The Who, What, and Why: Data Transparency Notices in the UK

Authors

  • Reuben Binns University of Southampton
  • David Millard University of Southampton
  • Lisa Harris University of Southampton

Keywords:

open data, transparency, privacy, semantic web

Abstract

Data protection laws require organisations to be transparent about how they use personal data. This article explores the potential of machine-readable privacy notices to address this transparency challenge. We analyse a large source of open data comprised of semi-structured privacy notifications from hundreds of thousands of organisations in the UK, to investigate the reasons for data collection, the types of personal data collected and from whom, and the types of recipients who have access to the data. We analyse three specific sectors in detail; health, finance, and data brokerage. Finally, we draw recommendations for possible future applications of open data to privacy policies and transparency notices.

Author Biographies

  • Reuben Binns, University of Southampton
    PhD Researcher
    Web Science Institute, Department of Electronics and Computer Science / Faculty of Business and Law.
  • David Millard, University of Southampton

    Senior Lecturer of Computer and Web Science, Department of Electronics and Computer Science

  • Lisa Harris, University of Southampton
    Web Science Institute and Digital Marketing, Faculty of Business and Law, University of Southampton

References

Beatty, P., Reay, I., Dick, S., & Miller, J. (2007). P3P Adoption on E-Commerce Web sites, (April), 65–71.

Berners-lee, T. (2004). Semantic Web Road map Machine-Understandable information : Semantic, (September 1998), 1–10.

Bonneau, J., & Preibusch, S. (2010). The Privacy Jungle: On the Market for Data Protection in Social Networks. Economics of Information Security and

Privacy, 121–167. doi:10.1007/978-1-4419-6967-5_8

Bradwell, P. (2010). Private Lives: A People’s Enquiry into Personal Information. Retrieved from http://www.demos.co.uk/publications/privatelives

Brockdorff, N., & Appleby-arnold, S. (2011). CONSENT: What Consumers think.

Byers, S., Cranor, L. F., Kormann, D., Ave, P., & Park, F. (n.d.). Automated Analysis of P3P-Enabled Web Sites.

Cranor, L. F. (2012). NECESSARY BUT NOT SUFFICIENT : STANDARDIZED MECHANISMS FOR PRIVACY NOTICE AND CHOICE, 273–307.

Cranor, L. F. (2013). P3P Original Idea behind P3P.

Cranor, L. F., Egelman, S., & Sheng, S. (2008). P3P Deployment on Websites P3P Deployment on Websites.

Cranor, L. F., Idouchi, K., Leon, P. G., Sleeper, M., & Ur, B. (2013). Are They Actually Any Different ? Comparing Thousands of Financial Institutions ’ Privacy Practices. The Twelfth Workshop on the Economics of Information Se- Curity (WEIS 2013) , June 11–12, 2013, Washington, DC.

Culnan, M. J. (2000). Protecting Privacy Online: Is Self-Regulation Working? Journal of Public Policy & Marketing, 19(1), 20–26. doi:10.1509/jppm.19.1.20.16944

Egelman, S., Tsai, J., Acquisti, A., & Cranor, L. F. (n.d.). Studying the Impact of Privacy Information on Online Purchase Decisions, 1–4.

Federal Trade Commission. (2013). FTC Testifies on Data Brokers Before Senate Committee on Commerce, Science and Transportation. Retrieved from http://www.ftc.gov/news-events/press-releases/2013/12/ftc-testifies-data-brokers-senate-committee-commerce-science

Gandon, F. L. (2003). Semantic web technologies to reconcile privacy and context awareness.

Gutwirth, S., & DeHert, P. (2006). Privacy, Data Protection and Law Enforcement. Opacity of the Individual and Transparency of Power.

Greenleaf, G. (2012). Global Data Privacy in A Networked World, in Brown, I. (ed) Research Handbook on Governance of the Internet Cheltenham:

Edward Elgar

Kelley, P. G., Cesca, L., Bresee, J., & Cranor, L. F. (2009). Standardizing Privacy Notices : An Online Study of the Nutrition Label Approach

Leon, P. G., Cranor, L. F., Mcdonald, A. M., & Mcguire, R. (2010). Token Attempt : The Misrepresentation of Website Privacy Policies through the Misuse of P3P Compact Policy Tokens

McDonald, A., & Cranor, L. (2008). Cost of Reading Privacy Policies, The. ISJLP, 0389, 1–22. Retrieved from http://heinonlinebackup.com/hol-cgi-bin/get_pdf.cgi?handle=hein.journals/isjlpsoc4&section=27

Milne, G. R., & Culnan, M. J. (2002). Using the Content of Online Privacy Notices to Inform Public Policy: A Longitudinal Analysis of the 1998-2001 U.S. Web Surveys. The Information Society, 18(5), 345–359. doi:10.1080/01972240290108168

Narayanan, A., & Shmatikov, V. (2007). Robust De-anonymization of Large Datasets ( How to Break Anonymity of the Netflix Prize Dataset ).

National Telecommunications and Information Administration (NTIA). (2013). SHORT FORM NOTICE CODE OF CONDUCT TO PROMOTE TRANSPARENCY.

OECD. OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data (1980). Retrieved from http://www.oecd.org/document/18/0,3343,en_2649_34255_1815186_1_1_1_1,00.html

Ohm, P. (2010). Broken promises of privacy: Responding to the surprising failure of anonymization. UCLA Law Review.

Schwartz, A. (2009). Looking back at P3P: lessons for the future, (November). Retrieved from https://www.cdt.info/files/pdfs/P3P_Retro_Final_0.pdf

Tsai, J. Y., Egelman, S., Cranor, L., & Acquisti, A. (2010). The Effect of Online Privacy Information on Purchasing Behavior: An Experimental Study. Information Systems Research, 22(2), 254–268. doi:10.1287/isre.1090.0260

U.S. White House Office of Management and Budget. (1983). The President’s Annual Report on the Agencies’ Implementation of the Privacy Act of 1974 (p. at 118 (Dec. 4, 1985).).

United States Government Accountability Office. (2013). INFORMATION RESELLERS Consumer Privacy Framework Needs to Reflect Changes in Technology and the Marketplace Consumer Privacy Framework Needs to Reflect, (September).

Vimercati, G., Paraboschi, S., & Pedrini, E. (2009). Primelife policy language. Retrieved from http://spdp.di.unimi.it/papers/w3c_wsacas_2009_02.pdf

Wellcome Trust. (2013). Summary Report of Qualitative Research into Public Attitudes to Personal Data and Linking Personal Data. Retrieved from http://www.wellcome.ac.uk/stellent/groups/corporatesite/@msh_grants/documents/web_document/wtp053205.pdf

Downloads

Published

2015-03-22

Issue

Vol. 3 No. 1 (2015)

Section

Free and open access to legal information in the digital age

License

Copyright Agreement with Authors

Authors submitting a paper to JOAL automatically agree to confer a limited license to JOAL if and when the manuscript is accepted for publication. This license allows JOAL to publish a manuscript in a given issue, by any means, anywhere in the world. Authors whose submissions have been accepted then have a choice of:

  1. Dedicating the article to the public domain. This allows anyone to make any use of the article at any time, including commercial use. A good way to do this is to use the Creative Commons Public Domain Dedication Web form; see http://creativecommons.org/license/publicdomain-2?lang=en.
  2. Retaining some rights while allowing some use. For example, authors may decide to disallow commercial use without permission. Authors may also decide whether to allow users to make modifications (e.g.translations, adaptations) without permission. A good way to make these choices is to use a Creative Commons license.
    • Go to http://creativecommons.org/license/.
    • Choose and select license. Choose "generic" if you are in the U.S. and "text" for JOAL articles.
    • What to do next — you can then e–mail the license html code to yourself. Do this, and then forward that e–mail to JOAL’s editors. Put your name in the subject line of the e–mail with your name and article title in the e–mail.
    Background information about Creative Commons licenses can be found at http://creativecommons.org/about/licenses/.
  3. Retaining full rights, including translation and reproduction rights. Authors may use the statement:  © Author 2013 All Rights Reserved. Authors may choose to use their own wording to reserve copyright. If you choose to retain full copyright, please add your copyright statement to the end of the article.