the intersection of eu data protection law reform and
play

The intersection of EU Data Protection Law Reform and everyday - PowerPoint PPT Presentation

Nov 30, 2022 •239 likes •384 views

The intersection of EU Data Protection Law Reform and everyday ambient computing design: challenges and opportunities Lachlan Urquhart Co-Authors: Prof Tom Rodden and Dr Ewa Luger Mixed Reality Lab APSN 4th International Conference - July

  1. The intersection of EU Data Protection Law Reform and everyday ambient computing design: challenges and opportunities Lachlan Urquhart Co-Authors: Prof Tom Rodden and Dr Ewa Luger Mixed Reality Lab � APSN 4th International Conference - July 2014 Meiji University, Tokyo 1

  2. Outline Legal Challenges (or opportunities?) - Ubicomp – ‘out of the lab’ & ‘into the wild’ - Consent - Informed, Explicit - Data Protection by Design - Consent, preserving human agency & accountability as opportunities for designers to address - DP compliance as requirement of good HCI/system design e.g. alongside usability, intuitiveness

  3. Ubicomp ‘in the wild’ • Ubicomp? • “ Computers that weave themselves into the fabric of everyday life until they are indistinguishable from it ” (Weiser 1991) − Embedded in daily routine − Seamless interactions between computer & human post-PC HCI • “ Unremarkable ” & “ invisible in use ” (Tolmie et al 2002) • Ambient data collection of human data - for contextually aware services

  4. Examples: Public and Private Setting • Home automation: - IoT - wired toasters, fridges & speaking to each other - Energy: Smart meters; NEST Learning thermostat ; Smart Grid - Agent based home energy management - Public Lighting; smart billboards - Quantified Self -Smart scales / Fitbit Ubicomp 2.0 • – Greater agency – Embedded/wearable – ‘knowing’ by inference – linked up communication

  5. Designing for Consent in Europe 
 Current: Article 2 EU Data Protection Directive 1995 ‘freely given’, ‘specific’ and ‘informed’ indication to processing – ‘explicit’ if sensitive personal data. Future: Article 4(8) EU General Data Protection Reform – explicit, via a ‘statement’ or ‘clear affirmative action’ Issue: Collection across public and private contexts – digital and physical space – intimate spaces – bathroom, bedrooms etc - How frequently, duration of consent, when best to ask?

  6. Issues • Design - How to notify/ask? – Sale + service contract with T&Cs does not work – New models… Pop ups on screens? Tailored videos (to knowledge leveL)? Alert sounds? voice feedback? Gaze recognition? Explicit gestures like waves? ** NEST Protect UI problem - waving • Challenges: – Increased agency/ autonomy - consent to all unexpected actions? – Communication between devices - authorise for each device? – Maintaining invisibility/seamless system interactions + obtaining explicit consent = how?

  7. Purpose Limitation and Profiling • Article 6 DPD – ‘purpose limitation principle’ • Use not incompatible with original ‘specified, explicit and legitimate’ purposes of collection • A29 Working Party Opinion 3/2013 - Big data analytics/targeted advertising in mind. • If direct impact on individuals, need: • a) opt-in consent • b) data subject access to profiles being used to target them • c) access to the decision making criteria used in developing the profiles

  8. Issues • Increase transparency of system: • Allow users to interrogate functionality & become more informed - ‘black box’ not sustainable • Design for provenance of data in decision- making e.g. accountability via metadata – Useful for ‘subject access rights’ or future DP rights to deletion/portability • How can ubicomp systems support users to opt in to specific purposes and not others?

  9. Ubicomp in the real world • Sustainable growth? • Lack of public trust?

  10. Data Protection By Design • Cavoukian’s principles including: – privacy embedded into design – visibility & transparency – privacy as default • Article 23 GDPR – ‘state of the art’ – ‘cost of implementation’ – ‘appropriate technical and organisational measures • Who decides limits of these? Different stakeholders, different interests…

  11. Future Work (1) – Opportunities for a priori design solutions • Earlier in innovation process… unlike ex poste PIA’s • ‘Value sensitive design’ (Friedman 1996) and user centered design/HCI • Social values – cultural suitability, psychological well-being, environmental sustainability

  12. Future Work (2) Responsible Innovation Framework (EPSRC) • − Societal impact of technology, ethical implications • Exploring the interface of HCI & DP Law • Usability, intuitiveness, reliability of system… DP compliance? • Empirical studies with different stakeholders - u b i c o m p s y s t e m d e s i g n e r s / u s e r s e g envisioning cards

  13. Thanks for listening Feedback & Questions? � Contact: � Email: lachlan.urquhart@nottingham.ac.uk Twitter: @mooseabyte

Recommend

Data Protection Reform preparing for the General Data Protection Regulation By Philip Brining

Data Protection Reform preparing for the General Data Protection Regulation By Philip Brining

Data Protection Reform preparing for the General Data Protection Regulation By Philip Brining Data Protection People 18 th April 2016 Agenda Introduction Current Rules (DPA 98 & PECR) Overview of GDPR Business-wide impact Practical

479 views • 28 slides
what the future holds Zach Thornton, External Affairs Manager, DMA EU Data Protection reform

what the future holds Zach Thornton, External Affairs Manager, DMA EU Data Protection reform

@DMA_UK #dma General Data Protection Regulation what the future holds Zach Thornton, External Affairs Manager, DMA EU Data Protection reform where are we? Dec 2015 Political agreement reached on text Apr 2016 Justice and Home

752 views • 33 slides
Complete Reform of European Data Protection Law: How Will This Impact Your Business? April 19,

Complete Reform of European Data Protection Law: How Will This Impact Your Business? April 19,

Complete Reform of European Data Protection Law: How Will This Impact Your Business? April 19, 2012 Mark Prinsley, Partner Oliver Yaros, Senior Associate Isabel Simon, Associate Mayer Brown is a global legal services organisation comprising

395 views • 15 slides
Reform of Act on the Protection on Personal Information in JAPAN Mitsuhiro KATO Patent Attorney,

Reform of Act on the Protection on Personal Information in JAPAN Mitsuhiro KATO Patent Attorney,

October 6, 2014 Reform of Act on the Protection on Personal Information in JAPAN Mitsuhiro KATO Patent Attorney, Attorney at Law Patent and Law Firm JuJu TOPICS 1. Data Protection in JAPAN - Evaluation based on LAWASIA Privacy Principle 2.

168 views • 12 slides
Intersection Safety Intersection Safety Intersection Safety Intersections Intersections

Intersection Safety Intersection Safety Intersection Safety Intersections Intersections

Intersection Safety Intersection Safety Intersection Safety Intersections Intersections Among the most hazardous components of the highway system for all users (planned points of conflict) Complex speed-distance judgments under time

601 views • 24 slides
5 THINGS HR MUST DO IN THE ROLE OF THE DATA PROTECTION OFFICER GILLIAN ACHESON DATA PROTECTION

5 THINGS HR MUST DO IN THE ROLE OF THE DATA PROTECTION OFFICER GILLIAN ACHESON DATA PROTECTION

5 THINGS HR MUST DO IN THE ROLE OF THE DATA PROTECTION OFFICER GILLIAN ACHESON DATA PROTECTION DEIRDRE ALLISON RECORDS MANAGEMENT YEARN2LEARN TRAINING GENERAL DATA PROTECTION REGULATION What is it? GDPR represents the most significant

172 views • 14 slides
The Data Protection Landscape Before and aft fter GDPR: General Data Protection Regulation Data

The Data Protection Landscape Before and aft fter GDPR: General Data Protection Regulation Data

The Data Protection Landscape Before and aft fter GDPR: General Data Protection Regulation Data Protection regulations across Europe Current regulations & guidance European Directives 95/46/EC (Data Protection) and 2002/58/EC

440 views • 19 slides
GDPR T owards Compliance 25 May 2018 Wha hat t is GDPR? EU Data Protection Directive EU

GDPR T owards Compliance 25 May 2018 Wha hat t is GDPR? EU Data Protection Directive EU

GDPR T owards Compliance 25 May 2018 Wha hat t is GDPR? EU Data Protection Directive EU General Data Protection 1995 Regulation 2016 Data Protection Act 1998 Data Protection Bill 2017-19 Fines DPA GDPR Maximum Fine 500k Two

622 views • 17 slides
Data Protection & Availability Kaushal Devater Data Protection & Availability Discipline

Data Protection & Availability Kaushal Devater Data Protection & Availability Discipline

Plan & Deploy Data Protection & Availability Kaushal Devater Data Protection & Availability Discipline Lead - RDC Planning & Deploy Data Protection & Availability Industry Typical Data Retention Requirements Patient

662 views • 9 slides
INTERSECTION LINKUK CONFIDENTIAL 3 3 INTERSECTION LINKUK CONFIDENTIAL 4 Not drawn to scale

INTERSECTION LINKUK CONFIDENTIAL 3 3 INTERSECTION LINKUK CONFIDENTIAL 4 Not drawn to scale

INTERSECTION LINKUK CONFIDENTIAL 3 3 INTERSECTION LINKUK CONFIDENTIAL 4 Not drawn to scale INTERSECTION LINKUK CONFIDENTIAL 5 INTERSECTION LINKUK CONFIDENTIAL 6 ? 1993 1995 2005 2008 2015 2016+ # Dimension Comparisons: Link

639 views • 14 slides
Data protection in the EU Area of Data protection in the EU Area of ection tection freedom,

Data protection in the EU Area of Data protection in the EU Area of ection tection freedom,

isor visor Superv Super Data protection in the EU Area of Data protection in the EU Area of ection tection freedom, security and justice under the Lisbon Treaty d th Li b T t ta Prot ta Pro ean Da an Da Bndicte Havelange

739 views • 10 slides
Ray-triangle intersection In this handout, we explore the steps needed to compute the intersection

Ray-triangle intersection In this handout, we explore the steps needed to compute the intersection

Computer Graphics Prof. Brian Curless CSE 457 Spring 2004 Ray-triangle intersection In this handout, we explore the steps needed to compute the intersection of a ray with a triangle. First, we consider the geometry of such an intersection: C

403 views • 4 slides
STUDY INTERSECTION NOT TO SCALE DATA COLLECTION ATR Count Period: Sep 3 Sep 6, 2019 TMC

STUDY INTERSECTION NOT TO SCALE DATA COLLECTION ATR Count Period: Sep 3 Sep 6, 2019 TMC

STUDY INTERSECTION NOT TO SCALE DATA COLLECTION ATR Count Period: Sep 3 Sep 6, 2019 TMC Count Dates: Wednesday Sep 4, 2019 Thursday Sep 5, 2019 Intersection Count Periods: 7 am to 10 am 4 pm to 7 pm Peak Hours: AM PM WED: 7:45 to

588 views • 29 slides
Dodd-Frank Wall Street Reform and Consumer Protection Act Preliminary Assessment of Provisions

Dodd-Frank Wall Street Reform and Consumer Protection Act Preliminary Assessment of Provisions

July 21, 2010 CLIENT MEMORANDUM Dodd-Frank Wall Street Reform and Consumer Protection Act Preliminary Assessment of Provisions Effective Immediately or Very Soon After Enactment Today, President Obama signed the Dodd-Frank Wall Street Reform

388 views • 7 slides
Introduction to Data Protection and the General Data Protection Regulation Address: Contact: 11

Introduction to Data Protection and the General Data Protection Regulation Address: Contact: 11

Introduction to Data Protection and the General Data Protection Regulation Address: Contact: 11 Staple Inn Tel: +44 (0)20 7209 2000 London Fax: +44 (0)20 7209 2001 WC1V 7QH DX 0001 London Chancery Lane Myth Busting GDPR doesnt apply to

657 views • 8 slides
DATA PROTECTION and SCRA www.scra.gov.uk Data Protection Act 1998 (DPA) DPA is the main

DATA PROTECTION and SCRA www.scra.gov.uk Data Protection Act 1998 (DPA) DPA is the main

DATA PROTECTION and SCRA www.scra.gov.uk Data Protection Act 1998 (DPA) DPA is the main legislation in the UK governing information on individuals. It places obligations on organisations that hold and use information on

518 views • 37 slides
Healthcare Reform The Patient Protection and Affordable Care Act Version 2.0 Imitation or

Healthcare Reform The Patient Protection and Affordable Care Act Version 2.0 Imitation or

Healthcare Reform The Patient Protection and Affordable Care Act Version 2.0 Imitation or Innovation? March 8, 2017 1 CPA for Ernst & Young Nashville, TN MBA Vanderbilt University CFO for Public and Private Healthcare

653 views • 26 slides
Lecture 1 Jan-Willem van de Meent What is Data Mining? Intersection of Disciplines Machine

Lecture 1 Jan-Willem van de Meent What is Data Mining? Intersection of Disciplines Machine

Unsupervised Machine Learning and Data Mining DS 5230 / DS 4420 - Fall 2018 Lecture 1 Jan-Willem van de Meent What is Data Mining? Intersection of Disciplines Machine Statistics Optimization Learning Applications Visualization Data

604 views • 36 slides
> World of Matter World of Information The intersection between the world of data,

> World of Matter World of Information The intersection between the world of data,

> > > World of Matter World of Information The intersection between the world of data, designs, and ideas, and the physical world of materials, machines, and living things" > > > > > The days of

694 views • 47 slides
Data Protection and Privacy & Impact of Personal Data Protection Bill (PDPB) 1 November, 2019

Data Protection and Privacy & Impact of Personal Data Protection Bill (PDPB) 1 November, 2019

CONSUMER AWARENESS WORKSHOP on Data Protection and Privacy & Impact of Personal Data Protection Bill (PDPB) 1 November, 2019 Kolkata OBJECTIVE Engage with the consumer and civil society organisations (CSOs) in tier II locations to

623 views • 50 slides
Protection Issues I/O protection Protection and System Calls Prevent users from

Protection Issues I/O protection Protection and System Calls Prevent users from

Protection Issues I/O protection Protection and System Calls Prevent users from performing illegal I/Os Memory protection Otto J. Anshus Prevent users from modifying kernel code and data (including slides from Kai Li,

350 views • 6 slides
Whistleblower Protections in the Dodd-Frank Wall Street Reform and Consumer Protection Act and

Whistleblower Protections in the Dodd-Frank Wall Street Reform and Consumer Protection Act and

Whistleblower Protections in the Dodd-Frank Wall Street Reform and Consumer Protection Act and Consumer Protection Act Presented by: Larry L Turner Presented by: Larry L. Turner Morgan, Lewis & Bockius LLP 2011 NATIONAL EMPLOYMENT LAW

474 views • 20 slides
Briefing on 25 Jan 2016 at ERA@MBSq 1 Data Protection Officer (DPO) Under the Personal Data

Briefing on 25 Jan 2016 at ERA@MBSq 1 Data Protection Officer (DPO) Under the Personal Data

Briefing on 25 Jan 2016 at ERA@MBSq 1 Data Protection Officer (DPO) Under the Personal Data Protection Act 2012 (PDPA), organisations are required to develop and implement policies and practices that are necessary to meet its obligations under

1.02k views • 24 slides
Sav aviour CACHIA IA - Commissione ner Office of the Information and Data Protection

Sav aviour CACHIA IA - Commissione ner Office of the Information and Data Protection

General Data Protection Regulation (GDPR) Sav aviour CACHIA IA - Commissione ner Office of the Information and Data Protection Commissioner Regulation (EU) 2016/679 ... on the protection of natural persons with regard to the processing of

504 views • 13 slides

More recommend