The Golden Age of Personal Data: How to Regulate an Enabling Fundamental Right? external link

Oostveen, M. & Irion, K.
In: Bakhoum M., Conde Gallego B., Mackenrodt MO., Surblytė-Namavičienė G. (eds) Personal Data in Competition, Consumer Protection and Intellectual Property Law. MPI Studies on Intellectual Property and Competition Law, vol 28. Springer, Berlin, Heidelberg, 1120

Abstract

New technologies, purposes and applications to process individuals’ personal data are being developed on a massive scale. But we have not only entered the ‘golden age of personal data’ in terms of its exploitation: ours is also the ‘golden age of personal data’ in terms of regulation of its use. Understood as an enabling right, the architecture of EU data protection law is capable of protecting against many of the negative short- and long-term effects of contemporary data processing. Against the backdrop of big data applications, we evaluate how the implementation of privacy and data protection rules protect against the short- and long-term effects of contemporary data processing. We conclude that from the perspective of protecting individual fundamental rights and freedoms, it would be worthwhile to explore alternative (legal) approaches instead of relying on EU data protection law alone to cope with contemporary data processing.

automated decision making, Big data, Data protection, frontpage, General Data Protection Regulation, Privacy, profiling

Bibtex

Chapter{Oostveen2018, title = {The Golden Age of Personal Data: How to Regulate an Enabling Fundamental Right?}, author = {Oostveen, M. and Irion, K.}, url = {https://link.springer.com/chapter/10.1007/978-3-662-57646-5_2}, year = {1120}, date = {2018-11-20}, abstract = {New technologies, purposes and applications to process individuals’ personal data are being developed on a massive scale. But we have not only entered the ‘golden age of personal data’ in terms of its exploitation: ours is also the ‘golden age of personal data’ in terms of regulation of its use. Understood as an enabling right, the architecture of EU data protection law is capable of protecting against many of the negative short- and long-term effects of contemporary data processing. Against the backdrop of big data applications, we evaluate how the implementation of privacy and data protection rules protect against the short- and long-term effects of contemporary data processing. We conclude that from the perspective of protecting individual fundamental rights and freedoms, it would be worthwhile to explore alternative (legal) approaches instead of relying on EU data protection law alone to cope with contemporary data processing.}, keywords = {automated decision making, Big data, Data protection, frontpage, General Data Protection Regulation, Privacy, profiling}, }

Online Political Microtargeting: Promises and Threats for Democracy external link

Zuiderveen Borgesius, F., Möller, J., Kruikemeier, S., Fahy, R., Irion, K., Dobber, T., Bodó, B. & Vreese, C.H. de
Utrecht Law Review, vol. 14, num: 1, pp: 82-96, 2018

Abstract

Online political microtargeting involves monitoring people’s online behaviour, and using the collected data, sometimes enriched with other data, to show people-targeted political advertisements. Online political microtargeting is widely used in the US; Europe may not be far behind. This paper maps microtargeting’s promises and threats to democracy. For example, microtargeting promises to optimise the match between the electorate’s concerns and political campaigns, and to boost campaign engagement and political participation. But online microtargeting could also threaten democracy. For instance, a political party could, misleadingly, present itself as a different one-issue party to different individuals. And data collection for microtargeting raises privacy concerns. We sketch possibilities for policymakers if they seek to regulate online political microtargeting. We discuss which measures would be possible, while complying with the right to freedom of expression under the European Convention on Human Rights.

Democracy, elections, frontpage, microtargeting, political campaigns, Privacy, profiling

Bibtex

Article{Borgesius2018, title = {Online Political Microtargeting: Promises and Threats for Democracy}, author = {Zuiderveen Borgesius, F. and Möller, J. and Kruikemeier, S. and Fahy, R. and Irion, K. and Dobber, T. and Bodó, B. and Vreese, C.H. de}, url = {https://www.ivir.nl/publicaties/download/UtrechtLawReview.pdf}, year = {0213}, date = {2018-02-13}, journal = {Utrecht Law Review}, volume = {14}, number = {1}, pages = {82-96}, abstract = {Online political microtargeting involves monitoring people’s online behaviour, and using the collected data, sometimes enriched with other data, to show people-targeted political advertisements. Online political microtargeting is widely used in the US; Europe may not be far behind. This paper maps microtargeting’s promises and threats to democracy. For example, microtargeting promises to optimise the match between the electorate’s concerns and political campaigns, and to boost campaign engagement and political participation. But online microtargeting could also threaten democracy. For instance, a political party could, misleadingly, present itself as a different one-issue party to different individuals. And data collection for microtargeting raises privacy concerns. We sketch possibilities for policymakers if they seek to regulate online political microtargeting. We discuss which measures would be possible, while complying with the right to freedom of expression under the European Convention on Human Rights.}, keywords = {Democracy, elections, frontpage, microtargeting, political campaigns, Privacy, profiling}, }

Should we worry about filter bubbles? external link

Zuiderveen Borgesius, F., Trilling, D., Trilling, D., Bodó, B., Vreese, C.H. de & Helberger, N.
Internet Policy Review, vol. 5, num: 1, 2016

Abstract

Some fear that personalised communication can lead to information cocoons or filter bubbles. For instance, a personalised news website could give more prominence to conservative or liberal media items, based on the (assumed) political interests of the user. As a result, users may encounter only a limited range of political ideas. We synthesise empirical research on the extent and effects of self-selected personalisation, where people actively choose which content they receive, and pre-selected personalisation, where algorithms personalise content for users without any deliberate user choice. We conclude that at present there is little empirical evidence that warrants any worries about filter bubbles.

behavioural targeting, Big data, frontpage, Personal data, profiling

Bibtex

Article{Borgesius2016, title = {Should we worry about filter bubbles?}, author = {Zuiderveen Borgesius, F. and Trilling, D. and Bodó, B. and Vreese, C.H. de and Helberger, N.}, url = {http://policyreview.info/node/401/pdf}, doi = {https://doi.org/10.14763/2016.1.401}, year = {0401}, date = {2016-04-01}, journal = {Internet Policy Review}, volume = {5}, number = {1}, pages = {}, abstract = {Some fear that personalised communication can lead to information cocoons or filter bubbles. For instance, a personalised news website could give more prominence to conservative or liberal media items, based on the (assumed) political interests of the user. As a result, users may encounter only a limited range of political ideas. We synthesise empirical research on the extent and effects of self-selected personalisation, where people actively choose which content they receive, and pre-selected personalisation, where algorithms personalise content for users without any deliberate user choice. We conclude that at present there is little empirical evidence that warrants any worries about filter bubbles.}, keywords = {behavioural targeting, Big data, frontpage, Personal data, profiling}, }

Profiling the European Citizen in the Internet of Things: How Will the General Data Protection Regulation Apply to this Form of Personal Data Processing, and How Should It? external link

2016

Data protection, Directive 95/46/EC, General Data Protection Regulation, Grondrechten, Internet of Things, Privacy, profiling

Bibtex

Other{nokey, title = {Profiling the European Citizen in the Internet of Things: How Will the General Data Protection Regulation Apply to this Form of Personal Data Processing, and How Should It?}, author = {Eskens, S.}, url = {http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2752010}, year = {0329}, date = {2016-03-29}, keywords = {Data protection, Directive 95/46/EC, General Data Protection Regulation, Grondrechten, Internet of Things, Privacy, profiling}, }

Singling out people without knowing their names – Behavioural targeting, pseudonymous data, and the new data protection regulation external link

Computer Law & Security Review, num: 2, pp: 256-271., 2016

Abstract

Information about millions of people is collected for behavioural targeting, a type of marketing that involves tracking people’s online behaviour for targeted advertising. It is hotly debated whether data protection law applies to behavioural targeting. Many behavioural targeting companies say that, as long as they do not tie names to data they hold about individuals, they do not process any personal data, and that, therefore, data protection law does not apply to them. European Data Protection Authorities, however, take the view that a company processes personal data if it uses data to single out a person, even if it cannot tie a name to these data. This paper argues that data protection law should indeed apply to behavioural targeting. Companies can often tie a name to nameless data about individuals. Furthermore, behavioural targeting relies on collecting information about individuals, singling out individuals, and targeting ads to individuals. Many privacy risks remain, regardless of whether companies tie a name to the information they hold about a person. A name is merely one of the identifiers that can be tied to data about a person, and it is not even the most practical identifier for behavioural targeting. Seeing data used to single out a person as personal data fits the rationale for data protection law: protecting fairness and privacy.

behavioural targeting, cookies, Data protection law, IP addresses, online behavioural advertising, Personal data, Privacy, profiling, pseudonymous data, tracking

Bibtex

Article{nokey, title = {Singling out people without knowing their names – Behavioural targeting, pseudonymous data, and the new data protection regulation}, author = {Zuiderveen Borgesius, F.}, url = {http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2733115}, year = {0223}, date = {2016-02-23}, journal = {Computer Law & Security Review}, number = {2}, abstract = {Information about millions of people is collected for behavioural targeting, a type of marketing that involves tracking people’s online behaviour for targeted advertising. It is hotly debated whether data protection law applies to behavioural targeting. Many behavioural targeting companies say that, as long as they do not tie names to data they hold about individuals, they do not process any personal data, and that, therefore, data protection law does not apply to them. European Data Protection Authorities, however, take the view that a company processes personal data if it uses data to single out a person, even if it cannot tie a name to these data. This paper argues that data protection law should indeed apply to behavioural targeting. Companies can often tie a name to nameless data about individuals. Furthermore, behavioural targeting relies on collecting information about individuals, singling out individuals, and targeting ads to individuals. Many privacy risks remain, regardless of whether companies tie a name to the information they hold about a person. A name is merely one of the identifiers that can be tied to data about a person, and it is not even the most practical identifier for behavioural targeting. Seeing data used to single out a person as personal data fits the rationale for data protection law: protecting fairness and privacy.}, keywords = {behavioural targeting, cookies, Data protection law, IP addresses, online behavioural advertising, Personal data, Privacy, profiling, pseudonymous data, tracking}, }

Behavioural Sciences and the Regulation of Privacy on the Internet external link

Abstract

This chapter examines the policy implications of behavioural sciences insights for the regulation of privacy on the Internet, by focusing in particular on behavioural targeting. This marketing technique involves tracking people’s online behaviour to use the collected information to show people individually targeted advertisements. Enforcing data protection law may not be enough to protect privacy in this area. I argue that, if society is better off when certain behavioural targeting practices do not happen, policymakers should consider banning them.

behavioural economics, behavioural targeting, cookies, Data protection, e-Privacy Directive, Grondrechten, nudge, nudging, Privacy, profiling, tracking

Bibtex

Other{nokey, title = {Behavioural Sciences and the Regulation of Privacy on the Internet}, author = {Zuiderveen Borgesius, F.}, url = {http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2513771}, year = {1030}, date = {2014-10-30}, abstract = {This chapter examines the policy implications of behavioural sciences insights for the regulation of privacy on the Internet, by focusing in particular on behavioural targeting. This marketing technique involves tracking people’s online behaviour to use the collected information to show people individually targeted advertisements. Enforcing data protection law may not be enough to protect privacy in this area. I argue that, if society is better off when certain behavioural targeting practices do not happen, policymakers should consider banning them.}, keywords = {behavioural economics, behavioural targeting, cookies, Data protection, e-Privacy Directive, Grondrechten, nudge, nudging, Privacy, profiling, tracking}, }