The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
Ggmuk conf talk-samanthaahern
1. DATA, ETHICS AND THE LAW
SAMANTHA AHERN
UNIVERSITY COLLEGE LONDON
2. • What are the ethical and legal considerations for the IoT and
big data collection?
• What is the GDPR and what will it mean for processing and data
collection?
• What rights to privacy do we have and will we want?
• Who should be making those decisions – technologists or end
users?
3. THE VOLUME, VELOCITY AND VARIETY OF
DATA WE ARE GENERATING IS RAPIDLY
INCREASING. WE CREATE DATA ON ALMOST
ALL ASPECTS OF OUR LIVES, WHICH CAN BE
HARNESSED AND ANALYSED TO PROVIDE
POWERFUL INSIGHTS INTO OUR BEHAVIOUR,
OUR PREFERENCES AND OUR FUTURE ACTIONS.
From Bricks to Clicks: the Potential of Data and Analytics in Higher Education.
Policy Connect. Higher Education Commission (2016)
4. REUTERS: YAHOO SECRETLY SCANNED
CUSTOMER EMAILS FOR U.S. INTELLIGENCE
http://www.reuters.com/article/us-yahoo-nsa-exclusive-idUSKCN1241YT
5. DATA PROTECTION ACT (1998)
• used fairly and lawfully
• used for limited, specifically stated purposes
• used in a way that is adequate, relevant and not excessive
• accurate
• kept for no longer than is absolutely necessary
• handled according to people’s data protection rights
• kept safe and secure
• not transferred outside the European Economic Area without adequate
protection
https://www.gov.uk/data-protection/the-data-protection-act
7. GENERAL DATA PROTECTION REGULATIONS
(GDPR)
• Will come into force in the UK on May 25 2018
• The GDPR imposes restrictions on the transfer of personal data
outside the European Union, to third countries or international
organisations.
• Principles: https://ico.org.uk/for-organisations/data-
protection-reform/overview-of-the-gdpr/principles/
9. GDPR: INDIVIDUALS’ RIGHTS
The main rights for individuals under the GDPR will be:
• subject access,
• to have inaccuracies corrected,
• to have information erased,
• to prevent direct marketing,
• to prevent automated decision-making and profiling, and
• data portability.
https://ico.org.uk/media/1624219/preparing-for-the-gdpr-12-
10. METADATA AND AGGREGATION
• Where data is to be used anonymously particular care will be
taken by institutions to avoid:
• Identification of individuals from metadata
• Re-identification of individuals by aggregating multiple data sources
https://www.jisc.ac.uk/sites/default/files/jd0040_code_of_practice_for_l
earning_analytics_190515_v1.pdf
12. • Recommendation 3
• Recommendation 4
• Recommendation 5
BRICKS TO CLICKS RECOMMENDATIONS
From Bricks to Clicks: the Potential of Data and Analytics in Higher Education.
Policy Connect. Higher Education Commission (2016)
13. RECOMMENDATION 3
• All HEIs should consider introducing an appropriate learning
analytics system to improve student support / performance at
their institution.
• Any such decision should be fully informed by an analysis of
the benefits, limitations and risks attached.
14. RECOMMENDATION 4
• Institutions should put in place clear ethical policies and codes
of practices that govern the use of student data in analytics and
other digital systems.
• These policies should, at a minimum, address student privacy,
security of data and consent.
15. RECOMMENDATION 5
• In particular, when introducing learning analytics, HEIs should
seek fully informed consent from students to the use of their
personal and learning data in analytics.
• This should be sought again if new data is incorporated into
the system, or existing data is used in new ways.
16. By KylaBorg (Privacy) [CC BY 2.0 (http://creativecommons.org/licenses/by/2.0)],
via Wikimedia Commons
Yahoo Inc last year secretly built a custom software program to search all of its customers' incoming emails for specific information provided by U.S. intelligence officials, according to people familiar with the matter.
The company complied with a classified U.S. government demand, scanning hundreds of millions of Yahoo Mail accounts at the behest of the National Security Agency or FBI, said three former employees and a fourth person apprised of the events.
US law allows the country's intelligence agencies to order the release of customer data that they believe could prevent a terrorist attack, among other reasons.
Companies can challenge such orders behind closed doors in the Foreign Intelligence Surveillance Court.
But Reuters reports that Yahoo decided not to fight the matter because it thought it would lose. It adds that some Yahoo employees were upset by that decision.