Martha Davis

DOI: https://doi.org/10.4018/978-1-7998-3817-3.ch010

2020-01-01

Abstract:Big data and analytics have not only changed how businesses interact with consumers, but also how consumers interact with the larger world. Smart cities, IoT, cloud, and edge computing technologies are all enabled by data and can provide significant societal benefits via efficiencies and reduction of waste. However, data breaches have also caused serious harm to customers by exposing personal information. Consumers often are unable to make informed decisions about their digital privacy because they are in a position of asymmetric information. There are an increasing number of privacy regulations to give consumers more control over their data. This chapter provides an overview of data privacy regulations, including GDPR. In today's globalized economy, the patchwork of international privacy regulations is difficult to navigate, and, in many instances, fails to provide adequate business certainty or consumer protection. This chapter also discusses current research and implications for costs, data-driven innovation, and consumer trust.

Priscilla Regan

DOI: https://doi.org/10.1111/1468-5973.1101003

2003-03-01

Journal of Contingencies and Crisis Management

Abstract:In the online and offline worlds, the value of personal information – especially information about commercial purchases and preferences – has long been recognised. Exchanges and uses of personal information have also long sparked concerns about privacy. Public opinion surveys consistently indicate that overwhelming majorities of the American public are concerned that they have lost all control over information about themselves and do not trust organisations to protect the privacy of their information. Somewhat smaller majorities favour federal legislation to protect privacy. Despite public support for stronger privacy protection, the prevailing policy stance for over thirty years has been one of reluctance to legislate and a preference for self‐regulation by business to protect privacy. Although some privacy legislation has been adopted, policy debates about the commercial uses of personal information have been dominated largely by business concerns about intrusive government regulation, free speech and the flow of commercial information, costs, and effectiveness. Public concerns about privacy, reflected in public opinion surveys and voiced by a number of public interest groups, are often discredited because individuals seem to behave as though privacy is not important. Although people express concern about privacy, they routinely disclose personal information because of convenience, discounts and other incentives, or a lack of understanding of the consequences. This disconnect between public opinion and public behaviour has been interpreted to support a self‐regulatory approach to privacy protections with emphasis on giving individuals notice and choice about information practices. In theory the self‐regulatory approach also entails some enforcement mechanism to ensure that organisations are doing what they claim, and a redress mechanism by which individuals can seek compensation if they are wronged. This article analyses the course of policy formulation over the last twenty years with particular attention on how policymakers and stakeholders have used public opinion about the commercial use of personal information in formulating policy to protect privacy. The article considers policy activities in both Congress and the Federal Trade Commission that have resulted in an emphasis on “notice and consent.” The article concludes that both individual behaviour and organisational behaviour are skewed in a privacy invasive direction. People are less likely to make choices to protect their privacy unless these choices are relatively easy, obvious, and low cost. If a privacy protection choice entails additional steps, most rational people will not take those steps. This appears logically to be true and to be supported by behaviour in the physical world. Organisations are unlikely to act unilaterally to make their practices less privacy invasive because such actions will impose costs on them that are not imposed on their competitors. Overall then, the privacy level available is less than what the norms of society and the stated preferences of people require. A consent scheme that is most protective of privacy imposes the largest burden on the individual, as well as costs to the individual, while a consent scheme that is least protective of privacy imposes the least burden on the individual, as well as fewer costs to the individual. Recent experience with privacy notices that resulted from the financial privacy provisions in Gramm‐Leach‐Bliley supports this conclusion. Finally, the article will consider whether the terrorist attacks of 11 September have changed public opinion about privacy and what the policy implications of any changes in public opinion are likely to be.

management

Suvineetha Herath,Dakota State University,Haywood Gelman,Lisa McKee,

DOI: https://doi.org/10.32727/8.2023.18

2023-10-12

Abstract:In today's data-sharing paradigm, personal data has become a valuable resource that intensifies the risk of unauthorized access and data breach. Increased data mining techniques used to analyze big data have posed significant risks to data security and privacy. Consequently, data breaches are a significant threat to individual privacy. Privacy is a multifaceted concept covering many areas, including the right to access, erasure, and rectify personal data. This paper explores the legal aspects of privacy harm and how they transform into legal action. Privacy harm is the negative impact to an individual as a result of the unauthorized release, gathering, distillation, or expropriation of personal information. Privacy Enhancing Technologies (PETs) emerged as a solution to address data privacy issues and minimize the risk of privacy harm. It is essential to implement privacy enhancement mechanisms to protect Personally Identifiable Information (PII) from unlawful use or access. FIPPs (Fair Information Practice Principles), based on the 1973 Code of Fair Information Practice (CFIP), and the Organization for Economic Cooperation and Development (OECD), are a collection of widely accepted, influential US codes that agencies use when evaluating information systems, processes, programs, and activities affecting individual privacy. Regulatory compliance places a responsibility on organizations to follow best practices to ensure the protection of individual data privacy rights. This paper will focus on FIPPs, relevance to US state privacy laws, their influence on OECD, and reference to the EU General Data Processing Regulation. (GDPR).

Martin Eling,Irina Gemmo,Danjela Guxha,Hato Schmeiser

DOI: https://doi.org/10.1057/s10713-024-00098-5

2024-06-20

The Geneva Risk and Insurance Review

Abstract:The development of new technologies and big data analytics tools has had a profound impact on the insurance industry. A new wave of insurance economics research has emerged to study the changes and challenges those big data analytics developments engendered on the insurance industry. We provide a comprehensive literature review on big data, risk classification, and privacy in insurance markets, and discuss avenues for future research. Our study is complemented by an application of the use of big data in risk classification, considering individuals' privacy preferences. We propose a framework for analyzing the trade-off between the accuracy of risk classification and the discount offered to policyholders as an incentive to share private data. Furthermore, we discuss the conditions under which using policyholders' private data to classify risks more accurately is profitable for an insurer. In particular, we find that improving the accuracy of risk classification, if achieved by requiring the use of private data, does not necessarily provide an incentive for insurers to create more granular risk classes.

economics,business, finance

Jennifer Skarda-McCann

2006-06-22

Abstract:I. INTRODUCTION Using personal medical and financial information to blackmail unsuspecting individuals may sound like the plotline to a conspiracy theory movie. In reality, it may also be a consequence of the practice of outsourcing electronic data to foreign countries for business processing. Since the fall of 2003, major newspapers have reported at least two instances of threats by foreign medical record transcriptionists to release patients' medical information via the Internet. (1) On October 7, 2003, a medical transcriptionist in Karachi, Pakistan, sent an email message to the University of California San Francisco Medical Center ("UCSF"), demanding payment for her work, with patient files attached. (2) In a similar incident only a few weeks later, Heartland Information Services ("Heartland"), an Ohio-based company, received an email message from its own employees in Bangalore, India, who attempted to extort money by threatening to reveal confidential material. (3) The average patient would not normally know if her medical information was transmitted abroad following a hospital visit. Transcription of medical records generally is classified as one of the operations for which health care providers can disclose individuals' information without meeting the statutory requirement of obtaining consent. (4) Sometimes medical records awaiting transcription are forwarded, without the knowledge of the health care provider, to several different individuals through subcontracted relationships. For example, in the UCSF incident, the medical center had outsourced its medical record transcription to a California-based company, which in turn had subcontracted with an individual in Florida. (5) Against the terms of her original contract with the California-based firm, the subcontractor in Florida had subcontracted work to an individual in Texas, who, unbeknownst to her, had solicited work from the freelance transcriptionist in Karachi. (6) On the other hand, some health care providers knowingly outsource their records transcription to companies that use overseas employees to complete the work. (7) Heartland's extortion threat is perhaps more alarming than the UCSF incident because, while its clients knew their work was being sent overseas, the company never informed them of this incident. (8) Moreover, the company's representative failed to mention the incident during his appearance at a hearing before state legislators in California on the subject of industry safeguards to protect outsourced information. (9) Although the Supreme Court has implied that it might recognize a right to privacy of personal information, (10) the current legal environment provides limited remedies to those whose privacy rights are transgressed. (11) In the face of a technological world advancing at a rapid rate, legislative action is the only way to guarantee individuals protection of their private information. However, legislators fear that adequate privacy protections will only be implemented as a result of some future scandal. (12) Privacy rights experts warn that just such a scandal is on the horizon. (13) This article addresses the threat of disclosure to consumers' private, personal information due to the increasing practice of outsourcing business processes to foreign companies. By way of introduction, it examines the trend of outsourcing: what jobs are commonly outsourced, in which industries, and the reasons why the practice has become increasingly common in the global economy. The article continues by describing the kinds of personal information that are commonly shared in outsourcing practices and examines two industries in depth: Internet-based loan processing and medical record transcription. To analyze consumer rights and remedies in this context, the article considers the notion of a right to privacy in one's personal information, and then discusses federal statutes and case law which may enable such a right, in particular, the Health Insurance Portability and Accountability Act of 1996 (14) and the Gramm Leach-Bliley Act. …

Engineering,Law

Novea Elysa Wardhani

DOI: https://doi.org/10.22515/shirkah.v9i1.667

2023-10-22

Abstract:This research delves into the factors influencing consumer protection within the context of digital financial services, with a focus on the regulatory landscape, technology integration, consumer awareness, and data privacy. The primary objective is to analyze the impact of these factors on the improvement of consumer rights and safety. A quantitative approach was employed, utilizing data collected through surveys of digital financial service users. Confirmatory factor analysis was used to validate the measurement model, followed by structural equation modelling to test the hypotheses. The results demonstrate the significant and positive impact of the regulatory landscape, technology integration, consumer awareness, and data privacy on consumer protection. This study theoretically contributes by empirically confirming the role of these factors in consumer protection in digital financial services. From a practical standpoint, it underscores the importance of robust regulations, seamless technology integration, and effective consumer awareness initiatives in upholding consumer rights and safety. However, it is important to acknowledge certain limitations within this study. Its context-specific nature may restrict its generalizability to other regions, and the analysis primarily focuses on antecedent factors while neglecting potential influences from other variables. Nevertheless, this study's novelty lies in its comprehensive exploration of the foundational factors and their profound impact on consumer protection in the digital financial services landscape, furnishing valuable insights for informed policymaking and industry practices.

David B. Meinert,Dane K. Peterson,John R. Criswell,Martin D. Crossland

DOI: https://doi.org/10.4018/jeco.2006010101

2006-01-01

Journal of Electronic Commerce in Organizations

Abstract:Consumers’ concerns about information privacy are a primary obstacle to the success of e-commerce. The adoption of privacy policy statements is a direct response to this concern. This exploratory study examined the willingness of graduate students (who, by virtue of age, education, and income, are representative of typical Internet consumers) to provide various types of personal information given varying degrees of protection offered by privacy policy statements. The results demonstrated that the willingness to provide information to Web merchants increased as the level of privacy guaranteed by the statements increased. More importantly, the level of privacy promised by the statements interacted with respondents’ prior familiarity with policy statements in terms of their willingness to provide personal information. The results also demonstrated that while most individuals were aware of privacy policy statements, less than half of the respondents had ever read a privacy statement.

Ranjan Pal,Junhui Li,Jon Crowcroft,Yong Li,Mingyan Liu,Nishanth Sastry

DOI: https://doi.org/10.1109/tnsm.2020.3046704

2020-01-01

IEEE Transactions on Network and Service Management

Abstract:ln-app advertising is a multi-billion dollar industry that is an essential part of the current digital ecosystem, and is amenable to sensitive consumer information often being sold downstream without the knowledge of consumers, and in many cases to their annoyance. While this practice, in cases, may result in long-term benefits for the consumers, it can result in serious information privacy (IP) breaches of very significant impact (e.g., breach of genetic data) in the short term. The question we raise through this article is: does the type of information being traded downstream play a role in the degree of IP risks generated? We investigate two general (one-many) information trading market structures between a single data aggregating seller (e.g., enterprise app) and multiple competing buyers (e.g., ad-networks, retailers), distinguished by mutually exclusive and privacy sanitized aggregated consumer data (information) types: (i) data entailing strategically complementary actions among buyers and (ii) data entailing strategically substituting actions among buyers. Our primary question of interest here is: trading which type of data might pose less information privacy risks for society? To this end, we show that at market equilibrium IP trading markets exhibiting strategic substitutes between buying firms pose lesser risks for IP in society, primarily because the 'substitutes' setting, in contrast to the 'complements' setting, economically incentivizes appropriate consumer data distortion by the seller in addition to restricting the proportion of buyers to which it sells. Moreover, we also show that irrespective of the data type traded by the seller, the likelihood of improved IP in society is higher if there is purposeful or free-riding based transfer/leakage of data between buying firms. This is because the seller finds itself economically incentivized to restrict the release of sanitized consumer data with respect to the span of its buyer space, as well as in improved data quality.

Rabia Bajwa,Farah Tasnur Meem

2024-10-07

Abstract:The internet is a common place for businesses to collect and store as much client data as possible and computer storage capacity has increased exponentially due to this trend. Businesses utilize this data to enhance customer satisfaction, generate revenue, boost sales, and increase profile. However, the emerging sector of data brokers is plagued with legal challenges. In part I, we will look at what a data broker is, how it collects information, the data industry, and some of the difficulties it encounters. In Part II, we will look at potential options for regulating data brokers. All options are provided in light of the EU General Data Protection Regulation (GDPR). In Part III, we shall present our analysis and findings.

Cryptography and Security

John B. Taschner

DOI: https://doi.org/10.18034/ajtp.v7i1.484

2020-08-21

American Journal of Trade and Policy

Abstract:Data mining and collecting is increasingly becoming a common practice, in the name of monetization of personal data, progression of national security measures, and politically fueled democratic interferences. Millions of users’ data is constantly being sorted, manipulated, and sold, often without conscientious consent of the consumer. While this practice can result in greater convenience from an innocent consumer level, the vulnerabilities to national privacy and the cyberspace create dangerous territory. The article entitled describes the triangulation of security, monetization, and politicizing in terms of data collection through three primary case studies: Cambridge Analytica and the Facebook scandal during the 2016 United States presidential election, Apple v. FBI, and Edward Snowden and the NSA surveillance activities. It explores how data harvesting and subsequent monetization is embedded in virtually every aspect of our culture and develops understanding of how corporate social responsibility calls for companies to respect and maintain transparency with consumer interests. Current technology policies leaves open spaces for violation both internally and internationally, and why this constitutes certain offensive measures. Future data and privacy legislation, with strong consideration to the varying social contexts, resources, and current international relations. This is done under the underlying assumption that data is an irreplaceable factor in our global progression and is irrevocably embedded into our society. Over-regulation or under-regulation of big tech may lead to negative repercussions to our security or individual privacy rights. These ideas are becoming increasingly understood by the general public and are considered worthy of concern after seeing glimpses of the depth of surveillance and information held by either the government or corporations. While there are intense emotions and opinions on the matter, my article takes an objective and well-rounded perspective to address the interlocking complexities of individual freedoms, need for international cyberspace protection, and continued profitability of data. The idea of personal data and information being manipulated and used against citizens for financial or political agendas is rightfully horrifying the public; my article therefore takes into account these concerns while suggesting further navigating the political, legal, and social process in alignment with the ever-growing power of big data.

Ellen Wright Clayton,Barbara J Evans,James W Hazel,Mark A Rothstein

DOI: https://doi.org/10.1093/jlb/lsz007

IF: 3.4

2019-05-14

Journal of Law and the Biosciences

Abstract:Abstract Recent advances in technology have significantly improved the accuracy of genetic testing and analysis, and substantially reduced its cost, resulting in a dramatic increase in the amount of genetic information generated, analysed, shared, and stored by diverse individuals and entities. Given the diversity of actors and their interests, coupled with the wide variety of ways genetic data are held, it has been difficult to develop broadly applicable legal principles for genetic privacy. This article examines the current landscape of genetic privacy to identify the roles that the law does or should play, with a focus on federal statutes and regulations, including the Health Insurance Portability and Accountability Act (HIPAA) and the Genetic Information Nondiscrimination Act (GINA). After considering the many contexts in which issues of genetic privacy arise, the article concludes that few, if any, applicable legal doctrines or enactments provide adequate protection or meaningful control to individuals over disclosures that may affect them. The article describes why it may be time to shift attention from attempting to control access to genetic information to considering the more challenging question of how these data can be used and under what conditions, explicitly addressing trade-offs between individual and social goods in numerous applications.

ethics,law,medicine, legal,medical ethics

Montalbano Lydia,Lydia Montalbano

DOI: https://doi.org/10.4236/jss.2021.98031

2021-01-01

Open Journal of Social Sciences

Abstract:Digital advancement is moving at an unprecedented rate as compared to any other time in history. These improvements have effects on economies and societies altering the normal ways people interact and do business online. The process results in the accumulation and possible exposure of user data. The transformation has affected the policies in consumer and data protection law in place, but there is still a lot to gain on the enforcement side in the marketplace. Personal data are a new currency that drives the modern world, playing a central role in the current technological revolution. Consumer behavior patterns are now more predictable due to online ordering and data from IoT devices. Analysis of this collected data has resulted in ever more detailed profiles about individuals, which translates in greatly increasing conversion. This incentivizes software developers to equip their products and services with more and more advanced algorithms that can act on insights-based personal profiles. Usage of these algorithms can significantly influence consumer markets by altering purchasing trends. While it is evident that for example in Europe, today, consumers are increasingly becoming aware of the right to protect personal data, the impact of factors such as secret tracking, psychological profiling, can have consequences that many consumers can’t grasp. Moreover, prevalent market trends are thriving on data, but the process can create struc tural discrimination between consumers based on arbitrary assumptions. European empires during the 16th-century expanded their control by managing critical assets. However, presently, new technological empires are created by controlling the world’s data and deploying advanced AI’s which should be regulated. To establish a common, global framework of understanding, part of this study shall consider the consumer perception concerning tracking and surveillance. The socio-economic impact on society due to the so-called “ filter bubble ” created by these algorithms is subsequently be discussed together with the political and social destabilization that we are witnessing. This paper outlines how consumer laws relating to data protection, especially in Europe, are operationalized and what consumer protection is available within the digital markets. The paper concludes with the steps to systematically protect the fundamental right to privacy in the digital markets. This entails a hybrid approach that includes transparency by design and default, improved enforcement by authorities, and the possibility for consumers to proceed through class actions in order to safeguard their privacy in the existing legal framework.

Elif Erdemoglu

DOI: https://doi.org/10.1007/978-94-6265-144-9_7

2016-01-01

Abstract:The discussion on the regulation on citizens’ right to privacy grows parallel to the widespread usage and collection of Big Data. This chapter analyses from a law and economics perspective the discussion on the European Union (EU) citizens’ rights to privacy with regards to collection, retention, analysis and transfer of personal data in light of the EU General Data Protection Regulation (GDPR). The GDPR is drafted in coherence with the EU Digital Market Strategy, which aims to create the correct incentives for digital networks and services to flourish by providing trustworthy infrastructure supported by the right regulations. A significant part of achieving this aim would require the EU citizens to trust in using digital services. The GDPR is designed to increase the citizens’ trust to use online and digital services by obliging the service providers to comply with the GDPR. This chapter analyses two key compliance requirements of the GDPR through the economic analysis lens and proposes possible changes to the GDPR in line with the Digital Single Market Strategy of the EU. The scope of this chapter’s analysis is limited to how to cure information asymmetries between the citizens and the data collectors in order to increase the citizens’ trust in using digital services given the fast-changing and delicate legal issues arising from collecting the personal data of the EU citizens. This chapter concludes by suggesting three improvements to the GDPR; more frequent controls for issuing the EU Data Protection Seal, increased independence of the Data Protection Controller and issuance of publicly available, frequent privacy ratings.

Cason Schmit,Theodoros Giannouchos,Mahin Ramezani,Qi Zheng,Michael A Morrisey,Hye-Chung Kum

DOI: https://doi.org/10.2196/25266

2021-07-05

Abstract:Background: Reaping the benefits from massive volumes of data collected in all sectors to improve population health, inform personalized medicine, and transform biomedical research requires the delicate balance between the benefits and risks of using individual-level data. There is a patchwork of US data protection laws that vary depending on the type of data, who is using it, and their intended purpose. Differences in these laws challenge big data projects using data from different sources. The decisions to permit or restrict data uses are determined by elected officials; therefore, constituent input is critical to finding the right balance between individual privacy and public benefits. Objective: This study explores the US public's preferences for using identifiable data for different purposes without their consent. Methods: We measured data use preferences of a nationally representative sample of 504 US adults by conducting a web-based survey in February 2020. The survey used a choice-based conjoint analysis. We selected choice-based conjoint attributes and levels based on 5 US data protection laws (Health Insurance Portability and Accountability Act, Family Educational Rights and Privacy Act, Privacy Act of 1974, Federal Trade Commission Act, and the Common Rule). There were 72 different combinations of attribute levels, representing different data use scenarios. Participants were given 12 pairs of data use scenarios and were asked to choose the scenario they were the most comfortable with. We then simulated the population preferences by using the hierarchical Bayes regression model using the ChoiceModelR package in R. Results: Participants strongly preferred data reuse for public health and research than for profit-driven, marketing, or crime-detection activities. Participants also strongly preferred data use by universities or nonprofit organizations over data use by businesses and governments. Participants were fairly indifferent about the different types of data used (health, education, government, or economic data). Conclusions: Our results show a notable incongruence between public preferences and current US data protection laws. Our findings appear to show that the US public favors data uses promoting social benefits over those promoting individual or organizational interests. This study provides strong support for continued efforts to provide safe access to useful data sets for research and public health. Policy makers should consider more robust public health and research data use exceptions to align laws with public preferences. In addition, policy makers who revise laws to enable data use for research and public health should consider more comprehensive protection mechanisms, including transparent use of data and accountability.

A. Waldman

DOI: https://doi.org/10.2139/ssrn.3784667

2021-02-01

Abstract:Privacy law is at a crossroads. In the last two years, U.S. policymakers have introduced more than 50 proposals for comprehensive privacy legislation, most of which look roughly the same: they all combine a series of individual rights with internal compliance. The conventional wisdom in privacy scholarship explains this uniformity by looking to catalyzing precedent: the General Data Protection Regulation in Europe or the California Consumer Privacy Act. This article challenges that emerging consensus. Relying on contemporary sociological and critical studies scholarship, this article develops the concept of the social practice of privacy law and argues that recent privacy proposals in the U.S. look similar because the practices of privacy law are performative: they have socially constructed what we think privacy law is and should be. In other words, we have not only become accustomed to conceptualizing privacy law in a certain ways; we have come to see the rights-compliance model as the normal, ordinary, common sense modality of privacy law. So constructed, privacy law is flawed, with substantial negative effects for privacy, equality, and justice. Individual rights are misplaced weapons against the population-level harms of data-extractive capitalism. They also allow industry to weaponize our rights against us. Privacy law-as-compliance is even more troubling. It is internally inconsistent, protects the interests of the most powerful industry players, and elides informational capitalism’s substantive injustices. This article provides a full critical account of the latest developments in privacy law, focusing on its practices rather than law on the books alone. It details and challenges current privacy law’s focus on individual rights and internal compliance. And it explores potential new directions for privacy law based on the developing law and political economy literature, including new practices and performances that center privacy law around principles of power, equality, and democracy.

Sociology,Law

Blake Murdoch

DOI: https://doi.org/10.1186/s12910-021-00687-3

2021-09-15

BMC Medical Ethics

Abstract:Abstract Background Advances in healthcare artificial intelligence (AI) are occurring rapidly and there is a growing discussion about managing its development. Many AI technologies end up owned and controlled by private entities. The nature of the implementation of AI could mean such corporations, clinics and public bodies will have a greater than typical role in obtaining, utilizing and protecting patient health information. This raises privacy issues relating to implementation and data security. Main body The first set of concerns includes access, use and control of patient data in private hands. Some recent public–private partnerships for implementing AI have resulted in poor protection of privacy. As such, there have been calls for greater systemic oversight of big data health research. Appropriate safeguards must be in place to maintain privacy and patient agency. Private custodians of data can be impacted by competing goals and should be structurally encouraged to ensure data protection and to deter alternative use thereof. Another set of concerns relates to the external risk of privacy breaches through AI-driven methods. The ability to deidentify or anonymize patient health data may be compromised or even nullified in light of new algorithms that have successfully reidentified such data. This could increase the risk to patient data under private custodianship. Conclusions We are currently in a familiar situation in which regulation and oversight risk falling behind the technologies they govern. Regulation should emphasize patient agency and consent, and should encourage increasingly sophisticated methods of data anonymization and protection.

ethics,medical ethics,social sciences, biomedical

Vladimir Stanisavljevic,,Bruno Tekić Sauerborn,

DOI: https://doi.org/10.54820/entrenova-2023-0013

2023-12-15

ENTRENOVA - ENTerprise REsearch InNOVAtion

Abstract:The non-certified e-health segment is gaining momentum around the world. The trend was significantly advanced by the introduction of several sports and medical measuring devices in the form of smartwatches. There has also been a resurgence of other medical Internet of Things class devices. Several devices connect to a product or platform-specific online (Cloud) service for storing, exchanging, analysing and monitoring the customer-collected e-health data. The devices and the data collected allow the consumers to continuously track their sports achievements, movement, vital signs, essential health state, etc. while receiving some recommendations and warnings based on the measurements. As some recent examples showed, the data collected can contain sensitive information that could be used creatively and unexpectedly, either positively or negatively. Unlike professional healthcare systems, which should comply with the strict GDPR, there is much less pressure on commercial entities in the consumer technological sector to provide more privacy options for data collection through their devices. In this work, we analyse the data typically collected by consumer e-health devices and assess possible risks that commercial entities present to their customer in unauthorised use of the data for their commercial advances. They use obscure legal language to prevent users from consenting to various data usages while providing primary data storing functionality. Moreover, there is a significant risk of using the data for repression in some contexts. We analyse the sector's current state and provide some recommendations to consumers and legislation to improve consumer rights to privacy while enhancing their health. At the same time, we recommend how the professional health sector should benefit from the collected data to improve their operations.

Ushita Chugh

DOI: https://doi.org/10.36676/ijl.2023-v1i1-07

2023-11-10

Abstract:The proliferation of digital technology has had a significant impact on individuals' right to privacy; as a result, privacy laws have had to evolve in order to address these new challenges and provide enhanced protection for people's legal rights. the ever-evolving path of privacy legislation in the modern period, which highlights the intricacy at the intersection of data collection, technology, and individual rights. We examine the evolution of privacy regulations via the prism of history, beginning with their beginnings in traditional legal systems and ending with their application in contemporary digital domains. the challenges brought forth by the growing adoption of data-driven technologies such as social media, cutting-edge analytics software, and the Internet of Things (IoT). Data breaches, espionage, the use of automated decision making, and the worldwide nature of data flows are all factors that contribute to these challenges. There is also the conflict that results from the competing interests of individuals and organisations that collect and use their personal information. This conflict can be seen as an additional source of contention.

Kinshuk Jerath,Klaus M. Miller

2024-05-29

Abstract:In response to privacy concerns about collecting and using personal data, the online advertising industry has been developing privacy-enhancing technologies (PETs), e.g., under Google's Privacy Sandbox initiative. In this research, we use the dual-privacy framework, which postulates that consumers have intrinsic and instrumental preferences for privacy, to understand consumers' perceived privacy violations (PPVs) for current and proposed online advertising practices. The key idea is that different practices differ in whether individual data leaves the consumer's machine or not and in how they track and target consumers; these affect, respectively, the intrinsic and instrumental components of privacy preferences differently, leading to different PPVs for different practices. We conducted online studies focused on consumers in the United States to elicit PPVs for various advertising practices. Our findings confirm the intuition that tracking and targeting consumers under the industry status quo of behavioral targeting leads to high PPV. New technologies or proposals that ensure that data are kept on the consumer's machine lower PPV relative to behavioral targeting but, importantly, this decrease is small. Furthermore, group-level targeting does not differ significantly from individual-level targeting in reducing PPV. Under contextual targeting, where there is no tracking, PPV is significantly reduced. Interestingly, with respect to PPV, consumers are indifferent between seeing untargeted ads and no ads when they are not being tracked. We find that consumer perceptions of privacy violations under different tracking and targeting practices may differ from what technical definitions suggest. Therefore, rather than relying solely on technical perspectives, a consumer-centric approach to privacy is needed, based on, for instance, the dual-privacy framework.

General Economics

Juniper Lovato,Philip Mueller,Parisa Suchdev,Peter S. Dodds

DOI: https://doi.org/10.48550/arXiv.2302.08936

2023-02-17

Computation and Language

Abstract:Collecting personally identifiable information (PII) on data subjects has become big business. Data brokers and data processors are part of a multi-billion-dollar industry that profits from collecting, buying, and selling consumer data. Yet there is little transparency in the data collection industry which makes it difficult to understand what types of data are being collected, used, and sold, and thus the risk to individual data subjects. In this study, we examine a large textual dataset of privacy policies from 1997-2019 in order to investigate the data collection activities of data brokers and data processors. We also develop an original lexicon of PII-related terms representing PII data types curated from legislative texts. This mesoscale analysis looks at privacy policies overtime on the word, topic, and network levels to understand the stability, complexity, and sensitivity of privacy policies over time. We find that (1) privacy legislation correlates with changes in stability and turbulence of PII data types in privacy policies; (2) the complexity of privacy policies decreases over time and becomes more regularized; (3) sensitivity rises over time and shows spikes that are correlated with events when new privacy legislation is introduced.