The capacity to understand and control one’s personal data is now a crucial part of living in contemporary society. In this sense, traditional concerns over supporting the development of ‘digital ...literacy’ are now being usurped by concerns over citizens’ ‘data literacies’. In contrast to recent data safety and data science approaches, this article argues for a more critical form of ‘personal data literacies’ where digital data are understood as socially situated and context dependent. Drawing on the critical literacies tradition, the article outlines a range of salient socio-technical understandings of personal data generation and processing. Specifically, the article proposes a framework of ‘Personal Data Literacies’ that distinguishes five significant domains: (1) Data Identification, (2) Data Understandings, (3) Data Reflexivity, (4) Data Uses, and (5) Data Tactics. The article concludes by outlining the implications of this framework for future education and research around the area of individuals’ understandings of personal data.
The legal domain distinguishes between different types of data and attaches a different level of protection to each of them. Thus, non-personal data are left largely unregulated, while privacy and ...data protection rules apply to personal data or personal information. There are stricter rules for processing sensitive personal data than for ‘ordinary’ personal data, and metadata or communications data are regulated differently than content communications data. Technological developments challenge these legal categorisations on at least three fronts: First, the lines between the categories are becoming harder to draw and more fluid. Second, working with various categories of data works well when the category a datum or dataset falls into is relatively stable. However, this is less and less so. Third, scholars increasingly question the rationale behind the various legal categorisations. This book assesses to what extent either of these strategies is feasible and to what extent alternative approaches could be developed by combining insights from three fields: technology, practice and law.
Advances in technology and information demand that the law can accommodate all forms of need for legal protection in the future.
Objective : This research aims to describe the picture of threats to ...data resources in the midst of the COVID-19 pandemic as well as describe personal data protection policies in the midst of the Covid-19 pandemic.
Methods : This research uses the literature review method. The literary materials obtained are in the form of scientific papers, online media, books, etc. that concerns the analyzed object.
Findings : The current personal data protection policy is still based on Law Number 19 of 2016 concerning Amendments to Law Number 11 of 2008 concerning Information and Electronic Transactions which until now is considered not optimal to ensure legal protection of data resources in the era of the Covid-19 pandemic. 19. Data reports from the National Cyber and Crypto Agency show that until 2020 cyber attacks in Indonesia have increased to reach 190 million cyber attacks.
Function : This research provides an explanation of the urgency of the need for legislation that specifically regulates the protection of personal data.
Novelty : There has not been any researches that study the same topic as that discussed in this article.
Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR) establishes the obligation for states to designate a supervisory authority to oversee compliance with the rules set out ...therein. The obligation to designate a supervisory authority is also enshrined in other legislation at the international level and at the constitutional level. The article focuses on the aspect of embedding it in legislation and its status as an independent administrative authority.
Algorithms that remember: model inversion attacks and data protection law Veale, Michael; Binns, Reuben; Edwards, Lilian
Philosophical transactions of the Royal Society of London. Series A: Mathematical, physical, and engineering sciences,
10/2018, Letnik:
376, Številka:
2133
Journal Article
Recenzirano
Odprti dostop
Many individuals are concerned about the governance of machine learning systems and the prevention of algorithmic harms. The EU's recent General Data Protection Regulation (GDPR) has been seen as a ...core tool for achieving better governance of this area. While the GDPR does apply to the use of models in some limited situations, most of its provisions relate to the governance of personal data, while models have traditionally been seen as intellectual property. We present recent work from the information security literature around 'model inversion' and 'membership inference' attacks, which indicates that the process of turning training data into machine-learned systems is not one way, and demonstrate how this could lead some models to be legally classified as personal data. Taking this as a probing experiment, we explore the different rights and obligations this would trigger and their utility, and posit future directions for algorithmic governance and regulation.
This article is part of the theme issue 'Governing artificial intelligence: ethical, legal, and technical opportunities and challenges'.
•Examines antecedents of use of online digital personal data stores (DPDSs)•Conducted a survey on a representative sample of UK users•Usefulness and ease of use positively influence attitude towards ...using DPDSs•Privacy risk does not moderate any of the relationships•Trust positively influences perceived usefulness and ease of use of DPDSs
Recent data leaks such as those involving Dropbox have apparently made Internet users feel less secure than in the past as they face risks when dealing with their digital personal data. However, consumers have increasingly embraced cloud computing empowered Digital Personal Data Stores (DPDSs). To understand this paradox, this study shifts the unit of analysis of DPDSs acceptance from organizations to individuals/consumers and identifies the drivers of adoption of DPDSs (beyond broadly defined cloud computing services). Moreover, it proposes, develops and tests empirically a comprehensive extended version of the Technology Acceptance Model (TAM) in the context of DPDSs, leveraging perceived privacy risks and trust. Using a panel of UK consumers, we find that perceived trust positively influences both usefulness and ease of use. These constructs, in turn, positively affect attitude towards using DPDSs, which ultimately increases the intention to use DPDSs. Privacy risk does not moderate any of the investigated relationships, thus suggesting that trust is a key underlying mechanism enhancing the acceptance of DPDS. Hence, theoretical and managerial implications are discussed.
Działalność przedsiębiorstw jest regulowana wieloma przepisami prawa, z których w ostatnim okresie na pierwszy plan wysuwają się te dotyczące danych osobowych. Wprowadzenie RODO spowodowało, że ...ochrona danych osobowych nabrała nowego wymiaru i to niezależnie od pozostałych uwarunkowań prowadzenia działalności gospodarczej. W artykule przedstawiono próbę przybliżenia przepisów z zakresu ochrony danych osobowych, które dla wielu przedsiębiorców stanowią poważne wyzwanie. Ponadto skupiono się na problemach praktycznego funkcjonowania tych norm prawnych, które z założenia mają poprawić stan ochrony danych osobowych znajdujących się w dyspozycji przedsiębiorców nie tylko w naszym kraju.
The activity of enterprises is regulated by many legal provisions, from which personal data have been of the highest importance recently. The introduction of the GDPR meant that the protection of personal data has acquired a new dimension, regardless of the other conditions of doing business. The article presents an attempt to approximate the provisions on the protection of personal data, which are a serious challenge for many entrepreneurs. In addition, the focus was also on the problems of the practical
functioning of these legal norms, which are intended to improve the protection of personal data at the disposal of entrepreneurs not only in our country.
With the rise of short-form video platforms and the increasing availability of data, we see the potential for people to share short-form videos embedded with data in situ (e.g., daily steps when ...running) to increase the credibility and expressiveness of their stories. However, creating and sharing such videos in situ is challenging since it involves multiple steps and skills (e.g., data visualization creation and video editing), especially for amateurs. By conducting a formative study (N=10) using three design probes, we collected the motivations and design requirements. We then built VisTellAR, a mobile AR authoring tool, to help amateur video creators embed data visualizations in short-form videos in situ. A two-day user study shows that participants (N=12) successfully created various videos with data visualizations in situ and they confirmed the ease of use and learning. AR pre-stage authoring was useful to assist people in setting up data visualizations in reality with more designs in camera movements and interaction with gestures and physical objects to storytelling.
The European Union recently established the General Data Protection Regulation (GDPR) for secure data use and personal information protection. Inspired by this, South Korea revised their Personal ...Information Protection Act, the Act on Promotion of Information and Communications Network Utilization and Information Protection, and the Credit Information Use and Protection Act, collectively known as the “Three Data Bills,” which prescribe safe personal information use based on pseudonymous data processing. Based on these bills, the personal data store (PDS) has received attention because it utilizes the MyData service, which actively manages and controls personal information based on the approval of individuals, and it practically ensures their rights to informational self-determination. Various types of PDS models have been developed by several countries (e.g., the US, Europe, and Japan) and global platform firms. The South Korean government has now initiated MyData service projects for personal information use in the financial field, focusing on personal credit information management. There is also a need to verify the efficacy of this service in diverse fields (e.g., medical). However, despite the increased attention, existing MyData models and frameworks do not satisfy security requirements of ensured traceability, transparency, and distributed authentication for personal information use. This study analyzes primary PDS models and compares them to an internationally standardized framework for personal information security with guidelines on MyData so that a proper PDS model can be proposed for South Korea.
The paper presents the problem domain related to data safety management in the face of the threats that organisations of all types encounter in this scope. The Author’s particular concern are ...personal data management issues, which are of key importance for contemporary enterprises as they frequently determine wining the market advantage and growth in their competitiveness. Yet, incidents of personal data breaches, aimed at economic organisations have been on the increase in the recent years, leading not only to substantial financial losses, but what is worse, frequently resulting in damage to their reputation. Therefore, a vital issue for all enterprises is to make their employees acquainted with threats to data security and their potential harmful effects on the operations and financial results of organisations. The paper presents an analysis of breaches to personal data in organisations in a global dimension as well as analyses of their negative effects to their image and trust of their customers.