Lecture 2 Data Gathering Flashcards
What is the main concern with data gathering?
The main concern within the process of data gathering is the importance of privacy of the data subjects. This is important to companies of all sizes, and crucial to the safety of people. (e.g. story of Jenny who used FB-likes and location for choosing concert venues)
What are the main issues with personal data?
Personal data will be ‘out there’ from the moment it is published, it is unable to be taken back after publication (e.g. different copies after leaking dataset) (1). Personal data that is made anonymous can still predict personal characteristics and exploit those (e.g. predict pregnancy, personality…) (2).
What is:
Personal data?
Personal data is any information relating to an individual, whether it be to their private, public or professional life. (E.g. name, a home address, a photo, an email address, bank details, posts on social networking websites, medical information etc.)
What is:
Anonymisation?
Anonymisation is the process of processing data in a way so that it can not be brought back to an individual, or rather, makes individuals non-identifiable. It is not mentioned in GDPR. (E.g. encrypting a name)
What is:
Pseudonymisation?
Pseudonymization is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, such as a “key” (provided that information/key is kept separate and only for authorized individuals/entities). (E.g. hashing a name; one-way)
What does GDPR article 6 entail?
GDPR article 6 is about when to allow processing of personal data:
1) Unambiguous consent of the data subject
2) To fulfill a contract to which the data subject is party
3) Compliance with a legal obligation
4) Protection of vital interests of the data subjects
5) Performance of a task carried out in public interest
6) Legitimate interest (subject to a balancing act between the data subject’s rights and the interests of the controller)
What is the difference between law and ethics?
Law puts emphasis on anonymity in data sets, whereas ethics says to not use any data at all if there is no clear and unambiguous consent. Anonymity is not an escape from the ethical debates, since the data subjects, or others might still fall victim to the results of these models. Although they chose to anonimize their data voor that specific reason! (E.g. “students suffering from depression
could be identified by their Internet traffic patterns, thus they advised internet monitoring to identify them”)
How can data subjects still be influenced by data that was made anonymous/pseudononymous?
Data subjects, and others, can still be influenced by anonymous data because of the potential results of the usage of that data. It could harm them in the exact way that they chose to anonymize their data because of. For instance, if students with a significant amount of internet usage would show more signs of depression, the superiors could decide to monitor their usage. (E.g. Barocas and Nissenbaum, 2014)
What is the difference between anonymization and pseudonimization?
The difference between anonymization and pseudonimization is that anonymization makes that personal data can no longer be attributed to a specific data subject, but uses a specific algorithm. Pseudonimization uses no such algorithm, but fits a “pseudonym” to each data subject, thus only able to be linked if access to the additional database (kept separate).
What is:
Legitimate interest?
Legitimate interest is part of GDPR Art. 6, and alludes to balancing of using data between what a reasonable person would find acceptable and what the potential impact is (on the person). E.g. pizza place selling data to insurance company, sending coupons to postal address
What is:
Symmetric encryption?
Symmetric encryption is where one key used for encryption and decryption. So a message will be encoded, sent and then decoded for the receiver to see the message. Weaknesses are the frequency of letters and starting/ending words (“Dear”, “Yours sincerely”, etc.), brute force attacks. (E.g. Data Encryption Standard, Advanced Encryption Standard) and if u users need to communicate with one another then u x (u-1) / 2 are needed!
What is:
Asymmetric encryption?
Asymmetric encryption uses two keys: a public and private key. Where a public key is revealed to the world and a private key is kept secret at one party.
(E.g. RSA: Rivest, Shamir, Adleman)
