No full-text available
To read the full-text of this research,
you can request a copy directly from the authors.
A Conceptualization of Accountability as a Privacy Principle
Abstract
While accountability is increasingly discussed as a privacy principle, it is far from clear how to achieve privacy protection through accountability. Moreover, it is even unclear how to define accountability in this context. This paper provides a conceptualization of accountability for the context of privacy protection based upon a review of the literature. The presented literature review aims at identifying a minimal core of accountability for the context of privacy protection to provide a foundation for requirements analysis for accountability-centric privacy protection mechanisms.
... Accountability-centric approaches are currently widely discussed as methods for balancing privacy and efficiency. Privacy by accountability inherently requires a combination of technological and regulatory instruments [177,178]. Respective approaches to privacy build upon audits to determine SNOs' adherence to data protection regulation and agreed-upon polices. A central concept within accountability-centric approaches towards privacy is liability, (i.e., sanctioning providers in the case of noncompliance with regulation and agreed-upon policies). ...
The first concept of privacy was provided by Samuel D. Warren and Louis Brandeis in 1890 as “the right to be left alone”. At that time, the world was more than a century away from people voluntary disclosing information and sharing data on a large scale via the Internet on social networks such as Facebook. Today, the business model of the major social networks contain a thirst for their users’ personal data which threatens user privacy. Information and power asymmetries hinder users from enforcing their privacy preferences. Furthermore, network effects and switching costs tie them to the market leading networks.
The dissertation at hand analyses the topic of privacy in social networks from an information systems and economic research viewpoint. It illustrates privacy factors in the social network environment and examines the related dynamics of user privacy. As such, this thesis analyses whether the status quo of privacy in social networks is economically inefficient or leads to inefficiency, and whether governmental regulation is required. Moreover, existing approaches to solve the privacy challenge in social networks business are assessed and the most promising concepts are emphasized.
Algoritmik ayrımcılık, algoritmaların bir sonucu olarak bireyler veya gruplar tarafından deneyimlenen her türlü farklı muameleyi veya etkiyi ifade etmek için kullanılan bir kavramdır. Hali hazırda mevcut ayrımcılık temellerine dayalı sebeplerle gerçekleşen ayrımcı davranışların yapay zekâ araçları vasıtasıyla daha sistematik, düşük maliyetli ve anlaşılamaz biçimde ortaya çıkması mümkün hale gelmiştir. İşe alım süreçleri de algoritmik ayrımcılık örnekleri ile sıkça karşılaşılan alanlardandır. Bazı hallerde işverenin bilinçli kararlarına dayanabileceği gibi bazı durumlarda işverenin ve hatta yapay zekâ aracını geliştirenin bilgisi dışında ortaya çıkması mümkündür. Gelinen noktada teknolojik gelişmelere karşı durabilmek mümkün olmasa da insan hakları ile uyumlu kullanımını sağlamak gerekmektedir. Yapay zekanın mevcut işlere etkileri düşünüldüğünde, istihdama giriş sürecinde bireyin temel haklarının korunması giderek artan bir önem arz etmektedir. Gerekli tedbirler geliştirilmediği takdirde bireylerin sistematik ayrımcılığa maruz kalması, hatta öjenik anlayışla işçi adaylarının seçimi mümkün olabilecektir. Dijitalleşmenin panaptikonunda bireyin ayrımcılığa uğrama riskini artıran özel nitelikli kişisel verilere erişim hızı ve kolaylığı acil tedbir ihtiyacı doğurmaktadır.
Der wirtschaftliche Wert der Daten lässt die Frage aufkommen, wem die Daten gehören und ob nicht das Eigentum an Daten der Königsweg zum Datenschutz sein könnte? Das Marktprinzip sorgt dabei für die effiziente Nutzung der Daten und zwingt zur Einschätzung der Risiken bei jeder Transaktion. Die Voraussetzungen für die Protektion wären damit gelegt. Das Dilemma von Schutz und Innovation wird jedoch auf anderem Feld vergrößert, da die Zustimmung zur Datennutzung nun durch kommerzielle Interessen geleitet wird. Um das Eigentum zu schützen, genügt das Geheimhaltungsmodell der DSGVO nicht, da damit die „Eigentümer“ die Verwendung ihrer Daten nicht nachvollziehen können und in Folge dessen zwar Innovationen behindern, aber Kompensationen nicht begründet einfordern können. Das Alternativmodell zur DSGVO, die Transparenz der Daten, ist daher sowohl die Vorraussetzung der Kontrolle des Eigentums als auch zur Überwachung der Datenverwendung. Die Transparenz setzt im Eigentumsfalle und bei der Datenverwendung voraus, dass Daten korrekt, vollständig und zeitgerecht präsentiert werden können. Eine solche Garantie ist für TET-Mechanismen nicht erfüllbar, da sie im Gegensatz zu PET-Mechanismen „Multipfad-Technologien“ sind. Die Vollständigkeit kann nur dann bestimmt werden, wenn die Nachfragen nach Daten nachvollzogen werden können und eine sichere Kenntnis des Umfangs der Daten und der angewendeten TET-Mechanismen existiert, damit Nutzer eine informierte Entscheidung zur Akzeptanz des Ergebnisses treffen können. Hierzu wird ein abstrakter Vorschlag vorgestellt. In der Studie zu „GoogleMyAccount (GMA)“ wird eine erhöhte Akzeptanz des Datenschutzes und des Vertrauens in Google durch die Transparenz von GMA festgestellt. Obwohl GMA selbst keinen Beitrag zum Datenschutz leistet, wird sie als glaubwürdiges Instrument für die Protektion der Nutzer und weniger der Daten gesehen. Eine Fallstudie zur Analyse von Bestellprozessen eines mittelständischen Betriebes verdeutlicht zusätzlich die objektiven Wirkungen der Transparenz, wenn Informationsflussanalysen zur Kontrolle von Daten und Prozessen eingesetzt werden.
When considering the use of mobile or wearable health technologies to collect health data, a majority of users state security and privacy of their data is a primary concern. With users being connected 24/7, there is a higher risk today of data theft or the misappropriate use of health data. Furthermore, data ownership is often a misunderstood topic in wearable technology, with many users unaware who owns the data collected by a device, what that data can be used for and who can receive that data. Many countries are reviewing privacy governance in an attempt to clarify data privacy and ownership. But is it too late? This chapter explores the concepts of security and privacy of data from mobile and wearable technology, with specific examples, and the implications for the future.
When considering the use of mobile or wearable health technologies to collect health data, a majority of users state security and privacy of their data is a primary concern. With users being connected 24/7, there is a higher risk today of data theft or the misappropriate use of health data. Furthermore, data ownership is often a misunderstood topic in wearable technology, with many users unaware who owns the data collected by a device, what that data can be used for and who can receive that data. Many countries are reviewing privacy governance in an attempt to clarify data privacy and ownership. But is it too late? This chapter explores the concepts of security and privacy of data from mobile and wearable technology, with specific examples, and the implications for the future.
©2017, IGI Global.When considering the use of mobile or wearable health technologies to collect health data, a majority of users state security and privacy of their data is a primary concern. With users being connected 24/7, there is a higher risk today of data theft or the misappropriate use of health data. Furthermore, data ownership is often a misunderstood topic in wearable technology, with many users unaware who owns the data collected by a device, what that data can be used for and who can receive that data. Many countries are reviewing privacy governance in an attempt to clarify data privacy and ownership. But is it too late? This chapter explores the concepts of security and privacy of data from mobile and wearable technology, with specific examples, and the implications for the future.
Accountability is the ability to provide good reasons in order to explain and to justify actions, decisions and policies for a (hypothetical) forum of persons or organisations. Since decision-makers, both in the private and in the public sphere, increasingly rely on algorithms operating on Big Data for their decision-making, special mechanisms of accountability concerning the making and deployment of algorithms in that setting become gradually more urgent. In the upcoming General Data Protection Regulation, the importance of accountability and closely related concepts, such as transparency, as guiding protection principles, is emphasised. Yet, the accountability mechanisms inherent in the regulation cannot be appropriately applied to algorithms operating on Big Data and their societal impact. First, algorithms are complex. Second, algorithms often operate on a random group level, which may pose additional difficulties when interpreting and articulating the risks of algorithmic decision-making processes. In light of the possible significance of the impact on human beings, the complexities and the broader scope of algorithms in a big data setting call for accountability mechanisms that transcend the mechanisms that are now inherent in the regulation.
Personal data has emerged as a crucial asset of the digital economy. However, unregulated markets for personal data severely threaten consumers’ privacy. Based upon a commodity-centric notion of privacy, this paper takes a principal-agent perspective on data-centric business. Specifically, this paper presents an economic model of the privacy problem in data-centric business, in that drawing from contract theory. Building upon a critical analysis of the model, this paper analyzes how regulatory and technological instruments could balance efficiency of markets for personal data and data-subjects’ right to informational self-determination.
Available at: http://jaatun.no/papers/2014/guidinglights.pdf
In order to be an accountable organisation, Cloud Providers need to commit to being responsible stewards of other people's information. This implies demonstrating both willingness and capacity for such stewardship. This paper outlines the fundamental requirements that must be met by accountable organisations, and sketches what kind of tools, mechanisms and guidelines support this in practice.
We propose a focus on accountability as a mechanism for ensuring security in information systems. To that end, we present a formal definition of it accountability in information systems. Our definition is more general and potentially more widely applicable than the accountability notions that have previously appeared in the security literature. In particular, we treat in a unified manner scenarios in which accountability is enforced automatically and those in which enforcement must be mediated by an authority; similarly, our formalism includes scenarios in which the parties who are held accountable can remain anonymous and those in which they must be identified by the authorities to whom they are accountable. Essential elements of our formalism include event traces and it utility functions and the use of these to define punishment and related notions.
This article can be accessed at http://mjdubnick.dubnick.net/pubsrw/2005/dub2005.html (pw=dubnick)
In an effort to determine the basis for the assumed relationship between accountability and performance that pervades much of contemporary administrative reform efforts, this paper applies a “social mechanisms” approach to elaborate the factors that might be involved in account giving and various forms of administrative performance. This search for mechanisms indicates that the relationship is paradoxical and either spurious or so contingent as to raise
questions regarding administrative reforms based on it. Various theoretical approaches for dealing with the relationship are considered.
Debates about globalization have centered on calls to improve accountability to limit abuses of power in world politics. How should we think about global accountability in the absence of global democracy? Who should hold whom to account and according to what standards? Thinking clearly about these questions requires recognizing a distinction, evident in theories of accountability at the nation-state level, between “participation” and “delegation” models of accountability. The distinction helps to explain why accountability is so problematic at the global level and to clarify alternative possibilities for pragmatic improvements in accountability mechanisms globally. We identify seven types of accountability mechanisms and consider their applicability to states, NGOs, multilateral organizations, multinational corporations, and transgovernmental networks. By disaggregating the problem in this way, we hope to identify opportunities for improving protections against abuses of power at the global level.
The issue of how to provide appropriate privacy protection for cloud computing is important, and as yet unresolved. In this
paper we propose an approach in which procedural and technical solutions are co-designed to demonstrate accountability as
a path forward to resolving jurisdictional privacy and security risks within the cloud.
Attempts to address issues of personal privacy in a world of computerized databases and information networks -- from security technology to data protection regulation to Fourth Amendment law jurisprudence -- typically proceed from the perspective of controlling or preventing access to information. We argue that this perspective has become inadequate and obsolete, overtaken by the ease of sharing and copying data and of aggregating and searching across multiple data bases, to reveal private information from public sources. To replace this obsolete framework, we propose that issues of privacy protection currently viewed in terms of data access be re-conceptualized in terms of data use. From a technology perspective, this requires supplementing legal and technical mechanisms for access control with new mechanisms for transparency and accountability of data use. In this paper, we present a technology infrastructure -- the Policy Aware Web -- that supports transparent and accountable data use on the World Wide Web, and elements of a new legal and regulatory regime that supports privacy through provable accountability to usage rules rather than merely data access restrictions.
The notion of ‘accountability’ is currently fashionable within the community of scholars, regulators, and activists concerned with privacy and data protection. At one level, it has always been a central principle within these laws and policies, and is implicit if not explicit in every attempt to make organisations more responsible for the personal data they collect and process. At one level, there is nothing new.
There have been many innovations in the policy world of information privacy and data protection during the past 40 years. These range from the adoption of principles and guidelines, laws and directives, codes of practice, privacy-enhancing technologies, ‘privacy by design’, binding corporate rules, standard contractual clauses, and perhaps other devices. Some innovations are of long duration, universal, respected, and implemented with varying success, while others are adopted by few and scorned by many, perhaps ultimately to be remembered only as fleeting presences on the fashion catwalks of regulatory history. We can only use informed guesswork about whether privacy is better protected through these measures, because such judgements are not easily amenable to quantification. However, gains can be identified in terms of a growth of awareness, specific regulatory or judicial rulings, and instances of success in limiting or preventing the use of information processing and surveillance technologies and systems that would otherwise have enjoyed free rein with our personal information. Meanwhile, academic discourse develops arguments about the relationship between law and technology, about the role of software ‘code’ in embedding rules in information systems, and about how individual property solutions can be brought to bear upon the situation.
For individual economic activities as well as the economy at large, the role of privacy is determined not only by regulation but also by personalization enabled by the internet. First and foremost, from the point of view of suppliers, privacy incurs costs and no benefits. From a consumer standpoint, the low acceptance of Privacy Enhancing Technologies (PET) suggests that privacy will be an obsolescent model in the near future. The chapter at hand demonstrates, however, that the generated economic value by using personal data can best be protected by control of the usage of data and not solely by its collection. Based upon analyses of empirical usage scenarios in e-commerce and data-centric services like social networks, it is argued that a lack of privacy bears the potential to change both decisions of consumers and service providers and has become a critical factor of sustainability of many internet-based business models. In relation to the use of such services, the privacy paradox and data usage raises four theses which highlight the requirements needed within current PET to avoid information deficits and the need for mechanisms to enable transparency.
Teacher resistance, teacher accommodation, and teacher conformism informed instructional strategies that Mr. Jenkins used to prevent suspension. Mr. Jenkins’s instructional strategies were impacted by his resistance to dominant PBS ideology, accommodation of system constraints related to classroom disruptions and PBS, and conformism to the dominant ideology of teaching and learning culinary arts.
Public accountability is the hallmark of modern democratic governance. Democracy remains a paper procedure if those in power cannot be held accountable in public for their acts and omissions, for their decisions, their policies, and their expenditures. Public accountability, as an institution, therefore, is the complement of public management. As a concept, however, "public accountability" is rather elusive. It is one of those evocative political words that can be used to patch up a rambling argument, to evoke an image of trustworthiness, fidelity, and justice, or to hold critics at bay. Historically, the concept of accountability is closely related to accounting. In fact, it literally comes from bookkeeping. Nowadays, accountability has moved far beyond its bookkeeping origins and has become a symbol for good governance, both in the public and in the private sector.
We argue for the use of Privacy Dashboards as enablers for privacy-enabled data-driven business models. Specifically, while dashboards are succesful instruments in business intelligence tools, their use in privacy protection is far less well-understood. Addressing this problem at the technical level, this paper provides a classification scheme for Privacy Dashboards and elaborates on the current state of the art to draw a research agenda for designing Privacy Dashboards that cater to users' desire of control and businesses' need for data collection and usage.
Presents a formal theoretical framework that clarifies when principals can, and cannot, use delegation to accomplish desired ends. It shows the conditions (having to do with preferences and information) under which agents will act in their principals' interests and how political institutions can alleviate the perils of delegation. Finally, it discusses the implications of its theoretical insights on chains of political delegation.
Identifies three motivations for political delegation (capacity, competence, collective action problems) and discusses agency problems and mechanisms of accountability. An ideal-typical form of parliamentary democracy is introduced to reveal that singularity and indirect delegation are key ingredients of delegation and accountability. Develops a delegation model that reveals more agency loss (policy slippage) in parliamentary democracy than in two versions of presidentialism. Parliamentary democracies use ex ante screening by cohesive political parties to protect against adverse selection. Delegation and accountability make parliamentary democracies more efficient, but frequently less transparent. Identifies the implications of different forms of parliamentarism, such as Westminster parliamentarism, pivotal parliamentarism, and constrained parliamentarism.
Information is a crucial factor in accountability arrangements. In all phases of the accountability process, information has to be gathered, processed and communicated. To gain deeper theory-driven insight, this paper examines, from a multi-theoretical perspective, two phenomena that may impede the exchange of information in the accountability process: Reluctance to disclose information and (deliberate) information overload. The paper uses economic, psychological and sociological theories to analyze reluctance to disclose information and empirical studies that shed light on information overload. The paper concludes with specific propositions to guide future research.
Automated profiling of groups and individuals is a common practice in our information society. The increasing possibilities of data mining significantly enhance the abilities to carry out such profiling. Depending on its application, profiling and data mining may cause particular risks such as discrimination, de-individualisation and information asymmetries. In this article we provide an overview of the risks associated with data mining and the strategies that have been proposed over the years to mitigate these risks. From there we shall examine whether current safeguards that are mainly based on privacy and data protection law (such as data minimisation and data exclusion) are sufficient. Based on these findings we shall suggest alternative policy options and regulatory instruments for dealing with the risks of data mining, integrating ideas from the field of computer science and that of law and ethics.
Accountability is a core concept of public administration, yet disagreement about its meaning is masked by consensus on its importance and desirability. This article proposes a five-part typology of accountability conceptions. Transparency, liability, controllability, responsibility, and responsiveness are defined as distinct dimensions of accountability, providing an improvement on the current state of conceptual fuzziness. The typology provides a vocabulary for the core argument: that conflicting expectations borne of disparate conceptions of accountability undermine organizational effectiveness. This phenomenon—labeled multiple accountabilities disorder—is illustrated with a case study. ICANN, the Internet Corporation for Assigned Names and Numbers, is a nascent organization charged with administering the Domain Name System, the Internet's address directory. In its four-year history, ICANN has been the object of much criticism. Conflicting accountability expectations have been a source of difficulty for ICANN's leaders as they have steered the organization through its early years.
Big data, the authors write, is far more powerful than the analytics of the past. Executives can measure and therefore manage more precisely than ever before. They can make better predictions and smarter decisions. They can target more-effective interventions in areas that so far have been dominated by gut and intuition rather than by data and rigor. The differences between big data and analytics are a matter of volume, velocity, and variety: More data now cross the internet every second than were stored in the entire internet 20 years ago. Nearly real-time information makes it possible for a company to be much more agile than its competitors. And that information can come from social networks, images, sensors, the web, or other unstructured sources. The managerial challenges, however, are very real. Senior decision makers have to learn to ask the right questions and embrace evidence-based decision making. Organizations must hire scientists who can find patterns in very large data sets and translate them into useful business information. IT departments have to work hard to integrate all the relevant internal and external sources of data. The authors offer two success stories to illustrate how companies are using big data: PASSUR Aerospace enables airlines to match their actual and estimated arrival times. Sears Holdings directly analyzes its incoming store data to make promotions much more precise and faster.
The scope and meaning of ‘accountability’ has been extended in a number of directions well beyond its core sense of being called to account for one’s actions. It has been applied to internal aspects of official behaviour, beyond the external focus implied by being called to account; to institutions that control official behaviour other than through calling officials to account; to means of making officials responsive to public wishes other than through calling them to account; and to democratic dialogue between citizens where no one is being called to account. In each case the extension is readily intelligible because it is into an area of activity closely relevant to the practice of core accountability. However, in each case the extension of meaning may be challenged as weakening the importance of external scrutiny
It has been argued that the EU suffers from serious accountability deficits. But how can we establish the existence of accountability deficits? This article tries to get to grips with the appealing but elusive concept of accountability by asking three types of questions. First a conceptual one: what exactly is meant by accountability? In this article the concept of accountability is used in a rather narrow sense: a relationship between an actor and a forum, in which the actor has an obligation to explain and to justify his or her conduct, the forum can pose questions and pass judgement, and the actor may face consequences. The second question is analytical: what types of accountability are involved? A series of dimensions of accountability are discerned that can be used to describe the various accountability relations and arrangements that can be found in the different domains of European governance. The third question is evaluative: how should we assess these accountability arrangements? The article provides three evaluative perspectives: a democratic, a constitutional and a learning perspective. Each of these perspectives may produce different types of accountability deficits.
According to the “standard model” of accountability, holding another actor accountable entails sanctioning that actor if it fails to fulfill its obligations without a justification or excuse. Less powerful actors therefore cannot hold more powerful actors accountable, because they cannot sanction more powerful actors. Because inequality appears unlikely to disappear soon, there is a pressing need for “second-best” forms of accountability: forms that are feasible under conditions of inequality, but deliver as many of the benefits of standard accountability as possible. This article describes a model of second-best accountability that fits this description, which I call “surrogate accountability.” I argue that surrogate accountability can provide some of the benefits of standard accountability, but not others, that it should be evaluated according to different normative criteria than standard accountability, and that, while surrogate accountability has some benefits that standard accountability lacks, it is usually normatively inferior to standard accountability.
This article provides a framework for analyzing privacy in modern societies, defining information privacy and describing three levels that structure the values assigned to privacy. After describing a contemporary privacy baseline (1945–1960), these concepts are applied to social and political privacy developments in three contemporary eras of steadily growing privacy concerns and societal responses across citizen-government, employee-employer, and consumer-business relationships in 1961–1979, 1980–1989, and 1990–2002. Each period is described in terms of new technology applications, changing social climates, and organizational and legal developments. Effects of the 9/11 terrorist attacks on privacy balances are analyzed and predictions for future privacy developments are presented. The relationship of articles in this issue to the author's framework is noted throughout.
Parliamentary democracy has been widely embraced bypoliticians and especially by the scholarly communitybut remains less widely understood. In this essay, Iidentify the institutional features that defineparliamentary democracy and suggest how they can beunderstood as delegation relationships. I proposetwo definitions: one minimal and one maximal (orideal-typical). In the latter sense, parliamentarydemocracy is a particular regime of delegation andaccountability that can be understood with the help ofagency theory, which allows us to identify theconditions under which democratic agency problems mayoccur. Parliamentarism is simple, indirect, andrelies on lessons gradually acquired in the past. Compared to presidentialism, parliamentarism hascertain advantages, such as decisional efficiency andthe inducements it creates toward effort. On theother hand, parliamentarism also implies disadvantagessuch as ineffective accountability and a lack oftransparency, which may cause informationalinefficiencies. And whereas parliamentarism may beparticularly suitable for problems of adverseselection, it is a less certain cure for moral hazard.In contemporary advanced societies, parliamentarism isfacing the challenges of decaying screening devicesand diverted accountabilities
More and more technologies are taking advantage of the explosion of social media (Web search, content recommendation services, marketing, ad targeting, etc.). This paper focuses on the problem of automatically constructing user profiles, which can significantly benefit such technologies. We describe a general and robust machine learning framework for large-scale classification of social media users according to dimensions of interest. We report encouraging experimental results on 3 tasks with different characteristics: political affiliation detection, ethnicity identification and detecting affinity for a particular business.
This chapter aims at reconstructing the meaning of the concept of political accountability as we currently use it. In essence, the author claims that it carries two basic connotations – answerability, the obligation of public officials to inform about and to explain what they are doing, and enforcement, the capacity of accounting agencies to impose sanctions on powerholders who have violated their public duties. This two-dimensional structure of meaning makes the concept a broad and inclusive one which within its wide and loose boundaries embraces (or at least overlaps with) lots of other terms – such as surveillance, monitoring, oversight, control, checks, restraint, public exposure, and punishment – that we employ otherwise to describe efforts at rendering the exercise of power a rule-guided enterprise.
Delegation and its perils In: Delegation and Accountability in Parliamentary Democracies
- A Lupia
Conceptualizing accountability The Self-restraining State: Power and Accountability in New Democracies
- A Schedler
Metrics for Accountability
- D Nuñez
- C Fernandez-Gago
- I Agudo
- A Pannetrat
- J Luna
- S Berthold
- S Pearson
- M Felici
- E Cayirci
- A Taherimonfared
- A Chakravorty
- T W Wlodarczyk