Presentation is loading. Please wait.

Presentation is loading. Please wait.

Privacy, data protection and connected cars Lilian Edwards, Professor of Internet Law University of Strathclyde Researcher in Residence, Digital Catapult.

Published byJason Robinson Modified over 8 years ago

Similar presentations

Presentation on theme: "Privacy, data protection and connected cars Lilian Edwards, Professor of Internet Law University of Strathclyde Researcher in Residence, Digital Catapult."— Presentation transcript:

1 Privacy, data protection and connected cars Lilian Edwards, Professor of Internet Law University of Strathclyde Researcher in Residence, Digital Catapult February 2016

2 Fear, uncertainty and doubt in the IoT "Your smart watch will reveal your lack of exercise to your health insurance company, your car will tell your insurer of your frequent speeding, and your dustbin will tell your local council that you are not following local recycling regulations. This is the “internet of stool pigeons”, and though it may sound far-fetched, it’s already happening" Guardian,11 March 2015. “Bentham’s Panopticon is child’s play compared to surveillance in a fully functioning IoT”. Wisman

3 Sensitivity of location data  Art 29 WP “movement patterns of owners.. provide a very intimate insight into the private lives of owners”  US FTC 2013: “mobile devices typically personal to individual, almost always on, and with the user” -> highly sensitive data  Recent O2 tube example  “will track an estimated one million journeys a day made by O2 customers within London's Zone One… [also] tracks which apps customers are using and the types of web pages visited, aggregating the information to sell to advertising companies and big brands” -> targeted ads to mobiles (Telegraph, 11 Feb 2016)

4 Legality? 02 Underground Service Terms and Conditions  “10. By signing up to the service you consent to us using your personal data (including data in relation to your O2 contract and data in relation to your use of O2 WiFi) to verify who you are and to provide you with access to the service.  “…26. By using the services you are providing your consent to use your personal information together with other information for the following purposes: a. profiling your usage and viewing; b. personalising your experience of the services based on your usage and viewing profile; and c. improving and developing the services.  27. We may share with third parties information about your use of the services in an aggregated form which will not personally identify you. This aggregated data may be used by those third parties for their marketing purposes (e.g. to improve their targeting of advertising based on user preferences). “

5 Industry trust principles and suggestions  US - Consumer Privacy Protection Principles For Vehicle Technologies and Services  (1) transparency (2) choice (3) respect for context (4) data minimization, de-identification and retention (5) data security (6) integrity and access; and (7) accountability.  Largely subsumed in Europe by data protection law (?)  EU- German Federal and State Data Protection Authorities - “Data Protection in the Car” 2014Data Protection in the Car”  Article 29 Working Party published its Opinion on the Internet of Things (2014).  Non-industry: Future of Privacy Forum’s white paper, The Connected Car and Privacy: Navigating New Data Issues

6 Is consent required by law to collection of location data? a. DP principles (8) apply to processing of personal data Personal Data shall be processed lawfully and fairly 1. Consent 2. “Legitimate interests of data controller” so long as not infringing fundamental rights and freedoms of data subject 3. Others eg necessary for completion of contract b. Privacy and Electronic Communications Directive 2002 (PECD) amended 2009 - Prior consent needed to collection of “data.. indicating the geographic position of the terminal equipment of a user of a publicly available electronic communications service” - Many queries if this actually includes data collected by connected cars? “Uber” or single-owner model?

7 Quality of consent needed?  DPD, Art 2 “any freely given, specific and informed indication of his wishes by which the data subject signifies his agreement to personal data relating to him being processed.”  GDPR changes  Who has to give consent to collection of their location?  owner/leaser of car  family/friends of such a sole user?  Anyone who rides in a CC via some kind of hire or app? (“Uber”/taxi paradigm)  What will be known about passengers?  Out may be to claim that personal data is not collected, or if it is, that it is anonymised

8 Issues for trust in privacy protection  What personal data did I consent to disclose using a connected car?  How will consent of riders other than prime owner/leaser be gathered  Will it be meaningful (informed, unpressurised) consent?  What grounds other than consent might be used eg “legitimate interests”?  If data is collected on basis of being non personal, or collected and aggregated - > anonymous data, is my privacy really safe?  Mosaic theory  Reidentification work

Download ppt "Privacy, data protection and connected cars Lilian Edwards, Professor of Internet Law University of Strathclyde Researcher in Residence, Digital Catapult."

Similar presentations

Principles of Information Systems

Principles of Information Systems
Re-use of PSI Data Protection Issues Cécile de Terwangne Professor at the Law Faculty, Research Director at CRIDS University of Namur (Belgium) 2 nd LAPSI.

Re-use of PSI Data Protection Issues Cécile de Terwangne Professor at the Law Faculty, Research Director at CRIDS University of Namur (Belgium) 2 nd LAPSI.
Public Sector Information & Data Protection: A plea for personal privacy settings for the re-use of PSI Bart van der Sloot Institute for Information Law.

Public Sector Information & Data Protection: A plea for personal privacy settings for the re-use of PSI Bart van der Sloot Institute for Information Law.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.
Data Protection & Privacy in the Information Age COMNET – Legal Frameworks for ICTs Malta 2013 Dr Antonio Ghio Dr Jeanine Rizzo.

Data Protection & Privacy in the Information Age COMNET – Legal Frameworks for ICTs Malta 2013 Dr Antonio Ghio Dr Jeanine Rizzo.
DATA PROTECTION and Research University Research Ethics Committee – 30.05.2008 David Cauchi David Cauchi Office of the Commissioner for Data Protection.

DATA PROTECTION and Research University Research Ethics Committee – David Cauchi David Cauchi Office of the Commissioner for Data Protection.
Privacy on the WEB Privacy on the WEB Group 0227 Efrain Castro, Dinesh Parmer, Michael Raiford Robert Reich, Kim Walker, Claudia Worme.

Privacy on the WEB Privacy on the WEB Group 0227 Efrain Castro, Dinesh Parmer, Michael Raiford Robert Reich, Kim Walker, Claudia Worme.
Net Neutrality, What Else? Wim Nauwelaerts Partner Hunton & Williams.

Net Neutrality, What Else? Wim Nauwelaerts Partner Hunton & Williams.
Smart Grid, Data and Behaviour – Privacy and Security Issues - Potential for Secure Computation Lexpert Seminar December 9, 2013David Young, Partner.

Smart Grid, Data and Behaviour – Privacy and Security Issues - Potential for Secure Computation Lexpert Seminar December 9, 2013David Young, Partner.
DATA PROTECTION and Research University Research Ethics Committee – 08.05.2006 David Cauchi Office of the Data Protection Commissioner.

DATA PROTECTION and Research University Research Ethics Committee – David Cauchi Office of the Data Protection Commissioner.
Ethics in a Computing Culture

Ethics in a Computing Culture
1 Pertemuan 7 Points of Exposure Matakuliah:A0334/Pengendalian Lingkungan Online Tahun: 2005 Versi: 1/1.

1 Pertemuan 7 Points of Exposure Matakuliah:A0334/Pengendalian Lingkungan Online Tahun: 2005 Versi: 1/1.
P3P: Platform for Privacy Preferences Charlin Lu Sensitive Information in a Wired World November 11, 2003.

P3P: Platform for Privacy Preferences Charlin Lu Sensitive Information in a Wired World November 11, 2003.
Lecture to Carleton University, Center for European Studies, December 1, 2010.

Lecture to Carleton University, Center for European Studies, December 1, 2010.
Data Protection: International. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.

Data Protection: International. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.
3-1 Chapter Three. 3-2 Secondary Data vs. Primary Data Secondary Data: Data that have been gathered previously. Primary Data: New data gathered to help.

3-1 Chapter Three. 3-2 Secondary Data vs. Primary Data Secondary Data: Data that have been gathered previously. Primary Data: New data gathered to help.
Data Protection & Human Rights. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.

Data Protection & Human Rights. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.
Lawyer at the Brussels Bar Lecturer at the University of Strasbourg Assistant at the University of Brussels Data Protection & Electronic Communications.

Lawyer at the Brussels Bar Lecturer at the University of Strasbourg Assistant at the University of Brussels Data Protection & Electronic Communications.
Identity A legal perspective FIDIS WP2 workshop 2/3 december 2003

Identity A legal perspective FIDIS WP2 workshop 2/3 december 2003
Eric J. Pritchard One Liberty Place, 46 th Floor 1650 Market Street Philadelphia, Pennsylvania (215) 496-7241

Eric J. Pritchard One Liberty Place, 46 th Floor 1650 Market Street Philadelphia, Pennsylvania (215)

Similar presentations

Ads by Google