The Who, What, and Why: Data Transparency Notices in the UK
AbstractData protection laws require organisations to be transparent about how they use personal data. This article explores the potential of machine-readable privacy notices to address this transparency challenge. We analyse a large source of open data comprised of semi-structured privacy notifications from hundreds of thousands of organisations in the UK, to investigate the reasons for data collection, the types of personal data collected and from whom, and the types of recipients who have access to the data. We analyse three specific sectors in detail; health, finance, and data brokerage. Finally, we draw recommendations for possible future applications of open data to privacy policies and transparency notices.
Beatty, P., Reay, I., Dick, S., & Miller, J. (2007). P3P Adoption on E-Commerce Web sites, (April), 65–71.
Berners-lee, T. (2004). Semantic Web Road map Machine-Understandable information : Semantic, (September 1998), 1–10.
Bonneau, J., & Preibusch, S. (2010). The Privacy Jungle: On the Market for Data Protection in Social Networks. Economics of Information Security and
Privacy, 121–167. doi:10.1007/978-1-4419-6967-5_8
Bradwell, P. (2010). Private Lives: A People’s Enquiry into Personal Information. Retrieved from http://www.demos.co.uk/publications/privatelives
Brockdorff, N., & Appleby-arnold, S. (2011). CONSENT: What Consumers think.
Byers, S., Cranor, L. F., Kormann, D., Ave, P., & Park, F. (n.d.). Automated Analysis of P3P-Enabled Web Sites.
Cranor, L. F. (2012). NECESSARY BUT NOT SUFFICIENT : STANDARDIZED MECHANISMS FOR PRIVACY NOTICE AND CHOICE, 273–307.
Cranor, L. F. (2013). P3P Original Idea behind P3P.
Cranor, L. F., Egelman, S., & Sheng, S. (2008). P3P Deployment on Websites P3P Deployment on Websites.
Cranor, L. F., Idouchi, K., Leon, P. G., Sleeper, M., & Ur, B. (2013). Are They Actually Any Different ? Comparing Thousands of Financial Institutions ’ Privacy Practices. The Twelfth Workshop on the Economics of Information Se- Curity (WEIS 2013) , June 11–12, 2013, Washington, DC.
Culnan, M. J. (2000). Protecting Privacy Online: Is Self-Regulation Working? Journal of Public Policy & Marketing, 19(1), 20–26. doi:10.1509/jppm.18.104.22.16844
Egelman, S., Tsai, J., Acquisti, A., & Cranor, L. F. (n.d.). Studying the Impact of Privacy Information on Online Purchase Decisions, 1–4.
Federal Trade Commission. (2013). FTC Testifies on Data Brokers Before Senate Committee on Commerce, Science and Transportation. Retrieved from http://www.ftc.gov/news-events/press-releases/2013/12/ftc-testifies-data-brokers-senate-committee-commerce-science
Gandon, F. L. (2003). Semantic web technologies to reconcile privacy and context awareness.
Gutwirth, S., & DeHert, P. (2006). Privacy, Data Protection and Law Enforcement. Opacity of the Individual and Transparency of Power.
Greenleaf, G. (2012). Global Data Privacy in A Networked World, in Brown, I. (ed) Research Handbook on Governance of the Internet Cheltenham:
Kelley, P. G., Cesca, L., Bresee, J., & Cranor, L. F. (2009). Standardizing Privacy Notices : An Online Study of the Nutrition Label Approach
Leon, P. G., Cranor, L. F., Mcdonald, A. M., & Mcguire, R. (2010). Token Attempt : The Misrepresentation of Website Privacy Policies through the Misuse of P3P Compact Policy Tokens
McDonald, A., & Cranor, L. (2008). Cost of Reading Privacy Policies, The. ISJLP, 0389, 1–22. Retrieved from http://heinonlinebackup.com/hol-cgi-bin/get_pdf.cgi?handle=hein.journals/isjlpsoc4§ion=27
Milne, G. R., & Culnan, M. J. (2002). Using the Content of Online Privacy Notices to Inform Public Policy: A Longitudinal Analysis of the 1998-2001 U.S. Web Surveys. The Information Society, 18(5), 345–359. doi:10.1080/01972240290108168
Narayanan, A., & Shmatikov, V. (2007). Robust De-anonymization of Large Datasets ( How to Break Anonymity of the Netflix Prize Dataset ).
National Telecommunications and Information Administration (NTIA). (2013). SHORT FORM NOTICE CODE OF CONDUCT TO PROMOTE TRANSPARENCY.
OECD. OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data (1980). Retrieved from http://www.oecd.org/document/18/0,3343,en_2649_34255_1815186_1_1_1_1,00.html
Ohm, P. (2010). Broken promises of privacy: Responding to the surprising failure of anonymization. UCLA Law Review.
Schwartz, A. (2009). Looking back at P3P: lessons for the future, (November). Retrieved from https://www.cdt.info/files/pdfs/P3P_Retro_Final_0.pdf
Tsai, J. Y., Egelman, S., Cranor, L., & Acquisti, A. (2010). The Effect of Online Privacy Information on Purchasing Behavior: An Experimental Study. Information Systems Research, 22(2), 254–268. doi:10.1287/isre.1090.0260
U.S. White House Office of Management and Budget. (1983). The President’s Annual Report on the Agencies’ Implementation of the Privacy Act of 1974 (p. at 118 (Dec. 4, 1985).).
United States Government Accountability Office. (2013). INFORMATION RESELLERS Consumer Privacy Framework Needs to Reflect Changes in Technology and the Marketplace Consumer Privacy Framework Needs to Reflect, (September).
Vimercati, G., Paraboschi, S., & Pedrini, E. (2009). Primelife policy language. Retrieved from http://spdp.di.unimi.it/papers/w3c_wsacas_2009_02.pdf
Wellcome Trust. (2013). Summary Report of Qualitative Research into Public Attitudes to Personal Data and Linking Personal Data. Retrieved from http://www.wellcome.ac.uk/stellent/groups/corporatesite/@msh_grants/documents/web_document/wtp053205.pdf
Authors submitting a paper to JOAL automatically agree to confer a limited license to JOAL if and when the manuscript is accepted for publication. This license allows JOAL to publish a manuscript in a given issue, by any means, anywhere in the world. Authors whose submissions have been accepted then have a choice of:
- Dedicating the article to the public domain. This allows anyone to make any use of the article at any time, including commercial use. A good way to do this is to use the Creative Commons Public Domain Dedication Web form; see http://creativecommons.org/license/publicdomain-2?lang=en.
- Retaining some rights while allowing some use. For example, authors may decide to disallow commercial use without permission. Authors may also decide whether to allow users to make modifications (e.g.translations, adaptations) without permission. A good way to make these choices is to use a Creative Commons license.
- Go to http://creativecommons.org/license/.
- Choose and select license. Choose "generic" if you are in the U.S. and "text" for JOAL articles.
- What to do next — you can then e–mail the license html code to yourself. Do this, and then forward that e–mail to JOAL’s editors. Put your name in the subject line of the e–mail with your name and article title in the e–mail.
- Retaining full rights, including translation and reproduction rights. Authors may use the statement: © Author 2013 All Rights Reserved. Authors may choose to use their own wording to reserve copyright. If you choose to retain full copyright, please add your copyright statement to the end of the article.