Legal grounds to process personal data under Spanish legislation after the ECJ Judgment of 24 November 2011 (the ASNEF and FECEMD case)

Spanish law on personal data protection regulates (among other issues) the legal bases that permit the processing of data in a way that is similar to that set out in Directive 95/46/EC. Consent constitutes the general rule although data may be processed without it if necessary for administration functions, within the framework of a contractual relationship, in order to safeguard the vital interests of the data subject or if they are included in sources accessible to the public. However, unlike the Directive, legitimate interest is not recognised as an independent reason for processing data, whereas a legal ground that is not set out in community law is included, i.e., sources accessible to the public. This paper analyses these two cases, taking as its starting point consent, along with the consequences that the ECJ Judgment of 24 November 2011 regarding the interpretation of Article 7 of Directive 95/46/EC may have and giving attention to the revision of this Directive itself.     

大数据时代司法统计在审判管理中的应用

保障司法统计数据的精确、真实,要求司法统计方法进一步完善,这就要求科技发展能够促进司法统计的发展。科学的统计方法要求能够解决司法统计数据孤立、统计报表报送滞后的问题,并完善审判质效评估体系、创新海量数据挖掘分析机制,最终为司法审判工作服务。     

Disseminating Public Data as Public Use Files: What Makes a Successful Initiative?

The current policy emphasis on data-driven decision-making is creating the right incentives for government agencies around the world that have not traditionally disseminated their administrative data to do so. The literature on statistical disclosure control focuses on the technical aspects of a variety of methods designed to protect data confidentiality. There is, however, a void in the literature in regard to what other elements are necessary to create and sustain a successful initiative. This paper examines six case studies of individual-level datasets. It reviews current practice in several domains and summarizes recommendations from expert practitioners including challenges for future initiatives.     

论政府数据开放的基本原则

在中央层面统一立法缺位现状下,明确政府数据开放应遵循的基本原则有益于地方政府数据开放实践开展与相关法律制度构建。确立基本原则应当依据以下三个标准：促进公众对政府数据资源的再利用,符合政府数据开放制度的目标定位,满足数据安全保障的要求。基于该标准,数据安全保护原则、需求导向原则、数据质量原则、自由使用原则、公众参与原则应被确定为政府数据开放的基本原则。数据安全保护原则旨在管控数据安全风险,保障数据开放与利用在安全可控前提下进行。需求导向、数据质量、自由使用三项原则围绕数据、开放和利用三个关键环节展开,为数据可用性提供根本保障。政府数据开放对公众参与的强依赖性使公众参与成为一项基本原则,进而推动公私合作治理的数字政府改革进程。     

政府数据开放中个人信息保护的范式转变

政府数据开放并非静态的单一行为,而是动态的系统过程。借助数据生命周期理论,可以将政府数据开放解构为数据收集、转换、存储、公开和使用五个阶段。根据《个人信息保护法》和《数据安全法》确立的最新规则,个人信息保护风险可能同时存在于政府数据开放生命周期的各个阶段。然而,政府数据开放中现有的个人信息保护范式主要采取“基于结果的方法”,重点关注政府数据在公开时的状态,依靠技术性匿名化手段,难以有效应对政府数据开放中的个人信息保护风险。与此相对应,“基于过程的方法”与政府数据生命周期、个人信息保护的程序化和数据安全全流程管理相契合,可以弥补“基于结果的方法”的不足。通过将风险预防原则和程序、技术、经济、教育和法律等手段分散放置在政府数据开放生命周期的每个阶段,能够最大限度减少个人信息保护风险,在个人信息保护与政府数据开放之间实现动态平衡。     

An investigation into the accuracy of follow-on GPRS/mobile data CDRs

This study investigated the accuracy of 3G and 4G follow-on GPRS (General Packet Radio Service)/mobile data CDRs (Call Detail Records) from three UK mobile network operators (EE, Vodafone and Three). Follow-on GPRS/mobile data CDRs are currently considered to be more open to misinterpretation than voice/SMS CDRs as uncertainties exist regarding the correspondence between the timestamp and the Cell ID presented within the CDRs. Consequently, follow-on GPRS/mobile CDRs may be disregarded during criminal investigations, potentially losing valuable intelligence and evidence. To assess the accuracy of follow-on GPRS/mobile data CDRs, connected mode RF (Radio Frequency) surveys were conducted while simultaneously producing follow-on GPRS/mobile data CDRs in a travelling vehicle. This allowed a comparison of the start Cell ID presented in the CDR and the Cell ID that provided coverage to the device at the start time of the CDR to assess the correspondence between the timestamp and the Cell ID presented within the CDRs, and to consider the validity of the terminology used by experts. It was found that individual follow-on GPRS/mobile data CDRs cannot consistently place a device within the coverage area of the start Cell ID at the start time of the CDR. Instead, the results indicate that a terminology which places the device within the coverage area of the start Cell ID ‘at or before’ the start time of the CDR is appropriate. It is crucial that follow-on GPRS/mobile data CDRs are analysed with this consideration in mind so to interpret the evidence correctly.     

On the Legal Regulation of Algorithms

Increasingly, algorithms challenge legal regulations, and also challenge the right to explanation, personal privacy and freedom, and individual equal protection. As decision-making mechanisms for human-machine interaction, algorithms are not value-neutral and should be legally regulated. Algorithm disclosure, personal data empowerment, and anti-algorithmic discrimination are traditional regulatory methods relating to algorithms, but mechanically using these methods presents difficulties in feasibility and desirability. Algorithm disclosure faces difficulties such as technical infeasibility, meaningless disclosure, user gaming and intellectual property right infringement. And personal data empowerment faces difficulties such as personal difficulty in exercising data rights and excessive personal data empowerment, making it difficult for big data and algorithms to operate effectively. Anti-algorithmic discrimination faces difficulties such as non-machine algorithmic discrimination, impossible status neutrality, and difficult realization of social equality. Taking scenarios of algorithms lightly is the root cause of the traditional algorithm regulation path dilemma. Algorithms may differ in attributes due to specific algorithmic subjects, objects and domains involved. Therefore, algorithm regulation should be developed and employed based on a case-by-case approach to the development of accountable algorithms. Following these development principles, specific rules can be enacted to regulate algorithm disclosure, data empowerment, and anti-algorithmic discrimination.     

A RAM triage methodology for Hadoop HDFS forensics

This paper discusses the challenges of performing a forensic investigation against a multi-node Hadoop cluster and proposes a methodology for examiners to use in such situations. The procedure's aim of minimising disruption to the data centre during the acquisition process is achieved through the use of RAM forensics. This affords initial cluster reconnaissance which in turn facilitates targeted data acquisition on the identified DataNodes. To evaluate the methodology's feasibility, a small Hadoop Distributed File System (HDFS) was configured and forensic artefacts simulated upon it by deleting data originally stored in the cluster. RAM acquisition and analysis was then performed on the NameNode in order to test the validity of the suggested methodology. The results are cautiously positive in establishing that RAM analysis of the NameNode can be used to pinpoint the data blocks affected by the attack, allowing a targeted approach to the acquisition of data from the DataNodes, provided that the physical locations can be determined. A full forensic analysis of the DataNodes was beyond the scope of this project.     

Introducing the International System(s) Dataset (ISD), 1816–2011

We argue that the Correlates of War dataset on sovereign state membership has two weaknesses: a requirement that states maintain diplomatic relations with Britain and France, and a size inconsistency that disqualifies many mid-sized states in the pre-1920 period. As a consequence, entire state systems are excluded from the data, and the total number of states during the nineteenth century is undercounted. After reviewing two other approaches to identifying states, we offer an alternative set of criteria that identifies 100 completely new cases, and a total of 363 states between 1816 and 2011. These modifications reveal several previously overlooked patterns. Most importantly, the global trend in the number of states over time is concave. From a high of 134 in 1816, states declined precipitously in the mid-nineteenth century through the processes of accession, conquest, and unification. This pattern of state consolidation bottomed out in 1912, and states have proliferated since 1945. However, the pattern of state death and state birth varied by region in the nineteenth century. Whereas the state systems of South Asia and Southeast Asia experienced a steady reduction in the number of states, Africa underwent a more dynamic process of state formation, consolidation, and death.     

电子数据鉴定体系建设构想

电子数据鉴定工作在我国起步较晚,电子证据作为一种新型证据,由于其特有的属性,决定了证据的获取、检验、分析及展示均不同于传统证据,需要建立严密、科学规范的电子数据鉴定体系,保证电子证据的完整性、真实性及证明力。