Suchergebnisse

The shift toward digital distribution has led newspapers to adopt data collection and sharing practices with unexplored ethical consequences. Analysis of the privacy policies of the 15 largest U.S. newspapers reveals what is permitted with regard to the capture of newsreader data and the sharing of such data with advertisers, affiliated companies, and social media. These practices and the related news metrics and analytics are critiqued in light of journalism's democratic role and traditional support of citizenship. The conclusion offers six recommendations to begin to address these ethical dilemmas through greater transparency and more reader control over data handling.

Currently, personal data collection and processing are widely used while providing digital services within mobile sensing networks for their operation, personalization, and improvement. Personal data are any data that identifiably describe a person. Legislative and regulatory documents adopted in recent years define the key requirements for the processing of personal data. They are based on the principles of lawfulness, fairness, and transparency of personal data processing. Privacy policies are the only legitimate way to provide information on how the personal data of service and device users is collected, processed, and stored. Therefore, the problem of making privacy policies clear and transparent is extremely important as its solution would allow end users to comprehend the risks associated with personal data processing. Currently, a number of approaches for analyzing privacy policies written in natural language have been proposed. Most of them require a large training dataset of privacy policies. In the paper, we examine the existing corpora of privacy policies available for training, discuss their features and conclude on the need for a new dataset of privacy policies for devices and services of the Internet of Things as a part of mobile sensing networks. The authors develop a new technique for collecting and cleaning such privacy policies. The proposed technique differs from existing ones by the usage of e-commerce platforms as a starting point for document search and enables more targeted collection of the URLs to the IoT device manufacturers' privacy policies. The software tool implementing this technique was used to collect a new corpus of documents in English containing 592 unique privacy policies. The collected corpus contains mainly privacy policies that are developed for the Internet of Things and reflect the latest legislative requirements. The paper also presents the results of the statistical and semantic analysis of the collected privacy policies. These results could be further used by the researchers when elaborating techniques for analysis of the privacy policies written in natural language targeted to enhance their transparency for the end user.

The healthcare sector traditionally processes large amounts of personal data. Nowadays, medical practice increasingly uses information technologies, such as smartphone applicatons ('apps') and wearable devices (e.g. smart watches, smart soles), for treatment plans and information collection. It is inherent to these modern technologies that they generate even more personal data. Some of the apps are developed specifcally for the healthcare sector, some are more general (health) apps. Within the European Union (EU), the processing of these personal data is regulated by the General Data Protecton Regulation (GDPR), which entered into force on 25 May 2018. The GDPR provides controllers and processors with obligations and data subjects with rights. This paper analyses the marketing statements of app providers and the privacy policies of the apps in order to determine whether they are in line with each other and with the GDPR.

This paper contributes to the knowledge body by establishing the current situation in terms of need, adoption and advertising of privacy policies in the websites of Portuguese local authorities, and by collecting evidence of its compliance with privacy practices. Websites of all the 308 Portuguese municipalities were surveyed for the presence of privacy policies, the usage of tracking cookies and measures taken to secure user credentials. A conceptual analysis was performed on privacy policies to categorise their content. Results were compared with other international studies. It was found that only 26% of the municipalities provide privacy policy statements and many of those exhibit significant gaps considering the information that can be expected in such documents. Furthermore, evidence of non-compliance with the advertised privacy policies and the legislation was also collected. The presented conclusions are useful for both academics and practitioners in the areas of e-government, privacy assurance and local government. Copyright © 2016 Inderscience Enterprises Ltd.

Wi-Fi-based tracking systems have recently appeared. By collecting radio signals emitted by Wi-Fi enabled devices, those systems are able to track individuals. They basically rely on the MAC address to uniquely identify each individual. If retailers and business have high expectations for physical tracking, it is also a threat for citizens privacy. We analyse the privacy policies used by the current tracking companies then we show the pitfalls of hash-based anonymization. More particularly we demonstrate that the hash-based anonymization of MAC address used in many Wi-Fi tracking systems can be easily defeated using of-the-shelf software and hardware. Finally we discuss possible solutions for MAC address anonymization in Wi-Fi tracking systems. ; Les systèmes de traçages basés sur le Wi-Fi ont récemment fait leur apparition. En collectant les signaux radio émis par les terminaux équipés du Wi-Fi, ces systèmes sont capables de tracer les individus. Ils utilisent l'adresse MAC des terminaux pour identifier de manière unique les personnes. Si les acteurs du commerce physique ont de grandes attentes de ces technologies de traçage physique, elles représentent également une menace pour la vie privée. Nous analysons les politiques de vie privée des principaux acteurs du traçage Wi-Fi et nous montrons l'inefficacité des techniques d'anonymisation par fonction de hachage. Plus particulièrement, nous montrons que les techniques d'anonymisations basées sur les fonctions de hachage, communément utilisés dans les systèmes de traçage Wi-Fi, peuvent être facilement cassées en utilisant des logiciels et du matériel standard. Finalement, nous discutons des solutions alternatives pour l'anonymisation des adresses MAC dans les systèmes de traçage Wi-Fi.

Wi-Fi-based tracking systems have recently appeared. By collecting radio signals emitted by Wi-Fi enabled devices, those systems are able to track individuals. They basically rely on the MAC address to uniquely identify each individual. If retailers and business have high expectations for physical tracking, it is also a threat for citizens privacy. We analyse the privacy policies used by the current tracking companies then we show the pitfalls of hash-based anonymization. More particularly we demonstrate that the hash-based anonymization of MAC address used in many Wi-Fi tracking systems can be easily defeated using of-the-shelf software and hardware. Finally we discuss possible solutions for MAC address anonymization in Wi-Fi tracking systems. ; Les systèmes de traçages basés sur le Wi-Fi ont récemment fait leur apparition. En collectant les signaux radio émis par les terminaux équipés du Wi-Fi, ces systèmes sont capables de tracer les individus. Ils utilisent l'adresse MAC des terminaux pour identifier de manière unique les personnes. Si les acteurs du commerce physique ont de grandes attentes de ces technologies de traçage physique, elles représentent également une menace pour la vie privée. Nous analysons les politiques de vie privée des principaux acteurs du traçage Wi-Fi et nous montrons l'inefficacité des techniques d'anonymisation par fonction de hachage. Plus particulièrement, nous montrons que les techniques d'anonymisations basées sur les fonctions de hachage, communément utilisés dans les systèmes de traçage Wi-Fi, peuvent être facilement cassées en utilisant des logiciels et du matériel standard. Finalement, nous discutons des solutions alternatives pour l'anonymisation des adresses MAC dans les systèmes de traçage Wi-Fi.

Purpose– The purpose of this paper is to advocate for and provide guidance for the development of a code of ethical conduct surrounding online privacy policies, including those concerning data mining. The hope is that this research generates thoughtful discussion on the issue of how to make data mining more effective for the business stakeholder while at the same time making it a process done in an ethical way that remains effective for the consumer. The recognition of the privacy rights of data mining subjects is paramount within this discussion.Design/methodology/approach– The authors derive foundational principles for ethical data mining. First, philosophical literature on moral principles is used as the theoretical foundation. Then, using existing frameworks, including legislation and regulations from a range of jurisdictions, a compilation of foundational principles was derived. This compilation was then evaluated and honed through the integration of stakeholder perspective and the assimilation of moral and philosophical precepts. Evaluating a sample of privacy policies hints that current practice does not meet the proposed principles, indicating a need for changes in the way data mining is performed.Findings– A comprehensive framework for the development a contemporary code of conduct and proposed ethical practices for online data mining was constructed.Research limitations/implications– This paper provides a configuration upon which a code of ethical conduct for performing data mining, tailored to meet the particular needs of any organization, can be designed.Practical implications– The implications of data mining, and a code of ethical conduct regulating it, are far-reaching. Implementation of such principles serve to improve consumer and stakeholder confidence, ensure the enduring compliance of data providers and the integrity of its collectors, and foster confidence in the security of data mining.Originality/value– Existing legal mandates alone are insufficient to properly regulate data mining, therefore supplemental reference to ethical considerations and stakeholder interest is required. The adoption of a functional code of general application is essential to address the increasing proliferation of apprehension regarding online privacy.

Colloque avec actes et comité de lecture. internationale. ; International audience ; Writing and evaluating policies is a recurrent problem over the Internet. These policies, which deal with fields like privacy (P3P), security (P3P) and provisioning (COPS-PR) are often made of many ordered rules. In this paper, we present our work related to P3P rules formalization and validation in an evaluation environnement based on rewriting process. We also develop an environnement which returns the right behavior regarding Internet ressources, P3P policies and APPEL user's preferences.

Colloque avec actes et comité de lecture. internationale. ; International audience ; Writing and evaluating policies is a recurrent problem over the Internet. These policies, which deal with fields like privacy (P3P), security (P3P) and provisioning (COPS-PR) are often made of many ordered rules. In this paper, we present our work related to P3P rules formalization and validation in an evaluation environnement based on rewriting process. We also develop an environnement which returns the right behavior regarding Internet ressources, P3P policies and APPEL user's preferences.