A combined presentation by
- Jef Ausloos (https://twitter.com/Jausl00s): background to data subject rights
- Pierre Dewitte (https://twitter.com/PiDewitte): empirically testing the right of access (https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3106632)
- Laurens Naudts (https://twitter.com/RoboNaudts): empirically testing the right to an explanation
All three are member of the CiTiP embedded in the KULeuven.
The event was hosted at the VUB (Vrije Universiteit Brussel) with the collaboration of VRG Brussels.
This presentation describes history and impact of Alice decision in 2014. It also lists out key court decisions and important examples in USPTO guideline. Finally, it provides key take-aways and recommendations.
The Role of Intellectual Property Rights for the Growth of ICT Industry in Be...Patterson Thuente IP
IP protection for computer-related inventions - The Problem: early history and early efforts.
Current legislative framework - USA, Europe, India.
Current situation - USA, Europe, India.
Tips and best practices.
Brief mention of other topics.
In this talk I'll discuss work in biomedical image and volume segmentation and classification, as well as outcome prediction modeling from insurance claims data that I've pursued at LifeOmic here in the Triangle. In the former case datasets include radiological image volumes, retinal fundus images, and cell images created with fluorescent microscopy. The latter includes MIMIC-III data represented as FHIR objects. I'll discuss the relative challenges and advantages of doing ML locally vs. on a cloud-based platform.
This presentation describes history and impact of Alice decision in 2014. It also lists out key court decisions and important examples in USPTO guideline. Finally, it provides key take-aways and recommendations.
The Role of Intellectual Property Rights for the Growth of ICT Industry in Be...Patterson Thuente IP
IP protection for computer-related inventions - The Problem: early history and early efforts.
Current legislative framework - USA, Europe, India.
Current situation - USA, Europe, India.
Tips and best practices.
Brief mention of other topics.
In this talk I'll discuss work in biomedical image and volume segmentation and classification, as well as outcome prediction modeling from insurance claims data that I've pursued at LifeOmic here in the Triangle. In the former case datasets include radiological image volumes, retinal fundus images, and cell images created with fluorescent microscopy. The latter includes MIMIC-III data represented as FHIR objects. I'll discuss the relative challenges and advantages of doing ML locally vs. on a cloud-based platform.
When Past Performance May Be Indicative of Future Results - The Legal Implica...Jason Haislmaier
Presentation to the ABA Cyberspace Law Committee 2014 Winter Meeting in Denver, CO. Bruce Antley and Jason Haislmaier. Covering legal issues in location based services and the use of predictive analytics.
The requirement for the preservation and production of electronically stored information (e-Discovery) is a requirement of the American Federal Rules of Civil Procedure (FRCP). As corporate information is moved to the cloud the fulfilling of these requirements becomes more challenging for enterprises that operate in the USA.
As well as the requirements for e-Discovery, organizations often require to undertake forensic examination of assets in order to determine the nature of an attack or to pursue internal investigations.
This session will discuss the subject of e-Discovery and Forensics from an enterprise perspective and a framework by which companies subject to these requirements can operate with cloud providers.
Data has emerged as one of the most important resources of today's world. However, there does not exist clear rules on how to make use of this resource. There are spillover effects and negative externalities in the form of privacy breaches while exploiting this resource. In such a situation, what should be the legal remedy?
The law should find a balance between the interests of the customers and the corporations. The customers want safety and privacy, whereas corporations want commercial use of data which risks the customer's interests.
An itinerary for FAIR and privacy respecting data-driven innovation and researchMarlon Domingus
My talk for the National eScience Symposium 2017 in the Internet of Things track, October 12 2017.
TALK: An itinerary for FAIR and privacy respecting data-driven innovation and research
ABSTRACT: The big picture of the complex landscape of e-science, technology, legal and ethical responsibilities addressed. How to apply privacy values and responsibilities to new technological platforms like the IoT? Can we find an approach that ensures a high level of privacy protection and at the same time supports the interest of researchers and increase innovation? A practical recap of the most important recommendations for researchers creating collaborations and infrastructures.
Legal and ethical considerations for sharing research dataOpenAIRE
Irena Vipavc Brar ( Social Sciences Data Archives / CESSDA)
Aimed at researchers in social sciences, but of interest for other fields as well, Irena Vipavc Brar gives an overview of the most important legal and ethical considerations when sharing research data. She discusses the implications of GDPR for scientific research, informed consent and ethical aspects of dealing with personal data, and legal issues.
Links: https://www.cessda.eu/Research-Infrastructure/Training/Expert-Tour-Guide-on-Data-Management
On 28 May 2019 Ms. Nathalie Smuha (KULeuven and EU Commission DG Connect) presented on the European strategy with regards to Artificial Intelligence, which includes assembling a high-level group of experts on AI with a double mission: (1) draft guidelines for Trustworthy AI and (2) draft recommendations in support of policy and investments.
The second half of the presentation was focused on the guidelines for Trustworthy AI which were published in a first final version in April 2019. The guidelines are layered in a way that each layer builds upon the other.
- level 0 (foundation): AI should be lawful, ethical and robust
- level 1 (principles): AI should respect human autonomy, prevent harm, be fair and be explicable.
- level 2 (requirements): AI should meet requirements linked to 7 groups: (1) human agency and oversight, (2) technical robustness and safety, (3) privacy and data governance, (4) transparency, (5) diversity, non-discrimination and fairness, (6) societal and environmental well-being, and (7) accountability.
- level 3 (questions): AI developers and deployers should ask themselves a number of questions. The high-level expert group has worked out 131 questions to guide practical implementation of trustworthy AI. Theses questions are subject to a practice test, namely YOU can try them out and give the expert group feedback.
This framework compares to other frameworks like the ones in Japan, Canada, Singapore, Dubai, ... and the one from the OECD (published in May 2019).
20190423 PRiSE model to tackle data protection impact assessments and data pr...Brussels Legal Hackers
The event was on 23 April 2019. The speaker was Pierre Dewitte (CITIP, KULeuven, iMEC). The event was hosted in the office of TimeLex, a niche law office with expertise a.o. in data protection.
Pierre Dewitte explained the PRiSE model to tackle the issues of risk assessments, data protection impact assessments, data protection by design, and documentation of all of that.
The keynote, which triggered a lot of questions and interactive discussion amongst the attendees, looks at the interaction (1) between software engineers and lawyers (a simplified universe for software development teams) and (2) between design scientists and lawyers (a simplified universe of social sciences).
In the first interaction, the PRiSE model aims to support three steps
1) description (input)
2) analysis (output)
3) documentation
On the second interaction, due to time constraints (too lively a discussion, if there is such a thing), the keynote pointed out some point of attention.
In any case the conclusion is that data protection is per se interdisciplinary, which is why it is so interesting.
More Related Content
Similar to 20190221 Data subject rights in practice
When Past Performance May Be Indicative of Future Results - The Legal Implica...Jason Haislmaier
Presentation to the ABA Cyberspace Law Committee 2014 Winter Meeting in Denver, CO. Bruce Antley and Jason Haislmaier. Covering legal issues in location based services and the use of predictive analytics.
The requirement for the preservation and production of electronically stored information (e-Discovery) is a requirement of the American Federal Rules of Civil Procedure (FRCP). As corporate information is moved to the cloud the fulfilling of these requirements becomes more challenging for enterprises that operate in the USA.
As well as the requirements for e-Discovery, organizations often require to undertake forensic examination of assets in order to determine the nature of an attack or to pursue internal investigations.
This session will discuss the subject of e-Discovery and Forensics from an enterprise perspective and a framework by which companies subject to these requirements can operate with cloud providers.
Data has emerged as one of the most important resources of today's world. However, there does not exist clear rules on how to make use of this resource. There are spillover effects and negative externalities in the form of privacy breaches while exploiting this resource. In such a situation, what should be the legal remedy?
The law should find a balance between the interests of the customers and the corporations. The customers want safety and privacy, whereas corporations want commercial use of data which risks the customer's interests.
An itinerary for FAIR and privacy respecting data-driven innovation and researchMarlon Domingus
My talk for the National eScience Symposium 2017 in the Internet of Things track, October 12 2017.
TALK: An itinerary for FAIR and privacy respecting data-driven innovation and research
ABSTRACT: The big picture of the complex landscape of e-science, technology, legal and ethical responsibilities addressed. How to apply privacy values and responsibilities to new technological platforms like the IoT? Can we find an approach that ensures a high level of privacy protection and at the same time supports the interest of researchers and increase innovation? A practical recap of the most important recommendations for researchers creating collaborations and infrastructures.
Legal and ethical considerations for sharing research dataOpenAIRE
Irena Vipavc Brar ( Social Sciences Data Archives / CESSDA)
Aimed at researchers in social sciences, but of interest for other fields as well, Irena Vipavc Brar gives an overview of the most important legal and ethical considerations when sharing research data. She discusses the implications of GDPR for scientific research, informed consent and ethical aspects of dealing with personal data, and legal issues.
Links: https://www.cessda.eu/Research-Infrastructure/Training/Expert-Tour-Guide-on-Data-Management
On 28 May 2019 Ms. Nathalie Smuha (KULeuven and EU Commission DG Connect) presented on the European strategy with regards to Artificial Intelligence, which includes assembling a high-level group of experts on AI with a double mission: (1) draft guidelines for Trustworthy AI and (2) draft recommendations in support of policy and investments.
The second half of the presentation was focused on the guidelines for Trustworthy AI which were published in a first final version in April 2019. The guidelines are layered in a way that each layer builds upon the other.
- level 0 (foundation): AI should be lawful, ethical and robust
- level 1 (principles): AI should respect human autonomy, prevent harm, be fair and be explicable.
- level 2 (requirements): AI should meet requirements linked to 7 groups: (1) human agency and oversight, (2) technical robustness and safety, (3) privacy and data governance, (4) transparency, (5) diversity, non-discrimination and fairness, (6) societal and environmental well-being, and (7) accountability.
- level 3 (questions): AI developers and deployers should ask themselves a number of questions. The high-level expert group has worked out 131 questions to guide practical implementation of trustworthy AI. Theses questions are subject to a practice test, namely YOU can try them out and give the expert group feedback.
This framework compares to other frameworks like the ones in Japan, Canada, Singapore, Dubai, ... and the one from the OECD (published in May 2019).
20190423 PRiSE model to tackle data protection impact assessments and data pr...Brussels Legal Hackers
The event was on 23 April 2019. The speaker was Pierre Dewitte (CITIP, KULeuven, iMEC). The event was hosted in the office of TimeLex, a niche law office with expertise a.o. in data protection.
Pierre Dewitte explained the PRiSE model to tackle the issues of risk assessments, data protection impact assessments, data protection by design, and documentation of all of that.
The keynote, which triggered a lot of questions and interactive discussion amongst the attendees, looks at the interaction (1) between software engineers and lawyers (a simplified universe for software development teams) and (2) between design scientists and lawyers (a simplified universe of social sciences).
In the first interaction, the PRiSE model aims to support three steps
1) description (input)
2) analysis (output)
3) documentation
On the second interaction, due to time constraints (too lively a discussion, if there is such a thing), the keynote pointed out some point of attention.
In any case the conclusion is that data protection is per se interdisciplinary, which is why it is so interesting.
Willem (https://twitter.com/WVandewieleW) took it upon him to update us on the legal aspects of blockchain and crypto-assets:
(1) at the EU level
a) the 2018 FinTech Action plan: https://ec.europa.eu/info/publications/180308-action-plan-fintech_en
b) the 2019 ESMA report: https://www.esma.europa.eu/system/files_force/library/esma50-157-1391_crypto_advice.pdf
c) the 2019 EBA report: https://eba.europa.eu/-/eba-reports-on-crypto-assets
(2) at the national level
a) Luxembourg
b) France
c) Italy
d) Germany
The context was the second (2019) edition of the Computational Law and Blockchain Festival (#CLBFest), Brussels' node.
Gerrie Smits (https://gerriesmits.com) kicked off the event explaining
(a) the basics of blockchain (a.o. immutability, "if... then...", value transfer, tokenisation and token transfer, decentralisation, game theory and aligned incentives) and
(b) looking at it from a business perspective ("Is This Something For Us?")
>> with practical examples of (actual) use cases like a local blockchain to follow the support money granted to refugees, fractional ownership of real estate, incentives to cycle to school, "selling your eyeballs" (advertising),...
>> through the value mapping framework, which brings innovation (value) theory and design thinking in the picture
To conclude he launched a specific point of interest, namely ORGANISATIONAL DESIGN. Starting from the question whether the "tragedy of the commons" can be overcome (looking at theories of a.o. Elinor Ostrom - https://en.wikipedia.org/wiki/Elinor_Ostrom), he looks at initiatives that may address this by using blockchain technology: Colony (https://colony.io/index.html), Aragon https://aragon.org/), OrgTech (https://orgtech.substack.com/),...
This is material for a hack(athlon).
The title of his keynote refers to the title of the book he wrote (in Dutch) which is packed with use cases: https://gerriesmits.com/blockchain-is-wtf-boek/
The context was the second (2019) edition of the Computational Law and Blockchain Festival (#CLBFest), Brussels' node.
Koen Vingerhoets (https://www.slideshare.net/koenvingerhoets) explained (a) the basics of blockchain in its 6 key elements (transparency, ownership, traceability, distributed, trust, smart contracts) and (b) a few technical aspects on blockchain, like hashing, smart and ricardian contracts, bugs in the code, private ledgers, aspects to take into account to govern a (private) blockchain, and the impact of (EU) regulation.
The context was the second (2019) edition of the Computational Law and Blockchain Festival (#CLBFest), Brussels' node.
Axel Beelen takes a look at how blockchain and data protection regulation can be reconciled.
- What is GDPR?
- What are the basic principles of GDPR?
- Can personal data on the blockchain (and thus application of GDPR) be avoided?
- How does data minimisation pitch in?
- How does pseudonymisation pitch in?
- Who has what role in a blockchain setup? controller, joint controller,...
- How would rights of data subjects work?
The context was the second (2019) edition of the Computational Law and Blockchain Festival (#CLBFest), Brussels' node.
Hendrik Putman, partner at the law firm Mythra, explained how cryptocurrencies in Belgian are (likely to be) taxed.
- what are the potential bases for taxation?
- what are indicators of "professional income"?
- what are indicators of "miscellaneous income"?
- is allocating the assets to (not ) for-profit corporations a good idea?
- how does the bitcoin tool (https://mythra.be/bitcoin/) work ?
- when is it reasonable to go for a tax ruling?
- when is it reasonable to go for a tax documentation preparation?
The context was the second (2019) edition of the Computational Law and Blockchain Festival (#CLBFest), Brussels' node.
Three HCI researchers from MintLab (Meaningful Interactions Lab) from the KULeuven came to explain their research on how to practically go about explaining algorithms and taking that consideration into account in the build phase of an algorithm.
The researchers
- Luciana Monteiro Krebs (from Brasil)
- Oscar Alvarado (from Costa Rica)
- Elias Storms
The presentation went into
- what HCI is?
- the cooperation with the CiTiP team
- how to make a privacy policy more accessible ?
- the research methodology on the experience with (assumed) visible results of suggestion algorithms on news providers (focus on social media)?
- first ideas on how to improve the openness on the inner workings of an algorithm
The presentation was at the VUB (Vrije Universiteit Brussel), with the help of VRG Brussels.
Presentation on the Controller-to-Processor agreements under GDPR, with a main focus on article 28 GDPR and some reference to the standard contractual clauses for Controller-to-Processor agreements as established in 2010 (which are soon to be adapted).
The presentation used at the Brussels Tech Summit of 7 June 2018. Short introduction to legal hackers and then a hands-on exercise on legal design thinking.
Trase is supporting Lawbox (www.lawbox.be) in thinking about blockchain, selecting projects where blockchain adds value and testing the waters with proofs of concept. Hadrien vD explained the method to the audience at the Brussels node of the 2018 Computational Law and Blockchain Festival. You can see the livestream-video on https://t.co/yru0gsiKmy (mind you that the first 28 minutes there seems to be a technical issue). Hadrien speaks after the break, around about 1h45 in the video.
The legal hackers and the US Chamber of Commerce presented the methodology, experience and results of the privacy design lab of 6 November 2017 at the IAPP Congress two days later.
Aram H., researcher at DistriNet - KULeuven, presented the LINDDUN methodology (°2010) in already a bit simplified form (3 instead of 6 steps) while the team is working to further operationalise it AND align it with GDPR.
With LINDDUN you systematically approach the technical elements of appropriate measures to protect the data in 3 steps:
1 describe the data (flow) elements
2 elicit threats relating to linkability, identifiability, non-repudiation, detectability, disclosure of information, unawareness, non-compliance (and focus by making reasonable assumptions)
3 manage the threats, especially by mitigating them based on the threat taxonomy
You can find more on the methodology on linddun.org
This presentation was part of a series of presenters that filled the Privacy Design Lab that was organised by / together with the US Chamber of Commerce on 6 November 2017.
Legal hackers were invited to the digital festival on 1 June 2017 (https://www.digitalfestival.eu). The chapters of Brussels (Belgium), Ukraine and Rijeka (Croatia) combined forces to give an impression of what legal hackers are all about.
This is the introductory slide deck for the joint event by the legal hackers (Brussels chapter) and the Belgian data scientists on 1 August 2017. The aim was mainly to introduce the session where everybody could ask questions and those with the answers could give them.
The event's page is here: https://www.meetup.com/Brussels-Legal-Hackers/events/241266134/
The event's message board is here: https://www.meetup.com/Brussels-Legal-Hackers/messages/boards/thread/51045002
A second session is planned for 5 September 2017 at Digityser in Brussels.
Koen V. presented the practical approach in the context of a financial institution. He touches upon:
How do you explain complex (technical) concepts like blockchain and smart contracts to the business? (through a 6 branch model)
How do you prioritise potential experiments and investments? (through a 6 branch model)
When don't you use blockchain or smart contracts?
What are actual experiments and projects in the blockchain / smart contract pipeline?
Original publication: https://www.slideshare.net/koenvingerhoets/blockchain-smart-contracts-and-use-cases-for-the-legal-hackers
Link to the meetup follow-up page: https://www.meetup.com/Brussels-Legal-Hackers/messages/boards/thread/50920056
Legal hackers: https://www.meetup.com/Brussels-Legal-Hackers
20170620 MEETUP smart contracts proof of concept for prescriptionsBrussels Legal Hackers
In this second part Kristof V. explained an actual proof of concept developed in the Belgian government: a (permission) blockchain solution for medical prescriptions.
Link to the event follow-up page: https://www.meetup.com/Brussels-Legal-Hackers/messages/boards/thread/50920056
Legal hackers: https://www.meetup.com/Brussels-Legal-Hackers
Similar presentation (in Dutch): https://www.youtube.com/watch?v=oqRoBJ4gIHE&list=PLkOT_gtPps66Tr-Hs15scP1gw-hIftDeE&index=7
Kristof V. explained the basics of blockchain and smart contracts. Starting with the mechanics of bitcoin (introduced by the 2009 paper of Satoshi Nakamoto) he explains concepts of pseudonymisation, encryption, blockchain, mining, and distribution. After skimming high-level through some use cases he moves to "(smart) contracts", using the example of an auction.
Link to examples of "smart contracts": https://dapps.ethercasts.com
Link to the event follow-up page: https://www.meetup.com/Brussels-Legal-Hackers/messages/boards/thread/50920056
Legal hackers: https://www.meetup.com/Brussels-Legal-Hackers
These are the slides used by Caroline C.. at the meetup of the Brussels legal hackers on 18 April 2017 entitled: "Creative Commons: when you can't change the law, design around it".
The message board on the meetup can be found here: https://www.meetup.com/Brussels-Legal-Hackers/messages/boards/thread/50763146
The event page can be found here: https://www.meetup.com/Brussels-Legal-Hackers/events/238316816/
Check the creative commons website: https://creativecommons.org/
Use the create commons logo:
https://creativecommons.org/choose/
These are the slides used by George to guide the discussion on autonomous vehicles.
The slides are also available at: https://www.adaptive-ip.eu/files/adaptive/content/downloads/moods/Deliverables%20&%20papers/1AriaEtemad.pdf
This is the link to the meetup: https://www.meetup.com/Brussels-Legal-Hackers/events/235890664/
Normal Labour/ Stages of Labour/ Mechanism of LabourWasim Ak
Normal labor is also termed spontaneous labor, defined as the natural physiological process through which the fetus, placenta, and membranes are expelled from the uterus through the birth canal at term (37 to 42 weeks
Delivering Micro-Credentials in Technical and Vocational Education and TrainingAG2 Design
Explore how micro-credentials are transforming Technical and Vocational Education and Training (TVET) with this comprehensive slide deck. Discover what micro-credentials are, their importance in TVET, the advantages they offer, and the insights from industry experts. Additionally, learn about the top software applications available for creating and managing micro-credentials. This presentation also includes valuable resources and a discussion on the future of these specialised certifications.
For more detailed information on delivering micro-credentials in TVET, visit this https://tvettrainer.com/delivering-micro-credentials-in-tvet/
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...Levi Shapiro
Letter from the Congress of the United States regarding Anti-Semitism sent June 3rd to MIT President Sally Kornbluth, MIT Corp Chair, Mark Gorenberg
Dear Dr. Kornbluth and Mr. Gorenberg,
The US House of Representatives is deeply concerned by ongoing and pervasive acts of antisemitic
harassment and intimidation at the Massachusetts Institute of Technology (MIT). Failing to act decisively to ensure a safe learning environment for all students would be a grave dereliction of your responsibilities as President of MIT and Chair of the MIT Corporation.
This Congress will not stand idly by and allow an environment hostile to Jewish students to persist. The House believes that your institution is in violation of Title VI of the Civil Rights Act, and the inability or
unwillingness to rectify this violation through action requires accountability.
Postsecondary education is a unique opportunity for students to learn and have their ideas and beliefs challenged. However, universities receiving hundreds of millions of federal funds annually have denied
students that opportunity and have been hijacked to become venues for the promotion of terrorism, antisemitic harassment and intimidation, unlawful encampments, and in some cases, assaults and riots.
The House of Representatives will not countenance the use of federal funds to indoctrinate students into hateful, antisemitic, anti-American supporters of terrorism. Investigations into campus antisemitism by the Committee on Education and the Workforce and the Committee on Ways and Means have been expanded into a Congress-wide probe across all relevant jurisdictions to address this national crisis. The undersigned Committees will conduct oversight into the use of federal funds at MIT and its learning environment under authorities granted to each Committee.
• The Committee on Education and the Workforce has been investigating your institution since December 7, 2023. The Committee has broad jurisdiction over postsecondary education, including its compliance with Title VI of the Civil Rights Act, campus safety concerns over disruptions to the learning environment, and the awarding of federal student aid under the Higher Education Act.
• The Committee on Oversight and Accountability is investigating the sources of funding and other support flowing to groups espousing pro-Hamas propaganda and engaged in antisemitic harassment and intimidation of students. The Committee on Oversight and Accountability is the principal oversight committee of the US House of Representatives and has broad authority to investigate “any matter” at “any time” under House Rule X.
• The Committee on Ways and Means has been investigating several universities since November 15, 2023, when the Committee held a hearing entitled From Ivory Towers to Dark Corners: Investigating the Nexus Between Antisemitism, Tax-Exempt Universities, and Terror Financing. The Committee followed the hearing with letters to those institutions on January 10, 202
A review of the growth of the Israel Genealogy Research Association Database Collection for the last 12 months. Our collection is now passed the 3 million mark and still growing. See which archives have contributed the most. See the different types of records we have, and which years have had records added. You can also see what we have for the future.
বাংলাদেশের অর্থনৈতিক সমীক্ষা ২০২৪ [Bangladesh Economic Review 2024 Bangla.pdf] কম্পিউটার , ট্যাব ও স্মার্ট ফোন ভার্সন সহ সম্পূর্ণ বাংলা ই-বুক বা pdf বই " সুচিপত্র ...বুকমার্ক মেনু 🔖 ও হাইপার লিংক মেনু 📝👆 যুক্ত ..
আমাদের সবার জন্য খুব খুব গুরুত্বপূর্ণ একটি বই ..বিসিএস, ব্যাংক, ইউনিভার্সিটি ভর্তি ও যে কোন প্রতিযোগিতা মূলক পরীক্ষার জন্য এর খুব ইম্পরট্যান্ট একটি বিষয় ...তাছাড়া বাংলাদেশের সাম্প্রতিক যে কোন ডাটা বা তথ্য এই বইতে পাবেন ...
তাই একজন নাগরিক হিসাবে এই তথ্য গুলো আপনার জানা প্রয়োজন ...।
বিসিএস ও ব্যাংক এর লিখিত পরীক্ষা ...+এছাড়া মাধ্যমিক ও উচ্চমাধ্যমিকের স্টুডেন্টদের জন্য অনেক কাজে আসবে ...
How to Build a Module in Odoo 17 Using the Scaffold MethodCeline George
Odoo provides an option for creating a module by using a single line command. By using this command the user can make a whole structure of a module. It is very easy for a beginner to make a module. There is no need to make each file manually. This slide will show how to create a module using the scaffold method.
Macroeconomics- Movie Location
This will be used as part of your Personal Professional Portfolio once graded.
Objective:
Prepare a presentation or a paper using research, basic comparative analysis, data organization and application of economic information. You will make an informed assessment of an economic climate outside of the United States to accomplish an entertainment industry objective.
This presentation was provided by Steph Pollock of The American Psychological Association’s Journals Program, and Damita Snow, of The American Society of Civil Engineers (ASCE), for the initial session of NISO's 2024 Training Series "DEIA in the Scholarly Landscape." Session One: 'Setting Expectations: a DEIA Primer,' was held June 6, 2024.
MATATAG CURRICULUM: ASSESSING THE READINESS OF ELEM. PUBLIC SCHOOL TEACHERS I...NelTorrente
In this research, it concludes that while the readiness of teachers in Caloocan City to implement the MATATAG Curriculum is generally positive, targeted efforts in professional development, resource distribution, support networks, and comprehensive preparation can address the existing gaps and ensure successful curriculum implementation.
MATATAG CURRICULUM: ASSESSING THE READINESS OF ELEM. PUBLIC SCHOOL TEACHERS I...
20190221 Data subject rights in practice
1. Data Subject’s Rights in
Practice
Facts, figures, design, practice
Pierre Dewitte, Jef Ausloos & Laurens Naudts
pierre.dewitte@kuleuven.be;
jef.ausloos@kuleuven.be;
laurens.naudts@kuleuven.be
@PiDewitte; @Jausl00s
@RoboNaudts
2. 2
• Background to Data Subject Rights Jef
• Empirically Testing the Right of Access Pierre
• Empirically Testing the Right to an Explanation Laurens
Overview
4. 4
Data Subject Rights – C’est quoi?
Ex Ante Ex Post
Protective Measures E.g. Data Quality
Principles
E.g. DPA Enforcement
Empowerment
Measures
E.g. Consent E.g. Data Subject
Rights
5. 5
• Integral to data protection discussions since 1960’s
• Data Protection Directive 1995
• Charter of Fundamental Rights 2000
• GDPR 2016
Brief History of Data Subject Rights
6. 6
• Art.12: Modalities
• Art.13-14: Transparency
• Art.15: Access
• Art.16: Rectification
• Art.17: Erasure
• Art.18: Restriction
• Art.20: Portability
• Art.21: Right to Object
• Art.22: Automated Decision-Making
Data Subject Rights
7. 7
• Right of access = pivotal
• Guaranteeing accountability/responsibility/compliance
• Enabling other DS rights
• Guaranteeing other legal rights
• Research tool
• Fleshed out in GDPR
Zooming in on the Right of Access
9. 9
• Right of access = pivotal
• Guaranteeing accountability/responsibility/compliance
• Enabling other DS rights
• Guaranteeing other legal rights
• Research tool
• Fleshed out in GDPR
• Modalities
Zooming in on the Right of Access
11. 11
• Nice in theory, but…
• General assumption that these rights are
• Inefficient
• Underused
• Ignored
• Not much empirical data substantiating this
Data Subject Rights in Practice
ssrn.com/abstract=3106632
13. • During academic year 2016-2017, legal-empirical study on the right
of access (Art. 15 GDPR)
o Registration and use of 66 online service providers
o Analysis of each service’s privacy policy
o Generic initial request for access
o In-depth follow-up request to obtain a satisfactory answer
• Participants: 1 CiTiP researcher, 3 students involved in the KU
Leuven advanced Master in IP and IT Law
• Findings compiled in surveys at every step of the empirical study
• Results and analysis published:
o In IDPL 8(1), February 2018
o As CiTiP Working Paper on SSRN
Empirical study on the right of access
Ausloos & Dewitte, 'Shattering One-Way Mirrors. The Right of Access in Practice', IDPL 8(1)
available at <https://academic.oup.com/idpl/article/8/1/4/4922871>
14. • Overview of the investigated sectors
Empirical study on the right of access
Ausloos & Dewitte, 'Shattering One-Way Mirrors. The Right of Access in Practice', IDPL 8(1)
available at <https://academic.oup.com/idpl/article/8/1/4/4922871>
15. • Some findings on the privacy policies (accessibility)
Empirical study on the right of access
Number of clicks it takes to get from the homepage to the privacy policy
Ausloos & Dewitte, 'Shattering One-Way Mirrors. The Right of Access in Practice', IDPL 8(1)
available at <https://academic.oup.com/idpl/article/8/1/4/4922871>
16. • Some findings on the privacy policies (completeness)
Empirical study on the right of access
Information provided by controllers in their privacy policy
Ausloos & Dewitte, 'Shattering One-Way Mirrors. The Right of Access in Practice', IDPL 8(1)
available at <https://academic.oup.com/idpl/article/8/1/4/4922871>
17. • Some findings on the filing of the initial request (mention of RoA)
Empirical study on the right of access
Specific mention of the right of access in the privacy policy
Ausloos & Dewitte, 'Shattering One-Way Mirrors. The Right of Access in Practice', IDPL 8(1)
available at <https://academic.oup.com/idpl/article/8/1/4/4922871>
18. • Some findings on the filing of the initial request (modalities)
Empirical study on the right of access
Specific ways mentioned in the privacy policy to exercise the right of access
Ausloos & Dewitte, 'Shattering One-Way Mirrors. The Right of Access in Practice', IDPL 8(1)
available at <https://academic.oup.com/idpl/article/8/1/4/4922871>
19. • Some findings on the follow-up request (answers)
Empirical study on the right of access
74%
26%
Number of controllers who responded to our initial request
Ausloos & Dewitte, 'Shattering One-Way Mirrors. The Right of Access in Practice', IDPL 8(1)
available at <https://academic.oup.com/idpl/article/8/1/4/4922871>
20. • Some findings on the follow-up request (delay)
Empirical study on the right of access
Days controllers took to respond to the initial request (other than confirmation of receipt)
Ausloos & Dewitte, 'Shattering One-Way Mirrors. The Right of Access in Practice', IDPL 8(1)
available at <https://academic.oup.com/idpl/article/8/1/4/4922871>
21. • Some findings on the follow-up request (information provided)
Empirical study on the right of access
Information provided following the access request
Ausloos & Dewitte, 'Shattering One-Way Mirrors. The Right of Access in Practice', IDPL 8(1)
available at <https://academic.oup.com/idpl/article/8/1/4/4922871>
22. • Some findings on the follow-up request (medium)
Empirical study on the right of access
Medium used to provide the answers
Ausloos & Dewitte, 'Shattering One-Way Mirrors. The Right of Access in Practice', IDPL 8(1)
available at <https://academic.oup.com/idpl/article/8/1/4/4922871>
23. • Some findings on the follow-up request (misunderstanding)
o Many controllers referred to their privacy policy
o Some of them mentioned the possibility to edit our profile via the
service itself (name, address, etc.)
o Others did not know the existence of the right of access at all and
questioned us to obtain more information
Empirical study on the right of access
Ausloos & Dewitte, 'Shattering One-Way Mirrors. The Right of Access in Practice', IDPL 8(1)
available at <https://academic.oup.com/idpl/article/8/1/4/4922871>
24. • Some findings on the follow-up request (irritation, bad faith)
o Some controllers reacted with suspicion, irritation, reluctance and
even bad faith to our access request
Empirical study on the right of access
(…) All required information is made
available in our privacy policy. If you
think it’s insufficient or believe *****
is not trustworthy, we’re happy to
delete your account and all related
data. If you would like to use the
site, then you automatically accept
our user agreement and privacy
policy. (…) We receive this type of
question once or twice a year, and it
always comes from people who
have no intention of being active on
*****. So if you have a real concern,
we’re happy to explain more info
Ausloos & Dewitte, 'Shattering One-Way Mirrors. The Right of Access in Practice', IDPL 8(1)
available at <https://academic.oup.com/idpl/article/8/1/4/4922871>
25. • Some findings on the follow-up request (irritation, bad faith)
o Some controllers reacted with suspicion, irritation, reluctance and
even bad faith to our access request
Empirical study on the right of access
This type of legislation is the reason we
incorporated ***** in the US and not in
*****. In reality, real users never ask for this
type of information. They just delete their
account. Our work is to ***** in the most
trustworthy way. We have now deleted
your account and have no data on file
anymore, apart from this email in a
separate customer support system. We
have hereby fulfilled your request. And for
all clarity: we treat real users and their
privacy with the utmost respect. But we
don’t spend expensive resources to
respond to frivolous requests
Ausloos & Dewitte, 'Shattering One-Way Mirrors. The Right of Access in Practice', IDPL 8(1)
available at <https://academic.oup.com/idpl/article/8/1/4/4922871>
26. Lack of
awareness
Lack of
organization
Lack of
motivation
Lack of
harmonization
Empirical study on the right of access
Ausloos & Dewitte, 'Shattering One-Way Mirrors. The Right of Access in Practice', IDPL 8(1)
available at <https://academic.oup.com/idpl/article/8/1/4/4922871>
27. • GDPR, paradigm shift?
o More information to be provided: Article 12(a) DPD v. 15(1) GDPR
o Well-defined practical modalities: Article 12(a) DPD v. 12 GDPR
o Mandatory appointment of a DPO if certain conditions are met
o Introduction of Data Protection by Design (see infra)
o Guidance from national supervisory authorities or EDPD
o Awaited codes of conducts and certification mechanisms
o Heavier fines as a driver
o Market-driven incentives
o Awareness-raising effect of the GDPR
o Civil society initiatives (Usable Privacy, Polisis, Data Rights Finder,…)
Empirical study on the right of access
A bright future for transparency, the right of access and
user empowerment in general?
Ausloos & Dewitte, 'Shattering One-Way Mirrors. The Right of Access in Practice', IDPL 8(1)
available at <https://academic.oup.com/idpl/article/8/1/4/4922871>
29. • Increasing use of algorithms impacting our daily lives
o Both online (e.g. tailored newsfeed on social media, targeted
advertising) and offline (e.g. smart cities)
• GDPR includes a so-called ‘right to explanation’ of decisions based
solely on automated processing. Spread across several provisions:
o Transparency requirements: Art. 13(2)f and 14(2)g
o Right of access: Art. 15(1)g
o Specific provision: Art. 22(3) and Rec. 71
• How this specific provision is interpreted and accommodated in
practice by controllers remains largely unknown
o Ex ante explanation of how the system works?
o Ex post explanation on how a specific decision was reached?
Empirical study on the so-called
‘right to explanation’
Algorithmic Transparency and Accountability in Practice (ATAP), KU Leuven CiTiP
and MintLab, <https://www.law.kuleuven.be/citip/en/research/projects/ongoing/atap>
30. • During academic year 2018-2019, legal-empirical study on the ‘right
to explanation’ of decisions taken by news recommender systems
o First-party content providers (e.g. newspaper website)
o News aggregators (e.g. Flipboard)
o Social media (e.g. Twitter)
• Participants: 5 CiTiP researchers, 3 MintLab researchers, 4 students
involved in the KU Leuven advanced Master in IP and IT Law
Empirical study on the so-called
‘right to explanation’
Desktop
research
Empirical
research
Design
research
Target
policy-
makers and
UI
Designers
Algorithmic Transparency and Accountability in Practice (ATAP), KU Leuven CiTiP
and MintLab, <https://www.law.kuleuven.be/citip/en/research/projects/ongoing/atap>
31. 31
• Complexity
• Technical Level
• Expert knowledge required in order to understand and translate
recommender systems,
• Dependent on target audience
• Data Level
• Explanation requires insight into the entire automated chain
• Legal Level
• Disparity amongst legal instruments available to the data subject
• Data Administration might lead to Indifference or Fatigue
• Intellectual Property versus Granularity
• Design Level
• Different ‘Recommender Purposes’ require Different Explanations
Challenges to Explanations and
Transparency
33. • To exercise data subject’s rights:
o https://www.mydatadoneright.eu/: helps individuals to exercise their
rights (access, erasure, rectification, portability)
o https://www.personaldata.io: helps with in-depth/complicated access
requests (e.g. Tinder ‘hotness factor’, Facebook Hive data, Uber data,
Deliveroo data etc.)
• To better understand privacy policies:
o https://www.datarightsfinder.org/: summarises privacy policies and
assists with the drafting of requests (focus on financial services)
o https://www.usableprivacy.org/: summarises human- and machine
annotated privacy policies
o https://pribot.org/polisis: AI-powered privacy policy analysis
Assistance along the way
Mention link to paper.
Mention other initiatives in the field of privacy policy analysis:
Jamila Venturini, Luiza Louzada, Marilia Maciel, Nicolo Zingales, Konstantinos Stylianou, Luca Belli, Terms of Service and Human Rights: an Analysis of Online Platform Contracts (Revan 2016) <http://internet-governance.fgv.br/sites/internet-governance.fgv.br/files/publicacoes/terms_of_services_06_12_2016.pdf> accessed 19 October 2017;
Brendan Van Alsenoy, Valerie Verdoodt, Rob Heyman, Jef Ausloos, Ellen Wauters, ‘From social media service to advertising network. A critical analysis of Facebook’s Revised Policies and Terms’, 25 February 2015 <https://www.law.kuleuven.be/citip/en/news/item/facebooks-revised-policies-and-terms-v1-2.pdf> access 19 October 2017
Habib H and others, ‘An Empirical Analysis of Website Data Deletion and Opt-Out Choices’ (2018)
Kumar P, ‘Privacy Policies and Their Lack of Clear Disclosure Regarding the Life Cycle of User Information’, 2016 AAAI Fall Symposium Series (2016)
In deliberation with these students, a selection of 66 commonly used (across the EU) information society service providers was made.
While a vast majority (80%) of investigated privacy policies were reached in only one or two clicks from the homepage (fig.2), the process was still rated “difficult” to “very difficult” in 31% of instances,
The most important reasons in those 31% were:
Poor design, e.g. by not following today’s widespread standard of placing a hyperlink to the privacy section at the bottom of every page;
The fact that information relating to privacy and data protection were also lumped together with the provider’s general terms and conditions;
The fact that information relating to the privacy policy were hidden behind a vaguely or wrongly-titled link such as “Legal terms” or “Cookies policy”.
List of information to be provided for by controllers is not a novelty of the GDPR:
Already in Articles 11-12 DPD
Now in Articles 13-14 GDPR (expanded list)
Two main questions were assessed: (i) is the right of access specifically mentioned? and (ii) where/how should such a request be sent?:
Regarding the first question, it is worth recalling that Articles 10(c) and 11(1)c of Directive 95/46 (Artt. 13(2)b and 14(2)c GDPR) oblige controllers to mention the existence of such a prerogative in their privacy policy.
Regarding the second question, it is worth recalling that, while failing to specify the practical modalities for exercising the right of access may not violate Directive 95/46, this is likely to change with the GDPR which obliges controllers to “facilitate the exercise of data subject rights under Articles 15 to 22”. It can therefore reasonably be assumed that providing a clear procedural scheme to data subjects willing to exercise their right of access will be part of controllers’ new set of duties under the GDPR. Art. 12(2) GDPR. The exact meaning of what will constitute a facilitative practice is not clear today. This will be further specified by national DPAs, national courts and the European Data Protection Board once the GDPR enters into force.
Virtually all providers are collecting non-registered users’ personal data as well (even if only through installing cookies or collecting IP addresses when visiting their website). Nevertheless, many only allow an access request to be filed through a contact point made exclusively available to registered users. In such situations finding alternative means of reaching the controller can often be considered unreasonable and disproportionate, not to mention using such alternative means may often prove ineffective.
After five months, when it was decided to bring the empirical study to an end, only 74% of the investigated online service providers had responded, whether with a satisfying answer or not. In other words, 26% of them remained completely silent despite multiple reminders. As a result, the amount of responses being assessed as part of the empirical study was already reduced by a quarter compared to the number of providers contacted,
The delay in responding to queries also appeared problematic in a significant number of cases. 56% of responses arrived more than 30 days after the initial request had been sent (fig.10). At the time of the empirical research, legal time limits depended on national implementing acts. This will, however, no longer be the case once the GDPR enters into force.
Most of the time, either:
Basic and therefore not exhaustive enough (contra Art. 15(1) GDPR);
Complex and therefore not easily legible (contra Art. 12(1) GDPR).
Confusion between access and erasure;
- Even proactive erasure while not requested;
Lack of awareness (unaware of the existence of DP law, misunderstanding about the basic notions such as ‘personal data’ or the territorial scope of application)
Lack of organization (no department or team in charge of DP issues, no procedure for handling data subject’s rights technical constraints due to the way controllers were handling their datasets)
Lack of motivation (see example supra)
Lack of harmonization (at the time, national implementations of DPD relevant for time limits, exception to data subject’s rights, modalities, etc.), Partially lifted under GDPR, at least when it comes to the modalities surrounding the exercise of data subject’s rights.
More information to be provided (e.g. retention period, existence of rights, right to lodge a compliant with a supervisory authority, information on transfers to third countries, etc.).
Well-defined practical modalities (e.g. free of charge, one month time limit, form of request, form of answer, intelligibility)
DPO: remedy the lack of awareness
DPbD: The empirical study has indeed demonstrated that a significant number of controllers struggled to even identify and locate the requested pieces of information. This could be avoided by developing/reconfiguring their systems in such a way to facilitate the retrieval of relevant data in a secure and individualised way. Indeed, their systems should be designed in a way that enables the exercise of data subject rights. Ideally, this would go as far as to actively facilitate exercising such rights, for example through automating the process and ensuring information is machine-readable and interoperable (cf. Art.20 on the right to data portability). Easier said than done, but cornerstone.
Guidance from national SA or EDPB in terms of templates, scenario-based approach (parallel critical infrastructure in air law).
Codes of conducts for addressing data subjects’ rights (Art. 40(2)f), certification mechanisms to make it more scalable
Yet, looking at how similar instruments have worked in other sectors (e.g. financial industry), some scepticism as to their added value seems warranted.
Mention link to the project.
Art. 22(1): automated decision-making = ‘a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her’.
Art. 13(2)f and 14(2) (privacy policy; ex ante basis):
Existence of automated decision-making;
At least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject;
In other cases, also possible but not mandatory.
Art. 15(1)h (right, ex post basis):
Existence of automated decision-making;
At least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject;
In other cases, also possible but not mandatory.
Art. 22(3): Only in case of automated decision-making based on contract or consent, obligation for the controller to implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision (+ Rec. 71: obtain an explanation).
Desktop research (legal scholarship; HCI scholarship; interdisciplinary problem formulation)
Empirical research (setting-up; conduct; interdisciplinary analysis of the results)
Design research (organisation of co-design workshops; creation of interface prototypes; experimentation assessing the impact of the prototypes on users’ comprehension)
Recommendations (development of a teaching module; drafting of evidence-based recommendations for regulators, policy-makers and designers; valorisation)
Traditional legal desktop research, mapping and summarising the relevant literature on the right to explanation in EU data protection law.
OUTPUT: chapter to be incorporated into Deliverable 1
Literature review of research on the design and evaluation of transparent algorithmic systems, documenting best practices and guidelines as input for WP3
OUTPUT: chapter to be incorporated into Deliverable 1
Combine insights gained in Tasks 1.1. and 1.2. so as to come to a more holistic problem statement.
OUTPUT: Deliverable 1 - Mapping key challenges to the right to an explanation, an interdisciplinary approach.
Work Package 2. Empirical Research (M3-11). Lead: CiTiP
This task consists of all necessary preparations to enable data gathering in T2.2. Drafting list of questions to be investigated, building on T1.3.; identify relevant actors to be investigated; develop online surveys for easy and centralised data gathering. The actual implementation of the scripts and lists of questions will be done in collaboration with PersonalData.io.
OUTPUT: surveys, research script.
Conducting the actual empirical research, consisting of contacting online service providers and assess their compliance strategies for accommodating the right to explanation.
OUTPUT: excel sheets, comprehensively mapping all gathered data.
Interdisciplinary analysis of the results, to identify key issues.
OUTPUT: joint report, co-authored between CiTiP/MintLab).
Work Package 3. Design Research (M7-16). Lead: Mintlab
Using input from WP1 and WP2, as well as from a sensitising activity (diary study), two co-design workshops will be organised with 20 end-users.
OUTPUT: user experience of algorithmic systems; list of elements that are to be made transparent).
Based on the outcome of T3.1, several interface prototypes will be created that offer different variations of algorithmic transparency.
OUTPUT: interactive medium-fidelity prototypes.
Using prototypes created in T3.2, several between-subjects experiments will be set-up to assess the impact of the various interface designs on the users’ comprehension, acceptance and trust of the prototypes.
OUTPUT: detailed analysis of impact of interface elements on user ratings.
Work Package 4:
Mention link to the project.
Art. 22(1): automated decision-making = ‘a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her’.
Art. 13(2)f and 14(2) (privacy policy; ex ante basis):
Existence of automated decision-making;
At least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject;
In other cases, also possible but not mandatory.
Art. 15(1)h (right, ex post basis):
Existence of automated decision-making;
At least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject;
In other cases, also possible but not mandatory.
Art. 22(3): Only in case of automated decision-making based on contract or consent, obligation for the controller to implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision (+ Rec. 71: obtain an explanation).