Informação relevante
Transformando o diagrama de fluxo de dados para conformidade com as políticas de privacidade

Neste artigo, fornecemos um algoritmo explícito e uma implementação de prova de conceito para transformar diagramas de fluxo de dados em diagramas de fluxo de dados voltados para a privacidade. Nossa ferramenta auxilia os engenheiros de software na tarefa crítica, mas sujeita a erros, de inserir sistematicamente verificações de privacidade durante o projeto (elas são adicionadas automaticamente por nossa ferramenta) enquanto ainda permite que inspecionem e editem, se necessário.

Transforming Data Flow Diagram for Privacy Compliance

In this paper, weprovide an explicit algorithm and a proof-of-concept implementation to transform Data Flow Diagrams into Privacy-Aware DataFlow Diagrams. Our tool assists software engineers in the critical but error-prone task of systematically inserting privacy checksduring design (they are automatically added by our tool) while still allowing them to inspect and edit if necessary.

Build trust in digital health

The rapid rollout of digital health approaches in the ongoing global COVID-19 pandemic has neglected to prioritize data privacy and is a missed opportunity for building users’ trust in these technologies for future outbreaks and quotidian healthcare.

And here another paper: "Patient trust must come at the top of researchers’ priority list"

Crie confiança na saúde digital

A rápida implantação de abordagens de saúde digital na atual pandemia global COVID-19 negligenciou a priorização da privacidade de dados e é uma oportunidade perdida de construir a confiança dos usuários nessas tecnologias para surtos futuros e saúde cotidiana.

E aqui outro artigo: "A confiança do paciente deve estar no topo da lista de prioridades dos pesquisadores"

Making context the central concept in privacy engineering

There is a gap between people’s online sharing of personal data and their concerns about privacy. Till now, this gap is addressed by attempting to match individual privacy preferences with service providers’ options for data handling. This approach has ignored the role different contexts play in data sharing. This paper aims at giving privacy engineering a new direction putting context centre stage and exploiting the affordances of machine learning in handling contexts and negotiating data sharing policies.

Artigo: Identidade auto-soberana e IoT

Este comunicado da Fundação Sovrin sobre SSI e IoT demonstra grandes oportunidades em IoT para lidar com desafios reais de segurança, proveniência de dados e abrir áreas totalmente novas de operação.

Fazendo do contexto o conceito central na engenharia de privacidade

Há uma lacuna entre o compartilhamento online de dados pessoais das pessoas e suas preocupações com a privacidade. Até agora, essa lacuna é abordada ao tentar combinar as preferências de privacidade individuais com as opções dos provedores de serviço para tratamento de dados. Essa abordagem ignorou o papel que diferentes contextos desempenham no compartilhamento de dados. Este artigo tem como objetivo dar à engenharia de privacidade uma nova direção, colocando o contexto no centro do palco e explorando as possibilidades do aprendizado de máquina para lidar com contextos e negociar políticas de compartilhamento de dados.

White Paper: Self-Sovereign Identity & IoT

This release from the Sovrin Foundation around SSI & IoT demonstrates great opportunities in IoT in addressing real security challenges, data provenance and opening whole new areas of operation.

Artigo: Controle de Uso nos Espaços de Dados Internacionais

O documento está relacionado a https://www.mydata-control.de, do grupo Fraunhofer IESE Usage Control. Do Resumo:

Na era do Industry 4.0, a troca de dados entre diferentes organizações é um pré-requisito essencial para agregar mais valor aos dados e desenvolver modelos de negócios modernos. No entanto, temos que resolver vários desafios para facilitar uma troca de dados segura e confiável entre diferentes organizações. A soberania dos dados é um fator chave de sucesso para modelos de negócios baseados em dados. No Industrial Data Space, oferecemos soluções para realizar uma troca de dados segura e confiável, bem como a soberania de dados.

Paper: Usage Control in the International Data Spaces

The paper is related to https://www.mydata-control.de by Fraunhofer IESE Usage Control group. From the Abstract:

In the age of Industry 4.0, data exchange between different organizations is an essential prerequisite to add more value to data and to develop modern business models. However, we have to solve several challenges to facilitate a secure and trustworthy data exchange between different organizations. Data sovereignty is a key success factor for data-driven business models. In the Industrial Data Space, we provide solutions to realize a secure and trustworthy data exchange as well as data sovereignty.

Avaliação baseada em medição da API de notificação de exposição do Google/Apple para detecção de proximidade em um bonde elétrico

Este artigo descreve os resultados de um estudo de medição de aplicativo de rastreamento de contato Covid-19 realizado em um projeto padrão de bonde suburbano europeu. As medições indicam que no bonde há pouca correlação entre a intensidade do sinal recebido pelo Bluetooth e a distância entre os aparelhos. O artigo aplica as regras de detecção usadas pelos aplicativos italiano, suíço e alemão aos dados de medição e também caracterizou o impacto no desempenho das mudanças nos parâmetros usados ​​nessas regras de detecção.

Measurement-based evaluation of Google/Apple Exposure Notification API for proximity detection in a light-rail tram

This paper describes results of a Covid-19 contact tracing app measurement study carried out on a standard design of European commuter tram. The measurements indicate that in the tram there is little correlation between Bluetooth received signal strength and distance between handsets. The paper applies the detection rules used by the Italian, Swiss and German apps to measurement data and also characterised the impact on performance of changes in the parameters used in these detection rules.

Principles for Revenue Models of Data Stewardship

One of the biggest concerns, given data is an intangible and valuable asset, is how business models can be structured so that stewards remain incentivized to serve the interests of individuals and communities, and do not use the data for their own ends. Data is a complex resource, and to understand potential revenue models of a steward, this paper studies resources or assets which embody the complexity of data and the accompanying ethical issues of protection.
You may also want to have a look at "Understanding data stewardship: taxonomy and use cases" from the same source.

Princípios para modelos de receita de gerenciamento de dados

Uma das maiores preocupações, uma vez que os dados são um ativo intangível e valioso, é como os modelos de negócios podem ser estruturados para que os administradores permaneçam incentivados a servir aos interesses de indivíduos e comunidades e não usem os dados para seus próprios fins. Os dados são um recurso complexo e, para compreender os modelos de receita potencial de um administrador, este artigo estuda os recursos ou ativos que incorporam a complexidade dos dados e as questões éticas de proteção que os acompanham. Você também pode dar uma olhada em "Compreendendo o gerenciamento de dados: taxonomia e casos de uso" da mesma fonte.

Proximity Tracing in an Ecosystem of Surveillance Capitalism

Proximity tracing apps have been proposed as an aide in dealing with the COVID-19 crisis. Some of those apps leverage attenuation of Bluetooth beacons from mobile devices to build a record of proximate encounters between a pair of device owners. The underlying protocols are known to suffer from false positive and re-identification attacks. We present evidence that the attacker's difficulty in mounting such attacks has been overestimated.

Rastreamento de proximidade em um ecossistema de capitalismo de vigilância

Aplicativos de rastreamento de proximidade foram propostos como um auxiliar no tratamento da crise do COVID-19. Alguns desses aplicativos aproveitam a atenuação de beacons Bluetooth de dispositivos móveis para construir um registro de encontros próximos entre dois proprietários de dispositivos. Os protocolos subjacentes são conhecidos por sofrerem de ataques de falsos positivos e de reidentificação. Apresentamos evidências de que a dificuldade do invasor em montar tais ataques foi superestimada.

Will the data markets necessarily fail? (PDF)

Abstract: With the billions of Internet of Things devices connected via the 5G and other networks, loads of useful data are produced. However, the majority of these data are disappearing into the silos of cloud and IoT companies. This problem is exacerbated by the current economic system creating perverse incentives that push companies to keep their data private and not to sell or share them. From the society point of view, this leads to severe inefficiencies. More structurally, Adam Smith's invisible hand does not work: in the data markets, the public and private interests are not aligned by the current market forces.
Based on these observations, we present a conjecture wherein we state that any attempts to fix the market failure in the data markets within the current economic structures are bound to be inefficient. Only by redefining fundamental economic concepts, such as ownership and money, we can efficiently align the interests, clear the markets, and gain welfare potential. Furthermore, we briefly suggest an urban community currency experiment wherein this conjecture could be empirically tested.

Os mercados de dados necessariamente falharão? (PDF)

Resumo: Com os bilhões de dispositivos da Internet das Coisas conectados via 5G e outras redes, muitos dados úteis são produzidos. No entanto, a maioria desses dados está desaparecendo nos silos de empresas de nuvem e IoT. Esse problema é exacerbado pelo sistema econômico atual, que cria incentivos perversos que levam as empresas a manter a privacidade de seus dados e a não vendê-los ou compartilhá-los. Do ponto de vista da sociedade, isso leva a graves ineficiências. Mais estruturalmente, a mão invisível de Adam Smith não funciona: nos mercados de dados, os interesses públicos e privados não estão alinhados com as forças de mercado atuais. Com base nessas observações, apresentamos uma conjuntura em que afirmamos que qualquer tentativa de corrigir a falha de mercado nos mercados de dados dentro das estruturas econômicas atuais está fadada a ser ineficiente. Somente redefinindo os conceitos econômicos fundamentais, como propriedade e dinheiro, podemos alinhar os interesses com eficiência, limpar os mercados e obter potencial de bem-estar. Além disso, sugerimos brevemente um experimento de moeda comunitária urbana em que essa conjectura pudesse ser testada empiricamente.

Digital Inequality During a Pandemic

A quantitative study of differences in COVID-19–related internet uses and outcomes among the general population.

MyData: Aplicando princípios centrados no ser humano nos dados de saúde

A European Medical Writers Association (EMWA) convidou o MyData a escrever um artigo de destaque como parte da edição de junho de 2020 da Data Economy. Com um forte tema acadêmico e de saúde, Casandra do grupo temático de dados de saúde aceitou o convite para reunir especialistas da comunidade na redação de um artigo MyData. 14 indivíduos de 9 países contribuíram para moldar o artigo em torno dos seis princípios MyData, baseados em cenários do mundo real. A publicação aponta áreas de ação para decisores políticos, partes interessadas na área da saúde e comunicadores médicos defenderem os direitos de dados. O artigo é de acesso aberto e está disponível publicamente no site da revista EMWA.

MyData: Applying human-centric principles to health data

The European Medical Writers Association (EMWA) invited MyData to write a feature article as part of their June 2020 Data Economy edition. With a heavy academic and health theme, Casandra from the health data thematic group took up the request to bring together experts from the community on writing a MyData article. 14 individuals from 9 countries contributed to shape the article around the 6 MyData principles drawing from real-world scenarios. The publication points to actionable areas for policy makers, healthcare stakeholders, and medical communicators to advocate for data rights. The article is open-access and publicly available on the EMWA journal website.

Representações Iconificadas de Políticas de Privacida: Uma Perspectiva do RGPD

As políticas de privacidade informam sobre a coleta de dados pessoais e as práticas de processamento, permitindo que as pessoas tomem decisões informadas sobre serviços prestados. No entanto, elas são difíceis de entender devido ao sua extensão e uso da terminologia legal. Para resolver esse problema, os órgãos reguladores propõem o uso de representações gráficas para políticas de privacidade. Este artigo analisa o desenvolvimento de representações gráficas e iconificadas atuais para políticas de privacidade.

Iconified Representations of PrivacyPolicies: A GDPR Perspective

Privacy policies inform on personal data collection and pro-cessing practices, allowing people to make informed decisions about agiven service. However, they are difficult to understand due to theirlength and use of legal terminology. To address this issue, regulatory bod-ies propose the use of graphical representations for privacy policies. Thispaper reviews the development of current graphical and iconified repre-sentations for privacy policies

SwissCovid: a critical analysis of risk assessment by Swiss authorities

Paul-Olivier wrote a paper outlining the privacy and security risks associated to the Google/Apple Exposure Notification API. This is very Swiss centric but applicable to many different countries of course.

Covid-19 na Suíça: uma análise crítica da avaliação de riscos pelas autoridades suíças

Paul-Olivier escreveu um artigo descrevendo os riscos de privacidade e segurança associados à API de Notificação de Exposição do Google / Apple. Isso é muito focado na Suíça, mas é aplicável a muitos países diferentes, é claro.

Moldando o terreno da competição das IAs

Como as democracias devem competir efetivamente contra regimes autoritários no território das Inteligências Artificiais? Este relatório oferece uma "estratégia de terreno" para os Estados Unidos alavancarem a maleabilidade da inteligência artificial para compensar as vantagens estruturais dos governos autoritários na engenharia e implantação da IA.

Shaping the Terrain of AI Competition

How should democracies effectively compete against authoritarian regimes in the AI space? This report offers a “terrain strategy” for the United States to leverage the malleability of artificial intelligence to offset authoritarians' structural advantages in engineering and deploying AI.

AI Fairness

Ruoss et al. published the first method to train AI systems with mathematically provable certificates of individual fairness. Full source code is available on Github.

Users would tell Facebook their bank balance for $8.44 a month

Study of people across six countries finds German users would charge most for sharing personal data. This article is based on this paper: How Much is Privacy Worth Around the World and Across Platforms?.

Commerce in Data and the Dynamically Limited Alienability Rule

Commerce in some data is, and should be, limited by the law because some data embody values and interests (in particular, human dignity) that may be detrimentally affected by trade.

Preprint: Alternative personal data governance models

The not-so-secret ingredient that underlies all successful Artificial Intelligence / Machine Learning (AI/ML) methods is training data. There would be no facial recognition, no targeted advertisements and no self-driving cars if it was not for large enough data sets with which those algorithms have been trained to perform their tasks. Given how central these data sets are, important ethics questions arise: How is data collection performed? And how do we govern its' use? This chapter – part of a forthcoming book – looks at why new data governance strategies are needed; investigates the relation of different data governance models to historic consent approaches; and compares different implementations of personal data exchange models.

Commerce in Data and the Dynamically Limited Alienability Rule

Commerce in some data is, and should be, limited by the law because some data embody values and interests (in particular, human dignity) that may be detrimentally affected by trade. In this article, drawing on the Roman law principles regarding res extra commercium, we investigate the example of personal data as regulated under the EU Charter and the GDPR. We observe that transactions in personal data are not forbidden but subject to what we call a dynamically limited alienability rule. This rule is based on two dynamic variables: the nature of data and the legal basis for commercially trading such data (at primary or secondary level).

Using Emergence to Take Social Innovation to Scale

Despite current ads and slogans, the world doesn’t change one person at a time. It changes as networks of relationships form among people who discover they share a common cause and vision of what’s possible.

From smart to rebel city? Worlding, provincialising and the Barcelona Model

This article examines the evolution of the ‘Barcelona Model’ of urban transformation through the lenses of worlding and provincialising urbanism. We trace this evolution from an especially dogmatic worlding vision of the smart city, under a centre-right city council, to its radical repurposing under the auspices of a municipal government led, after May 2015, by the citizens’ platform Barcelona en Comú.

GDPR Transparency as a Research Method

Data-driven research is rapidly becoming mainstream across different disciplines in academia and in investigative journalism. One of the key challenges researchers often struggle with is how to obtain good data.

My Data vs Data About Me

Reframing ‘my data’ to ‘data about me’ is a really helpful way to move beyond the simplistic, dualistic and dangerous notion of personal data as a monetisable resource towards a recognition of the inseparable nature of data and self. Another perspective provides this tweet that we are more impacted by other people’s data than we are by data about us. And Viivi recommended this article that explains the difference between market participation and right-based pariticpation.

Big Data from the South(s): Beyond Data Universalism

This article introduces the tenets of a theory of datafication of and in the Souths. It calls for a de-Westernization of critical data studies, in view of promoting a reparation to the cognitive injustice that fails to recognize non-mainstream ways of knowing the world through data.

Moving Beyond User-centered Design (PDF)

Jodi Forlizzi from the Carnegie Mellon University writes 'If I could wave a magic wand, I would use it to make the HCI community move beyond user-centered design to a notion of stakeholder-centered design.'

The First Amendment Right to Speak About the Human Genome

No doubt unintentionally, the debate about return of results has taken on a striking resemblance to the 1520–1547 debate about translation of the English vernacular Bible. (Very US law but the section on the Bible is great.)

Data agency at stake: MyData activism and alternative frames of equal participation

Data activism has emerged as a response to asymmetries in how data and the means of knowledge production are distributed. This article examines MyData, a data activism initiative developing principles for a new technical and commercial ecosystem in which individuals control the use of personal data.

Bottom-Up Data Trusts: Disturbing the ‘One Size Fits All’ Approach to Data Governance

Delacroix and Lawrence emphasize the limits inherent in an ownership approach to data: at most, data ownership confers the kind of access rights that are similar to water rights.

Datafication and social science research in Aotearoa

An awesome piece of research on Indigenous Data by Dr Tahu Kukutai and Donna Cormack.

Data agency at stake: MyData activism and alternative frames of equal participation

Data activism has emerged as a response to asymmetries in how data and the means of knowledge production are distributed. This article examines MyData, a data activism initiative developing principles for a new technical and commercial ecosystem in which individuals control the use of personal data.

Artificial Intelligence Governance and Ethics: Global Perspectives

AI is increasingly being embedded in our lives, supplementing our pervasive use of digital technologies. But this is being accompanied by disquiet over problematic and dangerous implementations of AI, or indeed, even AI itself deciding to do dangerous and problematic actions, especially in fields such as the military, medicine and criminal justice.

Clouded data: Privacy and the promiseof encryption

Interesting paper highlighting the different reconfiguration of the notion of privacy taking place under various technical schemes: blockchain, multiparty computation, fully homomorphic encryption, differential privacy


Perguntas feitas
Contribute to Article in 'Medical Writing'

Some time ago we got a request for writing an article about MyData and its goals, with the connection to health data. The article is for the June 2020 issue of Medical Writing which is the official journal of the European Medical Writers Association. The journal is peer-reviewed and open access. There are no charges or any other hidden fees. Authors retain copyright.