Tag Archives: privacy

How websites watch your every move and ignore privacy settings

File 20171122 6055 jrvkjw.jpg?ixlib=rb 1.1

In this guest post, Yijun Yu, Senior Lecturer, Department of Computing and Communications, The Open University examines the world’s top websites and their routine tracking of a user’s every keystroke, mouse movement and input into a web form – even if it’s later deleted.

Hundreds of the world’s top websites routinely track a user’s every keystroke, mouse movement and input into a web form – even before it’s submitted or later abandoned, according to the results of a study from researchers at Princeton University.

And there’s a nasty side-effect: personal identifiable data, such as medical information, passwords and credit card details, could be revealed when users surf the web – without them knowing that companies are monitoring their browsing behaviour. It’s a situation that should alarm anyone who cares about their privacy.

The Princeton researchers found it was difficult to redact personally identifiable information from browsing behaviour records – even, in some instances, when users have switched on privacy settings such as Do Not Track.

Continue reading

Guilty until proven innocent? How a legal loophole is being used to name and shame children

File 20171026 13319 1cvf3uw.jpg?ixlib=rb 1.1

 

 

 

 

 

 

 

 

 

In this guest post, Faith Gordon, University of Westminster explores how, under UK law, a child’s anonimity is not entirely guaranteed. Faith is speaking at the  Information Law and Policy Centre’s annual conference – Children and Digital Rights: Regulating Freedoms and Safeguards this Friday, 17 November. 

Under the 1948 Universal Declaration of Human Rights, each individual is presumed innocent until proven guilty. A big part of protecting this principle is guaranteeing that public opinion is not biased against someone that is about to be tried in the courts. In this situation, minors are particularly vulnerable and need all the protection that can be legally offered. So when you read stories about cases involving children, it’s often accompanied with the line that the accused cannot be named for legal reasons.

However, a loophole exists: a minor can be named before being formally charged. And as we all know in this digital age, being named comes with consequences – details or images shared of the child are permanent. While the right to be forgotten is the strongest for children within the Data Protection Bill, children and young people know that when their images and posts are screenshot they have little or no control over how they are used and who has access to them.

Continue reading

Ethical issues in research using datasets of illicit origin

In this guest post Dr Daniel R. Thomas, University of Cambridge reviews research surrounding ethical issues in research using datasets of illicit origin. This post first appeared on “Light Blue Touchpaper” weblog written by researchers in the Security Group at the University of Cambridge Computer Laboratory.

On Friday at IMC I presented our paper “Ethical issues in research using datasets of illicit origin” by Daniel R. Thomas, Sergio Pastrana, Alice Hutchings, Richard Clayton, and Alastair R. Beresford. We conducted this research after thinking about some of these issues in the context of our previous work on UDP reflection DDoS attacks.

Data of illicit origin is data obtained by illicit means such as exploiting a vulnerability or unauthorized disclosure, in our previous work this was leaked databases from booter services. We analysed existing guidance on ethics and papers that used data of illicit origin to see what issues researchers are encouraged to discuss and what issues they did discuss. We find wide variation in current practice. We encourage researchers using data of illicit origin to include an ethics section in their paper: to explain why the work was ethical so that the research community can learn from the work. At present in many cases positive benefits as well as potential harms of research, remain entirely unidentified. Few papers record explicit Research Ethics Board (REB) (aka IRB/Ethics Commitee) approval for the activity that is described and the justifications given for exemption from REB approval suggest deficiencies in the REB process. It is also important to focus on the “human participants” of research rather than the narrower “human subjects” definition as not all the humans that might be harmed by research are its direct subjects.

The paper and the slides are available.

Transferring personal data outside the EU: Clarification from the ECJ?

In this guest post Lorna Woods, Professor of Internet Law at the University of Essex, explores the EU’s proposed Passenger Name Record (PNR) agreement with Canada. This post first appeared on the blog of Steve Peers, Professor of EU, Human Rights and World Trade Law at the University of Essex.

Opinion 1/15 EU/Canada PNR Agreement, 26th July 2017

Continue reading

The Surveillance Triangle: Authorities, Data subjects and Means

Readers of the Information and Law Policy Centre blog may be interested in the following event held by Maastricht University.

The academic conference addresses the question as to how surveillance is perceived from the perspective of three main stakeholders involved in the process of surveillance: surveillance authorities, data subjects and companies. The conference tackles precisely this issue. It brings together the perspective of those stakeholders and provides informative insights of academics from both the EU and the US on how these issues interplay in different contexts.

Programme

9:30-10:00 Registration
10:00-10:30 Keynote speech:
The EU’s approach towards surveillance”, Philippe Renaudière, Data Protection Officer, European Commission
10:30-12:00 Panel I: The perspective of the authorities who exercise surveillance
12:00-13:30 Lunch
13:30-15:00 Panel II: The perspective of Individuals subject to surveillance
15:00-15:30 Coffee break
15:30-17:00 Panel III: Means of Surveillance
17:00-17:30 Closing remarks, Giovanni Buttarelli, EDPS
17:30-18:00 Wrap-up
18:00 Network Cocktail

Call for Papers – Children and Digital Rights: Regulating Freedoms and Safeguards

We are pleased to announce this call for papers for the Information Law and Policy Centre’s Annual Conference on 17 November 2017 at IALS in London, this year supported by Bloomsbury’s Communications Law journal. You can read about our previous annual events here.

We are looking for high quality and focused contributions that consider information law and policy within the context of children and digital rights. Whether based on doctrinal analysis, or empirical social research, papers should offer an original perspective on the implications posed by the data-driven society for the regulation of the digital rights of children and young adults, and the freedoms and safeguards therein.

Topics of particular interest in 2017 include:

  • Internet intermediary liability
  • Social media
  • Data privacy
  • Internet of Things
  • Cyber security
  • UN Convention on the Rights of the Child
  • Online games/apps
  • Digital education
  • The EU General Data Protection Regulation

The workshop will take place on Friday 17th November 2017 and will be followed by the Information Law and Policy Centre’s Annual Lecture and an evening reception.

Attendance will be free of charge thanks to the support of the IALS and our sponsor, although registration is required as places are limited.

The best papers will be featured in a special issue of Bloomsbury’s Communications Law journal, following a peer-review process. Those giving papers will be invited to submit full draft papers to the journal by 1st November 2017 for consideration by the journal’s editorial team.

How to apply:

Please send an abstract of between 250-300 words and some brief biographical information to Eliza Boudier, Fellowships and Administrative Officer, IALS: eliza.boudier@sas.ac.uk by Friday 14th July 2017 (5pm, BST).

Abstracts will be considered by the Information Law and Policy Centre’s academic staff and advisors, and the Communications Law journal editorial team.

About the Information Law and Policy Centre at the IALS:

The Information Law and Policy Centre (ILPC) produces, promotes, and facilitates research about the law and policy of information and data, and the ways in which law both restricts and enables the sharing, and dissemination, of different types of information.

The ILPC is part of the Institute of Advanced Legal Studies (IALS), which was founded in 1947. It was conceived, and is funded, as a national academic institution, attached to the University of London, serving all universities through its national legal research library. Its function is to promote, facilitate, and disseminate the results of advanced study and research in the discipline of law, for the benefit of persons and institutions in the UK and abroad.

The ILPC’s Annual Conference and Annual Lecture form part of a series of events celebrating the 70th Anniversary of the IALS in November.

About Communications Law (Journal of Computer, Media and Telecommunications Law):

Communications Law is a well-respected quarterly journal published by Bloomsbury Professional covering the broad spectrum of legal issues arising in the telecoms, IT, and media industries. Each issue brings you a wide range of opinion, discussion, and analysis from the field of communications law. Dr Paul Wragg, Associate Professor of Law at the University of Leeds, is the journal’s Editor in Chief.

Where to after Watson? The challenges and future of mass data retention in the UK

CJEUAs our lives have increasingly become data-driven and digital by default, finding the balance between privacy and national security/law enforcement has become one of the central legal, political, and ethical debates of the information age. On 11 May, the Director of the Information Law and Policy Centre, Dr Nora Ni Loideain joined a panel of experts at a Bingham Centre event to discuss the latest round in the legal debate – the European Court of Justice’s (CJEU) recent ruling in a case brought by Tom Watson MP against the UK government in regard to the legality of the Data Retention and Investigatory Powers Act (DRIPA). Although DRIPA has now expired, the CJEU Grand Chamber judgment delivered last December also calls into question the legal status of the legislation which replaced DRIPA in 2016, the Investigatory Powers Act (IP Act).

According to the panel chair, Professor Lorna Woods, the CJEU judgment formed what might be considered a “strong view” on privacy and regarded mass data retention as “disproportionate” compared to citizens’ rights to privacy. In this regard, the ruling continued in the same vein as the landmark 2014 Digital Rights Ireland judgment, which struck down the EU’s instrument for mandatory mass data retention – the Data Retention Directive – and declared it to be incompatible with the right to respect for private life and data protection protected by Articles 7 and 8 of the EU Charter of Fundamental Rights.

As we wait for the UK Court of Appeal to interpret the Watson/Tele2 judgment in relation to UK law, the panel considered what the Grand Chamber’s judgment might mean for mass data retention. In particular, Professor Lorna Woods put it to the panel and audience to consider whether the scope of data retention currently provided for under the IP Act 2016 was still possible in light of the reasoning of the CJEU Grand Chamber’s judgment. Continue reading

Signed Statement Condemns DHS Proposal to Demand Passwords to Enter the U.S.

A group of 50 organisations and nearly 90 individual experts have signed a statement against the US Department of Homeland Security’s (DHS) proposal to ask non-citizens to provide the passwords to their social media accounts in order to enter the United States.

The social media password proposal was raised by Secretary John Kelly at the House Homeland Security Committee hearing on 7th February.

The signed statement, which has been organised by the Center for Democracy & Technology, recognises the United States Government’s need to protect its borders but argues that a “blanket policy of demanding passwords” would “undermine security, privacy, and other rights”.

To view the full statement with list of signatories please click here.

Call for papers: Critical Research in Information Law

Deadline 15 March 2017

The Information Law Group at the University of Sussex is pleased to announce its annual PhD and Work in Progress Workshop on 3 May 2017. The workshop, chaired by Professor Chris Marsden, will provide doctoral students with an opportunity to discuss current research and receive feedback from senior scholars in a highly focused, informal environment. The event will be held in conjunction with the Work in Progress Workshop on digital intermediary law.

We encourage original contributions critically approaching current information law and policy issues, with particular attention on the peculiarities of information law as a field of research. Topics of interest include:

  • internet intermediary liability
  • net neutrality and media regulation
  • surveillance and data regulation
  • 3D printing
  • the EU General Data Protection Regulation
  • blockchain technology
  • algorithmic/AI/robotic regulation
  • Platform neutrality, ‘fake news’ and ‘anti-extremism’ policy.

How to apply: Please send an abstract of 500 words and brief biographical information to Dr Nicolo Zingales  by 15 March 2017. Applicants will be informed by 30 March 2017 if selected. Submission of draft papers by selected applicants is encouraged, but not required.

Logistics: 11am-1pm 3 May in the Moot Room, Freeman Building, University of Sussex.

Afternoon Workshop: all PhD attendees are registered to attend the afternoon workshop 2pm-5.30pm F22 without charge (programme here).

Financial Support: Information Law Group can repay economy class rail fares within the UK. Please inform the organizers if you need financial assistance.

Two Research Associate Posts at Hertie School of Governance

For the project ‘Evolving Internet Interfaces: Content Control and Privacy Protection’ within the Deutsche Foschungsgemeinschaft (German Research Foundation) research group on ‘Overlapping Spheres of Authority and Interface Conflicts in the Global Order’ (www.osaic.eu), the Hertie School is looking to hire:

2 Research Associates (m/f)
26 hours/week

The contract duration is 36 months. The envisaged start date is 1 June 2017. Salary is in accordance with TV-L Berlin. Continue reading