Data trust and data privacy in the COVID-19 period

AbstractPeople rely on data-driven AI technologies nearly every time they go online, whether they are shopping, scrolling through news feeds, or looking for entertainment. Yet despite their ubiquity, personalization algorithms and the associated large-scale collection of personal data have largely escaped public scrutiny. Policy makers who wish to introduce regulations that respect people’s attitudes towards privacy and algorithmic personalization on the Internet would greatly benefit from knowing how people perceive personalization and personal data collection. To contribute to an empirical foundation for this knowledge, we surveyed public attitudes towards key aspects of algorithmic personalization and people’s data privacy concerns and behavior using representative online samples in Germany (N = 1065), Great Britain (N = 1092), and the United States (N = 1059). Our findings show that people object to the collection and use of sensitive personal information and to the personalization of political campaigning and, in Germany and Great Britain, to the personalization of news sources. Encouragingly, attitudes are independent of political preferences: People across the political spectrum share the same concerns about their data privacy and show similar levels of acceptance regarding personalized digital services and the use of private data for personalization. We also found an acceptability gap: People are more accepting of personalized services than of the collection of personal data and information required for these services. A large majority of respondents rated, on average, personalized services as more acceptable than the collection of personal information or data. The acceptability gap can be observed at both the aggregate and the individual level. Across countries, between 64% and 75% of respondents showed an acceptability gap. Our findings suggest a need for transparent algorithmic personalization that minimizes use of personal data, respects people’s preferences on personalization, is easy to adjust, and does not extend to political advertising.

Download Full-text

School Districts Stumbled on Data Privacy

Cases on Educational Technology Integration in Urban Schools ◽

10.4018/978-1-61350-492-5.ch004 ◽

2012 ◽

pp. 12-15 ◽

Cited By ~ 3

Author(s):

Irene Chen

Keyword(s):

Public Schools ◽

School Districts ◽

Middle Schools ◽

Social Security ◽

Private Information ◽

Web Site ◽

Data Privacy ◽

Personal Information ◽

Personal Data ◽

Short Period

The story describes how three school institutes are grappling with the loss of private information, each through a unique set of circumstances. Pasadena City Public Schools discovered that it had sold several computers containing the names and Social Security numbers of employees as surplus. Stephens Public Schools learned that personal information about students at one of its middle schools was lost when a bag containing a thumb drive was stolen. Also, Woodlands Public Schools accidentally exposed employee personal data on a public Web site for a short period of time. How should each of the institutes react?

Download Full-text

Analysis of the US Privacy Model

Research Anthology on Privatizing and Securing Data ◽

10.4018/978-1-7998-8954-0.ch087 ◽

2021 ◽

pp. 1818-1825

Author(s):

Francisco García Martínez

Keyword(s):

Data Privacy ◽

Personal Information ◽

National Level ◽

The United States ◽

The European Union ◽

General Data Protection Regulation ◽

Privacy Laws ◽

The Us ◽

General Data ◽

State Of Art

The creation of the General Data Protection Regulation (GDPR) constituted an enormous advance in data privacy, empowering the online consumers, who were doomed to the complete loss of control of their personal information. Although it may first seem that it only affects companies within the European Union, the regulation clearly states that every company who has businesses in the EU must be compliant with the GDPR. Other non-EU countries, like the United States, have seen the benefits of the GDPR and are already developing their own privacy laws. In this article, the most important updates introduced by the GDPR concerning US corporations will be discussed, as well as how American companies can become compliant with the regulation. Besides, a comparison between the GDPR and the state of art of privacy in the US will be presented, highlighting similarities and disparities at the national level and in states of particular interest.

Download Full-text

Consumer Privacy Regulations

Research Anthology on Privatizing and Securing Data ◽

10.4018/978-1-7998-8954-0.ch089 ◽

2021 ◽

pp. 1844-1860

Author(s):

Martha Davis

Keyword(s):

Big Data ◽

Consumer Protection ◽

Data Privacy ◽

Personal Information ◽

Smart Cities ◽

Consumer Trust ◽

Consumer Privacy ◽

Societal Benefits ◽

Globalized Economy ◽

Information Consumers

Big data and analytics have not only changed how businesses interact with consumers, but also how consumers interact with the larger world. Smart cities, IoT, cloud, and edge computing technologies are all enabled by data and can provide significant societal benefits via efficiencies and reduction of waste. However, data breaches have also caused serious harm to customers by exposing personal information. Consumers often are unable to make informed decisions about their digital privacy because they are in a position of asymmetric information. There are an increasing number of privacy regulations to give consumers more control over their data. This chapter provides an overview of data privacy regulations, including GDPR. In today's globalized economy, the patchwork of international privacy regulations is difficult to navigate, and, in many instances, fails to provide adequate business certainty or consumer protection. This chapter also discusses current research and implications for costs, data-driven innovation, and consumer trust.

Download Full-text

Analysis of the US Privacy Model

International Journal of Hyperconnectivity and the Internet of Things ◽

10.4018/ijhiot.2019010103 ◽

2019 ◽

Vol 3 (1) ◽

pp. 43-52

Author(s):

Francisco García Martínez

Keyword(s):

Data Privacy ◽

Personal Information ◽

National Level ◽

The United States ◽

The European Union ◽

General Data Protection Regulation ◽

Privacy Laws ◽

The Us ◽

General Data ◽

The Eu

The creation of the General Data Protection Regulation (GDPR) constituted an enormous advance in data privacy, empowering the online consumers, who were doomed to the complete loss of control of their personal information. Although it may first seem that it only affects companies within the European Union, the regulation clearly states that every company who has businesses in the EU must be compliant with the GDPR. Other non-EU countries, like the United States, have seen the benefits of the GDPR and are already developing their own privacy laws. In this article, the most important updates introduced by the GDPR concerning US corporations will be discussed, as well as how American companies can become compliant with the regulation. Besides, a comparison between the GDPR and the state of art of privacy in the US will be presented, highlighting similarities and disparities at the national level and in states of particular interest.

Download Full-text

That’s Private! Understanding Travelers’ Privacy Concerns and Online Data Disclosure

Journal of Travel Research ◽

10.1177/0047287520951642 ◽

2020 ◽

pp. 004728752095164

Author(s):

Athina Ioannou ◽

Iis Tussyadiah ◽

Graham Miller

Keyword(s):

Data Privacy ◽

Personal Information ◽

Empirical Studies ◽

Personal Data ◽

Tourism Industry ◽

Online Data ◽

Biometric Data ◽

Identity Verification ◽

Privacy Concerns ◽

Travel And Tourism

Against the backdrop of advancements in technology and its deployment by companies and governments to collect sensitive personal information, information privacy has become an issue of great interest for academics, practitioners, and the general public. The travel and tourism industry has been pioneering the collection and use of biometric data for identity verification. Yet, privacy research focusing on the travel context is scarce. This study developed a valid measurement of Travelers’ Online Privacy Concerns (TOPC) through a series of empirical studies: pilot ( n=277) and cross-validation ( n=287). TOPC was then assessed for its predictive validity in its relationships with trust, risk, and intention to disclose four types of personal data: biometric, identifiers, biographic, and behavioral data ( n=685). Results highlight the role of trust in mitigating the relationship between travelers’ privacy concerns and data disclosure. This study provides valuable contribution to research and practice on data privacy in travel.

Download Full-text

Data Privacy Protection Based on Micro Aggregation with Dynamic Sensitive Attribute Updating

Sensors ◽

10.3390/s18072307 ◽

2018 ◽

Vol 18 (7) ◽

pp. 2307 ◽

Cited By ~ 2

Author(s):

Yancheng Shi ◽

Zhenjiang Zhang ◽

Han-Chieh Chao ◽

Bo Shen

Keyword(s):

Privacy Protection ◽

Data Privacy ◽

Large Scale ◽

Data Centers ◽

Personal Information ◽

Rapid Development ◽

Data Availability ◽

Personal Privacy ◽

Data Anonymization ◽

Data Privacy Protection

With the rapid development of information technology, large-scale personal data, including those collected by sensors or IoT devices, is stored in the cloud or data centers. In some cases, the owners of the cloud or data centers need to publish the data. Therefore, how to make the best use of the data in the risk of personal information leakage has become a popular research topic. The most common method of data privacy protection is the data anonymization, which has two main problems: (1) The availability of information after clustering will be reduced, and it cannot be flexibly adjusted. (2) Most methods are static. When the data is released multiple times, it will cause personal privacy leakage. To solve the problems, this article has two contributions. The first one is to propose a new method based on micro-aggregation to complete the process of clustering. In this way, the data availability and the privacy protection can be adjusted flexibly by considering the concepts of distance and information entropy. The second contribution of this article is to propose a dynamic update mechanism that guarantees that the individual privacy is not compromised after the data has been subjected to multiple releases, and minimizes the loss of information. At the end of the article, the algorithm is simulated with real data sets. The availability and advantages of the method are demonstrated by calculating the time, the average information loss and the number of forged data.

Download Full-text

Internet Industry Data Openness and Personal Information Protection Based on Privacy Laws

10.21203/rs.3.rs-924655/v1 ◽

2021 ◽

Author(s):

Yurong Gao ◽

Yiping Guo ◽

Awais Khan Jumani ◽

Achyut Shankar

Keyword(s):

Data Protection ◽

Data Privacy ◽

Personal Information ◽

Open Data ◽

Personal Data ◽

International Standards ◽

Information Protection ◽

Technical Standards ◽

Consumption Ratio ◽

Personal Information Protection

Abstract Data security needs a comprehensive system design approach that combines legal, administrative, and technical protection. These laws generally contain complete rules and principles relevant to the collecting, storing, and using personal information in line with international standards on privacy and data protection. Personal data should be legally collected for a specified reason and not be used without authorization for unlawful monitoring or profiling by governments or third parties. In advocacy and open data activity, increasing attention has been placed on privacy problems. To secure the protection of this data, the Privacy Law (PL) and the Regulations typically put forth industrial and technical standards on IT systems that hold and handle personal data. Concerns about information privacy are genuine, valid, and exacerbated on the Internet of Things (IoT) and Cyber-Physical Systems (CPS). This article suggests that compliance with IoT and CPS Data Privacy (DP) at technical and non-technical levels should be dealt with. The proposed architecture is then coupled with a reference framework for the business architecture to offer a DP-IoT model focused on the industry and technology and positioned to comply with the Personal Information Protection Act (POPI). Therefore, methods are necessary to protect data privacy based on both system and organizational reference designs. In the end, users should have specific rights to information about them, including the capacity and method to seek recourse to protect such rights, to acquire and amend incorrect details. The DP-IoT model shows a privacy ratio of 92.6%, scalability ratio of 91.5, data management ratio of 94.3%, data protection ratio of 96.7%, customer satisfaction rate of 92.2 %, attack prevention ratio of 95.5% and energy consumption ratio of 25.5 % compared to the existing methods.

Download Full-text

Moving beyond consent in data privacy law. An effective privacy management system for Internet services

10.26686/wgtn.17068490.v1 ◽

2021 ◽

Author(s):

◽

Marcin Betkier

Keyword(s):

Data Privacy ◽

Service Providers ◽

Personal Information ◽

Continuous Process ◽

Careful Examination ◽

Privacy Management ◽

Online Service ◽

Online Services ◽

General Data Protection Regulation ◽

Online Service Providers

<p>This thesis looks for a way to overcome the failure of consent as a means of addressing privacy problems associated with online services. It argues that consent to collection and use of personal data is an imperfect mechanism for individual authorisation because data privacy in relation to online services is a dynamic, continuous process. If people are to have autonomous choice in respect of their privacy processes, then they need to be able to manage these processes themselves. After careful examination of online services which pinpoints both the privacy problems caused by online service providers and the particular features of the online environment, the thesis devises a set of measures to enable individuals to manage these processes. The tool for achieving this is a Privacy Management Model (PMM) which consists of three interlocking functions: controlling (which consent may be a part of), organising, and planning. The thesis then proposes a way of implementing these functions in the context of online services. This requires a mix of regulatory tools: a particular business model in which individuals are supported by third parties (Personal Information Administrators), a set of technical/architectural tools to manage data within the ICT systems of the online service providers, and laws capable of supporting all these elements. The proposed legal measures aim to overcome the shortcomings of procedural principles by implementing a comprehensive model in which substantive legal principle underpins a bundle of statutory-level laws which enable privacy management functions. Those are explained against the background of the General Data Protection Regulation. All of this is designed to change the way decision-makers think about Internet privacy and form the theoretical backbone of the next generation of privacy laws.</p>

Download Full-text