Introduction to Data Privacy

What is data privacy?

  • Somewhat hard to define

Explain Nissenbaum’s concept of contextual integrity (short and easy)

In this tutorial, I will use both the terms data protection and privacy. Privacy is a broader termthat encompasses values, attitudes, and behaviors, while data protection is used in laws and is more closely linked to actual behavior.

Why is data protection important?

Insert some personal reflection tasks

Important for continued trust of participants

As researchers, our obligation to data protection arises from two (not totally distinct) directions: ethics and law.

Data Protection in Research Ethics

Trust of participants in research and researchers extends to handling personal data

  • Participants probably do not read consent forms

Explain ethical conventions (Helsinki, etc.)

Explain professional obligations (e.g., as Psychologists)

Data Protection in Law

Many laws around the globe

Most important and always applies in the EU: GDPR (short intro)

  • applies in the case of personal data

Explain basics (such as controller and processor) in terms of the usual research business

  • Controller means the person, company, public authority, or organization that decides why personal data is processed and how it is processed. In some cases, the law itself decides who the controller is or sets rules for how the controller is chosen.

  • Processor means the person, company, or organization that processes personal data on behalf of the controller. They follow the controller’s instructions and don’t decide the purpose or the means of the processing themselves.

Acknowledge the existence of other relevant laws (e.g., export control of knowledge relating to national security; IP)

Conclusion

To achieve openness of research data, we need to anonymize data

Goal: acceptable risk; “as closed as necessary, as open as possible”

–> What this means is open to discussion; needs to be calibrated on a case-by-case basis;

This guide: helps with coming to a reasonable conclusion where the optimal balance lies

Learning Objective

  • After completing this part of the tutorial, you will have a fundamental understanding of privacy and data protection.

Exercises

  • Reflection exercise regarding privacy risks
Back to top