Privacy

Question 1

Liberalism

Answer 1

Major political ideologies of modern world
Importance it attaches to the civil and political rights of individuals
Liberals demand a substantial realm of personal freedom (speech, conscience, occupation, …)
A liberal is not a political party

Question 2

Liberalism and privacy

Answer 2

Depends of the concept we have of the individual

No one has any clear idea what it is to mean the right to privacy

Question 3

Privacy

Answer 3

Behavioural: where a person has been or what they have done, protecting actions
Informational: how, when, and what information is communicated to others

Question 4

Impacts of ICTs

Answer 4

Computers make new threats possible

Freedom from intrusion, surveillance, and control of information

Question 5

Data vs metadata

Answer 5

Data: a recording of a cellphone conversation between Y and X
Metadata: Y called X, talked for 10 mins in city C
Metadata can have more information then the data
Less restrictions on metadata

Question 6

Uses of ICTs

Answer 6

1. Invisibility of data gathering: unknown or confusing (satellite, cookies)
2. Ease of secondary use: using data for purpose other then person approved (sale info to others)
3. Linking data records: combining and comparing info from multiple databases (gov getting data from commercial sources not allowed to)
4. Profiling: surveys, records, purchases
5. Monitoring: real time (GPS, networks, phones)

Question 7

Big brother

Answer 7

George Orwell where lack of privacy taken to the extreme (everything is observed) how would people act?

Initially only applied to the government
Us created 1974 privacy act

Question 8

First gen Fair information principles

Answer 8

• No personal data record keeping systems in gov secret
• Individual able to find out what information is in a record and how used
• Prevent information about them being used for another purpose without consent
• Correct information if it is incorrect
• Organization storing records must assure reliability of data for intended use

Question 9

Federal legislation

Answer 9

Gov computer systems used for certain purposes and goals (law, fraud)
Canada: privacy act of 1983
Legislation normally introduced as a result of political, legal, and constitutional considerations

Question 10

US constitution

Answer 10

Made is 1776 and amended to changes in society

Four amendment: used if privacy related legislation but the word privacy does not appear in the amendment

Question 11

Canadian constitution

Answer 11

Repatriation in 1982
Section 8: for privacy, everyone has the right to be secure against unreasonable search and seizure
This protects people and not places
Protects the person that owns the device
Privacy protection restricted to information which is personal and confidential and serves to promote the individuals dignity

Question 12

Pipedas fair information principles

Answer 12

1. Accountability
2. Identifying purposes
3. Consent
4. Limiting collection
5. Limiting use, disclose, and retention
6. Accuracy
7. Safeguards
8. Openess
9. Individual access
10. Challenging compliance

Question 13

1. Accountability

Answer 13

Orgainisation is responsible for information that is under its control and should have someone accountable

Question 14

2. Indentifying purposes

Answer 14

Purposes for which personal information is collected shall be identified by the organization at or before collection

Question 15

3. Consent

Answer 15

The knowledge and consent of the individual are required for collection, use, or disclosure of personal information except where inappropriate

Question 16

4. Limiting collection

Answer 16

Collection of personal information shall be limited to that which is necessary for the purposes identified by the organization. Collected by fair and lawful means

Question 17

5. Limiting use, disclosure, and retention

Answer 17

Personal info shall not be used or disclosed for purposes other than those for which it was collected execpt with consent of the individual or as required by law. Info retained only as long as necessary

Question 18

6. Accuracy

Answer 18

Personal info shall be accurate, complete, and up to date for purposes used

Question 19

7. Safeguards

Answer 19

Personal info shall be protected by security safeguards appropriate to the sensitivity of the information

Question 20

8. Openness

Answer 20

Make readily available to individuals specific info about its policies and practices relating to management of personal info

Question 21

9. Individual access

Answer 21

Upon request, individual shall be informed of the existence, use, and disclosyre of personal info and shall be given access to the info. An individual shall be able to challenge accuracy of info and have it amended

Question 22

10. Challenging compliance

Answer 22

An individual shall be able to address a challenge concering compliance with the above principles

Question 23

Second gen privacy laws for ICTs

Answer 23

Eight principles 
Collection limitation
Data quality 
Purpose specification
Use limitation
Security safeguards
Openness
Individual participation 
Accountability

Question 24

Pipeda

Answer 24

Applies to commercial organization (businesses)
If business want to collect use or disclose personal info needs consent
First canada wide legislation to require fair information principles to be followed
Limited to commercial entities

Question 25

Pipa (personal information privacy act)

Answer 25

Introduced in bc in 2003 Applies to commercial organizations and private sector organizations (churches, stratas, charites) Applies to private sector organizations

Question 26

Fippa (freedom of information and personal privacy act)

Answer 26

Public sector organizations with governance under BC statues (Provincial gov ministries, universites, schools, hospitals, municipalities) Introduced along side pipa

Question 27

Privacy commissioner

Answer 27

Pipeda: office of the privacy commissioner of canada (opc) Pipa, fippa: office of information privacy commissioner of bc (oipc) Advocate best practice in privacy Educate organizations Deal with complaints from individuals

Question 28

Complaints

Answer 28

Office staff examine the complaint to find ir well founded or not Early resolution: admitted problem and change Discontinued Settled Well-founded: go to federal court (worst case) No jurisdiction

Question 29

General data protection regulation (GDPR)

Answer 29

Into force in EU in 2018 Replaced EU privacy directive from 1995 Goals: protect data in EU, strengthen privacy rights, natural persons given control over data, rights enforced Gives direction for individual EU nations Affects businesses anywhere in world collecting or holding PI on EU citizens

Question 30

GDPR protection

Answer 30

Protects name, address, phone, bank, email, ip address, cookies, biometric data If in repository, has some structure, with some manual labour (sorting) Ex)paper filling cabinet sorted Need consent, transparency in collection and use, right to modify Focus in natural persons Right to be forgotten Right to data portability Right to restriction of processing Right to explanation~ AI decisions Relatively technology neutral More modern privacy

Question 31

Data subject

Answer 31

An individual resident of EU whose personal data are protected “natural person”

Question 32

Data controller

Answer 32

An institution business or person processing personal data

Question 33

Data processor

Answer 33

``` A subject (company) processing data in behalf of the controller Could be company storing data on cloud or customer relationship management app ```

Question 34

Data collector

Answer 34

Both a controller and a processor

Question 35

Data protection officer

Answer 35

A person appointed by data controller responsible for overseeing data protection

Question 36

Data authorities

Answer 36

Public institution monitoring implementation of regulations in EU country

Question 37

Third parties

Answer 37

A person or entity under authority of the collector authorized to process personal data

Question 38

Recipient

Answer 38

Any person to whom personal data is disclosed

Question 39

CCPA california consumer privacy act 2020

Answer 39

Similar to GDPR Individual people can now sue for violations Has more detail about what is personal data Have to tell who data was shared with

Question 40

CPPA consumer privacy protection act bill C11

Answer 40

Intented to repeal pipeda New way to deal with complaints Revised requirements for obtaining consent, more rights over own data, algorithmic transparency: right to explanation Bill not passed due to election in 2021

Question 41

Privacy as a human right

Answer 41

Universal declaration of human rights ~ interference with privacy, family, home, or correspondence, nor attacks upon honour and reputation Legal right ~ granted by legal statue Right~ aspirational or object of political action Human rights are really strong ethical pronoucements as to what should be done

Question 42

Perspectives of privacy

Answer 42

Privacy as secrecy: concealing info about onesself Privacy as control over personal information: protect all info want to retain control Privacy as personhood: 1. Respect for persons as choosers 2. Not determined by what is “normal” Privacy as intimacy: sharing of intimate info

Question 43

Free market view

Answer 43

Parties of a transaction viewed as having equal standing Truth in information gathering enforced by the market String reliance in contracts Facts can be disclosed if not violate other rights

Question 44

Consumer protection view

Answer 44

Comsumers have little power to negotiate with corporation Consent needed in business transactions better then those required by law Self regulation by business often does not work so some protect for the consumer