Mostrar registro simples

Selling your soul while negotiating the conditions: from notice and consent to data control by design

dc.contributor.authorBelli, Luca
dc.contributor.authorSchwartz, Molly
dc.contributor.authorLouzada, Luiza
dc.date.accessioned2018-10-25T18:24:15Z
dc.date.available2018-10-25T18:24:15Z
dc.date.issued2017
dc.identifierhttps://www.scopus.com/inward/record.uri?eid=2-s2.0-85039049938&doi=10.1007%2fs12553-017-0185-3&partnerID=40&md5=3cf33efd6e7c88a8b7f37a4926082a0e
dc.identifier.issn2190-7188
dc.identifier.urihttp://hdl.handle.net/10438/25532
dc.description.abstractThis article claims that the Notice and Consent (N&C) approach is not efficient to protect the privacy of personal data. On the contrary, N&C could be seen as a license to freely exploit the individual’s personal data. For this reason, legislators and regulators around the world have been advocating for different and more efficient safeguards, notably through the implementation of the Privacy by Design (PbD) concept, which is predicated on the assumption that privacy cannot be assured solely by compliance with regulatory frameworks. In this sense, PbD affirms that privacy should become a key concern for developers and organisations alike, thus permeating new products and services as well as the organisational modi operandi. Through this paper, we aim at uncovering evidences of the inefficiency of the N&C approach, as well as the possibility to further enhance PbD, in order to provide the individual with increased control on her personal data. The paper aims at shifting the focus of the discussion from “take it or leave it” contracts to concrete solutions aimed at empowering individuals. As such, we are putting forth the Data Control by Design (DCD) concept, which we see as an essential complement to N&C and PbD approaches advocated by data-protection regulators. The technical mechanisms that would enable DCD are currently available (for example, User Managed Access (UMA) v1.0.1 Core Protocol). We, therefore, argue that data protection frameworks should foster the adoption of DCD mechanisms in conjunction with PbD approaches, and privacy protections should be designed in a way that allows every individual to utilise interoperable DCD tools to efficiently manage the privacy of her personal data. After having scrutinised the N&C, PbD and DCD approaches we discuss the specificities of health and genetic data, and the role of DCD in this context, stressing that the sensitivity of genetic and health data requires special scrutiny from regulators and developers alike. In conclusion, we argue that concrete solutions allowing for DCD already exist and that policy makers should join efforts together with other stakeholders to foster the concrete adoption of the DCD approach. © 2017, IUPESM and Springer-Verlag Berlin Heidelberg.eng
dc.language.isoeng
dc.publisherSpringer Verlag
dc.relation.ispartofseriesHealth and Technology
dc.sourceScopus
dc.subjectData control By designeng
dc.subjectData protectioneng
dc.subjectHealth dataeng
dc.subjectNotice and consenteng
dc.subjectPrivacy by designeng
dc.subjectArticleeng
dc.subjectEmpowermenteng
dc.subjectGeneticseng
dc.subjectHealtheng
dc.subjectHumaneng
dc.subjectInformation processingeng
dc.subjectInformed consenteng
dc.subjectPatient informationeng
dc.subjectPrivacyeng
dc.titleSelling your soul while negotiating the conditions: from notice and consent to data control by designeng
dc.typeArticle (Journal/Review)eng
dc.contributor.unidadefgvEscolas::DIREITO RIOpor
dc.subject.bibliodataPrivacidade de dadospor
dc.contributor.affiliationFGV
dc.identifier.doi10.1007/s12553-017-0185-3
dc.rights.accessRightsrestrictedAccesseng
dc.identifier.scopus2-s2.0-85039049938


Arquivos deste item

Thumbnail
Nome:
2-s2.0-85039049938.pdf
Tamanho:
548.8Kb
Formato:
application/pdf
Visualizar/Abrir 

Este item aparece na(s) seguinte(s) coleção(s)

Mostrar registro simples