In the Internet of Things (IoT), identification and access control technologies provide essential infrastructure to link data between a user's devices with unique identities, and provide seamless and linked up services. At the same time, profiling methods based on linked records can reveal unexpected details about users' identity and private life, which can conflict with privacy rights and lead to economic, social, and other forms of discriminatory treatment. A balance must be struck between identification and access control required for the IoT to function and user rights to privacy and identity. Striking this balance is not an easy task because of weaknesses in cybersecurity and anonymisation techniques. The EU General Data Protection Regulation (GDPR), set to come into force in May 2018, may provide essential guidance to achieve a fair balance between the interests of IoT providers and users. Through a review of academic and policy literature, this paper maps the inherent tension between privacy and identifiability in the IoT. It focuses on four challenges: (1) profiling, inference, and discrimination; (2) control and context-sensitive sharing of identity; (3) consent and uncertainty; and (4) honesty, trust, and transparency. The paper will then examine the extent to which several standards defined in the GDPR will provide meaningful protection for privacy and control over identity for users of IoT. The paper concludes that in order to minimise the privacy impact of the conflicts between data protection principles and identification in the IoT, GDPR standards urgently require further specification and implementation into the design and deployment of IoT technologies.
AbstractWith the rapid increase in the ability to store and analyze large amounts of data, organizations are gathering extensive data regarding their customers, vendors, and other entities. There has been a concurrent increase in the demand for preserving the privacy of confidential data that may be collected. The rapid growth of e‐commerce has also increased calls for maintaining privacy and confidentiality of data. For numerical data, data perturbation methods offer an easy yet effective solution to the dilemma of providing access to legitimate users while protecting the data from snoopers (legitimate users who perform illegitimate analysis). In this study, we define a new security requirement that achieves the objective of providing access to legitimate users without an increase in the ability of a snooper to predict confidential information. We also derive the specifications under which perturbation methods can achieve this objective. Numerical examples are provided to show that the use of the new specification achieves the objective of no additional information to the snooper. Implications of the new specification for e‐commerce are discussed.
ObjectivesGeneration of synthetic data could improve the efficiency of administrative data analysis. We describe barriers and facilitators to synthetic administrative data in the UK based on our experience of generating, assessing, and evaluating the performance of different approaches. We aim to provide guidance on the appropriate uses of synthetic administrative data.
ApproachWe generated synthetic versions of one large-population survey (Natsal-3) and two administrative datasets (Hospital Episode Statistics [HES] and National Pupil Database [NPD]). A range of methods were used based on the statistical techniques of sampling and prediction. We implemented non-parametric (e.g., Classification and Regression Tree) and parametric (e.g., generalised linear models) methods, and multiple imputation and Bayesian networks in R software. We attempted to generate low- and high-fidelity datasets and assessed utility by visualising marginal distributions of key variables, estimating the standardised propensity mean square error, and deriving standardised coefficient differences of model estimates and overlap of confidence intervals.
ResultsResults from our analysis highlighted some facilitators related to low-fidelity synthetic data that are quicker to generate, can retain the data types, format, and privacy and could be used to support training and code development. Conversely, some of the barriers included computational issues when generating high-fidelity synthetic data from complex data structures. High-fidelity data are achievable but only in the context of a specific research question and a limited number of variables. Results from the Natsal-3 data showed that parametric methods produced slightly better data utility compared to non-parametric methods. Results for HES and NPD will also be presented.
ConclusionsLow-fidelity synthetic data can provide a useful resource to support users of administrative data, whilst minimising data access timelines and while retaining privacy and confidentiality of personal data. High-utility datasets can be generated but take considerable resources, and current approaches cannot fully handle the complexity of longitudinal administrative data.
AbstractThis article aimed to capture and understand individual's intentions to share data, focusing on data individuals perceive as most sensitive: healthcare data. The study reviews literature related to the decision‐making process with regard to sharing personal data. The context is the UK National Health Service, and measures from literature are used to analyze individual's intention to share healthcare data. A scale is developed and applied to evaluate the decision to share healthcare data. Measurement constructs include intention to disclose, perceived protection, benefits, risk, subjective norms, and perception of use. Analysis draws on data from 129 survey respondents. Though numerous measurements are reported in literature and used in this study, two predictors dominate intention to disclose healthcare data: perceived information risk (PIR) and perceived societal benefit (PSB), and both are significant. PIR contributes negatively, whereas PSB contributes positively to predict intention. For personal healthcare, the privacy paradox applies as though risk may outweigh benefit people rarely opt out of data sharing. Individuals consciously or unconsciously consider their perception of the risk and broader benefits of data sharing. Both risk and benefit are both significant and important; perceived risk carries more weight than perceived benefits. Organizations need to develop campaigns to very clearly explain risks and benefits of personal data sharing to ensure that individuals can make truly informed decisions.
This study analyzes a new phenomenon known as mass housing in the Northern part of Cyprus from examples chosen among well-known construction companies to determine the role and degree of considering privacy of the occupants in apartment blocks. Mass housing in Northern Cyprus started recently from 1960 through efforts of governmental and Union bodies followed by private companies and the expansion of the construction firms. Mass housing seemed to be the way of submitting the high demands and needs of the population of the country. Privacy in housing is one of the most important issues to be considered. Regardless of the individuals, cultural background, every person needs some sorts of privacy at their home for relaxation and comfort. Privacy plays the vital role in satisfaction of the occupant. Providing privacy is possible via considering different aspects of interior designs. Among these, floor plan, zoning, circulation and relation of those are seems to be the basic to improve the demand and satisfaction of the individuals within home interior environment. The current study is based on the collected data and analysis via plan organization. It is seen that interior design of the houses as home to variety of people bought from mass-housing projects needs urgent upgrade and consideration based on the occupant privacy and needs at the design process. Size and number of rooms has no significant relationship with privacy whereas the place and site of the bedroom and kitchen are more important for the occupants. Further recommendations are presented at the final chapter of the study. Keywords: Privacy, Plan Organization, Interior design, Mass Housing, North Cyprus ; ÖZ : Bu çalışma Kıbrıs'ın Kuzeyinde toplu konut olarak bilinen yeni fenomenide analiz mahremiyet sakinleri ediyor. Bunu yaparken çok iyi bilinen inşaat şirketlerinin örnekleri seçilmiş, ne seçilen apartmanlardaki dairelerde kalan kişilerin mahremiyetini düşünme derecesini ve rolünü belirlemek için yapılmıştır. kıbrıs'taki toplu konut olgusuna ba bulduğun da bunun. 1960'tan itibaren hükümet ve Sendika kuruluşlarının gayretleriyle ve onlardan sonra da özel inşaat şirketlerinin çoğalmass ile devam ettiği görülür. Toplu konut, ülke nüfusunun taleplerini ve ihtiyaçlarını karşılama yolu olarak bir yöntemdir. Konutta mahremiyet düşünülmesi gereken en önemli konulardan biridir. Bireylerin ve kültürel geçmişlerine bakılmaksızın her insanın rahatlamak ve dinlenmek için evlerinde bir çeşit mahremiyete ihtiyaç duymaktadır. Mahremiyet, evde kalan kişinin memnun kalmada çok önemli bir rol oynar. Mahremiyeti temin etmek ancak iç tasarımın değişik yönlerini düşünmekle mümkün olur. Bunların içerisinde kat planları, bölgelendirme, dolaşım ve benzeri, bireylerin memnuniyetini ve talebini geliştirmek için esaslar olarak gözüküyor. Bu evin içindeki ortam için geçerlidir. Bu çalışma, plan organizasyon aracılığıyla toplanmış veri ve analiz üzerine dayandırılmıştır. Çeşitli insanların Toplu konut projelerinden satın aldığı evlerin yuva olması için iç tasarımlarının acil olarak daha da geliştirilmeleri gözüyle bakılmaktadır. Bu da ikamet mahremiyeti ve tasarım sürecine dayandırılmıştır. Odaların büyüklüğü ile sayısının mahremiyet ile ilgili önemli bir ilişki bulunmamaktadır fakat yatak odası ve mutfağın yeri evde kalanlar için daha önemlidir. Bu çalışmanın son bölümünde ek tavsiyeler sunulmuştur. Anahtar kelimeler: Mahremiyet, Plan Organizasyonu, İç tasarım, Toplu Konut, Kuzey Kıbrıs. ; Master of Science in Interior Architecture. Thesis (M.S.)--Eastern Mediterranean University, Faculty of Architecture, Dept. of Interior Architecture, 2016. Supervisor: Assoc. Prof. Dr. Banu Çavuşoğlu.
Big Data wird in der aktuellen Diskussion oft als unvereinbar mit dem Datenschutz und dem Schutz der Privatsphäre dargestellt. Dabei ist eine differenzierte Analyse nötig, will man die möglichen positiven Auswirkungen von Big-Data-Analysen grundrechtskonform und datenschutzgerecht erreichen. Der neue europäische Rechtsrahmen für den Datenschutz wird dabei eine wesentliche Rolle spielen. Allerdings sind darüber hinaus auch ethische Überlegungen notwendig, soll der Einsatz von Big Data gesellschaftlich akzeptabel gestaltet werden.
Abstract Data governance is a critical section in the construction of smart cities. Current research still has gaps in the overall data governance mechanism, particularly how data openness promotes innovation in detail and potential data security and privacy risks. Taking Shenzhen, China, as a case, this paper aims to explore collecting, sharing, using, innovation, security, and privacy of data governance, focusing on analyzing how data openness promotes social innovation and how the government will deal with potential risks of data security and privacy. At the end of the article, there are some policy implications. As for institutional innovation, the Shenzhen Municipal Government is the leader in the smart city construction, issuing many documents and supporting policies to guide the data collection, sharing, and application. Meanwhile, the government encourages enterprises to co-design the smart city through general contracting, subcontracting, and government purchases. Besides, in terms of data security and privacy protection, when framing the governance system, policymakers should consider the policy feasibility, implementation scope, and the consistency of relevant policies to reduce the confusion of enterprises and the public.
Abstract Data governance is a critical section in the construction of smart cities. Current research still has gaps in the overall data governance mechanism, particularly how data openness promotes innovation in detail and potential data security and privacy risks. Taking Shenzhen, China, as a case, this paper aims to explore collecting, sharing, using, innovation, security, and privacy of data governance, focusing on analyzing how data openness promotes social innovation and how the government will deal with potential risks of data security and privacy. At the end of the article, there are some policy implications. As for institutional innovation, the Shenzhen Municipal Government is the leader in the smart city construction, issuing many documents and supporting policies to guide the data collection, sharing, and application. Meanwhile, the government encourages enterprises to co-design the smart city through general contracting, subcontracting, and government purchases. Besides, in terms of data security and privacy protection, when framing the governance system, policymakers should consider the policy feasibility, implementation scope, and the consistency of relevant policies to reduce the confusion of enterprises and the public.
Abstract Data governance is a critical section in the construction of smart cities. Current research still has gaps in the overall data governance mechanism, particularly how data openness promotes innovation in detail and potential data security and privacy risks. Taking Shenzhen, China, as a case, this paper aims to explore collecting, sharing, using, innovation, security, and privacy of data governance, focusing on analyzing how data openness promotes social innovation and how the government will deal with potential risks of data security and privacy. At the end of the article, there are some policy implications. As for institutional innovation, the Shenzhen Municipal Government is the leader in the smart city construction, issuing many documents and supporting policies to guide the data collection, sharing, and application. Meanwhile, the government encourages enterprises to co-design the smart city through general contracting, subcontracting, and government purchases. Besides, in terms of data security and privacy protection, when framing the governance system, policymakers should consider the policy feasibility, implementation scope, and the consistency of relevant policies to reduce the confusion of enterprises and the public.
In: "Obama's Court: Recent Changes in U.S. Constitutional Law in Transatlantic Perspective" edited by Anna-Bettina Kaiser, Niels Petersen and Johannes Saurer, 2017 Forthcoming
IntroductionDuring 2019, the Western Australian (WA) government and Curtin University's Centre for Data Linkage (CDL) created a large, de-identified researchable database – the Social Investment Data Resource (SIDR) – to support government in delivering targeted early interventions to young offenders and their families to reduce the likelihood of re-offending (the Target 120 program).
Objectives and ApproachSIDR brings together administrative data from health, education, justice, child protection, disability and housing sectors. The linked, de-identified data provides an invaluable resource for actuarial assessment and social investment analytics to assess long-term costs and benefits of the Target 120 program. SIDR also provides an invaluable tool for academic research. SIDR adopted a distributed linkage model where linkage workload was shared between the Department of Health Data Linkage Branch who create and maintain the WA Data Linkage System (WADLS) and the CDL. Design elements of the model included a common spine (embedded into the infrastructure of both groups), methods for leveraging quality from WADLS, and inclusion of family relationships data from the WA Family Connections database. The linkage model within SIDR uses a combination of traditional and privacy-preserving record linkage (PPRL) methods. PPRL does not require release of personal identifiers; instead, data is irreversibly hashed prior to release for probabilistic linkage.
ResultsThrough cooperation (distributed linkage) and innovation (a mix of traditional and PPRL linkage), the project has delivered a large, linked, cross-sectoral data resource for policymakers and researchers. Sharing of the linkage workload maximised the capacity and unique capabilities of each linkage unit. PPRL enabled 'hard to get' datasets from justice to be included. SIDR is being updated in 2020.
Conclusion / ImplicationsSIDR provides a resource for whole-of-government policy development, service evaluation, academic research and social investment analytics for T120 and beyond. The SIDR linkage model has potential for adaptation and use elsewhere.