EnCoRe header  
 

EnCoRe News July 2010

To access the hyperlinked material, read this newsletter online at www.tinyurl.com/2alwnbv

  
   
    Scroll through this issue or click to find the following...    
     
    Control over your personal data: who, how much, why?       Consent and revocation in context of Biobanking       EnCoRe's technical deliverables       Publication: Revoking consent: A ‘blind spot’ in data protection law?    
 
  Tags   Event   EnCoRe suggestions  
  tags  

Control over your personal data: who, how much, why?

Privacy
On June 29, the EnCoRe project held a press event at the LSE to demonstrate its prototype system that aims to turn off the deluge of personal data that floods the internet and threatens people's security and identity. EnCoRe also presented the legal, social and business process research that led to this prototype. The event was followed by a public panel discussion on the questions Control of Your Personal Data: who, how much, why?"		  

Erasing David


ErasingDavidLogo
Erasing David is a documentary and an experiment which attempts to answer the dilemma: nothing to fear = nothing to hide?

More information and the link to the video, available on the documentary website.		  
  rule       rule  
 

Contact

To contact us, read about the project, get to know the participants and download papers and deliverables, visit the EnCoRe website: www.encore-project.info


We are Twittering, Follow us!
   At present, people have no way of controlling how their personal information is used or ensuring that it is deleted, when requested, from databases. Often such details are handed to third parties, making the control of personal data even harder.

EnCoRe aims to create solutions to the increasing problems caused by the uncontrolled flow of personal data and to to develop technology and systems that allow individuals to control their data, while at the same time being  as easy and intuitive to use as turning a tap on or off.

The first EnCoRe technical system comprises a set of privacy-enhancing technologies, such as policy-driven privacy-aware access control and obligation management, within an overall technical architecture. This has been derived from studies of the personal data management requirements of ordinary people, business processes and the law. 		  

Events

International Data Sharing Conference

20 - 22 September 2010, St Hugh's College, Oxford

The conference will bring together a wide range of voices to discuss and think more deeply about the technological, legal, ethical, and social challenges raised by research data sharing.

More information and details are available on the Conference website. 		 
  rule

Subscribe and unsubscribe

To subscribe or unsubscribe, send an email to encore-newsletter-owner@lists.hpl.hp.com

Your email address will be stored securely and used only for distribution of this newsletter.

The EnCoRe website Privacy Policy is available on the website.		   Pete Bramhall of Hewlett-Packard, the project co-ordinator, said: 'The successful construction of this first prototype of the EnCoRe system marks the conclusion of our first Case Study, and we now plan to enhance and extend the social science and technology research with two more Case Studies over the next 18 months.'

The briefing was followed by a public panel discussion, Control of Your Personal Data: who, how much, why? The panel comprised Bob Ayers, David Bond, Caspar Bowden, Robert Carolina, and the Earl of Erroll. The discussion was moderated by Gus Hosein and examined the issues that EnCoRe is addressing.		   rule  
      The discussion was followed by a number of questions from the public who asked about issues related to control of personal data, privacy and consent. Social network sites, especially Facebook and LinkedIn, have raised many concerns about their privacy regulations and people’s attitude in disclosing and sharing personal data without any appropriate consideration of individuals’ digital footprint. The discussion also considered specific sensitive topics, like private data in healthcare and government and the central role of trust. The discussion and comments also underlined that whilst many see privacy as an individual responsibility, the competencies and the full awareness of such a responsibility still needs to be acquired.


Links to blog entries and articles arising from the press event and panel discussion:
      
     

rule ORB logo

Consent and revocation in the context of Biobanking


EnCoRe and the Oxford Radcliffe Biobank (ORB) have agreed to collaborate on EnCoRe's second Case Study. ORB is a resource of tissue and blood samples, donated by patients for use in medical research, which provides a simple and efficient way to collect and store samples according to regulatory requirements, and ensures fair access to them for research studies. Increasingly, the data associated with the samples is of high research value, and yet protecting the privacy of the donors, by respecting the limitations of their consents for data and sample use, is  essential. This Case Study will cover a rather different set of scenarios, stakeholders and use cases from those of our first Case Study, and the technical design considerations will also differ.		      
      rule

EnCoRe technical deliverable

EnCoRe published its first Technical Architecture - which was also its first public deliverable - on the project website in early February 2010. The architecture resulted from the project's first Case Study, which investigated an enhanced employee data management scenario. This covered both some basic employee data management use cases (e.g., joining an enterprise, being promoted, changes to roles and privileges, etc.), that are usual considerations of an enterprise's identity management system, and others that arise when an enterprise uses Web2.0 technologies for some of its business processes and makes them available to employees for their private use.

Such a scenario raises interesting questions of expressing, enforcing and managing the consents that data subjects (in this case, employees) give to provide the basis for control of the lifecycle of their personal data, including access to these by applications and services that are internal and external to the enterprise. The prototype implementation of the project's first Technical Architecture demonstrates EnCoRe's approach to addressing these.

The deliverable is available for download.

      
      rule

Publication


 Revoking consent: A ‘blind spot’ in data protection law?


Curren L. & Kaye J.,Computer Law & Security Review, Vol 26, Issue 3, May 2010, Pages 273-283.

The flow of personal data throughout the public and private sectors is  central to the functioning of modern society. The processing of these data is, however, increasingly being viewed as a major concern, particularly in light of many recent high profile data losses. It is generally assumed that individuals have a right to withdraw, or revoke, their consent to the processing of their personal data by others; however this may not be straight forward in practice, or addressed adequately by the law.
Examination of the creation of data protection legislation in Europe and the UK, and its relationship with human rights law, suggests that such a general right to withdraw consent was assumed to be inbuilt, despite the lack of express provisions in both the European Data Protection Directive and UK Data Protection Act. In this article we highlight potential shortcomings in the provisions that most closely relate to this right in the UK Act. These raise questions as to the extent of meaningful rights of revocation, and thus rights of informational privacy, afforded to individuals in a democratic society.

The article is available for download at ScienceDirect or from the authors. 		     
      rule      
    The EnCoRe Project receives funding from the UK Government's Technology Strategy Board, Economic and Social Research Council and Engineering and Physical Sciences Research Council.