Investigating the legal protection of data,information and knowledge under the EU data protection regime

Information science distinguishes between the semantic forms/intangibles of data, information and knowledge. Data (e.g. an attribute of a data record in a relational database) does not have any meaning by itself. Information is data brought into context (e.g. data related to its primary key), and knowledge is the collection of information for useful intent (e.g. a database). This paper investigates the mapping of semantic forms in information science (i.e. data, information, knowledge) to correlative concepts in information law (primarily data protection legislation) with a view to investigating how such semantic forms are legally protected. The paper first proposes a data, information, knowledge, rules (DIKR) hierarchy in the context of relational database theory, and interprets this hierarchy with respect to data protection concepts. The paper then gives an in-depth discussion of the elements of the DIKR hierarchy (data, information, knowledge, deduced knowledge, induced knowledge) and how they relate to the EU Data Protection Directive 95/46/EC. These relationships are summarized in the form of a two dimensional correlation matrix. Finally the paper discusses how the semantic forms identified are protected under the EU Data Protection Directive, and gives insightful observations about the connection between information law and information science.     

Quantitative Statistics and Identification of Tool‐Marks

This study was designed to establish a feature identification method of tool‐mark 2D data. A uniform local binary pattern histogram operator was developed to extract the tool‐mark features, and the random forest algorithm was adopted to identify these. The presented method was used to conduct five groups of experiments with a 2D dataset of known matched and nonmatched tool‐marks made by bolt clippers, cutting pliers, and screwdrivers. The experimental results show that the proposed method achieved a high rate of identification of the tool‐mark samples generated under identical conditions. The proposed method effectively overcomes the disadvantage of unstable illumination of 2D tool‐mark image data and avoids the difficulty in mark inspection caused by manually preset parameters in the existing methods, thus reducing the uncertainty of inspected results.     

Differential Identification of Three Young Housefire Victims: Methods when Age Assessment Fails

Multiple fatality incidents involving more than one child of statistically same age (including twins) can be challenging from an identification standpoint. This case details an urban fire, in which four children perished. Age assessment on three of the victims utilizing maturity staging described by Moorrees, Fanning, and Hunt yielded insignificant results. However, a plot of the MFH data shows the difference between two identical twins and a third child. The twins share a similar growth pattern, whereas the other was different. Based on this graphical interpretation, the nontwin victim was positively identified through exclusion. These results were verified through statistical testing. This case demonstrates a method to repurpose age assessment data to graphically distinguish between child victims. Further, it is shown that radiographic and clinical presentation in childhood identical twins can elicit genetic versus acquired similarities and differences, which can be used for identification of individuals and exclusion of others.     

Electoral Reform and Parliamentary Debates

The early twentieth century saw many democracies adopt proportional representative systems. The textbook explanation, pioneered by Rokkan, emphasize between‐party electoral competition; the rise of the Socialist vote share made Bourgeois parties prefer PR systems to maximize their seat share. While appealing, this account is not entirely compelling. Consequently, scholars are investigating within‐party explanations of support for such reforms. Particularly, Cox, Fiva, and Smith show how list PR enable party leaders to discipline members and build cohesive parties. Relying on roll‐call votes across the Norwegian 1919 electoral reform from two‐round single‐member plurality to closed‐list PR, they show that the internal party cohesion increased following the reform. We investigate how the Norwegian electoral reform changed the content of parliamentary speeches. Comparing speeches from MPs present both before and after the reform, we show how parties become more cohesive in parliamentary debates under list PR than they were under the single‐member‐district system.     

大数据时代涉众型经济犯罪案件侦查机制创新研究

大数据时代涉众型经济犯罪呈现出愈演愈烈之势,并具有受害人数多、涉及地域广、办案周期长、涉案金额大、网络敏感度高的显著特点,创新涉众型经济犯罪侦查机制意义重大,影响深远。大数据时代创新涉众型经济犯罪侦查机制是一项系统工程,需要从国家、社会、个人等层面创新预警研判机制、合成作战机制、追赃减损机制、维稳处突机制,形成协作配合、整体联动的新格局。     

The ICO and artificial intelligence: The role of fairness in the GDPR framework

The year 2017 has seen many EU and UK legislative initiatives and proposals to consider and address the impact of artificial intelligence on society, covering questions of liability, legal personality and other ethical and legal issues, including in the context of data processing. In March 2017, the Information Commissioner's Office (UK) updated its big data guidance to address the development of artificial intelligence and machine learning, and to provide (GDPR), which will apply from 25 May 2018.This paper situates the ICO's guidance in the context of wider legal and ethical considerations and provides a critique of the position adopted by the ICO. On the ICO's analysis, the key challenge for artificial intelligence processing personal data is in establishing that such processing is fair. This shift reflects the potential for artificial intelligence to have negative social consequences (whether intended or unintended) that are not otherwise addressed by the GDPR. The question of ‘fairness’ is an important one, to address the imbalance between big data organisations and individual data subjects, with a number of ethical and social impacts that need to be evaluated.     

Avoiding the internet of insecure industrial things

Security incidents such as targeted distributed denial of service (DDoS) attacks on power grids and hacking of factory industrial control systems (ICS) are on the increase. This paper unpacks where emerging security risks lie for the industrial internet of things, drawing on both technical and regulatory perspectives. Legal changes are being ushered by the European Union (EU) Network and Information Security (NIS) Directive 2016 and the General Data Protection Regulation 2016 (GDPR) (both to be enforced from May 2018). We use the case study of the emergent smart energy supply chain to frame, scope out and consolidate the breadth of security concerns at play, and the regulatory responses. We argue the industrial IoT brings four security concerns to the fore, namely: appreciating the shift from offline to online infrastructure; managing temporal dimensions of security; addressing the implementation gap for best practice; and engaging with infrastructural complexity. Our goal is to surface risks and foster dialogue to avoid the emergence of an Internet of Insecure Industrial Things.     

Pricing privacy – the right to know the value of your personal data

The commodification of digital identities is an emerging reality in the data-driven economy. Personal data of individuals represent monetary value in the data-driven economy and are often considered a counter performance for “free” digital services or for discounts for online products and services. Furthermore, customer data and profiling algorithms are already considered a business asset and protected through trade secrets. At the same time, individuals do not seem to be fully aware of the monetary value of their personal data and tend to underestimate their economic power within the data-driven economy and to passively succumb to the propertization of their digital identity. An effort that can increase awareness of consumers/users on their own personal information could be making them aware of the monetary value of their personal data. In other words, if individuals are shown the “price” of their personal data, they can acquire higher awareness about their power in the digital market and thus be effectively empowered for the protection of their information privacy. This paper analyzes whether consumers/users should have a right to know the value of their personal data. After analyzing how EU legislation is already developing in the direction of propertization and monetization of personal data, different models for quantifying the value of personal data are investigated. These models are discussed, not to determine the actual prices of personal data, but to show that the monetary value of personal data can be quantified, a conditio-sine-qua-non for the right to know the value of your personal data. Next, active choice models, in which users are offered the option to pay for online services, either with their personal data or with money, are discussed. It is concluded, however, that these models are incompatible with EU data protection law. Finally, practical, moral and cognitive problems of pricing privacy are discussed as an introduction to further research. We conclude that such research is needed to see to which extent these problems can be solved or mitigated. Only then, it can be determined whether the benefits of introducing a right to know the value of your personal data outweigh the problems and hurdles related to it.     

Cross border data transfer: Complexity of adequate protection and its exceptions

The majority of the fear that exists about the cloud arises due to the lack of transparency in the cloud. Fears have persisted in relation to how the data are frequently transferred in a cloud for various purposes which includes storing and processing. This is because the level of protection differs between countries and cloud users who belong to countries which provide a high level of protection will be less in favour of transfers that reduce the protection that was originally accorded to their data. Hence, to avoid client dissatisfaction, the Data Protection Directive has stated that such transfers are generally prohibited unless the country that data is being transferred to is able to provide ‘appropriate safeguards’. This article will discuss the position of the Data Protection Directive and how the new General Data Protection Regulation differs from this Directive. This involves the discussion of the similarity as well as the differences of the Directive and Regulation. In summary, it appears that the major principles of the cross border transfer are retained in the new regulation. Furthermore, the article discusses the exceptions that are provided in the standard contractual clause and the reason behind the transition from Safe Harbor to the new US-EU Privacy Shield. This article subsequently embarks on the concept of Binding Corporate Rule which was introduced by the working party and how the new regulation has viewed this internal rule in terms of assisting cross border data transfer. All the issues that will be discussed in this article are relevant in the understanding of cross border data transfer.