and the ideas being developed by Mydex that adapt vendor relationship-management software tools to put citizens in control of the personal data held by big firms and public agencies.
The second is about to the risk related to the data protection and security, which is a very important factor that needs to be considered.
Development Platforms for Mobile Applications (App) based on a reference framework Application integration with enterprise information systems (software and data) Device management (data privacy and security) Software solutions
and challenges for company data privacy and security by Bring Your Own Device (BYOD) and IT Consumerization emergent phenomena (see for details the Chap. 5 of this book).
privacy sensitive techniques, protecting personal data involved in real-time interactions and data streams; Table 4. 5 Social sensing domains and applications Domains Applications (sample) Crowdsourcing for user centered activities Location trends Google Latitude Google Public
However, at work places, 56%of employers do not allow access to non-work related resources or websites and 63%ban their employees from saving personal data and files on company's computers.
1. protection of sensitive personal data; 2. the division responsible about application services lacks with regard to consistency to audit data analysis history;
and on identifying avenues for consensus with external partners on the protection of personal data? Indeed, if Europe's history can be of any value here,
Industry William Hoffman, Associate Director, Head of Personal data Initiative Dimitri Kaskoutas, Senior Community Associate, Telecommunication Industry Danil Kerimi, Director, Government affairs, Information
and seeking to harmonize regulations around data privacy globally. Policymakers should establish an environment that facilitates the business viability of the big data sector (such as data
As a consequence, best practice for data flows to and from individual citizens and businesses is to require them to have secure personal data stores
especially regarding the protection of personal data and privacy. The increasing importance of protecting personal data and privacy is being recognized by countries and organizations across the world.
There are however, a range of diverging views about how to tackle the issue. These range from the light-touch approach of the United states,
The issues of concern include how to define personal data, how to treat anonymous data, whether to allow the right to be forgotten,
Some policies such as transparency in the use of data and effective mechanisms for consumer control of personal data can help in this regard.
Emerging cross-border issues include national data protection rules and data transfers, data portability and interoperability standards,
Many of the external challenges that companies face revolve around data privacy considerations. For example, very specific details of an individual's lifestyle preferences and buying habits are captured now
Regulatory framework for data privacy Dataavailability andgovernance ICT infrastructure Sponsorship Big data ecosystem Organizational capabilities and resources Public perception and awareness Data-driven decision-making culture
policymakers should set clear rules regarding data privacy so that organizations know which personal data they can store and for how long,
and which data are forbidden explicitly by privacy regulations. If the scope of permissible data is to expand,
Cultural factors will have a strong bearing on the decision about the right level of data privacy in any given country,
On a regional level, groups such as the European union allow possible harmonization of data privacy regulation across borders,
though, no binding agreement to harmonize regulation around data privacy currently looks likely in the short to medium term.
when an organization plans to outsource data operations to a foreign provider, yet some personal data are prohibited from being transferred out of the country concerned.
The Organisation for Economic Co-operation and Development (OECD) Guidelines on the Protection of Privacy and Transborder Flows of Personal data,
a common understanding for data privacy and data protection regulation on the basis of guidelines and recommendations from a high-profile international organization is the most sensible option currently available.
They formulate basic principles around the limitation of collection of personal data, the specification of the purpose of data collection, the protection of collected data, the prevention of data loss or unauthorized access,
OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal data. Available at http://www. oecd. org/internet/ieconomy/oecdguidelinesonthe protectionofprivacyandtransborderflowsofpersonaldata. htm. Polonetsky, J. and O. Tene. 2013.
His disclosures ignited an overdue public debate on the balance between personal privacy and our growing digital capabilities regarding the collection and use of personal data.
and regulation comes from the danger of putting so much personal data into the hands of either companies or governments.
From the point of view of Orange, it also demonstrates the potential for new lines of business that combine this data commons with customers'personal data:
and audit how personal data may be used and shared is the goal of new privacy regulations in the European union, the United states, and elsewhere.
The current best practice is a system of data sharing called trust networks. 2 Trust networks are a combination of a computer network that keeps track of user permissions for each piece of personal data
This is the model of personal data management that is most frequently proposed within the World Economic Forum Personal data Initiative.
all personal data have attached labels specifying what the data can, and cannot, be used for. These labels are matched exactly by terms in a legal contract between all the participants stating penalties for not obeying the permission labels
To give individuals a similarly safe method of managing personal data the MIT Human Dynamics Laboratory (http://hd. media. mit. edu), in partnership with the Institute for Data Driven Design (http://idcubed. org), have helped build openpds (open
Personal data Store) a consumer version of this type of system. We are now testing it with a variety of industry
and test trust-network software such as the openpds system by deploying a set of personal data services designed to enable users to collect,
and using deeply personal data in real-world situations. For example, it will explore different techniques and methodologies to protect the users'privacy
while at the same time being able to use personal data typically mobility, financial, and medical records to generate a useful data commons.
and regulations comes from the danger of putting so much personal data into the hands of governments.
Because the architecture is so similar to the citizencentric personal data stores, it enables easier and safer sharing of data between citizens and government.
As a consequence, best practice for data flows to and from individual citizens and businesses is to require them to have secure personal data stores
Personal data: The Emergence of a New Asset Class. Geneva: World Economic Forum. Available at http://www3. weforum. org/docs/WEF ITTC Personaldatanewasset report 2011. pdf. The Global Information technology Report 2014 59 Chapter 1. 4:
STRIKING A PRIVACY BALANCE We have watched the sharing of personal data increase year after year since people first connected across the Internet.
Given enough personal data information can be correlated that can be both unsettling and unwanted. Today's public, legislative,
and use of personal data a common technique used by customer loyalty programs. Organizations should also consider the use of anonymization techniques to mask personal identities where that is the appropriate path.
This requires policy frameworks that permit data including personal data to be collected, analyzed, and exchanged freely,
and none addresses the potential social and economic benefits of personal data. For example, corporate revenues per record/user are problematic
Similarly, the vast amount of personal data on Facebook have a relatively low per-person value because the company,
Thus, on a per-user level, its inferred personal data (which are at present mostly outside the user's control) are more valuable than Facebook's volunteered personal data
(which the user has assembled painstakingly, and over which she or he has at least nominal control.
Potential approaches for estimating the value of personal data The following methods for valuing personal data have been identified,
determining the market capitalizations of firms with business models predicated on personal data; ascertaining the revenues or net income per data record;
which personal data are offered or sold; establishing the economic cost of a data breach; determining prices for personal data in illegal markets;
reviewing economic experiments and surveys that attempt to establish the price companies would need to pay for individuals to give up some of their personal information;
and capture the monetary value produced by personal data, over time, in a decentralized data ecosystem and consequently provides a foundation for both trustworthy data and fair value exchange.
metadata enables individuals to change their personal data preferences and permissions over time, prevent undesirable use of previously collected data, address unanticipated uses,
Thus, if we consider personal data to be the product of an individual's online labors,
Personal data Management: The User's Perspective. International Institute of Communications. Available at http://www. iicom. org/open-accessresources/doc details/226-personal data-management-the-usersperspective.
Lanier, J. 2013. Who Owns the Future? New york: Simon & Schuster. Machlup, F. 1962. The Production and Distribution of Knowledge in the United states. Princeton, NJ:
Exploring the Economics of Personal data: A Survey of Methodologies for Measuring Monetary value. OECD Digital economy Papers, No. 220.
CONSUMER TRUST AS AN ENABLER OF BIG DATA Research reveals that consumers are concerned increasingly about how their personal data are used (Figure1
and data protection in the online world. If big data is to deliver on its promise, companies will need both to create customer trust in big data applications
and their use and to help customers feel safe about the protection of their personal data and privacy.
Governments and regulators will need to frame data protection policies that safeguard the privacy of both customers and citizens.
DATA PROTECTION ARCHETYPES ACROSS THE WORLD The protection of personal data has long been viewed as a fundamental right,
or withholding consent before their personal data are Figure 1: Consumers'privacy protection concerns Sources: USC Dornslife/Los angeles times 2012;
We present the top 3 responses here. 74%of Europeans think that disclosing personal data is increasingly part of modern life 78%of US citizens think that companies collecting personal information online are invading consumers
'privacy 72%of Internet users are worried about giving away too much personal data 88%of Europeans believe that their data would be protected better in large companies that are obliged to name a data protection officer Companies that breach protection rules should be fined*51 40
when so many companies and organizations are seeking access to personal data and can gain that access more easily.
Data protection laws are evolving not only in an attempt to keep pace with technological developments and new ways of using,
collecting, and sharing personal data, but also to keep pace with attitudes toward privacy. To better understand the state of play,
Mckinsey has conducted extensive research into the data protection regulatory frameworks of more than 20 countries worldwide, identifying the key principles and requirements (Figure2).
where there is no general federal data protection law. Instead, different sectors such as healthcare, telecommunications, and finance are regulated by specific laws applying only to these sectors.
and companies then follow to ensure a common, minimum level of data protection across member economies.
The aim is to enable the easier transfer of data among economies where the level of data protection regulation varies greatly.
Although some Asian economies (such as Pakistan) still lack data protection laws entirely or have introduced recently them (e g.,
and privacy in their respective member countries. 7 These frameworks not only define what is regarded as personal data
One example of this evolution is that the European union is currently updating the existing data protection directive from 1995 to better meet the requirements of today's data-intensive world. 9 In the United states
the Federal trade commission (FTC) has increased its focus on data protection issues and has published several reports and recommendations on the topic in the past few years.
Opinions on the best approach to data protection and privacy regulation differ. Some experts argue that it is better to adopt a light-touch approach in a technologically dynamic world because detailed,
Whatever approach is taken we believe data protection and privacy regulation is becoming more and more important across the world,
Variation in data protection regulation across markets Sources: Council of europe 2013a, b; European commission 1995,2002, 2012; IAPP 2013a, b.*The convention was initiated
See Council of europe, Convention for the Protection of Individuals with regard to Automatic Processing of Personal data (ETS No. 108),
if personal data is processed and the right to file a complaint if it is misused After amendments,
regulation in Argentina and Uruguay is at the EU level of strictness No specific data protection law exists in Brazil,
and sector-specific data protection legal provisions Existing regulation is already the strictest globally Regulations cover all industry sectors Regulation requires adequate protection that is,
AND CENTRAL ASIA MIDDLE EAST AND AFRICA ASIA PACIFIC Data protection Acts exist in some countries (Azerbaijan, Georgia, Russia, Ukraine) Enforcement is low (relevant mechanisms
the United arab emirates) already have data protection laws Morocco signed the Council of europe data protection convention in 2013, *establishing a general data protection regime Most countries are unregulated
or have single points in sector laws (e g.,, Algeria, Egypt) The level of protection ranges from strong protection in Japan and the Republic of korea to weaker protection in Bangladesh, China, Pakistan, Indonesia, for example Recent awareness of data protection issues has resulted in several
new laws in economies such as India Hong kong SAR, the Republic of korea, and Singapore, as well as other efforts,
while maintaining customer trust and data protection. These areas include: consent before collection, a definition of personal data, anonymization, the right to be forgotten, relevant jurisdiction,
and liability issues. Each of these key areas is discussed below. Consent before data collection. A key principle in the European regulatory framework is need the to obtain personal consent before data are gathered.
The definition of personal data. The suggested EU framework defines personal data as any data that can be attributed to an identifiable person either directly or indirectly.
The APEC framework describes personal data as information about an identified or identifiable individual. Both these definitions mean that not only data clearly identifying a person with information such as a name
or address is considered to be personal data, but also data that can be attributed to a person indirectly through some other measure,
such as via a mobile phone number or an identity code. In a big data world where a lot of data are interlinked,
Traditionally, anonymous data have not been subject to data protection laws. However, in a big data world where anonymized data can easily be linked up,
Another question related to data anonymization is the right of companies to use the personal data already in their possession and turn them into anonymized data that they sell to others.
The new EU data protection framework proposes introducing a right for users to request that data controllers remove their personal data from their files.
Although on paper it sounds easy to remove personal data relating to an individual upon request,
In its recent proposal on the new EU data protection regulation, the European union extends the applicability of its regulation to companies outside the European union that are handling data relating to European union based individuals.
when shaping their personal data protection policies. Although not prescribing any single solution, certain principles will help guide regulators in their deliberations
When it comes to data protection, companies and other organizations will need regulatory certainty if innovation is to be encouraged.
An even a wider take on data protection issues in the big data environment would be beneficial for all parties.
the use of personal data in mobile marketing but so far efforts have occurred mainly at the country level,
in markets such as the United states and the United kingdom. An international industry standard specifically concerning the use of personal data protection in big data would certainly be beneficial to establish a higher level of trust among consumers
and create a clear data protection standard for companies. The weakness of industry self-regulation is obviously enforcement,
If they develop an efficient data protection strategy companies may also gain competitive advantage in the form of cost savings, organizational efficiency,
a company may wish to build on its reputation as a reliable company that safeguards customers'personal data or position itself as an innovative company with cool services based on its users'behavior and habits or preferences.
The Role of Regulation in Unlocking the Value of Big data Companies should strive to make data protection part of the company culture.
(when compliance measures are needed) by implementing data protection in their processes from the start. Companies must also cooperate with regulatory authorities.
Privacy and data protection regulation is constantly evolving. This means that companies will need to establish a close relationship with national regulators to ensure compliance
customers are usually willing to share personal data if the value of the service is attractive enough
Convention for the Protection of Individuals With regard to Automatic Processing of Personal data. Available at http://conventions. coe. int/Treaty/en/Treaties/Html/108. htm..2013a.
Data protection. Available at http://www. coe. int/t/dghl/standardsetting/Dataprotection/default en. asp..2013b. Human rights and Rule of law:
Data protection: National laws. Available at http://www. coe. int/t/dghl/standardsetting/dataprotection/National%20laws/National laws en. asp.
Directive 95/46/EC on the Protection of Individuals With regard to the Processing of Personal data and on the Free Movement of such Data.
Attitudes on Data protection and Electronic Identity in the European union. Brussels: Directorate-General Communication. Available at http://ec. europa. eu/public opinion/archives/ebs/ebs 359 en. pdf..2012.
Proposal for a Regulation of the European parliament and of the Council on the Protection of Individuals With regard to the Processing of Personal data and on the Free Movement of such Data general Data protection Regulation), COM (2012) 11 final.
Available at http://ec. europa. eu/justice/data protection/document/review2012/com 2012 11 en. pdf. FTC (Federal trade commission. 2010 14.
Data protection Authorities. Available at https://www. privacyassociation. org/resource center/data protection authorities. Kroes, N. 2013a. The Big data Revolution.
Data privacy Lab. White paper 1021-1 april 24. Available at http://dataprivacylab. org/projects/pgp/./USC Dornsife/Los angeles times. 2012.
It is important to note that opening up public data does not necessarily lead to the disclosure of personal data.
We will go into more detail around the discussions on privacy and personal data in the following section.
Personal data are the type that has drawn the most attention from a regulatory point of view, in relation to data-driven innovation.
risk-reducing behavior regarding the use of personal data. Legislation should take into account the tension between data-driven innovation and the principle of data minimization.
This principle essentially states that the collection of personal data should be limited to what is relevant and necessary to accomplish a specific purpose,
first, the definition of personal data; and second, the model of consent by users. These considerations are both critical,
as well as the uses for which consent may have been given. 36 A practical definition of personal data should be based on the real possibility of identifying an individual during the treatment of data. 37 This is why applying existing approaches to personal data may result in overly broad definitions that can
Decisions that affect datadriven innovation are focused usually on the problems of privacy and data protection, but fail to consider economic and social benefits that regulation could preclude.
Governments should spearhead the effort to ensure the privacy and security of personal data. The appropriate agency should take a leading role in working with all relevant private
and implement policies for safeguarding personal data and means for enforcement. Box 2: Organizations already using big data initiatives A few organizations that have followed frameworks for using big data include:
M-H. Carolyn Nguyen Dr M-H. Carolyn Nguyen is a Director in Microsoft's Technology Policy Group, responsible for policy initiatives in data governance and personal data management.
Sandy Pentland Alex Sandy Pentlanddirects MIT's Human Dynamics Laboratory and the MIT Media Lab Entrepreneurship Program, co-leads the World Economic Forum's Big data and Personal data initiatives,
< Back - Next >
Overtext Web Module V3.0 Alpha
Copyright Semantic-Knowledge, 1994-2011