Abstract
This chapter examines the feasibility for privacy seals in emerging technologies focusing upon cyber-physical systems, also known as the Internet of Things (IoT). This focus provides an opportunity to compare technologies where privacy seals have purchase against those that do not, further refining the model of an effective privacy seal. It examines the privacy and data protection issues surrounding smart homes, smart cars, wearables and drones, and evaluates the potential for deploying privacy and data protection seals in these contexts by deploying design fictions. From these thought experiments, it becomes apparent that in addition to the general requirements of a privacy seal, there also needs to be strong alignment between the technology, (including its physical design, logical design, and level of generativity) and its social context of use. By its interconnected nature, IoT fundamentally disrupts our expectations around objects (things) and information flows. Seals might act as part of the mechanisms of re-transcribing such expectations. Designing a workable seal therefore means understanding information norms, and expectations, but also desired states of information flow in particular contexts.
David Barnard-Wills is a Senior Research Analyst at Trilateral Research Ltd. David.barnard-wills@trilateralresearch.com. Trilateral Research Ltd. Crown House, 72 Hammersmith Road, London, W14 8TH.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
Nissenbaum 2010.
- 2.
Solove 2008.
- 3.
Dunne and Raby 2013, p. 3.
- 4.
- 5.
Rodrigues et al. 2016.
- 6.
Bennett 2008, p. 14.
- 7.
Barnard-Wills and Ashenden 2015, p. 144.
- 8.
Rodrigues et al. 2013b.
- 9.
Rodrigues et al. 2014.
- 10.
Rodrigues et al. 2016.
- 11.
Chapter 6 of this volume.
- 12.
- 13.
Particularly relevant given ongoing discussions around the failure of the Safe Harbour transfer agreement between the US and the EU.
- 14.
CNIL 2012, p. 50.
- 15.
Pasquale 2015.
- 16.
Grigg 2008.
- 17.
European Parliament and Council 2016.
- 18.
Organisation for Economic Co-operation and Development.
- 19.
OECD 2013.
- 20.
Federal Trade Commission 2007.
- 21.
Morozov 2013.
- 22.
Zittrain 2006.
- 23.
See http://www.eurorec.org/services/seal/index.cfm. Accessed 9 March 2016.
- 24.
TRUSTe, “TRUSTed Smart Grid Privacy Certification”. https://www.truste.com/business-products/trusted-smart-grid/. Accessed 9 March 2016.
- 25.
See http://www.fairdata.org.uk/. Accessed 9 March 2016.
- 26.
Nissenbaum 2010.
- 27.
De Hert et al. 2014.
- 28.
- 29.
IEEE 2015.
- 30.
IEEE 2015, p. iv.
- 31.
Levy 2015.
- 32.
Dunne and Raby 2013.
- 33.
Edwards 2016.
- 34.
Article 29 Data Protection Working Party 2014.
- 35.
Barnard-Wills et al. 2014.
- 36.
Barnard-Wills et al. 2014, p. 55.
- 37.
Doctorow 2012.
- 38.
Mercedes Benz 2016.
- 39.
Rouf et al. 2010.
- 40.
Forrest 2016.
- 41.
Forrest 2016.
- 42.
Tranchard 2013.
- 43.
Gasiorowski-Denis 2014.
- 44.
European Parliament and the Council 2009.
- 45.
Wolf et al. 2015.
- 46.
Alton 2015.
- 47.
Genaro Motti and Caine 2015.
- 48.
Maddox 2015.
- 49.
Wolf et al. 2015.
- 50.
Krombholz et al. 2015.
- 51.
Alton 2015.
- 52.
Hamblen 2015.
- 53.
European RPAS Steering Group 2013, p. 5.
- 54.
Clarke 2014a, pp. 230–246.
- 55.
Clarke 2014b, pp. 247–262.
- 56.
Finn et al. 2014.
- 57.
Ibid., p. 14.
- 58.
Fossool 2008, pp. 149–50.
- 59.
Finn et al. 2014.
- 60.
Finn et al. 2014.
- 61.
Stanley and Crump 2011, p. 12.
- 62.
Article 29 Data Protection Working Party 2015, p. 7.
- 63.
Article 29 Data Protection Working Party 2015, p. 8.
- 64.
Article 29 Data Protection Working Party 2015, p. 10.
- 65.
Stanley and Crump 2011, December 2011.
- 66.
European Data Protection Supervisor 2014.
- 67.
Pauner and Viguri 2015.
- 68.
See for example https://ico.org.uk/for-the-public/drones and http://www.dataprotection.ie/docs/guidance-on-the-use-of-drone-aircraft/1510.htm. Accessed 3 March 2017.
- 69.
Article 29 Data Protection Working Party 2015, p. 18.
- 70.
- 71.
Easterling 2014.
- 72.
Cope 2016.
References
Alton L (2015) How wearable tech could spark a new privacy revolution. Techcrunch http://techcrunch.com/2015/09/12/how-wearable-tech-could-spark-a-new-privacy-revolution/. Accessed 1 July 2016
Article 29 Data Protection Working Party (2014) Opinion 8/2014 on Recent Developments on the Internet of Things. WP223, Brussels
Article 29 Data Protection Working Party (2015) Opinion 01/2015 on Privacy and Data Protection Issues relating to the utilisation of drones, Brussels. http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2015/wp231_en.pdf. Accessed 1 July 2016
Banerjee A, Venkatasubramanian K, Mukherjee T, Gupta S (2012) Ensuring safety, security, and sustainability of mission-critical cyber physical systems. Proceedings of the IEEE, vol. 100: 283–299
Barnard-Wills D, Ashenden D (2015) Playing with Privacy: Games for education and communication in the politics of online privacy. Political Studies 63:142–160
Barnard-Wills D, Marino L, Portesi S (2014) Threat Landscape and good practice guide for smart homes and converged media. ENISA, Heraklion
Bennett C (2008) The privacy advocates: Resisting the spread of surveillance. MIT Press, Cambridge, MA/London
Clarke R (2014a) Understanding the drone epidemic. Computer law & security review 30
Clarke R (2014b) What drones inherit from their ancestors. Computer law & security review 30
Cline J (2003) Web site privacy seals: Are they worth it? Computerworld. http://www.computerworld.com/article/2569776/e-commerce/web-site-privacy-seals–are-they-worth-it-.html. Accessed 1 July 2016
CNIL (2012) Privacy Towards 2020: Expert Views, IP Reports, Innovation & Foresight, no. 01. https://www.cnil.fr/sites/default/files/typo/document/CAHIER_IP_EN2.pdf. Accessed 1 July 2016
Connolly C (2008) Trust Mark Schemes Struggle to Protect Privacy 2008. Galexia, Version 1.0, 26 Sept 2008. http://www.galexia.com/public/research/assets/trustmarks_struggle_20080926. Accessed 1 July 2016
Cope A (2016) The Pendulum of Bespokiness. Aaronland. http://www.aaronland.info/weblog/2016/03/09/osha/. Accessed 1 July 2016.
Das SK, Kant K, Zhang N (2012) Handbook on securing cyberphysical critical infrastructure. Morgan Kaufmann, Burlington, MA
De Hert P, Papakonstantinou V, Rodrigues R, Barnard-Wills D, Wright D, Remotti L, Damvekerakaki T (2014) Challenges and possible scope of an EU privacy seal scheme. Second Interim technical report, Study on EU privacy seals
Doctorow C (2012) What’s inside the box. Locus Online. http://www.locusmag.com/Perspectives/2012/03/cory-doctorow-whats-inside-the-box/. Accessed 1 July 2016
Dunne A, Raby F (2013) Speculative Everything: Design, Fiction and Social Dreaming. MIT Press, Cambridge, MA
Easterling K (2014) Extrastatecraft: The power of infrastructure space. Verso, London
Edwards L (2016) Privacy, Security and Data Protection in Smart Cities: A Critical EU Law Perspective. European Data Protection Law Review, forthcoming. Available at SSRN: http://ssrn.com/abstract=2711290. Accessed 1 July 2016
European Data Protection Supervisor (2014) Opinion on the Communication from the Commission to the European Parliament and the Council on “A new era for aviation - opening the aviation market to the civil use of remotely piloted aircraft systems in a safe and sustainable manner”. Brussels
European Parliament and the Council, Regulation (EC) No 443/2009 of the European Parliament and the Council of 23 April 2009 Setting emission performance standards for new passenger cars as part of the Community’s integrated approach to reduce CO2 emissions from light duty vehicles, OJ L 140 5.6.2009, pp. 1–15
European Parliament and the Council, Regulation (EU) 2016/679 of the European Parliament and the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directives 95/46/EC (General Data Protection Regulation), OJ L 119 4.5.2016., pp. 1–88. http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32016R0679
European RPAS Steering Group (2013) Roadmap for the integration of civil remotely piloted aircraft systems to the European Aviation System
Federal Trade Commission (2007) Fair Information Practice Principles. Archived 31 March 2009 at the Wayback Machine: https://web.archive.org/web/20090331134113/http://www.ftc.gov/reports/privacy3/fairinfo.shtm. Accessed 11 May 2017
Finn RL, Wright D, Donavan A, Jacques L, De Hert P (2014) Privacy, Data Protection and Ethical Risks in Civil RPAS Operations, D3.3. Final Report for the European Commission, 7 November 2014. http://ec.europa.eu/DocsRoom/documents/8550. Accessed 3 March 2017
Forrest C (2016) Why the connected car is one of this generation’s biggest security risks. Zdenet.com. www.zdnet/com/article/why-the-connected-car-is-one-of-this-generations-biggest-security-risks/. Accessed 1 July 2016
Fossool V (2008) RFID et biométrie - état delieuex. In: Docquin B, Pullemans A (eds) Actualities du droit de la vie privée. Bruylant, Brussels, pp. 149–50
Gasiorowski-Denis E (2014) ISO Suite of standards kicks the connected car into gear. ISO News. http://www.iso.org/iso/home/news_index/news_archive/news.htm?Refid=Ref1896. Accessed 1 July 2016
Genaro Motti E, Caine K (2015) Users’ privacy concerns about wearables: Impact and form factor, sensors and type of data collected. Fa15 IFCC Proceeding
Grigg I (2008) The Market for Silver Bullets. http://iang.org/papers/market_for_silver_bullets.html. Accessed 9 March 2016
Hamblen C (2015) UL creating standard for wearable privacy and security. Computerworld. http://www.computerworld.com/article/2991331/security/ul-creating-standard-for-wearable-privacy-and-security.html. Accessed 1 July 2016
IEEE (2015) Towards a definition of the Internet of Things (IoT). 1. IEEE Internet Initiative. http://iot.ieee.org/images/files/pdf/IEEE_IoT_Towards_Definition_Internet_of_Things_Issue1_14MAY15.pdf. Accessed 1 July 2016
Krombholz K, Dabrowski A, Smith M, Weippl E (2015) OK Glass, Leave me Alone: Towards a Systematization of Privacy Enhancing Technologies for Wearable Computing. 1st Workshop on Wearable Security and Privacy, Financial Crypto 2015, Puerto Rico, 30.01.2015. In: Financial Cryptography and Data Security FC 2015 International Workshops, Springer
LaRose R, Rifon N (2006) Your privacy is assured – of being disturbed: Websites with and without privacy seals. New Media & Society 8, pp. 1009–1029
Levy H (2015) Top 10 technology trends signal the digital mesh. Gartner. https://www.gartner.com/smarterwithgartner/top-ten-technology-trends-signal-the-digital-mesh/. Accessed 1 July 2016
Maddox T (2015) The dark side of wearables: How they’re secretly jeopardising your security and privacy. Tech Republic. http://www.techrepublic.com/article/the-dark-side-of-wearables-how-theyre-secretly-jeopardizing-your-security-and-privacy/. Accessed 9 March 2016
Mercedes Benz (2016) https://www.mercedes-benz.com/en/mercedes-benz/innovation/research-vehicle-f-015-luxury-in-motion/. Accessed 1 July 2016
Moores T (2005) Do consumers understand the role of privacy seals in e-commerce? Communications of the ACM. 48: 86–91
Moores T, Dhillon G (2003) Do privacy seals in e-commerce really work? Communications of the ACM - Mobile computing opportunities and challenges. 46:265–271
Morozov E (2013) To Save Everything, Click Here: Technology, Solutionism and the Urge to Fix Problems That Don’t Exist. Penguin, UK
Nissenbaum H (2010) Privacy in Context: Technology, Policy and the Integrity of Social Life. Stanford Law Books, Stanford, CA
OECD (2013) Guidelines on the Protection of Privacy and Transborder Flows of Personal Data. http://www.oecd.org/sti/ieconomy/oecdguidelinesontheprotectionofprivacyandtransborderflowsofpersonaldata.htm. Accessed 09 March 2016
Pasquale F (2015) The Black Box Society: The Secret Algorithms That Control Money and Information. Harvard University Press, Cambridge, MA
Pauner C, Viguri J (2015) A legal approach to civilian use of drones. Privacy and personal data protection concerns. Democracy and Security Review 5. http://www.democraziaesicurezza.it/Saggi/A-Legal-Approach-to-Civilian-Use-of-Drones-in-Europe.-Privacy-and-Personal-Data-Protection-Concerns
Rodrigues R, Barnard-Wills D, De Hert P, Papakonstantinou V (2016) The future of a European Data Protection Seal: An exploration of policy options under the new data protection regime. International Review of Law, Computers and Technology
Rodrigues R, Barnard-Wills D, Wright D, Beslay L, Dubois N, De Hert P, Papakonstantinou V (2013) EU Privacy Seals Project: Inventory and Analysius of Privacy Certification Schemes. European Commission. http://bookshop.europa.eu/en/eu-privacy-seals-project-pbLBNA26190/?CatalogCategoryID=CXoKABst5TsAAAEjepEY4e5L2013. Accessed 1 July 2016
Rodrigues R, Barnard-Wills D, Wright D, Remoti L, Damvakeraki T, De Hert P, Papakonstantinou V, Beslay L, Dubois N (2014) EU Privacy Seals Project: Challenges and possible scope of an EU privacy seal scheme: Final report study deliverable 3.4. European Commission. http://bookshop.europa.eu/en/eu-privacy-seals-project-pbLBNA26699/downloads/LB-NA-26699-EN-N/LBNA26699ENN_002.pdf?FileName=LBNA26699ENN_002.pdf&SKU=LBNA26699ENN_PDF&CatalogueNumber=LB-NA-26699-EN-N. Accessed 1 July 2016
Rodrigues R, Wright D, Wadhwa K (2013) Developing a privacy seal scheme (that works). International Data Privacy Law, 3:100–116
Rouf I, Miller R, Mustafa H, Taylor T, Oh S, Xu W, Gruteser M, Trappe W, Seskar I (2010) Security and Privacy Vulnerabilities of In-Car Wireless Networks: A Tire Pressure Monitoring System Case Study. USENIX Security Symposium, 12 August 2010
Solove D (2008) Understanding Privacy. Harvard University Press, Cambridge, MA
Stanaland A, May L, Miyazaki D, (2011) Online Privacy Trust Marks: Enhancing the Perceived Ethics of Digital Advertising. Journal of Advertising Research, pp. 511–523
Stanley J, Crump C (2011) Protecting Privacy from Aerial Surveillance: Recommendations for Government Use of Drone Aircraft. ACLU, New York
Tranchard S (2013) Higher gear for standards and fully networked cars. ISO News. http://www.iso.org/iso/home/news_index/news_archive/news.htm?refid=Ref1716. Accessed 1 July 2016
TRUSTe (undated) TRUSTed Smart Grid Privacy Certification. https://www.truste.com/business-products/trusted-smart-grid/. Accessed 9 March 2016
Wolf C, Polonetsky J, Finch K (2015) A Practical Privacy Paradigm for Wearables. Future of Privacy Forum Whitepaper
Zittrain J (2006) The Generative Internet. Harvard Law Review 119. http://papers.ssrn.com/sol3/papers.cfm?abstract_id=847124. Accessed 1 July 2016
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 T.M.C. Asser press and the authors
About this chapter
Cite this chapter
Barnard-Wills, D. (2018). The Potential for Privacy Seals in Emerging Technologies. In: Rodrigues, R., Papakonstantinou, V. (eds) Privacy and Data Protection Seals. Information Technology and Law Series, vol 28. T.M.C. Asser Press, The Hague. https://doi.org/10.1007/978-94-6265-228-6_7
Download citation
DOI: https://doi.org/10.1007/978-94-6265-228-6_7
Published:
Publisher Name: T.M.C. Asser Press, The Hague
Print ISBN: 978-94-6265-227-9
Online ISBN: 978-94-6265-228-6
eBook Packages: Law and CriminologyLaw and Criminology (R0)