Hello Dear Reader,
After finishing a course on Data Privacy offered at Bilkent University, and observing the lack of study notes on the Internet, I decided to post my own notes to help prospective students. There are 11 modules in total, and I am planning to publish a new module every 10-15 days.
So... Stay tuned & I hope you enjoy it!
Disclaimer: These notes are taken for the CS577 Data Privacy course offered by Dr. Erman Ayday in the 2021/2022 Fall Semester at Bilkent University.
When Dostoevsky said, "I swear to you, gentlemen, that to be overly conscious is a sickness, a real thorough sickness." [1], perhaps most would agree with him. Especially in the era of big data, the conscious does not refer to a single individual but society altogether, and wired connections among computers become the neural connections of this enormous artificial intelligence. As the consciousness of society grows, the individual's privacy is threatened more [2]. Because, today every communication leaves an electronic trace, and almost every subject-to-subject and subject-to-object interaction is constantly recorded, stored, and analyzed. Parties who continue to store and analyze this data tend to claim that adequate anonymization can protect one's privacy. While anonymization enables us to research without violating the privacy rights of individuals, and it is required, it is hardly sufficient in practical cases as adversaries were able to re-identify individuals in examples that occurred in previous years.
One way to regulate the data analysis and usage is purpose limitation. It is one of the principles that create the basis of laws on data privacy. This principle states that collected data can only be collected and used for a specific purpose that is clearly defined and communicated to the subject. Then, the data subjects have to give their consent. However, even if the data collector, such as the cloud storage provider, acts as an honest party and uses the data for its stated purpose in the consent, it cannot guarantee that its system will not be attacked or malfunction. Therefore, privacy protection must be integrated into the products and services. The data collectors should develop privacy-preserving services and products and abide by privacy protection in their organizational policies.
Nowadays, social networks are potentially the greatest part of society's consciousness. They enable millions of users to interact, creating a vast data pool. As they are usually free to join, it is interesting how these companies survive while providing their services for free. These companies collect all the interactions and traffic in their network to create user profiles. With their vast collection, they try to uncover patterns about their users so that these user profiles become their assets to sell for targeted advertising. Profiling algorithms is one of the biggest threats to individuals' privacy. As these companies cross borders with their international user capacity, the issues on privacy become hard to control and may even require international negotiations. When dealing with such sensitive cases, the practice of law in the international area with various bilateral and multilateral agreements should be done cautiously to prevent any paradoxical situations.
[1] F. Dostoevsky, Notes from the underground, and the gambler. OUP Oxford, 1999.
[2] An introduction to data protection. [Online]. Available: https://edri.org/files/paper06_datap.pdf.
Comments