Integrating Fundamental Values into Information Flows in Sustainability Decision-Making

Similar documents
Our position. ICDPPC declaration on ethics and data protection in artificial intelligence

DATA PROTECTION IMPACT ASSESSMENT

Personal Data Protection Competency Framework for School Students. Intended to help Educators

Biometric Data, Deidentification. E. Kindt Cost1206 Training school 2017

Information and Communications Technology and Environmental Regulation: Critical Perspectives

Societal and Ethical Challenges in the Era of Big Data: Exploring the emerging issues and opportunities of big data management and analytics

ARTICLE 29 Data Protection Working Party

Robert Bond Partner, Commercial/IP/IT

2. Evidence themes and their importance along the development path

ARTICLE 29 DATA PROTECTION WORKING PARTY

Standards and privacy engineering ISO, OASIS, PRIPARE and Other Important Developments

CONSENT IN THE TIME OF BIG DATA. Richard Austin February 1, 2017

Digital transformation in the Catalan public administrations

Legal Protection by Design in the Smart Grid

GDPR Awareness. Kevin Styles. Certified Information Privacy Professional - Europe Member of International Association of Privacy professionals

End-to-End Privacy Accountability

PDF hosted at the Radboud Repository of the Radboud University Nijmegen

ANEC response to the CEN-CENELEC questionnaire on the possible need for standardisation on smart appliances

How do you teach AI the value of trust?

ICC POSITION ON LEGITIMATE INTERESTS

CCTV Policy. Policy reviewed by Academy Transformation Trust on June This policy links to: T:Drive. Safeguarding Policy Data Protection Policy

CCTV Policy. Policy reviewed by Academy Transformation Trust on June This policy links to: Safeguarding Policy Data Protection Policy

The Information Commissioner s response to the Draft AI Ethics Guidelines of the High-Level Expert Group on Artificial Intelligence

Setting out the EU approach to Standard Essential Patents:

in the New Zealand Curriculum

TechAmerica Europe comments for DAPIX on Pseudonymous Data and Profiling as per 19/12/2013 paper on Specific Issues of Chapters I-IV

What does the revision of the OECD Privacy Guidelines mean for businesses?

Comments from CEN CENELEC on COM(2010) 245 of 19 May 2010 on "A Digital Agenda for Europe"

B) Issues to be Prioritised within the Proposed Global Strategy and Plan of Action:

DaPIS: an Ontology-based Data Protection Icon Set

ARTICLE 29 DATA PROTECTION WORKING PARTY

Non-ferrous metals manufacturing industry: vision for the future and actions needed

The General Data Protection Regulation and use of health data: challenges for pharmaceutical regulation

RecordDNA DEVELOPING AN R&D AGENDA TO SUSTAIN THE DIGITAL EVIDENCE BASE THROUGH TIME

ITAC RESPONSE: Modernizing Consent and Privacy in PIPEDA

GDPR Implications for ediscovery from a legal and technical point of view

Metrology in the Digital Transformation

Cover Page. The handle holds various files of this Leiden University dissertation.

EXIN Privacy and Data Protection Foundation. Preparation Guide. Edition

EU data economy what have you done for me lately?

Andrew J Haire UNDERSTANDING SMART INFRASTRUCTURE (M2M & INTERNET OF THINGS)

IoT governance roadmap

THE EUROPEAN DATA PROTECTION SUPERVISOR, Having regard to the Treaty on the Functioning of the European Union, and in particular Article 16 thereof,

ISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Privacy framework

Having regard to the Treaty establishing the European Community, and in particular its Article 286,

The Internet of Things: an overview

Submission to the Productivity Commission inquiry into Intellectual Property Arrangements

Artificial Intelligence, Business, and the Law

Presentation Outline

University of Massachusetts Amherst Libraries. Digital Preservation Policy, Version 1.3

Exposure Draft Definition of Material. Issues Paper - Towards a Draft Comment Letter

(EC) ), 11(8) 347/ /2009, (EC)

Privacy engineering, privacy by design, and privacy governance

Big Data & AI Governance: The Laws and Ethics

RECOMMENDATIONS. COMMISSION RECOMMENDATION (EU) 2018/790 of 25 April 2018 on access to and preservation of scientific information

ARTEMIS The Embedded Systems European Technology Platform

Towards Trusted AI Impact on Language Technologies

Canada s Intellectual Property (IP) Strategy submission from Polytechnics Canada

Details of the Proposal

Privacy Policy SOP-031

Lothar Fritsch Norwegian Computing Center, Oslo

Part 7: Privacy aspects

TOOL #21. RESEARCH & INNOVATION

The Role of the Intellectual Property Office

The 45 Adopted Recommendations under the WIPO Development Agenda

Having regard to the Treaty on the Functioning of the European Union, and in particular Article 16 thereof,

The General Data Protection Regulation

Analysis of Privacy and Data Protection Laws and Directives Around the World

The European Securitisation Regulation: The Countdown Continues... Draft Regulatory Technical Standards on Content and Format of the STS Notification

15: Ethics in Machine Learning, plus Artificial General Intelligence and some old Science Fiction

WIPO Development Agenda

Impact and Innovation in H2020 Proposals and projects

The ALA and ARL Position on Access and Digital Preservation: A Response to the Section 108 Study Group

Legal Aspects of the Internet of Things. Richard Kemp June 2017

Privacy Management in Smart Cities

Data Protection and Privacy in a M2M world. Yiannis Theodorou, Regulatory Policy Manager GSMA Latam Plenary Peru, November 2013

Using MIL-STD-882 as a WHS Compliance Tool for Acquisition

Protection of Privacy Policy

OECD Innovation Strategy: Key Findings

Smart Grids (SG) and European policy

FP9 s ambitious aims for societal impact call for a step change in interdisciplinarity and citizen engagement.

COMMISSION RECOMMENDATION. of on access to and preservation of scientific information. {SWD(2012) 221 final} {SWD(2012) 222 final}

April 21, By to:

Challenges and Opportunities

OECD WORK ON ARTIFICIAL INTELLIGENCE

ISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Privacy framework

8 Executive summary. Intelligent Software Agent Technologies: Turning a Privacy Threat into a Privacy Protector

The IEEE Global Initiative for Ethical Considerations in Artificial Intelligence and Autonomous Systems. Overview June, 2017

Interactive Workshop on Data Protection Impact Assessment

Doing, supporting and using public health research. The Public Health England strategy for research, development and innovation

The Ethics of Artificial Intelligence

Getting Started. This Lecture

Market Access and Environmental Requirements

At its meeting on 18 May 2016, the Permanent Representatives Committee noted the unanimous agreement on the above conclusions.

Copyright 2008, Paul Conway.

Formation and Management

eco Report: M2M Future Trends 2015

Decentralisation, i.e. Internet for Social Good

PERNOD RICARD. Connected Objects: The Experience of Pernod Ricard. Mathieu PROT, Group IP Director

Artificial intelligence and judicial systems: The so-called predictive justice

Transcription:

Integrating Fundamental Values into Information Flows in Sustainability Decision-Making Rónán Kennedy, School of Law, National University of Ireland Galway ronan.m.kennedy@nuigalway.ie Presentation for Decision Making across the Information, Technology and Sustainability Landscape: Towards Breadth and Coherence London, 13 April 2016 1

Overview 1. Privacy in Theory and in Practice 2. Standards and FRAND 3. Integrating Values into Innovation and Information Law, Policy, and Practice 2

Privacy in Theory and in Practice

Energy Usage Data and Privacy Energy usage patterns reveal lifestyle: Health issues, particularly sleep diet exercise alcohol use Relationship issues Child care arrangements Religion Potentially sensitive enable discrimination and bias 3

Unintended Uses of Energy Data Insurance companies Family lawyers Municipal planning Law enforcement Burglars 4

Security Issues with Smart Meters Manufacturers lack expertise Inadequate processing power for encryption Devices not designed for security patches 5

Consumer Confusion Consumers often unclear about function or purpose of smart meters Consumers may not be able to make informed decisions about privacy Lack of options Lack of knowledge Lack of legal advice 6

Exporting Data from EEA Will data be stored in the cloud? Where is the cloud? Is it outside the European Economic Area? Australia not covered by Safe Harbour 7

Anonymisation Energy data must be inter-connected Anonymised data can be de-anonymised 8

Security by Design end-to-end encryption separate streams for core and value-added services 9

Data Protection by Design Right for consumers to access, move and erase data Prohibition on automated profiling without knowledge or consent Ensure transparency: Include metadata on consent (default is off), processing, sharing Keep data in a personal data store with intelligent agent as safeguard Provide consumers with open source software 10

Technical Options Secure, distinct data streams with authentication Personal data storage Privacy-preserving data mining and aggregation Discrimination-aware data mining Consumer control of granular data access Semantic metadata in interactive systems 11

Privacy by Design through Impact Assessment Data Protection Impact Assessment EU Commission Recommendation 724/2014 Data Protection by Design and Data Protection by Default solutions Data Protection Impact Assessment Template for Smart Grid and Smart Metering Systems test phase with deployment of real cases Review within two years (before October 2016) Article 29 Working Party on DPIA Opinion 04/2013: criticised DPIA for lack of clarity, confusing risks and threats, and not linking risks and controls Opinion 07/2013: DPIA improved but needs improvement and testing 12

Privacy by (Re)-Design in Practice Privacy by Design: vague set of principles without methodological guidance Privacy by Re-Design: retro-fitting existing systems Very expensive Computers are designed to share, retain, index, and analyse information Long-term systems may require audit trails How to forget? 13

Requirements Analysis Legal Requirements Digital rules: Rigid, clearly defined in advance, strictly operationalised, difficult to change Contrast legal rules: Flexible, deliberately unclear, contested, malleable IS developers need requirements : clear, complete, consistent specifications of the behaviour of a system Requirements definition: procedural logic, data attributes Requirements prioritisation: feasibility, cost, must have versus nice-to-have 14

Institutional Information Infrastructures in Practice Formalising practices and knowledge is difficult ICT becomes embedded and entrenched infrastructure Need to Get It Right First Time But Information Systems security and privacy involves Risk management Cost-benefit analysis Trade-offs, not strict compliance Incremental improvements 15

Standards and FRAND

Categorising Standards de facto standards de jure standards 16

Legal Aspects of Standards Intellectual property rights Competition/anti-trust implications & patent ambush for example, Commission investigation of Rambus (2007 10) Technical Standards Directive (98/34/EC, amended by 98/48/EC) WTO Agreement on Technical Barriers to Trade 17

FRAND Licensing Fair Reasonable and Non-Discriminatory Perspectives on fair will differ Discrimination may be legitimate Commercial priorities may overly influence the standard 18

Integrating Values into Innovation and Information Law, Policy, and Practice

Integrating Values into Innovation Policy Innovation as an eco-system Creating new products and markets through creative destruction At what cost? How do we integrate fundamental values? Appropriate use of transparency, privacy, and accountability? with nuance, balance, and flexibility but which rights, if any, are trumps? Requires lawyers to understand potential and limitations of technical solutions Aim: greater coherence between legal aspirations and technical realities 19

Integrating Fundamental Values into Information Flows in Sustainability Decision-Making Rónán Kennedy * Paper for Decision Making across the Information, Technology and Sustainability Landscape: Towards Breadth and Coherence London, 13 April 2016 Abstract This case study raises key questions about how lawyers can ensure that fundamental values, such as privacy and equality, can be properly integrated into information pathways and flows in energy infrastructures. As large and distributed energy projects come to rely more and more on the enabling role of information and communications technology to make massive, responsive, and individuallytailored systems possible, a detailed consideration of questions that have not been discussed by environmental lawyers until recently is necessary. Energy usage patterns reveal lifestyle information and can highlight very sensitive issues in an individual s life: health issues (particularly sleep, diet, exercise, or alcohol use); intimate relationships and child care arrangements; or religion. Easy access to this data can enable unlawful or unfair discrimination and bias, and can be put to unintended or unwanted uses. Anonymisation is often an incomplete and inadequate response. In addition, smart grids and meters may not be secure. Consumers may not be able to make informed decisions about privacy. Technical approaches to these problems abound. Tools like Privacy by Design are touted as providing a solution. The European Commission places particular emphasis on the idea of a Data Protection Impact Assessment. Security by Design is a complementary approach, which relies on end-to-end encryption and the use of separate data streams for core and value-added services. * School of Law, National University of Ireland Galway, Galway, Ireland. Email: ronan.m.kennedy@nuigalway.ie Tel: +353 (0)91 495626 Fax: +353 (0)91 494506. The author would like to thank Dr Michael Lang of the School of Business and Economics at NUI Galway, whose ideas informed the discussion of information systems development in this paper. 1

However, these are incomplete responses. Privacy by Design provides a vague set of principles without methodological guidance: how do systems developers build privacy into design process? Privacy by Re-Design (retro-fiitting existing systems) is very expensive. Computers are designed to share, retain, index, and analyse information not to forget. Even erasure is not straightforward. Legal rules are flexible, deliberately unclear, contested, and malleable. Digital rules are rigid, clearly defiined in advance, strictly operationalised, and difffiicult to change. The latter can easily become closed, inflexible, and unaccountable systems, containing assumptions, biases, and mistakes. Formalising practices and knowledge is difffiicult and there is therefore a need to Get It Right First Time. However, information systems developers do not work from laws, principles, or rights, but with requirements : clear, complete, consistent specifiications of the behaviour of a system. Innovation in products, services, and markets is often touted as essential for sustainable development. However, this process of creative destruction should not lose sight of fundamental values, which need to be fully integrated into the thinking of entrepreneurs, policy-makers, and systems developers. This must go beyond check-box compliance or an balancing exercise in which privacy and equality always lose, to a nuanced perspective which understands that rights are enablers of, rather than barriers to, innovation. To achieve this, lawyers must fiirst obtain a deep knowledge of the potential and limitations of technological solutions. This can help to bring about greater coherence between legal aspirations and technical realities. 2

2024 © hobbydocbox.com Privacy Policy | Terms of Service | Feedback