for the protec2on of the rights and freedoms of others.
3/4/11 Privacy Seminar Hoepman 19
D 95/46/EC • Ar-cle 2 (a) 'personal data' shall mean any informa-on rela-ng to an iden-fied or iden-fiable natural person ('data
subject'); an iden-fiable person is one who can be iden-fied, directly or indirectly, in par-cular by reference to an iden-fica-on number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social iden-ty; (h) 'the data subject's consent' shall mean any freely given specific and informed indica-on of his wishes by which the data subject signifies his agreement to personal data rela-ng to him being processed.
• Ar-cle 6 1. Member States shall provide that personal data must be: (b) collected for specified, explicit and legi-mate purposes and not further processed in a way incompa-ble with those purposes.
• Ar-cle 7 Member States shall provide that personal data may be processed only if: (a) the data subject has unambiguously given his consent; or (b) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract; or (c) processing is necessary for compliance with a legal obliga-on to which the controller is subject; or (d) processing is necessary in order to protect the vital interests of the data subject; or (e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller or in a third party to whom the data are disclosed; or (f) processing is necessary for the purposes of the legi-mate interests pursued by the controller or by the third party or par-es to whom the data are disclosed, except where such interests are overridden by the interests for fundamental rights and freedoms of the data subject which require protec-on under Ar-cle 1 (1).
• Ar-cle 8 The processing of special categories of data 1. Member States shall prohibit the processing of personal data revealing racial or ethnic origin, poli-cal opinions, religious or philosophical beliefs, trade-‐union membership, and the processing of data concerning health or sex life. 2. Paragraph 1 shall not apply where: (a) the data subject has given his explicit consent to the processing of those data, except where the laws of the Member State provide that the prohibi-on referred to in paragraph 1 may not be liqed by the data subject's giving his consent; or
3/4/11 Privacy Seminar Hoepman 20
• De Hert, P. and S. Gutwirth. 2009. Data protec-on in the case law of Strasbourg and Luxembourg: Cons-tu-onalism in ac-on. In Reinven-ng data protec-on?, 3-‐44. Dordrecht: Springer.
• Poullet, Y. and S. Gutwirth. 2008. The cons-tu-on of the ar-cle 29 working party to the construc-on of a harmonised european data protec-on system: An illustra-on of 'reflexive governance'? In Challenges of privacy and data protec-on law, 569-‐609. Brussels: Bruylant
3/4/11 Privacy Seminar Hoepman 21
Computa-onal Turn
3/4/11 Privacy Seminar Hoepman 22
Cogni-ve science
• Figure 1: Brain region ac/va/ons during tailored messages associated with qui9ng.
• Greater dmPFC ac-va-on predicted quirng and greater precuneus ac-va-on marginally predic-ng quirng. Regions are defined by areas preferen-ally engaged during tailored messages in contrast with untailored messages and also self-‐related processing in the self-‐appraisal task. The color map depicts the t score and image coordinates are in Montreal Neurological Ins2tute brain atlas space.
• Chua, H.F., S.S. Ho, A.J. Jasinska, T.A. Polk, R.C. Welsh, I. Liberzon and V.J. Strecher. Self-‐related neural response to tailored smoking-‐cessa-on messages predicts quirng. Nat Neurosci advance online publica-on.
3/4/11 Privacy Seminar Hoepman 23
Correlatability?
• Chris Slane hRp://amberhawk.typepad.com/amberhawk/cartoons/
3/4/11 24 Privacy Seminar Hoepman
• ISTAG. 2001. Scenarios for ambient intelligence in 2010, available at: hRp://www.cordis.lu/ist/istag-‐reports.htm: Informa-on Society Technology Advisory Group.
• ITU. 2005. The internet of things. Geneva: Interna-onal Telecommunica-ons Union (ITU).
• Custers, B. 2004. The power of knowledge. Ethical, legal, and technological aspects of data mining and group profiling in epidemiology. Nijmegen: Wolf Legal Publishers
• Hand, D.J. 2007. Informa2on genera2on : How data rule our world. Oxford: Oneworld
• Ayres, I. 2007. Super crunchers : Why thinking-‐by-‐numbers is the new way to be smart. New York: Bantam Books. hRp://www.loc.gov/catdir/toc/ecip0715/2007013804.html
3/4/11 Privacy Seminar Hoepman 25
Privacy implica-ons
3/4/11 Privacy Seminar Hoepman 26
Autonomy?
3/4/11 27 Privacy Seminar Hoepman
Correlatability?
• Chris Slane hRp://amberhawk.typepad.com/amberhawk/cartoons/
3/4/11 28 Privacy Seminar Hoepman
• Bohn, J., V. Coroama, M. Langheinrich, F. MaRern and M. Rohs. 2005. Social, economic, and ethical implica-ons of ambient intelligence and ubiquitous compu-ng. In Ambient intelligence, 5-‐29. Zurich: Springer. www.vs.inf.ethz.ch/publ/papers/socialambient.pdf
• Cas, J. 2005. Privacy in pervasive compu-ng environments -‐ acontradic-on in terms. IEEE Technology and Society Magazine: 24-‐33.
• Custers, B. 2003. Effects of unreliable group profiling by means of data mining. In Discovery science, 291-‐96. hRp://dx.doi.org/10.1007/978-‐3-‐540-‐39644-‐4_ 25
• Friedewald, M., R. Lindner and D. Wright eds. 2006. Threats, vulnerabili2es and safeguards in a world of ambient intelligence: Safeguards in a World of Ambient Intelligence (SWAMI), Deliverable 3.
• Jiang, X. 2002. Safeguard privacy in ubiquitous compu-ng with decentralized informa-on spaces: Bridging the technical and the social. In Privacy Workshop September 29, 2002, University of California, Berkeley. Berkeley, available at: hRp://guir.berkeley.edu/pubs/ubicomp2002/privacyworkshop/papers/jiang-‐privacyworkshop.pdf. Rouvroy, A. 2008. Privacy, data protec-on, and the unprecedented challenges of ambient intelligence. Studies in Ethics, Law, and Technology 2: Ar-cle 3.
• Vedder, A. 1999. Kdd: The challenge to individualism. Ethics and Informa-on Technology 1: 275-‐81. • Zarsky, T.Z. 2002-‐2003. "Mine your own business!": Making the case for the implica-ons of the data
mining or personal informa-on in the forum of public opinion. Yale Journal of Law & Technology 5: 17-‐47.
• Dwyer, C. 2009. The inference problem and pervasive compu-ng. In Proceedings of internet research 10.0. Milwaukee, WI.
3/4/11 Privacy Seminar Hoepman 29
Legal protec-on by design
3/4/11 Privacy Seminar Hoepman 30
Consent?
3/4/11 31 Privacy Seminar Hoepman
Behavioral Adver-sing
3/4/11 Privacy Seminar Hoepman 32
3/4/11 Privacy Seminar Hoepman 33
• Dolinar, K., J. Porekar and A.J. Balazic. 2009. Design paRerns for a systemic privacy protec-on. IARIA Interna-onal Journal of Advances in Security 2: 267-‐87.
• Nyugen, D.H. and E.D. MynaR. 2002. Privacy mirrors: Understanding and shaping socio-‐technical ubiquitous compu-ng systems: Georgia Ins-tute of Technology. hRp://hdl.handle.net/1853/3268.
• Fischer-‐Huebner S, Hedbom H (eds.) (2008) Deliverable D14.1.c Framework V3, March 2008. PRIME Project
• Weitzner, J. 2006. Transparent accountable data mining: New strategies for privacy protec-on. In Computer Science and Ar2ficial Intelligence Laboratory Technical Report: MassachuseRs Ins-tute of Technology
3/4/11 Privacy Seminar Hoepman 34
See also:
• Hildebrandt, M. 2009. Who is profiling who? Invisible visibility. In Reinven2ng data protec2on?, 239-‐52. Dordrecht: Springer.
• Hildebrandt, M. and S. Gutwirth eds. 2008. Profiling the european ci2zen. Cross-‐disciplinary perspec2ves. Dordrecht: Springer.
• Hildebrandt, M. and B.J. Koops. 2010. The challenges of ambient law and legal protec-on in the profiling era. Modern Law Review 73: 428-‐60
3/4/11 Privacy Seminar Hoepman 35