Addressing Privacy and Data Protection in New Technological Trends

A special issue of Information (ISSN 2078-2489). This special issue belongs to the section "Information Processes".

Deadline for manuscript submissions: closed (31 May 2023) | Viewed by 12471

Special Issue Editors

1. ADAPT SFI Research Centre, D02 FX65 Dublin, Ireland
2. School of Computing, Dublin City University, D09 PX21 Dublin, Ireland
Interests: privacy; data protection; GDPR; semantic web; knowledge and data engineering; regulatory compliance
ADAPT, School of Computer Science, University College Dublin, D02 PN40 Dublin, Ireland
Interests: data governance; AI governance; knowledge graphs; data quality; data value; data privacy
Special Issues, Collections and Topics in MDPI journals
Ontology Engineering Group, Universidad Politécnica de Madrid, 28040 Madrid, Spain
Interests: knowledge and data engineering; linked data; semantic web; knowledge graphs; artificial intelligence and law

Special Issue Information

Dear Colleagues,

Privacy and data protection are important topics for ensuring accountability and responsibility in recent technological advances like machine learning, Internet of Things, and the increasing amounts of data they rely on. Given the scale and pervasiveness of technological trends, governments have increasingly legislated to protect citizens’ rights. In parallel, citizens have become more aware of risks and impacts regarding data protection and privacy, which has led to new challenges for service operators, regulators, and information system architects. Privacy- and data protection-aware information and management systems are important areas of research to both investigate and discover these issues, and to develop effective information-processing solutions for the new regulatory environments. This Special Issue provides an opportunity to present the latest developments in the creation and application of information-based approaches within the domains of privacy and data protection.

This Special Issue seeks novel theoretical or applied research on designing, developing, integrating, testing, and evaluating approaches for systems or approaches regarding personal data processing. In particular, we invite work supporting privacy and data protection principles, regulations, or techniques, including new theories, foundations, vocabularies, tools, and significant case studies of privacy- or data-protection-aware implementations. Such work could be supported by AI approaches, such as knowledge graphs, privacy-preserving techniques, and interdisciplinary research—especially that exploring the intersections of computing and informatics with law, ethics, and psychology. Such proposals should explore making data protection and privacy principles deployable in real-world applications, with reduced costs, and moving towards a more trustworthy, transparent, and accountable world.

Topics of interest include:

  • Algorithmic transparency and accountability methods and tools for data protection or privacy applications;
  • Use of AI techniques, such as ML and NLP, towards implementing privacy and data protection;
  • Data privacy, ethics, and impact assessments;
  • Implementing and verifying regulatory compliance of data and privacy laws (e.g., GDPR);
  • Innovative use of new systems or architectures for a decentralised web, such as SOLID;
  • Novel systems and methodologies for managing personal data while assuring compliance;
  • Policies and their governance for privacy and data protection;
  • Privacy by design in new technologies: lessons learned, design patterns and anti-patterns;
  • Privacy enhancing technologies (PETs);
  • Privacy or data protection-aware findable, accessible, interoperable, and reusable (FAIR) data management;
  • Privacy-preserving machine learning;
  • Risk assessment and governance for privacy and data protection;
  • Standards and standardization relevant to privacy and data protection;
  • Systems and methods for compliance with privacy and data protection regulations;
  • The role of fairness, accountability and trust (FAccT) for privacy and data protection;
  • Trust and transparency for data protection and privacy;
  • Vocabularies, ontologies, and other forms of information resources for data protection and privacy.

Dr. Harshvardhan J. Pandit
Dr. Rob Brennan
Dr. Victor Rodriguez Doncel
Guest Editors

Manuscript Submission Information

Manuscripts should be submitted online at www.mdpi.com by registering and logging in to this website. Once you are registered, click here to go to the submission form. Manuscripts can be submitted until the deadline. All submissions that pass pre-check are peer-reviewed. Accepted papers will be published continuously in the journal (as soon as accepted) and will be listed together on the special issue website. Research articles, review articles as well as short communications are invited. For planned papers, a title and short abstract (about 100 words) can be sent to the Editorial Office for announcement on this website.

Submitted manuscripts should not have been published previously, nor be under consideration for publication elsewhere (except conference proceedings papers). All manuscripts are thoroughly refereed through a single-blind peer-review process. A guide for authors and other relevant information for submission of manuscripts is available on the Instructions for Authors page. Information is an international peer-reviewed open access monthly journal published by MDPI.

Please visit the Instructions for Authors page before submitting a manuscript. The Article Processing Charge (APC) for publication in this open access journal is 1600 CHF (Swiss Francs). Submitted papers should be well formatted and use good English. Authors may use MDPI's English editing service prior to publication or during author revisions.

Keywords

  • data protection
  • information systems
  • privacy
  • semantic web
  • AI techniques
  • IoT
  • decentralised web
  • knowledge graphs

Published Papers (7 papers)

Order results
Result details
Select all
Export citation of selected articles as:

Research

Jump to: Review

33 pages, 1298 KiB  
Article
Is Automated Consent in Solid GDPR-Compliant? An Approach for Obtaining Valid Consent with the Solid Protocol
Information 2023, 14(12), 631; https://doi.org/10.3390/info14120631 - 24 Nov 2023
Viewed by 1164
Abstract
Personal Information Management Systems (PIMS) are acquiring a prominent role in the data economy by promoting services that help individuals to have more control over the processing of their personal data, in line with the European data protection laws. One of the highlighted [...] Read more.
Personal Information Management Systems (PIMS) are acquiring a prominent role in the data economy by promoting services that help individuals to have more control over the processing of their personal data, in line with the European data protection laws. One of the highlighted solutions in this area is Solid, a new protocol that is decentralizing the storage of data, through the usage of interoperable web standards and semantic vocabularies, to empower its users to have more control over the processing of data by agents and applications. However, to fulfill this vision and gather widespread adoption, Solid needs to be aligned with the law governing the processing of personal data in Europe, the main piece of legislation being the General Data Protection Regulation (GDPR). To assist with this process, we analyze the current efforts to introduce a policy layer in the Solid ecosystem, in particular, related to the challenge of obtaining consent for processing personal data, focusing on the GDPR. Furthermore, we investigate if, in the context of using personal data for biomedical research, consent can be expressed in advance, and discuss the conditions for valid consent and how it can be obtained in this decentralized setting, namely through the matching of privacy preferences, set by the user, with requests for data and whether this can signify informed consent. Finally, we discuss the technical challenges of an implementation that caters to the previously identified legal requirements. Full article
(This article belongs to the Special Issue Addressing Privacy and Data Protection in New Technological Trends)
Show Figures

Figure 1

27 pages, 2187 KiB  
Article
A Conceptual Consent Request Framework for Mobile Devices
Information 2023, 14(9), 515; https://doi.org/10.3390/info14090515 - 19 Sep 2023
Viewed by 997
Abstract
The General Data Protection Regulation (GDPR) identifies consent as one of the legal bases for personal data processing and requires that it should be freely given, specific, informed, unambiguous, understandable, and easily revocable. Unfortunately, current technical mechanisms for obtaining consent often do not [...] Read more.
The General Data Protection Regulation (GDPR) identifies consent as one of the legal bases for personal data processing and requires that it should be freely given, specific, informed, unambiguous, understandable, and easily revocable. Unfortunately, current technical mechanisms for obtaining consent often do not comply with these requirements. The conceptual consent request framework for mobile devices that is presented in this paper, addresses this issue by following the GDPR requirements on consent and offering a unified user interface for mobile apps. The proposed conceptual framework is evaluated via the development of a City Explorer app with four consent request approaches (custom, functionality-based, app-based, and usage-based) integrated into it. The evaluation shows that the functionality-based consent, which was integrated into the City Explorer app, achieved the best evaluation results and the highest average system usability scale (SUS) score. The functionality-based consent also scored the highest number of SUS points among the four consent templates when evaluated separately from the app. Additionally, we discuss the framework’s reusability and its integration into other mobile apps of different contexts. Full article
(This article belongs to the Special Issue Addressing Privacy and Data Protection in New Technological Trends)
Show Figures

Figure 1

36 pages, 915 KiB  
Article
Assessing the Solid Protocol in Relation to Security and Privacy Obligations
Information 2023, 14(7), 411; https://doi.org/10.3390/info14070411 - 16 Jul 2023
Cited by 2 | Viewed by 1408
Abstract
The Solid specification aims to empower data subjects by giving them direct access control over their data across multiple applications. As governments are manifesting their interest in this framework for citizen empowerment and e-government services, security and privacy represent pivotal issues to be [...] Read more.
The Solid specification aims to empower data subjects by giving them direct access control over their data across multiple applications. As governments are manifesting their interest in this framework for citizen empowerment and e-government services, security and privacy represent pivotal issues to be addressed. By analysing the relevant legislation, with an emphasis on GDPR and officially approved documents such as codes of conduct and relevant security ISO standards, we formulate the primary security and privacy requirements for such a framework. The legislation places some obligations on pod providers, much like cloud services. However, what is more interesting is that Solid has the potential to support GDPR compliance of Solid apps and data users that connect, via the protocol, to Solid pods containing personal data. A Solid-based healthcare use case is illustrated where identifying such controllers responsible for apps and data users is essential for the system to be deployed. Furthermore, we survey the current Solid protocol specifications regarding how they cover the highlighted requirements, and draw attention to potential gaps between the specifications and requirements. We also point out the contribution of recent academic work presenting novel approaches to increase the security and privacy degree provided by the Solid project. This paper has a twofold contribution to improve user awareness of how Solid can help protect their data and to present possible future research lines on Solid security and privacy enhancements. Full article
(This article belongs to the Special Issue Addressing Privacy and Data Protection in New Technological Trends)
Show Figures

Figure 1

14 pages, 3905 KiB  
Article
Monetary Compensation and Private Information Sharing in Augmented Reality Applications
Information 2023, 14(6), 325; https://doi.org/10.3390/info14060325 - 08 Jun 2023
Viewed by 918
Abstract
This research studied people’s responses to requests that ask for accessing their personal information when using augmented reality (AR) technology. AR is a new technology that superimposes digital information onto the real world, creating a unique user experience. As such, AR is often [...] Read more.
This research studied people’s responses to requests that ask for accessing their personal information when using augmented reality (AR) technology. AR is a new technology that superimposes digital information onto the real world, creating a unique user experience. As such, AR is often associated with the collection and use of personal information, which may lead to significant privacy concerns. To investigate these potential concerns, we adopted an experimental approach and examined people’s actual responses to real-world requests for various types of personal information while using a designated AR application on their personal smartphones. Our results indicate that the majority (57%) of people are willing to share sensitive personal information with an unknown third party without any compensation other than using the application. Moreover, there is variability in the individuals’ willingness to allow access to various kinds of personal information. For example, while 75% of participants were open to granting access to their microphone, only 35% of participants agreed to allow access to their contacts. Lastly, monetary compensation is linked with an increased willingness to share personal information. When no compensation was offered, only 35% of the participants agreed to grant access to their contacts, but when a low compensation was offered, 57.5% of the participants agreed. These findings combine to suggest several practical implications for the development and distribution of AR technologies. Full article
(This article belongs to the Special Issue Addressing Privacy and Data Protection in New Technological Trends)
Show Figures

Figure 1

14 pages, 1237 KiB  
Article
A Jigsaw Puzzle Solver-Based Attack on Image Encryption Using Vision Transformer for Privacy-Preserving DNNs
Information 2023, 14(6), 311; https://doi.org/10.3390/info14060311 - 29 May 2023
Cited by 3 | Viewed by 1458
Abstract
In this paper, we propose a novel attack on image encryption for privacy-preserving deep neural networks (DNNs). Although several encryption schemes have been proposed for privacy-preserving DNNs, existing cipher-text-only attacks (COAs) have succeeded in restoring visual information from encrypted images. Image encryption using [...] Read more.
In this paper, we propose a novel attack on image encryption for privacy-preserving deep neural networks (DNNs). Although several encryption schemes have been proposed for privacy-preserving DNNs, existing cipher-text-only attacks (COAs) have succeeded in restoring visual information from encrypted images. Image encryption using the Vision Transformer (ViT) is known to be robust against existing COAs due to the operations of block scrambling and pixel shuffling, which permute divided blocks and pixels in an encrypted image. However, the correlation between blocks in the encrypted image can still be exploited for reconstruction. Therefore, in this paper, a novel jigsaw puzzle solver-based attack that utilizes block correlation is proposed to restore visual information from encrypted images. In the experiments, we evaluated the security of image encryption for privacy-preserving deep neural networks using both conventional and proposed COAs. The experimental results demonstrate that the proposed attack is able to restore almost all visual information from images encrypted for being applied to ViTs. Full article
(This article belongs to the Special Issue Addressing Privacy and Data Protection in New Technological Trends)
Show Figures

Figure 1

Review

Jump to: Research

25 pages, 1113 KiB  
Review
Ethics and Trustworthiness of AI for Predicting the Risk of Recidivism: A Systematic Literature Review
Information 2023, 14(8), 426; https://doi.org/10.3390/info14080426 - 27 Jul 2023
Viewed by 3004
Abstract
Artificial Intelligence (AI) can be very beneficial in the criminal justice system for predicting the risk of recidivism. AI provides unrivalled high computing power, speed, and accuracy; all harnessed to strengthen the efficiency in predicting convicted individuals who may be on the verge [...] Read more.
Artificial Intelligence (AI) can be very beneficial in the criminal justice system for predicting the risk of recidivism. AI provides unrivalled high computing power, speed, and accuracy; all harnessed to strengthen the efficiency in predicting convicted individuals who may be on the verge of recommitting a crime. The application of AI models for predicting recidivism has brought positive effects by minimizing the possible re-occurrence of crime. However, the question remains of whether criminal justice system stakeholders can trust AI systems regarding fairness, transparency, privacy and data protection, consistency, societal well-being, and accountability when predicting convicted individuals’ possible risk of recidivism. These are all requirements for a trustworthy AI. This paper conducted a systematic literature review examining trust and the different requirements for trustworthy AI applied to predicting the risks of recidivism. Based on this review, we identified current challenges and future directions regarding applying AI models to predict the risk of recidivism. In addition, this paper provides a comprehensive framework of trustworthy AI for predicting the risk of recidivism. Full article
(This article belongs to the Special Issue Addressing Privacy and Data Protection in New Technological Trends)
Show Figures

Figure 1

14 pages, 1067 KiB  
Review
Navigating Privacy and Data Safety: The Implications of Increased Online Activity among Older Adults Post-COVID-19 Induced Isolation
Information 2023, 14(6), 346; https://doi.org/10.3390/info14060346 - 17 Jun 2023
Viewed by 1817
Abstract
The COVID-19 pandemic spurred older adults to use information and communication technology (ICT) for maintaining connections and engagement during social distancing. This trend raises concerns about privacy and data safety for older individuals with limited technical knowledge who have adopted ICT reluctantly and [...] Read more.
The COVID-19 pandemic spurred older adults to use information and communication technology (ICT) for maintaining connections and engagement during social distancing. This trend raises concerns about privacy and data safety for older individuals with limited technical knowledge who have adopted ICT reluctantly and may be distinct in their susceptibility to scams, fraud, and identity theft. This paper highlights the gap in the literature regarding the increased privacy and data security risks for older adults adopting technology due to isolation during the pandemic (referred to here as quarantine technology initiates (QTIs)). A literature search informed by healthcare experts explored the intersection of older adults, data privacy, online activity, and COVID-19. A thin and geographically diverse literature was found to consider the risk profile of QTIs with the same lens as for older adults who adopted ICT before or independent of COVID-19 quarantines. The mentioned strategies to mitigate privacy risks were broad, including education, transaction monitoring, and the application of international regulatory models, but were undistinguished from those for non-QTI older adults. Future research should pursue the hypothesis that the risk profile of QTIs may differ in character from that of other older adults, referencing by analogy the nuanced distinctions quantified in credit risk scoring. Such studies would examine the primary data on privacy and data safety implications of hesitant ICT adoption by older adults, using COVID-19 as a natural experiment to identify and evaluate this vulnerable group. Full article
(This article belongs to the Special Issue Addressing Privacy and Data Protection in New Technological Trends)
Show Figures

Figure 1

Back to TopTop