Poort, J., Zuiderveen Borgesius, F. Online prijsdiscriminatie: heeft iedereen zijn prijs? 17.03.2022, (presentatie Amsterdamse Academische Club). @misc{nokey,
title = {Online prijsdiscriminatie: heeft iedereen zijn prijs?},
author = {Poort, J. and Zuiderveen Borgesius, F.},
url = {https://www.ivir.nl/prijsdiscriminatie-aac/},
year = {2022},
date = {2022-03-17},
note = {presentatie Amsterdamse Academische Club},
keywords = {},
pubstate = {published},
tppubtype = {presentation}
}
|
Dobber, T., Fahy, R., Shires, J., Zuiderveen Borgesius, F. Microtargeted propaganda by foreign actors: An interdisciplinary exploration In: Maastricht Journal of European and Comparative Law, pp. 856-877, 2022, (MJ, vol. 28, nr. 6, 2021). @article{nokey,
title = {Microtargeted propaganda by foreign actors: An interdisciplinary exploration},
author = {Fahy, R. and Dobber, T. and Zuiderveen Borgesius, F. and Shires, J.},
url = {https://www.ivir.nl/publicaties/download/MaastrichtJournalofEuropeanandComparativeLaw_2021_6.pdf},
doi = {10.1177/1023263X211042471},
year = {2022},
date = {2022-01-25},
urldate = {2021-12-31},
journal = {Maastricht Journal of European and Comparative Law},
pages = {856-877},
abstract = {This article discusses a problem that has received scant attention in literature: microtargeted propaganda by foreign actors. Microtargeting involves collecting information about people, and using that information to show them targeted political advertisements. Such microtargeting enables advertisers to target ads to specific groups of people, for instance people who visit certain websites, forums, or Facebook groups. This article focuses on one type of microtargeting: microtargeting by foreign actors. For example, Russia has targeted certain groups in the US with ads, aiming to sow discord. Foreign actors could also try to influence European elections, for instance by advertising in favour of a certain political party. Foreign propaganda possibilities existed before microtargeting. This article explores two questions. In what ways, if any, is microtargeted propaganda by foreign actors different from other foreign propaganda? What could lawmakers in Europe do to mitigate the risks of microtargeted propaganda?},
note = {MJ, vol. 28, nr. 6, 2021},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
This article discusses a problem that has received scant attention in literature: microtargeted propaganda by foreign actors. Microtargeting involves collecting information about people, and using that information to show them targeted political advertisements. Such microtargeting enables advertisers to target ads to specific groups of people, for instance people who visit certain websites, forums, or Facebook groups. This article focuses on one type of microtargeting: microtargeting by foreign actors. For example, Russia has targeted certain groups in the US with ads, aiming to sow discord. Foreign actors could also try to influence European elections, for instance by advertising in favour of a certain political party. Foreign propaganda possibilities existed before microtargeting. This article explores two questions. In what ways, if any, is microtargeted propaganda by foreign actors different from other foreign propaganda? What could lawmakers in Europe do to mitigate the risks of microtargeted propaganda? |
Poort, J., Zuiderveen Borgesius, F. Personalised pricing: The demise of the fixed price? In: 2021, (Forthcoming as chapter 10 in: Kohl, U., & Eisler, J. (eds.), Data-Driven Personalisation in Markets, Politics and Law. Cambridge: Cambridge University Press, 2021.). @article{Poort2021,
title = {Personalised pricing: The demise of the fixed price?},
author = {Poort, J. and Zuiderveen Borgesius, F.},
url = {https://www.ivir.nl/publicaties/download/The-Demise-of-the-Fixed-Price.pdf},
year = {2021},
date = {2021-03-04},
abstract = {An online seller or platform is technically able to offer every consumer a different price for the same product, based on information it has about the customers. Such online price discrimination exacerbates concerns regarding the fairness and morality of price discrimination, and the possible need for regulation. In this chapter, we discuss the underlying basis of price discrimination in economic theory, and its popular perception. Our surveys show that consumers are critical and suspicious of online price discrimination. A majority consider it unacceptable and unfair, and are in favour of a ban. When stores apply online price discrimination, most consumers think they should be informed about it. We argue that the General Data Protection Regulation (GDPR) applies to the most controversial forms of online price discrimination, and not only requires companies to disclose their use of price discrimination, but also requires companies to ask customers for their prior consent. Industry practice, however, does not show any adoption of these two principles.},
note = {Forthcoming as chapter 10 in: Kohl, U., \& Eisler, J. (eds.), Data-Driven Personalisation in Markets, Politics and Law. Cambridge: Cambridge University Press, 2021.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
An online seller or platform is technically able to offer every consumer a different price for the same product, based on information it has about the customers. Such online price discrimination exacerbates concerns regarding the fairness and morality of price discrimination, and the possible need for regulation. In this chapter, we discuss the underlying basis of price discrimination in economic theory, and its popular perception. Our surveys show that consumers are critical and suspicious of online price discrimination. A majority consider it unacceptable and unfair, and are in favour of a ban. When stores apply online price discrimination, most consumers think they should be informed about it. We argue that the General Data Protection Regulation (GDPR) applies to the most controversial forms of online price discrimination, and not only requires companies to disclose their use of price discrimination, but also requires companies to ask customers for their prior consent. Industry practice, however, does not show any adoption of these two principles. |
Poort, J., Power, L., Zimin, A., Zuiderveen Borgesius, F. Rien ne va plus: Reclame en onlinekansspelen In: SEW, no. 3, pp. 116-126, 2020. @article{Borgesius2020b,
title = {Rien ne va plus: Reclame en onlinekansspelen},
author = {Zuiderveen Borgesius, F. and Zimin, A. and Power, L. and Poort, J.},
url = {https://www.ivir.nl/publicaties/download/SEW_2020_3_auteursversie.pdf
https://www-uitgeverijparis-nl.proxy.uba.uva.nl:2443/nl/reader/206589/1001465434},
year = {2020},
date = {2020-03-31},
journal = {SEW},
number = {3},
pages = {116-126},
abstract = {Binnenkort zijn onlinekansspelen toegestaan in Nederland. Na de opening van de markt is te verwachten dat aanbieders van onlinekansspelen intensief reclame gaan maken. Dit artikel bespreekt de juridische context van kansspelreclame, wat voor beperkingen aan reclame mogelijk zijn, en wat de verwachte effecten zijn op met name kansspelverslaving.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Binnenkort zijn onlinekansspelen toegestaan in Nederland. Na de opening van de markt is te verwachten dat aanbieders van onlinekansspelen intensief reclame gaan maken. Dit artikel bespreekt de juridische context van kansspelreclame, wat voor beperkingen aan reclame mogelijk zijn, en wat de verwachte effecten zijn op met name kansspelverslaving. |
Zuiderveen Borgesius, F. Strengthening legal protection against discrimination by algorithms and artificial intelligence In: The International Journal of Human Rights, 2020. @article{Borgesius2020,
title = {Strengthening legal protection against discrimination by algorithms and artificial intelligence},
author = {Zuiderveen Borgesius, F.},
url = {https://doi-org.proxy.uba.uva.nl:2443/10.1080/13642987.2020.1743976},
year = {2020},
date = {2020-03-29},
journal = {The International Journal of Human Rights},
abstract = {Algorithmic decision-making and other types of artificial intelligence (AI) can be used to predict who will commit crime, who will be a good employee, who will default on a loan, etc. However, algorithmic decision-making can also threaten human rights, such as the right to non-discrimination. The paper evaluates current legal protection in Europe against discriminatory algorithmic decisions. The paper shows that non-discrimination law, in particular through the concept of indirect discrimination, prohibits many types of algorithmic discrimination. Data protection law could also help to defend people against discrimination. Proper enforcement of non-discrimination law and data protection law could help to protect people. However, the paper shows that both legal instruments have severe weaknesses when applied to artificial intelligence. The paper suggests how enforcement of current rules can be improved. The paper also explores whether additional rules are needed. The paper argues for sector-specific \textendash rather than general \textendash rules, and outlines an approach to regulate algorithmic decision-making.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Algorithmic decision-making and other types of artificial intelligence (AI) can be used to predict who will commit crime, who will be a good employee, who will default on a loan, etc. However, algorithmic decision-making can also threaten human rights, such as the right to non-discrimination. The paper evaluates current legal protection in Europe against discriminatory algorithmic decisions. The paper shows that non-discrimination law, in particular through the concept of indirect discrimination, prohibits many types of algorithmic discrimination. Data protection law could also help to defend people against discrimination. Proper enforcement of non-discrimination law and data protection law could help to protect people. However, the paper shows that both legal instruments have severe weaknesses when applied to artificial intelligence. The paper suggests how enforcement of current rules can be improved. The paper also explores whether additional rules are needed. The paper argues for sector-specific – rather than general – rules, and outlines an approach to regulate algorithmic decision-making. |
Ducato, R., Hegladóttir, A., Mazgal, A., Quintais, J., Zuiderveen Borgesius, F. Panel discussion at CPDP 2020: We need to talk about filters: algorithmic copyright enforcement vs data protection. 06.02.2020. @misc{Quintais2020,
title = {Panel discussion at CPDP 2020: We need to talk about filters: algorithmic copyright enforcement vs data protection. },
author = {Quintais, J. and Zuiderveen Borgesius, F. and Mazgal, A. and Ducato, R. and Heglad\'{o}ttir, A. },
url = {https://www.youtube.com/watch?v=SstHA1ALZoI},
year = {2020},
date = {2020-02-06},
abstract = {The new Copyright in the Digital Single Market (DSM) Directive was published in May 2019. Its most controversial provision is Article 17 (ex 13), which creates a new liability regime for user-generated content platforms, like YouTube and Facebook. The new regime makes these platforms directly liable for their users’ uploads, without the possibility of benefiting from the hosting safe-harbour. This forces platforms to either license all or most of the content uploaded by users (which is near impossible) or to adopt preventive measures like filters. The likely outcome is that covered platforms will engage in general monitoring of the content uploaded by their users. This panel will discuss the issues raised by Article 17 DSM Directive and the model of algorithmic enforcement it incentivizes, with a focus on the freedom of expression and data protection risks it entails.
• Article 17 of the Copyright in the Digital Single Market Directive creates a new liability regime for user-generated content platforms.
• Does this provision introduce de facto the controversial upload filtering systems and, as a result, general monitoring of information in content-sharing platforms?
• Is Article 17 essentially in conflict with the GDPR and, in particular, the principle of minimisation and the right not to be subject to automated decision-making processes? What are the potential consequences of this provision on users’ freedom of expression?
• If Article 17 can negatively affect data protection and freedom of expression what are the possible legal and extra-legal responses to neutralise the risk?
},
keywords = {},
pubstate = {published},
tppubtype = {presentation}
}
The new Copyright in the Digital Single Market (DSM) Directive was published in May 2019. Its most controversial provision is Article 17 (ex 13), which creates a new liability regime for user-generated content platforms, like YouTube and Facebook. The new regime makes these platforms directly liable for their users’ uploads, without the possibility of benefiting from the hosting safe-harbour. This forces platforms to either license all or most of the content uploaded by users (which is near impossible) or to adopt preventive measures like filters. The likely outcome is that covered platforms will engage in general monitoring of the content uploaded by their users. This panel will discuss the issues raised by Article 17 DSM Directive and the model of algorithmic enforcement it incentivizes, with a focus on the freedom of expression and data protection risks it entails.
• Article 17 of the Copyright in the Digital Single Market Directive creates a new liability regime for user-generated content platforms.
• Does this provision introduce de facto the controversial upload filtering systems and, as a result, general monitoring of information in content-sharing platforms?
• Is Article 17 essentially in conflict with the GDPR and, in particular, the principle of minimisation and the right not to be subject to automated decision-making processes? What are the potential consequences of this provision on users’ freedom of expression?
• If Article 17 can negatively affect data protection and freedom of expression what are the possible legal and extra-legal responses to neutralise the risk?
|
Dobber, T., Fahy, R., Zuiderveen Borgesius, F. The regulation of online political micro-targeting in Europe In: Internet Policy Review, vol. 8, no. 4, 2020. @article{Dobber2020,
title = {The regulation of online political micro-targeting in Europe},
author = {Dobber, T. and Fahy, R. and Zuiderveen Borgesius, F.},
url = {https://policyreview.info/articles/analysis/regulation-online-political-micro-targeting-europe},
doi = {10.14763/2019.4.1440},
year = {2020},
date = {2020-01-16},
journal = {Internet Policy Review},
volume = {8},
number = {4},
abstract = {In this paper, we examine how online political micro-targeting is regulated in Europe. While there are no specific rules on such micro-targeting, there are general rules that apply. We focus on three fields of law: data protection law, freedom of expression, and sector-specific rules for political advertising; for the latter we examine four countries. We argue that the rules in the General Data Protection Regulation (GDPR) are necessary, but not sufficient. We show that political advertising, including online political micro-targeting, is protected by the right to freedom of expression. That right is not absolute, however. From a European human rights perspective, it is possible for lawmakers to limit the possibilities for political advertising. Indeed, some countries ban TV advertising for political parties during elections.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
In this paper, we examine how online political micro-targeting is regulated in Europe. While there are no specific rules on such micro-targeting, there are general rules that apply. We focus on three fields of law: data protection law, freedom of expression, and sector-specific rules for political advertising; for the latter we examine four countries. We argue that the rules in the General Data Protection Regulation (GDPR) are necessary, but not sufficient. We show that political advertising, including online political micro-targeting, is protected by the right to freedom of expression. That right is not absolute, however. From a European human rights perspective, it is possible for lawmakers to limit the possibilities for political advertising. Indeed, some countries ban TV advertising for political parties during elections. |
Power, L., van Eijk, N., Zimin, A., Zuiderveen Borgesius, F. Kansspelreclame: toestaan, beperken, verbieden? : Onderzoek over mogelijke regels voor kansspelreclame voor het Directoraat-Generaal Straffen en Beschermen van het Ministerie van Justitie en Veiligheid In: 2019. @article{Borgesius2019c,
title = {Kansspelreclame: toestaan, beperken, verbieden? : Onderzoek over mogelijke regels voor kansspelreclame voor het Directoraat-Generaal Straffen en Beschermen van het Ministerie van Justitie en Veiligheid},
author = {Zuiderveen Borgesius, F. and Zimin, A. and Power, L. and van Eijk, N.},
url = {https://www.ivir.nl/publicaties/download/kansspelreclame_33996.pdf},
year = {2019},
date = {2019-11-19},
abstract = {Bijlage bij Kamerstuk 2019-2020, 33996 nr. R, Eerste Kamer.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Bijlage bij Kamerstuk 2019-2020, 33996 nr. R, Eerste Kamer. |
Poort, J., Zuiderveen Borgesius, F. Prijsdiscriminatie, privacy en publieke opinie In: Ars Aequi, vol. 2019, pp. 580-590, 2019. @article{Poort2019c,
title = {Prijsdiscriminatie, privacy en publieke opinie},
author = {Poort, J. and Zuiderveen Borgesius, F.},
url = {https://arsaequi.nl/product/prijsdiscriminatie-privacy-en-publieke-opinie/},
year = {2019},
date = {2019-07-04},
journal = {Ars Aequi},
volume = {2019},
pages = {580-590},
abstract = {Webwinkels zijn technisch in staat om elke consument een andere prijs aan te bieden: online prijsdiscriminatie. Dit artikel bespreekt twee enqu\^{e}tes over dergelijke praktijken die zijn gehouden onder
de Nederlandse bevolking en onderzoekt de implicaties van de Algemene Verordening Gegevensbescherming (AVG) voor online prijsdiscriminatie.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Webwinkels zijn technisch in staat om elke consument een andere prijs aan te bieden: online prijsdiscriminatie. Dit artikel bespreekt twee enquêtes over dergelijke praktijken die zijn gehouden onder
de Nederlandse bevolking en onderzoekt de implicaties van de Algemene Verordening Gegevensbescherming (AVG) voor online prijsdiscriminatie. |
Bodó, B., Dobber, T., Fahy, R., Irion, K., Kruikemeier, S., Möller, J., Stapel, S., Vreese, C.H. de, Zuiderveen Borgesius, F. Online politieke microtargeting: Een zegen of een vloek voor de democratie? In: Nederlands Juristenblad (NJB), vol. 2019, no. 10, pp. 528-669, 2019. @article{Borgesius2019b,
title = {Online politieke microtargeting: Een zegen of een vloek voor de democratie?},
author = {Zuiderveen Borgesius, F. and M\"{o}ller, J. and Dobber, T. and Kruikemeier, S. and Irion, K. and Stapel, S. and Fahy, R. and Bod\'{o}, B. and Vreese, C.H. de},
url = {https://www.ivir.nl/publicaties/download/NJB_2019.pdf},
year = {2019},
date = {2019-03-19},
journal = {Nederlands Juristenblad (NJB)},
volume = {2019},
number = {10},
pages = {528-669},
abstract = {Voor online politieke microtargeting wordt het online-gedrag van mensen in kaart gebracht en worden de verzamelde gegevens gebruikt om mensen gerichte politieke advertenties te tonen. Microtargeting is vanuit de VS komen overwaaien naar Europa en heeft voor- en nadelen voor de democratie. Microtargeting kan politieke partijen helpen om mensen effectief te bereiken en kan politieke betrokkenheid stimuleren. Maar microtargeting kan ook een bedreiging vormen voor de democratie. Zo kan een politieke partij zich verschillend voordoen aan verschillende mensen. Bovendien bedreigt het verzamelen van persoonsgegevens onze privacy. Dit artikel brengt de beloftes en bedreigingen van microtargeting voor de democratie in kaart en schetst mogelijkheden voor beleidsmakers om het gebruik van microtargeting te reguleren.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Voor online politieke microtargeting wordt het online-gedrag van mensen in kaart gebracht en worden de verzamelde gegevens gebruikt om mensen gerichte politieke advertenties te tonen. Microtargeting is vanuit de VS komen overwaaien naar Europa en heeft voor- en nadelen voor de democratie. Microtargeting kan politieke partijen helpen om mensen effectief te bereiken en kan politieke betrokkenheid stimuleren. Maar microtargeting kan ook een bedreiging vormen voor de democratie. Zo kan een politieke partij zich verschillend voordoen aan verschillende mensen. Bovendien bedreigt het verzamelen van persoonsgegevens onze privacy. Dit artikel brengt de beloftes en bedreigingen van microtargeting voor de democratie in kaart en schetst mogelijkheden voor beleidsmakers om het gebruik van microtargeting te reguleren. |
Poort, J., Zuiderveen Borgesius, F. Does everyone have a price? Understanding people’s attitude towards online and offline price discrimination In: Internet Policy Review, vol. 8, no. 1, 2019. @article{Poort2019b,
title = {Does everyone have a price? Understanding people’s attitude towards online and offline price discrimination},
author = {Poort, J. and Zuiderveen Borgesius, F.},
url = {https://policyreview.info/articles/analysis/does-everyone-have-price-understanding-peoples-attitude-towards-online-and-offline},
year = {2019},
date = {2019-02-12},
journal = {Internet Policy Review},
volume = {8},
number = {1},
abstract = {Online stores can present a different price to each customer. Such algorithmic personalised pricing can lead to advanced forms of price discrimination based on the characteristics and behaviour of individual consumers. We conducted two consumer surveys among a representative sample of the Dutch population (N=1233 and N=1202), to analyse consumer attitudes towards a list of examples of price discrimination and dynamic pricing. A vast majority finds online price discrimination unfair and unacceptable, and thinks it should be banned. However, some pricing strategies that have been used by companies for decades are almost equally unpopular. We analyse the results to better understand why people dislike many types of price discrimination.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Online stores can present a different price to each customer. Such algorithmic personalised pricing can lead to advanced forms of price discrimination based on the characteristics and behaviour of individual consumers. We conducted two consumer surveys among a representative sample of the Dutch population (N=1233 and N=1202), to analyse consumer attitudes towards a list of examples of price discrimination and dynamic pricing. A vast majority finds online price discrimination unfair and unacceptable, and thinks it should be banned. However, some pricing strategies that have been used by companies for decades are almost equally unpopular. We analyse the results to better understand why people dislike many types of price discrimination. |
Hoofnagle, C.J., van der Sloot, B., Zuiderveen Borgesius, F. The European Union General Data Protection Regulation: What It Is And What It Means In: Information & Communications Technology Law, vol. 2019, 2019. @article{Hoofnagle2018,
title = {The European Union General Data Protection Regulation: What It Is And What It Means},
author = {Hoofnagle, C.J. and van der Sloot, B. and Zuiderveen Borgesius, F.},
url = {https://www.tandfonline.com/doi/full/10.1080/13600834.2019.1573501},
year = {2019},
date = {2019-02-12},
journal = {Information \& Communications Technology Law},
volume = {2019},
abstract = {This article introduces U.S. lawyers and academics to the normative foundations, attributes, and strategic approach to regulating personal data advanced by the European Union’s General Data Protection Regulation (“GDPR”). We explain the genesis of the GDPR, which is best understood as an extension and refinement of existing requirements imposed by the 1995 Data Protection Directive; describe the GDPR’s approach and provisions; and make predictions about the GDPR’s short and medium-term implications. The GDPR is the most consequential regulatory development in information policy in a generation. The GDPR brings personal data into a detailed and protective regulatory regime, which will influence personal data usage worldwide. Understood properly, the GDPR encourages firms to develop information governance frameworks, to in-house data use, and to keep humans in the loop in decision making. Companies with direct relationships with consumers have strategic advantages under the GDPR, compared to third party advertising firms on the internet. To reach these objectives, the GDPR uses big sticks, structural elements that make proving violations easier, but only a few carrots. The GDPR will complicate and restrain some information-intensive business models. But the GDPR will also enable approaches previously impossible under less-protective approaches.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
This article introduces U.S. lawyers and academics to the normative foundations, attributes, and strategic approach to regulating personal data advanced by the European Union’s General Data Protection Regulation (“GDPR”). We explain the genesis of the GDPR, which is best understood as an extension and refinement of existing requirements imposed by the 1995 Data Protection Directive; describe the GDPR’s approach and provisions; and make predictions about the GDPR’s short and medium-term implications. The GDPR is the most consequential regulatory development in information policy in a generation. The GDPR brings personal data into a detailed and protective regulatory regime, which will influence personal data usage worldwide. Understood properly, the GDPR encourages firms to develop information governance frameworks, to in-house data use, and to keep humans in the loop in decision making. Companies with direct relationships with consumers have strategic advantages under the GDPR, compared to third party advertising firms on the internet. To reach these objectives, the GDPR uses big sticks, structural elements that make proving violations easier, but only a few carrots. The GDPR will complicate and restrain some information-intensive business models. But the GDPR will also enable approaches previously impossible under less-protective approaches. |
Zuiderveen Borgesius, F. Discrimination, artificial intelligence, and algorithmic decision-making 2019. @techreport{Borgesius2019,
title = {Discrimination, artificial intelligence, and algorithmic decision-making},
author = {Zuiderveen Borgesius, F.},
url = {https://rm.coe.int/discrimination-artificial-intelligence-and-algorithmic-decision-making/1680925d73},
year = {2019},
date = {2019-02-08},
volume = {2019},
abstract = {This report, written for the Anti-discrimination department of the Council of Europe, concerns discrimination caused by algorithmic decision-making and other types of artificial intelligence (AI). AI advances important goals, such as efficiency, health and economic growth but it can also have discriminatory effects, for instance when AI systems learn from biased human decisions. In the public and the private sector, organisations can take AI-driven decisions with farreaching effects for people. Public sector bodies can use AI for predictive policing for example, or for making decisions on eligibility for pension payments, housing assistance or unemployment benefits. In the private sector, AI can be used to select job applicants, and banks can use AI to decide whether to grant individual consumers
credit and set interest rates for them. Moreover, many small decisions, taken together, can have large effects. By way of illustration, AI-driven price discrimination could lead to certain groups in society consistently paying more. The most relevant legal tools to mitigate the risks of AI-driven discrimination are nondiscrimination law and data protection law. If effectively enforced, both these legal tools
could help to fight illegal discrimination. Council of Europe member States, human rights monitoring bodies, such as the European Commission against Racism and Intolerance, and Equality Bodies should aim for better enforcement of current nondiscrimination norms. But AI also opens the way for new types of unfair differentiation (some might say discrimination) that escape current laws. Most non-discrimination statutes apply only to discrimination on the basis of protected characteristics, such as skin colour. Such statutes do not apply if an AI system invents new classes, which do not correlate with
protected characteristics, to differentiate between people. Such differentiation could still be unfair, however, for instance when it reinforces social inequality. We probably need additional regulation to protect fairness and human rights in the area of AI. But regulating AI in general is not the right approach, as the use of AI systems is too varied for one set of rules. In different sectors, different values are at stake, and different problems arise. Therefore, sector-specific rules should be considered. More research and debate are needed. },
keywords = {},
pubstate = {published},
tppubtype = {techreport}
}
This report, written for the Anti-discrimination department of the Council of Europe, concerns discrimination caused by algorithmic decision-making and other types of artificial intelligence (AI). AI advances important goals, such as efficiency, health and economic growth but it can also have discriminatory effects, for instance when AI systems learn from biased human decisions. In the public and the private sector, organisations can take AI-driven decisions with farreaching effects for people. Public sector bodies can use AI for predictive policing for example, or for making decisions on eligibility for pension payments, housing assistance or unemployment benefits. In the private sector, AI can be used to select job applicants, and banks can use AI to decide whether to grant individual consumers
credit and set interest rates for them. Moreover, many small decisions, taken together, can have large effects. By way of illustration, AI-driven price discrimination could lead to certain groups in society consistently paying more. The most relevant legal tools to mitigate the risks of AI-driven discrimination are nondiscrimination law and data protection law. If effectively enforced, both these legal tools
could help to fight illegal discrimination. Council of Europe member States, human rights monitoring bodies, such as the European Commission against Racism and Intolerance, and Equality Bodies should aim for better enforcement of current nondiscrimination norms. But AI also opens the way for new types of unfair differentiation (some might say discrimination) that escape current laws. Most non-discrimination statutes apply only to discrimination on the basis of protected characteristics, such as skin colour. Such statutes do not apply if an AI system invents new classes, which do not correlate with
protected characteristics, to differentiate between people. Such differentiation could still be unfair, however, for instance when it reinforces social inequality. We probably need additional regulation to protect fairness and human rights in the area of AI. But regulating AI in general is not the right approach, as the use of AI systems is too varied for one set of rules. In different sectors, different values are at stake, and different problems arise. Therefore, sector-specific rules should be considered. More research and debate are needed. |
Steenbruggen, W., Zuiderveen Borgesius, F. The Right to Communications Confidentiality in Europe: Protecting Trust, Privacy, and Freedom of Expression In: vol. 2018, 2018. @article{Borgesius2018b,
title = {The Right to Communications Confidentiality in Europe: Protecting Trust, Privacy, and Freedom of Expression},
author = {Zuiderveen Borgesius, F. and Steenbruggen, W.},
url = {https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3152014},
year = {2018},
date = {2018-04-06},
volume = {2018},
abstract = {In the European Union, the General Data Protection Regulation (GDPR) provides comprehensive rules for the processing of personal data. In addition, the EU lawmaker intends to adopt specific rules to protect confidentiality of communications, in a separate ePrivacy Regulation. Some have argued that there is no need for such additional rules for communications confidentiality.
This paper discusses the protection of the right to confidentiality of communications in Europe. We look at the right’s origins as a fundamental right to assess the rationale for protecting the right. We also analyse how the right is currently protected under the European Convention on Human Rights and under EU law.
We show that the right to communications confidentiality protects three values: trust in communication services, privacy, and freedom of expression. The right aims to ensure that individuals and businesses can safely entrust communication to service providers. Initially, the right protected only postal letters, but it has gradually developed into a strong safeguard for the protection of confidentiality of communications, regardless of the technology used.
Hence, the right does not merely serve individual privacy interests, but also other interests that are crucial for the functioning of our information society. We conclude that separate EU rules to protect communications confidentiality, next to the GDPR, are justified and necessary to protect trust, privacy and freedom and expression.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
In the European Union, the General Data Protection Regulation (GDPR) provides comprehensive rules for the processing of personal data. In addition, the EU lawmaker intends to adopt specific rules to protect confidentiality of communications, in a separate ePrivacy Regulation. Some have argued that there is no need for such additional rules for communications confidentiality.
This paper discusses the protection of the right to confidentiality of communications in Europe. We look at the right’s origins as a fundamental right to assess the rationale for protecting the right. We also analyse how the right is currently protected under the European Convention on Human Rights and under EU law.
We show that the right to communications confidentiality protects three values: trust in communication services, privacy, and freedom of expression. The right aims to ensure that individuals and businesses can safely entrust communication to service providers. Initially, the right protected only postal letters, but it has gradually developed into a strong safeguard for the protection of confidentiality of communications, regardless of the technology used.
Hence, the right does not merely serve individual privacy interests, but also other interests that are crucial for the functioning of our information society. We conclude that separate EU rules to protect communications confidentiality, next to the GDPR, are justified and necessary to protect trust, privacy and freedom and expression. |
Bodó, B., Dobber, T., Fahy, R., Irion, K., Kruikemeier, S., Möller, J., Vreese, C.H. de, Zuiderveen Borgesius, F. Online Political Microtargeting: Promises and Threats for Democracy In: Utrecht Law Review, vol. 14, no. 1, pp. 82-96, 2018. @article{Borgesius2018,
title = {Online Political Microtargeting: Promises and Threats for Democracy},
author = {Zuiderveen Borgesius, F. and M\"{o}ller, J. and Kruikemeier, S. and Fahy, R. and Irion, K. and Dobber, T. and Bod\'{o}, B. and Vreese, C.H. de},
url = {https://www.ivir.nl/publicaties/download/UtrechtLawReview.pdf},
year = {2018},
date = {2018-02-13},
journal = {Utrecht Law Review},
volume = {14},
number = {1},
pages = {82-96},
abstract = {Online political microtargeting involves monitoring people’s online behaviour, and using the collected data, sometimes enriched with other data, to show people-targeted political advertisements. Online political microtargeting is widely used in the US; Europe may not be far behind. This paper maps microtargeting’s promises and threats to democracy. For example, microtargeting promises to optimise the match between the electorate’s concerns and political campaigns, and to boost campaign engagement and political participation. But online microtargeting could also threaten democracy. For instance, a political party could, misleadingly, present itself as a different one-issue party to different individuals. And data collection for microtargeting raises privacy concerns. We sketch possibilities for policymakers if they seek to regulate online political microtargeting. We discuss which measures would be possible, while complying with the right to freedom of expression under the European Convention on Human Rights.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Online political microtargeting involves monitoring people’s online behaviour, and using the collected data, sometimes enriched with other data, to show people-targeted political advertisements. Online political microtargeting is widely used in the US; Europe may not be far behind. This paper maps microtargeting’s promises and threats to democracy. For example, microtargeting promises to optimise the match between the electorate’s concerns and political campaigns, and to boost campaign engagement and political participation. But online microtargeting could also threaten democracy. For instance, a political party could, misleadingly, present itself as a different one-issue party to different individuals. And data collection for microtargeting raises privacy concerns. We sketch possibilities for policymakers if they seek to regulate online political microtargeting. We discuss which measures would be possible, while complying with the right to freedom of expression under the European Convention on Human Rights. |
Brkan, M., Castets-Renard, C., Cole, M.D., Dommering, E., Forgo, N., Korff, D., Kosta, E., Ligeti, K., Mariottini, C.M., Metille, S., Mitrou, L., Pollicino, O., Pretschner, A., Robinson, G., Ryngaert, C., Spindler, G., Valcke, P., Van Calster, G., van Eijk, N., Weber, R., Zuiderveen Borgesius, F. Brief of EU Data Protection and Privacy Scholars as Amici Curiae in Support of Respondent In: 2018. @article{Brkan2018,
title = {Brief of EU Data Protection and Privacy Scholars as Amici Curiae in Support of Respondent},
author = {Brkan, M. and Castets-Renard, C. and Cole, M.D. and Dommering, E. and Forgo, N. and Korff, D. and Kosta, E. and Ligeti, K. and Mariottini, C.M. and Metille, S. and Mitrou, L. and Pollicino, O. and Pretschner, A. and Robinson, G. and Ryngaert, C. and Spindler, G. and Valcke, P. and Van Calster, G. and van Eijk, N. and Weber, R. and Zuiderveen Borgesius, F.},
url = {https://www.ivir.nl/publicaties/download/amicusbrief_2018.pdf},
year = {2018},
date = {2018-01-18},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
|
Poort, J., Zuiderveen Borgesius, F. Online prijsdiscriminatie en de Algemene Verordening Gegevensbescherming In: pp. 55-62, 2017, (Hoofdstuk in: Big Data. Honderd jaar Juridische Faculteitsvereniging Grotius / N.P. van der Elst (ed.), 2017). @inbook{Borgesius2017f,
title = {Online prijsdiscriminatie en de Algemene Verordening Gegevensbescherming},
author = {Zuiderveen Borgesius, F. and Poort, J.},
url = {https://www.ivir.nl/publicaties/download/Prijsdiscriminatie.pdf},
year = {2017},
date = {2017-11-28},
pages = {55-62},
note = {Hoofdstuk in: Big Data. Honderd jaar Juridische Faculteitsvereniging Grotius / N.P. van der Elst (ed.), 2017},
keywords = {},
pubstate = {published},
tppubtype = {inbook}
}
|
Boerman, S.C., Helberger, N., Kruikemeier, S., Zuiderveen Borgesius, F. Tracking walls, take-it-or-leave-it choices, the GDPR, and the ePrivacy regulation In: European Data Protection Law Review, vol. 2017, no. 3, pp. 353-368, 2017. @article{Borgesius2017b,
title = {Tracking walls, take-it-or-leave-it choices, the GDPR, and the ePrivacy regulation},
author = {Zuiderveen Borgesius, F. and Kruikemeier, S. and Boerman, S.C. and Helberger, N.},
url = {https://www.ivir.nl/publicaties/download/EDPL_2017_03.pdf},
doi = {https://doi.org/10.21552/edpl/2017/3/9},
year = {2017},
date = {2017-10-19},
journal = {European Data Protection Law Review},
volume = {2017},
number = {3},
pages = {353-368},
abstract = {On the internet, we encounter take-it-or-leave-it choices regarding our privacy on a daily basis. In Europe, online tracking for targeted advertising generally requires the internet users’ consent to be lawful. Some websites use a tracking wall, a barrier that visitors can only pass if they consent to tracking by third parties. When confronted with such a tracking wall, many people click ‘I agree’ to tracking. A survey that we conducted shows that most people find tracking walls unfair and unacceptable. We analyse under which conditions the ePrivacy Directive and the General Data Protection Regulation allow tracking walls. We provide a list of circumstances to assess when a tracking wall makes consent invalid. We also explore how the EU lawmaker could regulate tracking walls, for instance in the ePrivacy Regulation. It should be seriously considered to ban tracking walls, at least in certain circumstances.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
On the internet, we encounter take-it-or-leave-it choices regarding our privacy on a daily basis. In Europe, online tracking for targeted advertising generally requires the internet users’ consent to be lawful. Some websites use a tracking wall, a barrier that visitors can only pass if they consent to tracking by third parties. When confronted with such a tracking wall, many people click ‘I agree’ to tracking. A survey that we conducted shows that most people find tracking walls unfair and unacceptable. We analyse under which conditions the ePrivacy Directive and the General Data Protection Regulation allow tracking walls. We provide a list of circumstances to assess when a tracking wall makes consent invalid. We also explore how the EU lawmaker could regulate tracking walls, for instance in the ePrivacy Regulation. It should be seriously considered to ban tracking walls, at least in certain circumstances. |
Helberger, N., Reyna, A., Zuiderveen Borgesius, F. The perfect match? A closer look at the relationship between EU consumer law and data protection law In: Common Market Law Review, vol. 2017, no. 5, pp. 1427-1466, 2017. @article{Helberger2017b,
title = {The perfect match? A closer look at the relationship between EU consumer law and data protection law},
author = {Helberger, N. and Zuiderveen Borgesius, F. and Reyna, A. },
url = {https://www.ivir.nl/publicaties/download/CMLR_2017_5.pdf},
year = {2017},
date = {2017-10-06},
journal = {Common Market Law Review},
volume = {2017},
number = {5},
pages = {1427-1466},
abstract = {In modern markets, many companies offer so-called “free” services and monetize consumer data they collect through those services. This paper argues that consumer law and data protection law can usefully complement each other. Data protection law can also inform the interpretation of consumer law. Using consumer rights, consumers should be able to challenge excessive collection of their personal data. Consumer organizations have used consumer law to tackle data protection infringements. The interplay of data protection law and consumer protection law provides exciting opportunities for a more integrated vision on “data consumer law”.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
In modern markets, many companies offer so-called “free” services and monetize consumer data they collect through those services. This paper argues that consumer law and data protection law can usefully complement each other. Data protection law can also inform the interpretation of consumer law. Using consumer rights, consumers should be able to challenge excessive collection of their personal data. Consumer organizations have used consumer law to tackle data protection infringements. The interplay of data protection law and consumer protection law provides exciting opportunities for a more integrated vision on “data consumer law”. |
Poort, J., Zuiderveen Borgesius, F. Online Price Discrimination and EU Data Privacy Law In: Journal of Consumer Policy, vol. 2017, 2017. @article{Borgesius2017b,
title = {Online Price Discrimination and EU Data Privacy Law},
author = {Zuiderveen Borgesius, F. and Poort, J.},
url = {https://www.ivir.nl/publicaties/download/JCP_2017.pdf},
doi = {DOI 10.1007/s10603-017-9354-z},
year = {2017},
date = {2017-07-25},
journal = {Journal of Consumer Policy},
volume = {2017},
abstract = {Online shops could offer each website customer a different price. Such personalized pricing can lead to advanced forms of price discrimination based on individual characteristics of consumers, which may be provided, obtained, or assumed. An online shop can recognize customers, for instance through cookies, and categorize them as price-sensitive or price-insensitive. Subsequently, it can charge (presumed) price-insensitive people higher prices. This paper explores personalized pricing from a
legal and an economic perspective. From an economic perspective, there are valid arguments in favour of price discrimination, but its effect on total consumer welfare is ambiguous. Irrespectively, many people regard personalized pricing as unfair or
manipulative. The paper analyses how this dislike of personalized pricing may be linked to economic analysis and to other norms or values. Next, the paper examines whether European data protection law applies to personalized pricing. Data protection law applies if personal data are processed, and this paper argues that that is generally the case when prices are personalized. Data protection law requires companies to be transparent about the purpose of personal data processing, which implies that they must inform customers if they personalize prices. Subsequently, consumers have to give consent. If enforced, data protection law could thereby play a significant role in mitigating any adverse effects of personalized pricing. It could help to unearth how prevalent personalized pricing is and how people respond to transparency about it. },
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Online shops could offer each website customer a different price. Such personalized pricing can lead to advanced forms of price discrimination based on individual characteristics of consumers, which may be provided, obtained, or assumed. An online shop can recognize customers, for instance through cookies, and categorize them as price-sensitive or price-insensitive. Subsequently, it can charge (presumed) price-insensitive people higher prices. This paper explores personalized pricing from a
legal and an economic perspective. From an economic perspective, there are valid arguments in favour of price discrimination, but its effect on total consumer welfare is ambiguous. Irrespectively, many people regard personalized pricing as unfair or
manipulative. The paper analyses how this dislike of personalized pricing may be linked to economic analysis and to other norms or values. Next, the paper examines whether European data protection law applies to personalized pricing. Data protection law applies if personal data are processed, and this paper argues that that is generally the case when prices are personalized. Data protection law requires companies to be transparent about the purpose of personal data processing, which implies that they must inform customers if they personalize prices. Subsequently, consumers have to give consent. If enforced, data protection law could thereby play a significant role in mitigating any adverse effects of personalized pricing. It could help to unearth how prevalent personalized pricing is and how people respond to transparency about it. |
Kulk, S., Zuiderveen Borgesius, F. Annotatie bij Hoge Raad 24 februari 2017 (X / Google Netherlands) In: Computerrecht, vol. 2017, no. 3, pp. 167-169, 2017. @article{Borgesius2017b,
title = {Annotatie bij Hoge Raad 24 februari 2017 (X / Google Netherlands)},
author = {Zuiderveen Borgesius, F. and Kulk, S.},
url = {https://www.ivir.nl/publicaties/download/Annotatie_Computerrecht_2017_3.pdf},
year = {2017},
date = {2017-06-29},
journal = {Computerrecht},
volume = {2017},
number = {3},
pages = {167-169},
abstract = {In zijn arrest laat de Hoge Raad zich uit over hoe de rechten op privacy en gegevensbescherming zich verhouden tot het recht op vrijheid van meningsuiting.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
In zijn arrest laat de Hoge Raad zich uit over hoe de rechten op privacy en gegevensbescherming zich verhouden tot het recht op vrijheid van meningsuiting. |
Arnbak, A., Zuiderveen Borgesius, F. Video of expert meeting at the Dutch Senate on privacy 2017. @online{Arnbak2017,
title = {Video of expert meeting at the Dutch Senate on privacy},
author = {Arnbak, A. and Zuiderveen Borgesius, F.},
url = {https://youtu.be/NQCO33RMYgc },
year = {2017},
date = {2017-06-22},
abstract = {On 20 June 2017, Axel Arnbak and Frederik Zuiderveen Borgesius spoke at the Dutch Senate (Eerste Kamer) at an Expert Meeting on Privacy.
The meeting focused on two bills, 'Computercriminaliteit III' (Computer Crime III, concerning, among other things, hacking by the police) and 'Vastleggen en bewaren kentekengegevens door politie' (on the use of automatic number plate recognition cameras by the police).
},
keywords = {},
pubstate = {published},
tppubtype = {online}
}
On 20 June 2017, Axel Arnbak and Frederik Zuiderveen Borgesius spoke at the Dutch Senate (Eerste Kamer) at an Expert Meeting on Privacy.
The meeting focused on two bills, 'Computercriminaliteit III' (Computer Crime III, concerning, among other things, hacking by the police) and 'Vastleggen en bewaren kentekengegevens door politie' (on the use of automatic number plate recognition cameras by the police).
|
Fahy, R., Irion, K., Rozendaal, M., van Hoboken, J., Zuiderveen Borgesius, F. An Assessment of the Commission's Proposal on Privacy and Electronic Communications 2017, ISBN: 9789284611010. @misc{Borgesius2017b,
title = {An Assessment of the Commission's Proposal on Privacy and Electronic Communications},
author = {Zuiderveen Borgesius, F. and van Hoboken, J. and Fahy, R. and Irion, K. and Rozendaal, M.},
url = {https://www.ivir.nl/publicaties/download/IPOL_STU2017583152_EN.pdf},
doi = {10.2861/614076},
isbn = {9789284611010},
year = {2017},
date = {2017-06-15},
abstract = {This study, commissioned by the European Parliament’s Policy Department for Citizens’ Rights and Constitutional Affairs at the request of the LIBE Committee, appraises the European Commission’s proposal for an ePrivacy Regulation. The study assesses whether the proposal would ensure that the right to the protection of personal data, the right to respect for private life and communications, and related rights enjoy a high standard of protection. The study also highlights the proposal’s potential benefits and drawbacks more generally.},
keywords = {},
pubstate = {published},
tppubtype = {misc}
}
This study, commissioned by the European Parliament’s Policy Department for Citizens’ Rights and Constitutional Affairs at the request of the LIBE Committee, appraises the European Commission’s proposal for an ePrivacy Regulation. The study assesses whether the proposal would ensure that the right to the protection of personal data, the right to respect for private life and communications, and related rights enjoy a high standard of protection. The study also highlights the proposal’s potential benefits and drawbacks more generally. |
Bodó, B., Bol, N., Es, B. van, Helberger, N., Irion, K., Möller, J., Velde, B. van de, Vreese, C.H. de, Zuiderveen Borgesius, F. Tackling the Alggorithmic Control Crisis - the Technical, Legal, and Ethical Challenges of Research into Algorithmic Agents In: Yale Journal of Law & Technology, vol. 19, pp. 133-180, 2017. @article{Bod\'{o}2017,
title = {Tackling the Alggorithmic Control Crisis - the Technical, Legal, and Ethical Challenges of Research into Algorithmic Agents},
author = {Bod\'{o}, B. and Helberger, N. and Irion, K. and Zuiderveen Borgesius, F. and M\"{o}ller, J. and Velde, B. van de and Bol, N. and Es, B. van and Vreese, C.H. de},
url = {https://www.ivir.nl/publicaties/download/YJLT_2017.pdf},
year = {2017},
date = {2017-06-07},
journal = {Yale Journal of Law \& Technology},
volume = {19},
pages = {133-180},
abstract = {Algorithmic agents permeate every instant of our online existence. Based on our digital profiles built from the massive surveillance of our digital existence, algorithmic agents rank search results, filter our emails, hide and show news items on social networks feeds, try to guess what products we might buy next for ourselves and for others, what movies we want to watch, and when we might be pregnant. Algorithmic agents select, filter, and recommend products, information, and people; they increasingly customize our physical environments, including the temperature and the mood. Increasingly, algorithmic agents don’t just select from the range of human created alternatives, but also they create. Burgeoning algorithmic agents are capable of providing us with content made just for us, and engage with us through one-of-a-kind, personalized interactions. Studying these algorithmic agents presents a host of methodological, ethical, and logistical challenges.
The objectives of our paper are two-fold. The first aim is to describe one possible approach to researching the individual and societal effects of algorithmic recommenders, and to share our experiences with the academic community. The second is to contribute to a more fundamental discussion about the ethical and legal issues of “tracking the trackers”, as well as the costs and trade-offs involved. Our paper will contribute to the discussion on the relative merits, costs and benefits of different approaches to ethically and legally sound research on algorithmic governance. We will argue that besides shedding light on how users interact with algorithmic agents, we also need to be able to understand how different methods of monitoring our algorithmically controlled digital environments compare to each other in terms of costs and benefits. We conclude our article with a number of concrete suggestions for how to address the practical, ethical and legal
challenges of researching algorithms and their effects on users and society.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Algorithmic agents permeate every instant of our online existence. Based on our digital profiles built from the massive surveillance of our digital existence, algorithmic agents rank search results, filter our emails, hide and show news items on social networks feeds, try to guess what products we might buy next for ourselves and for others, what movies we want to watch, and when we might be pregnant. Algorithmic agents select, filter, and recommend products, information, and people; they increasingly customize our physical environments, including the temperature and the mood. Increasingly, algorithmic agents don’t just select from the range of human created alternatives, but also they create. Burgeoning algorithmic agents are capable of providing us with content made just for us, and engage with us through one-of-a-kind, personalized interactions. Studying these algorithmic agents presents a host of methodological, ethical, and logistical challenges.
The objectives of our paper are two-fold. The first aim is to describe one possible approach to researching the individual and societal effects of algorithmic recommenders, and to share our experiences with the academic community. The second is to contribute to a more fundamental discussion about the ethical and legal issues of “tracking the trackers”, as well as the costs and trade-offs involved. Our paper will contribute to the discussion on the relative merits, costs and benefits of different approaches to ethically and legally sound research on algorithmic governance. We will argue that besides shedding light on how users interact with algorithmic agents, we also need to be able to understand how different methods of monitoring our algorithmically controlled digital environments compare to each other in terms of costs and benefits. We conclude our article with a number of concrete suggestions for how to address the practical, ethical and legal
challenges of researching algorithms and their effects on users and society. |
Kulk, S., Zuiderveen Borgesius, F. Privacy, Freedom of Expression, and the Right to Be Forgotten in Europe In: forthcoming in J. Polonetsky, O. Tene, E. Selinger (ed.), Cambridge Handbook of Consumer Privacy, 2017, 2017, (Forthcoming in J. Polonetsky, O. Tene, E. Selinger (ed.), Cambridge Handbook of Consumer Privacy, Cambridge University Press 2017). @inbook{Kulk2017,
title = {Privacy, Freedom of Expression, and the Right to Be Forgotten in Europe},
author = {Kulk, S. and Zuiderveen Borgesius, F.},
url = {https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2923722},
year = {2017},
date = {2017-03-02},
booktitle = {forthcoming in J. Polonetsky, O. Tene, E. Selinger (ed.), Cambridge Handbook of Consumer Privacy, 2017},
abstract = {In this chapter we discuss the relation between privacy and freedom of expression in Europe. In principle, the two rights have equal weight in Europe \textendash which right prevails depends on the circumstances of a case. We use the Google Spain judgment of the Court of Justice of the European Union, sometimes called the ‘right to be forgotten’ judgment, to illustrate the difficulties when balancing the two rights. The court decided in Google Spain that people have, under certain conditions, the right to have search results for their name delisted. We discuss how Google and Data Protection Authorities deal with such delisting requests in practice. Delisting requests illustrate that balancing privacy and freedom of expression interests will always remain difficult.},
note = {Forthcoming in J. Polonetsky, O. Tene, E. Selinger (ed.), Cambridge Handbook of Consumer Privacy, Cambridge University Press 2017},
keywords = {},
pubstate = {published},
tppubtype = {inbook}
}
In this chapter we discuss the relation between privacy and freedom of expression in Europe. In principle, the two rights have equal weight in Europe – which right prevails depends on the circumstances of a case. We use the Google Spain judgment of the Court of Justice of the European Union, sometimes called the ‘right to be forgotten’ judgment, to illustrate the difficulties when balancing the two rights. The court decided in Google Spain that people have, under certain conditions, the right to have search results for their name delisted. We discuss how Google and Data Protection Authorities deal with such delisting requests in practice. Delisting requests illustrate that balancing privacy and freedom of expression interests will always remain difficult. |
Zuiderveen Borgesius, F. Het 'right to be forgotten' en bijzondere persoonsgegevens In: Computerrecht, no. 4, pp. 220-225, 2017. @article{Borgesius2017,
title = {Het 'right to be forgotten' en bijzondere persoonsgegevens},
author = {Zuiderveen Borgesius, F.},
url = {https://www.ivir.nl/publicaties/download/Computerrecht_2016_4.pdf},
year = {2017},
date = {2017-02-03},
journal = {Computerrecht},
number = {4},
pages = {220-225},
abstract = {Een advocaat heeft een ‘right to be forgotten’-verzoek gedaan bij Google, met betrekking tot een blogpost
over een strafrechtelijke veroordeling van de advocaat in het buitenland. De Rechtbank Rotterdam heeft beslist dat Google niet meer naar de blogpost mag verwijzen als mensen zoeken op de naam van de advocaat. De rechtbank wees het verwijderingsverzoek toe omdat de blogpost een strafrechtelijke veroordeling betreft: een bijzonder persoonsgegeven. De redenering van de rechtbank over bijzondere persoonsgegevens leidt tot problemen voor de vrijheid van meningsuiting. Deze bijdrage verkent hoe die problemen verkleind kunnen worden. },
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Een advocaat heeft een ‘right to be forgotten’-verzoek gedaan bij Google, met betrekking tot een blogpost
over een strafrechtelijke veroordeling van de advocaat in het buitenland. De Rechtbank Rotterdam heeft beslist dat Google niet meer naar de blogpost mag verwijzen als mensen zoeken op de naam van de advocaat. De rechtbank wees het verwijderingsverzoek toe omdat de blogpost een strafrechtelijke veroordeling betreft: een bijzonder persoonsgegeven. De redenering van de rechtbank over bijzondere persoonsgegevens leidt tot problemen voor de vrijheid van meningsuiting. Deze bijdrage verkent hoe die problemen verkleind kunnen worden. |
Bodó, B., Eskens, S., Helberger, N., Möller, J., Trilling, D., Vreese, C.H. de, Zuiderveen Borgesius, F. Algoritmische verzuiling en filter bubbles: een bedreiging voor de democratie? In: Computerrecht, vol. 2016, no. 5, pp. 255-262, 2016. @article{Borgesius2016b,
title = {Algoritmische verzuiling en filter bubbles: een bedreiging voor de democratie?},
author = {Zuiderveen Borgesius, F. and Trilling, D. and M\"{o}ller, J. and Eskens, S. and Bod\'{o}, B. and Vreese, C.H. de and Helberger, N.},
url = {https://www.ivir.nl/publicaties/download/Computerrecht_2016_5.pdf},
year = {2016},
date = {2016-10-03},
journal = {Computerrecht},
volume = {2016},
number = {5},
pages = {255-262},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
|
Zuiderveen Borgesius, F. Privacy van consumenten 2016. @misc{,
title = {Privacy van consumenten},
author = {F.J. Zuiderveen Borgesius},
url = {http://www.ivir.nl/publicaties/download/1797},
year = {2016},
date = {2016-06-23},
note = {
In: Handboek consumentenrecht: een overzicht van de rechtspositie van de consument, E.H. Hondius \& G.J. Rijken (red.), Zutphen: Paris 2015, p. 483-497.
},
keywords = {},
pubstate = {published},
tppubtype = {misc}
}
|
Zuiderveen Borgesius, F. Access to Personal Data and the Right to Good Governance during Asylum Procedures after the CJEU's YS. and M. and S. judgment (C-141/12 and C-372/12) In: European Journal of Migration and Law, no. 2-3, pp. 259-272., 2016. @article{,
title = {Access to Personal Data and the Right to Good Governance during Asylum Procedures after the CJEU's YS. and M. and S. judgment (C-141/12 and C-372/12)},
author = {F.J. Zuiderveen Borgesius},
url = {http://www.ivir.nl/publicaties/download/1793},
year = {2016},
date = {2016-06-14},
journal = {European Journal of Migration and Law},
number = {2-3},
pages = {259-272.},
abstract = {
In the YS. and M. and S. judgment, the Court of Justice of the European Union ruled on three procedures in which Dutch judges asked for clarification on the right of asylum seekers to have access to the documents regarding the decision on asylum applications. The judgment is relevant for interpreting the concept of personal data and the scope of the right of access under the Data Protection Directive, and the right to good administration in the EU Charter of Fundamental Rights. At first glance, the judgment seems disappointing from the viewpoint of individual rights. Nevertheless, in our view the judgment provides sufficient grounds for effective access rights to the minutes in future asylum cases.
},
note = {
Case report.
},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
In the YS. and M. and S. judgment, the Court of Justice of the European Union ruled on three procedures in which Dutch judges asked for clarification on the right of asylum seekers to have access to the documents regarding the decision on asylum applications. The judgment is relevant for interpreting the concept of personal data and the scope of the right of access under the Data Protection Directive, and the right to good administration in the EU Charter of Fundamental Rights. At first glance, the judgment seems disappointing from the viewpoint of individual rights. Nevertheless, in our view the judgment provides sufficient grounds for effective access rights to the minutes in future asylum cases.
|
Zuiderveen Borgesius, F. Inzage in de minuten van de asielprocedure: persoonsgegevens of geen persoonsgegevens? HvJEU, Y.S. en M. en S. tegen Minister voor Immigratie, Integratie en Asiel (C-141/12 en C-373/12) In: Asiel en Migrantenrecht, no. 7, 2016. @article{,
title = {Inzage in de minuten van de asielprocedure: persoonsgegevens of geen persoonsgegevens? HvJEU, Y.S. en M. en S. tegen Minister voor Immigratie, Integratie en Asiel (C-141/12 en C-373/12)},
author = {Zuiderveen Borgesius, F.},
url = {http://www.ivir.nl/publicaties/download/1794},
year = {2016},
date = {2016-06-14},
journal = {Asiel en Migrantenrecht},
number = {7},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
|
Zuiderveen Borgesius, F. Informed Consent. We Can Do Better to Defend Privacy In: IEEE Security & Privacy, no. 2, pp. 103-107., 2016, (
Informed consent as a means to protect privacy is flawed, especially when considering the privacy problems of behavioral targeting. Policymakers should pay more attention to a combined approach that both protects and empowers individuals.
). @article{,
title = {Informed Consent. We Can Do Better to Defend Privacy},
author = {Zuiderveen Borgesius, F.},
url = {http://www.ivir.nl/publicaties/download/1795},
year = {2016},
date = {2016-06-14},
journal = {IEEE Security \& Privacy},
number = {2},
pages = {103-107.},
note = {
Informed consent as a means to protect privacy is flawed, especially when considering the privacy problems of behavioral targeting. Policymakers should pay more attention to a combined approach that both protects and empowers individuals.
},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
|
Zuiderveen Borgesius, F. Mensen aanwijzen maar niet bij naam noemen: behavioural targeting, persoonsgegevens en de nieuwe Privacyverordening In: Tijdschrift voor Consumentenrecht en handelspraktijken, no. 2, pp. 54-66., 2016. @article{,
title = {Mensen aanwijzen maar niet bij naam noemen: behavioural targeting, persoonsgegevens en de nieuwe Privacyverordening},
author = {Zuiderveen Borgesius, F.},
url = {https://www.ivir.nl/publicaties/download/TvCH_2016_2.pdf},
year = {2016},
date = {2016-06-09},
journal = {Tijdschrift voor Consumentenrecht en handelspraktijken},
number = {2},
pages = {54-66.},
abstract = { In Europa is het gegevensbeschermingsrecht het belangrijkste juridische instrument om privacy te beschermen en een behoorlijke omgang met persoonsgegevens te bevorderen. Het gegevensbeschermingsrecht is alleen van toepassing als ‘persoonsgegevens’ verwerkt worden. Er is veel discussie over de vraag of het gegevensbeschermingsrecht van toepassing is als bedrijven gegevens over mensen verwerken maar daar geen naam aan koppelen. Zulke gegevens worden bijvoorbeeld gebruikt voor behavioural targeting. Bij deze marketingtechniek, een vorm van gepersonaliseerde communicatie, volgen bedrijven het gedrag van mensen op het internet, en gebruiken ze de verzamelde informatie om mensen gerichte advertenties te tonen. Deze bijdrage analyseert de discussie over de reikwijdte van het begrip ‘persoonsgegeven’, en trekt twee conclusies. Ten eerste blijkt uit een analyse van het geldende recht, in ieder geval volgens de interpretatie van de Europese privacytoezichthouders, dat de regels voor persoonsgegevens doorgaans van toepassing zijn op behavioural targeting. Ten tweede zouden die regels ook vanuit een normatief perspectief van toepassing moeten zijn.
},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
In Europa is het gegevensbeschermingsrecht het belangrijkste juridische instrument om privacy te beschermen en een behoorlijke omgang met persoonsgegevens te bevorderen. Het gegevensbeschermingsrecht is alleen van toepassing als ‘persoonsgegevens’ verwerkt worden. Er is veel discussie over de vraag of het gegevensbeschermingsrecht van toepassing is als bedrijven gegevens over mensen verwerken maar daar geen naam aan koppelen. Zulke gegevens worden bijvoorbeeld gebruikt voor behavioural targeting. Bij deze marketingtechniek, een vorm van gepersonaliseerde communicatie, volgen bedrijven het gedrag van mensen op het internet, en gebruiken ze de verzamelde informatie om mensen gerichte advertenties te tonen. Deze bijdrage analyseert de discussie over de reikwijdte van het begrip ‘persoonsgegeven’, en trekt twee conclusies. Ten eerste blijkt uit een analyse van het geldende recht, in ieder geval volgens de interpretatie van de Europese privacytoezichthouders, dat de regels voor persoonsgegevens doorgaans van toepassing zijn op behavioural targeting. Ten tweede zouden die regels ook vanuit een normatief perspectief van toepassing moeten zijn.
|
Zuiderveen Borgesius, F. Op zoek naar de risicoburger 2016. @periodical{,
title = {Op zoek naar de risicoburger},
author = {F.J. Zuiderveen Borgesius},
url = {http://www.ivir.nl/publicaties/download/1782},
year = {2016},
date = {2016-05-27},
abstract = {
Om afwijkend gedrag bij burgers te herkennen, koppelt de overheid allerlei gegevens uit haar databases en laat er analyses op los. Wat betekent dat voor de relatie tussen burger en die overheid?
},
note = {
Trouw, De Verdieping, 27 mei 2016, p. 2.
},
keywords = {},
pubstate = {published},
tppubtype = {periodical}
}
Om afwijkend gedrag bij burgers te herkennen, koppelt de overheid allerlei gegevens uit haar databases en laat er analyses op los. Wat betekent dat voor de relatie tussen burger en die overheid?
|
Bodó, B., Helberger, N., Möller, J., Trilling, D., Vreese, C.H. de, Zuiderveen Borgesius, F. Should we worry about filter bubbles? In: Internet Policy Review, vol. 5, no. 1, 2016. @article{Borgesius2016,
title = {Should we worry about filter bubbles?},
author = {Zuiderveen Borgesius, F. and Trilling, D. and Moller, J. and Bod\'{o}, B. and Vreese, C.H. de and Helberger, N.},
url = {http://policyreview.info/node/401/pdf},
doi = {10.14763/2016.1.401},
year = {2016},
date = {2016-04-01},
journal = {Internet Policy Review},
volume = {5},
number = {1},
abstract = {
Some fear that personalised communication can lead to information cocoons or filter bubbles. For instance, a personalised news website could give more prominence to conservative or liberal media items, based on the (assumed) political interests of the user. As a result, users may encounter only a limited range of political ideas. We synthesise empirical research on the extent and effects of self-selected personalisation, where people actively choose which content they receive, and pre-selected personalisation, where algorithms personalise content for users without any deliberate user choice. We conclude that at present there is little empirical evidence that warrants any worries about filter bubbles.
},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Some fear that personalised communication can lead to information cocoons or filter bubbles. For instance, a personalised news website could give more prominence to conservative or liberal media items, based on the (assumed) political interests of the user. As a result, users may encounter only a limited range of political ideas. We synthesise empirical research on the extent and effects of self-selected personalisation, where people actively choose which content they receive, and pre-selected personalisation, where algorithms personalise content for users without any deliberate user choice. We conclude that at present there is little empirical evidence that warrants any worries about filter bubbles.
|
Zuiderveen Borgesius, F. Singling out people without knowing their names - Behavioural targeting, pseudonymous data, and the new data protection regulation In: Computer Law & Security Review, no. 2, pp. 256-271., 2016. @article{,
title = {Singling out people without knowing their names - Behavioural targeting, pseudonymous data, and the new data protection regulation},
author = {Zuiderveen Borgesius, F.},
url = {http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2733115},
year = {2016},
date = {2016-02-23},
journal = {Computer Law \& Security Review},
number = {2},
pages = {256-271.},
abstract = {
Information about millions of people is collected for behavioural targeting, a type of marketing that involves tracking people’s online behaviour for targeted advertising. It is hotly debated whether data protection law applies to behavioural targeting. Many behavioural targeting companies say that, as long as they do not tie names to data they hold about individuals, they do not process any personal data, and that, therefore, data protection law does not apply to them. European Data Protection Authorities, however, take the view that a company processes personal data if it uses data to single out a person, even if it cannot tie a name to these data. This paper argues that data protection law should indeed apply to behavioural targeting. Companies can often tie a name to nameless data about individuals. Furthermore, behavioural targeting relies on collecting information about individuals, singling out individuals, and targeting ads to individuals. Many privacy risks remain, regardless of whether companies tie a name to the information they hold about a person. A name is merely one of the identifiers that can be tied to data about a person, and it is not even the most practical identifier for behavioural targeting. Seeing data used to single out a person as personal data fits the rationale for data protection law: protecting fairness and privacy.
},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Information about millions of people is collected for behavioural targeting, a type of marketing that involves tracking people’s online behaviour for targeted advertising. It is hotly debated whether data protection law applies to behavioural targeting. Many behavioural targeting companies say that, as long as they do not tie names to data they hold about individuals, they do not process any personal data, and that, therefore, data protection law does not apply to them. European Data Protection Authorities, however, take the view that a company processes personal data if it uses data to single out a person, even if it cannot tie a name to these data. This paper argues that data protection law should indeed apply to behavioural targeting. Companies can often tie a name to nameless data about individuals. Furthermore, behavioural targeting relies on collecting information about individuals, singling out individuals, and targeting ads to individuals. Many privacy risks remain, regardless of whether companies tie a name to the information they hold about a person. A name is merely one of the identifiers that can be tied to data about a person, and it is not even the most practical identifier for behavioural targeting. Seeing data used to single out a person as personal data fits the rationale for data protection law: protecting fairness and privacy.
|
van Hoboken, J., Zuiderveen Borgesius, F. Scoping Electronic Communication Privacy Rules: Data, Services and Values In: JIPITEC, no. 3, pp. 198-210., 2016. @article{,
title = {Scoping Electronic Communication Privacy Rules: Data, Services and Values},
author = {van Hoboken, J. and Zuiderveen Borgesius, F.},
url = {http://www.ivir.nl/publicaties/download/1721.pdf},
year = {2016},
date = {2016-01-19},
journal = {JIPITEC},
number = {3},
pages = {198-210.},
abstract = {
We use electronic communication networks for more than simply traditional telecommunications: we access the news, buy goods online, file our taxes, contribute to public debate, and more. As a result, a wider array of privacy interests is implicated for users of electronic communications networks and services. . This development calls into question the scope of electronic communications privacy rules. This paper analyses the scope of these rules, taking into account the rationale and the historic background of the European electronic communications privacy framework. We develop a framework for analysing the scope of electronic communications privacy rules using three approaches: (i) a service-centric approach, (ii) a data-centric approach, and (iii) a value-centric approach. We discuss the strengths and weaknesses of each approach. The current e-Privacy Directive contains a complex blend of the three approaches, which does not seem to be based on a thorough analysis of their strengths and weaknesses. The upcoming review of the directive announced by the European Commission provides an opportunity to improve the scoping of the rules.
},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
We use electronic communication networks for more than simply traditional telecommunications: we access the news, buy goods online, file our taxes, contribute to public debate, and more. As a result, a wider array of privacy interests is implicated for users of electronic communications networks and services. . This development calls into question the scope of electronic communications privacy rules. This paper analyses the scope of these rules, taking into account the rationale and the historic background of the European electronic communications privacy framework. We develop a framework for analysing the scope of electronic communications privacy rules using three approaches: (i) a service-centric approach, (ii) a data-centric approach, and (iii) a value-centric approach. We discuss the strengths and weaknesses of each approach. The current e-Privacy Directive contains a complex blend of the three approaches, which does not seem to be based on a thorough analysis of their strengths and weaknesses. The upcoming review of the directive announced by the European Commission provides an opportunity to improve the scoping of the rules.
|
van Eechoud, M., Zuiderveen Borgesius, F. Open Data, Privacy, and Fair Information Principles: Towards a Balancing Framework In: 2015. @article{,
title = {Open Data, Privacy, and Fair Information Principles: Towards a Balancing Framework},
author = {F.J. Zuiderveen Borgesius and M.M.M. van Eechoud},
url = {http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2695005},
year = {2015},
date = {2015-12-03},
abstract = {
Open data are held to contribute to a wide variety of social and political goals, including strengthening transparency, public participation and democratic accountability, promoting economic growth and innovation, and enabling greater public sector efficiency and cost savings. However, releasing government data that contain personal information may threaten privacy and related rights and interests. In this paper we ask how these privacy interests can be respected, without unduly hampering benefits from disclosing public sector information. We propose a balancing framework to help public authorities address this question in different contexts. The framework takes into account different levels of privacy risks for different types of data. It also separates decisions about access and re-use, and highlights a range of different disclosure routes. A circumstance catalogue lists factors that might be considered when assessing whether, under which conditions, and how a dataset can be released. While open data remains an important route for the publication of government information, we conclude that it is not the only route, and there must be clear and robust public interest arguments in order to justify the disclosure of personal information as open data.
},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Open data are held to contribute to a wide variety of social and political goals, including strengthening transparency, public participation and democratic accountability, promoting economic growth and innovation, and enabling greater public sector efficiency and cost savings. However, releasing government data that contain personal information may threaten privacy and related rights and interests. In this paper we ask how these privacy interests can be respected, without unduly hampering benefits from disclosing public sector information. We propose a balancing framework to help public authorities address this question in different contexts. The framework takes into account different levels of privacy risks for different types of data. It also separates decisions about access and re-use, and highlights a range of different disclosure routes. A circumstance catalogue lists factors that might be considered when assessing whether, under which conditions, and how a dataset can be released. While open data remains an important route for the publication of government information, we conclude that it is not the only route, and there must be clear and robust public interest arguments in order to justify the disclosure of personal information as open data.
|
Arnbak, A., Zuiderveen Borgesius, F. New Data Security Requirements and the Proceduralization of Mass Surveillance Law after the European Data Retention Case In: 2015. @article{,
title = {New Data Security Requirements and the Proceduralization of Mass Surveillance Law after the European Data Retention Case},
author = {F.J. Zuiderveen Borgesius and A.M. Arnbak},
url = {http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2678860},
year = {2015},
date = {2015-10-27},
abstract = {
This paper discusses the regulation of mass metadata surveillance in Europe through the lens of the landmark judgment in which the Court of Justice of the European Union struck down the Data Retention Directive. The controversial directive obliged telecom and Internet access providers in Europe to retain metadata of all their customers for intelligence and law enforcement purposes, for a period of up to two years. In the ruling, the Court declared the directive in violation of the human rights to privacy and data protection. The Court also confirmed that the mere collection of metadata interferes with the human right to privacy. In addition, the Court developed three new criteria for assessing the level of data security required from a human rights perspective: security measures should take into account the risk of unlawful access to data, and the data\’s quantity and sensitivity. While organizations that campaigned against the directive have welcomed the ruling, we warn for the risk of proceduralization of mass surveillance law. The Court did not fully condemn mass surveillance that relies on metadata, but left open the possibility of mass surveillance if policymakers lay down sufficient procedural safeguards. Such proceduralization brings systematic risks for human rights. Government agencies, with ample resources, can design complicated systems of procedural oversight for mass surveillance - and claim that mass surveillance is lawful, even if it affects millions of innocent people.
},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
This paper discusses the regulation of mass metadata surveillance in Europe through the lens of the landmark judgment in which the Court of Justice of the European Union struck down the Data Retention Directive. The controversial directive obliged telecom and Internet access providers in Europe to retain metadata of all their customers for intelligence and law enforcement purposes, for a period of up to two years. In the ruling, the Court declared the directive in violation of the human rights to privacy and data protection. The Court also confirmed that the mere collection of metadata interferes with the human right to privacy. In addition, the Court developed three new criteria for assessing the level of data security required from a human rights perspective: security measures should take into account the risk of unlawful access to data, and the data’s quantity and sensitivity. While organizations that campaigned against the directive have welcomed the ruling, we warn for the risk of proceduralization of mass surveillance law. The Court did not fully condemn mass surveillance that relies on metadata, but left open the possibility of mass surveillance if policymakers lay down sufficient procedural safeguards. Such proceduralization brings systematic risks for human rights. Government agencies, with ample resources, can design complicated systems of procedural oversight for mass surveillance – and claim that mass surveillance is lawful, even if it affects millions of innocent people.
|
Zuiderveen Borgesius, F. Freedom of Expression and 'Right to Be Forgotten' Cases in the Netherlands after Google Spain In: European Data Protection Law Review, no. 2, pp. 113-125., 2015. @article{,
title = {Freedom of Expression and 'Right to Be Forgotten' Cases in the Netherlands after Google Spain},
author = {F.J. Zuiderveen Borgesius},
url = {http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2652171},
year = {2015},
date = {2015-09-17},
journal = {European Data Protection Law Review},
number = {2},
pages = {113-125.},
abstract = {
Since the Google Spain judgment of the Court of Justice of the European Union, Europeans have, under certain conditions, the right to have search results for their name delisted. This paper examines how the Google Spain judgment has been applied in the Netherlands. Since the Google Spain judgment, Dutch courts have decided on two cases regarding delisting requests. In both cases, the Dutch courts considered freedom of expression aspects of delisting more thoroughly than the Court of Justice. However, the effect of the Google Spain judgment on freedom of expression is difficult to assess, as search engine operators decide about most delisting requests without disclosing much about their decisions.
},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Since the Google Spain judgment of the Court of Justice of the European Union, Europeans have, under certain conditions, the right to have search results for their name delisted. This paper examines how the Google Spain judgment has been applied in the Netherlands. Since the Google Spain judgment, Dutch courts have decided on two cases regarding delisting requests. In both cases, the Dutch courts considered freedom of expression aspects of delisting more thoroughly than the Court of Justice. However, the effect of the Google Spain judgment on freedom of expression is difficult to assess, as search engine operators decide about most delisting requests without disclosing much about their decisions.
|
Zuiderveen Borgesius, F. Online Price Discrimination and Data Protection Law In: 2015. @article{,
title = {Online Price Discrimination and Data Protection Law},
author = {F.J. Zuiderveen Borgesius},
url = {http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2652665},
year = {2015},
date = {2015-09-01},
abstract = {
Online shops can offer each website customer a different price - a practice called first degree price discrimination, or personalised pricing. An online shop can recognise a customer, for instance through a cookie, and categorise the customer as a rich or a poor person. The shop could, for instance, charge rich people higher prices. From an economic perspective, there are good arguments in favour of price discrimination. But many regard price discrimination as unfair or manipulative. This paper examines whether European data protection law applies to personalised pricing. Data protection law applies if personal data are processed. This paper argues that personalised pricing generally entails the processing of personal data. Therefore, data protection law generally applies to personalised pricing. That conclusion has several implications. For instance, data protection law requires a company to inform people about the purpose of processing their personal data. A company must inform customers if it personalises prices.
},
note = {
Forthcoming as a conference paper for the Amsterdam Privacy Conference 23-26 October 2015.
},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Online shops can offer each website customer a different price – a practice called first degree price discrimination, or personalised pricing. An online shop can recognise a customer, for instance through a cookie, and categorise the customer as a rich or a poor person. The shop could, for instance, charge rich people higher prices. From an economic perspective, there are good arguments in favour of price discrimination. But many regard price discrimination as unfair or manipulative. This paper examines whether European data protection law applies to personalised pricing. Data protection law applies if personal data are processed. This paper argues that personalised pricing generally entails the processing of personal data. Therefore, data protection law generally applies to personalised pricing. That conclusion has several implications. For instance, data protection law requires a company to inform people about the purpose of processing their personal data. A company must inform customers if it personalises prices.
|
Zuiderveen Borgesius, F. Privacy van consumenten 2015. @misc{,
title = {Privacy van consumenten},
author = {F.J. Zuiderveen Borgesius},
url = {http://www.ivir.nl/publicaties/download/1589.pdf},
year = {2015},
date = {2015-07-17},
note = {
Hoofdstuk in: Handboek Consumentenrecht: Een overzicht van de rechtspositie van de consument, prof. mr. E.H. Hondius, mr. G.J. Rijken (red.), 2015.
ISBN 9789462510753.
},
keywords = {},
pubstate = {published},
tppubtype = {misc}
}
|
Zuiderveen Borgesius, F. Access to Personal Data and the Right to Good Governance during Asylum Procedures after the CJEU's YS and M. and S. judgment (C-141/12 and C-372/12) In: European Journal of Migration and Law, pp. 259-272., 2015, (
Case report.
). @article{,
title = {Access to Personal Data and the Right to Good Governance during Asylum Procedures after the CJEU's YS and M. and S. judgment (C-141/12 and C-372/12)},
author = {Zuiderveen Borgesius, F.},
url = {http://booksandjournals.brillonline.com/content/journals/10.1163/15718166-12342080},
year = {2015},
date = {2015-07-10},
journal = {European Journal of Migration and Law},
pages = {259-272.},
abstract = {
In the YS. and M. and S. judgment, the Court of Justice of the European Union ruled on three procedures in which Dutch judges asked for clarification on the right of asylum seekers to have access to the documents regarding the decision on asylum applications. The judgment is relevant for interpreting the concept of personal data and the scope of the right of access under the Data Protection Directive, and the right to good administration in the eu Charter of Fundamental Rights. At first glance, the judgment seems disappointing from the viewpoint of individual rights. Nevertheless, in our view the judgment provides sufficient grounds for effective access rights to the minutes in future asylum cases.
},
note = {
Case report.
},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
In the YS. and M. and S. judgment, the Court of Justice of the European Union ruled on three procedures in which Dutch judges asked for clarification on the right of asylum seekers to have access to the documents regarding the decision on asylum applications. The judgment is relevant for interpreting the concept of personal data and the scope of the right of access under the Data Protection Directive, and the right to good administration in the eu Charter of Fundamental Rights. At first glance, the judgment seems disappointing from the viewpoint of individual rights. Nevertheless, in our view the judgment provides sufficient grounds for effective access rights to the minutes in future asylum cases.
|
Zuiderveen Borgesius, F. Personal data processing for behavioural targeting: which legal basis? In: International Data Privacy Law, 2015. @article{,
title = {Personal data processing for behavioural targeting: which legal basis?},
author = {F.J. Zuiderveen Borgesius},
url = {http://idpl.oxfordjournals.org/content/early/2015/06/23/idpl.ipv011.abstract?keytype=ref\&ijkey=vlrPCGCUMXW8kAz},
year = {2015},
date = {2015-06-25},
journal = {International Data Privacy Law},
abstract = {
Key Points:
The European Union Charter of Fundamental Rights only allows personal data processing if a data controller has a legal basis for the processing.
This paper argues that, in most circumstances, the only available legal basis for the processing of personal data for behavioural targeting is the data subject\'s unambiguous consent.
Furthermore, the paper argues that the cookie consent requirement from the e-Privacy Directive does not provide a legal basis for the processing of personal data.
Therefore, even if companies could use an opt-out system to comply with the e-Privacy Directive\'s consent requirement for using a tracking cookie, they would generally have to obtain the data subject\'s unambiguous consent if they process personal data for behavioural targeting.
},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Key Points:
The European Union Charter of Fundamental Rights only allows personal data processing if a data controller has a legal basis for the processing.
This paper argues that, in most circumstances, the only available legal basis for the processing of personal data for behavioural targeting is the data subject's unambiguous consent.
Furthermore, the paper argues that the cookie consent requirement from the e-Privacy Directive does not provide a legal basis for the processing of personal data.
Therefore, even if companies could use an opt-out system to comply with the e-Privacy Directive's consent requirement for using a tracking cookie, they would generally have to obtain the data subject's unambiguous consent if they process personal data for behavioural targeting.
|
Zuiderveen Borgesius, F. Improving privacy protection in the area of behavioural targeting 2015. @book{,
title = {Improving privacy protection in the area of behavioural targeting},
author = {F.J. Zuiderveen Borgesius},
url = {http://www.kluwerlaw.com/Catalogue/titleinfo.htm?ProdID=9041159908},
year = {2015},
date = {2015-06-04},
abstract = {
This book provides you with a highly readable overview of the policy issues underlying behavioural targeting, and explains how the law could improve on privacy protection.
},
note = {
Alphen aan den Rijn, Kluwer Law International, 2015, 432 pp.
ISBN 9789041159908.
},
keywords = {},
pubstate = {published},
tppubtype = {book}
}
This book provides you with a highly readable overview of the policy issues underlying behavioural targeting, and explains how the law could improve on privacy protection.
|
Kulk, S., Zuiderveen Borgesius, F. De implicaties van het Google Spain-arrest voor de vrijheid van meningsuiting In: NJCM-Bulletin, no. 1, pp. 3-19., 2015. @article{,
title = {De implicaties van het Google Spain-arrest voor de vrijheid van meningsuiting},
author = {F.J. Zuiderveen Borgesius and S. Kulk},
url = {http://www.ivir.nl/publicaties/download/1566.pdf},
year = {2015},
date = {2015-06-04},
journal = {NJCM-Bulletin},
number = {1},
pages = {3-19.},
abstract = {
In deze bijdrage wordt het \emph{Google Spain-}arrest van het Hof van Justitie van de Europese Unie besproken, evenals de ontwikkelingen na het arrest. Centraal staat de vraag naar de gevolgen van het arrest voor de vrijheid van meningsuiting. De auteurs betogen dat het Hof onvoldoende aandacht schenkt aan de vrijheid van meningsuiting.
},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
In deze bijdrage wordt het Google Spain-arrest van het Hof van Justitie van de Europese Unie besproken, evenals de ontwikkelingen na het arrest. Centraal staat de vraag naar de gevolgen van het arrest voor de vrijheid van meningsuiting. De auteurs betogen dat het Hof onvoldoende aandacht schenkt aan de vrijheid van meningsuiting.
|
Zuiderveen Borgesius, F. Het mijnenveld van het informatierecht In: Mr., no. 5, pp. 62-67, 2015. @article{,
title = {Het mijnenveld van het informatierecht},
author = {F.J. Zuiderveen Borgesius},
url = {http://www.ivir.nl/publicaties/download/1552.pdf},
year = {2015},
date = {2015-05-12},
journal = {Mr.},
number = {5},
pages = {62-67},
abstract = {
In theorie lijkt de bescherming van persoonsgegevens op orde: internetbedrijven moeten mensen informeren over wat er met hun gegevens gebeurt, en doorgaans toestemming vragen voor ze die gegevens gebruiken. Maar in de praktijk schiet die \‘ge\ïnformeerde toestemming\’ als privacybeschermingsmaatregel tekort. Om privacy beter te beschermen moet volgens onderzoeker Frederik Borgesius de privacywetgeving beter worden nageleefd en gehandhaafd \'{e}n op de schop. Hij pleit voor een breder privacydebat. “We m\'{o}eten dat mijnenveld in.”
},
note = {
Interview.
},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
In theorie lijkt de bescherming van persoonsgegevens op orde: internetbedrijven moeten mensen informeren over wat er met hun gegevens gebeurt, en doorgaans toestemming vragen voor ze die gegevens gebruiken. Maar in de praktijk schiet die ‘geïnformeerde toestemming’ als privacybeschermingsmaatregel tekort. Om privacy beter te beschermen moet volgens onderzoeker Frederik Borgesius de privacywetgeving beter worden nageleefd en gehandhaafd én op de schop. Hij pleit voor een breder privacydebat. “We móeten dat mijnenveld in.”
|
Zuiderveen Borgesius, F. Privacybescherming online kan beter: De mythe van geïnformeerde toestemming In: Nederlands Juristenblad, no. 14, pp. 878-883., 2015. @article{,
title = {Privacybescherming online kan beter: De mythe van ge\"{i}nformeerde toestemming},
author = {F.J. Zuiderveen Borgesius},
url = {http://www.ivir.nl/publicaties/download/1536.pdf},
year = {2015},
date = {2015-04-17},
journal = {Nederlands Juristenblad},
number = {14},
pages = {878-883.},
abstract = {
De huidige privacyregels leggen veel nadruk op de ge\ïnformeerde toestemming van internetgebruikers. Met zulke toestemmingsregels probeert de wet mensen in staat te stellen om keuzes te maken in hun eigen belang. Maar inzichten uit gedragsstudies trekken de effectiviteit van deze wetgevingstactiek in twijfel. Zo klikken internetgebruikers in de praktijk \'OK\' op vrijwel elk toestemmingsverzoek dat op hun scherm verschijnt. De wet zou meer aandacht moeten geven aan de daadwerkelijke bescherming van de privacy van mensen die het internet opgaan.
},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
De huidige privacyregels leggen veel nadruk op de geïnformeerde toestemming van internetgebruikers. Met zulke toestemmingsregels probeert de wet mensen in staat te stellen om keuzes te maken in hun eigen belang. Maar inzichten uit gedragsstudies trekken de effectiviteit van deze wetgevingstactiek in twijfel. Zo klikken internetgebruikers in de praktijk 'OK' op vrijwel elk toestemmingsverzoek dat op hun scherm verschijnt. De wet zou meer aandacht moeten geven aan de daadwerkelijke bescherming van de privacy van mensen die het internet opgaan.
|
Zuiderveen Borgesius, F. Kinderen worden gevolgd op websites en in apps 2015. @misc{,
title = {Kinderen worden gevolgd op websites en in apps},
author = {F.J. Zuiderveen Borgesius},
url = {http://kassa.vara.nl/tv/afspeelpagina/fragment/kinderen-worden-gevolgd-op-websites-en-in-apps/speel/1/},
year = {2015},
date = {2015-01-08},
note = {
Frederik Borgesius te gast bij het programma Kassa over websites en apps voor kinderen. Zie ook het artikel in De Correspondent van Dimitri Tokmetzis, Dit zijn de virtuele stalkers van uw kind, waar o.a. Ot van Daalen aan het woord komt.
},
keywords = {},
pubstate = {published},
tppubtype = {misc}
}
|
Zuiderveen Borgesius, F. New Forms of Commercial Communications and Data Protection Law 2015. @misc{,
title = {New Forms of Commercial Communications and Data Protection Law},
author = {F.J. Zuiderveen Borgesius},
url = {http://www.ivir.nl/publicaties/download/1481.pdf},
year = {2015},
date = {2015-01-08},
note = {
In: New Forms of Commercial Communications in a Converged Audiovisual Sector, IRIS Special, p. 67-76.
Ook beschikbaar in het Duits en Frans.
},
keywords = {},
pubstate = {published},
tppubtype = {misc}
}
|
Zuiderveen Borgesius, F. Improving Privacy Protection in the area of Behavioural Targeting / Betere privacybescherming op het gebied van behavioural targeting In: 2014. @article{,
title = {Improving Privacy Protection in the area of Behavioural Targeting / Betere privacybescherming op het gebied van behavioural targeting},
author = {F.J. Zuiderveen Borgesius},
url = {http://www.ivir.nl/publicaties/download/1455.pdf},
year = {2014},
date = {2014-12-16},
note = {
Short summary of PhD thesis in English and Dutch.
},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
|
Kulk, S., Zuiderveen Borgesius, F. Google Spain v. González: Did the Court forget about freedom of expression? In: European Journal of Risk Regulation, no. 3, 2014. @article{,
title = {Google Spain v. Gonz\'{a}lez: Did the Court forget about freedom of expression?},
author = {F.J. Zuiderveen Borgesius and S. Kulk},
url = {http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2491486},
year = {2014},
date = {2014-10-30},
journal = {European Journal of Risk Regulation},
number = {3},
abstract = {
In this note we discuss the controversial judgment in Google Spain v. Gonz\'{a}lez of the Court of Justice of the European Union (CJEU). Our focus is on the judgment\’s implications for freedom of expression. First, the facts of the case and the CJEU\’s judgment are summarised. We then argue that the CJEU did not give enough attention to the right to freedom of expression. By seeing a search engine operator as a controller regarding the processing of personal data on third party web pages, the CJEU assigns the operator the delicate task of balancing the fundamental rights at stake. However, such an operator may not be the most appropriate party to balance the rights of all involved parties, in particular in cases where such a balance is hard to strike. Furthermore, it is a departure from human rights doctrine that according to the CJEU privacy and data protection rights override, “as a rule”, the public\’s right to receive information. In addition, after the judgement it has become unclear whether search engine operators have a legal basis for indexing websites that contain special categories of data. We also discuss steps taken by Google to comply with the judgment.
},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
In this note we discuss the controversial judgment in Google Spain v. González of the Court of Justice of the European Union (CJEU). Our focus is on the judgment’s implications for freedom of expression. First, the facts of the case and the CJEU’s judgment are summarised. We then argue that the CJEU did not give enough attention to the right to freedom of expression. By seeing a search engine operator as a controller regarding the processing of personal data on third party web pages, the CJEU assigns the operator the delicate task of balancing the fundamental rights at stake. However, such an operator may not be the most appropriate party to balance the rights of all involved parties, in particular in cases where such a balance is hard to strike. Furthermore, it is a departure from human rights doctrine that according to the CJEU privacy and data protection rights override, “as a rule”, the public’s right to receive information. In addition, after the judgement it has become unclear whether search engine operators have a legal basis for indexing websites that contain special categories of data. We also discuss steps taken by Google to comply with the judgment.
|
Zuiderveen Borgesius, F. Behavioural Sciences and the Regulation of Privacy on the Internet 2014. @misc{,
title = {Behavioural Sciences and the Regulation of Privacy on the Internet},
author = {F.J. Zuiderveen Borgesius},
url = {http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2513771},
year = {2014},
date = {2014-10-30},
abstract = {
This chapter examines the policy implications of behavioural sciences insights for the regulation of privacy on the Internet, by focusing in particular on behavioural targeting. This marketing technique involves tracking people\’s online behaviour to use the collected information to show people individually targeted advertisements. Enforcing data protection law may not be enough to protect privacy in this area. I argue that, if society is better off when certain behavioural targeting practices do not happen, policymakers should consider banning them.
},
note = {
Draft chapter for the book \'Nudging and the Law - What can EU Law learn from Behavioural Sciences?\', editors A-L. Sibony \& A. Alemanno, Hart Publishing.
},
keywords = {},
pubstate = {published},
tppubtype = {misc}
}
This chapter examines the policy implications of behavioural sciences insights for the regulation of privacy on the Internet, by focusing in particular on behavioural targeting. This marketing technique involves tracking people’s online behaviour to use the collected information to show people individually targeted advertisements. Enforcing data protection law may not be enough to protect privacy in this area. I argue that, if society is better off when certain behavioural targeting practices do not happen, policymakers should consider banning them.
|
Zuiderveen Borgesius, F. Inzage in de minuten van de asielprocedure: persoonsgegevens of geen persoonsgegevens? In: Asiel & Migrantenrecht, no. 7, 2014, (
Uitspraak van de maand: HvJEU, Y.S. en M. en S. tegen Minister voor Immigratie, Integratie en Asiel, C-141/12 en C-372/12.
). @article{,
title = {Inzage in de minuten van de asielprocedure: persoonsgegevens of geen persoonsgegevens?},
author = {Zuiderveen Borgesius, F.},
url = {http://www.asielenmigrantenrecht.nl/inhoudsopgave.cfm?jr=2014\&nr=7},
year = {2014},
date = {2014-10-30},
journal = {Asiel \& Migrantenrecht},
number = {7},
note = {
Uitspraak van de maand: HvJEU, Y.S. en M. en S. tegen Minister voor Immigratie, Integratie en Asiel, C-141/12 en C-372/12.
},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
|
Zuiderveen Borgesius, F. Als u niet akkoord gaat met deze onleesbare privacyvoorwaarden, klik toch maar op OK In: De Correspondent, 2014. @article{,
title = {Als u niet akkoord gaat met deze onleesbare privacyvoorwaarden, klik toch maar op OK},
author = {F.J. Zuiderveen Borgesius},
url = {https://decorrespondent.nl/1290/als-u-niet-akkoord-gaat-met-deze-onleesbare-privacyvoorwaarden-klik-toch-maar-op-ok/39675240-a02863dc},
year = {2014},
date = {2014-06-26},
journal = {De Correspondent},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
|
Zuiderveen Borgesius, F. Consent to Behavioural Targeting in European Law - What are the Policy Implications of Insights from Behavioural Economics? 30.07.2013. @misc{,
title = {Consent to Behavioural Targeting in European Law - What are the Policy Implications of Insights from Behavioural Economics?},
author = {F.J. Zuiderveen Borgesius},
url = {http://www.ivir.nl/publicaties/download/PLSC_paper_2013.pdf},
year = {2013},
date = {2013-07-30},
pages = {1-58},
note = {
Conference (draft) paper for Privacy Law Scholars Conference (PLSC), 6-7 June 2013, Berkeley, United States
},
keywords = {},
pubstate = {published},
tppubtype = {presentation}
}
|
Zuiderveen Borgesius, F. Segmentação Comportamental, Do Not Track e o desenvolvimento jurídico europeu e holandês In: poliTICs, no. 14, pp. 9-22, 2013. @article{,
title = {Segmenta\c{c}\~{a}o Comportamental, Do Not Track e o desenvolvimento jur\'{i}dico europeu e holand\^{e}s},
author = {F.J. Zuiderveen Borgesius},
url = {http://www.ivir.nl/publicaties/download/poliTICs14.pdf},
year = {2013},
date = {2013-07-11},
journal = {poliTICs},
number = {14},
pages = {9-22},
note = {Behavorial Targeting, Do Not Track, and European and Dutch Legal Developments},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
|
Zuiderveen Borgesius, F. Behavioral Targeting: A European Legal Perspective In: IEEE Security & Privacy, no. 1, pp. 82-85, 2013. @article{,
title = {Behavioral Targeting: A European Legal Perspective},
author = {F.J. Zuiderveen Borgesius},
url = {http://www.ivir.nl/publicaties/download/IEEE_2013_1.pdf},
year = {2013},
date = {2013-07-02},
journal = {IEEE Security \& Privacy},
number = {1},
pages = {82-85},
abstract = {Behavioral targeting, or online profiling, is a hotly debated topic. Much of the collection of personal information on the Internet is related to behavioral targeting, although research suggests that most people don't want to receive behaviorally targeted advertising. The World Wide Web Consortium is discussing a Do Not Track standard, and regulators worldwide are struggling to come up with answers. This article discusses European law and recent policy developments on behavioral targeting.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Behavioral targeting, or online profiling, is a hotly debated topic. Much of the collection of personal information on the Internet is related to behavioral targeting, although research suggests that most people don't want to receive behaviorally targeted advertising. The World Wide Web Consortium is discussing a Do Not Track standard, and regulators worldwide are struggling to come up with answers. This article discusses European law and recent policy developments on behavioral targeting. |
Zuiderveen Borgesius, F. Filtering for Copyright Enforcement in Europa after the Sabam cases 13.06.2013. @misc{,
title = {Filtering for Copyright Enforcement in Europa after the Sabam cases},
author = {F.J. Zuiderveen Borgesius},
url = {http://www.ivir.nl/publicaties/download/Sabam_Filtering.pdf},
year = {2013},
date = {2013-06-13},
pages = {1-7},
abstract = {
Sabam, a Belgian collective rights management organisation, wanted an internet access provider and a social network site to install a filter system to enforce copyrights. In two recent judgments, the Court of Justice of the European Union decided that the social network site and the internet access provider cannot be required to install the filter system that Sabam asked for. Are these judgments good news for fundamental rights? This article argues that little is won for privacy and freedom of information.
},
note = {
Artikel ook gepubliceerd in European Intellectual Property Review, 2012-11, p. 54-58.
},
keywords = {},
pubstate = {published},
tppubtype = {presentation}
}
Sabam, a Belgian collective rights management organisation, wanted an internet access provider and a social network site to install a filter system to enforce copyrights. In two recent judgments, the Court of Justice of the European Union decided that the social network site and the internet access provider cannot be required to install the filter system that Sabam asked for. Are these judgments good news for fundamental rights? This article argues that little is won for privacy and freedom of information.
|
Zuiderveen Borgesius, F. Commentaren op het nieuws dat Equens pingegevens wil gaan verkopen 2013. @misc{,
title = {Commentaren op het nieuws dat Equens pingegevens wil gaan verkopen},
author = {F.J. Zuiderveen Borgesius},
url = {http://www.ivir.nl/publicaties/download/987.pdf},
year = {2013},
date = {2013-05-31},
note = {
Wat zijn onze gegevens waard?, NOS Radio Journaal, 24 mei 2013. http://nos.nl/op3/audio/510479-wat-zijn-onze-gegevens-waard.html Pingegevens: wat zijn ze waard?, NOS Televisie Journaal, 24 mei 2013. http://nos.nl/op3/video/510638-pingegevens-wat-zijn-ze-waard.html
},
keywords = {},
pubstate = {published},
tppubtype = {misc}
}
|
Zuiderveen Borgesius, F. Behavioral Targeting: Legal Developments in Europe and the Netherlands 06.12.2012. @misc{,
title = {Behavioral Targeting: Legal Developments in Europe and the Netherlands},
author = {F.J. Zuiderveen Borgesius},
url = {http://www.ivir.nl/publicaties/download/Position_paper_W3C.pdf},
year = {2012},
date = {2012-12-06},
note = {
Position paper for the W3C Do Not Track Workshop, november 2012. http://www.w3.org/2012/dnt-ws/agenda.html
},
keywords = {},
pubstate = {published},
tppubtype = {presentation}
}
|
van der Sloot, B., Zuiderveen Borgesius, F. Google's Dead End, or: on Street View and the Right to Data Protection: An analysis of Google Street View's compatibility with EU data protection law In: Computer Law Review International, no. 4, pp. 103-109, 2012. @article{,
title = {Google's Dead End, or: on Street View and the Right to Data Protection: An analysis of Google Street View's compatibility with EU data protection law},
author = {van der Sloot, B. and Zuiderveen Borgesius, F.},
url = {http://www.ivir.nl/publicaties/download/84.pdf},
year = {2012},
date = {2012-11-20},
journal = {Computer Law Review International},
number = {4},
pages = {103-109},
abstract = {May a company photograph the daily lives of people all over the world, store those photos, and publish them on the internet? This article assesses which obligations Google has to fulfil in order to respect the European data protection rules. The focus lies on three questions. First, which data processed for the Street View service are personal data? Second, does Google have a legitimate ground for processing personal data? Third, does Google comply with its transparency obligations and does it respect the rights of the data subjects, specifically their right to information?},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
May a company photograph the daily lives of people all over the world, store those photos, and publish them on the internet? This article assesses which obligations Google has to fulfil in order to respect the European data protection rules. The focus lies on three questions. First, which data processed for the Street View service are personal data? Second, does Google have a legitimate ground for processing personal data? Third, does Google comply with its transparency obligations and does it respect the rights of the data subjects, specifically their right to information? |
Zuiderveen Borgesius, F. Speech at the European Parliament: Interparliamentary Committee meeting: The reform of the EU Data Protection framework - Building trust in a digital and global world 02.11.2012. @misc{,
title = {Speech at the European Parliament: Interparliamentary Committee meeting: The reform of the EU Data Protection framework - Building trust in a digital and global world},
author = {F.J. Zuiderveen Borgesius},
url = {http://www.ivir.nl/publicaties/download/Speech_EU_Parliament.pdf},
year = {2012},
date = {2012-11-02},
pages = {1-3},
keywords = {},
pubstate = {published},
tppubtype = {presentation}
}
|
van der Sloot, B., Zuiderveen Borgesius, F. Google and Personal Data Protection 21.03.2012, (Working paper). @misc{,
title = {Google and Personal Data Protection},
author = {van der Sloot, B. and Zuiderveen Borgesius, F.},
url = {http://www.ivir.nl/publicaties/download/Google_Data_Protection_2012.pdf},
year = {2012},
date = {2012-03-21},
journal = {Working Paper},
abstract = {This chapter discusses the interplay between the European personal data protection regime and two specific Google services, Interest Based Advertising and Google Street View. The chapter assesses first the applicability of the Data Protection Directive, then jurisdictional issues, the principles relating to data quality, whether there is a legitimate purpose for data processing, and lastly the transparency principle in connection with the rights of the data subject. The conclusion is that not all aspects of the services are easy to reconcile with the Directive's requirements.},
note = {Working paper},
keywords = {},
pubstate = {published},
tppubtype = {presentation}
}
This chapter discusses the interplay between the European personal data protection regime and two specific Google services, Interest Based Advertising and Google Street View. The chapter assesses first the applicability of the Data Protection Directive, then jurisdictional issues, the principles relating to data quality, whether there is a legitimate purpose for data processing, and lastly the transparency principle in connection with the rights of the data subject. The conclusion is that not all aspects of the services are easy to reconcile with the Directive's requirements. |
Zuiderveen Borgesius, F. Annotatie bij Hof van Justitie 24 november 2011 (Scarlet / Sabam) 2012. @misc{,
title = {Annotatie bij Hof van Justitie 24 november 2011 (Scarlet / Sabam)},
author = {F.J. Zuiderveen Borgesius},
url = {http://www.ivir.nl/publicaties/download/Mediaforum_2012_3.pdf},
year = {2012},
date = {2012-03-13},
journal = {Mediaforum},
number = {3},
pages = {93-100},
keywords = {},
pubstate = {published},
tppubtype = {misc}
}
|
Zuiderveen Borgesius, F. De meldplicht voor datalekken in de Telecommunicatiewet In: Computerrecht, no. 4, pp. 209-218, 2011. @article{,
title = {De meldplicht voor datalekken in de Telecommunicatiewet},
author = {F.J. Zuiderveen Borgesius},
url = {http://www.ivir.nl/publicaties/download/Borgesius-datalekken-computerrecht-final.pdf},
year = {2011},
date = {2011-08-22},
journal = {Computerrecht},
number = {4},
pages = {209-218},
abstract = {Het Wetsvoorstel wijziging van de Telecommunicatiewet ter implementatie van de herziene telecommunicatierichtlijnen
introduceert een meldplicht voor inbreuken in verband met persoonsgegevens. Aanbieders van openbare elektronische communicatiediensten moeten zulke datalekken voortaan melden aan OPTA, de Onafhankelijke Post en Telecommunicatie Autoriteit. Als een datalek waarschijnlijk ongunstige gevolgen zal hebben voor de persoonlijke levenssfeer van degene wiens persoonsgegevens het betreft, moeten aanbieders ook deze inlichten. In dit artikel wordt
deze regeling besproken. Daarbij zal blijken dat er nog een aantal onduidelijkheden zijn. Ook wordt ingegaan op de vraag in hoeverre de meldplicht geschikt is om de doelen die de Europese regelgever nastreeft te bereiken. Geconcludeerd wordt dat een meldplicht nut kan hebben, maar dat de effectiviteit van de meldplicht aanzienlijk wordt beperkt doordat hij slechts geldt voor aanbieders van openbare elektronische communicatiediensten. Zelfs als een bredere meldplicht ingevoerd zou worden, zijn meer maatregelen nodig om alle genoemde doelen te bereiken.
},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Het Wetsvoorstel wijziging van de Telecommunicatiewet ter implementatie van de herziene telecommunicatierichtlijnen
introduceert een meldplicht voor inbreuken in verband met persoonsgegevens. Aanbieders van openbare elektronische communicatiediensten moeten zulke datalekken voortaan melden aan OPTA, de Onafhankelijke Post en Telecommunicatie Autoriteit. Als een datalek waarschijnlijk ongunstige gevolgen zal hebben voor de persoonlijke levenssfeer van degene wiens persoonsgegevens het betreft, moeten aanbieders ook deze inlichten. In dit artikel wordt
deze regeling besproken. Daarbij zal blijken dat er nog een aantal onduidelijkheden zijn. Ook wordt ingegaan op de vraag in hoeverre de meldplicht geschikt is om de doelen die de Europese regelgever nastreeft te bereiken. Geconcludeerd wordt dat een meldplicht nut kan hebben, maar dat de effectiviteit van de meldplicht aanzienlijk wordt beperkt doordat hij slechts geldt voor aanbieders van openbare elektronische communicatiediensten. Zelfs als een bredere meldplicht ingevoerd zou worden, zijn meer maatregelen nodig om alle genoemde doelen te bereiken.
|
Zuiderveen Borgesius, F. De nieuwe cookieregels: alwetende bedrijven en onwetende internetgebruikers? In: Privacy & Informatie, no. 1, pp. 2-11, 2011. @article{,
title = {De nieuwe cookieregels: alwetende bedrijven en onwetende internetgebruikers?},
author = {F.J. Zuiderveen Borgesius},
url = {http://www.ivir.nl/publicaties/download/PI_2011_1.pdf},
year = {2011},
date = {2011-03-22},
journal = {Privacy \& Informatie},
number = {1},
pages = {2-11},
abstract = {Om het zoek- en klikgedrag van een internetgebruikers te monitoren plaatsen bedrijven vaak een cookie op de computer van die gebruiker. Volgens de geamendeerde e-Privacyrichtlijn mogen cookies die niet noodzakelijk zijn voor communicatie of om een aangevraagde dienste te leveren voortaan slechts worden geplaatst nadat de internetgebruiker zijn ge\"{i}nformeerde toestemming heeft gegeven. Volgens de Nederlandse wetgever kan deze toestemming onder meer blijken uit de instellingen van de browser. In dit artikel wordt nagegaan in hoeverre toestemming middels browserinstellingen in de praktijk zal voldoen aan de eisen die de Dataprotectierichtlijn stelt aan 'toestemming': een vrije, specifieke, op informatie berustende wilsuiting. Geconcludeerd wordt dat 'browsertoestemming' in de praktijk waarschijnlijk niet aan deze eisen zal voldoen.
},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Om het zoek- en klikgedrag van een internetgebruikers te monitoren plaatsen bedrijven vaak een cookie op de computer van die gebruiker. Volgens de geamendeerde e-Privacyrichtlijn mogen cookies die niet noodzakelijk zijn voor communicatie of om een aangevraagde dienste te leveren voortaan slechts worden geplaatst nadat de internetgebruiker zijn geïnformeerde toestemming heeft gegeven. Volgens de Nederlandse wetgever kan deze toestemming onder meer blijken uit de instellingen van de browser. In dit artikel wordt nagegaan in hoeverre toestemming middels browserinstellingen in de praktijk zal voldoen aan de eisen die de Dataprotectierichtlijn stelt aan 'toestemming': een vrije, specifieke, op informatie berustende wilsuiting. Geconcludeerd wordt dat 'browsertoestemming' in de praktijk waarschijnlijk niet aan deze eisen zal voldoen.
|
Zuiderveen Borgesius, F. VMC Studiemiddag In: Mediaforum, no. 10, pp. 323-326, 2010. @article{,
title = {VMC Studiemiddag},
author = {F.J. Zuiderveen Borgesius},
url = {http://www.ivir.nl/publicaties/download/Mediaforum_2010_10.pdf},
year = {2010},
date = {2010-12-22},
journal = {Mediaforum},
number = {10},
pages = {323-326},
abstract = {De Vereniging voor Media- en Communicatierecht en de Vereniging voor Reclamerecht organiseerden op 25 juni 2010 een gezamenlijke studiemiddag over het onderwerp 'behavorial targeting'. Onder dit begrip valt onder meer het vastleggen van surfgedrag op het internet (bijvoorbeeld middels cookies) en het gebruik van deze gegevens om gericht te adverteren. Vanwege het steeds frequenter wordende gebruik van behavioral targeting en het feit dat er nieuwe Europese regels zijn opgesteld, is het debat over behavioral targeting weer opgelaaid.
},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
De Vereniging voor Media- en Communicatierecht en de Vereniging voor Reclamerecht organiseerden op 25 juni 2010 een gezamenlijke studiemiddag over het onderwerp 'behavorial targeting'. Onder dit begrip valt onder meer het vastleggen van surfgedrag op het internet (bijvoorbeeld middels cookies) en het gebruik van deze gegevens om gericht te adverteren. Vanwege het steeds frequenter wordende gebruik van behavioral targeting en het feit dat er nieuwe Europese regels zijn opgesteld, is het debat over behavioral targeting weer opgelaaid.
|
van der Sloot, B., Zuiderveen Borgesius, F. De amendementen van de Richtlijn Burgerrechten op de e-Privacyrichtlijn In: Privacy & Informatie, no. 4, pp. 162-172, 2010. @article{,
title = {De amendementen van de Richtlijn Burgerrechten op de e-Privacyrichtlijn},
author = {Zuiderveen Borgesius, F. and van der Sloot, B.},
url = {http://www.ivir.nl/publicaties/download/P\&I_2010_4.pdf},
year = {2010},
date = {2010-10-15},
journal = {Privacy \& Informatie},
number = {4},
pages = {162-172},
abstract = {De e-Privacyrichtlijn, betreffende de verwerking van persoonsgegevens en de bescherming van de persoonlijke levenssfeer in de sector elektronische communicatie, is onlangs gewijzigd door de Richtlijn Burgerrechten. De wijzigingen worden in dit artikel benoemd en becommentarieerd. Enkele van de belangrijkste wijzigingen zijn de introductie van een opt-in-regel voor cookies, een meldplicht voor datalekken, de mogelijkheid voor providers om spammers in rechte aan te spreken en een artikel betreffende de implementatie en publiekrechtelijke handhaving van de e-Privactrichtlijn.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
De e-Privacyrichtlijn, betreffende de verwerking van persoonsgegevens en de bescherming van de persoonlijke levenssfeer in de sector elektronische communicatie, is onlangs gewijzigd door de Richtlijn Burgerrechten. De wijzigingen worden in dit artikel benoemd en becommentarieerd. Enkele van de belangrijkste wijzigingen zijn de introductie van een opt-in-regel voor cookies, een meldplicht voor datalekken, de mogelijkheid voor providers om spammers in rechte aan te spreken en een artikel betreffende de implementatie en publiekrechtelijke handhaving van de e-Privactrichtlijn. |
Zuiderveen Borgesius, F. E-mail na de dood: juridische bescherming van privacybelangen In: Privacy & Informatie, no. 5, pp. 212-224, 2009. @article{,
title = {E-mail na de dood: juridische bescherming van privacybelangen},
author = {F.J. Zuiderveen Borgesius},
url = {http://www.ivir.nl/publicaties/download/PI_2009_5.pdf},
year = {2009},
date = {2009-11-17},
journal = {Privacy \& Informatie},
number = {5},
pages = {212-224},
abstract = {
Aanbieders van online e-maildiensten zoals Gmail, Hotmail en Yahoo!, bieden een steeds grotere opslagcapaciteit aan hun abonnees, hetgeen de feitelijke beschikkingsmacht van deze aanbieders over de bij hun opgeslagen communicatie vergroot. De honger naar informatie van de aanbieders van dergelijke online communicatiediensten die vaak afhankelijk zijn van advertentie-inkomsten, wordt ruimschoots gevoed door de consument die gretig gebruik maakt van de veelal gratis aangeboden en haast ongelimiteerde opslagcapaciteit die hen in staat stelt om al hun communicatie vanaf iedere gewenste plek te raadplegen. Nu de generatie abonnees die via e-mail communiceert langzamerhand ouder begint te worden, rijst de vraag wat er zal gebeuren met de e-mailcommunicatie die staat opgeslagen bij de aanbieder na overlijden van de abonnee. De centrale vraag van dit artikel luidt dan ook: in hoeverre wordt het privacybelang van de abonnee van een online e-maildienst en diens communicatiepartners beschermd en kunnen zij dit belang beschermen als de abonnee komt te overlijden? Uit onze inventarisatie van de relevante wetgeving, jurisprudentie en literatuur blijkt dat de bescherming van de privacybelangen van de overleden abonnee en zijn communicatiepartners onduidelijk en zelfs gebrekkig is.
},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Aanbieders van online e-maildiensten zoals Gmail, Hotmail en Yahoo!, bieden een steeds grotere opslagcapaciteit aan hun abonnees, hetgeen de feitelijke beschikkingsmacht van deze aanbieders over de bij hun opgeslagen communicatie vergroot. De honger naar informatie van de aanbieders van dergelijke online communicatiediensten die vaak afhankelijk zijn van advertentie-inkomsten, wordt ruimschoots gevoed door de consument die gretig gebruik maakt van de veelal gratis aangeboden en haast ongelimiteerde opslagcapaciteit die hen in staat stelt om al hun communicatie vanaf iedere gewenste plek te raadplegen. Nu de generatie abonnees die via e-mail communiceert langzamerhand ouder begint te worden, rijst de vraag wat er zal gebeuren met de e-mailcommunicatie die staat opgeslagen bij de aanbieder na overlijden van de abonnee. De centrale vraag van dit artikel luidt dan ook: in hoeverre wordt het privacybelang van de abonnee van een online e-maildienst en diens communicatiepartners beschermd en kunnen zij dit belang beschermen als de abonnee komt te overlijden? Uit onze inventarisatie van de relevante wetgeving, jurisprudentie en literatuur blijkt dat de bescherming van de privacybelangen van de overleden abonnee en zijn communicatiepartners onduidelijk en zelfs gebrekkig is.
|