Privacy principles,risks and harms

The protection of privacy is predicated on the individual's right to privacy and stipulates a number of principles that are primarily focused on information privacy or data protection and, as such, are insufficient to apply to other types of privacy and to the protection of other entities beyond the individual. This article identifies additional privacy principles that would apply to other types of privacy and would enhance the consideration of risks or harms to the individual, to groups and to society as a whole if they are violated. They also relate to the way privacy impact assessment (PIA) may be conducted. There are important reasons for generating consideration of and debate about these principles. First, they help to recalibrate a focus in Europe on data protection to the relative neglect of other types of privacy. Second, it is of critical importance at a time when PIA (renamed ‘data protection impact assessment’, or DPIA) may become mandatory under the European Commission's proposed Data Protection Regulation. Such assessment is an important instrument for identifying and mitigating privacy risks, but should address all types of privacy. Third, one can construct an indicative table identifying harms or risks to these additional privacy principles, which can serve as an important tool or instrument for a broader PIA to address other types of privacy.     

Could cognitive theory enhance development practice?

Development brings about changes in people's lives and their ways of understanding and dealing with their world. It is possible to distinguish between two types of development intervention: (a) improvements in the external situation, chiefly through the provision of public goods; and (b) strengthening people's inner capacities, an endeavour which depends on cognitive processes. The article links basic concepts from cognitive theory to development practice and proposes avenues for further research to study the way in which people develop their capacities and to find ways of supporting such processes. A fuller understanding of cognitive change as a key factor could greatly enhance the sustainability of development projects.     

Joined-up government and privacy in the United Kingdom: managing tensions between data protection and social policy. Part II

The tension between the goals of integrated, seamless public services, requiring more extensive data sharing, and of privacy protection, now represents a major challenge for UK policy‐makers, regulators and service managers. In Part I of this article (see Public Administration volume 83, number 1, pp. 111–33), we showed that attempts to manage this tension are being made at two levels. First, a settlement is being attempted at the level of general data protection law and the rules that govern data‐sharing practices across the public sector. We refer to this as the horizontal dimension of the governance of data sharing and privacy. Secondly, settlements are also being attempted within particular fields of public policy and service delivery; this we refer to as the vertical dimension. In this second part, we enquire whether risks to privacy are greater in some policy sectors than others. We do this, first by showing how the Labour Government's policy agenda is producing stronger imperatives towards data sharing than was the case under previous administrations in three fields of public policy and services, and by examining the safeguards introduced in these fields. We then compare the settlements emerging from differing practices within each of these policy sectors, before briefly assessing which, if any, principles of data protection seem to be most at risk and in which policy contexts. Four strategies for the governance of data sharing and privacy are recapitulated – namely, seeking to make the two commitments consistent or even mutually reinforcing; mitigating the tensions with safeguards such as detailed guidelines; allowing privacy to take precedence over integration; and allowing data sharing to take precedence over privacy. We argue that the UK government has increasingly sought to pursue the second strategy and that the vertical dimension is, in practice, much more important in defining the settlement between data sharing and privacy than is the horizontal dimension. This strategy is, however, potentially unstable and may not be sustainable. The conclusion proposes a radical recasting of the way in which the idea of a ‘balance’ between privacy and data‐sharing imperatives is conceived.     

Functional anonymisation: Personal data and the data environment

Anonymisation of personal data has a long history stemming from the expansion of the types of data products routinely provided by National Statistical Institutes. Variants on anonymisation have received serious criticism reinforced by much-publicised apparent failures. We argue that both the operators of such schemes and their critics have become confused by being overly focused on the properties of the data itself. We claim that, far from being able to determine whether data is anonymous (and therefore non-personal) by looking at the data alone, any anonymisation technique worthy of the name must take account of not only the data but also its environment.This paper proposes an alternative formulation called functional anonymisation that focuses on the relationship between the data and the environment within which the data exists (the data environment). We provide a formulation for describing the relationship between the data and its environment that links the legal notion of personal data with the statistical notion of disclosure control. Anonymisation, properly conceived and effectively conducted, can be a critical part of the toolkit of the privacy-respecting data controller and the wider remit of providing accurate and usable data.     

Das institutionelle Erbe des „Treuhand-Regimes“ in Ostdeutschland: Zentralisierung oder Auflösung in der bundesstaatlichen Normalverfassung?

The unification of Germany in 1990 deeply affected the traditional structure and mechanisms of the former West German federal state. The grave and deeply rooted economic problems in East Germany as well as the strong position of the federal government and the relative weakness of the East German state governments during the economic transformation made it highly possible that a centralization within the federal state even beyond East Germany would occur. Empirical research on the privatisation agency ‘Treuhandanstalt’ and its successor organisations, which is presented in the article, demonstrates what development the relationship between the federal and the East German states has taken in this policy area since 1990. The article further analyses if the centralization thesis can be confirmed and what can generally be concluded about the essential characteristics of the current federal system.     

Effective evaluation of projects on violence against women and girls

What makes evaluations useful for interventions on violence against women and girls (VAWG)? This article reports on a qualitative comparative analysis of 39 evaluations, and shows that it takes a combination of elements to produce good evaluation effects. It identifies eight configurations of conditions which have generated effective evaluations. Key elements were the evaluation context, the evaluators’ sensitivity to gender and to the participants’ rights and security, and consultation with persons considered to be the ultimate “beneficiaries” of the intervention. Both qualitative and quantitative approaches could lead to effective evaluation. The article concludes with recommendations for evaluation users.     

Revisiting the governance of privacy: Contemporary policy instruments in global perspective

The repertoire of policy instruments within a particular policy sector varies by jurisdiction; some “tools of government” are associated with particular administrative and regulatory traditions and political cultures. It is less clear how the instruments associated with a particular policy sector may change over time, as economic, social, and technological conditions evolve. In the early 2000s, we surveyed and analyzed the global repertoire of policy instruments deployed to protect personal data. In this article, we explore how those instruments have changed as a result of 15 years of social, economic and technological transformations, during which the issue has assumed a far higher global profile, as one of the central policy questions associated with modern networked communications. We review the contemporary range of transnational, regulatory, self‐regulatory, and technical instruments according to the same framework, and conclude that the types of policy instrument have remained relatively stable, even though they are now deployed on a global scale. While the labels remain the same, however, the conceptual foundations for their legitimation and justification are shifting as greater emphases on accountability, risk, ethics, and the social/political value of privacy have gained purchase. Our analysis demonstrates both continuity and change within the governance of privacy, and displays how we would have tackled the same research project today. As a broader case study of regulation, it highlights the importance of going beyond technical and instrumental labels. Change or stability of policy instruments does not take place in isolation from the wider conceptualizations that shape their meaning, purpose, and effect.