Engineering and Physical Sciences Research Council (EPSRC)EP/S035362/1Digital Charter Fellowship from the Alan Turing Institute and Department for Digital
工程和物理科学研究委员会(EPSRC)EP/ s035362 /1图灵研究所和数字部数字宪章奖学金
{"title":"Is that your final decision? Multi-stage profiling, selective effects, and Article 22 of the GDPR","authors":"Binns R, Veale M.","doi":"10.1093/idpl/ipab020","DOIUrl":"https://doi.org/10.1093/idpl/ipab020","url":null,"abstract":"<span>Engineering and Physical Sciences Research Council (EPSRC)EP/S035362/1Digital Charter Fellowship from the Alan Turing Institute and Department for Digital</span>","PeriodicalId":51749,"journal":{"name":"International Data Privacy Law","volume":" 18","pages":""},"PeriodicalIF":2.1,"publicationDate":"2021-10-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"138492555","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
This commentary ties in with an emerging field in privacy scholarship that focuses on collective rather than individualistic viewpoints: recent debates address privacy in digital markets in terms of individual rights to choose between different options, such as between Facebook, Instagram, Snapchat, or Twitter, while users of digital platforms try to make sense of who they are and how they fit into networked contexts.
In such contexts, audiences are hidden and almost anything that users share is in plain view. Privacy is thus to be found within public environments rather than in opposition to them—that is, by controlling access to meaning rather than by controlling access to content.
While legal scholarship is mostly built around the assumption that consumers have to choose to be private or to be public, in digital markets, privacy and publicity are inevitably muddled.
Drawing on the German Federal Court of Justice’s recent Facebook decision, the commentary observes that reclaiming privacy in digital markets depends not just on selecting between different options but also on being able to make choices in relation to them.
这篇评论与隐私学术的一个新兴领域有关,该领域关注的是集体而不是个人主义的观点:最近的辩论从个人在不同选项(如Facebook、Instagram、Snapchat或Twitter)之间进行选择的权利方面解决了数字市场中的隐私问题,而数字平台的用户则试图弄清楚他们是谁,以及他们如何适应网络环境。在这种情况下,受众是隐藏的,用户分享的几乎所有内容都是显而易见的。因此,隐私是在公共环境中被发现的,而不是在公共环境的对立面——也就是说,通过控制对意义的访问,而不是通过控制对内容的访问。虽然法律研究大多建立在消费者必须选择隐私还是公开的假设之上,但在数字市场中,隐私和公开不可避免地混淆了。根据德国联邦法院(German Federal Court of Justice)最近对Facebook的裁决,这篇评论指出,在数字市场中恢复隐私不仅取决于在不同的选择之间做出选择,还取决于能够做出与之相关的选择。
{"title":"On (some aspects of) social privacy in the social media space","authors":"Adrian Kuenzler","doi":"10.1093/idpl/ipab022","DOIUrl":"https://doi.org/10.1093/idpl/ipab022","url":null,"abstract":"<span><div>Key Points<ul><li>This commentary ties in with an emerging field in privacy scholarship that focuses on collective rather than individualistic viewpoints: recent debates address privacy in digital markets in terms of individual rights to choose between different options, such as between Facebook, Instagram, Snapchat, or Twitter, while users of digital platforms try to make sense of who they are and how they fit into networked contexts.</li><li>In such contexts, audiences are hidden and almost anything that users share is in plain view. Privacy is thus to be found within public environments rather than in opposition to them—that is, by controlling access to meaning rather than by controlling access to content.</li><li>While legal scholarship is mostly built around the assumption that consumers have to choose to be private or to be public, in digital markets, privacy and publicity are inevitably muddled.</li><li>Drawing on the German Federal Court of Justice’s recent <span style=\"font-style:italic;\">Facebook</span> decision, the commentary observes that reclaiming privacy in digital markets depends not just on selecting between different options but also on being able to make choices in relation to them.</li></ul></div></span>","PeriodicalId":51749,"journal":{"name":"International Data Privacy Law","volume":" 17","pages":""},"PeriodicalIF":2.1,"publicationDate":"2021-10-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"138492556","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Erratum to: Reflections on the murky legal practices of political micro-targeting from a GDPR perspective","authors":"C. B. Casagran, Mathias Vermeulen","doi":"10.1093/idpl/ipab019","DOIUrl":"https://doi.org/10.1093/idpl/ipab019","url":null,"abstract":"","PeriodicalId":51749,"journal":{"name":"International Data Privacy Law","volume":"106 1","pages":""},"PeriodicalIF":2.1,"publicationDate":"2021-10-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"80894705","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"EU data protection under the TCA: the UK adequacy decision and the twin GDPRs","authors":"Anastasia Choromidou","doi":"10.1093/idpl/ipab021","DOIUrl":"https://doi.org/10.1093/idpl/ipab021","url":null,"abstract":"","PeriodicalId":51749,"journal":{"name":"International Data Privacy Law","volume":"79 1","pages":""},"PeriodicalIF":2.1,"publicationDate":"2021-10-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"85922621","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Cobwebs of control: the two imaginations of the data controller in EU law","authors":"Michèle Finck","doi":"10.1093/idpl/ipab017","DOIUrl":"https://doi.org/10.1093/idpl/ipab017","url":null,"abstract":"","PeriodicalId":51749,"journal":{"name":"International Data Privacy Law","volume":"67 1","pages":""},"PeriodicalIF":2.1,"publicationDate":"2021-08-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"82265751","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Reflections on the murky legal practices of political micro-targeting from a GDPR perspective","authors":"Cristina Blasi Casagran, Mathias Vermeulen","doi":"10.1093/idpl/ipab018","DOIUrl":"https://doi.org/10.1093/idpl/ipab018","url":null,"abstract":"","PeriodicalId":51749,"journal":{"name":"International Data Privacy Law","volume":"23 5","pages":""},"PeriodicalIF":2.1,"publicationDate":"2021-08-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"72406758","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
•Provisions in many data protection laws require a legal basis, or at the very least safeguards, for significant, solely automated decisions; Article 22 of the GDPR is the most notable. •Little attention has been paid to Article 22 in light of decision-making processes with multiple stages, potentially both manual and automated, and which together might impact upon decision subjects in different ways. •Using stylised examples grounded in real-world systems, we raise five distinct complications relating to interpreting Article 22 in the context of such multi-stage profiling systems. •These are: the potential for selective automation on subsets of data subjects despite generally adequate human input; the ambiguity around where to locate the decision itself; whether ‘significance’ should be interpreted in terms of any potential effects or only selectively in terms of realised effects; the potential for upstream automation processes to foreclose downstream outcomes despite human input; and that a focus on the final step may distract from the status and importance of upstream processes. •We argue that the nature of these challenges will make it difficult for courts or regulators to distil a set of clear, fair and consistent interpretations for many realistic contexts.
{"title":"Is That Your Final Decision? Multi-Stage Profiling, Selective Effects, and Article 22 of the GDPR","authors":"Reuben Binns, Michael Veale","doi":"10.31235/osf.io/7mq6z","DOIUrl":"https://doi.org/10.31235/osf.io/7mq6z","url":null,"abstract":"•Provisions in many data protection laws require a legal basis, or at the very least safeguards, for significant, solely automated decisions; Article 22 of the GDPR is the most notable. •Little attention has been paid to Article 22 in light of decision-making processes with multiple stages, potentially both manual and automated, and which together might impact upon decision subjects in different ways. •Using stylised examples grounded in real-world systems, we raise five distinct complications relating to interpreting Article 22 in the context of such multi-stage profiling systems. •These are: the potential for selective automation on subsets of data subjects despite generally adequate human input; the ambiguity around where to locate the decision itself; whether ‘significance’ should be interpreted in terms of any potential effects or only selectively in terms of realised effects; the potential for upstream automation processes to foreclose downstream outcomes despite human input; and that a focus on the final step may distract from the status and importance of upstream processes. •We argue that the nature of these challenges will make it difficult for courts or regulators to distil a set of clear, fair and consistent interpretations for many realistic contexts.","PeriodicalId":51749,"journal":{"name":"International Data Privacy Law","volume":"38 1","pages":""},"PeriodicalIF":2.1,"publicationDate":"2021-08-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"72885708","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Breach of security vs personal data breach: effect on EU data subject notification requirements","authors":"Rogers Alunge","doi":"10.1093/idpl/ipaa021","DOIUrl":"https://doi.org/10.1093/idpl/ipaa021","url":null,"abstract":"","PeriodicalId":51749,"journal":{"name":"International Data Privacy Law","volume":"1 1","pages":""},"PeriodicalIF":2.1,"publicationDate":"2021-08-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"86528519","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Problems with controller-based responsibility in EU data protection law","authors":"Benjamin Wong","doi":"10.1093/idpl/ipab014","DOIUrl":"https://doi.org/10.1093/idpl/ipab014","url":null,"abstract":"","PeriodicalId":51749,"journal":{"name":"International Data Privacy Law","volume":"36 1","pages":""},"PeriodicalIF":2.1,"publicationDate":"2021-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"87989767","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}