Privacy, data protection and connected cars Lilian Edwards, Professor of Internet Law University of Strathclyde Researcher in Residence, Digital Catapult.

Slides:



Advertisements
Similar presentations
Principles of Information Systems
Advertisements

Re-use of PSI Data Protection Issues Cécile de Terwangne Professor at the Law Faculty, Research Director at CRIDS University of Namur (Belgium) 2 nd LAPSI.
Public Sector Information & Data Protection: A plea for personal privacy settings for the re-use of PSI Bart van der Sloot Institute for Information Law.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.
Data Protection & Privacy in the Information Age COMNET – Legal Frameworks for ICTs Malta 2013 Dr Antonio Ghio Dr Jeanine Rizzo.
DATA PROTECTION and Research University Research Ethics Committee – David Cauchi David Cauchi Office of the Commissioner for Data Protection.
Privacy on the WEB Privacy on the WEB Group 0227 Efrain Castro, Dinesh Parmer, Michael Raiford Robert Reich, Kim Walker, Claudia Worme.
Net Neutrality, What Else? Wim Nauwelaerts Partner Hunton & Williams.
Smart Grid, Data and Behaviour – Privacy and Security Issues - Potential for Secure Computation Lexpert Seminar December 9, 2013David Young, Partner.
DATA PROTECTION and Research University Research Ethics Committee – David Cauchi Office of the Data Protection Commissioner.
Ethics in a Computing Culture
1 Pertemuan 7 Points of Exposure Matakuliah:A0334/Pengendalian Lingkungan Online Tahun: 2005 Versi: 1/1.
P3P: Platform for Privacy Preferences Charlin Lu Sensitive Information in a Wired World November 11, 2003.
Lecture to Carleton University, Center for European Studies, December 1, 2010.
Data Protection: International. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.
3-1 Chapter Three. 3-2 Secondary Data vs. Primary Data Secondary Data: Data that have been gathered previously. Primary Data: New data gathered to help.
Data Protection & Human Rights. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.
Lawyer at the Brussels Bar Lecturer at the University of Strasbourg Assistant at the University of Brussels Data Protection & Electronic Communications.
Identity A legal perspective FIDIS WP2 workshop 2/3 december 2003
Eric J. Pritchard One Liberty Place, 46 th Floor 1650 Market Street Philadelphia, Pennsylvania (215)
Computer and Internet privacy (2) University of Palestine University of Palestine Eng. Wisam Zaqoot Eng. Wisam Zaqoot Feb 2011 Feb 2011 ITSS 4201 Internet.
Data Protection Compliance Professor Ian Walden Institute of Computer and Communications Law, Centre for Commercial Law Studies, Queen Mary, University.
Lecture 17 Page 1 CS 236 Online Network Privacy Mostly issues of preserving privacy of data flowing through network Start with encryption –With good encryption,
Privacy Professional Practice for Computer Science Guest Lecture, 05 March 2007 Philippa Lawson Director, Canadian Internet Policy & Public Interest Clinic.
IBT - Electronic Commerce Privacy Concerns Victor H. Bouganim WCL, American University.
Europe's work in progress: quality of mHealth Pēteris Zilgalvis, J.D., Head of Unit, Health and Well-Being, DG CONNECT Voka Health Community 29 September.
BEHAVIORAL TARGETING IN ADVERTISING By Rita Aliperti.
E-Privacy and Cookies: Legal Aspects. E-Privacy Directive 2002/58, amended by 136/2009 Main amendments focus on DBN (security) and confidentiality of.
INTERNATIONAL E-DISCOVERY: WHEN CULTURES COLLIDE Alvin F. Lindsay Hogan & Hartson LLP.
WHOIS data The EU legal principles ICANN - GNSO meeting 2 March 2004 George Papapavlou, European Commission ICANN - GNSO meeting 2 March 2004 George Papapavlou,
The Framework for Privacy Policies in the UK: Is telling people what information is gathered about them part of the framework? Does it need to be? Emma.
Data protection and European citizens’ initiatives
Digital Banking and Data Protection Achieving balance of compliance with customer experience and opportunity 30 September 2015 Paula Barrett Partner.
DG Information Society The EU and Data Retention Data Retention Meeting London, 14 May 2003 Philippe GERARD, DG Information Society The positions.
Data Protection Principles as Basic Foundation for Data Protection in EU/EEA Introduction to Data Protection Theory Seminar - AFIN Stephen.
28/01/20161 The Future of Online Privacy: Online advertising and behavioral targeting Kristina Irion Third Internet Governance Forum Thursday, 5/12/2008.
Data Protection Principles as Basic Foundation for Data Protection in EU/EEA Introduction to Data Protection Theory Seminar - AFIN Stephen.
| Argentina | Belgium | Canada | France | Germany | Israel | Italy | Luxembourg | Mexico | Morocco | Norway | South Africa | Spain | Switzerland | Tunisia.
Sharing Information Legally Lindsay Ould London Borough of Lewisham.
Big Data Analytics: An Ethical Question Leah Korganowski COMP 607 – Fall 2015.
Mini Law Lesson: Law of Apps Brian Heidelberger
Business Challenges in the evolution of HOME AUTOMATION (IoT)
Ethical, legal and social aspects of public health genomics Mark Taylor, School of Law, University of Sheffield 7 th November 2014.
Agencija za zaštitu ličnih/osobnih podataka u Bosni i Hercegovini Агенција за заштиту личних података у Босни и Херцеговини Personal Data Protection Agency.
Framework of engagement : big data for official use Roy D. Ibay AVP Regulatory PLDT – Smart.
Independent Centre for Privacy Protection Schleswig-Holstein
GDPR 12 POINTS 679/2016 DATA LEX 2016.
Consent and Contract under EU Data Protection Law
Privacy and Public Policy Implications of IoT
Judicial Training on Data Protection and Privacy Rights
Surveillance around the world
Student Privacy in an Ever-Changing Digital World
Michael Spiegel, Esq Timothy Shimeall, Ph.D.
A trust-based framework for the data-driven economy
Data Protection: EU & International
Shavonne Henry, Nikia Clarke, David Heymann, Brandon Knight
Nina Barakzai November 2017
The Future of Big Data, Equality and Privacy
Big Data Considerations
DATA e-Privacy Regulation Proposal
Prof. Dr. Natali Helberger
Ethical questions on the use of big data in official statistics
Relocation CARNIVAL come one…come all
Ad Tech
Information technologies/NBIC and Big data
The activity of Art. 29. Working Party György Halmos
GDPR & Accountability ISACA Ireland Annual Conference 2018
Online Safety: Rights and Responsibilities
Why are we processing data
Presentation transcript:

Privacy, data protection and connected cars Lilian Edwards, Professor of Internet Law University of Strathclyde Researcher in Residence, Digital Catapult February 2016

Fear, uncertainty and doubt in the IoT "Your smart watch will reveal your lack of exercise to your health insurance company, your car will tell your insurer of your frequent speeding, and your dustbin will tell your local council that you are not following local recycling regulations. This is the “internet of stool pigeons”, and though it may sound far-fetched, it’s already happening" Guardian,11 March “Bentham’s Panopticon is child’s play compared to surveillance in a fully functioning IoT”. Wisman

Sensitivity of location data  Art 29 WP “movement patterns of owners.. provide a very intimate insight into the private lives of owners”  US FTC 2013: “mobile devices typically personal to individual, almost always on, and with the user” -> highly sensitive data  Recent O2 tube example  “will track an estimated one million journeys a day made by O2 customers within London's Zone One… [also] tracks which apps customers are using and the types of web pages visited, aggregating the information to sell to advertising companies and big brands” -> targeted ads to mobiles (Telegraph, 11 Feb 2016)

Legality? 02 Underground Service Terms and Conditions  “10. By signing up to the service you consent to us using your personal data (including data in relation to your O2 contract and data in relation to your use of O2 WiFi) to verify who you are and to provide you with access to the service.  “…26. By using the services you are providing your consent to use your personal information together with other information for the following purposes: a. profiling your usage and viewing; b. personalising your experience of the services based on your usage and viewing profile; and c. improving and developing the services.  27. We may share with third parties information about your use of the services in an aggregated form which will not personally identify you. This aggregated data may be used by those third parties for their marketing purposes (e.g. to improve their targeting of advertising based on user preferences). “

Industry trust principles and suggestions  US - Consumer Privacy Protection Principles For Vehicle Technologies and Services  (1) transparency (2) choice (3) respect for context (4) data minimization, de-identification and retention (5) data security (6) integrity and access; and (7) accountability.  Largely subsumed in Europe by data protection law (?)  EU- German Federal and State Data Protection Authorities - “Data Protection in the Car” 2014Data Protection in the Car”  Article 29 Working Party published its Opinion on the Internet of Things (2014).  Non-industry: Future of Privacy Forum’s white paper, The Connected Car and Privacy: Navigating New Data Issues

Is consent required by law to collection of location data? a. DP principles (8) apply to processing of personal data Personal Data shall be processed lawfully and fairly 1. Consent 2. “Legitimate interests of data controller” so long as not infringing fundamental rights and freedoms of data subject 3. Others eg necessary for completion of contract b. Privacy and Electronic Communications Directive 2002 (PECD) amended Prior consent needed to collection of “data.. indicating the geographic position of the terminal equipment of a user of a publicly available electronic communications service” - Many queries if this actually includes data collected by connected cars? “Uber” or single-owner model?

Quality of consent needed?  DPD, Art 2 “any freely given, specific and informed indication of his wishes by which the data subject signifies his agreement to personal data relating to him being processed.”  GDPR changes  Who has to give consent to collection of their location?  owner/leaser of car  family/friends of such a sole user?  Anyone who rides in a CC via some kind of hire or app? (“Uber”/taxi paradigm)  What will be known about passengers?  Out may be to claim that personal data is not collected, or if it is, that it is anonymised

Issues for trust in privacy protection  What personal data did I consent to disclose using a connected car?  How will consent of riders other than prime owner/leaser be gathered  Will it be meaningful (informed, unpressurised) consent?  What grounds other than consent might be used eg “legitimate interests”?  If data is collected on basis of being non personal, or collected and aggregated - > anonymous data, is my privacy really safe?  Mosaic theory  Reidentification work

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.