Privacy Risks from Public Data Sources

2009

Abstract We highlight the privacy issues that have arisen from the introduction of the Greek Social Security Number (AMKA), in connection with the availability of personally identifiable information on Greek web sites. In particular, we identify privacy problems with the current AMKA setup and present data from a web study we conducted in May 2009, exposing these problems. Given the anticipated ubiquity of AMKA in Greece in the future, along the lines of the Social Security Number in the US.

Journal of Official Statistics, 2016

In the UK, the transparency agenda is forcing data stewardship organisations to review their dissemination policies and to consider whether to release data that is currently only available to a restricted community of researchers under licence as open data. Here we describe the results of a study providing evidence about the risks of such an approach via a simulated attack on two social survey datasets. This is also the first systematic attempt to simulate a jigsaw identification attack (one using a mashup of multiple data sources) on an anonymised dataset. The information that we draw on is collected from multiple online data sources and purchasable commercial data. The results indicate that such an attack against anonymised end user licence (EUL) datasets, if converted into open datasets, is possible and therefore we would recommend that penetration tests should be factored into any decision to make datasets (that are about people) open.

Proceedings of the 12th International Conference on Theory and Practice of Electronic Governance, 2019

Providing public services through the internet is an effective approach towards an encompassing number of citizens being covered by them and for cost reduction. However, the fast development of this area has fostered discussion and legislation regarding information security and trustworthiness. In addition to security mechanisms for data processed and stored internally, service providers must ensure that data exchanged between their servers and citizens are not intercepted or modified when traversing heterogeneous and uncontrolled networks. Moreover, such institutions should provide means enabling the citizen to verify the authenticity of the services offered. In this way, the present work provides a comprehensive overview regarding the security posture of Portuguese public institutions in their online services. It consists of non-invasive robustness evaluation of the deployed solutions for end-to-end data encryption and the correct use of digital certificates. As a result, we provide some recommendations aiming to enhance the current panorama in the majority of the 111 online services considered in this study.

Communication Policy Research Latin America: Volume XIII, 2019

The increasing adoption of data mining and algorithmic decision-making by government and industry poses significant regulatory challenges in order to avoid the unwanted effects such technologies might entail. This article delves in the way the State operates as an enabler of illegitimate personal data processing and, therefore, may help feed the illegitimate use of algorithmic decision-making. We classify this enabling in three categories 1) The State negligently recollects, stores and process sensitive data from its citizens, which is exposed, leaked or stolen 2) Public agencies make an erroneous balance between transparency and privacy, unnecessarily exposing personal data of their citizens for the sake of transparency, and 3) Through public policy, the State consciously and actively exposes the sensitive data of a person with the aim that the exposure and humiliation serve as punishment. Therefore, not only the regulatory framework must be updated, but institutional practices must be put into question as well

The Hoot, 2017

The absence of a legal framework compelling maximum disclosure by corporations on their use of customer data, is dangerous.

2018

Cyberpolitik Journal, 2022

*By Hristina Crenn *This academic article was published in the Cyberpolitik Journal (2022): http://cyberpolitikjournal.org/index.php/main/article/view/144/125 *The introductory page of this article can be found on the website of the cyberpolitik website: http://cyberpolitikjournal.org/index.php/main/article/view/144 *Abstract: The era of Covid-19 reconstructed the vision of the Balkan region, mainly in the countries of the Western Balkans. The rapid emergence of the virus served as an intentional instrument for the political authorities to commit frequent data breaches. The implementation of the restricted measures in the Balkans reflected the weaknesses and the failures of the health system, the shortage of doctors and nurses, the unpreparedness, the ignorance of the inhabitants and the lack of regional cooperation. The process of gradual relaxation of the measures did provoke a second wave of Covid-19. The corruption of the elections prevented the harmonious process of the rule of law to function properly. The sudden revelation of the names of the patients infected with coronavirus on social media, the organisation of local and national protests during total curfew days, the immediate imposition of heavy fines and the unpreparedness of the security officers has resulted with a total collapse of the state apparatus. The objective to ameliorate the situation was interrupted with the presence of political and health fears in the diverse communities. Key words: Data Breaches, the Balkan region, political abuse of power, human rights violations, health measures.

University of Erfurt - Willy Brandt School of Public Policy, 2019

The paper categorically investigates the latest aspects to the use of data protection rules and regulations in the European Union with an emphasis on Information and communication technology ICT. The paper tries to analyze if data protection laws and ICT supports the measures to counter corruption in EU or does it fail to integrate successfully in the European society. The tools discussed in the paper takes account of legislation, legal aspect and cases from EU law, GDPR, technology industry, media sources and academic articles. The paper also discusses if ICTs can be used to promote a fair share of open source data and while supporting data protection laws in Europe. Based off of various cases from public and private sector it would be investigating how technology can improve measures to counter corruption in EU through open or closed sources. It is important to highlight the extent to which the use of data protection laws, ICT and tools can be used legally to strengthen anti-corruption measures in Europe since the European society continues to rely more on technology these days. It is also important to show how ICTs can be used in the digital age and during the 4th industrial revolution shaping public and private sector for business and communication. Upgrading to reliable technology is one of the most important concerns of researchers and policy makers today. Due to the increasing importance of data protection it is now considered a human right and breaching such rules are considered a serious crime in the EU. Thus, it is important to discuss ways to which data protection can be threatened and/or protected across better outcomes, technical tools, public services, news, big data, artificial intelligence and transparency. With the evolution of technology and its growing use, data protection itself has become a global issue that needs to be addressed and researched in ways it is evolving across many different platforms in the world that the EU considers. This also makes the discussion of data protection in regard to anti-corruption reworkable ways technology has shaped. General Data Protection Regulations, GDPR also evolve their policies and rules systematically according to innovation to address legal issues but these areas also need to be explained in ways it can be misused. Although EU law is considered one of the best laws for technology and data protection in the world, but the laws also have challenges that evolve frequently from industry to industry. To clarify the idea of data protection in Europe, the paper will discuss the scope of GDPR regulations and other articles associated with data protection to suggest what is accepted as legal in terms of the use of data in Europe and what is not accepted and considered a crime. After drawing the comparison through law and regulations as well as the acceptance of seeing data protection as basic human rights while supporting free flow of open source data, the paper concludes through various cases to strengthen claims for the use of data protection policies and the use of ICTs to fight corruption in the EU. Paper will also argue if using these measures may promote transparency and facilitate advocacy of citizen participation that can safely bring ordinary people closer to public and private sector as addressed by the IT specialists today or not. To conclude the use of data protection laws and ICT in this context we have to address how data protection and ICT also open doors for systematic corruption as well, where legal or illegal has not been clearly distinguished for example dark web, cryptocurrencies, digital public services or even data storage to centralized databases are growing industries and are shaping the economy and industries all across Europe but not monitored well. In most cases of European governance, the use and management of data has played a pivotal role. The use of data by various platforms has modified corruption and anti-corruption both within public and private sector. This modified corruption allows public servants to engage in corrupt behavior with impunity, prevent regulatory capture, receive gifts, conflict of interest and lobbying with various sources considered to be questionable. Such practices enable cross sector collaboration among public and private sector and the use of technology that plays both ways. It puts barriers as well as creates new ways to modify corruption. After analyzing cases the paper will try to analyze how and what anti-corruption measures can be taken to improve performance of governments in the EU in a national aspect as well as on European Union’s level. The suggestions can enable decision makers to design stronger policies and take measures to understand the evolution of technology and the 4th industrial revolution that focuses on automation and the use of data. Innovative solutions and discussion on data rights and protection can bring effective implementation of laws and practices to avoid illegal acts. Sharing such cases can expose misconduct in both public and private sector across critical judicial enforcement, media and society itself. The paper intends to trigger such a discussion and highlights areas and cases to address threats surrounding data protection and rights. It is important to understand what data protection means in today's world and if denouncing it as a human right is enough to address the issue. As we dig deeper into the use of ICTs and to cure the abuse of data protection, we see that a support and cooperation of people and government is of key importance. The paper also tries to suggest what measures can be taken or combined to suggest safer working environment in public, private and domestic level that jointly tackles social, political and economic issues. Finally as a conclusion the paper answers complicated arguments like does data protection law impact suitability of ICT for local contexts and needs, cultural backgrounds, local support and skills in using technology? Do ICTs open enable corruption? How the EU deals with data protection laws and the use of ICTs to control or end corruption in EU? And what is the variation between rich countries to poor countries while understanding and implementing these measures? - such questions will also be addressed in the paper for clarity of the arguments made for a rational conclusion.

The protection of personal data was first addressed in the European Community by Directive 95/46/CE. This Directive sought to reconcile personal data protection with the free movement of information in the Internal Market. The processing of personal data in the areas of security policy and police and judicial cooperation was excluded from the Directive"s scope of application. However, in recent times, furthered by the "war on terror", security policies have been reinforced in the European Union (EU), a key feature of these policies being the increased collection, use and exchange of information about individuals. Major electronic databases were set up. Additional measures such as the Data Retention Directive and agreements with the USA on Passenger Name Records (PNR) have also raised concerns about their bearing on fundamental rights and liberties. Remarkably though, the legal framework for the protection of personal data in the field of security is still recognisably...