GDPR - Island in the Net

Sunday Paper, Rucksack, Magazine, Camera, Pocket Watch, Notebook, Leather, Range Finder Camera, Camera, Ruck

Sunday Paper - Facebook, GDPR and Ireland, Racism, Brazilian Coffee, Mommy Blogging, Public Transportation and Princeton and the New York City Gateway Tunnel Project, New York City Commuter Tax

Posted on 5th May 201920th May 2019 by Khürt

Unexceptional Racism by Drew Downs (Drew Downs)

At the root of American identity is an impossible paradox. A truth we wish could coexist so much, we would take up arms to defend it.
We want to be exceptional and equal at the same time. But we can’t. It’s impossible.

Sunday Paper is my personal collage of long-form articles, between 1,000 and 20,000 words, that I have saved during the weekend, that I found interesting and which I think require deep slow thinking. I think they are best read on a Sunday morning as a sort of personal Sunday newspaper. The pastor's writing is a…

Forgetting personal data and revoking consent under the GDPR: Challenges and proposed solutions

Posted on 19th January 2019 by Khürt

Forgetting personal data and revoking consent under the GDPR: Challenges and proposed solutions by an author (Oxford Academic, Journal of Cybersecurity, Volume 4, Issue 1, 1 January 2018)

The notion of consent revocation, or withdrawal, has also been brought into light recently, with many to argue for a right to revoke consent and for a more user friendly and personalized consent mechanism [71–72]. Indeed, when individuals’ are given the opportunity to grant consent to the use of their personal information as a primary mean for exercising their autonomy and to protect their privacy, it should be logical to exist a corresponding option to withdraw or revoke that consent, or to make subsequent changes to that consent [73, 18]. The principle of consent withdrawal within the Human Computer Interaction (HCI) context has been studied in many ethical research projects, with Benford et al. in [74] to underline that in many cases it may be difficult to fully withdraw in practice because the issue of balancing consent, withdrawal and privacy is a very demanding managed task. Whitley in [18] argues further that, since the revocation of consent can mean a variety of different things depending on the circumstances and constitutive purposes that the data are being held for, it is helpful to differentiate between revoking “the right to hold” personal data and revoking “the right to use” personal data for particular purposes. Revoking the right to hold might be implemented by marking a particular record as no longer “being live” or may require the deletion of records and, in extreme cases, it might require deleting data from backups and physically grinding the hard disks. In addition, providing auditable, privacy friendly proof of compliance when and how the revocation has been achieved is a challenge both technologically and legally [18]. For instance, the advancements towards privacy-enabled networks and infrastructures puzzles some academics [75] who afraid that the same mechanisms have been put in place to protect the privacy of data (like de-identification) may actually make it very difficult to trace and remove individual derived data in order to allow participants to withdraw completely their consent and be forgotten. In such situations, as Kaye [75] underscores, it may be only possible to prohibit the entry of new information and samples into the system. Apart from these practical difficulties, there are also economic and public-good arguments for disallowing absolute withdrawal. For instance, in the bio-banking field complete withdrawal could lead to the wastage of resources invested in bio-repositories [75–76] whereas the practice of archiving qualitative research data for substantive secondary analysis can be significantly challenged under the revocation mechanism for withdrawing consent [77]. Due to these immense consequences, many academics and legal experts questioning the concept of consent withdrawal.