consent as an instrument to protect user privacy
play

Consent as an Instrument to Protect User Privacy Rishab Bailey - PowerPoint PPT Presentation

Sep 28, 2022 •15 likes •705 views

Consent as an Instrument to Protect User Privacy Rishab Bailey National Institute of Public Finance and Policy July 2019 1 Outline Exercise Introduction to the concept of consent Criticisms of the notice-consent

  1. Consent as an Instrument to Protect User Privacy Rishab Bailey National Institute of Public Finance and Policy July 2019 1

  2. Outline • Exercise • Introduction to the concept of “consent” • Criticisms of the ‘notice-consent’ framework in the privacy context • Paper: Disclosures in privacy policies: Does notice and consent work? • Analysis of policies • Survey • Consent related provisions in the draft Personal Data Protection Bill, 2018 • How to improve notice and consent mechanisms • Conclusions 2

  3. Exercise - Replicating our Survey

  4. Exercise • Please read the privacy policy you have been provided • Please answer all ten questions in the survey • Appropriate answers: Yes / No / Not specified / Can’t say 3

  5. The Correct Answers 1. –> Not specified – NA – 25 percent 4

  6. The Correct Answers 1. –> Not specified – NA – 25 percent 2. –> Yes – lines 32-33, 78-79, 81-83, 74 – 97 percent 4

  7. The Correct Answers 1. –> Not specified – NA – 25 percent 2. –> Yes – lines 32-33, 78-79, 81-83, 74 – 97 percent 3. –> No – lines 112-122 – 25 percent 4

  8. The Correct Answers 1. –> Not specified – NA – 25 percent 2. –> Yes – lines 32-33, 78-79, 81-83, 74 – 97 percent 3. –> No – lines 112-122 – 25 percent 4. –> Yes – lines 103-106 – 87 percent 4

  9. The Correct Answers 1. –> Not specified – NA – 25 percent 2. –> Yes – lines 32-33, 78-79, 81-83, 74 – 97 percent 3. –> No – lines 112-122 – 25 percent 4. –> Yes – lines 103-106 – 87 percent 5. –> Yes – lines 113-122 - 75 percent 4

  10. The Correct Answers 1. –> Not specified – NA – 25 percent 2. –> Yes – lines 32-33, 78-79, 81-83, 74 – 97 percent 3. –> No – lines 112-122 – 25 percent 4. –> Yes – lines 103-106 – 87 percent 5. –> Yes – lines 113-122 - 75 percent 6. –> Not specified – (lines 159-156) – 46 percent 4

  11. The Correct Answers 1. –> Not specified – NA – 25 percent 2. –> Yes – lines 32-33, 78-79, 81-83, 74 – 97 percent 3. –> No – lines 112-122 – 25 percent 4. –> Yes – lines 103-106 – 87 percent 5. –> Yes – lines 113-122 - 75 percent 6. –> Not specified – (lines 159-156) – 46 percent 7. –> Not specified – (lines 143-144) – 41 percent 4

  12. The Correct Answers 1. –> Not specified – NA – 25 percent 2. –> Yes – lines 32-33, 78-79, 81-83, 74 – 97 percent 3. –> No – lines 112-122 – 25 percent 4. –> Yes – lines 103-106 – 87 percent 5. –> Yes – lines 113-122 - 75 percent 6. –> Not specified – (lines 159-156) – 46 percent 7. –> Not specified – (lines 143-144) – 41 percent 8. –> Not specified – NA – 37 percent 4

  13. The Correct Answers 1. –> Not specified – NA – 25 percent 2. –> Yes – lines 32-33, 78-79, 81-83, 74 – 97 percent 3. –> No – lines 112-122 – 25 percent 4. –> Yes – lines 103-106 – 87 percent 5. –> Yes – lines 113-122 - 75 percent 6. –> Not specified – (lines 159-156) – 46 percent 7. –> Not specified – (lines 143-144) – 41 percent 8. –> Not specified – NA – 37 percent 9. –> Yes – lines 159-166 – 75 percent 4

  14. The Correct Answers 1. –> Not specified – NA – 25 percent 2. –> Yes – lines 32-33, 78-79, 81-83, 74 – 97 percent 3. –> No – lines 112-122 – 25 percent 4. –> Yes – lines 103-106 – 87 percent 5. –> Yes – lines 113-122 - 75 percent 6. –> Not specified – (lines 159-156) – 46 percent 7. –> Not specified – (lines 143-144) – 41 percent 8. –> Not specified – NA – 37 percent 9. –> Yes – lines 159-166 – 75 percent 10. –> Not specified –NA – 26 percent 4

  15. Understanding ‘Consent’

  16. Understanding consent • What is consent? • Voluntary agreement to a proposal • Contract Act, 1872 • agreement to the same thing in the same sense • “free consent” - no fraud, misrepresentation, coercion, undue influence, mistake. • Consent can be express or implied • Why is consent important? • Forms the basis for collection and processing of personal data in many jurisdictions • Rooted in the normative value of individual autonomy that is the cornerstone of modern liberal democracies 5

  17. Privacy as Control • Consent –> Enables individuals to control their information / identities • Per Sanjay Kishan Kaul in Puttaswamy (2017) - “Every individual should have a right to be able to exercise control over his/her own life and image as portrayed to the world and to control commercial use of his/her identity. This also means that an individual may be permitted to prevent others from using his image, name and other aspects of his/her personal life and identity for commercial purposes without his/her consent.” 6

  18. The problem with consent Growing concern that consent is broken • People don’t read privacy policies • Consent fatigue • Unrealistic to expect assessment of downstream use and transfer of data. • Complex privacy harms (such as discrimination) are difficult to foresee • Choices are often binary - opt-in or opt-out 7

  19. Disclosures in Privacy Policies: Does Notice and Consent Work?

  20. Objective • Is consent broken because of the way policies are currently designed? 8

  21. Objective • Is consent broken because of the way policies are currently designed? • What are we evaluating? • Accessibility and quality of privacy policies (pre GDPR version) of 5 online services 1. WhatsApp 2. Google 3. Uber 4. Flipkart 5. Paytm • Survey to assess intelligibility - how much do users typically understand of what they sign up for? 8

  22. Analysing privacy policies

  23. Criteria for assessment • Access to privacy policies: • Number of clicks to access : The further embedded a policy is, more time and patience it requires. • Length of the policy : Longer the policy, the more challenging it may be to read. • Number of (Indian) languages the policy is available in : Less than a quarter of Indians speak English as their first language. • Readability : Flesch-Kincaid reading level tests • Language : Ambiguous or vague terminology • Visual presentation: use of highlights, section notes etc. • Substantive content of the policy: Clear and specific provisions on accepted privacy principles. 9

  24. Access to the policies (1) (2) (3) (4) (5) Service No. of clicks Length Language Readability Pages (A4) Words Reading ease Uber 2 11 3,355 Eng. 16.44 WhatsApp 2 10 3,352 Eng. 36.56 Google 1 9 2,890 Eng., Ind. 18.30 Flipkart 1 5 1,767 Eng. 41.03 Paytm 3 3 819 Eng. 20.55 • At least 1-3 clicks away. • Indian policies are shorter - but perhaps because they cover fewer issues. • Only Google provides the privacy policy in Indian languages • Reading ease translates to college or university level. • Require reasonably advanced comprehension 10

  25. Visual presentation • Multiple sections with headings in bold font (Uber, Google, WhatsApp) • Notes to summarise each section making it easier to understand at a glance (Uber) • Additional pop-ups when a user moves the cursor (Google) • Separate overview page (Uber) • Click-throughs for more information (Uber, Google) 11

  26. Ambiguous terminology • Policies do not have a “definitions” section (except for Google) - terms are undefined, or users have to locate them elsewhere. • “We do not retain your messages in the ordinary course of providing our services to you” • “We do not share data with third parties but may share with affiliates” • “We collect device specific information when you install, access, or use our Services. This includes information such as hardware model, operating system information, browser information....” 12

  27. Ten recognised principles of data privacy 1: Collection 2: Permitted use 3: Sharing with third party 4: Use by affiliated entities 5: Sharing with government 6: Data breach notification 7: Access to own data 8: Data retention 9: Seek clarification 10: Exporting of data 13

  28. Overview of substantive analysis • All policies enable collection of large quantities of personal data. • Various rights considered essential in modern privacy law are not included, relevant information not always provided (eg: data breach notification, data retention, data portability - except google, identity of processor, place where data is processed, etc.) • MNCs provide some information on access and correction rights • Flipkart has the highest number of unspecified issues • All policies have some information on data sharing practices. • No mention of technical tools other than cookies (except for Google) 14

  29. Survey: How much do users understand?

  30. Methodology for the pilot • Target group: • Read and understand English • College education • Familiarity with selected services • Law and non law background 15

  31. Methodology for the pilot • Target group: • Read and understand English • College education • Familiarity with selected services • Law and non law background • Three kinds of questions: 1) Easy; 2) Intermediate; 3) Difficult 15

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Privacy as a Service Raymond Cheng Build practical cloud services that protect user privacy from

Privacy as a Service Raymond Cheng Build practical cloud services that protect user privacy from

Privacy as a Service Raymond Cheng Build practical cloud services that protect user privacy from powerful threats 2 3 Powerful Threats to User Privacy Organized Crime Nation-State Actors 4 Powerful Threats to User Privacy Gather

1.56k views • 104 slides
Anonymity & Privacy Alice Privacy EU directives (e.g. 95/46/EC) to protect privacy.

Anonymity & Privacy Alice Privacy EU directives (e.g. 95/46/EC) to protect privacy.

Anonymity & Privacy Alice Privacy EU directives (e.g. 95/46/EC) to protect privacy. College Bescherming Persoonsgegevens (CBP) What is privacy? Users must be able to determine for themselves when, how, to what extent and

798 views • 45 slides
Disclosures in Privacy Policies: Does notice and consent work? Rishab Bailey, Smriti

Disclosures in Privacy Policies: Does notice and consent work? Rishab Bailey, Smriti

Disclosures in Privacy Policies: Does notice and consent work? Rishab Bailey, Smriti Parsheera, Faiza Rahman and Renuka Sane National Institute of Public Finance and Policy Supported by the Omidyar Network What is consent? Law

770 views • 17 slides
Presentation Outline Consent a Key Principle in PHIPA General Consent Provisions of

Presentation Outline Consent a Key Principle in PHIPA General Consent Provisions of

Consent Requirements Under the Personal Health Information Protection Act Debra Grant Debra Grant Office of the Information and Privacy Commissioner of Ontario EHIL Webinar May 11, 2011 Presentation Outline Consent a Key Principle in

520 views • 14 slides
Privacy Policy This privacy policy sets out how the Talking Slides Ltd websites use and protect

Privacy Policy This privacy policy sets out how the Talking Slides Ltd websites use and protect

Privacy Policy This privacy policy sets out how the Talking Slides Ltd websites use and protect any information that you provide when you use this website. Talking Slides Ltd is committed to ensuring that your privacy is protected. Should we ask

164 views • 4 slides
The X-ray Correlation Spectroscopy Instrument at LCLS Aymeric Robert XCS Instrument @ LCLS

The X-ray Correlation Spectroscopy Instrument at LCLS Aymeric Robert XCS Instrument @ LCLS

The X-ray Correlation Spectroscopy Instrument at LCLS Aymeric Robert XCS Instrument @ LCLS Aymeric ROBERT 1 1 MID Instrument @ E-XFEL workshop aymeric@slac.stanford.edu The XCS Team C. Caronna S. Lee XCS Group User Support and Science

575 views • 28 slides
Guarding user Privacy with Federated Learning and Differential Privacy Brendan McMahan

Guarding user Privacy with Federated Learning and Differential Privacy Brendan McMahan

Guarding user Privacy with Federated Learning and Differential Privacy Brendan McMahan mcmahan@google.com DIMACS/Northeast Big Data Hub Workshop on Overcoming Barriers to Data Sharing including Privacy and Fairness 2017.10.24 Our Goal Imbue

956 views • 70 slides
User privacy Vicen c Torra February, 2018 SAIL + PICS, School of Informatics, University of

User privacy Vicen c Torra February, 2018 SAIL + PICS, School of Informatics, University of

User privacy Vicen c Torra February, 2018 SAIL + PICS, School of Informatics, University of Sk ovde, Sweden Outline Outline 1. User privacy 1 / 25 Outline User privacy 2 / 25 DP > Dimensions Outline Data Privacy Classification

836 views • 37 slides
Patient Information, Consent and Privacy Protection Scheme for an Information System Dedicated

Patient Information, Consent and Privacy Protection Scheme for an Information System Dedicated

Patient Information, Consent and Privacy Protection Scheme for an Information System Dedicated to Pervasive Developmental Disorders Mohamed BEN SAID a, 1, , Laurence ROBEL b, Claude MESSIAEN a, Yann CRAUS b, Jean Philippe JAIS a , Bernard

410 views • 17 slides
Beyond the Pile of Knobs: Usability and Design for Privacy, Security, Safety & Consent

Beyond the Pile of Knobs: Usability and Design for Privacy, Security, Safety & Consent

Beyond the Pile of Knobs: Usability and Design for Privacy, Security, Safety & Consent Georgia Bullen // @georgiamoon Executive Director Simply Secure FOSDEM // 2 February 2020 Everyone deserves technology they can trust. Simply Secure

437 views • 28 slides
Privacy user interfaces for eye-tracking Sren Preibusch 20 November 2014 @ W3C Workshop on

Privacy user interfaces for eye-tracking Sren Preibusch 20 November 2014 @ W3C Workshop on

Privacy user interfaces for eye-tracking Sren Preibusch 20 November 2014 @ W3C Workshop on Privacy and User-Centric Controls How eye-tracking works Tobii Time-stamped gaze data plus semantics www.evocinsights.com Opportunities and

350 views • 9 slides
Should Go Hand in Hand with Privacy-Consequence Information: The Case of Smartphone Apps W3C

Should Go Hand in Hand with Privacy-Consequence Information: The Case of Smartphone Apps W3C

User Control Mechanisms for Privacy Protection Should Go Hand in Hand with Privacy-Consequence Information: The Case of Smartphone Apps W3C Workshop on Privacy and User Centric Controls 20 21 November 2014, Berlin, Germany Dipl.-Inf.

829 views • 15 slides
Decentralizing Privacy: Using Blockchain to Protect Personal Data Guy Zyskind , Oz Nathan,

Decentralizing Privacy: Using Blockchain to Protect Personal Data Guy Zyskind , Oz Nathan,

Decentralizing Privacy: Using Blockchain to Protect Personal Data Guy Zyskind , Oz Nathan, Alex Sandy Pentland Guy Zyskind Decentralizing Privacy: 2 Using Blockchain to Protect Personal Data The problem of

738 views • 29 slides
Data Privacy for IEEE Volunteer Data Managers 2 Overview Changes in Data Privacy IEEE

Data Privacy for IEEE Volunteer Data Managers 2 Overview Changes in Data Privacy IEEE

Data Privacy for IEEE Volunteer Data Managers 2 Overview Changes in Data Privacy IEEE Privacy Policy Terms & Conditions and Subscriptions Consent Structure and Preferences Meetings, Conferences, and Events

926 views • 36 slides
Should I Protect You? Understanding Developers Behavior to Privacy-Preserving APIs Shubham

Should I Protect You? Understanding Developers Behavior to Privacy-Preserving APIs Shubham

Should I Protect You? Understanding Developers Behavior to Privacy-Preserving APIs Shubham Jain and Janne Lindqvist Department of Electrical and Computer Engineering Rutgers University Workshop on Usable Security (USEC14) February 23,

230 views • 21 slides
How ( not ) to protect genomic data privacy in a distributed network: using trail re - identi fi

How ( not ) to protect genomic data privacy in a distributed network: using trail re - identi fi

How ( not ) to protect genomic data privacy in a distributed network: using trail re - identi fi cation to evaluate and design anonymity protection systems Bradley Malin and Latanya Sweeney, Carnegie Mellon University Journal of Biomedical

381 views • 20 slides
Transmission Reliability Standards Jim Gallaugher on behalf of the Southern Group of Generators

Transmission Reliability Standards Jim Gallaugher on behalf of the Southern Group of Generators

Transmission Reliability Standards Jim Gallaugher on behalf of the Southern Group of Generators Reliability Panel Public Forum, 30 April 2008 1 The I ssues W hat constitutes a nationally consistent fram ew ork? W hat are suitable

291 views • 17 slides
AN OVERVIEW Understanding the basics of accreditation Understanding the role of the

AN OVERVIEW Understanding the basics of accreditation Understanding the role of the

AN OVERVIEW Understanding the basics of accreditation Understanding the role of the institutions board in the accreditation process Discussion of current issues (institutional and national) in higher education today National

265 views • 25 slides
Cepsa H1 2020 Results July 30 th , 2020 Disclaimer This presentation has been prepared by

Cepsa H1 2020 Results July 30 th , 2020 Disclaimer This presentation has been prepared by

Cepsa H1 2020 Results July 30 th , 2020 Disclaimer This presentation has been prepared by Compaa Espaola de Petrleos, S.A. (the Company) solely for information purposes and may contain forward-looking statements and information

865 views • 20 slides
National Core Indicators Sarah Taub Webinar Series: Guardianship July 23, 2019 Sarah Taub

National Core Indicators Sarah Taub Webinar Series: Guardianship July 23, 2019 Sarah Taub

National Core Indicators Sarah Taub Webinar Series: Guardianship July 23, 2019 Sarah Taub Sarah Taub was the National Core Indicators Director until 2013 when her life what cut short by an aggressive cancer. Her sense of mission and

204 views • 17 slides
LAW OF CONTRACT (PART II) Shanila H. Gunawardena LL.B. (Hons.) (Colombo) Attorney-at-Law, CTA

LAW OF CONTRACT (PART II) Shanila H. Gunawardena LL.B. (Hons.) (Colombo) Attorney-at-Law, CTA

LAW OF CONTRACT (PART II) Shanila H. Gunawardena LL.B. (Hons.) (Colombo) Attorney-at-Law, CTA (CASL) (2) AGREEMENT BETWEEN PARTIES -ACCEPTANCE- Postal Rule of Acceptance (2) AGREEMENT BETWEEN PARTIES -Termination of an Offer- Lapse

697 views • 18 slides
Ethical Dilemmas and Standards Ethical Dilemmas and Standards in Research with Drug Users in

Ethical Dilemmas and Standards Ethical Dilemmas and Standards in Research with Drug Users in

Ethical Dilemmas and Standards Ethical Dilemmas and Standards in Research with Drug Users in Research with Drug Users Center for Center for Interdisciplinary Interdisciplinary Research on Research on AIDS AIDS cira.med.yale.edu

554 views • 26 slides
The Symposium on Scarcity Client and Organizational Comparisons The Studio Loft at Ellie Caulkins

The Symposium on Scarcity Client and Organizational Comparisons The Studio Loft at Ellie Caulkins

The Symposium on Scarcity Client and Organizational Comparisons The Studio Loft at Ellie Caulkins Opera House Denver, Colorado 80202 August 24 th and 25 th , 2016 Frederick Richmond The Center for Applied Management Practices (717) 730-3705

176 views • 15 slides
Welcome to the Commonwealth of Kentucky Neighborhood Stabilization Program Todays topic:

Welcome to the Commonwealth of Kentucky Neighborhood Stabilization Program Todays topic:

Welcome to the Commonwealth of Kentucky Neighborhood Stabilization Program Todays topic: Verifying Household Eligibility 1 NSP-Verifying Household Eligibility The Neighborhood Stabilization Program establishes annual income

1.15k views • 71 slides

More recommend