Profiling the mobile customer – Is industry self-regulation adequate to protect consumer privacy when behavioural advertisers target mobile phones? – Part II

Mobile customers are increasingly being tracked and profiled by behavioural advertisers to enhance delivery of personalized advertising. This type of profiling relies on automated processes that mine databases containing personally-identifying or anonymous consumer data, and it raises a host of significant concerns about privacy and data protection. This second article in a two part series on “Profiling the Mobile Customer” explores how to best protect consumers’ privacy and personal data through available mechanisms that include industry self-regulation, privacy-enhancing technologies and legislative reform.¹ It discusses how well privacy and personal data concerns related to consumer profiling are addressed by two leading industry self-regulatory codes from the UK and the U.S. that aim to establish fair information practices for behavioural advertising by their member companies. It also discusses the current limitations of using technology to protect consumers from privacy abuses related to profiling. Concluding that industry self-regulation and available privacy-enhancing technologies will not be adequate to close important privacy gaps related to consumer profiling without legislative reform, it offers suggestions for EU and U.S. regulators about how to do this.²     

From electronic health records to personal health records: emerging legal issues in the Italian regulation of e-health

In 2012, the Italian Legislator has provided an appropriate legal framework for the realisation of the national Electronic Health Records (EHR) system, in which the patient plays a pivotal role: with the implementation of the Fascicolo sanitario elettronico (FSE), patients will have access to their EHRs through the online platform, and decide which data to share and with whom. In this perspective, one of the most interesting innovations is the so-called ‘taccuino’, a digital space of patients’ FSE in which they can autonomously record data and information relating to their health. Patients’ ability to access their own health data and EHR at any time and to enter information by themselves in a personal area is a unique form of power at a European level, but their legal consequences are still vague. The aim of this contribution is to offer a first review of the Italian e-health reform, showing the most critical aspects.     

Smart meters and the information panopticon: beyond the rhetoric of compliance

The Smart Meter Implementation Programme is the Government's flagship energy policy. In its search for solutions to address privacy dilemmas raised by smart meters, the Government has been content with using data protection principles as a policy framework to regulate the processing of consumers' personal information. This is worrying since the question of who has access to what type of information and how it is used cannot simply be regarded as raising information security, authenticity and integrity issues. If we are to go beyond the rhetoric of protecting the privacy rights of energy consumers we must scrutinise the context in which legitimate interests and reasonable expectations of privacy subsist. To remedy this apparent policy oversight, the paper undertakes two tasks: first, to clarify the content and application of data protection and privacy rights to smart meters; and second, it outlines a policy framework that will address the lack of specificity on how best innovation and privacy issues can be better calibrated. More importantly, it calls for targeted substantive reforms, development of accessible privacy policies and information management practices that promote transparency and accountability and deployment of technological solutions that will help reduce emerging fault lines between innovation and privacy in this sphere of energy policymaking.     

The Inner Logic of Exclusivism (and Inclusivism): Shapiro's Shadowing

Scott Shapiro, a prominent defender of exclusive legal positivism—exclusivism—has intriguingly (re)introduced a logical principle, the endorsement and rejection of which he (I take it) supposes can helpfully distinguish exclusivism from its contrary, inclusive legal positivism—inclusivism. It is an intriguing thought that principles pitched at such a high level of abstraction as this could distinguish between the two versions of positivism. My aim will be to test whether this principle—and associated principles—can do such distinguishing work.     

政府数据开放中个人信息保护的范式转变

政府数据开放并非静态的单一行为,而是动态的系统过程。借助数据生命周期理论,可以将政府数据开放解构为数据收集、转换、存储、公开和使用五个阶段。根据《个人信息保护法》和《数据安全法》确立的最新规则,个人信息保护风险可能同时存在于政府数据开放生命周期的各个阶段。然而,政府数据开放中现有的个人信息保护范式主要采取“基于结果的方法”,重点关注政府数据在公开时的状态,依靠技术性匿名化手段,难以有效应对政府数据开放中的个人信息保护风险。与此相对应,“基于过程的方法”与政府数据生命周期、个人信息保护的程序化和数据安全全流程管理相契合,可以弥补“基于结果的方法”的不足。通过将风险预防原则和程序、技术、经济、教育和法律等手段分散放置在政府数据开放生命周期的每个阶段,能够最大限度减少个人信息保护风险,在个人信息保护与政府数据开放之间实现动态平衡。     

Effective approaches to regulate mobile advertising: Moving towards a coordinated legal,self-regulatory and technical response

This article aims to contribute to the ongoing discourse about the issue of privacy in the mobile advertising domain. The article discusses the fundamental principles and information practices used in digital environments for protecting individuals' private data. Major challenges are identified that should be addressed, so that fair information principles can be applied in the context of m-advertising. It also points out the limitations of these principles. Furthermore, the article discusses a range of models that is available for regulating the collection, use and disclosure of personal data, such as legislation, self-regulation and technical approaches. It is intended to promote an effective approach to improve consumer privacy in the mobile advertising domain.     

Profiling the mobile customer – Privacy concerns when behavioural advertisers target mobile phones – Part I

Mobile customers are being tracked and profiled by behavioural advertisers to be able to send them personalized advertising. This process involves data mining consumer databases containing personally-identifying or anonymous data and it raises a host of important privacy concerns. This article, the first in a two part series on consumer information privacy issues on Profiling the Mobile Customer, addresses the questions: “What is profiling in the context of behavioural advertising?” and “How will consumer profiling impact the privacy of mobile customers?” The article examines the EU and U.S. regulatory frameworks for protecting privacy and personal data in regards to profiling by behavioural advertisers that targets mobile customers. It identifies potential harms to privacy and personal data related to profiling for behavioural advertising. It evaluates the extent to which the existing regulatory frameworks in the EU and the U.S. provide an adequate level of privacy protection and identifies key privacy gaps that the behavioural advertising industry and regulators will need to address to adequately protect mobile consumers from profiling by marketers. The upcoming second article in this series will discuss whether industry self-regulation or privacy-enhancing technologies will be adequate to address these privacy gaps and makes suggestions for principles to guide this process.¹     

实名制环境下个人信息保护的基本原则重构

传统个人信息保护原则是基于个人信息主体确定而义务主体不确定的对世权保护原则;而信息网络技术的普及应用,尤其是实名制的实施,导致基于信息收集契约关系的个人信息权利义务主体的确定性特征及其权利义务关系发生本质变化,并对个人信息权利保护原则提出新的挑战。经过对实名制环境下个人信息权的考察,我们应当重新构架新的个人信息保护原则。具体而言,实名制环境下的个人信息保护原则应当包括个人信息自决原则、信息收集处理合法原则、信息收集处理规则公开原则、信息收集处理双方地位平等原则、个人信息收集数量最小化原则、个人信息收集和利用有限原则、个人信息安全管理原则以及信息控制者的救济责任原则等八大基本原则。     

Privacy and Search Engines: Forgetting or Contextualizing?

This article considers the much‐criticized ‘right to be forgotten’ in the context of the European Court of Justice's judgment in the Google Spain case. It defends the ‘right to be forgotten’ as a metaphor that can provide us with a better understanding of the particular privacy concerns of the search‐engine age and their interaction with the freedom to access information, and draws on Goffman's idea of ‘information games’ and Nissenbaum's theory of ‘contextual integrity’. While supporting the principles that underpin the judgment, the article rejects the Court's binary approach of ‘forgetting’ versus ‘remembering’ personal information. Instead, it argues that the EU legislator should introduce more nuanced means of addressing modern privacy concerns. By establishing two remedies – ‘delisting’ or ‘reordering’, depending on the nature of the information – online information flows can be adjusted to preserve both the right to privacy and the freedom to access information in more contextually appropriate ways.     

An analysis of traditional rules applied by Australian courts to establish personal jurisdiction and their application in e-commerce

This article analyses the jurisdictional principles employed by Australian courts in establishing personal jurisdiction in traditional settings and its extension to e-commerce cases. The Australian courts apply the court rules to exercise personal jurisdiction over defendants. The article discusses these rules relating to serving process within and outside Australia and jurisdiction based on the submission of the parties. The adequacies of principles like forum-non-conveniens, forum selection clauses which are vital in the personal jurisdiction inquiry are analysed. The unique High Court decision in Dow Jones v. Gutnick is discussed and the approach followed by the court critically analysed to highlight the excessive exercise of personal jurisdiction. Other cases concerning the internet are also discussed to highlight the approaches followed to establish personal jurisdiction in internet and e-commerce cases. It is argued that the drawbacks highlight the need for legislation to regulate personal jurisdiction in e-commerce cases.     

An analysis of the relationship between jurors' personal attributes and decision making

Using a survey from a jury simulation study, this study examines the relationship between jurors' personal and social attributes and their decision-making behavior. The hypothesis is examined whether personal attributes and socialization of jurors have any significant effect on their decision-making behavior. The analysis suggests that personal and/or social attributes of jurors have little, if any, impact on their decision-making behavior. Instead, jury instruction and information about the matter appear to be major influence contributors. Additionally, evidence presented during the trial and knowledge of law have significant effects upon how jurors decide cases and give verdicts. Author's Note: Suman Kakar, Ph.D., is associate professor at Florida International University, College of Health and Urban Affairs. She conducts research in the areas of juvenile delinquency, child abuse, family dynamics, minorities, and the prevention of violence. She has published two books,Child Abuse and Delinquency (1996) andCriminal Justice Approaches to Domestic Violence (1998).     

Sex offender treatment is not punishment

Abstract

The treatment of sexual offenders can be fraught with ethical dilemmas. Practitioners must balance the therapeutic needs of sex offender clients alongside the risks they might pose to others. These ethical challenges include balancing community safety with the rights of the offender, the privileged therapeutic relationship and the potential for coerced treatment. In this paper, we respond to Glaser's argument that treatment is punishment and that sex offender treatment providers breach ethical codes by violating confidentiality, engaging in coercion, and ultimately causing harm to clients. We first consider whether sex offender treatment is indeed punishment. We argue that it is not, and that mandated treatment can and should be conducted in a fashion consistent with professional codes of ethics familiar to mental health providers. We then discuss the human rights model, which we agree is an essential lens through which to view the psychological treatment of sexual offenders. We attempt, as have other scholars, to illustrate the ways in which human rights principles intersect with traditional mental health codes of ethics particularly in the case of sex offender treatment. We conclude that sex offender treatment can be conducted ethically, that treatment differs from punishment in clear and distinct ways, and that ethical treatment conforms to a human rights perspective.     

Community standards of criminal liability and the insanity defense

Two experiments (N=71) compare lay standards of insanity to standards incorporated in American legal codes. In Experiment 1, case vignettes provided only legally relevant information about defendants' degrees of impairment in cognition or in behavioral control. Respondents' judgments of criminal liability ornot guilty by reason of insanity (NGRI) reflected an exculpatory standard of substantial impairment in both cognition and control. In Experiment 2, case vignettes provided realistic information about defendants' psychiatric diagnoses; respondents had to infer levels of cognitive and control impairment. Results showed that respondents made highly idiosyncratic inferences based on diagnostic categories, but once made, these inferences predicted NGRI judgments. Implications of the concordance between laypeople's rules for assigning NGRI verdicts and the rules used in American legal codes are discussed.Daniel Bailis gratefully acknowledges the support of Public Health Service grant No. 5T32 MH18021-07 for Research Training in Social Psychology during the time in which the present research was conducted. John Darley wished to acknowledge the generous support of the John Simon Guggenheim Foundation and Princeton University. Study 2 presents work done for the Princeton University undergraduate thesis of Tracy Waxman. The authors are grateful to Norman J. Finkel, Valerie Hans, and three anonymous reviewers for comments on an earlier draft on this article.Northwestern University.     

Privacy by design and anonymisation techniques in action: Case study of Match technology

Privacy by Design is now enjoying widespread acceptance. The EU has recently expressly included it as one of the key principles in the revised data protection legal framework. But how does Privacy by design and data anonymisation work in practise? In this article the authors address this question from a practical point of view by analysing a case study on EU Financial Intelligence Units (“FIUs”) using the Ma³tch technology as additional feature to the existing exchange of information via FIU.NET decentralised computer network. They present, analyse, and evaluate Ma³tch technology from the perspective of personal data protection. The authors conclude that Ma³tch technology can be seen as a valuable example of Privacy by Design. It achieves data anonymisation and enhances data minimisation and data security, which are the fundamental elements of Privacy by Design. Therefore, it may not only improve the exchange of information among FIUs and allow for the data processing to be in line with applicable data protection requirements, but it may also substantially contribute to the protection of privacy of related data subjects. At the same time, the case study clearly shows that Privacy by Design needs to be supported and complemented by appropriate organisational and technical procedures to assure that the technology solutions devised to protect privacy would in fact do so.     

The Single‐Party Dictator's Dilemma: Information in Elections without Opposition

The literature on authoritarian institutions points to nationwide elections as a mechanism for learning about the preferences of citizens. In using elections in this way, however, authoritarians face a trade‐off between gathering reliable information and guaranteeing electoral victory. In this article, we explore how single‐party regimes manage this trade‐off and the particular types of information available to them. Using candidate‐level data from Vietnam, we demonstrate that single‐party regimes, in particular, forsake information on overall regime support and strength of opposition in favor of information on the popularity of local notables and the compliance of local officials with central mandates. In addition, we show that ex ante electioneering is less risky than ex post fraud at achieving these goals.     

How Filipina Maids Are Treated in Hong Kong—A Comparison Between Chinese and Western Employers

This study compares Chinese and Western employers in Hong Kong in terms of their treatment of Filipina domestic helpers in four major areas: atmosphere of work environment, consideration, social psychological distance, and personal space. The data were based on in-depth and structured interviews, mainly with Filipina helpers who have served both types of employers. A few Chinese and Western employers were also interviewed. The findings indicate that the Filipina maids, in general, are more satisfied with their Western employers, who tend to provide them with an easier and more comfortable work environment; are more considerate; are more likely to treat them on equal terms; and to allow them more personal space. Within group variations in the treatment of maids are greater among Chinese employers than Western employers. This means that, in terms of the treatment of Filipina maids, Western employers in Hong Kong are more homogeneous and tend to concentrate on the positive side, whereas Chinese employers are more diversified.     

Locating Humour in Indian Buddhist Monastic Law Codes: A Comparative Approach

It has been claimed that Indian Buddhism, as opposed to East Asian Chan/Zen traditions, was somehow against humour. In this paper I contend that humour is discernible in canonical Indian Buddhist texts, particularly in Indian Buddhist monastic law codes (Vinaya). I will attempt to establish that what we find in these texts sometimes is not only humourous but that it is intentionally so. I approach this topic by comparing different versions of the same narratives preserved in Indian Buddhist monastic law codes. This is a revised version of a paper presented at the XVth Congress of the International Association of Buddhist Studies, Atlanta, Georgia, USA, June 23-29, 2008. I wish to acknowledge financial assistance from the Arts Research Board, McMaster University.     

Stranger rape: classifying Spanish sexual offences using multiple correspondence and cluster analyses

We have analysed the information in 342 police reports of stranger sexual offences recorded in 2010. We have carried out a multiple correspondence analysis and a cluster analysis using modus operandi variables to identify differential profiles in these types of sexual offences. We have come up with three profiles of stranger sexual offences, which concur in the two techniques used. By analysing the personal variables of the offenders with such profiles, we have found differences in terms of the offender’s country of origin and age. We will discuss the consequences of these results on the police investigation of stranger sexual offences.     

Pricing privacy – the right to know the value of your personal data

The commodification of digital identities is an emerging reality in the data-driven economy. Personal data of individuals represent monetary value in the data-driven economy and are often considered a counter performance for “free” digital services or for discounts for online products and services. Furthermore, customer data and profiling algorithms are already considered a business asset and protected through trade secrets. At the same time, individuals do not seem to be fully aware of the monetary value of their personal data and tend to underestimate their economic power within the data-driven economy and to passively succumb to the propertization of their digital identity. An effort that can increase awareness of consumers/users on their own personal information could be making them aware of the monetary value of their personal data. In other words, if individuals are shown the “price” of their personal data, they can acquire higher awareness about their power in the digital market and thus be effectively empowered for the protection of their information privacy. This paper analyzes whether consumers/users should have a right to know the value of their personal data. After analyzing how EU legislation is already developing in the direction of propertization and monetization of personal data, different models for quantifying the value of personal data are investigated. These models are discussed, not to determine the actual prices of personal data, but to show that the monetary value of personal data can be quantified, a conditio-sine-qua-non for the right to know the value of your personal data. Next, active choice models, in which users are offered the option to pay for online services, either with their personal data or with money, are discussed. It is concluded, however, that these models are incompatible with EU data protection law. Finally, practical, moral and cognitive problems of pricing privacy are discussed as an introduction to further research. We conclude that such research is needed to see to which extent these problems can be solved or mitigated. Only then, it can be determined whether the benefits of introducing a right to know the value of your personal data outweigh the problems and hurdles related to it.     

Making sense of the case law on Ombudsman schemes

This article analyses the case law on ombudsman schemes in the UK, with the purpose of identifying some of the key trends that underpin this branch of law pre-the first Supreme Court decision in this area, JR55 v Northern Ireland Commissioner for Complaints. While the law on ombudsman schemes remains based on legislation and the various grounds of administrative law available in judicial review, distinct bespoke principles have also been relied upon. These principles are beginning to provide consistent guidance on how the law should be used and interpreted in cases involving an ombudsman scheme. One task of the Supreme Court in JR55 will be to confirm these principles, or rationalize any departure from them.