"David Davis MP, a former shadow home secretary, told the Guardian he has established that police will be able to access the health records of patients when investigating serious crimes even
if they had opted out of the new database, which will hold the entire population’s medical data in a single repository for the first time from May. […] Davis, who established the existence of these
‘backdoors’ in a parliamentary question answered by health services minister Dan Poulter, said he had ‘no problems with the data being used for licensed medical research, but when we have police accessing
from a database that people have opted out from, and companies being able to buy this data, I think we need to have a debate about whether my property, which are my patient records, can be sold and
"On Tuesday, September 10th, 2013, the Future of Privacy Forum joined with the Center for Internet and Society at Stanford Law School to present a full-day workshop on questions surrounding
Big Data and privacy. The event was preceded by a call for papers discussing the legal, technological, social, and policy implications of Big Data. A selection of papers was published in a special issue
of the Stanford Law Review Online and others were presented at the workshop. This volume collects these papers and others in a single collection. These essays address the following questions: Does Big
Data present new challenges or is it simply the latest incarnation of the data regulation debate? Does Big Data create fundamentally novel opportunities that civil liberties concerns need to accommodate?
Can de-identification sufficiently minimize privacy risks? What roles should fundamental data privacy concepts such as consent, context, and data minimization play in a Big Data world? What lessons can be
applied from other fields?"
"Innovations in technology and greater affordability of digital devices have presided over today’s Age of Big Data, an umbrella term for the explosion in the quantity and diversity of high
frequency digital data. These data hold the potential - as yet largely untapped - to allow decision makers to track development progress, improve social protection, and understand where existing policies
and programmes require adjustment. […] With the promise come questions about the analytical value and thus policy relevance of this data - including concerns over the relevance of the data in developing
country contexts, its representativeness, its reliability - as well as the overarching privacy issues of utilising personal data. This paper does not offer a grand theory of technology-driven social
change in the Big Data era. Rather it aims to delineate the main concerns and challenges raised by ‘Big Data for Development’ as concretely and openly as possible, and to suggest ways to address at least
a few aspects of each."
"I want to complicate matters further by suggesting another way in which data has become big: data now mediate our day-to-day social relationships to an unprecedented degree. This other big data revolution relies on the proliferation of new data collection and analysis tools that allow individuals to track easily, quantify, and communicate information about our own behaviors and those of others. This type of big data arguably touches more of us more directly than the big data practices more commonly discussed, as it comes to reshape our relationships across multiple domains of daily life. In this sense, data is big not because of the number of points that comprise a particular dataset, nor the statistical methods used to analyze them, nor the computational power on which such analysis relies. Instead, data is big because of the depth to which it has come to pervade our personal connections to one another."
"What do a retired librarian in Wisconsin in the early stages of Alzheimer’s, a police officer, and a mother in Texas have in common? The answer is that all were victims of consumer data brokers. Data brokers collect, compile, buy and sell personally identifiable information about who we are, what we do, and much of our ‘digital exhaust.’ We are their business models. The police officer was ‘uncovered’ by a data broker who revealed his family information online, jeopardizing his safety. The mother was a victim of domestic violence who was deeply concerned about people finder web sites that published and sold her home address online. The librarian lost her life savings and retirement because a data broker put her on an eager elderly buyer and frequent donor list. She was deluged with predatory offers. These people - and 320 million others in the United States - are not able to escape from the activities of data brokers. Our research shows that only a small percentage of known consumer data brokers offer a voluntary opt out. These opt outs can be incomplete, extremely difficult, and must typically be done one-by-one, site-by-site. Often, third parties are not allowed to opt individual consumers out of data brokers. This state of affairs exists because no legal framework requires data broker to offer opt out or suppression of consumer data. Few people know that data brokers exist, and beyond that, few know what they do."
"This Committee Majority staff report focuses on data broker activities that are subject to far less statutory consumer protection: the collection and sale of consumer data specifically for marketing purposes. In this arena, data brokers operate with minimal transparency. One of the primary ways data brokers package and sell data is by putting consumers into categories or ‘buckets’ that enable marketers – the customers of data brokers – to target potential and existing customers. Such practices in many cases may serve the beneficial purpose of providing consumers with products and services specific to their interests and needs. However, it can become a different story when buckets describing consumers using financial characteristics end up in the hands of predatory businesses seeking to identify vulnerable consumers, or when marketers use consumers’ data to engage in differential pricing. Further, the data breaches that have repeatedly occurred in this industry and with others in the data economy underscore the public’s need to understand the volume and specificity of data consumer information held by data brokers."
"The attacks of September 11, 2001, and the intelligence failures preceding them, sparked a call for greater government access to information. Across a range of laws and policies, the level of suspicion required before law enforcement and intelligence agencies could collect information about U.S. persons was lowered, in some cases to zero. […] The result is not merely the collection of large amounts of information, but a presumptive increase in the quantity of information that reflects wholly innocuous, and in some cases constitutionally protected, activity. Other publications, including reports issued by the Brennan Center, have addressed whether lowering the threshold for suspicion to collect information poses an undue risk to civil liberties. This report addresses a separate question: Regardless of whether the expansion of the government’s domestic information collection activity can be expected to yield enough additional ‘hits’ to justify its various costs, how do federal agencies deal with the apparent ‘misses’ - the stores of information about Americans that are swept up under these newly expanded authorities and that do not indicate criminal or terrorist behavior?"
"We analyzed 700 million words, phrases, and topic instances collected from the Facebook messages of 75,000 volunteers, who also took standard personality tests, and found striking variations in language with personality, gender, and age. In our open-vocabulary technique, the data itself drives a comprehensive exploration of language that distinguishes people, finding connections that are not captured with traditional closed-vocabulary word-category analyses."
"We don’t deny that big data holds substantial potential for the future, and that large dataset analysis has important uses today. But we would like to sound a cautionary note and pause to consider big data’s potential more critically. In particular, we want to highlight three paradoxes in the current rhetoric about big data to help move us toward a more complete understanding of the big data picture. First, while big data pervasively collects all manner of private information, the operations of big data itself are almost entirely shrouded in legal and commercial secrecy. We call this the Transparency Paradox. Second, though big data evangelists talk in terms of miraculous outcomes, this rhetoric ignores the fact that big data seeks to identify at the expense of individual and collective identity. We call this the Identity Paradox. And third, the rhetoric of big data is characterized by its power to transform society, but big data has power effects of its own, which privilege large government and corporate entities at the expense of ordinary individuals. We call this the Power Paradox. Recognizing the paradoxes of big data, which show its perils alongside its potential, will help us to better understand this revolution. It may also allow us to craft solutions to produce a revolution that will be as good as its evangelists predict."
"Although the solutions to many modern economic and societal challenges may be found in better understanding data, the dramatic increase in the amount and variety of data collection poses serious concerns about infringements on privacy. In our 2013 Symposium Issue, experts weigh in on these important questions at the intersection of big data and privacy."
"1. The plaintiffs in this lawsuit have challenged what they term the ‘mass call-tracking’ program of the National Security Agency, and they have asked me to explain the sensitive nature of metadata, particularly when obtained in the aggregate. Below, I discuss how advances in technology and the proliferation of metadata-producing devices, such as phones, have produced rich metadata trails. Many details of our lives can be gleaned by examining those trails, which often yield information more easily than do the actual content of our communications. Superimposing our metadata trails onto the trails of everyone within our social group and those of everyone within our contacts’ social groups, paints a picture that can be startlingly detailed. 2. I emphasize that I do not in this declaration pass judgment on the use of metadata analysis in the abstract. It can be an extraordinarily valuable tool. But because it can also be an unexpectedly revealing one—especially when turned to the ommunications of virtually everyone in the country - I write in the hope that courts will appreciate its power and control its use appropriately."
"The Privacy Guidelines define personal data as ‘any information relating to an identified or identifiable individual (data subject)’. Any data that are not related to an identified or identifiable individual are therefore non-personal and are outside the scope of the Guidelines. However, data analytics have made it easier to relate seemingly non-personal data to an identified or identifiable individual (Ohm, 2010). Furthermore, big data applications may affect individuals using data which are generally considered non-personal (Hildebrandt and Koops, 2010). These developments challenge a regulatory approach that determines the applicability of rights, restrictions and obligations on the basis of the ‘personal’ nature of the data involved. As the scope of non-personal data is reduced, the difficulty of applying existing frameworks effectively become more acute. Many data-driven goods and services also raise issues for the application of the basic principles of data protection, such as purpose specification and use limitation. These goods and services offer opportunities for beneficial re-use of personal data, often in ways not envisaged when they were collected. They also implicitly rely on the lengthy retention of information. As such, they stretch the limits of existing privacy frameworks, many of which take limits on the collection and storage of information, and on its potential uses, as a given (Tene and Polonetsky, 2012)."
"Uitgangspunt is dat wanneer burgers een beroep doen op de sociale zekerheid, zij wet- en regelgeving in acht nemen. Daarbij hoort een juiste opgave van de gegevens die nodig zijn om het uitkeringsrecht (en de uitkeringshoogte) blijvend te kunnen vaststellen. Als burgers niet voldoen aan hun informatieplicht, ontvangen zij onterecht een (te hoge) uitkering. Voor een rechtmatige uitvoering van de sociale zekerheid is het noodzakelijk dat er een adequate controle plaatsvindt op de juistheid en volledigheid van die gegevens. Een belangrijke manier om dit te bereiken – als burgers niet voldoen aan hun informatieplicht – is door gebruik te maken van gegevens die de overheid of andere organisaties met een publieke taak al beschikbaar hebben. De mogelijkheden van gegevensuitwisseling die kunnen bijdragen aan een rechtmatige en doelmatige uitvoering van de sociale zekerheid moeten daarom optimaal worden benut. […] Daarnaast streeft het kabinet naar een éénmalige uitvraag van gegevens in de SUWI-keten. Gegevens die door de ene partij zijn uitgevraagd aan de burger of werkgever, mogen niet door een andere partij opnieuw worden gevraagd. Dit past in een bredere context waarin de overheid streeft naar het verbeteren van de dienstverlening aan burgers en werkgevers en op die wijze komt tot administratieve lastenvermindering. Hierbij is het principe van het éénmalig uitvragen van gegevens omarmd en wordt een stelsel van basisregistraties gerealiseerd waarin gegevens zijn opgenomen die overheidsorganisaties verplicht moeten gebruiken en niet nogmaals bij werkgevers en burgers mogen uitvragen. Op die wijze worden gegevens verder verwerkt. Dat kan in individuele gevallen met toestemming van de betrokken burger, maar dit is niet in alle gevallen mogelijk. In die gevallen dient het gebruik van de gegevens een wettelijke grondslag te hebben, zodat kenbaar is dat de gegevens verder worden gebruikt. Dit wetsvoorstel bevat de wettelijke regeling van gegevensuitwisselingen voor het verder verwerken van gegevens waarbij die expliciete toestemming niet voor de hand ligt."
"Welke technologieën gebruiken opsporingsorganisaties zoal, wat zijn hun ervaringen daarmee en welke behoeften bestaan er nog op dit vlak? Deze vragen stonden centraal in het onderzoek dat Bart Custers namens het ministerie van Veiligheid en Justitie deed naar technologie in de opsporing. Evaluaties en succesverhalen lijken vaak te ontbreken."
"With a few exceptions, DHS and three component agency policies largely address the key elements and attributes needed to ensure that their datamining systems are effective and provide necessary privacy protections. However, in practice, none of the systems we reviewed received the full set of effectiveness and privacy evaluations that are both desired and required for data-mining systems supporting counterterrorism. For example, as required by law and DHS policy, the ICEPIC system obtained an approved privacy impact assessment before it was deployed. However, program officials subsequently deployed an information-sharing component (called the Law Enforcement Information Sharing Service), which provides functionality that is explicitly excluded in the approved privacy impact assessment. Program officials noted several reasons for the disconnect we noted between policies and practices, including system components that were initiated before the latest DHS and component agency policies were in place. Until sound evaluation policies are implemented, DHS and its component agencies risk developing and acquiring systems that do not effectively support their mission and do not adequately ensure the protection of privacy-related information."