Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
48 views33 pages

Privacy Data Protection Regulation

Uploaded by

Sanchit Kumar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
48 views33 pages

Privacy Data Protection Regulation

Uploaded by

Sanchit Kumar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 33

Dr. V.

Sridhar
Professor
International Institute of Information Technology Bangalore, India
[email protected]
www.vsridhar.info
Sridhar, V. (2019). Chapter 12. What Are the Privacy Issues Over Data Collected by the Internet and Telecom Firms?
Solove, D. J. (2005). A taxonomy of privacy. University of Pennsylvania Law Review, 154, 477.
1
The Context

HSS 110 3/30/2024 2


HSS 110 3/30/2024 3
HSS 110 3/30/2024 4
SURVEILLANCE

HSS 110 3/30/2024 5


HSS 110 3/30/2024 6
HSS 110 3/30/2024 7
HSS 110 3/30/2024 8
Definitions of Information Privacy

HSS 110 3/30/2024 9


Information Life Cycle

Data
Data
Transmission,
Data collection Processing &
Storage &
Dissemination
Repair

HSS 110 3/30/2024 10


Taxonomy of Privacy
Over
Surveillance
Collection Covert
Interrogation

Secondary Use

Aggregation

Processing Identification

Insecurity

Privacy Taxonomy Exclusion

Breach of
Confidentiality

Disclosure

Exposure

Dissemination Blackmail

Appropriation

Distortion

Accessibility

Intrusions
Invasion
Decisional
Interference

HSS 110 3/30/2024 11


HSS 110 3/30/2024 12
Information Collection -> Surveillance

● In public places vs. private places


● Covert vs. overt
● Audio, video surveillance
● Positive effects of surveillance
○ Deterrent of criminal activities, national security
■ Omnibus Crime Control and Safe Streets Act of 1968, Title III of which provided
comprehensive protection against wiretapping.
● Negative effects
○ direct awareness of surveillance make a person feel extremely
○ uncomfortable, but it can also cause that person to alter her behavior.
■ Surveillance can lead to self-censorship and inhibition

● “Chilling effect” > inhibits freedom of choice

HSS 110 3/30/2024 13


Information Processing -> Aggregation AGGREGATION

● Aggregation is the gathering together of information about a person


○ A piece of information here or there is not very telling.
■ But when combined together, bits and pieces of data begin to form
a portrait of a person
○ The whole becomes greater than the parts
● When analyzed, aggregated information can reveal new facts about a person
that she did not expect would be known about her when the original,
isolated data was collected
○ Personifies a “digital person”

HSS 110 3/30/2024 14


AGGREGATION

HSS 110 3/30/2024 15


HSS 110 3/30/2024 16
IDENTIFICATION

Cartoons from: http://www.slane.co.nz/privacy_cartoons.html

HSS 110 3/30/2024 17


Information Processing -> Identification

● “Identification” is connecting information to individuals.


○ the association of data with a particular human being
○ Identification enables us to attempt to verify identity–-that the person
accessing her records is indeed the owner of the account or the subject of the
records
○ Identification enables us not only to confirm the identity of a person, but also
to discover the perpetrator of a crime from traces left behind, such as
fingerprints and genetic material
● Identification is demeaning to dignity because it reduces people to a number or to
bodily characteristics

HSS 110 3/30/2024 18


HSS 110 3/30/2024 19
HSS 110 3/30/2024 20
HSS 110 3/30/2024 21
Information Processing -> Insecurity

■ Insecurity, in short, is a problem caused by the way our


information is handled and protected
○ Glitches, security lapses, abuses, and illicit uses
of personal information all fall into this category

HSS 110 3/30/2024 22


SECONDARY USE

HSS 110 3/30/2024 23


HSS 110 3/30/2024 24
Information Processing -> Secondary Use

● “Secondary use” is the use of data for purposes unrelated to the purposes for which the data
was initially collected without the data subject’s consent
● There are certainly many desirable instances of secondary use
■ Information might be used to stop a crime or to save a life.
■ The variety of possible secondary uses of data is virtually infinite, and they
range from benign to malignant
● People might not give out data if they know about a potential secondary use, such as for
telemarketing, spam, or other forms of intrusive advertising
● Individuals are likely to know little or nothing about the circumstances under which their
personal data are captured, sold, or processed
■ The result of this asymmetrical knowledge will be one-sided bargains that benefit
data processors

HSS 110 3/30/2024 25


Information Dissemination -> Distortion

● Distortion is the manipulation of the way a person


is perceived and judged by others, and involves the
victim being inaccurately exposed to the public

HSS 110 3/30/2024 26


DECISIONAL
INTERFERENCE

HSS 110 3/30/2024 27


Invasion -> Decisional Interference

● Decisional interference bears similarities to


increased accessibility, since the existence of
information in a government database can increase
the potential accessibility of that information
○ Decisional interference also resembles insecurity, secondary use, and exclusion,
in that all three of these information-processing harms can have a chilling
effect

HSS 110 3/30/2024 28


Privacy Regulation
EU General Data Protection Regulation-EU-GDPR
India Digital Personal Data Protection (DPDP) Act 2023

HSS 110 3/30/2024 29


What information is collected?

Personal Information
Given by the data
subjects

Collected (not
explicitly given) from
the data subjects

Collected from third


parties

HSS 110 3/30/2024 30


https://www.lawinfographic.com/rights-data-subjects-gdpr/
HSS 110 3/30/2024 31
32
HSS 110 3/30/2024 32
Obligations of the Data Controller/ Processor Implement Security
Safeguards

Deploy Cryptographic
Techniques
Security of Processing
(Art 32)
A breach is an unpermitted use or
Recovery in case of Disseminate
Security Breaches
disclosure under the Privacy Rule Vulnerabilities and Risk
that compromises the security or Information for other
privacy of Data Subjects Security Tests Firms to improve
Security
Detect and Notify Data
Breaches in Timely
Manner to the
Incentivize Supervising Authority
Firms to invest (within 72 hours)
EU GDPR

Notification of Data
Security Breach (Art 33)
Document the data Protect Privacy
breaches if any, and
Notify the breach to provide remedial Rights of Data
data subjects (Art 34) measures
Subjects
Assess and Document
Security and Risk
Measures
Data Protection Impact
Assessment (Art 35)
Apply Measures to
Address Risk

Penalties and Violation of Art 33, 34, Penalty of Euro 10 M or 2%


Sanctions (Art 83) 35 of Annual Global Turnover

HSS 110 3/30/2024 33

You might also like