Data Privacy and Security: Some Legal and Ethical Challenges

Sampson, Fraser

doi:10.1007/978-3-030-72120-6_4

Fraser Sampson¹³

Part of the book series: Advanced Sciences and Technologies for Security Applications ((ASTSA))

1094 Accesses

Abstract

The proliferation of accessible data and our growing reliance on it presents a perennial challenge: how to find an appropriate balance between what is technically possible, what is legally permissible and what is societally acceptable [8]. Under the demands of the Covid-19 pandemic this challenge increased significantly—and in the future it will probably become more challenging yet.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 89.00; Price excludes VAT (USA)

Softcover Book: USD 119.99; Price excludes VAT (USA)

Hardcover Book: USD 169.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

1.
6 Council of Europe, Committee of experts on Internet Intermediaries (MSI-NET), 2018 report, p. 11 7 G. Fuster, Artificial Intelligence and Law Enforcement—Impact on Fundamental Rights, Study for the LIBE Committee (European Parliament), 2020, p. 41 8 EU Commission, White Paper on Artificial Intelligence: A European Approach to Excellence and Trust, 2020, 11; ICO says UK police must ‘slow down’ use of facial recognition https://www.computerweekly.com/feature/ICO-says-UK-police-must-slow-down-use-of-facial-recognition, 2019; The Guardian, Met's 'gang matrix' breached data laws, investigation finds, https://www.theguardian.com/uk-news/2018/nov/16/met-police-gang-matrix-breached-data-laws-investigation-finds, 2018; Babuta et al. [1].
2.
Guide on Article 8 of the European Convention on Human rights) https://www.echr.coe.int/documents/guide_art_8_eng.pdf.
3.
Axel Springer AG v Germany Application 39954/08.
4.
See for example the Charter of Fundamental Rights of the European Union https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:12012P/TXT Articles 7 & 8 and the European Convention on Human Rights and Fundamental Freedoms Article 8.
5.
E.g. the Data Protection Act 2018 in the UK.
6.
See for example U.S. Const. Amend IV and the California Privacy Rights Act 2020; The Privacy Act 1988 (Cth) and Privacy & Data Protection Act 2014 (Victoria).
7.
See for example S & Marper Application 30562/04; Digital Rights Ireland & Seitlinger Case C-293/12; Maximillian Schrems v Data Protection Commissioner Ireland (“Schrems I”) Case C-362/14; R (on the application of GC & C) v Commissioner of Police for the Metropolis [2011] UKSC 21; Perry v UK Application 63737/00.
8.
See e.g. The General Data Protection Regulation European Union no. 2016/679.
9.
The storing of which amounts to an interference with subject’s private life under the European Convention on Human Rights, Article 8 (S. and Marper v United Kingdom loc cit.
10.
von Hannover v Germany (no 2) Application 40660/08.
11.
Alkaya v Turkey Application 42811/06.
12.
M.N. & Others v San Marino Application 28005/12.
13.
Benedik v Slovenia Application 62357/14.
14.
The General Data Protection Regulation supra.
15.
GDPR loc cit. Article 30. For a US example see Massachusetts Standards for the Protection of Personal Information of Residents of the Commonwealth (201 CMR 1700).
16.
Huber v. Bundesrepublik Deutschland, Case C-524/06.
17.
See Google Spain SL v Agencia Española de Protección de Datos & Gonzales, Case C-131/12, 13 May 2014.
18.
GDPR loc cit., Article 17(2).
19.
Directive (EU) 2016/680.
20.
Replacing the former Article 29 Data Protection Working Party from 25 May 2018.
21.
2016/1148 of the European Parliament and of the Council of 6 July 2016.
22.
https://www.enisa.europa.eu/topics/wfh-covid19?tab=articles [accessed 9 Sept 2020].
23.
See e.g. World Health Organization Code of Ethics.
24.
E.g. EU Code of Police Ethics, Council of Europe, Committee of Ministers (2001), Recommendation Rec(2001)10 of the Committee of Ministers to Member States on the European Code of Police Ethics, 19 September 2001 and https://www.college.police.uk/What-we-do/Ethics/Documents/Code_of_Ethics.pdf.
25.
IEEE Code of Ethics, Policies, Section 7—Professional Activities, Article 7.8.
26.
E.g. in psychological practise https://www.bps.org.uk/news-and-policy/bps-code-ethics-and-conduct, legal practise https://www.lawsociety.org.uk/topics/ethics.
27.
E.g. in financial services and insurance—https://www.cii.co.uk/about-us/professional-standards/code-of-ethics/.
28.
See World Medical Association https://www.wma.net/policies-post/wma-international-code-of-medical-ethics/.
29.
See Pagallo [6].
30.
15 July 2020 https://en.unesco.org/news/unesco-launches-worldwide-online-public-consultation-ethics-artificial-intelligence accessed 25 July 2020; also https://journalismai.com/2019/05/25/beijing-ai-principles-beijing-academy-of-artificial-intelligence-2019/; European Group on Ethics in Science and New Technologies (EGE) focused in its report “Statement on Artificial Intelligence, Robotics and ‘Autonomous Systems” (2018) Report on “Statement on Artificial Intelligence, Robotics and ‘Autonomous Systems”.
31.
For a graphic example see “A quest for accountability? EU and Member State inquiries into the CIA Rendition and Secret Detention Programme”, Directorate General for Internal Policies, Policy Dept C: Citizens’ Rights and Constitutional Affairs, European Parliament, September 2015.
32.
https://news.sky.com/story/coronavirus-parliament-to-shut-down-tonight-over-covid-19-spread-fears-11963334 [accessed 11 Sept 2020].
33.
For example fines of up to 20 million euros or up to 4% of the total annual total annual turnover of the previous year.
34.
See e.g. https://www.instituteforgovernment.org.uk/explainers/emergency-powers accessed 10 July 2020.
35.
See R (on the application of Hussain) v Secretary of State for Health & Social Care [2020] EWHC 1392; R (on the application of) Dolan & Others v Secretary of State for Health & Social Care; Secretary of State for Education [2020] EWHC 1786 Admin.
36.
Loc cit at 117.
37.
Hussain loc cit at 19.
38.
Bill Gates “The Next Outbreak—We’re Not Ready, TED Talks 2015 https://www.youtube.com/watch?v=6Af6b_wyiwI [accessed 8 Sept 2020].
39.
https://www.itgovernance.eu/blog/en/gdpr-the-implications-of-working-from-home-or-on-the-road accessed 24 July 2020.
40.
See for example Barbelescu v Romania Application 61496/08, Kopke v Germany Application 420/07.
41.
UK v Copland Application 62617/00.
42.
https://ico.org.uk/for-organisations/working-from-home/; http://www.oecd.org/coronavirus/policy-responses/ensuring-data-privacy-as-we-battle-covid-19-36c2f31e/ [accessed 9 Sept 2020].
43.
https://corpgov.law.harvard.edu/2020/09/07/cyber-risk-and-the-corporate-response-to-covid-19/.
44.
Directive 2016/680 Article 2.
45.
https://www.bbc.co.uk/news/uk-england-tees-54071912 PCC resigns with immediate effect [accessed 9 Sept 2020].
46.
https://www.hhs.gov/hipaa/for-professionals/special-topics/emergency-preparedness/notification-enforcement-discretion-telehealth/index.html accessed 23 July 2020.
47.
Responsible for enforcing certain regulations issued under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), as amended by the Health Information Technology for Economic and Clinical Health (HITECH) Act, to protect the privacy and security of protected health information, namely the HIPAA Privacy, Security and Breach Notification Rules (the HIPAA Rules).
48.
https://healthmanagement.org/c/it/news/preparing-it-departments-for-covid-19.
49.
For instance, in the UK under the Civil Contingencies Act 2004 and temporary instruments made thereunder.
50.
https://www.thetimes.co.uk/article/coronavirus-travel-meltdown-is-this-the-end-of-the-summer-holiday-cwn52qg3f [accessed 7 Sept 2020].
51.
See Sampson [7].
52.
Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data.
53.
See for example the Data Protection Act 2018 Part 3.
54.
Maximillian Schrems v Data Protection Commissioner loc cit.
55.
Data Protection Commissioner v Facebook Ireland Ltd. & Maximillian Schrems Case C-311/18 (Schrems II”).
56.
See Dalea v France Application 964/07; Mikalojovà v Slovakia Application 4479/03; Pech v UK 44647/98; Toma v Romania Application 42716/02; Khuzhin & Ors v Russia Application 13470/02; Z v Finland Application 22009/93.
57.
Report of the Public Administration Select Committee 13th session 2013/14 HC 760, The Stationery Office, London; See also Report of Her Majesty’s Inspector of Constabulary the same year http://www.justiceinspectorates.gov.uk/hmic/programmes/crime-data-integrity/.
58.
https://www.theguardian.com/uk-news/2020/jul/19/manchester-colleges-agreed-to-share-data-of-students-referred-to-counter-terror-scheme.
59.
https://www.scotsman.com/news/transport/police-delete-half-billion-records-drivers-plates-1445560 [accessed 9 Sept 2020].
60.
https://www.bbc.co.uk/news/uk-scotland-glasgow-west-53989027 [accessed 9 Sept 2020].
61.
https://www.lawgazette.co.uk/news/police-chiefs-to-replace-disclosure-consent-forms/5105023.article.
62.
https://www.wired.co.uk/article/coronavirus-lockdown-report-neighbours [accessed 9 Sept 2020].
63.
See Sampson and Lyles [9].
64.
https://www.actionfraud.police.uk/alert/coronavirus-related-fraud-reports-increase-by-400-in-march [accessed 9 Sept 2020].
65.
See https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2019/08/statement-live-facial-recognition-technology-in-kings-cross/; https://www.independent.co.uk/news/uk/home-news/london-kings-cross-estate-facial-recognition-a9055101.html both accessed 22 July 2020.
66.
https://www.hopkinsmedicine.org/health/conditions-and-diseases/coronavirus/first-and-second-waves-of-coronavirus [accessed 11 Sept 2020].
67.
https://www.who.int/about/communications/cyber-security.
68.
See https://sec3r.com; also https://securedcommunications.com.
69.
See statement of the Biometrics Commissioner for England and Wales April 2020 https://www.gov.uk/government/news/biometrics-commissioner-statement-on-the-use-of-symptom-tracking-applications, accessed 23 July 2020.
70.
https://www.independent.co.uk/news/uk/politics/boris-johnson-level-exam-u-turn-algorithm-school-reopen-face-masks-a9689546.html; https://www.wired.com/story/an-algorithm-determined-uk-students-grades-chaos-ensued/ [accessed 11 Sept 2020].
71.
https://www.euronews.com/2020/04/29/the-uk-ico-modified-approach-to-data-regulation-during-covid-19-is-welcome-but-risks-view [accessed 11 Sept 2020].
72.
The Corona Virus (Safeguards) Bill 2020 https://osf.io/preprints/lawarxiv/yc6xu/, accessed 23 July 2020.

References

Babuta A, Oswald M, Rinik C (2018) Machine learning algorithms and police decision-making legal, ethical and regulatory challenges. Whitehall Report 3-18, RUSI, p 7
Google Scholar
Bollettino E (2015) In: Meier P (ed) Digital humanitarians. Taylor & Francis Press, Jan 2015
Google Scholar
Emrouznejad A, Charles V (eds) (2019) Big data for the greater good. Springer International Publishing AG, p 2
Google Scholar
Fyfe N, Lennon G, McNeill J, Sampson F (2019) Principles for accountable policing. Final Report of the project for the Scottish Universities Insight Institute, the Police Foundation
Google Scholar
Meier P (2015) Digital humanitarians. Taylor & Francis Press, Jan 2015
Google Scholar
Pagallo U (2018) Apples, oranges, robots: four misunderstandings in today’s debate on the legal status of AI systems. Philos Trans R Soc A 376:20180168 (12 Computer Weekly)
Google Scholar
Sampson F (2016) Whatever you say…the case of the Boston College Tapes and how confidentiality agreements cannot put relevant data beyond the reach of criminal investigation. Polic J Policy Pract 10(3):222–231 (Oxford University Press)
Google Scholar
Sampson F (2020) Digital accountability for LEAs: balancing the legally permissible, the technically possible and the societally acceptable. PhD thesis, Sheffield Hallam University, Sept 2020
Google Scholar
Sampson F, Lyles A (2017) Legal considerations relating to the police use of social media. In: Akhgar B, Staniforth A, Waddington D (eds) Application of social media in crisis management: advanced sciences and technologies for security applications. Springer International Publishing, Switzerland, pp 171–188
Google Scholar

Download references

Author information

Authors and Affiliations

Sheffield, UK
Fraser Sampson

Authors

Fraser Sampson
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Fraser Sampson .

Editor information

Editors and Affiliations

Northumbria University London, London, UK
Hamid Jahankhani
Cyfortis, Worcester Park, Surrey, UK
Stefan Kendzierskyj
CENTRIC, Sheffield Hallam University, Sheffield, UK
Babak Akhgar

Rights and permissions

Reprints and permissions

Copyright information

About this chapter

Cite this chapter

Sampson, F. (2021). Data Privacy and Security: Some Legal and Ethical Challenges. In: Jahankhani, H., Kendzierskyj, S., Akhgar, B. (eds) Information Security Technologies for Controlling Pandemics. Advanced Sciences and Technologies for Security Applications. Springer, Cham. https://doi.org/10.1007/978-3-030-72120-6_4

Download citation

DOI: https://doi.org/10.1007/978-3-030-72120-6_4
Published: 30 July 2021
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-72119-0
Online ISBN: 978-3-030-72120-6
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics