Collection of latest research, publications and reports on privacy, data protection and cybersecurity.
Beyond Explainability: A Practical Guide to Managing Risk in Machine Learning Models
This short white paper aims to provide a template for effectively managing this risk in practice, with the goal of providing lawyers, compliance personnel, data scientists, and engineers a framework to safely create, deploy, and maintain ML, and to enable effective communication between these distinct organizational perspectives. The ultimate aim of this paper is to enable data science and compliance teams to create better, more accurate, and more compliant ML models
Travel Guide to the Digital World: Data Protection For Human Rights Defenders
The aim of this guide is to equip human rights defenders with the information they need to be able to engage with, advocate to, and inform policymakers on data protection.
The Case for Accountability: How it Enables Effective Data Protection and Trust in the Digital Society
This paper seeks to explain the following issues:
- The concept of organisational accountability and how it is reflected in the GDPR;
- The essential elements of accountability and how the requirements of the GDPR (and of other normative frameworks) map to these elements;
- Global acceptance and adoption of accountability;
- How organisations can implement accountability (including by and between controllers and processors) through comprehensive internal privacy programs that implement external rules or the organisation’s own data protection policies and goals, or through verified or certified accountability mechanisms, such as Binding Corporate Rules (BCR), APEC Cross-Border Privacy Rules (CBPR), APEC Privacy Recognition for Processors (PRP), other seals and certifications, including future GDPR certifications and codes of conduct; and
- The benefits that accountability can deliver to each stakeholder group.
GDPR National Legislation Survey
This year, as of 25 May 2018, the EU General Data Protection Regulation (GDPR) applies directly in all EU Member States. The GDPR contains 50+ so-called opening clauses allowing EU Member States to put national data protection laws in place to supplement the GDPR. This survey provides an overview of the current legislative activities in terms of national data protection laws supplementing the GDPR of 27 of the 28 EU Member States (Cyprus is excluded).
The ethical matters raised by algorithms and artificial intelligence
This report is the result of a public debate organised by the French Data Protection Authority (CNIL). Between January and October 2017, 60 partners (associations, businesses, government departments, trade unions, etc.) held 45 events across France with a view to identifying the ethical concerns raised by algorithms and artificial intelligence, as well as possible solutions for addressing them.
Legal Aspects of Cloud Computing: Cloud Security
After the bow wave of GDPR readiness legal work in the run up to 25 May 2018, IT lawyers may be forgiven for thinking that the biggest change is now behind them. But the truth is that GDPR heralds rather than ends a period of change in IT law and regulation as business transforms through the adoption at scale of new technology. Nowhere is this more clearly shown than in the legal aspects of the rapidly developing area of cloud security.
Data Transfer Project Overview and Fundamentals
The Data Transfer Project (DTP) extends data portability beyond a user’s ability to download a copy of their data from their service provider (“provider”), to providing the user the ability to initiate a direct transfer of their data into and out of any participating provider.
The Data Transfer Project is an open source initiative to encourage participation of as many providers as possible. The DTP will enhance the data portability ecosystem by reducing the infrastructure burden on both providers and users, which should in turn increase the number of services offering portability. The protocols and methodology of the DTP enable direct, service-to-service data transfer with streamlined engineering work.
Project Report: “Library Values & Privacy in our National Digital Strategies: Field guides, Convenings, and Conversations.”
A series of gatherings were held throughout 2017-2018 that brought together library practitioners, privacy advocates, and technology experts to discuss and debate a national roadmap for a digital privacy strategy for libraries. The culminating event — the Library Values and Privacy Summit — was held in New York City bringing together privacy experts from within and outside libraries and sparked discussions on key privacy-related issues and possible paths forward.