Abstract
The right to privacy is enshrined in the European charter of fundamental rights. The right to data protection is a relatively novel right, also enshrined in the same European charter. While these rights seem to focus on a defensive and protective approach, they also give rise to a positive and constructive interpretation. The GDPR may act as driver for innovation. Not only for assuring a better way of dealing with personal data, but including a more encompassing approach of assuring privacy. RESPECT4U offers a framework of seven privacy principles that help organisations in promoting this positive attitude towards the reconciliation of privacy and innovation: Responsible processing, Empowering data subjects, Secure data handling, Pro-active risk management, Ethical awareness, Cost-benefit assessment, Transparent data processing. This paper introduces the background of RESPECT4U, and elaborates the seven principles that form its foundation. Together they demonstrate that privacy can act as innovation driver.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
See the blog post of Daniel Solove on this issue: https://teachprivacy.com/the-hidden-force-that-will-drive-gdpr-compliance/; last accessed 2018/04/08.
- 2.
GDPR, art 24(1): “… the controller shall implement appropriate technical and organisational measures to ensure and to be able to demonstrate that processing is performed in accordance with this Regulation.”, Art 28 (1) “… the controller shall use only processors providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that processing will meet the requirements of this Regulation and ensure the protection of the rights of the data subject.”
- 3.
See for instance https://www.privacylaws.com/Publications/enews/International-E-news/Dates/2018/4/Facebook-shifts-15-billion-users-to-avoid-GDPR/ and https://martech-today.com/facebook-well-implement-gdpr-privacy-protections-globally-213545, showing both sides of the coin. Last accessed 2018/05/20.
- 4.
See for instance https://gdprindex.com/, a website that provides an overview of firms active in providing consultancy services of various kinds.
- 5.
The ‘Cambridge Analytica’ casus is a clear point in respect. This organisation has acted quite irresponsibly in its strive to influence people’s behaviour by illegitimately using knowledge on their postings on social media. While one could question whether ‘nudging people’ is unethical by itself, the unlawful processing of personal data by Cambridge Analytica is a clear infringement of legal obligations in offering choice and consent to people.
- 6.
The second meaning given in the dictionary is to liberate. The meaning of ‘being robbed’ is however also present in the Spanish meaning of the word ‘privar’.
- 7.
The statement was made during a debate in the House of Parliament in 1773 where it was discussed whether the Crown’s forces were entitled to search in houses for evidence of the production of cider in order to levy taxes. See https://www.chroniclesmaga-zine.org/blogs/thomas-fleming/defending-the-family-castle-part-i/; last accessed 2018/04/08.
- 8.
See (Finn et al. 2013) for an elaboration of seven dimensions of privacy including the right to relational privacy. In this paper we will stick to the four privacy dimensions that are commonly recognized as relevant ones: information privacy, relational privacy, spatial privacy and bodily privacy.
- 9.
See https://epic.org/privacy/hew1973report/ for a web-based version of the report. Last accessed 2018/04/08.
- 10.
See https://www.coe.int/en/web/conventions/full-list/-/conventions/treaty/108/signatures; last accessed 2018/04/08.
- 11.
This similarity may be larger than it seems to be at first glance. The GDPR may have a similar impact on business processes: from resistance to embracement and inclusion in the very heart of business activities.
- 12.
See for instance https://www.computerweekly.com/opinion/Why-Europes-GDPR-privacy-regulation-is-good-for-business; https://www.computerweekly.com/news/252435774/GDPR will-have-positive-ripple-effect-say-US-consumer-group. Last accessed 2018/04/14.
- 13.
https://iapp.org/news/a/why-the-gdpr-is-good-for-businesses/. Last accessed 2018/04/14.
- 14.
https://www.edq.com/uk/blog/8-reasons-why-the-gdpr-can-help-boost-your-business/; last accessed 2018/04/14.
- 15.
Costs and benefits do not only relate to financial or monetary aspects, as we will demonstrate further on.
- 16.
This refers to the famous saying that data is the new oil. Quoted by many, the origin of the quote is not fully known. See https://www.quora.com/Who-should-get-credit-for-the-quotedata-is-the-new-oil. Last accessed 2018/04/14.
- 17.
The recent uproar concerning the activities of Cambridge Analytica and the role Facebook played is a point in respect.
- 18.
Public (and political) awareness concerning the need to change to sustainable production modes has had a decisive influence on the dominant role of becoming and being sustainable. While differences with ‘data pollution’ we are experiencing today are obvious, both practices share some similarities as well. See for instance the presentation of Van den Hove during a Conference on sustainability organized by EWI Vlaanderen. https://www.ewivlaanderen.be/sites/default/files/rri_sep2016_vandenhoven.pdf. Last accessed 2018/05/21.
- 19.
We are participating in a research project for the European Commission in which we study the manner in which art 42 and 43 of the GDPR should be understood and should be operationalized. The results of this study are not publicly available yet, as the study has not been completed. Finalization is foreseen for June 2018.
- 20.
See https://www.european-privacy-seal.eu/EPS-en/Home; last accessed 2018/04/16.
- 21.
See https://cip-overheid.nl/privacy-baseline; last accessed 2018/04/16.
- 22.
Initially developed for scoring the maturity of business processes in the Capability Maturity Model (Paulk 2002).
- 23.
These experiments were performed for commercial organisations. We cannot support these claims by public data yet. We hope to do so in the near future.
- 24.
See https://www.dtls.nl/fair-data/personal-health-train/; last accessed 2018/04/15.
- 25.
See https://privacybydesign.foundation/irma/; last accessed 2018/04/15.
- 26.
The Article 29 Working Party has produced guidelines fort his identification but these guidelines are also not decisive and leave many items open (such as the definition of ‘systematic’ and ‘large-scale’). The GDPR indicates that a list will be developed that may contain processing operations in need of a DPIA and a list of operations not in need of a DPIA, but it may take some time before such a list has been concluded. (Art29WP 2018)
- 27.
Our research organization, TNO, collaborates with the Radboud University and Tilburg University in the Privacy & Identity Lab, PI.lab, on digital privacy and electronic identity issues. The PI.lab brings together researchers of various disciplinary backgrounds in order to create a multi-disciplinary approach of privacy in current day data processing. See https: www.pilab.nl; last accessed 2018/04/16.
- 28.
See IPEN, International Privacy Engineering Network https://edps.europa.eu/data-protection/ipen-internet-privacy-engineering-network_en; last accessed 2018/04/15.
- 29.
- 30.
- 31.
- 32.
The bankruptcy of Cambridge Analytica demonstrates that consequences of social condemnation may be severe. See https://www.reuters.com/article/us-cambridge-analytica-bank-ruptcy/cambridge-analytica-files-for-chapter-7-bankruptcy-idUSKCN1IJ0IS; last accessed 2018/05/21.
- 33.
See http://blogs.lse.ac.uk/mediapolicyproject/2016/07/27/the-economics-of-privacy/; last accessed 2018/04/16.
- 34.
See https://privasee.blog/2015/11/18/do-you-have-privacy-champions-in-your-organisation/; last accessed 2018/04/16.
- 35.
The RESPECT4U white paper outlines the basic elements of the RESPECT4U privacy principles. See https://pilab.nl/research/respect4u.html/; last accessed 2018/05/21.
References
Article 29 Working Party: Guidelines on Data Protection Impact Assessment (DPIA) and determining whether processing is” likely to result in a high risk” for the purposes of Regula- tion 2016/679, wp248rev.01. http://ec.europa.eu/newsroom/article29/item-de-tail.cfm?item_id = 611236. Accessed 15 Apr 2018
Acquisti, A., Friedman, A., Telang, R.: Is there a cost to privacy breaches? an event study. In: ICIS 2006 Proceedings, p. 94 (2006). http://aisel.aisnet.org/icis2006/94. Accessed 16 Apr 2018
Aquisti, A.: Nudging privacy – the behavioral economics of privacy. In: IEEE Privacy & Security, November/December, pp. 72–75 (2009)
Acquisti, A., Taylor, C., Wagman, L.: The economics of privacy. J. Econ. Lit. 54(2), 442–492 (2016)
Barker, K., et al.: A data privacy taxonomy. In: Sexton, A.P. (ed.) BNCOD 2009. LNCS, vol. 5588, pp. 42–54. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-02843-4_7
Baduri, G., Ha-Brookshire, J.E.: Do transparent business practices pay? Exploration of transparency and consumer purchase intention. Cloth. Text. Res. J. 29(2), 135–149 (2011)
Bennet, C.J., Raab, C.D.: The Governance of Privacy. The MIT Press, Cambridge/London (2006)
Bost, R., Popa, R.A., Tu, S., Goldwasser, S.: Machine learning classification over encrypted data. Crypto ePrint Archive (2014). https://eprint.iacr.org/2014/331.pdf
Cavoukian, A.: Privacy by Design – The 7 Foundational Principles (2011). https://ipc.on.ca/wp-con-tent/uploads/Resources/7foundationalprinciples.pdf
Colesky, M., Hoepman, J.-H., Hillen, C.: A critical analysis of privacy design strategies. In: IEEE Security and Privacy Workshops (SPW) (2016). https://doi.org/10.1109/spw.2016.23
Council of Europe: Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data. Strassbourg (2013)
Danezis, G., et al.: Privacy and Data Protection by Design – from policy to engineering. ENISA (2014)
De Vos, H., et al.: 16244 – PIME - A1602, Guidelines on inclusion of users’ perception and attitude on offering control and choice with respect to health data and health data services, EIT PIME Deliverable 2 (2016)
Eggert, E., Helm, S.: Exploring the impact of relationship transparency on business relationships: a cross-sectional study among purchasing managers in German. Ind. Mark. Manag. 32(2), 101–108 (2003)
Executive Office of the President: Big Data: A Report on Algorithmic Systems, Opportunity and Civil Rights, US Presidency (2016)
Erikin, Z., Veugen, T., Toft, T., Lagendijk, R.L.: Generating private recommendations efficiently using homomorphic encryption and data packing. IEEE Trans. Inf. Forensics Secur. 7(3), 1053–1066 (2012)
Finn, R.L., Wright, D., Friedewald, M.: Seven types of privacy. In: Gutwirth, S., Leenes, R., De Hert, P., Poulett, Y. (eds.) Data Protection: Coming of Age. Springer, Dordrecht (2013). https://doi.org/10.1007/978-94-007-5170-5_1
Jentsch, N., Preibusch, S., Harasser, A.: Study on monetizing privacy – an economic model for pricing personal information. ENISA (2012)
Galic, M.: Covert surveillance of privileged consultations and the weakening of the legal professional privilege. Eur. Data Prot. Law Rev. 4, 602–607 (2016)
Gellert, R., Gutwirth, S.: The legal construction of privacy and data protection. Comput. Law Secur. Rev. 29, 522–530 (2013)
Hildebrandt, M.: Smart Technologies and the End(s) of Law. Edward Elgar Publishing, Cheltenham, Northampton (2015)
Keymolen, E.: Trust on the line – a philosophical exploration of trust in the networked era. Erasmus University, Rotterdam (2016)
Kumaraguru, P., Cranor, L.F.: Privacy Indexes: A Survey of Westin’s Studies, CMU-ISRI-5– 138, Carnegie Mellon University (2005)
London Economics: Study on the Economic Benefits of PET; Study for the European Commission, DG Justice, Freedom and Security. EC, Brussel (2010)
Paulk, M.: Capability maturity model. In: J.-J. Macinaik (ed.) Encyclopedia of Software Engineering, Wiley Online Library (first published 2002). https://onlineli-brary.wiley.com/doi/book/, https://doi.org/10.1002/0471028959. Accessed 15 Apr 2018
Palmer, J.W., Bailey, J.P., Faraj, S.: The role of intermediaries in the development of trust on the www: the use and prominence of trusted third parties and privacy statements. J. Comput.-Mediat. Commun. 5(3) (2000). https://doi.org/10.1111/j.1083-6101.2000.tb00342.x. Accessed 15 Apr 2018
Stone, M.: The new (and ever-evolving) direct and digital marketing ecosystem. J. Direct, Data Digit. Mark. Pract. 16(2), 71–74 (2014)
Saunders, J., Hunt, P., Hollywood, J.S.: Predictions put into practice: a quasi-experimental evaluation of Chicago’s predictive policing pilot. J. Exp. Criminol. 12(3), 347–371 (2016)
Steen, M., Van der Poel, I.: Making values explicit during the design process. IEEE Technol. Soc. Mag. 31(4), 63–72 (2012)
Turilli, M., Floridi, L.: The ethics of information transparency. Ethics Inf. Technol. 11(2), 105–112 (2009)
Youyou, W., Kosinski, M., Stillwella, D.: Computer-based personality judgments are more accurate than those made by humans, PNAS (2015). https://doi.org/10.1073/pnas.1418680112. Accessed 15 Apr 2018
Van den Broek, T., Ooms, M., Friedewald, M., Van Lieshout, M., Rung, S.: Privacy and security – citizens’ desires for an equal footing. In: Friedewald, M., Burgess, J.P., Cas, J., Bellanova, R., Preissl, W. (eds.) Surveillance, Privacy and Security, pp. 15–35. Routledge, Abingdon, Oxon/New York, (2017)
Van der Hoven, M.J., Lokhorst, G.J., Van de Poel, I.R.: Engineering and the problem of moral overload. Sci. Eng. Ethics 18(1), 153–155 (2012)
Van der Hoven, J., Manders-Huits, N.: Value sensitive design. In: Berg Olsen, J.K., Pedersen, S.A., Hendricks, V.F. (eds.) A Companion to the Philosophy of Technology, Wiley Online, Chapter 86, https://doi.org/10.1002/9781444310795.ch86. Accessed 16 Apr 2018
Verheul, E., Jacobs, B.: Polymorphic encryption and pseudonymisation in identity management and medical research. NAW 5/18(3), 168–72 (2017)
Veugen, T., De Haan, R., Cramer, R., Muller, F.: A framework for secure computations with two non-colluding servers and multiple clients, applied to recommendations. IEEE Trans. Inf. Forensics Secur. 10(3), 445–457 (2015)
Wright, D., De Hert, P. (eds.): Privacy Impact Assessment, Law, Governance & Technology Series, vol. 6. Springer, Heidelberg (2012). https://doi.org/10.1007/978-94-007-2543-0
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
van Lieshout, M., Emmert, S. (2018). RESPECT4U – Privacy as Innovation Opportunity. In: Medina, M., Mitrakas, A., Rannenberg, K., Schweighofer, E., Tsouroulas, N. (eds) Privacy Technologies and Policy. APF 2018. Lecture Notes in Computer Science(), vol 11079. Springer, Cham. https://doi.org/10.1007/978-3-030-02547-2_3
Download citation
DOI: https://doi.org/10.1007/978-3-030-02547-2_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-02546-5
Online ISBN: 978-3-030-02547-2
eBook Packages: Computer ScienceComputer Science (R0)