Uploaded byadnis1
PPTX, PDF103 views

Lesson4-Privacy and Data Protection.pptx

This document discusses privacy and data protection concerns arising from new technologies that collect personal data, online marketing practices, data breaches, and increasing data-driven litigation. It defines privacy as an individual's ability to control information about themselves and outlines three dimensions of privacy: personal, territorial, and informational. The document also examines definitions of privacy, threats to privacy from different sources, cybercrimes relating to privacy compromises, and variations in data protection legislation around the world.

Embed presentation

Download to read offline
Privacy and Data Protection Overview  Privacy and Security concerns have reached new levels due to:  The proliferation of the Internet of Things, and new technologies that allow the collection of personal data  Online marketing/Behavioral Advertising/Mobile Apps  Significant Global Laws requiring compliance and requirements for protecting and sharing personal data across borders  Big Data/Data Analytics  Huge increase in Data Breaches  Large growth in litigation  Cybersecurity requirements
Def. of privacy  = the claim of individuals, groups and institutions to determine for themselves, when, how and to what extent information about them is communicated to others  3 dimensions of privacy:  1) Personal privacy-Protecting a person against undue interference (such as physical searches) and information that violates his/her moral sense  2) Territorial privacy-Protecting a physical area surrounding a person that may not be violated without the acquiescence of the person  Safeguards: laws referring to trespassers search warrants  3) Informational privacy- Deals with the gathering, compilation and selective dissemination of information
Introduction to Privacy  Privacy is a fundamental human right. The right to privacy "constitutes an absolute imperative for…individual[s]" (Eissen, 1967, cited in De Meyer, 1973) and is enshrined in international human rights treaties, such as Article 8 of the European Convention on Human Rights of 1950, Article 11 of the American Convention on Human Rights of 1969, Article 12 of the Universal Declaration on Human Rights of 1948, and Article 17 of the International Covenant on Civil and Political Rights of 1966. This right is also recognized in Article 16 of the Convention on the Rights of the Child of 1989, Article 14 of the International Convention on the Protection of the Rights of All Migrant Workers and Members of Their Families of 1990, Article 7 of the Charter of Fundamental Rights of the European Union of 2000, and Article 22 of the Convention on the Rights of Persons with Disabilities of 2006.
What entails privacy?  Conceptions of privacy vary and include the right to be free from observation; the right to be left alone; the capacity to keep one's thoughts, beliefs, identity, and behaviour secret; and the right to choose and control when, what, why, where, how, and to whom information about oneself is revealed and to what extent information is revealed (Cooley, 1907; Fried, 1970; Janis, Kay and Bradley, 2000; Maras, 2009; for a detailed analysis of these and other conceptions of privacy, see Koops et al., 2017).  The latter understanding of privacy (i.e., the right to choose and control information about oneself) links privacy to information (or data) protection
Privacy and Security  Anonymity enables users to engage in activities without revealing themselves and/or their actions to others (Maras, 2016). Online, anonymity "provide[s] individuals and groups with a zone of privacy online to hold opinions and exercise freedom of expression without arbitrary and unlawful interference or attacks" ( A/HRC/29/32, para. 16).  In view of that, privacy affords users of information and communication technology with a space free from intimidation, retaliation, and other forms of coercion or sanction for the expression of thoughts, opinions, views, and ideas, without being forced to identify themselves. Accordingly, "technical solutions to secure and protect the confidentiality of digital communications, including [anonymity] measures…, can be important to ensure the enjoyment of human rights, in particular the rights to privacy, to freedom of expression and to freedom of peaceful assembly and association" ( A/HRC/RES/38/7).
Basic privacy principles  Lawfulness and fairness  Necessity of data collection and processing  Purpose specification and purpose binding-There are no "non-sensitive" data  Transparency-Data subject´s right to information correction, erasure or blocking of incorrect/ illegally stored data  Supervision (= control by independent data protection authority) & sanctions  Adequate organizational and technical safeguards  Privacy protection can be undertaken by:  Privacy and data protection laws promoted by government  Self-regulation for fair information practices by codes of conducts promoted by businesses  Privacy-enhancing technologies (PETs) adopted by individuals  Privacy education of consumers and IT professionals
Privacy and Security  The identity of the individual and their location can be difficult to ascertain due to anonymity and the use of privacy-enhancing technologies, such as Tor .  Another example of a privacy-enhancing technology is encryption. Encryption blocks third party access to users' information and communications. Governments around the world have argued for the need to access encrypted communications and information in order to fight serious crimes, such as terrorism, organized crime, and child sexual exploitation (Markoff, 1996; MacFarquhar, 2018; Meyer, 2018; Hawkins, 2018;  Even though encryption makes it difficult to hold cybercriminals responsible and can be leveraged by them to commit cybercrime, its banning and restriction is unwarranted and legally unjustified. An outright ban of encryption limits the privacy of an individual in an arbitrary manner and thus is contrary to international human rights law (see A/HRC/29/32).
Threats to Privacy 1) Threats to privacy at application level  Threats to collection / transmission of large quantities of personal data  Incl. projects for new applications on Information Highway, e.g.:  Health Networks / Public administration Networks  Research Networks / Electronic Commerce / Teleworking  Distance Learning / Private use
Threats to privacy 2) Threats to privacy at communication level  Threats to anonymity of sender / forwarder / receiver  Threats to anonymity of service provider  Threats to privacy of communication  E.g., via monitoring / logging of transactional data  Extraction of user profiles & its long-term storage 3) Threats to privacy at system level  E.g., threats at system access level 4) Threats to privacy in audit trails
Cybercrime that compromises privacy  Cybercrime violates individuals' privacy and the security of their data, particularly hacking, malware, identity theft, financial fraud, medical fraud, and certain offences against persons that involve the revealing of personal information, messages, images, and video and audio recordings without individuals' consent or permission (e.g., cyberstalking, cyberharassment, and cyberbullying  Data is considered a commodity online and offline by both legal and illegal actors (Maras, 2016). For this reason, data is a primary target of cybercriminals. Data also plays an integral role in the commission of many cybercrimes, primarily because it is not adequately protected and can be illicitly accessed and obtained.  Data breaches have resulted from lost or stolen encrypted flash drives and other storage devices (mainly laptop and smartphones), poor system and data security, unauthorized access to the database or the exceeding of authorized access to a database, and accidental disclosure, release or publication of data
Data protection legislation  Personal data is protected under the right to privacy in international human rights instruments. For example, the European Court of Human Rights has held that telephone data, emails, and Internet use ( Copland v. the United Kingdom, 2007 §§ 41-42), and data stored on computer servers ( Wieser and Bicos Beteiligungen GmbH v. Austria, § 45), fall within the scope of protection of Article 8(1) of the European Convention on Human Rights. The mere storage of personal data can violate a user's right to privacy.  Data protection covers the generation, collection, storage, analysis, use, and sharing of personal information. Data protection covers the generation and collection of personal data because "[t]he right to privacy is not only impacted by the examination or use of information about a person by a human or an algorithm…[(Bernal, 2016) but also]…the mere generation and collection of data relating to a person's identity, family or life
Data protection legislation  Outside of breaches, medical, financial, and other personal data could be found on dedicated online carding forums (i.e., online sites dedicated to selling debit and credit card data) and darknet sites (located in the Deep Web)  In addition to releasing this data for financial purposes, compromised data can (and has) been released to shame people and expose their real or perceived immoral actions and behaviours. A case in point is the posting of the personal information (e.g., names and email addresses) of approximately 37 million users of Ashley Madison, a website which connected users seeking extramarital affairs, online (Zetter, 2015).
Data protection legislation  Data protection practices also vary between public and private authorities. In the United States, for example, only certain types of data collected, stored, analysed, and shared by private companies is regulated (e.g., financial, health, education, and children's data; Maras and Wandt, 2019). Furthermore, in certain countries protections vary depending on the type of data (e.g., email content is afforded greater protection than the email address of sender or recipient).
Data protection legislation  Data protection laws vary according to types and sources of data (e.g., sectoral data, online data, offline data, and sensitive data) and data subjects (e.g., adults and children).  Mexico has two data protection laws, one that regulates the private sector, Federal Law on Protection of Personal Data Held by Private Parties of 2010, and one that regulates the public sector, General Law for the Protection of Personal Data in Possession of Obliged Subjects of 2017. Mexico also has certain provisions in the law that regulate private data relating to cloud services, including the regulation of law enforcement access to stored data in the cloud and the handling of data after the termination of cloud services.
Exercise  Summarize the Kenya Data Protection Act
Technical Privacy Controls  Technical controls - Privacy-Enhancing Technologies (PETs) a) Protecting user identities via, e.g.:  Anonymity - a user may use a resource or service without disclosing her identity  Pseudonymity - a user acting under a pseudonym may use a resource or service without disclosing his identity  Unobservability - a user may use a resource or service without others being able to observe that the resource or service is being used  Unlinkability - sender and recipient cannot be identified as communicating with each other
What are Privacy Enhancing Technologies (PETs)?  Privacy Enhancing Technologies (PETs) are a suite of tools that can help maximise the use of data by reducing risks inherent to data use. Some PETs provide new tools for anonymisation, while others enable collaborative analysis on privately-held datasets, allowing data to be used without disclosing copies of data.  PETs are multi-purpose: they can reinforce data governance choices, serve as tools for data collaboration or enable greater accountability through audit. For these reasons, PETs have also been described as “Partnership Enhancing Technologies” or “Trust Technologies”
 end

More Related Content

PPTX
Cie 2 cyber law
byMahua Narayan
 
PPTX
Privacy and data protection primer - City of Portland
byHector Dominguez
 
PPTX
GCCS-privacy-PP-final presentation-3-1.pptx
byMuhammadAbdullah311866
 
DOCX
Links Associated with Privacy Death of privacy ‘Your ce.docx
bysmile790243
 
PDF
Privacy and Surveillance
byIrem Gokce Aydin
 
PPT
Privacy in a Human Rights and Social Justice Context
byInfo_Studies_Aberystwyth
 
PPT
Privacy, human rights and Location Based Services
byblogzilla
 
PPTX
Kasita's presentation
byChande Kasita
 
Cie 2 cyber law
byMahua Narayan
 
Privacy and data protection primer - City of Portland
byHector Dominguez
 
GCCS-privacy-PP-final presentation-3-1.pptx
byMuhammadAbdullah311866
 
Links Associated with Privacy Death of privacy ‘Your ce.docx
bysmile790243
 
Privacy and Surveillance
byIrem Gokce Aydin
 
Privacy in a Human Rights and Social Justice Context
byInfo_Studies_Aberystwyth
 
Privacy, human rights and Location Based Services
byblogzilla
 
Kasita's presentation
byChande Kasita
 

Similar to Lesson4-Privacy and Data Protection.pptx

PPT
Personal privacy and computer technologies
bysidra batool
 
PPT
Introduction to Principles on Information Security.ppt
byMuhammad54342
 
PPT
hel29999999999999999999999999999999999999999999.ppt
bygealehegn
 
PPT
Computer Security and Privacy Lecture Notes .ppt
byMuhammad54342
 
PPTX
Unit 6 Privacy and Data Protection 8 hr
byTushar Rajput
 
PPTX
Privacy and Civil Liberties
byUpekha Vandebona
 
PPTX
14-Computer Privacy and Security Principles.pptx
bywylobide
 
PPTX
IT-TRENDS-FINALTERM understanding the self.pptx
byPaulJohnMadrigal
 
PPTX
Presentation on Information Privacy
byPerry Slack
 
PPTX
Ronit Mathur Cyber Security assesment.pptx
byManuGupta344215
 
PPTX
Privacy and Data Protection
byDirectorate of Information Security | Ditjen Aptika
 
PDF
An ethical approach to data privacy protection
byNicha Tatsaneeyapan
 
PPTX
Privacy and Privacy Law in India By Prashant Mali
byAdv. Prashant Mali ♛ [Bsc(Phy),MSc(Comp Sci), CCFP,CISSA,LLM]
 
PPTX
Chapter 08 – Data Protection, Privacy and Freedom of Information - BIT IT5104
byUpekha Vandebona
 
PDF
Abubakar munir iisf2011
byDirectorate of Information Security | Ditjen Aptika
 
DOCX
Constitutional law project (1)
byPreetPatel74
 
PPTX
PRIVACY_SPI-Subject_3rdyear-BSITWeb.pptx
byinaresangelique
 
PPTX
Revision Data Protection Act ( Eduardo And Salvador)
byitgsabc
 
PDF
HCMUT IMP Computer Science 20 - E-Government from the view of Privacy
byDuc Lai Trung Minh
 
PPT
U.S. Federal Privacy Protection: An Overview (Concepts and History of the Fed...
bybdana68
 
Personal privacy and computer technologies
bysidra batool
 
Introduction to Principles on Information Security.ppt
byMuhammad54342
 
hel29999999999999999999999999999999999999999999.ppt
bygealehegn
 
Computer Security and Privacy Lecture Notes .ppt
byMuhammad54342
 
Unit 6 Privacy and Data Protection 8 hr
byTushar Rajput
 
Privacy and Civil Liberties
byUpekha Vandebona
 
14-Computer Privacy and Security Principles.pptx
bywylobide
 
IT-TRENDS-FINALTERM understanding the self.pptx
byPaulJohnMadrigal
 
Presentation on Information Privacy
byPerry Slack
 
Ronit Mathur Cyber Security assesment.pptx
byManuGupta344215
 
Privacy and Data Protection
byDirectorate of Information Security | Ditjen Aptika
 
An ethical approach to data privacy protection
byNicha Tatsaneeyapan
 
Privacy and Privacy Law in India By Prashant Mali
byAdv. Prashant Mali ♛ [Bsc(Phy),MSc(Comp Sci), CCFP,CISSA,LLM]
 
Chapter 08 – Data Protection, Privacy and Freedom of Information - BIT IT5104
byUpekha Vandebona
 
Abubakar munir iisf2011
byDirectorate of Information Security | Ditjen Aptika
 
Constitutional law project (1)
byPreetPatel74
 
PRIVACY_SPI-Subject_3rdyear-BSITWeb.pptx
byinaresangelique
 
Revision Data Protection Act ( Eduardo And Salvador)
byitgsabc
 
HCMUT IMP Computer Science 20 - E-Government from the view of Privacy
byDuc Lai Trung Minh
 
U.S. Federal Privacy Protection: An Overview (Concepts and History of the Fed...
bybdana68
 

More from adnis1

PPTX
Lesson7-Hacktivism, Terrorism, Espionage, Disinformation Campaigns and Warfar...
byadnis1
 
PPTX
Cybercrimes in cybersecurity Investigations.pptx
byadnis1
 
PPTX
Lesson12 Search and Search Warrants.pptx
byadnis1
 
PPTX
Lesson2a-General types of CyberCrime.pptx
byadnis1
 
PPTX
criminalprofillingincybersecurityandinformation.pptx
byadnis1
 
PPTX
Network_Architecture_and_Protocols.pptxNetwork_Architecture_and_Protocols.pptx
byadnis1
 
Lesson7-Hacktivism, Terrorism, Espionage, Disinformation Campaigns and Warfar...
byadnis1
 
Cybercrimes in cybersecurity Investigations.pptx
byadnis1
 
Lesson12 Search and Search Warrants.pptx
byadnis1
 
Lesson2a-General types of CyberCrime.pptx
byadnis1
 
criminalprofillingincybersecurityandinformation.pptx
byadnis1
 
Network_Architecture_and_Protocols.pptxNetwork_Architecture_and_Protocols.pptx
byadnis1
 

Recently uploaded

PDF
Private Governance: How Decentralized Mechanisms Can Regulate the Crypto Economy
byFederico Ast
 
PDF
Automating ArcGIS Enterprise Compliance for Operational Excellence
bySafe Software
 
PDF
ENTSO-E's Response to the European Commission Call for Evidence on the Strate...
byReynir Orn Bachmann Gudmundsson
 
PPTX
A GREEN BUSINESS TOOLKIT FOR EARLY-STAGE ENTREPRENEURS (1).pptx.pptx
bylearnskillsofficial1
 
PDF
Dr. Robert Krug - Specializes In Predictive Modeling
byDr. Robert Krug
 
PDF
The Accel 2025 Globalscape: Race for compute
byPhilippe Botteri
 
PDF
Inclusive India_Samir_Dash_10 NOV_FINAL 2025.pdf
bySamir Dash
 
PDF
From Pixels to Insights: Getting Started with Imagery in FME
bySafe Software
 
PDF
Open Source SecurityCon 2025 in Atlanta - Transparency Exchange API: Where To...
byPavel Shukhman
 
PPTX
Sephora UAE API Service Real-Time Product & Price Data Access.pptx
bycreativeclicks1733
 
PDF
Unveiling the Basics of Agentic AI - OSUG Mumbai
bythesubuiyer
 
PDF
Getting started with Agent Framework.pdf
byNilesh Gule
 
PDF
How to not make bugs (in JSC), and the future of 32-bits
byIgalia
 
PDF
Wrapping up unowned UTF8 C strings: CStringView
byIgalia
 
PDF
Manage Networking in RHEL - RHCSA (RH124).pdf
byLinuxCert Guru
 
PDF
Configure and Secure SSH - RHCSA (RH124).pdf
byLinuxCert Guru
 
PDF
Supercharge Your JVM with Project Leyden
byAna-Maria Mihalceanu
 
PDF
Access Linux File System in RHEL - RHCSA (RH124).pdf
byLinuxCert Guru
 
PDF
Catalog Data - Keys to the Kingdom.pdf‎ ‎
byPrecisely
 
PDF
"Visual Guide to DSA: Big O Notation, Data Structures, and Algorithms Fundame...
byNusrat Gulbarga
 
Private Governance: How Decentralized Mechanisms Can Regulate the Crypto Economy
byFederico Ast
 
Automating ArcGIS Enterprise Compliance for Operational Excellence
bySafe Software
 
ENTSO-E's Response to the European Commission Call for Evidence on the Strate...
byReynir Orn Bachmann Gudmundsson
 
A GREEN BUSINESS TOOLKIT FOR EARLY-STAGE ENTREPRENEURS (1).pptx.pptx
bylearnskillsofficial1
 
Dr. Robert Krug - Specializes In Predictive Modeling
byDr. Robert Krug
 
The Accel 2025 Globalscape: Race for compute
byPhilippe Botteri
 
Inclusive India_Samir_Dash_10 NOV_FINAL 2025.pdf
bySamir Dash
 
From Pixels to Insights: Getting Started with Imagery in FME
bySafe Software
 
Open Source SecurityCon 2025 in Atlanta - Transparency Exchange API: Where To...
byPavel Shukhman
 
Sephora UAE API Service Real-Time Product & Price Data Access.pptx
bycreativeclicks1733
 
Unveiling the Basics of Agentic AI - OSUG Mumbai
bythesubuiyer
 
Getting started with Agent Framework.pdf
byNilesh Gule
 
How to not make bugs (in JSC), and the future of 32-bits
byIgalia
 
Wrapping up unowned UTF8 C strings: CStringView
byIgalia
 
Manage Networking in RHEL - RHCSA (RH124).pdf
byLinuxCert Guru
 
Configure and Secure SSH - RHCSA (RH124).pdf
byLinuxCert Guru
 
Supercharge Your JVM with Project Leyden
byAna-Maria Mihalceanu
 
Access Linux File System in RHEL - RHCSA (RH124).pdf
byLinuxCert Guru
 
Catalog Data - Keys to the Kingdom.pdf‎ ‎
byPrecisely
 
"Visual Guide to DSA: Big O Notation, Data Structures, and Algorithms Fundame...
byNusrat Gulbarga
 

Lesson4-Privacy and Data Protection.pptx

  • 1.
    Privacy and DataProtection Overview  Privacy and Security concerns have reached new levels due to:  The proliferation of the Internet of Things, and new technologies that allow the collection of personal data  Online marketing/Behavioral Advertising/Mobile Apps  Significant Global Laws requiring compliance and requirements for protecting and sharing personal data across borders  Big Data/Data Analytics  Huge increase in Data Breaches  Large growth in litigation  Cybersecurity requirements
  • 2.
    Def. of privacy = the claim of individuals, groups and institutions to determine for themselves, when, how and to what extent information about them is communicated to others  3 dimensions of privacy:  1) Personal privacy-Protecting a person against undue interference (such as physical searches) and information that violates his/her moral sense  2) Territorial privacy-Protecting a physical area surrounding a person that may not be violated without the acquiescence of the person  Safeguards: laws referring to trespassers search warrants  3) Informational privacy- Deals with the gathering, compilation and selective dissemination of information
  • 3.
    Introduction to Privacy Privacy is a fundamental human right. The right to privacy "constitutes an absolute imperative for…individual[s]" (Eissen, 1967, cited in De Meyer, 1973) and is enshrined in international human rights treaties, such as Article 8 of the European Convention on Human Rights of 1950, Article 11 of the American Convention on Human Rights of 1969, Article 12 of the Universal Declaration on Human Rights of 1948, and Article 17 of the International Covenant on Civil and Political Rights of 1966. This right is also recognized in Article 16 of the Convention on the Rights of the Child of 1989, Article 14 of the International Convention on the Protection of the Rights of All Migrant Workers and Members of Their Families of 1990, Article 7 of the Charter of Fundamental Rights of the European Union of 2000, and Article 22 of the Convention on the Rights of Persons with Disabilities of 2006.
  • 4.
    What entails privacy? Conceptions of privacy vary and include the right to be free from observation; the right to be left alone; the capacity to keep one's thoughts, beliefs, identity, and behaviour secret; and the right to choose and control when, what, why, where, how, and to whom information about oneself is revealed and to what extent information is revealed (Cooley, 1907; Fried, 1970; Janis, Kay and Bradley, 2000; Maras, 2009; for a detailed analysis of these and other conceptions of privacy, see Koops et al., 2017).  The latter understanding of privacy (i.e., the right to choose and control information about oneself) links privacy to information (or data) protection
  • 5.
    Privacy and Security Anonymity enables users to engage in activities without revealing themselves and/or their actions to others (Maras, 2016). Online, anonymity "provide[s] individuals and groups with a zone of privacy online to hold opinions and exercise freedom of expression without arbitrary and unlawful interference or attacks" ( A/HRC/29/32, para. 16).  In view of that, privacy affords users of information and communication technology with a space free from intimidation, retaliation, and other forms of coercion or sanction for the expression of thoughts, opinions, views, and ideas, without being forced to identify themselves. Accordingly, "technical solutions to secure and protect the confidentiality of digital communications, including [anonymity] measures…, can be important to ensure the enjoyment of human rights, in particular the rights to privacy, to freedom of expression and to freedom of peaceful assembly and association" ( A/HRC/RES/38/7).
  • 6.
    Basic privacy principles Lawfulness and fairness  Necessity of data collection and processing  Purpose specification and purpose binding-There are no "non-sensitive" data  Transparency-Data subject´s right to information correction, erasure or blocking of incorrect/ illegally stored data  Supervision (= control by independent data protection authority) & sanctions  Adequate organizational and technical safeguards  Privacy protection can be undertaken by:  Privacy and data protection laws promoted by government  Self-regulation for fair information practices by codes of conducts promoted by businesses  Privacy-enhancing technologies (PETs) adopted by individuals  Privacy education of consumers and IT professionals
  • 7.
    Privacy and Security The identity of the individual and their location can be difficult to ascertain due to anonymity and the use of privacy-enhancing technologies, such as Tor .  Another example of a privacy-enhancing technology is encryption. Encryption blocks third party access to users' information and communications. Governments around the world have argued for the need to access encrypted communications and information in order to fight serious crimes, such as terrorism, organized crime, and child sexual exploitation (Markoff, 1996; MacFarquhar, 2018; Meyer, 2018; Hawkins, 2018;  Even though encryption makes it difficult to hold cybercriminals responsible and can be leveraged by them to commit cybercrime, its banning and restriction is unwarranted and legally unjustified. An outright ban of encryption limits the privacy of an individual in an arbitrary manner and thus is contrary to international human rights law (see A/HRC/29/32).
  • 8.
    Threats to Privacy 1)Threats to privacy at application level  Threats to collection / transmission of large quantities of personal data  Incl. projects for new applications on Information Highway, e.g.:  Health Networks / Public administration Networks  Research Networks / Electronic Commerce / Teleworking  Distance Learning / Private use
  • 9.
    Threats to privacy 2)Threats to privacy at communication level  Threats to anonymity of sender / forwarder / receiver  Threats to anonymity of service provider  Threats to privacy of communication  E.g., via monitoring / logging of transactional data  Extraction of user profiles & its long-term storage 3) Threats to privacy at system level  E.g., threats at system access level 4) Threats to privacy in audit trails
  • 10.
    Cybercrime that compromisesprivacy  Cybercrime violates individuals' privacy and the security of their data, particularly hacking, malware, identity theft, financial fraud, medical fraud, and certain offences against persons that involve the revealing of personal information, messages, images, and video and audio recordings without individuals' consent or permission (e.g., cyberstalking, cyberharassment, and cyberbullying  Data is considered a commodity online and offline by both legal and illegal actors (Maras, 2016). For this reason, data is a primary target of cybercriminals. Data also plays an integral role in the commission of many cybercrimes, primarily because it is not adequately protected and can be illicitly accessed and obtained.  Data breaches have resulted from lost or stolen encrypted flash drives and other storage devices (mainly laptop and smartphones), poor system and data security, unauthorized access to the database or the exceeding of authorized access to a database, and accidental disclosure, release or publication of data
  • 11.
    Data protection legislation Personal data is protected under the right to privacy in international human rights instruments. For example, the European Court of Human Rights has held that telephone data, emails, and Internet use ( Copland v. the United Kingdom, 2007 §§ 41-42), and data stored on computer servers ( Wieser and Bicos Beteiligungen GmbH v. Austria, § 45), fall within the scope of protection of Article 8(1) of the European Convention on Human Rights. The mere storage of personal data can violate a user's right to privacy.  Data protection covers the generation, collection, storage, analysis, use, and sharing of personal information. Data protection covers the generation and collection of personal data because "[t]he right to privacy is not only impacted by the examination or use of information about a person by a human or an algorithm…[(Bernal, 2016) but also]…the mere generation and collection of data relating to a person's identity, family or life
  • 12.
    Data protection legislation Outside of breaches, medical, financial, and other personal data could be found on dedicated online carding forums (i.e., online sites dedicated to selling debit and credit card data) and darknet sites (located in the Deep Web)  In addition to releasing this data for financial purposes, compromised data can (and has) been released to shame people and expose their real or perceived immoral actions and behaviours. A case in point is the posting of the personal information (e.g., names and email addresses) of approximately 37 million users of Ashley Madison, a website which connected users seeking extramarital affairs, online (Zetter, 2015).
  • 13.
    Data protection legislation Data protection practices also vary between public and private authorities. In the United States, for example, only certain types of data collected, stored, analysed, and shared by private companies is regulated (e.g., financial, health, education, and children's data; Maras and Wandt, 2019). Furthermore, in certain countries protections vary depending on the type of data (e.g., email content is afforded greater protection than the email address of sender or recipient).
  • 14.
    Data protection legislation Data protection laws vary according to types and sources of data (e.g., sectoral data, online data, offline data, and sensitive data) and data subjects (e.g., adults and children).  Mexico has two data protection laws, one that regulates the private sector, Federal Law on Protection of Personal Data Held by Private Parties of 2010, and one that regulates the public sector, General Law for the Protection of Personal Data in Possession of Obliged Subjects of 2017. Mexico also has certain provisions in the law that regulate private data relating to cloud services, including the regulation of law enforcement access to stored data in the cloud and the handling of data after the termination of cloud services.
  • 15.
    Exercise  Summarize theKenya Data Protection Act
  • 16.
    Technical Privacy Controls Technical controls - Privacy-Enhancing Technologies (PETs) a) Protecting user identities via, e.g.:  Anonymity - a user may use a resource or service without disclosing her identity  Pseudonymity - a user acting under a pseudonym may use a resource or service without disclosing his identity  Unobservability - a user may use a resource or service without others being able to observe that the resource or service is being used  Unlinkability - sender and recipient cannot be identified as communicating with each other
  • 17.
    What are PrivacyEnhancing Technologies (PETs)?  Privacy Enhancing Technologies (PETs) are a suite of tools that can help maximise the use of data by reducing risks inherent to data use. Some PETs provide new tools for anonymisation, while others enable collaborative analysis on privately-held datasets, allowing data to be used without disclosing copies of data.  PETs are multi-purpose: they can reinforce data governance choices, serve as tools for data collaboration or enable greater accountability through audit. For these reasons, PETs have also been described as “Partnership Enhancing Technologies” or “Trust Technologies”
  • 18.