Pricing privacy – the right to know the value of your personal data

The commodification of digital identities is an emerging reality in the data-driven economy. Personal data of individuals represent monetary value in the data-driven economy and are often considered a counter performance for “free” digital services or for discounts for online products and services. Furthermore, customer data and profiling algorithms are already considered a business asset and protected through trade secrets. At the same time, individuals do not seem to be fully aware of the monetary value of their personal data and tend to underestimate their economic power within the data-driven economy and to passively succumb to the propertization of their digital identity. An effort that can increase awareness of consumers/users on their own personal information could be making them aware of the monetary value of their personal data. In other words, if individuals are shown the “price” of their personal data, they can acquire higher awareness about their power in the digital market and thus be effectively empowered for the protection of their information privacy. This paper analyzes whether consumers/users should have a right to know the value of their personal data. After analyzing how EU legislation is already developing in the direction of propertization and monetization of personal data, different models for quantifying the value of personal data are investigated. These models are discussed, not to determine the actual prices of personal data, but to show that the monetary value of personal data can be quantified, a conditio-sine-qua-non for the right to know the value of your personal data. Next, active choice models, in which users are offered the option to pay for online services, either with their personal data or with money, are discussed. It is concluded, however, that these models are incompatible with EU data protection law. Finally, practical, moral and cognitive problems of pricing privacy are discussed as an introduction to further research. We conclude that such research is needed to see to which extent these problems can be solved or mitigated. Only then, it can be determined whether the benefits of introducing a right to know the value of your personal data outweigh the problems and hurdles related to it.     

Cross border data transfer: Complexity of adequate protection and its exceptions

The majority of the fear that exists about the cloud arises due to the lack of transparency in the cloud. Fears have persisted in relation to how the data are frequently transferred in a cloud for various purposes which includes storing and processing. This is because the level of protection differs between countries and cloud users who belong to countries which provide a high level of protection will be less in favour of transfers that reduce the protection that was originally accorded to their data. Hence, to avoid client dissatisfaction, the Data Protection Directive has stated that such transfers are generally prohibited unless the country that data is being transferred to is able to provide ‘appropriate safeguards’. This article will discuss the position of the Data Protection Directive and how the new General Data Protection Regulation differs from this Directive. This involves the discussion of the similarity as well as the differences of the Directive and Regulation. In summary, it appears that the major principles of the cross border transfer are retained in the new regulation. Furthermore, the article discusses the exceptions that are provided in the standard contractual clause and the reason behind the transition from Safe Harbor to the new US-EU Privacy Shield. This article subsequently embarks on the concept of Binding Corporate Rule which was introduced by the working party and how the new regulation has viewed this internal rule in terms of assisting cross border data transfer. All the issues that will be discussed in this article are relevant in the understanding of cross border data transfer.     

The ICO and artificial intelligence: The role of fairness in the GDPR framework

The year 2017 has seen many EU and UK legislative initiatives and proposals to consider and address the impact of artificial intelligence on society, covering questions of liability, legal personality and other ethical and legal issues, including in the context of data processing. In March 2017, the Information Commissioner's Office (UK) updated its big data guidance to address the development of artificial intelligence and machine learning, and to provide (GDPR), which will apply from 25 May 2018.This paper situates the ICO's guidance in the context of wider legal and ethical considerations and provides a critique of the position adopted by the ICO. On the ICO's analysis, the key challenge for artificial intelligence processing personal data is in establishing that such processing is fair. This shift reflects the potential for artificial intelligence to have negative social consequences (whether intended or unintended) that are not otherwise addressed by the GDPR. The question of ‘fairness’ is an important one, to address the imbalance between big data organisations and individual data subjects, with a number of ethical and social impacts that need to be evaluated.     

Are DNA data a valid source to study the spatial behavior of unknown offenders?

Studying the spatial behaviour of unknown offenders (i.e. undetected offenders) is difficult, because police recorded crime data do not contain information about these offenders. Recently, forensic DNA data has been used to study unknown offenders. However, DNA data are only a subset of the crimes committed by unknown offenders stored in police recorded crime data. To establish the suitability of DNA data for studying the spatial offending behaviour of unknown offenders, we examine the concentration and spatial similarity of detected but unsolved crimes in police recorded crime data (N?=?181,483) and DNA data (N?=?1913) over 27 Belgian judicial districts for four crime types. We established spatial similarity for certain crime types (in some districts). This offers opportunities for DNA data to be used to study unknown offenders' spatial offending behaviour. Implications for theory and research are discussed.     

PERSONAL DATA PROTECTION: RETHINKING THE REASONS,NATURE, AND LEGAL FRAMEWORK

This paper rethinks the reasons for and the nature and means of personal data protection. The reasons for personal data protection are that it could promote the fairness and effectiveness of information flow, help individuals develop their independent personality, and equip them to deal with risks. With respect to the nature of personal data, this paper argues that such data should not be perceived from a purely individualistic point of view. Rather, there should be a contextualized understanding of the data, which considers the appropriate information flow of personal data within a particular context. Regarding the legal framework of personal data protection, this paper suggests that consumer protection law and public law are better equipped to protect personal data than tort, contract, or property law.     

《民法典》视域下延时性合规产品侵权之新解——以“市场份额责任”改造为核心

我国药品、食品安全领域的延时性合规侵权案件频发,现行规范无法直接适用,《民法典》的侵权责任编却未作出任何回应。适当引进美国法上的“市场份额责任”并予以本土化改造迫在眉睫。药企的合规之抗辩不能被认可,因为其仍具有“不合理的危险”,且违反产品跟踪观察义务之行为亦应被视为缺陷,在利益衡量上应倾向于救济被侵权人。具体构建上,以《民法典》产品责任章第1202条为基础,对“产品”“缺陷”等要件进行合理解释,并对因果关系要件进行适当宽松改造,即可构建本土化体系。在损害赔偿的计算上,“本地市场份额”相较于“全国市场份额”标准具有法理和技术上的双重优势,更值得采纳。同时,大数据技术的飞速发展为我们提供了更多的可能性,针对线上企业和线下企业可采用不同的计算方式以加强合理性。     

市场竞争导致的银行集中、制度与净利息边际收入

研究银行集中与效率的关系主要有银行集中-管制效率论、银行集中-结构效率论和银行集中-制度效率论三种理论。本文基于面板数据,实证分析了后两种由市场竞争导致的银行集中与效率的理论。结果表明银行集中度与银行效率有显著的正相关关系,控制制度变量后,银行集中度与银行效率仍有显著的正相关关系,但制度变量不显著,银行集中-结构效率论成立。所以,提高银行效率必须改善银行市场结构,调整业务结构和加强银行监管,努力实现市场竞争导致的银行集中,建立防范金融风险的“隔离墙”。     

零信任战略与美国网络安全的现代化

零信任是一种专注于资源保护的网络安全范式，其前提是信任永远不会隐式授予，而是必须持续评估。这一安全范式是随着互联网、物联网、大数据、云计算等数字应用场景的拓展而产生的。零信任架构的核心原则是通用身份验证、访问分割、最小信任授权、加密无处不在以及持续监控和调整。美国政府加速推进零信任战略，既是美国传统网络安全系统失能、网络安全理念和技术迭代的要求，也是数字时代大国竞争的组成部分，同时还是美国国防数字战略现代化的需要。美国政府加强基于顶层设计的网络安全宏观布局，明确实施零信任战略的关键事项，并确立了联邦政府推动零信任安全体系的基本原则。零信任安全框架的核心领域是关键基础设施、国家安全系统和国防系统，美国确立了以网络安全和基础设施安全局为轴心的推动零信任布局的“全政府”架构。零信任不仅仅是技术的转变，还是一种文化。零信任架构从以网络安全为中心转向以数据安全为中心。零信任不仅是网络安全防御战略，也是进攻战略，即在稳固自身安全的同时，无所顾忌地向对手发起攻击。美国在网络安全领域攻击性的增强，将给包括中国在内的世界其他国家的网络安全带来更大的压力。在这种情势下，中国政府机构、企业、网络安全工作人员须共同努力，打造中国自主可控、安全便捷的现代化网络安全体系。     

I want to believe: The relationship between conspiratorial beliefs and populist attitudes in Spain

While research on the relationship between conspiratorial beliefs and populist attitudes has expanded over the years, concerns about causality in said relationship have not been successfully addressed. This research uses a two-pronged methodology combining observational and experimental data to put to empirical test the possibility that conspiratorial thinking breeds populist attitudes relying on Spain as a case study. A first study uses an online survey (N = 2887) to test how conspiratorial thinking covaries with the different dimensions of populist attitudes, accounting for the most likely confounders in this relationship. Results show that conspiratorial thinking and populist attitudes are associated even when considering potential spurious variables. We next use an online experiment (N = 537) in which we expose a randomly selected group to a vignette on three 9/11 conspiratorial stories, then they are asked about their populist attitudes. Our results lend credence to the literature pointing that conspiratorial beliefs led people to develop only one dimension of populist attitudes, the Manichean outlook.     

公安机关电子数据司法鉴定的现状与挑战

电子数据取证是信息时代公安机关重要的基础工作,是打击涉及互联网各类违法犯罪的“杀手锏”。电子数据鉴定是公安机关电子数据取证工作的重要组成部分,起到最终判定案(事)件性质,为侦查与诉讼提供依据的重要作用。公安机关电子数据鉴定与信息技术共同飞速发展,其领域不断延伸扩展、技术要求越来越高,面对的挑战也越来越多。概要介绍了公安机关电子数据鉴定的法律要求、鉴定资质、鉴定流程等内容,阐述了其面临的挑战。