ABSTRACT
The regulatory climate is in a process of change. Design, having been implicated for some time, is now explicitly linked to law. This paper recognises the heightened role of designers in the regulation of ambient interactive technologies. Taking account of incumbent legal requirements is difficult. Legal rules are convoluted, uncertain, and not geared towards operationalisable heuristics or development guidelines for system designers. Privacy and data protection are a particular moral, social and legal concern for technologies. This paper seeks to understand how to make emerging European data protection regulation more accessible to our community. Our approach develops and tests a series of data protection ideation cards with teams of designers. We find that, whilst wishing to protect users, regulation is viewed as a compliance issue. Subsequently we argue for the use of instruments, such as our cards, as a means to engage designers in leading a human-centered approach to regulation.
- Ambrose, M., Ausloos, J. The Right to be Forgotten Across the Pond. J Inform Pol, 3, 1--23. (2013)Google ScholarCross Ref
- Are you a Data Controller? At http://www.dataprotection.ie/docs/Are-you-a-DataController-/43.htmGoogle Scholar
- Attride-Stirling, J. Thematic networks: an analytic tool for qualitative research. Qual Res. 1, 3 (2001) 385--405Google ScholarCross Ref
- Barnard-Wills, D. Privacy Game. http://surveillantidentity.blogspot.co.uk/p/privacy-cardgame.htmlGoogle Scholar
- Bernal, P. The EU, the US and the Right to be Forgotten In Gutwirth, S. Leenes, R. and De Hert, P. {Eds} Reloading Data Protection Multidisciplinary Insights and Contemporary Challenges' Springer, 2014Google Scholar
- Black J 'Decentring Regulation: Understanding the Role of Regulation and Self-regulation in a 'Post- Regulatory' World' (2001) 54 Current Legal Problems 103Google Scholar
- Brownsword, R., Yeung, K. (eds), Regulating Technologies: Legal Futures, Regulatory Frames and Technological Fixes. Hart Publishing, 2008Google Scholar
- Camp, J. and Connelly, K. Beyond Consent: Privacy in Ubicomp Systems in Digital Privacy: Theory, Technologies and Practices (2007)Google Scholar
- Cavoukian, A, Privacy by Design: The 7 Foundational Principles, IPCO, 2011Google Scholar
- Dourish, P., Bell, G. Divining a Digital Future: Mess and Mythology in Ubiquitous Computing. MIT Press, 2011 Google ScholarCross Ref
- Druschel, P. The Right to Be Forgotten - Between Expectations and Promise, ENISA 2012Google Scholar
- Feick, R. & Werle, R. Regulation of Cyberspace. In Baldwin, R., Cave, M., & Lodge, M. {eds} The Oxford Handbook of Regulation. OUP, 2010, 523--547Google Scholar
- Friedman, B. & Hendry, D. The envisioning cards: a toolkit for catalyzing humanistic and technical imaginations. In Proc. CHI'12 ACM (2012) Google ScholarDigital Library
- Friedman, B. Lin, P. Miller, J.K. Informed Consent by Design in Cranor, L.F. and Garfinkel, S. (Eds) Security and Usability. O'Reilly Media Inc (2005) 503--529Google Scholar
- Golembewski, M. Selby, M. Ideation decks: a cardbased design ideation tool. Proc. DIS'10. ACM Press Google ScholarDigital Library
- IDEO. Method Cards for IDEO: 51 Card Deck to Inspire Design. At http://www.ideo.com/work/methodcardsGoogle Scholar
- ICO on Privacy by Design, 2014 http://ico.org.uk/for_organisations/data_protection/topic_guides/privacy_by_designGoogle Scholar
- Langheinrich, M. A Privacy Awareness System for Ubiquitous Computing Environments. In Lecture Notes in Computer Science 2498, Springer 237--245 (2002) Google ScholarDigital Library
- Leenes, R "Framing Techno-Regulation: An Exploration of State and Non-State Regulation By Technology" Legisprudence, 2011, Vol. 5 No. 2, 143--169Google ScholarCross Ref
- Lessig, L. Code V2.0. Basic Books, 2006Google Scholar
- Luger, E. & Rodden, T. An informed view on consent for UbiComp. In Proc. UbiComp '13. ACM (2013), 529--538 Google ScholarDigital Library
- Luger, E. Rodden, T. Terms of Agreement: Rethinking Consent for Pervasive Computing Interact Comput 25.2 (2013)Google Scholar
- Lynskey, O. Rising Like a Phoenix: The Right to Be Forgotten Before the ECJ European Law Blog (2014)Google Scholar
- Mackay, W. The Interactive Thread: Exploring Methods for Multi-disciplinary Design In Proc. DIS'04. ACM (2004) Google ScholarDigital Library
- Manson, C G. and Gorniak, S. Recommendations for a methodology of the assessment of severity of personal data breaches, ENISA, 2013Google Scholar
- Mayntz, R. The Changing Governance of Large Technical Infrastructure Systems in: Mayntz, R. (ed.): Über Governance. In Stitutionen und Prozesse politischer Regelung, Schriften aus dem Max-PlanckInstitut für Gesellschaftsfor-schung, Campus (2009), 121--150Google Scholar
- OECD. The OECD Privacy Framework. OECD Publishing (2013)Google Scholar
- Stahl, B.C. Responsible research and innovation: The role of privacy in an emerging framework. Science and Public Policy, 2013, 40 (6), pp. 708--716Google ScholarCross Ref
- Smith, D. One small step for EU Parliament could prove one giant leap for data protection. ICO. At. http://ico.org.uk/news/blog/2013/one-small-step-for-euparliament (accessed 13.03.14)Google Scholar
- The Security Cards. At http://securitycards.cs.washington.edu/index.htmlGoogle Scholar
- C-131/12 Google Spain v AEPD and Mario Costeja GonzalezGoogle Scholar
- US Federal Trade Commission, Protecting Consumer Privacy in an Era of Rapid Change: Recommendations for Businesses and Policymakers, 2012 pp. 22--32Google Scholar
- Yeung K. Design for Regulation in J van Den Hoven et al (Eds) Handbook of Ethics, Values and Technological Design, Springer, 2014.Google Scholar
Index Terms
- Playing the Legal Card: Using Ideation Cards to Raise Data Protection Issues within the Design Process
Recommendations
Card Mapper: Enabling Data-Driven Reflections on Ideation Cards
CHI '19: Proceedings of the 2019 CHI Conference on Human Factors in Computing SystemsWe explore how usage data captured from ideation cards can enable reflection on design. We deployed a deck of ideation cards on a Masters level module over two years, developing the means to capture the students' designs into a digital repository. We ...
A regulatory model for personal data on social networking services in the UK
The Data Protection Act 1998 is seen as partially effective for social media.Self-regulation is widely adopted by service providers but has limitations.User behaviour and system design can help protect privacy.Existing models of regulation do not ...
Legal implications after Schrems case: are we trading fundamental rights?
The world is slowly turning into a global village and borders that once stood between cultures now serve as bridges for the exchange of information. In Schrems, the Court of Justice invalidated the Safe Harbor agreement, which recognized the standards ...
Comments