Date post: | 22-Apr-2015 |
Category: |
Technology |
Upload: | ian-brown |
View: | 2,749 times |
Download: | 1 times |
Ubicomp challenges for privacy law
Dr Ian Brown, Oxford Internet Institute
Overview
Human rights to privacy ECHR, EU Charter
Data protection law OECD, Council of Europe and EU instruments
Privacy by design
The challenges of/for ubicomp
Privacy
“the right to be let alone – the most comprehensive of rights, and the right most valued by civilized men.” – Supreme Court Justice Louis Brandeis, Olmstead v US 277 US 478 (1928)
“A free and democratic society requires respect for the autonomy of individuals, and limits on the power of both state and private organisations to intrude on that autonomy... Privacy is a key value which underpins human dignity and other key values such as freedom of association and freedom of speech” –Australian Privacy Charter (1994)
European Convention on Human Rights
Reaffirming their profound belief in those fundamental freedoms which are the foundation of justice and peace in the world:
§8 Everyone has the right to respect for his private and family life, his home and his correspondence
§9 Everyone has the right to freedom of thought, conscience and religion
§10 Everyone has the right to freedom of expression
§11 Everyone has the right to freedom of peaceful assembly and to freedom of association with others
§14 rights and freedoms set forth in this Convention shall be secured without discrimination
Government data sinks
If data can be collected about individuals, there will be government pressure to store and access that information
E.g. PATRIOT Act National Security Letters, NSA activities within the US, EU data retention directive, National DNA Database (although see S & Marper v UK)
Encryption has little impact if governments can compel decryption
Data protection instruments
OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data (1980)
Council of Europe Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (1981)
Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data
Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector
EU Charter of Fundamental Rights (2007)
Data Protection Act 1998
1. Personal data shall be processed fairly and lawfully
2. Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes
3. Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed
4. Personal data shall be accurate and, where necessary, kept up to date
5. Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes
6. Personal data shall be processed in accordance with the rights of data subjects under this Act
7. Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data
8. Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data
Insider fraud
Information required Price paid to ‘blagger’ Price charged
Occupant search not known £17.50
Telephone reverse trace £40 £75
Friends and Family £60 – £80 not known
Vehicle check at DVLA £70 £150 – £200
Criminal records check not known £500
Locating a named person not known £60
Ex-directory search £40 £65 – £75
Mobile phone account not known £750
Licence check not known £250
“What price privacy?”, Information Commissioner’s Office (2006)
Definitions of personal data
“any information relating to an identified or identifiable natural person” (DPD §2a)
Relation determined by content, purpose or result (WP 136)
“account should be taken of all the means likely reasonably to be used either by the controller or by any other person to identify the said person.” (DPD recital 26) “unless the Internet Service Provider is in a position to distinguish
with absolute certainty that the data correspond to users that cannot be identified, it will have to treat all IP information as personal data, to be on the safe side”
“Putting in place the appropriate state-of-the-art technical and organizational measures to protect the data against identification may make the difference to consider that the persons are not identifiable”
Designing for privacy
Data minimisation key: is your data really necessary?
Limit personal data collection, storage, access and usage States have a positive duty to
design systems to protect privacy (I v Finland 2008)
“processing of location data on employees must correspond to a specific need on the part of the company which is connected to its activity” (WP 115)
Users must also be notified and consent to the processing of data – user interfaces?
Ade Rowbotham (2005)
Sensor data
Is communication uni- or bi-directional or broadcast?
Does sensor, user agent or network carry out triangulation and processing?
What resolution data can network access?
How long-lived and linkable are identifiers?
Transport pricing
Monitor all traffic centrally (London), at kerbside (W London) or deduct payment from pay-as-you-go toll cards (Singapore)? Or tax parking spaces?
Link all payment card usage (Oyster) or use unlinkable RFID tokens (Shenzen)?
MIT Technology Review (2006)
Key questions
Can ubiquitous computing designers work with the European definition of personal data?
Can inhabitants of ubiquitous computing spaces exercise informed consent over the collection and processing of personal data?
How can regulators encourage system designers to include privacy by design? “In order to make the use of the concept of ‘privacy by
design’ compulsory, the EDPS recommends that the Commission uses the mechanism of Article 3(3)(c) of Directive 1999/5/EC” (Opinion on ‘RFID In Europe’ 2007)
§3(3) 1995/5/EC: “the Commission may decide that apparatus … shall be so constructed that: … (c) it incorporates safeguards to ensure that the personal data and privacy of the user and of the subscriber are protected”
References
S. Marsh, I. Brown and F. Khaki (2008) Privacy Engineering – Cybersecurity KTN white paper
Information Commissioner’s Office (2008) Privacy By Design
Opinion of the European Data Protection Supervisor on the communication…on ‘Radio Frequency Identification (RFID) in Europe: steps towards a policy framework’ (2007)
Article 29 Data Protection Working Party WP 136: Opinion 4/2007 on the concept of personal data WP 115: Opinion on the use of location data with a view to providing
value-added services (2005) WP 105: Working document on data protection issues related to RFID
technology (2005)