Claire Levallois-Barth

1 – Digital Identity

According to the records on “digital trust” from ACSEL, which is an acronym for the French Digital Economy Association, French Internet users used an average of 16.4 digital IDs in 2013, compared to 12.2 in 2009. By digital ID, we mean information – like login and password – needed to activate an account, but also any traces left by an individual due to their activities or technological devices (IP address, photos, types of purchase, etc.). Ninety percent of Internet users use their digital IDs to access e-administration and e-commerce services, 8% for online banking, and 77% for social networks. The same ACSEL study measures the risks perceived by Internet users with regard to their digital ID and observes that 42% of them fear errors with their ID (compared to 34% in 2009) and 40% misuse of their data. It is important to know that the French are victims of 400,000 identity thefts per year on average. ACSEL argues that an Internet user’s “breaking point with regards to trust” occurs “when the risks perceived by the user are considered to be greater than the use value of a digital service”.

A Purpose-Based Taxonomy for Better Governance of Personal Data in the Internet of Things Era: The Example of Wellness Data

Tomorrow, the rise of the Internet of Things will allow us to collect and process a growing amount of real-time data related to our body. This phenomenon will unlock new opportunities both in health- and non-health-related sectors but also challenge the frontiers of what we used to consider private. Beyond these frontiers, not all data is created with the same level of sensitivity and risk, and we propose a new taxonomy based on purpose rather than anticipated sensitivity of the personal data collected. We believe this new taxonomy can help companies govern data flows in a way that strikes a better balance between the protection of personal data, drawing examples from both the European Union and the United States regulatory context, and research and innovation opportunities as well as incentivizes them to develop more user-centric business models. In the end, a better governance of personal data can help citizens become more responsible for the choices they make.

Privacy Management and Protection of Personal Data

Abstract In this chapter, we will give detailed consideration to the ways in which the use of technology can infringe on privacy. We will consider technologies that have been around for the last decade revolutionizing the way in which we buy, communicate, contribute and obtain information, and emerging technologies, which use communicating objects (radio frequency identification (RFID), sensors, smartdust, etc.) to provide future solutions for facilitating everyday life. This development creates issues concerning the application of legal provisions, particularly concerning the collection, use and transmission of personal data. The existing rules, defined in the late 1970s, serve to defend the privacy of users, alongside other fundamental rights and liberties, including freedom of movement and self-determination. This legal framework is applicable to all technologies, whether they concern direct identification data (names and surnames) or indirect identification elements (biometric elements, DNA).

La géolocalisation : un nouvel impératif

L’offre de services de geolocalisation via un telephone mobile implique de connaitre la localisation et l’identifiant du telephone, donc de collecter des donnees relatives a un utilisateur identifie ou identifiable. A ce titre, la loi Informatique et Libertes exige que l’utilisateur consente en toute transparence a beneficier d’un service geolocalisant et que ses donnees de localisation soient detruites ou anonymisees une fois la prestation fournie. Si, dans certains cas, l’utilisateur aspire a etre localise, dans d’autres cas, la personne concernee ignore que sa position geographique est connue de tiers. Cette tracabilite subie laisse entrevoir de redoutables perspectives de controle ou d’abus tant de la part des services repressifs que des entreprises. L’enjeu ne porte pas uniquement sur les risques d’atteinte a la liberte d’aller et venir, et au respect de la vie privee. De facon plus pernicieuse, l’autonomie informationnelle et decisionnelle du citoyen peut etre remise en cause.