The Who, What, and Why: Data Transparency Notices in the UK

Reuben Binns, David Millard, Lisa Harris

Abstract


Data protection laws require organisations to be transparent about how they use personal data. This article explores the potential of machine-readable privacy notices to address this transparency challenge. We analyse a large source of open data comprised of semi-structured privacy notifications from hundreds of thousands of organisations in the UK, to investigate the reasons for data collection, the types of personal data collected and from whom, and the types of recipients who have access to the data. We analyse three specific sectors in detail; health, finance, and data brokerage. Finally, we draw recommendations for possible future applications of open data to privacy policies and transparency notices.

Keywords


open data; transparency; privacy; semantic web

References


Beatty, P., Reay, I., Dick, S., & Miller, J. (2007). P3P Adoption on E-Commerce Web sites, (April), 65–71.

Berners-lee, T. (2004). Semantic Web Road map Machine-Understandable information : Semantic, (September 1998), 1–10.

Bonneau, J., & Preibusch, S. (2010). The Privacy Jungle: On the Market for Data Protection in Social Networks. Economics of Information Security and

Privacy, 121–167. doi:10.1007/978-1-4419-6967-5_8

Bradwell, P. (2010). Private Lives: A People’s Enquiry into Personal Information. Retrieved from http://www.demos.co.uk/publications/privatelives

Brockdorff, N., & Appleby-arnold, S. (2011). CONSENT: What Consumers think.

Byers, S., Cranor, L. F., Kormann, D., Ave, P., & Park, F. (n.d.). Automated Analysis of P3P-Enabled Web Sites.

Cranor, L. F. (2012). NECESSARY BUT NOT SUFFICIENT : STANDARDIZED MECHANISMS FOR PRIVACY NOTICE AND CHOICE, 273–307.

Cranor, L. F. (2013). P3P Original Idea behind P3P.

Cranor, L. F., Egelman, S., & Sheng, S. (2008). P3P Deployment on Websites P3P Deployment on Websites.

Cranor, L. F., Idouchi, K., Leon, P. G., Sleeper, M., & Ur, B. (2013). Are They Actually Any Different ? Comparing Thousands of Financial Institutions ’ Privacy Practices. The Twelfth Workshop on the Economics of Information Se- Curity (WEIS 2013) , June 11–12, 2013, Washington, DC.

Culnan, M. J. (2000). Protecting Privacy Online: Is Self-Regulation Working? Journal of Public Policy & Marketing, 19(1), 20–26. doi:10.1509/jppm.19.1.20.16944

Egelman, S., Tsai, J., Acquisti, A., & Cranor, L. F. (n.d.). Studying the Impact of Privacy Information on Online Purchase Decisions, 1–4.

Federal Trade Commission. (2013). FTC Testifies on Data Brokers Before Senate Committee on Commerce, Science and Transportation. Retrieved from http://www.ftc.gov/news-events/press-releases/2013/12/ftc-testifies-data-brokers-senate-committee-commerce-science

Gandon, F. L. (2003). Semantic web technologies to reconcile privacy and context awareness.

Gutwirth, S., & DeHert, P. (2006). Privacy, Data Protection and Law Enforcement. Opacity of the Individual and Transparency of Power.

Greenleaf, G. (2012). Global Data Privacy in A Networked World, in Brown, I. (ed) Research Handbook on Governance of the Internet Cheltenham:

Edward Elgar

Kelley, P. G., Cesca, L., Bresee, J., & Cranor, L. F. (2009). Standardizing Privacy Notices : An Online Study of the Nutrition Label Approach

Leon, P. G., Cranor, L. F., Mcdonald, A. M., & Mcguire, R. (2010). Token Attempt : The Misrepresentation of Website Privacy Policies through the Misuse of P3P Compact Policy Tokens

McDonald, A., & Cranor, L. (2008). Cost of Reading Privacy Policies, The. ISJLP, 0389, 1–22. Retrieved from http://heinonlinebackup.com/hol-cgi-bin/get_pdf.cgi?handle=hein.journals/isjlpsoc4&section=27

Milne, G. R., & Culnan, M. J. (2002). Using the Content of Online Privacy Notices to Inform Public Policy: A Longitudinal Analysis of the 1998-2001 U.S. Web Surveys. The Information Society, 18(5), 345–359. doi:10.1080/01972240290108168

Narayanan, A., & Shmatikov, V. (2007). Robust De-anonymization of Large Datasets ( How to Break Anonymity of the Netflix Prize Dataset ).

National Telecommunications and Information Administration (NTIA). (2013). SHORT FORM NOTICE CODE OF CONDUCT TO PROMOTE TRANSPARENCY.

OECD. OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data (1980). Retrieved from http://www.oecd.org/document/18/0,3343,en_2649_34255_1815186_1_1_1_1,00.html

Ohm, P. (2010). Broken promises of privacy: Responding to the surprising failure of anonymization. UCLA Law Review.

Schwartz, A. (2009). Looking back at P3P: lessons for the future, (November). Retrieved from https://www.cdt.info/files/pdfs/P3P_Retro_Final_0.pdf

Tsai, J. Y., Egelman, S., Cranor, L., & Acquisti, A. (2010). The Effect of Online Privacy Information on Purchasing Behavior: An Experimental Study. Information Systems Research, 22(2), 254–268. doi:10.1287/isre.1090.0260

U.S. White House Office of Management and Budget. (1983). The President’s Annual Report on the Agencies’ Implementation of the Privacy Act of 1974 (p. at 118 (Dec. 4, 1985).).

United States Government Accountability Office. (2013). INFORMATION RESELLERS Consumer Privacy Framework Needs to Reflect Changes in Technology and the Marketplace Consumer Privacy Framework Needs to Reflect, (September).

Vimercati, G., Paraboschi, S., & Pedrini, E. (2009). Primelife policy language. Retrieved from http://spdp.di.unimi.it/papers/w3c_wsacas_2009_02.pdf

Wellcome Trust. (2013). Summary Report of Qualitative Research into Public Attitudes to Personal Data and Linking Personal Data. Retrieved from http://www.wellcome.ac.uk/stellent/groups/corporatesite/@msh_grants/documents/web_document/wtp053205.pdf


Full Text: PDF

Refbacks

  • There are currently no refbacks.




Creative Commons License
This work is licensed under a Creative Commons Attribution 3.0 License.