The capacity to understand and control one’s personal data is now a crucial part of living in contemporary society. In this sense, traditional concerns over supporting the development of ‘digital ...literacy’ are now being usurped by concerns over citizens’ ‘data literacies’. In contrast to recent data safety and data science approaches, this article argues for a more critical form of ‘personal data literacies’ where digital data are understood as socially situated and context dependent. Drawing on the critical literacies tradition, the article outlines a range of salient socio-technical understandings of personal data generation and processing. Specifically, the article proposes a framework of ‘Personal Data Literacies’ that distinguishes five significant domains: (1) Data Identification, (2) Data Understandings, (3) Data Reflexivity, (4) Data Uses, and (5) Data Tactics. The article concludes by outlining the implications of this framework for future education and research around the area of individuals’ understandings of personal data.
The legal domain distinguishes between different types of data and attaches a different level of protection to each of them. Thus, non-personal data are left largely unregulated, while privacy and ...data protection rules apply to personal data or personal information. There are stricter rules for processing sensitive personal data than for ‘ordinary’ personal data, and metadata or communications data are regulated differently than content communications data. Technological developments challenge these legal categorisations on at least three fronts: First, the lines between the categories are becoming harder to draw and more fluid. Second, working with various categories of data works well when the category a datum or dataset falls into is relatively stable. However, this is less and less so. Third, scholars increasingly question the rationale behind the various legal categorisations. This book assesses to what extent either of these strategies is feasible and to what extent alternative approaches could be developed by combining insights from three fields: technology, practice and law.
Many individuals are concerned about the governance of machine learning systems and the prevention of algorithmic harms. The EU's recent General Data Protection Regulation (GDPR) has been seen as a ...core tool for achieving better governance of this area. While the GDPR does apply to the use of models in some limited situations, most of its provisions relate to the governance of personal data, while models have traditionally been seen as intellectual property. We present recent work from the information security literature around 'model inversion' and 'membership inference' attacks, which indicates that the process of turning training data into machine-learned systems is not one way, and demonstrate how this could lead some models to be legally classified as personal data. Taking this as a probing experiment, we explore the different rights and obligations this would trigger and their utility, and posit future directions for algorithmic governance and regulation.
This article is part of the theme issue 'Governing artificial intelligence: ethical, legal, and technical opportunities and challenges'.
•Examines antecedents of use of online digital personal data stores (DPDSs)•Conducted a survey on a representative sample of UK users•Usefulness and ease of use positively influence attitude towards ...using DPDSs•Privacy risk does not moderate any of the relationships•Trust positively influences perceived usefulness and ease of use of DPDSs
Recent data leaks such as those involving Dropbox have apparently made Internet users feel less secure than in the past as they face risks when dealing with their digital personal data. However, consumers have increasingly embraced cloud computing empowered Digital Personal Data Stores (DPDSs). To understand this paradox, this study shifts the unit of analysis of DPDSs acceptance from organizations to individuals/consumers and identifies the drivers of adoption of DPDSs (beyond broadly defined cloud computing services). Moreover, it proposes, develops and tests empirically a comprehensive extended version of the Technology Acceptance Model (TAM) in the context of DPDSs, leveraging perceived privacy risks and trust. Using a panel of UK consumers, we find that perceived trust positively influences both usefulness and ease of use. These constructs, in turn, positively affect attitude towards using DPDSs, which ultimately increases the intention to use DPDSs. Privacy risk does not moderate any of the investigated relationships, thus suggesting that trust is a key underlying mechanism enhancing the acceptance of DPDS. Hence, theoretical and managerial implications are discussed.
Działalność przedsiębiorstw jest regulowana wieloma przepisami prawa, z których w ostatnim okresie na pierwszy plan wysuwają się te dotyczące danych osobowych. Wprowadzenie RODO spowodowało, że ...ochrona danych osobowych nabrała nowego wymiaru i to niezależnie od pozostałych uwarunkowań prowadzenia działalności gospodarczej. W artykule przedstawiono próbę przybliżenia przepisów z zakresu ochrony danych osobowych, które dla wielu przedsiębiorców stanowią poważne wyzwanie. Ponadto skupiono się na problemach praktycznego funkcjonowania tych norm prawnych, które z założenia mają poprawić stan ochrony danych osobowych znajdujących się w dyspozycji przedsiębiorców nie tylko w naszym kraju.
The activity of enterprises is regulated by many legal provisions, from which personal data have been of the highest importance recently. The introduction of the GDPR meant that the protection of personal data has acquired a new dimension, regardless of the other conditions of doing business. The article presents an attempt to approximate the provisions on the protection of personal data, which are a serious challenge for many entrepreneurs. In addition, the focus was also on the problems of the practical
functioning of these legal norms, which are intended to improve the protection of personal data at the disposal of entrepreneurs not only in our country.
With the rise of short-form video platforms and the increasing availability of data, we see the potential for people to share short-form videos embedded with data in situ (e.g., daily steps when ...running) to increase the credibility and expressiveness of their stories. However, creating and sharing such videos in situ is challenging since it involves multiple steps and skills (e.g., data visualization creation and video editing), especially for amateurs. By conducting a formative study (N=10) using three design probes, we collected the motivations and design requirements. We then built VisTellAR, a mobile AR authoring tool, to help amateur video creators embed data visualizations in short-form videos in situ. A two-day user study shows that participants (N=12) successfully created various videos with data visualizations in situ and they confirmed the ease of use and learning. AR pre-stage authoring was useful to assist people in setting up data visualizations in reality with more designs in camera movements and interaction with gestures and physical objects to storytelling.
The paper presents the problem domain related to data safety management in the face of the threats that organisations of all types encounter in this scope. The Author’s particular concern are ...personal data management issues, which are of key importance for contemporary enterprises as they frequently determine wining the market advantage and growth in their competitiveness. Yet, incidents of personal data breaches, aimed at economic organisations have been on the increase in the recent years, leading not only to substantial financial losses, but what is worse, frequently resulting in damage to their reputation. Therefore, a vital issue for all enterprises is to make their employees acquainted with threats to data security and their potential harmful effects on the operations and financial results of organisations. The paper presents an analysis of breaches to personal data in organisations in a global dimension as well as analyses of their negative effects to their image and trust of their customers.
Data from the Internet of Things (IoT) enables the design of new business models and services that improve user experience and satisfaction. These data serve as important information sources for many ...domains, including disaster management, biosurveillance, smart cities, and smart health, among others. However, this scenario involves the collection of personal data, raising new challenges related to data privacy protection. Therefore, we aim to provide state-of-the-art information regarding privacy issues in the context of IoT, with a particular focus on findings that utilize the Personal Data Store (PDS) as a viable solution for these concerns. To achieve this, we conduct a systematic mapping review to identify, evaluate, and interpret the relevant literature on privacy issues and PDS-based solutions in the IoT context. Our analysis is guided by three well-defined research questions, and we systematically selected 49 studies published until 2023 from an initial pool of 176 papers. We analyze and discuss the most common privacy issues highlighted by the authors and position the role of PDS technologies as a solution to privacy issues in the IoT context. As a result, our findings reveal that only a small number of works (approximately 20%) were dedicated to presenting solutions for privacy issues. Most works (almost 82%) were published between 2018 and 2023, demonstrating an increased interest in the theme in recent years. Additionally, only two works used PDS-based solutions to deal with privacy issues in the IoT context.