Bart Schermer

Discrimination and Privacy in the Information Society

Vast amounts of data are nowadays collected, stored and processed, in an effort to assist in making a variety of administrative and governmental decisions. These innovative steps considerably improve the speed, effectiveness and quality of decisions. Analyses are increasingly performed by data mining and profiling technologies that statistically and automatically determine patterns and trends. However, when such practices lead to unwanted or unjustified selections, they may result in unacceptable forms of discrimination. Processing vast amounts of data may lead to situations in which data controllers know many of the characteristics, behaviors and whereabouts of people. In some cases, analysts might know more about individuals than these individuals know about themselves. Judging people by their digital identities sheds a different light on our views of privacy and data protection. This book discusses discrimination and privacy issues related to data mining and profiling practices. It provides technological and regulatory solutions, to problems which arise in these innovative contexts. The book explains that common measures for mitigating privacy and discrimination, such as access controls and anonymity, fail to properly resolve privacy and discrimination concerns. Therefore, new solutions, focusing on technology design, transparency and accountability are called for and set forth.

The crisis of consent: how stronger legal protection may lead to weaker consent in data protection

In this article we examine the effectiveness of consent in data protection legislation. We argue that the current legal framework for consent, which has its basis in the idea of autonomous authorisation, does not work in practice. In practice the legal requirements for consent lead to ‘consent desensitisation’, undermining privacy protection and trust in data processing. In particular we argue that stricter legal requirements for giving and obtaining consent (explicit consent) as proposed in the European Data protection regulation will further weaken the effectiveness of the consent mechanism. Building on Miller and Wertheimer’s ‘Fair Transaction’ model of consent we will examine alternatives to explicit consent.

Privacy Expectations of Social Media Users: The Role of Informed Consent in Privacy Policies

Social media process (sometimes large amounts of) personal data of their users, usually on the basis of informed consent. In this article, a comparison is made between, on the one hand, existing practices of social media regarding informed consent for using personal data of users and, on the other hand, user expectations with regard to privacy and informed consent. The comparison is made on the basis of a set of criteria for informed consent distilled from an analytical bibliography. Next, the privacy policies of a selection of eight social network sites and user generated content sites are analyzed using this set of criteria for informed consent. User expectations regarding these criteria were derived from survey results of a large EU-wide online survey (N = 8,621, 26 countries) on the awareness, values, and attitudes of social media users regarding privacy. We find that not all privacy policy criteria are important to users, but most criteria that are important to users can be found in most privacy policies.

Minding Minors Wandering the Web: Regulating Online Child Safety

Ensuring online safety has become a topic on the regulatory agenda in many Western societies. However, regulating for online safety is far from easy, due to the wide variety of national and international, private and public actors and stakeholders that are involved. When regulating online risks for children it is important to strike the right balance between protection against harms on the one hand and safeguarding their fundamental freedoms and rights on the other. The authors in this book attempt to grapple with precisely this theme: striking the right balance between ensuring safety for children on the internet while at the same time enabling them to experiment, to learn, to enrich their lives, to acquire skills and to have fun using this global network. The authors come from various scientific disciplines, ranging from law to social science and from media studies to philosophy. This means that the book provides the reader with both empirical and theoretical/conceptual chapters and sheds a multi-disciplinary light on the complex topic of regulating online safety for children.

Risks of Profiling and the Limits of Data Protection Law

Profiling and automated decision-making may pose risks to individuals. Possible risks that flow forth from profiling and automated decision-making include discrimination, de-individualisation and stereotyping. To mitigate these risks, the right to privacy is traditionally invoked. However, given the rapid technological developments in the area of profiling, it is questionable whether the right to informational privacy and data protection law provide an adequate level of protection and are effective in balancing different interests when it comes to profiling. To answer the question as to whether data protection law can adequately protect us against the risks of profiling, I will discuss the role of data protection law in the context of profiling and automated decision-making. First, the specific risks associated with profiling and automated decision-making are explored. From there I examine how data protection law addresses these risks. Next I discuss possible limitations and possible drawbacks of data protection law when it comes to the issue of profiling and automated decision-making. I conclude with several suggestions to for making current data protection law more effective in dealing with the risks of profiling. These include more focus on the actual goals of data processing and ‘ethics by design’.

Responsibly Innovating Data Mining and Profiling Tools: A New Approach to Discrimination Sensitive and Privacy Sensitive Attributes

Data mining is a technology that extracts useful information, such as patterns and trends, from large amounts of data. The privacy sensitive input data and the output data that is often used for selections deserve protection against abuse. In this paper we describe one of the main results of our research project on developing new privacy preserving and discrimination aware data mining tools, namely why the common measures for mitigating privacy and discrimination concerns, such as a priori limiting measures (particularly access controls, anonymity and purpose specification) are mechanisms that are increasingly failing solutions against privacy and discrimination issues in the novel context of advanced data mining and profiling. Contrary to previous attempts to protect privacy and prevent discrimination in data mining, we did not focus on new designs that better enable (a priori) access limiting measures regarding input data, but rather focused on (a posteriori) responsibility and transparency. Instead of limiting access to data, which is increasingly hard to enforce in a world of automated and interlinked databases and information networks, rather the question how data can and may be used was stressed.