Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Addressing non economical externalities


Published on

Author: Hans Lammerant (VUB)
Presented at: Workshop on Exploring the Positive and Negative Impacts of Big Data Across Sectors

Published in: Technology
  • Be the first to comment

Addressing non economical externalities

  1. 1. BYTE: Addressing non-economical externalities Hans Lammerant - VUB Big data roadmap and cross-disciplinary community for addressing societal externalities
  2. 2. @BYTE_EU Big data and externalities Causal explanation? How does big data affects interactions between actors? Big Data Interactions between actors Externalities
  3. 3. @BYTE_EU Categorisation of externalities • Benefits: practices aiming at capturing and maximizing the benefits of big data • Regulatory practices: practices aiming at maximizing an objective at a societal level by balancing interests, but which are now negatively affected by big data. They show up as negative externalities because their balancing of interests does not deliver the same positive results any more. • Protective practices: practices aimed at preserving other values or interests, which now get negatively affected.
  4. 4. @BYTE_EU Categorisation of externalities Benefits Negative effects on regulatory practices Negative effects on protective practices Improved efficiency and innovation IPR Equality Improved awareness and decision-making Losing control to actors abroad Anti-discrimination Participation Private vs. public and non- profit sector Privacy Improved political decision- making and participation Trust (includes fear of capture and competition issues) Liability, accountability Political abuse & surveillance
  5. 5. @BYTE_EU Effect of big data on interactions • Larger amount of interactions between actors • Higher visibility of actors • Higher penetration of organisational boundaries → traditional gatekeeping gets disrupted • Data becomes network good → positive network effects • Shift in transactions from exchange of goods to delivery of services → shift from momentary transaction to regulating continuous data flows • Changing role of internet: from market place where actors meet into digital environment in which value creating production processes take place
  6. 6. @BYTE_EU Effect on regulatory and protective practices • Current regulatory and protective practices reflect old transaction model → high transaction costs → become disfunctional and result in negative externalities (e.g. rights clearance in copyright, consent in data protection) • Enlarged visibility and penetration of boundaries: privacy problems for individuals and for organisations • Positive network effects: anonymization becomes unreliable, propagation of discriminatory effects
  7. 7. @BYTE_EU Benefits Kitchin: additional characteristics of big data • fine-grained in resolution and uniquely indexical in identification; • relational in nature, containing common fields that enable the conjoining of different datasets; • flexible, holding the traits of extensionality (can add new fields easily) and scalable (can expand in size rapidly) => allows to deal with higher amount of interactions, such that transaction costs get lowered while retaining necessary granularity for more individualised and targeted responses. => Results in: • Improved awareness and decision-making • Improved efficiency and innovation • Participation
  8. 8. @BYTE_EU Capturing benefits Main focus: interoperability • European Interoperability Framework (EIF): legal, organisational, semantic and technical interoperability • Open data: 1) available with open licence, 2) as machine-readable structured data, 3) in non-proprietary format, 4) using open standards, 5) linked to other's data • Design principles Industrie 4.0: Interoperability, Virtualization, Decentralization, Real-Time Capability, Service Orientation, Modularity
  9. 9. @BYTE_EU Intellectual property rights, licensing and contracts • Regulatory mechanism: copyright, database protection → balances different economical objectives in order to get the best result on the macro-level • Protective mechanism: protection of trade secrets → 'privacy'-rights of companies
  10. 10. @BYTE_EU Copyright and database protection • Same objectives but different balancing in EU and US • Protection of investments by sui generis-right in EU, not in US • Who did struck the balance right? • Evaluation of database protection by Commission: no positive result • Evaluation of Spanish Snippet law: negative result → conclusion: European legislator tends to be overprotective
  11. 11. @BYTE_EU Solutions • legal change: • drop sui generis-right on databases • new exceptions for data and text mining in copyright • solutions within existing legal framework: collective licensing • lowers transaction costs but preserves remuneration • shift transaction model to liability model • extended collective licenses, compulsory licenses and levies • open licences: patch, no solution • Conclusion: limiting copyright preferable → market expansion due to network effects
  12. 12. @BYTE_EU Protection of trade secrets Also companies have their 'privacy' problems → results in reluctance to participate in data sharing in wide networks → only uptake of big data when it can be internalised EU: draft directive for trade secrets protection • No real IPR, but protection against dishonest practices • Trade secret: not generally know or accessible information + adequate protection • Unlawful: breach of confidentiality, … • Lawful: reverse engineering, disclosure to reveal misconduct, …
  13. 13. @BYTE_EU Protection of trade secrets • Necessary legal infrastructure supporting new contractual set-ups • To be further developed in standard contractual arrangements Best practice: Standardisation of Cloud Computing → includes work on SLA
  14. 14. @BYTE_EU Privacy and protection of personal data • Higher visibility and penetration of boundaries result in privacy concerns • Protective mechanisms: extensively developed in data protection law • Problems: → conflict with purpose limitation and data minimisation principles → network effects make anonymisation techniques unreliable → mechanisms like consent and data subject rights reflect transaction model • Does data protection still function with big data?
  15. 15. @BYTE_EU Privacy and protection of personal data Critique on data protection principles: plea for risk-based approach WP29: risk-based approach is possible within existing DP → modulate compliance obligations according to risk, not protection Purpose limitation principle: further use: when not incompatible with original purposes
  16. 16. @BYTE_EU Purpose limitation principle Compatibility assessment: • relation between original and new purposes • context data collection and the reasonable expectations of the data subjects • nature of data and the impact further processing • safeguards applied by the controller - additional technical and organisational safeguards - goals data security (availability, integrity and confidentiality) + data protection (transparency, isolation, intervenability)
  17. 17. @BYTE_EU Technical safeguards Respondent privacy: statistical disclosure control Anonymisation • linked with applicability of data protection framework • identifiability = singling out, linkability and inference • reasonable effort-test Randomisation and generalisation techniques Re-identification research: all fail to guarantee anonymity
  18. 18. @BYTE_EU Anonymisation How to deal with weaknesses anonymisation? • anonymisation remains useful as safeguard • less dissemination-based access and release-and-forget approach of datasets with personal data • query-based access and differential privacy • access limited to specific users with data use agreement → assessing whole of technical and organisational safeguards
  19. 19. @BYTE_EU Technical safeguards • Owner privacy: privacy-preserving data mining (PPDM) • User privacy: private information retrieval (PIR) • Privacy-preserving computations • Technical measures for access control
  20. 20. @BYTE_EU Privacy by Design • Mainstreaming privacy into design process • Cavoukian: PbD principles • goals data security (availability, integrity and confidentiality) + data protection (transparency, isolation, intervenability) • design patterns
  21. 21. @BYTE_EU Organisational safeguards • functional separation → organisational limiting of access and data use • limiting access with data use agreements • privacy-by-design approach: risk assessment & privacy impact assessment • risk assessment in general derived from IT security • examples: CNIL, LINDDUN → threat modelling • literature: PIA as a regular process involving stakeholders
  22. 22. @BYTE_EU Data protection principles and big data Conclusions: • existing data protection principles can be applied with big data • mix of technical, organisational and legal means • in full development: → specific attention for big data needed → mainstreaming through standardised approaches
  23. 23. @BYTE_EU Accountability and data subject rights • Data protection are not only rules on use of information • accountability framework • informational control through data subject rights → necessary to establish trust → based in transaction-model: e.g. consent • shift to liability-model through stronger role regulators
  24. 24. @BYTE_EU Transparency • Obliged by data protection framework, but rarely implemented • transparency of data used, of processing and of use results • need for standardised auditing and evaluation tools: e.g. privacy seals • technical tools for transparency: e.g. Google • standards for transparency and data portability → avoid user lock-in → allows aggregated views on data use by data subjects • traceability across several actors? • Implementation of transparency and data access needs attention and further development
  25. 25. @BYTE_EU Equality and discrimination Discrimination: • prejudice • rational discrimination • unintended discrimination Legal: • principle of equality • prohibition of discrimination → direct discrimination / indirect discrimination
  26. 26. @BYTE_EU Discrimination in data mining sources of discrimination: • definition of the objectives and problem → target variable and class labels • training data → assumption: nothing changes • under- or over-representation in sample • choice of input variables • attributes as proxy for discriminatory grounds • historical discrimination reflected in labelling • masking
  27. 27. @BYTE_EU Anti-discrimination & algorithms Technical measures • discrimination discovery • discrimination prevention through discrimination-free classifiers • conditional non-discrimination methods Trade-off accuracy and anti-discrimination → effective methods exist Recent area of research → in full development
  28. 28. @BYTE_EU Anti-discrimination framework Legal framework: • legal redress • equality bodies: support legal redress + mainstreaming of policies • Less developed as data protection framework → need for integration towards common accountability framework • Anti-discrimination by design → anti-discrimination objectives alongside data protection objectives in safeguards, risk and impact assessment, auditing procedures, etc. • Equality bodies have a task to address anti-discrimination in big data as part of their mainstreaming efforts → coordination needed between DPAs and equality bodies
  29. 29. @BYTE_EU Political externalities: Relation private vs. public and non-profit sector - lock-in → standardisation → open source → data portability - rent-seeking and need for public funding → Benkler: open source: commons model as result of positive network effects → is this also true for open data?
  30. 30. @BYTE_EU Political externalities: Relation private vs. public and non-profit sector Open data often concerns data from public sources, while users are private sector. → Costs and benefits fall with different actors. Data revenue models: subsidized, licensing, subscription, advertising, commission, traffic, branding → closed options like licensing or subscription can generate direct revenue, but limit users → subsidy is only open model available Evaluation similar to IPR: what is macro-effect? • when only a few users which make commercial applications → closed model • lot of users: open model → indirect return
  31. 31. @BYTE_EU Political externalities: loss of control to actors abroad • economical concern: traditional tension between protectionism and open market • political concern: ability to regulate → Range of conflicts: extraterritorial application of law is an issue both in EU and in US Solution: International legal harmonisation → varies from mutual recognition mechanisms to fully developed legal framework
  32. 32. @BYTE_EU Conclusions Capturing positive benefits: → improving interoperability on several levels → restoring trust and legal certainty Dealing with negative externalities → data = network good → refrain from overprotection as property → adapt legal frameworks from transaction model to liability model: • collective solutions • regulation of overall process and mainstreaming in design • mix of technical, organisational and legal measures
  33. 33. @BYTE_EU QUESTIONS Any questions?