The first few years of the 21st century were characterised by a progressive loss of privacy. Two phenomena converged to give rise to the data economy: the realisation that data trails from users interacting with technology could be used to develop personalised advertising, and a concern for security that led authorities to use such personal data for the purposes of intelligence and policing. In contrast to the early days of the data economy and internet surveillance, (...) the last few years have witnessed a rising concern for privacy. As bad data practices have come to light, citizens are starting to understand the real cost of using online digital technologies. Two events stamped 2018 as a landmark year for privacy: the Cambridge Analytica scandal, and the implementation of the European Union’s General Data Protection Regulation (GDPR). The former showed the extent to which personal data has been shared without data subjects’ knowledge and consent and many times for unacceptable purposes, such as swaying elections. The latter inaugurated the beginning of robust data protection regulation in the digital age. Getting privacy right is one of the biggest challenges of this new decade of the 21st century. The past year has shown that there is still much work to be done on privacy to tame the darkest aspects of the data economy. As data scandals continue to emerge, questions abound as to how to interpret and enforce regulation, how to design new and better laws, how to complement regulation with better ethics, and how to find technical solutions to data problems. The aim of the research project Data, Privacy, and the Individual is to contribute to a better understanding of the ethics of privacy and of differential privacy. The outcomes of the project are seven research papers on privacy, a survey, and this final report, which summarises each research paper, and goes on to offer a set of reflections and recommendations to implement best practices regarding privacy. (shrink)

The ability to collect fine-grained energy data from smart meters has benefits for utilities and consumers. However, a proactive approach to data privacy is necessary to maximize the potential of these data to support low-carbon energy systems, and innovative business models.

All societies have to balance privacy claims with other moral concerns. However, while some concern for privacy appears to be a common feature of social life, the definition, extent and moral justifications for privacy differ widely. Are there better and worse ways of conceptualising, justifying, and managing privacy? These are the questions that lie in the background of this thesis. -/- My particular concern is with the ethical issues around privacy that are tied to the (...) rise of new information and communication technologies (henceforth “ICT”). The focus here is on technologies involved in processing personal data in its broadest sense, including “any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.” The issue of moral concern is commonly designated as that of 'data privacy'. -/- The first step is to consider why privacy matters, or ought to matter, in the first place. And here we run into our first difficulty, since both the conceptualisation of privacy and the justification for the right to privacy are matters for contention. On the one hand, we are animated by a moral concern for privacy in some sense; on the other, we lack the conceptual and moral resources for making sense of this concern or for promoting particular social policies and criticising others. This often-cited dichotomy and its ensuing confusion have been the central motivation for most of the philosophical literature on privacy – including this thesis. -/- In what follows, I will suggest a way out of the confusion that pervades the current debate on data privacy. I will essentially argue two claims: one, that the concept of (data) privacy is uniquely characterised by a particular context within which we exchange information; two, that because (data) privacy constitutes an intrinsic value, its moral concerns and justifications ought to be deliberated as such. -/- The first chapter sketches the current data privacy landscape by introducing a number of concepts and arguing the unique nature of the landscape. I argue that the traditional distinction between four kinds of privacy (physical, mental, decisional and informational) is no longer accurate, given the technological context that reduces, unifies and processes all aspects of people’s lives by means of digital data. In fact, to hold on to the distinction leads to a fundamental misconception of data privacy. I further argue that today’s distinction between data protection and data privacy runs the risk of ignoring the fact that the former is an inherent aspect of the latter. These arguments allow me to settle on a (provisional) definition of data privacy: controlling how data about identifiable people is processed by ICT. -/- Next, I draw a line between descriptive and normative accounts of data privacy, and explain why this book belongs to the latter category. After a brief discussion of the coherence and distinctiveness theses, and of the difference between instrumental and intrinsic theories of privacy, I introduce the problem of data privacy as a distinct, coherent, and intrinsic moral concern. Three arguments support this position: one, data privacy is a coherent moral concern because it is motivated by a singular moral concept; two, data privacy is a distinct moral concern because the privacy challenges we face today are of a fundamentally new nature – distinct from any moral concerns we’ve faced in the past; and three, data privacy is an intrinsic moral concern that is predominantly justified, not by what it instrumentally protects us from, but by what it intrinsically constitutes. -/- Chapter Two makes the case against a harm-based, consequentialist approach to data privacy. After a brief introduction to the basic tenets of consequentialism I discuss harm-based arguments in favour as well as against privacy. I explain how privacy may protect us against psychological distress, but at the same time constitute the source of that distress; how privacy may be necessary for the proper functioning of democratic societies, but at the same time provide a cloak for anti-social and immoral behaviour; and how privacy protects us against the improper use of our personal data by others, but at the same enables us to conceal information or spread false information about ourselves in ways that are harmful to others. Next, I argue that consequentialism essentially relies on two flawed presumptions – that we know what harm is, and that we know how to predict it – and discuss the controversies surrounding definitions and predictions of harm. This argument becomes especially pertinent in today’s rapidly changing technological context: we may guess, and make assumptions, perhaps even find correlations, but don’t really know or understand (yet) with any degree of certainty the harmful consequences today’s data privacy violations are causing or will eventually cause – if any. -/- I illustrate this with examples of recent data privacy violations, and with a brief overview of consequentialist arguments for and against data privacy. Those who invoke consequentialist arguments against data privacy claim that personal data is nothing more than a raw material that can be turned into something useful and valuable without harming anyone. Choosing to move fast and break things – a popular mantra that promotes the benefits of technological “permissionless innovation” over and above its risks and costs – they draw our attention to the many benefits free data flows generate. Those who rely on consequentialist arguments in favour of data privacy, on the other hand, insist on actual and potential misuse of personal data. Rather careful than sorry, they draw our attention to the urgent need to take back control and protect ourselves against data privacy violations – precisely because we don’t know which harm they may cause in the future. Others go one step further and argue that these violations are part of a broader ideology of power. -/- What Chapter Two demonstrates is that vague definitions, unreliable predictions and inconclusive allegations of harm from both sides of the debate perpetuate a stalemate that fails to produce morally defensible answers to our growing data privacy concerns. Deliberating about data privacy from a consequentialist perspective is a dead end. -/- Chapter Three proposes an alternative to the harm-based approach, namely that privacy is an intrinsic value that deserves moral protection for its own sake. After a brief account of what I take values to be, and why we have a need to protect them, I introduce the foundational value of respect for persons, and lay out my main argument in two steps. The conceptual component of my argument returns to the definition of data privacy I had temporarily settled on in Chapter One, but now with the added consideration of the particular context, and particular circumstances and attitudes, within which information is exchanged. This addition is crucial, as it reveals the fundamental value that is at stake in our data privacy concerns, namely the inherent value of each and every person, which we protect by upholding an ethical principle commonly known as the principle of respect for persons. It is for this reason that the violation of privacy cannot (only) be expressed in terms of harm. I further argue that the principle of respect for persons is consistent with, and in fact unthinkable without, some degree of privacy. -/- I reply to potential challenges to a value-based approach to data privacy by showing that (i) values and value trade-offs are fundamentally different from consequential benefits and cost-benefit analyses; (ii) the suspension of one value in favour of another is not inherently contradictory; what matters is morally defensible deliberation about values and valid individual consent; (iii) data privacy concerns cannot be reduced to other moral concerns and therefore deserve a specific, distinct protection. -/- Finally, because this is a thesis in applied ethics, I attempt an answer to the question as to how we ought to apply a value-based approach to practical data privacy concerns. I argue that a revised, three-pronged version of John Rawls’ reflective equilibrium, founded on the non-negotiable principle of respect for persons, is the best possible procedure to deliberate data privacy concerns in relation to other moral values. (shrink)

The potential to collect brain data more directly, with higher resolution, and in greater amounts has heightened worries about mental and brain privacy. In order to manage the risks to individuals posed by these privacy challenges, some have suggested codifying new privacy rights, including a right to “mental privacy.” In this paper, we consider these arguments and conclude that while neurotechnologies do raise significant privacy concerns, such concerns are—at least for now—no different from those (...) raised by other well-understood data collection technologies, such as gene sequencing tools and online surveillance. To better understand the privacy stakes of brain data, we suggest the use of a conceptual framework from information ethics, Helen Nissenbaum’s “contextual integrity” theory. To illustrate the importance of context, we examine neurotechnologies and the information flows they produce in three familiar contexts—healthcare and medical research, criminal justice, and consumer marketing. We argue that by emphasizing what is distinct about brain privacy issues, rather than what they share with other data privacy concerns, risks weakening broader efforts to enact more robust privacy law and policy. (shrink)

Technological advances are bringing new light to privacy issues and changing the reasons for why privacy is important. These advances have changed not only the kind of personal data that is available to be collected, but also how that personal data can be used by those who have access to it. We are particularly concerned with how information about personal attributes inferred from collected data (such as online behaviour), can be used to tailor messages and (...) services to specific individuals or groups. This kind of ‘personalised targeting’ has the potential to influence individuals’ perceptions, attitudes, and choices in unprecedented ways. In this paper, we argue that because it is becoming easier for companies to use collected data for influence, threats to privacy are increasingly also threats to personal autonomy—an individual’s ability to reflect on and decide freely about their values, actions, and behaviour, and to act on those choices.4 While increasing attention is directed to the ethics of how personal data is collected, we make the case that a new ethics of privacy needs to also think more rigorously about how personal data may be used, and its potential impact on personal autonomy. (shrink)

Data mining possess a significant threat to ethics, privacy, and legality, especially when we consider the fact that data mining makes it difficult for an individual or consumer (in the case of a company) to control accessibility and usage of his data. Individuals should be able to control how his/ her data in the data warehouse is being access and utilize while at the same time providing enabling environment which enforces legality, privacy and (...) ethicality on data scientists, or data engineer during data mining process. This paper review issues of legality, privacy, and ethicality in data mining, review processes of Data mining, and also proposes solution to current ethical and privacy issue in data mining. It introduces a new method which enforces data mining without infringing on the privacy of individual or consumer whose data are being used. The sole aim of this paper is to propose a new method of mining data which restricts scientists within the constraints of legality, privacy, and ethicality. (shrink)

Most people are completely oblivious to the danger that their medical data undergoes as soon as it goes out into the burgeoning world of big data. Medical data is financially valuable, and your sensitive data may be shared or sold by doctors, hospitals, clinical laboratories, and pharmacies—without your knowledge or consent. Medical data can also be found in your browsing history, the smartphone applications you use, data from wearables, your shopping list, and more. At (...) best, data about your health might end up in the hands of researchers on whose good will we depend to avoid abuses of power.2 Most likely, it will end up with data brokers who might sell it to a future employer, or an insurance company, or the government. At worst, your medical data may end up in the hands of criminals eager to commit extortion or identity theft. In addition to data harms related to exposure and discrimination, the collection of sensitive data by powerful corporations risks the creation of data monopolies that can dominate and condition access to health care. -/- This chapter aims to explore the challenge that big data brings to medical privacy. Section I offers a brief overview of the role of privacy in medical settings. I define privacy as having one’s personal information and one’s personal sensorial space (what I call autotopos) unaccessed. Section II discusses how the challenge of big data differs from other risks to medical privacy. Section III is about what can be done to minimise those risks. I argue that the most effective way of protecting people from suffering unfair medical consequences is by having a public universal healthcare system in which coverage is not influenced by personal data (e.g., genetic predisposition, exercise habits, eating habits, etc.). (shrink)

In this paper, we argue that there is at least a pro tanto reason to favor the control account of the right to privacy over the access account of the right to privacy. This conclusion is of interest due to its relevance for contemporary discussions related to surveillance policies. We discuss several ways in which the two accounts of the right to privacy can be improved significantly by making minor adjustments to their respective definitions. We then test (...) the improved versions of the two accounts on a test case, to see which account best explains the violation that occurs in the case. The test turns out in favor of the control account. (shrink)

KEY POINTS In Canada, commercial data brokers collect deidentified patient data from pharmacies, private drug insurers, the federal government and medical clinics without patient consent. Although pharmaceutical companies are the data brokers’ primary customers, academics and nonprofit and public entities also use commercial data sets, given the absence of a coordinated public approach to collecting these data across Canada. Risks of commercialized patient data include loss of anonymity, surveillance and marketing, discrimination and violation of (...) Indigenous data sovereignty. Coordinated infrastructure for the collection and coordination of health data across Canada and updated privacy legislation would protect individuals and communities and enable appropriate data uses. (shrink)

"Data mining is not an invasion of privacy because access to data is only by machines, not by people": this is the argument that is investigated here. The current importance of this problem is developed in a case study of data mining in the USA for counterterrorism and other surveillance purposes. After a clarification of the relevant nature of privacy, it is argued that access by machines cannot warrant the access to further information, since the (...) analysis will have to be made either by humans or by machines that understand. It concludes that the current data mining violates the right to privacy and should be subject to the standard legal constraints for access to private information by people. (shrink)

Differential privacy (DP) aims to confer data processing systems with inherent privacy guarantees, offering strong protections for personal data. But DP’s approach to privacy carries with it certain assumptions about how mathematical abstractions will be translated into real-world systems, which—if left unexamined and unrealized in practice—could function to shield data collectors from liability and criticism, rather than substantively protect data subjects from privacy harms. This article investigates these assumptions and discusses their implications (...) for using DP to govern data-driven systems. In Parts 1 and 2, we introduce DP as, on one hand, a mathematical framework and, on the other hand, a kind of real-world sociotechnical system, using a hypothetical case study to illustrate how the two can diverge. In Parts 3 and 4, we discuss the way DP frames privacy loss, data processing interventions, and data subject participation, arguing it could exacerbate existing problems in privacy regulation. In part 5, we conclude with a discussion of DP’s potential interactions with the endogeneity of privacy law, and we propose principles for best governing DP systems. In making such assumptions and their consequences explicit, we hope to help DP succeed at realizing its promise for better substantive privacy protections. (shrink)

The purpose of this survey was to gather individual’s attitudes and feelings towards privacy and the selling of data. A total (N) of 1,107 people responded to the survey. -/- Across continents, age, gender, and levels of education, people overwhelmingly think privacy is important. An impressive 82% of respondents deem privacy extremely or very important, and only 1% deem privacy unimportant. Similarly, 88% of participants either agree or strongly agree with the statement that ‘violations to (...) the right to privacy are one of the most important dangers that citizens face in the digital age.’ The great majority of respondents (92%) report having experienced at least one privacy breach. -/- People’s first concern when losing privacy is the possibility that their personal data might be used to steal money from them. Interestingly, in second place in the ranking of concerns, people report being concerned about privacy because ‘Privacy is a good in itself, above and beyond the consequences it may have.’ -/- People tend to feel that they cannot trust companies and institutions to protect their privacy and use their personal data in responsible ways. The majority of people believe that governments should not be allowed to collect everyone’s personal data. Privacy is thought to be a right that should not have to be paid for. (shrink)

This paper argues that assessing personal responsibility in healthcare settings for the allocation of medical resources would be too privacy-invasive to be morally justifiable. In addition to being an inappropriate and moralizing intrusion into the private lives of patients, it would put patients’ sensitive data at risk, making data subjects vulnerable to a variety of privacy-related harms. Even though we allow privacy-invasive investigations to take place in legal trials, the justice and healthcare systems are not (...) analogous. The duty of doctors and healthcare professionals is to help patients as best they can—not to judge them. Patients should not be forced into giving up any more personal information than what is strictly necessary to receive an adequate treatment, and their medical data should only be used for appropriate purposes. Medical ethics codes should reflect these data rights. When a doctor asks personal questions that are irrelevant to diagnose or treat a patient, the appropriate response from the patient is: ‘none of your business’. (shrink)

Today’s ethics of privacy is largely dedicated to defending personal information from big data technologies. This essay goes in the other direction; it considers the struggle to be lost, and explores two strategies for living after privacy is gone. First, total exposure embraces privacy’s decline, and then contributes to the process with transparency. All personal information is shared without reservation. The resulting ethics is explored through a big data version of Robert Nozick’s Experience Machine thought (...) experiment. Second, transient existence responds to privacy’s loss by ceaselessly generating new personal identities, which translates into constantly producing temporarily unviolated private information. The ethics is explored through Gilles Deleuze’s metaphysics of difference applied in linguistic terms to the formation of the self. Comparing the exposure and transience alternatives leads to the conclusion that today’s big data reality splits the traditional ethical link between authenticity and freedom. Exposure provides authenticity, but negates human freedom. Transience provides freedom, but disdains authenticity. (shrink)

In recent years, educational institutions have started using the tools of commercial data analytics in higher education. By gathering information about students as they navigate campus information systems, learning analytics “uses analytic techniques to help target instructional, curricular, and support resources” to examine student learning behaviors and change students’ learning environments. As a result, the information educators and educational institutions have at their disposal is no longer demarcated by course content and assessments, and old boundaries between information used for (...) assessment and information about how students live and work are blurring. Our goal in this paper is to provide a systematic discussion of the ways in which privacy and learning analytics conflict and to provide a framework for understanding those conflicts. -/- We argue that there are five crucial issues about student privacy that we must address in order to ensure that whatever the laudable goals and gains of learning analytics, they are commensurate with respecting students’ privacy and associated rights, including (but not limited to) autonomy interests. First, we argue that we must distinguish among different entities with respect to whom students have, or lack, privacy. Second, we argue that we need clear criteria for what information may justifiably be collected in the name of learning analytics. Third, we need to address whether purported consequences of learning analytics (e.g., better learning outcomes) are justified and what the distributions of those consequences are. Fourth, we argue that regardless of how robust the benefits of learning analytics turn out to be, students have important autonomy interests in how information about them is collected. Finally, we argue that it is an open question whether the goods that justify higher education are advanced by learning analytics, or whether collection of information actually runs counter to those goods. (shrink)

Digital privacy scholars tend to bemoan ordinary people’s limited knowledge of and lukewarm interest in what happens to their digital data. This general lack of interest and knowledge is often taken as a consideration in favor of legislation aiming to force internet companies into adopting more responsible data practices. While we remain silent on whether any new laws are called for, in this paper we wish to underline a neglected consequence of people’s ignorance of and apathy for (...) digital privacy: their potential to encourage capture by industry interests. In particular, we argue that such laws may be at increased risk of capture because they are unlikely to be democratically responsive. We make this claim on a twofold basis: first, well-known theoretical mechanisms explaining how the absence of responsiveness leads to capture, identified in prior political science and political philosophy literature, yield the prediction that digital privacy legislation is likely to be unresponsive and thus captured; second, empirical data concerning the European Union’s digital privacy laws, with a special focus on the General Data Protection Regulation, appears to confirm these predictions: the bloc’s (world’s?) flagship privacy protection law seems more responsive to corporate than citizen interests. (shrink)

In this chapter I identify three problems affecting the plausibility of group privacy and argue in favour of their resolution. The first problem concerns the nature of the groups in question. I shall argue that groups are neither discovered nor invented, but designed by the level of abstraction (LoA) at which a specific analysis of a social system is developed. Their design is therefore justified insofar as the purpose, guiding the choice of the LoA, is justified. This should remove (...) the objection that groups cannot have a right to privacy because groups are mere artefacts (there are no groups, only individuals) or that, even if there are groups, it is too difficult to deal with them. The second problem concerns the possibility of attributing rights to groups. I shall argue that the same logic of attribution of a right to individuals may be used to attribute a right to a group, provided one modifies the LoA and now treats the whole group itself as an individual. This should remove the objection that, even if groups exist and are manageable, they cannot be treated as holders of rights. The third problem concerns the possibility of attributing a right to privacy to groups. I shall argue that sometimes it is the group and only the group, not its members, that is correctly identified as the correct holder of a right to privacy. This should remove the objection that privacy, as a group right, is a right held not by a group as a group but rather by the group’s members severally. The solutions of the three problems supports the thesis that an interpretation of privacy in terms of a protection of the information that constitutes an individual—both in terms of a single person and in terms of a group—is better suited than other interpretations to make sense of group privacy. (shrink)

At the beginning of the COVID-19 pandemic, high hopes were placed on digital contact tracing. Digital contact tracing apps can now be downloaded in many countries, but as further waves of COVID-19 tear through much of the northern hemisphere, these apps are playing a less important role in interrupting chains of infection than anticipated. We argue that one of the reasons for this is that most countries have opted for decentralised apps, which cannot provide a means of rapidly informing users (...) of likely infections while avoiding too many false positive reports. Centralised apps, in contrast, have the potential to do this. But policy making was influenced by public debates about the right app configuration, which have tended to focus heavily on privacy, and are driven by the assumption that decentralised apps are “privacy preserving by design”. We show that both types of apps are in fact vulnerable to privacy breaches, and, drawing on principles from safety engineering and risk analysis, compare the risks of centralised and decentralised systems along two dimensions, namely the probability of possible breaches and their severity. We conclude that a centralised app may in fact minimise overall ethical risk, and contend that we must reassess our approach to digital contact tracing, and should, more generally, be cautious about a myopic focus on privacy when conducting ethical assessments of data technologies. (shrink)

Healthcare professionals decide wisely about personalized medicine, treatment plans, and resource allocation by utilizing big data analytics and machine learning. To guarantee that algorithmic recommendations are impartial and fair, however, ethical issues relating to prejudice and data privacy must be taken into account. Big data analytics and machine learning have a great potential to disrupt healthcare, and as these technologies continue to evolve, new opportunities to reform healthcare and enhance patient outcomes may arise. In order to (...) investigate the patient’s outcomes with empirical evidence, this research was conducted using an online survey to incorporate healthcare professionals, patient’s reviews, and clinical staff. The data were analyzed using SmartPLS 4.0 to predict the structural model. The findings revealed a direct impact as positive influence of using machine learning on healthcare performance and patient outcomes through big data analytics. Moreover, it is evident that this can lead to personalized treatment plans, early interventions, and improved patient outcomes. Additionally, big data analytics can help healthcare providers optimize resource allocation, improve operational efficiency, and reduce costs. The impact of big data analytics on patient outcome and healthcare performance is expected to continue to grow, making it an important area for investment and research. (shrink)

Surveillance studies scholars and privacy scholars have each developed sophisticated, important critiques of the existing data-driven order. But too few scholars in either tradition have put forward alternative substantive conceptions of a good digital society. This, I argue, is a crucial omission. Unless we construct new “sociotechnical imaginaries,” new understandings of the goals and aspirations digital technologies should aim to achieve, the most surveillance studies and privacy scholars can hope to accomplish is a less unjust version of (...) the technology industry’s own vision for the future. (shrink)

“Big Data” and data analytics affect all of us. Data collection, analysis, and use on a large scale is an important and growing part of commerce, governance, communication, law enforcement, security, finance, medicine, and research. And the theme of this symposium, “Individual and Informational Privacy in the Age of Big Data,” is expansive; we could have long and fruitful discussions about practices, laws, and concerns in any of these domains. But a big part of the (...) audience for this symposium is students and faculty in higher education institutions (HEIs), and the subject of this paper is data analytics in our own backyards. Higher education learning analytics (LA) is something that most of us involved in this symposium are familiar with. Students have encountered LA in their courses, in their interactions with their law school or with their undergraduate institutions, instructors use systems that collect information about their students, and administrators use information to help understand and steer their institutions. More importantly, though, data analytics in higher education is something that those of us participating in the symposium can actually control. Students can put pressure on administrators, and faculty often participate in university governance. Moreover, the systems in place in HEIs are more easily comprehensible to many of us because we work with them on a day-to-day basis. Students use systems as part of their course work, in their residences, in their libraries, and elsewhere. Faculty deploy course management systems (CMS) such as Desire2Learn, Moodle, Blackboard, and Canvas to structure their courses, and administrators use information gleaned from analytics systems to make operational decisions. If we (the participants in the symposium) indeed care about Individual and Informational Privacy in the Age of Big Data, the topic of this paper is a pretty good place to hone our thinking and put into practice our ideas. (shrink)

Today’s ethics of privacy is largely dedicated to defending personal information from big data technologies. This essay goes in the other direction; it considers the struggle to be lost, and explores two strategies for living after privacy is gone. First, total exposure embraces privacy’s decline, and then contributes to the process with transparency. All personal information is shared without reservation. The resulting ethics is explored through a big data version of Robert Nozick’s Experience Machine thought (...) experiment. Second, transient existence responds to privacy’s loss by ceaselessly generating new personal identities, which translates into constantly producing temporarily unviolated private information. The ethics is explored through Gilles Deleuze’s metaphysics of difference applied in linguistic terms to the formation of the self. Comparing the exposure and transience alternatives leads to the conclusion that today’s big data reality splits the traditional ethical link between authenticity and freedom. Exposure provides authenticity, but negates human freedom. Transience provides freedom, but disdains authenticity. (shrink)

This essay critically examines some classic philosophical and legal theories of privacy, organized into four categories: the nonintrusion, seclusion, limitation, and control theories of privacy. Although each theory includes one or more important insights regarding the concept of privacy, I argue that each falls short of providing an adequate account of privacy. I then examine and defend a theory of privacy that incorporates elements of the classic theories into one unified theory: the Restricted Access/Limited Control (...) (RALC) theory of privacy. Using an example involving data-mining technology on the Internet, I show how RALC can help us to frame an online privacy policy that is sufficiently comprehensive in scope to address a wide range of privacy concerns that arise in connection with computers and information technology. (shrink)

ICTs, personal data, digital rights, the GDPR, data privacy, online security… these terms, and the concepts behind them, are increasingly common in our lives. Some of us may be familiar with them, but others are less aware of the growing role of ICTs and data in our lives - and the potential risks this creates. These risks are even more pronounced for vulnerable groups in society. People can be vulnerable in different, often overlapping, ways, which place (...) them at a disadvantage to the majority of citizens; Table 3 in this guide presents some of the many forms and causes of vulnerability. As a result, vulnerable people need greater support to navigate the digital world, and to ensure that they are able to exercise their rights. This guide explains where such support can be found, and also answers the following questions: - What are the main ethical and legal issues around ICTs for vulnerable citizens? - Who is vulnerable in Europe? - How do issues around ICTs affect vulnerable people in particular? This guide is a resource for members of vulnerable groups, people who work with vulnerable groups, and citizens more broadly. It is also useful for data controllers1 who collect data about vulnerable citizens. While focused on citizens in Europe, it may be of interest to people in other parts of the world. It forms part of the Citizens’ Information Pack produced by the PANELFIT project, and is available in English, French, German, Italian and Spanish. You are welcome to translate this guide into other languages. Please send us a link to online versions in other languages, so that we can add them to the project website. (shrink)

Recent discussions among lawyers, philosophers, policy researchers and athletes have focused on the potential threat to privacy posed by the World Anti-Doping Agency’s (WADA) whereabouts requirements. These requirements demand, among other things, that all elite athletes file their whereabouts information for the subsequent quarter on a quarterly basis and comprise data for one hour of each day when the athlete will be available and accessible for no advance notice testing at a specified location of their choosing. Failure to (...) file one’s whereabouts, or the non-availability for testing at said location on three occasions within any 18-month period constitutes an anti-doping rule violation that is equivalent to testing positive to a banned substance, and may lead to a suspension of the athlete for a time period of between one and two years. We critically explore the extent to which WADA’s whereabouts requirements are in tension with existing legislation on privacy, with respect to UK athletes, who are simultaneously protected by UK domestic and EU law. Both UK domestic and EU law are subject to the European Convention on Human Rights (ECHR) Article 8, which establishes a right to “respect for private and family life, home and correspondence”. We critically discuss the centrality of the whereabouts requirements in relation to WADA’s aims, and the adoption and implementation of its whereabouts rules. We conclude that as WADA’s whereabouts requirements appear to be in breach of an elite athlete’s rights under European workers’ rights, health & safety and data protection law they are also, therefore, in conflict with Article 8 of the ECHR and the UK Human Rights Act 1998. We call for specific amendments that cater for the exceptional case of elite sports labour if the WADA requirements are to be considered legitimate. (shrink)

In 2016, the European Parliament approved the General Data Protection Regulation (GDPR) whose core aim is the safeguarding of information privacy, and, by corollary, human dignity. Drawing on the field of philosophical anthropology, this paper analyses various interpretations of human dignity and human exceptionalism. It concludes that privacy is essential for humans to flourish and enable individuals to build a sense of self and the world.

One of the most prominent ethical concerns regarding emerging neurotechnologies is mental privacy. This is the idea that we should have control over access to our neural data and to the information about our mental processes and states that can be obtained by analyzing it. A key issue is whether this information needs more stringent protection than other kinds of personal information. I will articulate and support the view, underlying recent regulatory frameworks, that mental privacy requires a (...) special treatment because of its relation to relevant aspects of personal identity. It has been suggested that this approach could be supported by the idea that mental privacy constitutes a fundamental psychological dimension of privacy. The connection between this psychological view of privacy and identity can be traced back to Irwin Altman’s idea that privacy is an interpersonal boundary regulation process. However, it is not clear whether this notion of privacy can be associated with a conception of identity that is relevant in contemporary neuroethics. I will suggest that the narrative and relational approach to identity, a prominent view in recent ethical discussions of neurotechnology, lines up with key aspects of Altman’s proposal. I suggest that if mental privacy is an essential component of identity, the latter could be affected by technological mind-reading. (shrink)

An Introduction to data ethics, focusing on questions of privacy and personal identity in the economic world as it is defined by big data technologies, artificial intelligence, and algorithmic capitalism. -/- Originally published in The Business Ethics Workshop, 3rd Edition, by Boston Acacdemic Publishing / FlatWorld Knowledge.

Questions of privacy have become particularly salient in recent years due, in part, to information-gathering initiatives precipitated by the 2001 World Trade Center attacks, increasing power of surveillance and computing technologies, and massive data collection about individuals for commercial purposes. While privacy is not new to the philosophical and legal literature, there is much to say about the nature and value of privacy. My focus here is on the nature of informational privacy. I argue that (...) the predominant accounts of privacy are unsatisfactory and offer an alternative: for a person to have informational privacy is for there to be limits on the particularized judgments that others are able to reasonably make about that person. (shrink)

This is a study of the treatment of library patron privacy in licenses for electronic journals in academic libraries. We begin by distinguishing four facets of privacy and intellectual freedom based on the LIS and philosophical literature. Next, we perform a content analysis of 42 license agreements for electronic journals, focusing on terms for enforcing authorized use and collection and sharing of user data. We compare our findings to model licenses, to recommendations proposed in a recent treatise (...) on licenses, and to our account of the four facets of intellectual freedom. We find important conflicts with each. (shrink)

A standard account of privacy says that it is essentially a kind of control over personal information. Many privacy scholars have argued against this claim by relying on so-called threatened loss cases. In these cases, personal information about an agent is easily available to another person, but not accessed. Critics contend that control accounts have the implausible implication that the privacy of the relevant agent is diminished in threatened loss cases. Recently, threatened loss cases have become important (...) because Edward Snowden’s revelation of how the NSA and GCHQ collected Internet and mobile phone data presents us with a gigantic, real-life threatened loss case. In this paper, I will defend the control account of privacy against the argument that is based on threatened loss cases. I will do so by developing a new version of the control account that implies that the agents’ privacy is not diminished in threatened loss cases. (shrink)

Throughout the 20th century, market capitalism was defended on parallel grounds. First, it promotes freedom by enabling individuals to exploit their own property and labor-power; second, it facilitates an efficient allocation and use of resources. Recently, however, both defenses have begun to unravel—as capitalism has moved into its “platform” phase. Today, the pursuit of allocative efficiency, bolstered by pervasive data surveillance, often undermines individual freedom rather than promoting it. And more fundamentally, the very idea that markets are necessary to (...) achieve allocative efficiency has come under strain. Even supposing, for argument’s sake, that the claim was true in the early 20th century when von Mises and Hayek pioneered it, advances in computing have rekindled the old “socialist calculation” debate. And this time around, markets—as information technology—are unlikely to have the upper hand. -/- All of this, we argue, raises an important set of governance questions regarding the political economy of the future. We focus on two: How much should our economic system prioritize freedom, and to what extent should it rely on markets? The arc of platform capitalism bends, increasingly, toward a system that neither prioritizes freedom nor relies on markets. And the dominant critical response, exemplified by Shoshana Zuboff’s work, has been to call for a restoration of market capitalism. Longer term, however, we believe it would be more productive to think about how “postmarket” economic arrangements might promote freedom—or better yet, autonomy—even more effectively than markets, and to determine the practical steps necessary to realize that possibility. (shrink)

There is increasing concern about “surveillance capitalism,” whereby for-profit companies generate value from data, while individuals are unable to resist (Zuboff 2019). Non-profits using data-enabled surveillance receive less attention. Higher education institutions (HEIs) have embraced data analytics, but the wide latitude that private, profit-oriented enterprises have to collect data is inappropriate. HEIs have a fiduciary relationship to students, not a narrowly transactional one (see Jones et al, forthcoming). They are responsible for facets of student life beyond (...) education. In addition to classrooms, learning management systems, and libraries, HEIs manage dormitories, gyms, dining halls, health facilities, career advising, police departments, and student employment. HEIs collect and use student data in all of these domains, ostensibly to understand learner behaviors and contexts, improve learning outcomes, and increase institutional efficiency through “learning analytics” (LA). ID card swipes and Wi-Fi log-ins can track student location, class attendance, use of campus facilities, eating habits, and friend groups. Course management systems capture how students interact with readings, video lectures, and discussion boards. Application materials provide demographic information. These data are used to identify students needing support, predict enrollment demands, and target recruiting efforts. These are laudable aims. However, current LA practices may be inconsistent with HEIs’ fiduciary responsibilities. HEIs often justify LA as advancing student interests, but some projects advance primarily organizational welfare and institutional interests. Moreover, LA advances a narrow conception of student interests while discounting privacy and autonomy. Students are generally unaware of the information collected, do not provide meaningful consent, and express discomfort and resigned acceptance about HEI data practices, especially for non-academic data (see Jones et al. forthcoming). The breadth and depth of student information available, combined with their fiduciary responsibility, create a duty that HEIs exercise substantial restraint and rigorous evaluation in data collection and use. (shrink)

Emergent technologies are undermining both decisional privacy (intimacy) and informational privacy. Regarding the former consider, e.g., technical intrusions on burglar alarms and telephone calls. Regarding the latter consider how routinely technologies enable intrusion into electronic data processing (EDP) in spite of government efforts to maintain control. These efforts are uneven among nations thus inviting selective choice of a data storage country. Deregulation of telecommunications and assigning operators First Amendment rights invites multiple efforts to profit from preferential (...) treatment of multiple competitors. (shrink)

This paper explores the challenges and innovations in optimizing data science workflows within cloud computing environments. It begins by highlighting the critical role of data science in modern industries and the pivotal contribution of cloud computing in enabling scalable and efficient data processing. The primary focus lies in identifying and analyzing the key challenges encountered in current data science workflows deployed in cloud infrastructures. These challenges include scalability issues related to handling large volumes of data, (...) resource management complexities in optimizing computational resources, cost management strategies to balance performance with expenses, and ensuring robust data security and privacy measures. The manuscript then delves into innovative solutions and techniques aimed at addressing these challenges. It discusses advancements such as workflow automation tools and frameworks that streamline repetitive tasks, containerization technologies like Docker and Kubernetes for efficient application deployment and management, and the utilization of serverless architectures to enhance scalability and reduce operational costs. Additionally, it explores the benefits of parallel processing frameworks such as Apache Spark and Hadoop in optimizing data processing tasks. The integration of machine learning algorithms for dynamic workflow optimization and effective data management strategies in cloud environments are also examined. Through detailed case studies and application examples across various domains, the manuscript illustrates the practical implementation and outcomes of these optimization strategies. Furthermore, it discusses emerging trends in cloud technologies, the role of AI-driven automation in enhancing workflow efficiencies, and ethical considerations surrounding data science operations in cloud computing. The manuscript concludes with a summary of findings, practical recommendations for organizations seeking to enhance their data science workflows in the cloud, and insights into future research directions to address evolving challenges. (shrink)

This review delves into the influence of big data analytics on project management effectiveness and project success rates. By examining applications, accomplishments, hindrances, and emerging developments in the context of big data analytics and project management, this review provides insights into its transformative potential. Results indicate that big data analytics fosters improved project performance, more robust risk management, and heightened adaptability. However, challenges related to data quality, privacy, and project manager training remain to be addressed. (...) This review underscores the value of data-driven decision-making for both practitioners and researchers in the project management field. (shrink)

The background to this paper is that in our world of massively increasing personal digital data any control over the data about me seems illusionary – informational privacy seems a lost cause. On the other hand, the production of this digital data seems a necessary component of our present life in the industrialized world. A framework for a resolution of this apparent dilemma is provided if by the distinction between (meaningless) data and (meaningful) information. I (...) argue that computational data processing is necessary for many present-day processes and not a breach of privacy, while collection and processing of private information is often not necessary and a breach of privacy. The problem and the sketch of its solution are illustrated in a case-study: supermarket customer cards. (shrink)

Big Data ethics involves adherence to the concepts of right and wrong behavior regarding data, especially personal data. Big Data ethics focuses on structured or unstructured data collectors and disseminators. Big Data ethics is supported, at EU level, by extensive documentation, which seeks to find concrete solutions to maximize the value of Big Data without sacrificing fundamental human rights. The European Data Protection Supervisor (EDPS) supports the right to privacy and the (...) right to the protection of personal data in the respect of human dignity. DOI: 10.13140/RG.2.2.30867.43041. (shrink)

There is a long-running debate as to whether privacy is a matter of control or access. This has become more important following revelations made by Edward Snowden in 2013 regarding the collection of vast swathes of data from the Internet by signals intelligence agencies such as NSA and GCHQ. The nature of this collection is such that if the control account is correct then there has been a significant invasion of people's privacy. If, though, the access account (...) is correct then there has not been an invasion of privacy on the scale suggested by the control account. I argue that the control account of privacy is mistaken. However, the consequences of this are not that the seizing control of personal information is unproblematic. I argue that the control account, while mistaken, seems plausible for two reasons. The first is that a loss of control over my information entails harm to the rights and interests that privacy protects. The second is that a loss of control over my information increases the risk that my information will be accessed and that my privacy will be violated. Seizing control of another's information is therefore harmful, even though it may not entail a violation of privacy. Indeed, seizing control of another's information may be more harmful than actually violating their privacy. (shrink)

In this review, we present some ethical imperatives observed in this pandemic from a data ethics perspective. Our exposition connects recurrent ethical problems in the discipline, such as, privacy, surveillance, transparency, accountability, and trust, to broader societal concerns about equality, discrimination, and justice. We acknowledge data ethics role as significant to develop technological, inclusive, and pluralist societies. - - - Resumen: En esta revisión, exponemos algunos de los imperativos éticos observados desde la ética de datos en esta (...) pandemia. Nuestra exposición busca conectar problemas éticos típicos dentro de esta disciplina, a saber, privacidad, vigilancia, transparencia, responsabilidad y confianza, con preocupaciones a nivel social relacionadas con la igualdad, discrimi nación y justicia. Consideramos que la ética de datos tiene un rol significativo para desarrollar sociedades tecnificadas, inclusivas y pluralistas. (shrink)

An issue about the privacy of the clustered groups designed by algorithms arises when attempts are made to access certain pieces of information about those groups that would likely be used to harm them. Therefore, limitations must be imposed regarding accessing such information about clustered groups. In the discourse on group privacy, it is argued that the right to privacy of such groups should be recognised to respect group privacy, protecting clustered groups against discrimination. According to (...) this viewpoint, this right places a duty on others, for example, private companies, institutions, and governments, to refrain from accessing such information. To defend the idea that the right to privacy should be recognised for clustered groups, at least two requirements must be satisfied. First, clustered group privacy must be conceived of as either a collective good or a participatory good. Since these forms of good are of the type from which no member of a group can be excluded from benefiting, the right to them is defined as a group right. Second, there must be group interests on which to base a group right. Group interests can be either the interests of those members that are a result of their being in the group or the interests of the group as a whole that transcend the interests of its members. However, this paper argues that clustered group privacy cannot be conceived of as either a collective or a participatory good because it is possible for some individuals to be excluded from benefiting from it. Furthermore, due to the lack of awareness among individuals that they are members of a clustered group and the nature of a clustered group itself, such groups cannot have the group interests necessary to establish a group right. Hence, the group right to privacy cannot be recognised for these groups, implying that the group right cannot be considered a means to protect clustered groups against discrimination. Instead, this paper suggests that moral principles need to be articulated within an ethics of vulnerability to identify the moral obligations of protecting vulnerable clustered groups. The duty owed to the vulnerable should involve refraining from accessing certain information about clustered groups in specific contexts. This duty is not engendered by the right to privacy of such groups; it is the duty owed to the vulnerable. The findings highlight the need to articulate moral principles regarding privacy and data protection to protect clustered groups in contexts in which accessing information about them could constitute a reason for discriminatory targeting. (shrink)

Digital data help data scientists and epidemiologists track and predict outbreaks of disease. Mobile phone GPS data, social media data, or other forms of information updates such as the progress of epidemics are used by epidemiologists to recognize disease spread among specific groups of people. Targeting groups as potential carriers of a disease, rather than addressing individuals as patients, risks causing harm to groups. While there are rules and obligations at the level of the individual, we (...) have to reach a stage in the development of data analytics where groups are protected as entities. This chapter offers a deeper examination of harms to the groups. (shrink)

This paper addresses the always online behavior of the data owner in proxy re- encryption schemes for re-encryption keys issuing. We extend and adapt multi-authority ciphertext policy attribute based encryption techniques to type-based proxy re-encryption to build our solution. As a result, user authentication and user authorization are moved to the cloud server which does not require further interaction with the data owner, data owner and data users identities are hidden from the cloud server, and re-encryption (...) keys are only issued to legitimate users. An in depth analysis shows that our scheme is secure, flexible and efficient for mobile cloud computing. (shrink)

The fact that Internet companies may record our personal data and track our online behavior for commercial or political purpose has emphasized aspects related to online privacy. This has also led to the development of search engines that promise no tracking and privacy. Search engines also have a major role in spreading low-quality health information such as that of anti-vaccine websites. This study investigates the relationship between search engines’ approach to privacy and the scientific quality of (...) the information they return. We analyzed the first 30 webpages returned searching “vaccines autism” in English, Spanish, Italian, and French. The results show that not only “alternative” search engines but also other commercial engines often return more anti-vaccine pages (10–53%) than Google (0%). Some localized versions of Google, however, returned more anti-vaccine webpages (up to 10%) than Google. Health information returned by search engines has an impact on public health and, specifically, in the acceptance of vaccines. The issue of information quality when seeking information for making health-related decisions also impact the ethical aspect represented by the right to an informed consent. Our study suggests that designing a search engine that is privacy savvy and avoids issues with filter bubbles that can result from user-tracking is necessary but insufficient; instead, mechanisms should be developed to test search engines from the perspective of information quality (particularly for health-related webpages) before they can be deemed trustworthy providers of public health information. (shrink)

Background: Use of patients’ medical data for secondary purposes such as health research, audit, and service planning is well established in the UK. However, the governance environment, as well as public understanding about this work, have lagged behind. We aimed to systematically review the literature on UK and Irish public views of patient data used in research, critically analysing such views though an established biomedical ethics framework, to draw out potential strategies for future good practice guidance and inform (...) ethical and privacy debates. Methods: We searched three databases using terms such as patient, public, opinion, and electronic health records. Empirical studies were eligible for inclusion if they surveyed healthcare users, patients or the public in UK and Ireland and examined attitudes, opinions or beliefs about the use of patient data for medical research. Results were synthesised into broad themes using a framework analysis. Results: Out of 13,492 papers and reports screened, 20 papers or reports were eligible. While there was a widespread willingness to share patient data for research for the common good, this very rarely led to unqualified support. The public expressed two generalised concerns about the potential risks to their privacy. The first of these concerns related to a party’s competence in keeping data secure, while the second was associated with the motivation a party might have to use the data. Conclusions: The public evaluates trustworthiness of research organisations by assessing their competence in data-handling and motivation for accessing the data. Public attitudes around data-sharing exemplified several principles which are also widely accepted in biomedical ethics. This provides a framework for understanding public attitudes, which should be considered in the development in any guidance for regulators and data custodians. We propose four salient questions which decision makers should address when evaluating proposals for the secondary use of data. (shrink)

This research explores how a person with whom information has been shared and, importantly, an artificial intelligence (AI) system used to deduce information from the shared data contribute to making the disclosure context private. The study posits that private contexts are constituted by the interactions of individuals in the social context of intersubjectivity based on trust. Hence, to make the context private, the person who is the trustee (i.e., with whom information has been shared) must fulfil trust norms. According (...) to the commitment account of trustworthiness, a person is trustworthy only if they satisfy the norm of competence. It is argued that a person using an AI system to answer a question is competent only if they are ex post justified in believing what has been delivered by the AI system. A person’s belief is justified in the doxastic sense only if the AI system is accurate. This feature of AI’s performance affects a person’s competence and, as a result, trustworthiness. The effect of AI on trust as an essential component of making the context private, and thus on privacy, means an AI system also impacts privacy. Therefore, a private context is constituted when the individual with whom the information is shared fulfils the competence norm and the AI system used for analysing the information is sufficiently accurate to adhere to this norm. The result of this research emphasises the significance of the relationship between individuals involved in information-sharing and how an AI system used for analysing that information impacts the relationship regarding making the context private, as well as how it impacts privacy. The findings of this research have significant implications for improving or ameliorating privacy regulations in light of trust. (shrink)

The advent of Generative AI, particularly through Large Language Models (LLMs) like ChatGPT and its successors, marks a paradigm shift in the AI landscape. Advanced LLMs exhibit multimodality, handling diverse data formats, thereby broadening their application scope. However, the complexity and emergent autonomy of these models introduce challenges in predictability and legal compliance. This paper analyses the legal and regulatory implications of Generative AI and LLMs in the European Union context, focusing on liability, privacy, intellectual property, and cybersecurity. (...) It examines the adequacy of the existing and proposed EU legislation, including the Artificial Intelligence Act (AIA), in addressing the challenges posed by Generative AI in general and LLMs in particular. The paper identifies potential gaps and shortcomings in the EU legislative framework and proposes recommendations to ensure the safe and compliant deployment of generative models. (shrink)