Veale, M;
Binns, R;
Ausloos, J;
(2018)
When Data Protection by Design and Data Subject Rights Clash.
International Data Privacy Law
, 8
(2)
pp. 105-123.
10.1093/idpl/ipy002.
Preview |
Text
Veale_VealeBinnsAusloos.pdf - Published Version Download (237kB) | Preview |
Abstract
• Data Protection by Design (DPbD), a holistic approach to embedding principles in technical and organisational measures undertaken by data controllers, building on the notion of Privacy by Design, is now a qualified duty in the GDPR. • Practitioners have seen DPbD less holistically, instead framing it through the confidentiality-focussed lens of Privacy Enhancing Technologies (PETs). • While focussing primarily on confidentiality risk, we show that some DPbD strategies deployed by large data controllers result in personal data which, despite remaining clearly reidentifiable by a capable adversary, make it difficult for the controller to grant data subjects rights (eg access, erasure, objection) over for the purposes of managing this risk. • Informed by case studies of Apple’s Siri voice assistant and Transport for London’s Wi-Fi analytics, we suggest three main ways to make deployed DPbD more accountable and data subject–centric: building parallel systems to fulfil rights, including dealing with volunteered data; making inevitable trade-offs more explicit and transparent through Data Protection Impact Assessments; and through ex ante and ex post information rights (arts 13–15), which we argue may require the provision of information concerning DPbD trade-offs. • Despite steep technical hurdles, we call both for researchers in PETs to develop rigorous techniques to balance privacy-as-control with privacyas-confidentiality, and for DPAs to consider tailoring guidance and future frameworks to better oversee the trade-offs being made by primarily wellintentioned data controllers employing DPbD.
| Type: | Article |
|---|---|
| Title: | When Data Protection by Design and Data Subject Rights Clash |
| Open access status: | An open access version is available from UCL Discovery |
| DOI: | 10.1093/idpl/ipy002 |
| Publisher version: | https://doi.org/10.1093/idpl/ipy002 |
| Language: | English |
| Additional information: | Copyright © The Author(s) 2018. Published by Oxford University Press. This is an Open Access article distributed under the terms of the Creative Commons Attribution License (http://creativecommons.org/licenses/by/4.0/), which permits unrestricted reuse, distribution, and reproduction in any medium, provided the original work is properly cited. |
| UCL classification: | UCL UCL > Provost and Vice Provost Offices > UCL SLASH UCL > Provost and Vice Provost Offices > UCL SLASH > Faculty of Laws |
| URI: | https://discovery-pp.ucl.ac.uk/id/eprint/10043844 |
Archive Staff Only
 |
View Item |
