News about personal data breaches or data abusive practices, such as Cambridge Analytica, has questioned the trustworthiness of certain actors in the control of personal data. Innovations in the field of personal information management systems to address this issue have regained traction in recent years, also coinciding with the emergence of new decentralized technologies. However, only with ethically and legally responsible developments will the mistakes of the past be avoided. This contribution explores how current data management schemes are insufficient to (...) adequately safeguard data subjects, and in particular, it focuses on making these data flows transparent to provide an adequate level of accountability. To showcase this, and with the goal of enhancing transparency to foster trust, this paper investigates solutions for standardizing machine-readable policies to express personal data processing activities and their application to decentralized personal data stores as an example of ethical, legal, and technical responsible innovation in this field. (shrink)

Personal Information Management Systems (PIMS) aim to facilitate the sharing of personal information and protect privacy. Efforts to enhance privacy management, aligned with established privacy policies, have led to guidelines for integrating transparent notices and meaningful choices within these systems. Although discussions have revolved around the design of privacy-friendly systems that comply with legal requirements, there has been relatively limited philosophical discourse on incorporating the value of privacy into these systems. Exploring the connection between privacy and personal autonomy illuminates the (...) instrumental value of privacy and highlights the importance of intentionally embedding the value of privacy into these systems. To translate the value of privacy into concrete design requirements, this study constructs a values hierarchy consisting of values, norms, and design requirements. After analyzing the relationships between privacy and autonomy and identifying norms, the design requirements translated from the norms associated with the components of personal autonomy are specified at the lowest layer. These requirements include a design to prevent unauthorized access and dark patterns and to provide effective and efficient notices and choices. The findings contribute to expanding the requirements for designing the aspect of privacy as a legal requirement to incorporate the value of privacy into systems. (shrink)

This research explores how a person with whom information has been shared and, importantly, an artificial intelligence (AI) system used to deduce information from the shared data contribute to making the disclosure context private. The study posits that private contexts are constituted by the interactions of individuals in the social context of intersubjectivity based on trust. Hence, to make the context private, the person who is the trustee (i.e., with whom information has been shared) must fulfil trust norms. According to (...) the commitment account of trustworthiness, a person is trustworthy only if they satisfy the norm of competence. It is argued that a person using an AI system to answer a question is competent only if they are ex post justified in believing what has been delivered by the AI system. A person’s belief is justified in the doxastic sense only if the AI system is accurate. This feature of AI’s performance affects a person’s competence and, as a result, trustworthiness. The effect of AI on trust as an essential component of making the context private, and thus on privacy, means an AI system also impacts privacy. Therefore, a private context is constituted when the individual with whom the information is shared fulfils the competence norm and the AI system used for analysing the information is sufficiently accurate to adhere to this norm. The result of this research emphasises the significance of the relationship between individuals involved in information-sharing and how an AI system used for analysing that information impacts the relationship regarding making the context private, as well as how it impacts privacy. The findings of this research have significant implications for improving or ameliorating privacy regulations in light of trust. (shrink)

Digital data help data scientists and epidemiologists track and predict outbreaks of disease. Mobile phone GPS data, social media data, or other forms of information updates such as the progress of epidemics are used by epidemiologists to recognize disease spread among specific groups of people. Targeting groups as potential carriers of a disease, rather than addressing individuals as patients, risks causing harm to groups. While there are rules and obligations at the level of the individual, we have to reach a (...) stage in the development of data analytics where groups are protected as entities. This chapter offers a deeper examination of harms to the groups. (shrink)

An issue about the privacy of the clustered groups designed by algorithms arises when attempts are made to access certain pieces of information about those groups that would likely be used to harm them. Therefore, limitations must be imposed regarding accessing such information about clustered groups. In the discourse on group privacy, it is argued that the right to privacy of such groups should be recognised to respect group privacy, protecting clustered groups against discrimination. According to this viewpoint, this right (...) places a duty on others, for example, private companies, institutions, and governments, to refrain from accessing such information. To defend the idea that the right to privacy should be recognised for clustered groups, at least two requirements must be satisfied. First, clustered group privacy must be conceived of as either a collective good or a participatory good. Since these forms of good are of the type from which no member of a group can be excluded from benefiting, the right to them is defined as a group right. Second, there must be group interests on which to base a group right. Group interests can be either the interests of those members that are a result of their being in the group or the interests of the group as a whole that transcend the interests of its members. However, this paper argues that clustered group privacy cannot be conceived of as either a collective or a participatory good because it is possible for some individuals to be excluded from benefiting from it. Furthermore, due to the lack of awareness among individuals that they are members of a clustered group and the nature of a clustered group itself, such groups cannot have the group interests necessary to establish a group right. Hence, the group right to privacy cannot be recognised for these groups, implying that the group right cannot be considered a means to protect clustered groups against discrimination. Instead, this paper suggests that moral principles need to be articulated within an ethics of vulnerability to identify the moral obligations of protecting vulnerable clustered groups. The duty owed to the vulnerable should involve refraining from accessing certain information about clustered groups in specific contexts. This duty is not engendered by the right to privacy of such groups; it is the duty owed to the vulnerable. The findings highlight the need to articulate moral principles regarding privacy and data protection to protect clustered groups in contexts in which accessing information about them could constitute a reason for discriminatory targeting. (shrink)

In this paper, it is argued that, when properly revised in the face of counter-examples, the source control and actual access views of privacy are extensionally equivalent but different in their underlying rationales. In this sense, the source control view and the actual access view, when properly modified to meet counter-examples, can be metaphorically compared to ‘climbing the same mountain but from different sides’ (as Parfit [1] has argued about normative theories). These two views can equally apply to the privacy (...) debates and, thus, resolve a long-standing debate in the literature. (shrink)