PB
Uploaded byPaul Bernal
PPT, PDF492 views

Can we keep your data please?

The document discusses issues around personal data collection on the internet and proposes giving individuals more control over their data. It suggests establishing a "right to delete" that would allow data subjects to easily delete personal data held by companies. This would shift the assumption that data can be held unless the individual wants it deleted, forcing data holders to justify retention. It could encourage new business models that use data temporarily rather than stockpiling it indefinitely. The right to delete would complement but not replace data protection principles by empowering individuals over how their data is used.

Embed presentation

Download to read offline
‘ Can we keep your data please?’ ….and other necessary questions Paul Bernal – University of East Anglia
Personal data on the internet Massive amounts are held Current commercial models rely on it The data that is held is vulnerable – and may be increasingly so The existence and use of that data is something that concerns people – and rightly so It’s our data, isn’t it??
Personal data in the new internet The Google/Facebook model Behavioural tracking Commercial data gathering The market in personal data Government/private sector cooperation
Data vulnerability Physical loss – e.g. HMRC/MOD data losses Hacking Vulnerability to government action: Subpoenas, USA PATRIOT act, Data retention Swiss banking data/Chinese Google hackers Commercial vulnerability T-Mobile data-selling scandal Changes of ownership etc Leaking For good reasons.. (Wikileaks??) … and bad (ACS: Law??)
What can be done? Systematic culture change – emphasis on data security More powerful, better resourced and better supported data protection systems Better use of technological protection – encryption etc More community awareness of the issue
But there will always be problems: Human errors Human malice Technological errors Community pressures New technological and business ideas
The only way for data to be truly safe…. … .is for it not to exist
Data minimisation Already a principle within data protection, but one that is effectively paid only lip-service It needs to be better enforced – both better detected and more harshly punished. Punishment for data protection breaches are generally for losses or inappropriate processing, not for failures of data minimisation Needs to be put more in the hands of the data subjects
New business models The drive behind the current web model has been the business concepts of Google and Facebook New business models could bring about new changes – but how to get them to happen? We need a change in assumptions – that unless you have a strong NEED to hold data, you should not hold that data Data holders need to ask ‘Can we keep your data please? … ..and respect the answer!
A right to delete? Currently it is the business that decides whether data should be held, anonymised or deleted If that decision is put in the hands of the data subject, businesses would think twice before using business models that rely on the data being held Instead, they might look for ways to use the data immediately, then discard it
A right to delete? Not the same as a ‘right to be forgotten’ – qualitatively different ‘ Forgotten’ is an emotive word, the right can be misunderstood, and opposed unnecessarily This is not re-writing history, or restricting journalists Not a tool for the rich and powerful to retain their power – though that risk is always present
A right to delete A change in paradigm. The assumption is that data can and should be deleted if the data subject wants it, unless there are pressing reasons the other way The right needs to be made easily applied – access to data and then the ability to delete it directly on the web Part of a shift in the nature of data protection – putting the focus on the rights of the individual, not on the obligations of the data controllers
When can data be held? Paternalistic reasons – for the benefit of the individual (e.g. medical data) Communitarian reasons – for the benefit of the community (e.g. criminal records) Administrative or economic reasons – for the benefit of society (e.g. tax records, electoral rolls) Archival reasons – for a good, accurate and useful historical record (e.g. newspaper records, British Library ‘right to archive’) Security reasons – for national security or criminal investigations (e.g. data retention laws)
Business reasons…. … .are not enough
Deletion and anonymisation Closely related – and complex Data can relate to more than one individual Data controllers might offer the option to anonymise rather than delete – but it should be the data subject’s option Anonymisation in itself is contentious and more often reversible than people suspect
Data protection principles The right to delete extends and improves implementation of data protection principles First point is better data access rights Second is putting data minimisation in the hand of the data subject Important to ensure that this right does not replace the data controller’s responsibility for data minimisation, but adds to it
Implications Gives individuals more control and autonomy Forces those holding data to justify why they’re holding it – in such a way that users understand Encourages the development of better business models Could end up supporting individuals even in places where data protection doesn’t apply – because the big businesses develop global business models
… and other necessary questions ‘ Can we gather your data please?’ … a right to roam the internet with privacy ‘ Can we do THIS with your data?’ … collaborative consent ‘ Do you mind if we watch you?’ … a right to monitor the monitors [email_address]

More Related Content

PPTX
The right to delete
byPaul Bernal
 
PDF
Data & Privacy: Striking the Right Balance - Jonny Leroy
byThoughtworks
 
PDF
Cybersecurity and Data Privacy
byWilmerHale
 
PPTX
Data set module 4
byData-Set
 
PPTX
Data set Legislation
byData-Set
 
PPTX
Data set Legislation
byData-Set
 
PPT
S719a
byecommerce
 
PDF
Data Privacy
bycliff_rudolph
 
The right to delete
byPaul Bernal
 
Data & Privacy: Striking the Right Balance - Jonny Leroy
byThoughtworks
 
Cybersecurity and Data Privacy
byWilmerHale
 
Data set module 4
byData-Set
 
Data set Legislation
byData-Set
 
Data set Legislation
byData-Set
 
S719a
byecommerce
 
Data Privacy
bycliff_rudolph
 

What's hot

PPTX
Data Privacy: What you need to know about privacy, from compliance to ethics
byAT Internet
 
PPT
“Privacy Today” Slide Presentation
bytomasztopa
 
PPT
Consumer Privacy
byAshish Jain
 
PPTX
Privacy & Data Ethics
byErik Kokkonen
 
PPT
Autonomy, Privacy, The Symbiotic Web
byPaul Bernal
 
PPTX
Information Governance -- Necessary Evil or a Bridge to the Future?
byJohn Mancini
 
PDF
[Presentation] GDPR - How to Ensure Compliance
byAIIM International
 
PPTX
Privacy issues in data analytics
byshekharkanodia
 
PPTX
Be aware of the laws in South Africa that apply to email
byLance Michalson
 
PPTX
Data Privacy and Protection Presentation
bymlw32785
 
PPTX
Data set Legislation
byData-Set
 
PDF
Ekwensi ACC article
byRonke Ekwensi
 
PDF
Governing the Chaos
byJohn Hansen
 
PPTX
Automotive sales crashing into data? Driving customer engagement & growth in...
byIgnitionOne
 
PPT
Data Protection: Process Information
byCristina Villavicencio
 
PPT
Data protection process information
byyourlegalconsultants
 
PPT
The ugly, the bad and the good of cloud computing for government institutions
byDan Michaluk
 
PDF
Data Privacy and Security by Design
byData Con LA
 
PDF
(Big) Data infographic - EnjoyDigitAll by BNP Paribas
byEnjoyDigitAll by BNP Paribas
 
PPTX
Privacy in the digital space
byYves Sinka
 
Data Privacy: What you need to know about privacy, from compliance to ethics
byAT Internet
 
“Privacy Today” Slide Presentation
bytomasztopa
 
Consumer Privacy
byAshish Jain
 
Privacy & Data Ethics
byErik Kokkonen
 
Autonomy, Privacy, The Symbiotic Web
byPaul Bernal
 
Information Governance -- Necessary Evil or a Bridge to the Future?
byJohn Mancini
 
[Presentation] GDPR - How to Ensure Compliance
byAIIM International
 
Privacy issues in data analytics
byshekharkanodia
 
Be aware of the laws in South Africa that apply to email
byLance Michalson
 
Data Privacy and Protection Presentation
bymlw32785
 
Data set Legislation
byData-Set
 
Ekwensi ACC article
byRonke Ekwensi
 
Governing the Chaos
byJohn Hansen
 
Automotive sales crashing into data? Driving customer engagement & growth in...
byIgnitionOne
 
Data Protection: Process Information
byCristina Villavicencio
 
Data protection process information
byyourlegalconsultants
 
The ugly, the bad and the good of cloud computing for government institutions
byDan Michaluk
 
Data Privacy and Security by Design
byData Con LA
 
(Big) Data infographic - EnjoyDigitAll by BNP Paribas
byEnjoyDigitAll by BNP Paribas
 
Privacy in the digital space
byYves Sinka
 

Viewers also liked

PPT
The Symbiotic Web
byPaul Bernal
 
PPTX
Taking back control
byPaul Bernal
 
PDF
Study: The Future of VR, AR and Self-Driving Cars
byLinkedIn
 
PDF
The Next Big Thing is Web 3.0. Catch It If You Can
byJudy O'Connell
 
PPT
The internet: a new frontier for human rights
byPaul Bernal
 
PPTX
Collaborative Consent
byPaul Bernal
 
PPT
Rise and Phall
byPaul Bernal
 
PDF
Digital Scholarship powered by reflection and reflective practice through the...
byJudy O'Connell
 
PPTX
Media A2 Portfolio
byhugojarvis
 
The Symbiotic Web
byPaul Bernal
 
Taking back control
byPaul Bernal
 
Study: The Future of VR, AR and Self-Driving Cars
byLinkedIn
 
The Next Big Thing is Web 3.0. Catch It If You Can
byJudy O'Connell
 
The internet: a new frontier for human rights
byPaul Bernal
 
Collaborative Consent
byPaul Bernal
 
Rise and Phall
byPaul Bernal
 
Digital Scholarship powered by reflection and reflective practice through the...
byJudy O'Connell
 
Media A2 Portfolio
byhugojarvis
 

Similar to Can we keep your data please?

PPT
Personal privacy and computer technologies
bysidra batool
 
PPTX
Chapter 08 – Data Protection, Privacy and Freedom of Information - BIT IT5104
byUpekha Vandebona
 
PPTX
Ethics and Big Data
byPew Research Center's Internet & American Life Project
 
PDF
2 Data-Privacy-in-the-Digital-Age pro.pdf
bytiyejo2872
 
PPTX
Privacy and data protection primer - City of Portland
byHector Dominguez
 
PPTX
IT-TRENDS-FINALTERM understanding the self.pptx
byPaulJohnMadrigal
 
PPTX
Designing for Privacy in an Increasingly Public World
byRobert Stribley
 
PPTX
The Privacy Law Landscape: Issues for the research community
byARDC
 
PDF
Data science and privacy regulation
byblogzilla
 
PDF
Future of privacy - Insights from Discussions Building on an Initial Perspect...
byFuture Agenda
 
PDF
Esc Rennes gdpr oct 2018
byProf. Jacques Folon (Ph.D)
 
PDF
Ichec dig strat gdpr
byProf. Jacques Folon (Ph.D)
 
PPT
Updating the EU Data Protection Directive
byblogzilla
 
PDF
Privacy and Surveillance
byIrem Gokce Aydin
 
PDF
Business considerations for privacy and open data: how not to get caught out
bytheODI
 
PPTX
Keeping it Private - A Discussion About Data and the Internet
byDaniel Ayala
 
PPTX
Keeping our secrets? Shaping Internet technologies for the public good
byblogzilla
 
PPTX
The 3 Secrets of Online Privacy
byLaurent Liscia
 
PPT
Track H Huib Gardeniers
byePSI Platform
 
PPT
Dp5
byTommy Vandepitte
 
Personal privacy and computer technologies
bysidra batool
 
Chapter 08 – Data Protection, Privacy and Freedom of Information - BIT IT5104
byUpekha Vandebona
 
Ethics and Big Data
byPew Research Center's Internet & American Life Project
 
2 Data-Privacy-in-the-Digital-Age pro.pdf
bytiyejo2872
 
Privacy and data protection primer - City of Portland
byHector Dominguez
 
IT-TRENDS-FINALTERM understanding the self.pptx
byPaulJohnMadrigal
 
Designing for Privacy in an Increasingly Public World
byRobert Stribley
 
The Privacy Law Landscape: Issues for the research community
byARDC
 
Data science and privacy regulation
byblogzilla
 
Future of privacy - Insights from Discussions Building on an Initial Perspect...
byFuture Agenda
 
Esc Rennes gdpr oct 2018
byProf. Jacques Folon (Ph.D)
 
Ichec dig strat gdpr
byProf. Jacques Folon (Ph.D)
 
Updating the EU Data Protection Directive
byblogzilla
 
Privacy and Surveillance
byIrem Gokce Aydin
 
Business considerations for privacy and open data: how not to get caught out
bytheODI
 
Keeping it Private - A Discussion About Data and the Internet
byDaniel Ayala
 
Keeping our secrets? Shaping Internet technologies for the public good
byblogzilla
 
The 3 Secrets of Online Privacy
byLaurent Liscia
 
Track H Huib Gardeniers
byePSI Platform
 
Dp5
byTommy Vandepitte
 

Recently uploaded

PDF
Conferencia de Abertura_Virgilio Almeida.pdf
byGrupo Tordesillas
 
PDF
Agentic AI and AI Agents 20251121.pdf - by Ms. Oceana Wong
byagenticroom
 
PDF
The invasion of Alexander of Macedonia in India
byPrachiSontakke5
 
PDF
Digital Journalism Ethics 2025 materi for Regulation & Ethic Media
byAdePutraTunggali
 
PPTX
Masterclass on Cybercrime, Scams & Safety Hacks.pptx
bykalkidirwhytap
 
PPTX
Declaration of Helsinki Basic principles in medical research ppt.pptx
byRanikonde
 
PPTX
Prelims - History and Geography Quiz - Around the World in 80 Questions - IITK
byAditya Padhi
 
PDF
1. Doing Academic Research: Problems and Issues, 2. Academic Research Writing...
byProf. Vinod Kumar Kanvaria
 
PDF
45 ĐỀ LUYỆN THI IOE LỚP 8 THEO CHƯƠNG TRÌNH MỚI - NĂM HỌC 2024-2025 (CÓ LINK ...
byNguyen Thanh Tu Collection
 
PPTX
Time Series Analysis - Meaning, Definition, Components and Application
bySundar B N
 
PDF
*Unit-II A (Elements of Communication & Communication Style Matrix)
bySayyadTarannum
 
PPTX
How to Configure Automatic Wave Transfer in Odoo 18 Inventory
byCeline George
 
PDF
ASRB NET 2025 Paper GENETICS AND PLANT BREEDING ARS, SMS & STODiscussion | Co...
bySatyam Sharma
 
PPTX
Plant Breeding: Its History and Contribution
bySatyam Sharma
 
PPTX
SEMESTER 5 UNIT- 1 Difference of Children and adults.pptx
bysachin7989
 
PPTX
Time Series Analysis - Least Square Method Fitting a Linear Trend Equation
bySundar B N
 
PPTX
Physical education notes class ncert 12th
byjatinrg2009
 
PPTX
General Wellness & Restorative Tonic: Draksharishta
byDr. Paindla Jyothirmai
 
PPTX
DEPED MEMORANDUM 089, 2025 PMES guidelines pptx
byRoseBubuli
 
PDF
“Step-by-Step Fabrication of Bipolar Junction Transistors (BJTs)”
byGS Virdi
 
Conferencia de Abertura_Virgilio Almeida.pdf
byGrupo Tordesillas
 
Agentic AI and AI Agents 20251121.pdf - by Ms. Oceana Wong
byagenticroom
 
The invasion of Alexander of Macedonia in India
byPrachiSontakke5
 
Digital Journalism Ethics 2025 materi for Regulation & Ethic Media
byAdePutraTunggali
 
Masterclass on Cybercrime, Scams & Safety Hacks.pptx
bykalkidirwhytap
 
Declaration of Helsinki Basic principles in medical research ppt.pptx
byRanikonde
 
Prelims - History and Geography Quiz - Around the World in 80 Questions - IITK
byAditya Padhi
 
1. Doing Academic Research: Problems and Issues, 2. Academic Research Writing...
byProf. Vinod Kumar Kanvaria
 
45 ĐỀ LUYỆN THI IOE LỚP 8 THEO CHƯƠNG TRÌNH MỚI - NĂM HỌC 2024-2025 (CÓ LINK ...
byNguyen Thanh Tu Collection
 
Time Series Analysis - Meaning, Definition, Components and Application
bySundar B N
 
*Unit-II A (Elements of Communication & Communication Style Matrix)
bySayyadTarannum
 
How to Configure Automatic Wave Transfer in Odoo 18 Inventory
byCeline George
 
ASRB NET 2025 Paper GENETICS AND PLANT BREEDING ARS, SMS & STODiscussion | Co...
bySatyam Sharma
 
Plant Breeding: Its History and Contribution
bySatyam Sharma
 
SEMESTER 5 UNIT- 1 Difference of Children and adults.pptx
bysachin7989
 
Time Series Analysis - Least Square Method Fitting a Linear Trend Equation
bySundar B N
 
Physical education notes class ncert 12th
byjatinrg2009
 
General Wellness & Restorative Tonic: Draksharishta
byDr. Paindla Jyothirmai
 
DEPED MEMORANDUM 089, 2025 PMES guidelines pptx
byRoseBubuli
 
“Step-by-Step Fabrication of Bipolar Junction Transistors (BJTs)”
byGS Virdi
 

Can we keep your data please?

  • 1.
    ‘ Can wekeep your data please?’ ….and other necessary questions Paul Bernal – University of East Anglia
  • 2.
    Personal data onthe internet Massive amounts are held Current commercial models rely on it The data that is held is vulnerable – and may be increasingly so The existence and use of that data is something that concerns people – and rightly so It’s our data, isn’t it??
  • 3.
    Personal data inthe new internet The Google/Facebook model Behavioural tracking Commercial data gathering The market in personal data Government/private sector cooperation
  • 4.
    Data vulnerability Physicalloss – e.g. HMRC/MOD data losses Hacking Vulnerability to government action: Subpoenas, USA PATRIOT act, Data retention Swiss banking data/Chinese Google hackers Commercial vulnerability T-Mobile data-selling scandal Changes of ownership etc Leaking For good reasons.. (Wikileaks??) … and bad (ACS: Law??)
  • 5.
    What can bedone? Systematic culture change – emphasis on data security More powerful, better resourced and better supported data protection systems Better use of technological protection – encryption etc More community awareness of the issue
  • 6.
    But there willalways be problems: Human errors Human malice Technological errors Community pressures New technological and business ideas
  • 7.
    The only wayfor data to be truly safe…. … .is for it not to exist
  • 8.
    Data minimisation Alreadya principle within data protection, but one that is effectively paid only lip-service It needs to be better enforced – both better detected and more harshly punished. Punishment for data protection breaches are generally for losses or inappropriate processing, not for failures of data minimisation Needs to be put more in the hands of the data subjects
  • 9.
    New business modelsThe drive behind the current web model has been the business concepts of Google and Facebook New business models could bring about new changes – but how to get them to happen? We need a change in assumptions – that unless you have a strong NEED to hold data, you should not hold that data Data holders need to ask ‘Can we keep your data please? … ..and respect the answer!
  • 10.
    A right todelete? Currently it is the business that decides whether data should be held, anonymised or deleted If that decision is put in the hands of the data subject, businesses would think twice before using business models that rely on the data being held Instead, they might look for ways to use the data immediately, then discard it
  • 11.
    A right todelete? Not the same as a ‘right to be forgotten’ – qualitatively different ‘ Forgotten’ is an emotive word, the right can be misunderstood, and opposed unnecessarily This is not re-writing history, or restricting journalists Not a tool for the rich and powerful to retain their power – though that risk is always present
  • 12.
    A right todelete A change in paradigm. The assumption is that data can and should be deleted if the data subject wants it, unless there are pressing reasons the other way The right needs to be made easily applied – access to data and then the ability to delete it directly on the web Part of a shift in the nature of data protection – putting the focus on the rights of the individual, not on the obligations of the data controllers
  • 13.
    When can databe held? Paternalistic reasons – for the benefit of the individual (e.g. medical data) Communitarian reasons – for the benefit of the community (e.g. criminal records) Administrative or economic reasons – for the benefit of society (e.g. tax records, electoral rolls) Archival reasons – for a good, accurate and useful historical record (e.g. newspaper records, British Library ‘right to archive’) Security reasons – for national security or criminal investigations (e.g. data retention laws)
  • 14.
    Business reasons…. ….are not enough
  • 15.
    Deletion and anonymisationClosely related – and complex Data can relate to more than one individual Data controllers might offer the option to anonymise rather than delete – but it should be the data subject’s option Anonymisation in itself is contentious and more often reversible than people suspect
  • 16.
    Data protection principlesThe right to delete extends and improves implementation of data protection principles First point is better data access rights Second is putting data minimisation in the hand of the data subject Important to ensure that this right does not replace the data controller’s responsibility for data minimisation, but adds to it
  • 17.
    Implications Gives individualsmore control and autonomy Forces those holding data to justify why they’re holding it – in such a way that users understand Encourages the development of better business models Could end up supporting individuals even in places where data protection doesn’t apply – because the big businesses develop global business models
  • 18.
    … and othernecessary questions ‘ Can we gather your data please?’ … a right to roam the internet with privacy ‘ Can we do THIS with your data?’ … collaborative consent ‘ Do you mind if we watch you?’ … a right to monitor the monitors [email_address]

Editor's Notes

  • #12 Autonomy by design?
  • #13 Autonomy by design?
  • #17 Again, autonomy by design. And bring in the concept of collaborative consent (refer them to the paper)
  • #19 Can talk about the other rights – the right to roam with privacy: ‘Can we gather your data please?’