On Decision Transparency, or How to Enhance Data Protection after the Computational Turn

How can data protection meet the challenge of decisions increasingly being taken on the basis of large-scale, complex, and multi-purpose processes of matching and mining enormous amounts of data? This paper argues that the focus in data protection should shift from ex ante regulation of data processing to ex post regulation of decision-making. A focus on decision transparency is needed to enhance the protection of individuals after the computational turn. After briefly analysing the limitations of the Data Protection Directive and of the current proposals for revision, I provide a theoretical and practical perspective on effecting decision transparency. The first, theoretical, part applies the conceptual framework of David Heald on transparency relations to explain data-processing relationships. Enhancing protection requires a dual strategy: diminishing transparency of data subjects, through shielding and obfuscating data, and enhancing transparency of data controllers, through introducing mechanisms for outcome (and not only process) transparency, retrospective transparency in (near) real-time for individual cases, and, most importantly, effective (and not only nominal) transparency. This requires receptors who are capable of understanding transparency information and who are able to use it. The second part of the chapter discusses ways in which the theoretical approach could be effected in practice. It describes existing models of transparency in legal, social, and technical regulatory measures, and discusses how these models could enhance transparency of data controllers in illustrative cases of commerce, government service provisioning, and law enforcement. The paper concludes that in the 21st century, with its computational turn, data protection can no longer reside in the exclusive realm of informational privacy and self-determination; rather, it must be approached from the angle of due process and fair treatment in the database age. A focus on decision transparency has good potential to achieve just that.

[1]  Arthur Cyr,et al.  Comparative policy analysis , 1975 .

[2]  M. Castells The rise of the network society , 1996 .

[3]  D. Brin The Transparent Society: Will Technology Force Us to Choose Between Privacy and Freedom? , 1998 .

[4]  Charles J. Sykes The End of Privacy , 1999 .

[5]  Lawrence Lessig The Law of the Horse: What Cyberlaw Might Teach , 1999 .

[6]  Lawrence Lessig,et al.  Code and Other Laws of Cyberspace , 1999 .

[7]  Selma C. Etter Database Nation the Death of Privacy in the 21st Century , 2000, Journal of Computing in Higher Education.

[8]  Jason Nolan,et al.  Sousveillance: Inventing and Using Wearable Computing Devices for Data Collection in Surveillance Environments. , 2002 .

[9]  Jason Nolan,et al.  Sousveillance: Inventing and Using Wearable Computing Devices to Challenge Surveillance , 2002 .

[10]  Michael Waidner,et al.  Platform for Enterprise Privacy Practices: Privacy-Enabled Management of Customer Data , 2002, Privacy Enhancing Technologies.

[11]  Luís Antônio Francisco de Souza The culture of control: crime and social order in contemporary, society , 2003 .

[12]  Priscilla M. Regan,et al.  Emergency Response Systems and the Creeping Legibility of People and Places , 2004, Inf. Soc..

[13]  A. Beijer,et al.  De Wet bijzondere opsporingsbevoegdheden : Eindevaluatie , 2004 .

[14]  Daniel J. Solove The Digital Person , 2022 .

[15]  Ronald Leenes,et al.  ‘Code’ and the Slow Erosion of Privacy , 2005 .

[16]  David Heald,et al.  Varieties of transparency , 2006 .

[17]  B. Harcourt,et al.  Against Prediction: Profiling, Policing and Punishing in an Actuarial Age by B.E. Harcourt , 2008 .

[18]  Steve Mann,et al.  Cyborglogging with camera phones: steps toward equiveillance , 2006, MM '06.

[19]  Yves Poullet,et al.  EU data protection policy. The Directive 95/46/EC: Ten years after , 2006, Comput. Law Secur. Rev..

[20]  F. Füredi,et al.  Culture of Fear Revisited: Risk-Taking and the Morality of Low Expectation , 2006 .

[21]  M. Hildebrandt,et al.  A vision of ambient law , 2007 .

[22]  Erin Murphy Paradigms of Restraint , 2007 .

[23]  Chris Taylor,et al.  Transparency: The Key to Better Governance? , 2007 .

[24]  Mireille Hildebrandt,et al.  Profiling and the Identity of the European Citizen , 2008, Profiling the European Citizen.

[25]  Serge Gutwirth,et al.  Addressing the obscurity of data clouds , 2008 .

[26]  Serge Gutwirth,et al.  Profiling the European Citizen, Cross-Disciplinary Perspectives , 2008 .

[27]  Roger Brownsword,et al.  Rights, regulation, and the technological revolution , 2008 .

[28]  Ortwin Renn Risk Governance: Coping with Uncertainty in a Complex World , 2008 .

[29]  R. Armstrong The Long Tail: Why the Future of Business Is Selling Less of More , 2008 .

[30]  Colin J. Bennett The Privacy Advocates: Resisting the Spread of Surveillance , 2008 .

[31]  Matt Mason,et al.  The Pirate's Dilemma: How Youth Culture Is Reinventing Capitalism , 2008 .

[32]  Serge Gutwirth,et al.  Regulating Profiling in a Democratic Constitutional State , 2008, Profiling the European Citizen.

[33]  Lorenzo Valeri,et al.  Review of the European Data Protection Directive , 2009 .

[34]  Helen Nissenbaum,et al.  Privacy in Context , 2009 .

[35]  Viktor Mayer-Schönberger,et al.  Delete: The Virtue of Forgetting in the Digital Age , 2009 .

[36]  Bert-Jaap Koops,et al.  Technology and the Crime Society: Rethinking Legal Protection , 2009 .

[37]  David Wright Profiling the European Citizen: Cross‐Disciplinary Perspectives , 2009 .

[38]  Bert-Jaap Koops,et al.  Law, Technology, and Shifting Power Relations , 2009 .

[39]  Jean-Gabriel Ganascia,et al.  The generalized sousveillance society , 2010 .

[40]  Erin Murphy Databases, Doctrine, and Constitutional Criminal Procedure , 2010 .

[41]  S. Nason Free: The future of a radical price , 2010 .

[42]  Mikko Tapani Karaiste Delete: The virtue of forgetting in the digital age , 2010 .

[43]  Serge Gutwirth,et al.  Some Caveats on Profiling , 2010, Data Protection in a Profiled World.

[44]  Serge Gutwirth,et al.  Data Protection in a Profiled World , 2010, Data Protection in a Profiled World.

[45]  Bert-Jaap Koops,et al.  The Evolution of Privacy Law and Policy in the Netherlands , 2011 .

[46]  Viviane Reding The Upcoming Data Protection Reform for the European Union , 2011 .

[47]  Jasper P. Sluijs,et al.  Transparency regulation in broadband markets: Lessons from experimental research , 2011 .

[48]  Nadezhda Purtova Property Rights in Personal Data. A European Perspective , 2011 .

[49]  Mireille Hildebrandt,et al.  The Dawn of a Critical Transparency Right for the Profiling Era , 2012 .