5 - Privacy and information technology - Van Den Hoven (Stanford)

Question 1

What is privacy according to Stanford paper and in which types can be declined?

Answer 1

Right to be left alone based on inviolate personality
Types:
1. Constitutional: control & no interference over choices (on intimate/personal matters)
2. Informational: control over personal info access

Question 2

Which types of statement about privacy can be made?

Answer 2

1. Descriptive: describe situation in specific context
2. Normative: point objectives towards move actions to

Question 3

On which type of statement the Stanford paper focuses on and on which topics?

Answer 3

Normative statements about informational privacy.
In particular, control over access to:
1. personal info
2. situations in which personal info can be acquired
3. technologies used to manage (generate/process/distribute) personal info

Question 4

Which are the approaches presented by the Stanford paper that can be taken about privacy?

Answer 4

1. Reductionism: privacy has only instrumental value
2. Holism: privacy has intrinsic value (evolved into overlapping cluster approach)
3. Epistemi: privacy value about relation between sets of individuals and information kept secret to some of them by others (value is given by choosing to whom keep secret info)

Question 5

Which is considered the most practical approach on privacy between the European one and the American one, and why?

Answer 5

European because about data protection => better defined framework (assets, actors, technologies…)

Question 6

What is personal info according to the Stanford paper and in which ways it can be used?

Answer 6

Any info linkable to individual. Excluded info used to protect those info (eg: passwords)
Uses:
1. Referential: possible acquaintance between user and subject (cannot be used for law, otherwise almost no data protection)
2. Attributive: NO acquaintance between user and subject

Question 7

Which are the reasons to protect personal data?

Answer 7

1. Prevention of harm
2. Informational inequality of collecting & managing process (individuals cannot negotiate over use and have no control over partners)
3. Avoid informational injustice/discrimination (info may change meaning among context of collection and use)
4. Defend moral autonomy and human dignity (avoid subtle forced influences)

Question 8

Which are the types of laws and regulations about data protection?

Answer 8

1. Requirement of informed consent (FAILS to cover all types of data processing)
2. Privacy-Enhancing Technologies (PET)
3. Implementation by design

Question 9

What is information technology (IT) and which are its main characteristics?

Answer 9

Automated system for storing/processing/distributing info
1. Rapidly increased
2. Based on connectivity and interaction (more info + more acting possibilities over those info)

Question 10

Which are the main ways in which IT affected privacy?

Answer 10

1. Internet: not designed for privacy => only adds-on
   Main tool is informed consent, which FAILS (lack of clearness about use, requests interfere with task flow, embedded social networks features allow tracking, only alternative is avoid use).
   Worse with cloud computing (which laws to be applied, which data are collected)
2. Social media: push on data disclosure + even with default STRICT sharing settings no control over service provider
3. Big data: based on (hidden) info extraction (=> unknown use + NO explicit consent), profiling may lead to discrimination, multiple channels of collection.
   Main challenges: how to get permission with no active interaction, how to prevent function creep (use of data for purpose different from stated)
4. Mobile devices: many data-generating sensors, easily reconfigurable (ie hackerable => difficult to be sure about consent)
5. IoT: many ULTRA-connected devices, tailored on user (autonomy at risk)
6. E-government: radically changed, main objective of influences
7. Surveillance: based on secrecy (=> no room for informed consent), good encryption (to defend) push requests for backdoors

ALSO influence & change norms

Question 11

Which are the main solutions to protect personal data given by IT itself?

Answer 11

1. By design: proactive (high-level guidelines), privacy engineering (practical methods), privacy central in development & organizations & engineering culture.
   BUT principles need interpretation => implementation may not fully respect them
   NB: informed consent, if extreme, leads to CHOICE OVERLOAD
2. PETs: K-anonymity (no individual can be distinguished for group of K, large enough, persons), anonymization software.
   BUT still susceptible to attacks, difficult configuration, difficult to keep data useful & (correctly) anonym at same time
3. Cryptography: protection, homomorphic allows also for anonymous computations.
   BUT can be outdated + only obstacle
4. ID management: SSO for easiness of access, attribute-based authentication for backtracking difficulty
   BUT easier profiling (SSO with cross checks, attribute-based profile itself)

ALSO transparency can help, counter-surveillance may take place, value-sensitive designs become fundamental