Update: I’ve now wrangled the MacOS client to work, but it does not like having two tunnels open at once (although you can bring up multiple tunnels via “Systems Preference > Network”), and you have to set ip forwarding by hand.Read More from November 13, 2020
Linked here our full comments on the European Data Protection Board’s
Guidelines 07/2020 on the concepts of controller and processor in the GDPR
Submitted by Prof. Derek McAuley, Prof. Lilian Edwards, Dr. Lachlan Urquhart and Dr. Jiahong Chen of Horizon Digital Economy Research Institute.
27 October 2020
Summary: Overall, the EDPB’s adoption of the Guidelines provides additional clarity and certainty for data controllers and processors to comply with the GDPR. We provide three recommendations as to how the Guidelines can be improved in the final version:
- Further clarify the nature of the influence on the purposes and means of the processing
exercised by the technology providers, especially when there is a clear power imbalance;
- Explicitly specify that the arrangement between joint controllers as required by Article 26
should take into account which controller is best-positioned to fulfil a specific duty, ideally
with real-life examples of domestic controllers;
- Encourage joint controllers to agree on such an arrangement in a fair manner by allowing the arrangement to take effect on how data subject requests are handled, provided that it does not create any extra burden on the data subject
Linked here our full comments on the European Data Protection Board’s
Guidelines 4/2019 on Article 25 Data Protection by Design and by Default
Submitted by Prof. Derek McAuley, Dr. Ansgar Koene and Dr. Jiahong Chen of Horizon Digital Economy Research Institute, University of Nottingham
16 January 2020
Summary: Overall, the EDPB’s adoption of the Guidelines represents a helpful step forward in promoting ethical and privacy-friend design and default approaches, and the current version has largely covered right issues with an appropriate level of details and useful examples. To sum up the specific comments outlined above, we provide three recommendations as to how the Guidelines can be improved in the final version:
- Throughout the Guidelines, make a stronger case for technology providers to fully align with
the DPbDD requirements as imposed on data controllers, and provide further examples on
how this can be achieved;
- In Section (“Elements to be taken into account”), specify certain PET approaches with
examples that are already available and easy to implement for data controller to show
better compliance with data protection principles;
- In Section (“Implementing data protection principles […]”, in particular the “Transparency” and “Lawfulness” sub-sections), further clarify that data processing information and options should be provided in an objective and neutral way, avoiding any deceptive or manipulative language or design.
Response to Call for Evidence for House of Lords Select Committee on Communications inquiry into “The Internet: To Regulate or Not To Regulate?”
Written evidence submitted by Prof. Derek McAuley, Dr. Ansgar Koene, Dr. Lachlan Urquhart of the Horizon Digital Economy Research Institute, University of Nottingham. May 11th 2018.
Summary: it is already regulated - could someone please enforce existing regulation.
Not sure I gave him much other than "it's complicated"! The global philosophical debate about it is played out in each country differently depending on local legislation, regulation, the lobbying power of the various factions and the time varying whim of national governments...
Databox results from many years of research into personal data and their ecosystems. This short note lays out the primary motivations and the thinking behind Databox without delving into the technical detail. As background, I recommend watching the “What is Databox” video on YouTube to obtain a high-level view of the Databox approach. Fundamentally, the forces that motivate Databox arise from the EU General Data Protection Regulation, the advent of the Internet of Things, and the need to balance consumer concerns such as privacy and accountability with commercial desire to exploit new opportunities provided by the widespread generation, collection and analysis of data.
Read More from November 28, 2017
Read More from August 2, 2017
“We’re explicitly avoiding the term ‘fake news,’ because we think it is too vague,” said Paul Haahr, one of Google’s senior engineers who is involved with search quality. “Demonstrably inaccurate information, however, we want to target.”Read More from March 21, 2017
- 62%: encryption
- 61%: analytic and reporting
- 53%: perimeter security
- 42%: file sharing
Read More from October 8, 2015
Sonny, the modified NS-5 robot in the 2004 I, Robot film exhibits several key elements designed to serve his mission of avoiding the robotic revolution:
- Keep secrets;
- Heterogeneity of processing;
- Separation from central authority;
- Denser alloy…
How can we reflect upon this for technology in general, and privacy by design in particular.
Read More from September 24, 2015
Read More from July 30, 2014
The video on Parliament TV is two hours, but the transcript is perhaps more readily digestible!
- Professor Derek McAuley, Horizon Digital Economy Research Institute, Professor David De Roure, Director, Economic and Social Research Council, and Sir Nigel Shadbolt, Web Science Trust
- Professor Liesbet van Zoonen, Loughborough University, Professor David Robertson, UK Computing Research Committee, Dr Mathieu d'Aquin, The Open University, and Emma Carr, Big Brother Watch
So having spent the time, I thought I might post the Horizon response here. Many thanks to Gilad Rosner for background research and Lilian Edwards for editorial comments. It's not light reading.
Read More from April 2, 2014
I don't think I even mentioned open data in the CloudCom 2013 keynote, but as I pointed out to the questioner - that wouldn't stop me having an opinion.
So easy one - "open data" should be "free as in speech".
Read More from December 6, 2013
Coincidentally, five days after the publication of the Copyright Licensing Steering Group's report on the last 12 months of work on streamlining copyright, I was due to give a talk at a joint event of CREATe and the EPSRC funded Network of Excellence in Identity. The event "Identity Lost – electronic identity, digital orphan works and copyright law reform", the talk "Digital tool chains; get your act together" - what joy to find the CLSG report, which lays down 10 key principles, formed the perfect frame to what I had planned to talk about! What should we do to avoid the on going creation of digital works that are orphans at birth?
Herewith the blogged version of the talk...
Read More from November 15, 2013
The Digital Economy Catapult gets multiple billings, and as CIO there, I'm excited to be involved in pursuing various opportunities, for example: in e-Infrastructure developing novel tools and platforms to simplify access to what are often complex underpinning software architectures; and through our Trusted Data Accelerator, aiming to bring creative data processors together with rich datasets. My personal research for the last four years (drdrmc posts passim.) has been around personal data, so it is exciting to now be involved with CDEC in looking at what next for midata, and the midata innovation lab. More on these initiatives as they roll out...
Read More from November 1, 2013
|What do they know about you? Source: MyDex CIC|
"Many researchers are concerned that inadequate checks and balances are in place to make sure the data gathered through midata is not used in ways that we might not like or that threatens our privacy."
Nice find by the editor of the image!
|@gikii and #gikii2013 on twitter|
Read More from September 17, 2013
Read More from June 26, 2013
Here an example from Aestheticodes projects.
I'd have to say, I would concur with this or there is some monstrous archeological conspiracy.
Mind you what does it mean for real name policies, for example if I tag this on FaceBook?
Read More from May 9, 2013
Read More from January 28, 2013
My previous post concerning Artmaps explained the outline of the Artmaps project and as we progress we're getting to grips with some of the data - here's that part of the Tate collection that has been geocoded; the pop-ups should take you to the Tate website for each of the artworks, but given 15,702 artworks, I have not checked all the URLs...
Read More from October 18, 2012
Well today, I'm into the third day of a workshop but in my house.
Read More from July 11, 2012
- a discussion on what we mean by location for a piece of art and
- the more general problem of crowdsourcing people's very different interpretations of the art works.
Read More from July 9, 2012
Read More from May 30, 2012
Read More from May 29, 2012
Read More from February 22, 2012
Simon made a great point on scale and illustrated it with YouTube statistics amusement - simply put "it's huge". Read More from February 18, 2012
Someone surely is thinking these will be collectors items...
Postscript 10/1/2012: BBC now on the case - http://www.bbc.co.uk/news/technology-16424990
Read More from November 24, 2011
Read More from October 15, 2011
There is indeed a fundamental problem with the model that energy companies are going to be poking around in our homes switching things on and off - the problem I refer to as "don't let the energy companies kill my pet".
Read More from September 23, 2011
"A lot of people are sort of driving this notion of fear around security" Kundra said. "And the reason I think that's been amplified, frankly, is because it preserves the status quo."Talking to the folks from The Portal recently and starting to appreciate the levels of automation and small number of folks who are actually needed to manage the automation in these data centres, the issues of "who has the time?" and "wouldn't even know where to look" provided a lively topic of discussion; however, still think I'd like a smattering of "encryption at rest". Belt and braces don't you know.
And so as they ask[ed *] over at BioPoliticalTimes, are we done with patient managed records?
I think the thing here is not to loose track of the fact that patient access to records rather than holding them is a key service we want to see...
[*] WayBackMachine to the rescue, BioPoliticalTimes is now defunct:
From: Google PowerMeter <email@example.com>
Date: 24 June 2011 22:20:24 GMT+01:00
Subject: Update on Google PowerMeter
Dear PowerMeter User,
We first launched Google PowerMeter as a Google.org project to raise awareness about the importance of giving people access to their energy information. Since our launch, there's been more attention brought to this issue, and we're excited that PowerMeter has helped demonstrate the importance of access to energy data. However, our efforts have not scaled as quickly as we would have liked, so we have decided to retire PowerMeter.
You will continue to have access to the product until September 16, 2011, after which time you will no longer be able to access your PowerMeter account. We know that having access to your energy information has helped you save energy and money. There are many options available for you from our device and utility partners. Please visit this page to learn more: http://www.google.com/support/powermeter/bin/answer.py?hl=en&answer=1342532
We also understand that having your historical energy data is important to you. We've made it easy for you to download your data. To export your PowerMeter data to a CSV (Comma Separated Values) file, log in to your account and go to "Account Settings." More information can be found here:http://www.google.com/support/powermeter/bin/answer.py?hl=en&answer=164264
We appreciate your understanding and hope that you've enjoyed using Google PowerMeter. If you have questions about this announcement, please visit our FAQ pages at http://www.google.com/powermeter/about/faqs.html
Google PowerMeter team
© 2011 Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043
You've received this mandatory service announcement email to update you about important changes to your Google PowerMeter account.
Best wishes to my old friend Simon as he heads off for a new startup Bromium with this parting piece from GigaOM:
Crosby said the threat it [sic] to everything under the umbrella of the public web. “[U]nless we solve some of these problems,” he said, “the whole cloud thing is just a big waste of time for everybody."Read More from June 22, 2011
Analyzing large data sets—so called big data—will become a key basis of competition, underpinning new waves of productivity growth, innovation, and consumer surplus as long as the right policies and enablers are in place.So say McKinsey...
"Right policies and enablers" - yup - since Informed Consent has failed in the web maybe we just need "some good old consumer protection". I would credit that quote but the relevant privacy lawyer is a very private person :-)
Note an important aspect of this service is that the data does not necessarily have to reside in the cloud (c.f. dropbox) but the service offers to merely sync it across your devices - for those concerned about people looking at your content "at rest" in the cloud it's quite sensible. There's a REST API for access to the service - perscon [*} sync service courtesy MSFT?
Right now in terms of apps Windows and Mac supported for syncing. Should imagine Windows for Mobile coming soon. No sync app for iPhone and IPad; web browsing gives "not available on mobile" so you need something like AtomicWebBrowser that can lie for you.
[*] This link previously http://perscon.net/, now points who knows where.
http://www.my-farm.org.uk/ [*] - Great to see such a grand institution as the National Trust "getting it".... FaceBook and mobile apps next?
[*] Website now dead - WayBackMachine: https://web.archive.org/web/20110512145946/http://www.my-farm.org.uk/
Read More from May 4, 2011
Very related our work on dataware - it's nice to see a growing community looking at these issues.
And here's the guys telling me it's a long way to go - however, think I'll leave a visit to this offsite research featured on the BBC until the weather improves....
Change in government and the website is gone. DOI anyone?
Most psychiatrists have engaged in "patient-targeted Googling", say the authors, and find personal information ranging from criminal records, details of substance use, sexual activity, finances and suicide plans.
Surely the issue here really why on earth would they believe what they find?
Sounds like a quick way to get someone committed just got added to the evil uses of the Internet.
[*] Image recovered courtesy of WayBackMachine https://web.archive.org/web/20100611054057/http://www.t-shirthumor.com/Merchant2/graphics/fullsize/msfg_lg2.gif
"Having been spied on for decades, first by the Nazis and then by the Stasi, the notorious communist secret police, Germans take their privacy seriously, our correspondent says."more here...
Glad to see the gradual and invidious peering into our lives by corporates and government is being fought off somewhere.
Pictures courtesy of Helen's project 365.
"It is well-known that successfully researching, designing and building new mobile, ad hoc, mesh and opportunistic networking systems and algorithms requires access to large-scale data on human mobility, encounter, and social network patterns. ..."
A major challenge for the commercial sector for years has been the growth in SSL traffic crossing firewalls being annoyingly opaque to deep packet inspection. (The only real solution is one that cracks open the packets by decrypting using"SSL Inspection Appliances" from the likes ofNetronome, Blue Coat, et al.)
So on the one hand DPI is a tool for surveillance of unencrypted just as the amount of encrypted traffic is growing; and how long before those file sharers adopt it - oh they have already since 2005. On the other hand maybe if we all adopted encryption for all traffic, perhaps serviceproviders in future might avoid £8000 fines- could it possibly reinstate them as "common carriers" if they require users to encrypt all traffic.
"Dear Blogspot, can I please be accessible as https://machorizon.blogspot.com ..."
Right now I'd appreciate a map that allowed me to click on the street lamp outside my house and sent off email to whoever is responsible for fixing it :-)
"The definition [of ‘processing’] in the Act is a compendious definition and it is difficult to envisage any action involving data which does not amount to processing within this definition"I was amused reading this lecture this week as it co-incided with finding an example not covered by the Act - from the ICO we find a press releasefrom 2007!
"However, the Regulations only apply to messages sent over a public electronic communications network and we have concluded that Bluetooth messages are not in fact sent using such a network."Nor a lot of research networks of the last number of years! (e.g. Haggle...)
I am told this loophole is to close.
The "Internet of Things (IoT)" disrupts with the today's Internet limitations of human-entered data: technologies like RFID, short-range wireless communications, real-time localization, and sensor networks empower computers to perceive the world for themselves. Standardized infrastructures capable of managing, sharing and processing this captured data will be necessary in order to bring the Internet of Things into commercial use. This interlinking of physical world and cyberspace foreshadows an exciting endeavor that is highly relevant to researchers, corporations, and individuals.Read More from November 4, 2009