Introduction to Data Privacy

What is Data Privacy?

  • Somewhat hard to define, no one definition everyone agrees on
  • one influential framework: Nissenbaum’s Contextual Integrity (Nissenbaum 2010)
    • Privacy means that contextual information norms are respected in all information flows.
    • context: e.g., norms, laws, actors, situation
    • information flow: technical act of transferring information
    • information norm includes sender, recipient, subject, information type, transmission principle (e.g., voluntary, with permission, sale, confidential)
      • can be normative or descriptive
  • add an example in research context for Nissenbaum’s concept of contextual integrity

In this tutorial, I will use both the terms data protection and privacy. Privacy is both a broader term that encompasses values, attitudes, and behaviors, but is also used in the context of technical mechanisms. Data protection is a term that is closely linked to actual behavior and is used in laws. Both translate to “Datenschutz” in German.

Why is Data Protection Important?

Insert some personal reflection tasks

  • Example: You participate in an interview on research integrity as part of a study. The interviewer asks you about any ethical transgressions you may have committed during your work and about your mental health. Would you share that information? What are the conditions under which you would share that data?

Important for continued trust of participants

As researchers, our obligation to data protection arises from two (not totally distinct) directions: ethics and law.

Data Protection in Research Ethics

Trust of participants in research and researchers extends to handling personal data

  • Participants probably do not read consent forms

Explain ethical conventions (Helsinki, etc.)

Explain professional obligations (e.g., as Psychologists)

Data Protection in Law

Many laws around the globe

Most important and always applies in the EU: GDPR (short intro)

  • applies in the case of personal data

Acknowledge the existence of other relevant laws (e.g., export control of knowledge relating to national security; IP)

Conclusion

To achieve openness of research data, we need to anonymize data

Goal: acceptable risk; “as closed as necessary, as open as possible”

–> What this means is open to discussion; needs to be calibrated on a case-by-case basis;

This guide: helps with coming to a reasonable conclusion where the optimal balance lies

Learning Objective

  • After completing this part of the tutorial, you will have a fundamental understanding of privacy and data protection.

Exercises

  • Reflection exercise regarding privacy risks
Back to top

References

Nissenbaum, Helen Fay. 2010. Privacy in context. Stanford, California: Standford University Press.