CONSENT IN THE TIME OF BIG DATA. Richard Austin February 1, 2017

Similar documents
ITAC RESPONSE: Modernizing Consent and Privacy in PIPEDA

Our position. ICDPPC declaration on ethics and data protection in artificial intelligence

ISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Privacy framework

Violent Intent Modeling System

Copyright: Conference website: Date deposited:

2

How Explainability is Driving the Future of Artificial Intelligence. A Kyndi White Paper

What does the revision of the OECD Privacy Guidelines mean for businesses?

Big Data and Personal Data Protection Challenges and Opportunities

Staffordshire Police

Executive Summary Industry s Responsibility in Promoting Responsible Development and Use:

Privacy Policy SOP-031

This policy sets out how Legacy Foresight and its Associates will seek to ensure compliance with the legislation.

Effective Data Protection Governance An Approach to Information Governance in an Information Age. OECD Expert Consultation Boston October 2016

Executive Summary. The process. Intended use

OVERVIEW OF ARTIFICIAL INTELLIGENCE (AI) TECHNOLOGIES. Presented by: WTI

Dr Nicholas J. Gervassis University of Plymouth THE EMERGING UK DATA PROTECTION FRAMEWORK AND BEYOND

Pan-Canadian Trust Framework Overview

Australian Census 2016 and Privacy Impact Assessment (PIA)

Protection of Privacy Policy

TRUSTING THE MIND OF A MACHINE

TechAmerica Europe comments for DAPIX on Pseudonymous Data and Profiling as per 19/12/2013 paper on Specific Issues of Chapters I-IV

Robert Bond Partner, Commercial/IP/IT

Ethics Guideline for the Intelligent Information Society

APEC Internet and Digital Economy Roadmap

Details of the Proposal

ARTICLE 29 Data Protection Working Party

1 Canada needs mining. 2 Canada s competitive advantage. 3 Challenges to the industry. 4 Collaboration and engagement

Big Data & AI Governance: The Laws and Ethics

First Components Ltd, Savigny Oddie Ltd, & Datum Engineering Ltd. is pleased to provide the following

Whatever Happened to the. Fair Information Practices?

Digital Trade Policy: TPP as Minimum Standard or More?

March 27, The Information Technology Industry Council (ITI) appreciates this opportunity

Artificial intelligence and judicial systems: The so-called predictive justice

Toronto Real Estate Board Submission to Office of the Privacy Commissioner of Canada. July 2016

Integrating Fundamental Values into Information Flows in Sustainability Decision-Making

How do you teach AI the value of trust?

RECOMMENDATIONS. COMMISSION RECOMMENDATION (EU) 2018/790 of 25 April 2018 on access to and preservation of scientific information

Brief to the. Senate Standing Committee on Social Affairs, Science and Technology. Dr. Eliot A. Phillipson President and CEO

Ethical Governance Framework

UN-GGIM Future Trends in Geospatial Information Management 1

ISO/TR TECHNICAL REPORT. Intelligent transport systems System architecture Privacy aspects in ITS standards and systems

IAB Europe Guidance THE DEFINITION OF PERSONAL DATA. IAB Europe GDPR Implementation Working Group WHITE PAPER

A Guide for Structuring and Implementing PIAs

BI TRENDS FOR Data De-silofication: The Secret to Success in the Analytics Economy

ICC POSITION ON LEGITIMATE INTERESTS

Societal and Ethical Challenges in the Era of Big Data: Exploring the emerging issues and opportunities of big data management and analytics

Global Standards Symposium. Security, privacy and trust in standardisation. ICDPPC Chair John Edwards. 24 October 2016

Analysis of Privacy and Data Protection Laws and Directives Around the World

This Privacy Policy describes the types of personal information SF Express Co., Ltd. and

IS STANDARDIZATION FOR AUTONOMOUS CARS AROUND THE CORNER? By Shervin Pishevar

Data Protection and Privacy in a M2M world. Yiannis Theodorou, Regulatory Policy Manager GSMA Latam Plenary Peru, November 2013

UNCTAD Ad Hoc Expert Meeting on the Green Economy: Trade and Sustainable Development Implications November

The Institute for Communication Technology Management CTM. A Center of Excellence Marshall School of Business University of Southern California

Introduction. digitalsupercluster.ca

Internet of Things Market Insights, Opportunities and Key Legal Risks

Principles and Rules for Processing Personal Data

Intergovernmental Committee on Intellectual Property and Genetic Resources, Traditional Knowledge and Folklore

Technology transactions and outsourcing deals: a practitioner s perspective. Michel Jaccard

Ministry of Justice: Call for Evidence on EU Data Protection Proposals

Privacy Policy Framework

EXIN Privacy and Data Protection Foundation. Preparation Guide. Edition

CCTV Policy. Policy reviewed by Academy Transformation Trust on June This policy links to: Safeguarding Policy Data Protection Policy

About the Office of the Australian Information Commissioner

The Information Commissioner s response to the Draft AI Ethics Guidelines of the High-Level Expert Group on Artificial Intelligence

MSc(CompSc) List of courses offered in

Seoul Initiative on the 4 th Industrial Revolution

Our digital future. SEPA online. Facilitating effective engagement. Enabling business excellence. Sharing environmental information

ISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Privacy framework

HARNESSING TECHNOLOGY

PRIVACY ANALYTICS WHITE PAPER

Convention on Biological Diversity: ABS. The Nagoya Protocol on Access and Benefit-sharing

FRESCO WHITEPAPER

OECD Innovation Strategy: Key Findings

Presentation Outline

Information Communication Technology

Ocean Energy Europe Privacy Policy

The robots are coming, but the humans aren't leaving

Executive summary. AI is the new electricity. I can hardly imagine an industry which is not going to be transformed by AI.

GLOBAL ICT REGULATORY OUTLOOK EXECUTIVE SUMMARY

Artificial Intelligence (AI) and Patents in the European Union

Personal Data Protection Competency Framework for School Students. Intended to help Educators

Trusted Digital Transformation. Considerations for Canadian Public Policy. January 2019

REPORT ON THE INTERNATIONAL CONFERENCE MEMORY OF THE WORLD IN THE DIGITAL AGE: DIGITIZATION AND PRESERVATION OUTLINE

EVCA Strategic Priorities

EXPLORATION DEVELOPMENT OPERATION CLOSURE

12 April Fifth World Congress for Freedom of Scientific research. Speech by. Giovanni Buttarelli

Media Literacy Policy

ACCELERATING TECHNOLOGY VISION FOR AEROSPACE AND DEFENSE 2017

Privacy engineering, privacy by design, and privacy governance

CCTV Policy. Policy reviewed by Academy Transformation Trust on June This policy links to: T:Drive. Safeguarding Policy Data Protection Policy

The Ethics of Artificial Intelligence

24 May Committee Secretariat Justice Committee Parliament Buildings Wellington. Dear Justice Select Committee member,

Before the NATIONAL HIGHWAY TRAFFIC SAFETY ADMINISTRATION Washington, D.C Docket No. NHTSA

Discussion Paper on the EBA s approach to financial technology (FinTech) Public hearing, 4 October 2017

DISPOSITION POLICY. This Policy was approved by the Board of Trustees on March 14, 2017.

Standards and privacy engineering ISO, OASIS, PRIPARE and Other Important Developments

USTR NEWS UNITED STATES TRADE REPRESENTATIVE. Washington, D.C UNITED STATES MEXICO TRADE FACT SHEET

GDPR Implications for ediscovery from a legal and technical point of view

SPONSORSHIP AND DONATION ACCEPTANCE POLICY

Transcription:

CONSENT IN THE TIME OF BIG DATA Richard Austin February 1, 2017 1

Agenda 1. Introduction 2. The Big Data Lifecycle 3. Privacy Protection The Existing Landscape 4. The Appropriate Response? 22

1. Introduction The Future of Big Data Analytics in Canada Even though Big Data analytics can be challenging to execute, it has great potential for powerful insight. It will continue to grow in popularity as leaders see how it can enhance high-quality decision making. We will continue to see data analytic technology evolve and transform the way we live and do business. Many businesses will be able to create sustainable competitive advantage from Big Data. The insight gained from this will feed the development of valuable artificial intelligence and ways to become more accurate at predicting what will happen next. The financial and utility industries, in particular, have recently promoted how Big Data is being used to develop a much better understanding of their customer segmentation, demographics, customer satisfaction drivers, and even trends that may be able to predict future demand for goods and services. This is taking customer relationship management to a whole new level of sophistication. When integrated with artificial intelligence, systems may be able to know what people want before they know what they want. Arthurs, Richard, The Potential of Big Data Analytics is Significant, http://www.mnp.ca/en/posts/the-potential-of-big-data-analytics-is-significant 3 3

Top Ten Big Data Trends for 2017 1. Big data becomes fast and approachable: Options expand to speed up Hadoop 2. Big Data no longer just Hadoop: Purpose-built tools for Hadoop become obsolete 3. Organizations leverage data lakes from the get-go to drive value 4. Architectures mature to reject one-size-fits all frameworks 5. Variety, not volume or velocity, drives bigdata investments 6. Spark and machine learning light up big data 7. The convergence of IoT, cloud and big data create new opportunities for selfservice analytics 8. Self-service data prep becomes mainstream as end users begin to shape big data 9. Big data grows up: Hadoop adds to enterprise standards 10. Rise of metadata catalogs helps people find analysis-worthy big data Tableau Software, Top Ten Big Data Trends for 2017, https://www.tableau.com/resource/top-10-big-datatrends-2017 4

Power Play: Quebec bets on Data Hubs Quebec is gaining ground in its push to become one of the world s biggest jurisdictions for data warehousing, tapping its hydro-power surpluses to lure a growing list of companies including Amazon Web Services and Microsoft. Data hosting is growing quickly. Some 2,000 data 5 centres started operation worldwide between 2012 and 2015, according to DCD Intelligence. Annual investments are expected to top $20 billion (U.S.) by 2020 in the Americas, a separate forecast from London, Britainbased research company Technavio shows. Van Praet, Nicholas, The Globe and Mail, January 23, 2017 5 5

As has already been observed, the computer by itself neither can nor does invade privacy. But it does make more frequent the occasions when this might happen: by permitting the storage and rapid retrieval of vast quantities of data; by encouraging the rapid dissemination of that data over any distances; by facilitating the centralization of data and by making possible the compilation and analysis of extensive tables of statistical information. Although the technology is far from being fully developed computers can already sort and merge large data files to derive individual dossiers based on disparate information. Department of Communications and Justice, Privacy and Computers, 1972, p. 91 6 6

2. The Big Data Lifecycle Data Mining 7

Big Data: extremely large data sets that may be analyzed computationally to reveal patterns, trends, and associations, especially related to human behaviours and interactions https://en.oxforddictionaries.com/definition/big_data New sources of and new and diverse methods to collect data Unlimited data storage capacity Better techniques for linking data Algorithms (often proprietary) that analyze and learn and make predictions from data 8 8

The Big Data Lifecycle Issues and Challenges Data Collection Data Integration Indirect collection of data Use of data for new/secondary purposes Anticipation of future, currently undefined uses of the data Obliterates separate uses/ purposes Creates squishy / fuzzy linkages Sensitivity of the integrated data Data Mining/Analytics Inaccurate or poor quality data Algorithms o Poor sample space o Discriminatory results arising from poor selection of variables o Proprietary (so opaque and not reviewed) Correlation is not Causation Use Integrated and analyzed data constitutes new personal information Proprietary algorithms leads to nontransparent decision making Application is automated and arbitrary 9 9

3. Privacy Protection The Existing Landscape Personal Information Protection and Electronic Documents Act - General Principles PIPEDA S. 3 The purpose of this Part is to establish rules to govern the collection, use and disclosure of personal information in a manner that recognizes the right of privacy of individuals with respect to their personal information and the need of organizations to collect, use or disclose personal information for purposes that a reasonable person would consider appropriate in the circumstances. S. 5(3) An organization may collect, use or disclose personal information only for purposes that a reasonable person would consider are appropriate in the circumstances. s. 6(1) the consent of an individual is only valid if it is reasonable to expect that an individual to whom the organization s activities are directed would understand the nature, purpose and consequences of the collection, use or disclosure of the personal information to which they are consenting. 10 10

PIPEDA - General Principles cont d PIPEDA, SCHEDULE 1 Principle 4.3 Principle 4.3.1 Principle 4.3.2 The knowledge and consent of the individual are required for the collection, use, or disclosure of personal information, except where inappropriate. Consent is required for the collection of personal information and the subsequent use or disclosure of this information. Typically, an organization will seek consent for the use or disclosure of the information at the time of collection. The principle requires knowledge and consent. Organizations shall make a reasonable effort to ensure that the individual is advised of the purposes for which the information will be used. To make the consent meaningful, the purposes must be stated in such a manner that the individual can reasonably understand how the information will be used or disclosed. Principle 4.3.3 Principle 4.3.4 Principle 4.3.5 Principle: 4.3.6 Principle 4.3.8 An organization shall not, as a condition of the supply of a product or service, require an individual to consent to the collection, use, or disclosure of information beyond that required to fulfil the explicitly specified, and legitimate purposes. The form of the consent sought by the organization may vary, depending upon the circumstances and the type of information. In determining the form of consent to use, organizations shall take into account the sensitivity of the information. In obtaining consent, the reasonable expectations of the individual are also relevant. The way in which an organization seeks consent may vary, depending on the circumstances and the type of information collected. An organization should generally seek express consent when the information is likely to be considered sensitive. Implied consent would generally be appropriate when the information is less sensitive. An individual may withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice. The organization shall inform the individual of the implications of such withdrawal. 11

PIPEDA - General Principles cont d PIPEDA, SCHEDULE 1 Principle 4.5 Principle 4.5.2 Principle 4.5.3 Principle 4.8 Principle 4.8.1 Principle 4.9 Personal information shall not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by law. Personal information shall be retained only as long as necessary for the fulfilment of those purposes. Organizations should develop guidelines and implement procedures with respect to the retention of personal information. These guidelines should include minimum and maximum retention periods. Personal information that has been used to make a decision about an individual shall be retained long enough to allow the individual access to the information after the decision has been made. Personal information that is no longer required to fulfil the identified purposes should be destroyed, erased, or made anonymous. An organization shall make readily available to individuals specific information about its policies and practices relating to the management of personal information. Organizations shall be open about their policies and practices with respect to the management of personal information. Individuals shall be able to acquire information about an organization s policies and practices without unreasonable effort. This information shall be made available in a form that is generally understandable. Upon request, an individual shall be informed of the existence, use, and disclosure of his or her personal information and shall be given access to that information. An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate. 12

Principle 4.2 Principle 4.2.3 Principle 4.4 Principle 4.41 PIPEDA Data Collection PIPEDA, SCHEDULE 1 The purposes for which personal information is collected shall be identified by the organization at or before the time the information is collected. The identified purposes should be specified at or before the time of collection to the individual from whom the personal information is collected. Depending upon the way in which the information is collected, this can be done orally or in writing. An application form, for example, may give notice of the purposes. The collection of personal information shall be limited to that which is necessary for the purposes identified by the organization. Information shall be collected by fair and lawful means. Organizations shall not collect personal information indiscriminately. Both the amount and the type of information collected shall be limited to that which is necessary to fulfil the purposes identified. 13

Principle 4.2.4 PIPEDA Use PIPEDA, SCHEDULE 1 When personal information that has been collected is to be used for a purpose not previously identified, the new purpose shall be identified prior to use. Unless the new purpose is required by law, the consent of the individual is required before information can be used for that purpose. For an elaboration on consent, please refer to the Consent principle (Clause 4.3). Principle 4.5.1 Organizations using personal information for a new purpose shall document this purpose (see Clause 4.2.1). Principle 4.6 Principle 4.6.1 Personal information shall be as accurate, complete, and up-to-date as is necessary for the purposes for which it is to be used. The extent to which personal information shall be accurate, complete, and up-to-date will depend upon the use of the information, taking into account the interests of the individual. Information shall be sufficiently accurate, complete, and up-to-date to minimize the possibility that inappropriate information may be used to make a decision about the individual. 14

Privacy Policies How we use information we collect We use the information we collect from all of our services to, provide, maintain, protect and improve them, to develop new ones, and to protect Google and other users. We also use this information to offer you tailored content like giving you more relevant search results and ads. We use information collected from cookies and other technologies, like pixel tags, to improve your user experience and the overall quality of our services. Our automated systems analyze your content (including emails) to provide you personally relevant product features, such as customized search results, tailored advertising, and spam and malware detection. We may combine personal information from one service with information, including personal information from other Google services for example to make it easier to share things with people you know. Depending on your account settings, your activity on other sites and apps, may be associated with your personal information in order to improve Google s services and the ads delivered by Google. https://www.google.ca/intl/en/policies/privacy/?fg=1 15 15

4. The Appropriate Response? 16

However, we also want to acknowledge that the current and future technological environments make it increasingly difficult to seek and provide informed consent. In that context, does the solution lie only in giving individuals better information and mechanisms by which to make informed choices, or must we find other ways to protect their interests? Organizations also face challenges in fulfilling the requirement to obtain meaningful consent from individuals. Their need for innovation would be supported by greater clarity as to acceptable purposes for data processing in the absence of express consent and internal mechanisms that would guide them in balancing benefits to the organization against privacy risks to the individual. The challenge of such mechanisms lies in ensuring that the privacy risks are assessed independently and that the individual s interests are protected. Consent and Privacy - A discussion paper exploring potential enhancements to consent under the Personal Information Protection and Electronic Documents Act, May 2016, p. 26 at https://www.priv.gc.ca/en/opc-actions-and-decisions/research/explore-privacyresearch/2016/consent_201605/ 17

Consent and Privacy Possible Solutions Enhance consent Consent Alternatives Governance Enforcement Require greater transparency Manage privacy preferences across services Implement (require) technology-specific safeguards Establish privacy as the default setting including implementation of Privacy by Design Require anonymization / pseudonymization / de-identification Establish prohibitions and limitations on collection, use or disclosure of data in specific circumstances Allow appropriate collection, use or disclosure for legitimate business interests Promote / require (sectoral) codes of practice Enable privacy trust marks Promote / require advisory or mandatory ethical assessments (Ethics Review Boards) Requirements to demonstrate / report compliance with consent and consent alternative mechanisms Regulatory audits Increased penalties Increased enforcement powers 18

QUESTIONS? Richard Austin Deeth Williams Wall LLP raustin@dww.com 416 941 8210 19

2024 © hobbydocbox.com Privacy Policy | Terms of Service | Feedback