Abstract
Since the mid 1990s, lawmakers and scholars have worked on the idea of embedding data protection safeguards in information and communication technology (ICT) with the aim to access and control personal data in compliance with current regulatory frameworks. This effort has been strengthened by the capacities of computers to draw upon the tools of artificial intelligence (AI) and operations research. However, work on AI and the law entails crucial ethical issues concerning both values and modalities of design. On one hand, design choices might result in conflicts of values and, vice versa, values may affect design features. On the other hand, the modalities of design cannot only limit the impact of harm-generating behavior but also prevent such behavior from occurring via self-enforcement technologies. In order to address some of the most relevant issues of data protection today, the paper suggests we adopt a stricter, yet more effective version of “privacy by design.” The goal should be to reinforce people’s pre-existing autonomy, rather than having to build it from scratch.
Highlights
Over the past 15 years lawmakers and privacy commissioners have discussed the idea of embedding data protection safeguards in information and communication technology (ICT) In 1995, the obligation of data controllers to implement appropriate technical and organizational measures was laid down in the first European directive on data protection, namely, in Art 17 of D-95/46/EC
Would the idea of embedding regulatory measures in ICT replicate the same divergences we find in today‟s debate on data protection? can the principle of “privacy by design” offer solutions to the current balkanization of the internet?
Work in legal ontologies allows us to quantify the growing amount of personal data processed in compliance with legal frameworks: This is what occurs with research in the management of information systems [8,41], support of privacy preservation in location-based services [9], or middleware architectures for data protection [10], each of which aims at integrating smaller parts and sub-solutions of the design project
Summary
Over the past 15 years lawmakers and privacy commissioners have discussed the idea of embedding data protection safeguards in information and communication technology (ICT) In 1995, the obligation of data controllers to implement appropriate technical and organizational measures was laid down in the first European directive on data protection, namely, in Art 17 of D-95/46/EC. Is a new legal framework needed but, according to the EU commissioners, it “has to include a provision translating the currently punctual requirements into a broader and consistent principle of privacy by design This principle should be binding for technology designers and producers, as well as for data controllers who have to decide on the acquisition and use of ICT” [19]. We may claim that “privacy assurance must ideally become an organization‟s default mode of operation” [1], if, and only if, in accordance with current work in informational privacy [27], contextual integrity [28], and online policies [29], privacy by design is devoted to strengthen the autonomy of the individuals, letting people determine levels of access and control over personal data in digital environments I propose a stricter, yet more effective version of “privacy by design.” We may claim that “privacy assurance must ideally become an organization‟s default mode of operation” [1], if, and only if, in accordance with current work in informational privacy [27], contextual integrity [28], and online policies [29], privacy by design is devoted to strengthen the autonomy of the individuals, letting people determine levels of access and control over personal data in digital environments
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
