 Welcome everybody. I feel the light is changing. It seems like it's time to start. Welcome. This session will be by Brandon Reheck about data protection. What do we actually need to protect when we talk about data protection? Are we understanding it correctly, currently? Floris, yours. Thanks a lot. Okay, thanks for you to come here to listen to what does data protection actually protect. The subtitle is why we have to stop talking about individual privacy and more talk about social sustainability. Maybe first I say something about myself so you know who's talking and from which perspective. I'm a research associate at the Weizmann Institute for the Network Society. I'm a doctoral candidate and research are there and I'm doing research on digitalization and sustainability, tech fictions, data protection and well unsurprisingly and IT security. My background is computer science and philosophy at Humboldt University and Freya University and I'm also active in the Forum Computer Scientists for Peace and Social Responsibility, the Society for Computer Science and the ethics part and with Amnesty International, Germany, Human Rights in the Digital Age. Okay, so what are we going to talk about and why? First I want to talk about some basic terms because I noticed that when we talk about data protection it's usually a lot of things come together and a lot of people understand different things which I think is okay that this happens but we should be aware of the differences to have a fruitful discussion especially when we merge it with a concept of social sustainability. Then I will come into a problem description so what does data protection actually try to solve or address? Then some examples about data protection theory to deepen our understanding and practice and then I want to talk about some smoke streams and non-solutions that are usually posed as solution to the data protection problem as I would like to call it. Then I want to compare it or merge it somehow with the social sustainability briefly as a starting point for discussion. Then there will be some references and then we can exchange our ideas towards what I've been saying now. So some basic terms. First I would like to differentiate data protection, data protection law and data security. Data protection itself is a social science term because it's about society, it's about humans, it's about protection of things that are not technical. Then we have data protection law which is when we talk about GDPR or other regulations which is the legal form of data protection. Then we have data security which is informatics or computer science term. This is usually how we will get into this a bit more in a second. How to actually deal with the data and the data processing itself. The interesting thing here is that each of them have their own rules of discourse. What is being protected? What are the measurements and the tools being used? Sometimes they don't even agree on what they are about. That's why we talk about this. That's very interesting because the problem description always defines the solution. It defines the solution space itself. Then we talk about data all the time. I think it's also important to somehow shed some light on to the meaning of data information. First data protection law. We see it protects individuals and groups. This is the purpose and the protection object is personal data. This is the first interesting thing here. We want to protect individuals and people and we do it by protecting personal data. There's a difference here which is in a way you could say tax laws should maybe protect people with less income but we look at money. There are many other ways of achieving this but the thing we look at in data protection law is personal data. Of course we could also say are there other ways of reaching the same goal if we maybe regulate other things. Especially if we talk about law, the GDPR, the general data protection regulation valid all across Europe, implements Article 8 of the Charter of Fundamental Rights of the European Union. Especially I would like to underline Article 1. Human dignity is invi-lable and it must be respected and protected on Article 8, the protection of personal data. You could say any processing of personal data by an organization constitutes an interference with fundamental rights of a data subject because you're interfering with a person if you do some data processing that affects them. That's why it's called the data subject, the subject of the data being processed. In data protection law we have certain principles in the GDPR which is lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, confidentiality and accountability. What I find interesting is that we have a big data protection discussion that we should regulate more some of those aspects while at the same time they are already being regulated in the GDPR principles but that seems to be forgotten all the time. For example, a look at the big discussion about fairness currently. Fairness is explicitly one of the GDPR principles but now sometimes or oftentimes it seems like fairness is a new invention since the up-come of AI but fairness is a principle in all data processing and which is of course quite logical because I can infringe and discriminate people without AI. You know, that's not a new problem. Maybe there's a new quantity coming up but then the question would be how to adapt what we already know to the new situation maybe with machine learning. The lawfulness of processing and data protection law would be consent, contract, compliance. I don't go into details there but consent is kind of the individual willingness to let data be processed, contract is if I want certain service and the necessary data protection, then the necessary data processing then is legal, compliance with law for example for archiving, vital interests for example if it's a life and death situation then it's always legal according to the GDPR to process any information to protect the person. Public interest and legitimate interests. Legitimate interest is a very interesting point here but I don't want to go deep. This would be a different talk. Legitimate interest is the cause of many problems we have right now but this is not the topic here. Okay, the next thing is data security or IT security. The classic protection goals of data security are confidentiality, integrity and availability. So you can somehow from a technical point of perspective you could say it's the permissions to read, write and execute. If I say who can read it and who can't then I'm controlling confidentiality. If I say who can change and write onto the data then it's about integrity and if we talk about execution, this is kind of you know the flexible but it's if the service or the data is available to me. And a violation in data security would be if one of those three are violated. So if people can access this who should not, people who can change it who should not or people can have access to a service they should not or people who should be able to access it cannot. And those three are somehow differentiated because if I destroy a computer I'm certainly not violating the confidentiality but I'm certainly violating the integrity of it. That's why we differentiate this. Interesting here is that data security in its pure form secures the data processing and the existing data itself for the for the processor itself. We will see later on why this is important. And in Germany it should be mentioned that since 2008 there is a fundamental right for individuals to have the guarantee of confidentiality of integrity and confidentiality and integrity of the systems they use. I like to call it the fundamental right to cyborg because in the explanation, the German constitutional court said that we are so dependent on such systems that we have the right to confidentiality and integrity being agreed. Yeah, guaranteed, which I find quite interesting. So how about we now we talked about data protection law and about IT security or data security, but how about data protection itself? Well, I want to give a little background first on society why which is which is important to just a brief little sprinkle. Right now we live in a society based on division of labor. It's a it's a world with a multitude of actors and those actors have different roles in our society. And there are power asymmetries between individuals and an organization. What do I mean by this society based on division of labor? This means that not all of us are experts in all other areas. Most of the time we're at least expert in one area and we're lay people in all other areas. So we're very dependent on each other. And why is that why is it relevant? Well, if I say, well, let's, you know, let's, let's, let's suggest a certain solution, which is very technical. Then this solution applies only to the people who can actually operate them to ask a certain solution. Like, you know, you should encrypt your stuff, or you should, you know, do all those things. This means we all have to educate ourselves there, which as a as a person with a technological background, I like. But of course, people who are more into, let's say, food regulation would say exactly the same. And purple people who are more into, let's say, train safety would maybe say the same. But in the society based on division of labor, we found means to say, well, maybe there should be minimum standards. So we can access a train or we can drive a car. Okay, with car, we need to drive a license, but still, or we can go into supermarket and not get killed by the wrong decisions or not get big harm with the wrong decisions. And now, if we look at the power asymmetries, of course, there's a difference between an individual and organization. Organization can be a state, can be like a business, but it could also be an NGO. And usually, those organizations have much more means and have much more options to assert their own interests in a social relationship. And this is the definition, at least for Max Weber, for power as a chance to do exactly that, even against opposition. You can differentiate this to enforce a certain action, you can prevent a certain action, or you have the power to define a certain discourse, how we talk about things. And now, when we take this background of a society with a division of labor into this world of computerization, we see we have computers everywhere, nearly ubiquitous computerization and the digitalization which we now call the process, we now call digitalization has been going on for around 50 years, you could say. And we have computer supported information processing of organizations, governments, businesses and NGOs, as I mentioned before, exactly those organizations who, in principle, have more power already than an individual. And in addition, you could say there's also no individual decision anymore to participate in this kind of computerization or not. Even if you would like to work on paper, at a certain point, you will, if you do your taxes or if you buy a ticket or something, you know, all those things, if you get money from the pension fund or you pay into the pension fund, of course all of this is digitized. So, to say I do a little detox tour might feel really nice and might be really healthy, but it doesn't help, doesn't help you in any way to escape the computerization process in a society. So, of course, the solution to this individuals and organizations using computerization and software to organize lives and processes, the solution to escape this cannot be going back to the caves, but it cannot be back to the caves, but what could be the solution? So, how do we deal with all those power asymmetries that are now technologicalized, you could say, or informationalized? And this, I would say, this is the question that data protection tries to answer. What do we do with all this power and all those asymmetries that cannot be resolved in principle because organizations are always more powerful than the individual? Okay, now we've been talking about the data, interesting thing is that the data in data protection means information as a model for a certain purpose. This means that when we talk about raw data that's already an oxymoron, there is no raw data because all data is made for a certain purpose and it has all the models like included in itself and for a certain purpose and now you can ask whose purpose is it? And now we see if organizations write software and collect data, it is of course their interest being represented in how the data model itself is already created and this is even before the first actual data is being collected. The model itself represents the purpose of the organization and of course the purpose is very reduced because I have to, if I want to do computation, I have to reduce the complexity of the world into a model and it's subjective. It is, it is what I want to achieve with my system, how I built the system. Okay, yeah, we could go into semiotics but I think because of time we skip this a little bit. Okay, so maybe to sum this part up a little bit, technology especially IT helps organizations and individuals to better assert their own interests and IT creates information power affecting the fundamental rights of individuals because of the big asymmetries between the different players. If I program a piece of software that's of course not the same thing when Facebook writes certain software because the amount of users, the amount of funds I have all in it shows that there's a big structural difference and of course we don't want to go into caves but we want to have all the good things that come with the digitization. The processing is desirable but we have to pay attention to the power asymmetries and yeah okay, we come to this point later. Okay, so the data protection problem can be rephrased as information processes must not bring about socially and societally harmful consequences. So what we want is the good things and the implications without getting the bad things. So of course the question is what is the good thing and one of the bad things to prevent. And the researcher Martin Rost also said data protection also means maintaining alternatives of the weaker party and of course the weaker party is if I look at the relationship between me and for example the German state when I apply for something, of course the alternatives, how does a system have to be designed so my alternatives later on are not reduced. How are the platforms designed so when I get in there my alternatives are being reduced. We know this as lock in effect for example. And this is somehow interesting because it's analogous to the sustainable development idea that the later generations should have the same opportunities for accessing resources and having certain lifestyle or certain outlook on life. This is somehow the technological equivalent and as a consequence what data protection says we have to condition data processing. We have to say those are rules, those are red lines, though this area is totally fine but here's you know this should not be done or if you do it you have to do it in a certain way. So what we want, we don't want natural development because natural development means the rule of the strongest. So we want all those computation but we have to think about the rules how that applies. And in a certain way so we say data protection of course does not protect data that's a misnomer but individuals and society as a whole. Society as a whole you could say functional differentiation, you could say certain group rights, I don't know, right to assemble or even that the knowledge creation or the creation of an opinion in societies that all this works this is far beyond the individual. But this is only partially reflected in law and now we see that there's a difference between the data protection as I just outlined it and data protection law because data protection law GDPR says it protects the fundamental rights and freedoms and it protects fairness which is much more that much more as we see in the discussion in the political discussion but it's much less what we actually want when we talk about data protection we heard this at the opening ceremony already we talk we say data protection should protect society and we're here this but this is currently not reflected in the law but I would already be happy if we would already impose and use the law we have which we still do not when we listen to those fairness discussions as the food would be and something new okay but of course but what are the what are the motives for less data protection well of course data protection needs additional resources for the people who do the data processing most of the time the organizations you need more people you need knowledge you need to conceptualize you need to think not only I want to you know connect those people I want to maybe bring those items there I don't I want to have you know smart mobility but you have to think the whole data processing how do I achieve it and there are actually solutions to a lot of problems we see out there but they have to be approached in a different way and not easily at the first sight and you implement this so this is nothing one can do afterwards when the system is already there so that's why the the the main idea or the main impetus of data protection has to be it's part of the core design principles from the beginning on especially because and that's what I mentioned before because of the modeling of the processing of the data and all this and of course data protection prevents the use of information or business models this can be a good thing or a bad thing again there's a discussion about this but of course I think we agree that certain data processing is needed for public or official tasks but of course the discussion is you know how should this look like and what are the implications how can we do this without being socially harmed harmful um and the interesting thing is that especially in IT we are a little bit behind with the regulation it seems to me because we get discussed about certain things we would never discuss in the areas of hygiene rules or safety regulations prohibition of child labor, workers rights, environmental standards etc environmental standards of course although all this can be improved but um to say yeah okay I will come to this in a bit hygiene rules where there are straight red lines what's impossible to do because we have a common understanding of harm okay yeah this is it okay maybe some data protection theory as a finishing um or yeah somehow finishing um if we look this is somehow now getting it a bit deeper into the um into the differentiation I wanted to make um if we look at information flow between certain actors for example an organization and an individual as we mentioned before okay the organization is a strong one and the individual is the weak one as we mentioned before if we have the direction of flow of information from the strong to the weak and we increase this that means we call this we call this transparency or freedom of information if we block this information flow from the strong actor to the weak one we call this arcane practice or the hidden practice if the direction of flow is from the weak to the strong if we increase this we call this datafication and if we block this we call this data protection so here this explains now um why for example in Germany we have a federal commissioner of information freedom and data protection where I usually would think well the first one is actually restricting information the other one is actually spreading information but it makes total sense when we look at it with the glasses of power asymmetry because the transparency weakens the strong and the data protection strengthens the weak and that's why it makes total sense to bring this together and to have this in our data protection concepts and of course we see if we have more like restrictive authoritarian regimes we have datafication of everything while at the same time the state or other other businesses don't say what they do we have arcane practice and datafication at the same time okay so to finish sooner or later no I will go into this some mentions to the smoke screens and non-solutions so now we saw data protection is about power asymmetries so we hear a lot about digital self defense you know encrypt your emails and you know update your your things I totally agree but we have to see the societal dimension of this if data protection the idea of data protection is to protect the weaker ones against organizations to say digital self-defense is somehow cynical to say you are the weaker one and it's your task to defend yourself you have to become an IT expert and while doing this you still can't change the inner organizational data processing so you can encrypt your emails but if you have to interact with the with financial institutions of course there's nothing to to encrypt so digital self-defense is interesting for people who know their stuff and who live maybe alone not not connected with the rest of society but it is not a societal solution to the data protection problem data ownership in an individual data sovereignty if I have property rights and inclusive rights about data then where's the we would create we look at it from a perspective of power asymmetries we create a much bigger problem than we can actually solve because now if we say data ownership I can own my data that means I can sell my data so I put out a TV and say well this TV's price is this and that and it's half price if we get all your data it's ownership so you can freely sell your data or you don't sell your data but now we can see in the societal background what would happen people who have a lot of money can use the data ownership to get the protection they want and people who are not so financially well off they will get exploited but wasn't exactly this problem what we wanted to solve with data ownership well it doesn't work exactly that's why it doesn't work consent fetish okay I'll get this and data trust okay we have maybe a bit more okay maybe some some some sentence to the consent fetish as I would like to call it as we saw this understanding I think which is very useful about data protection would be a societal white concept but if we focus on informational self-determination that people by themselves can decide this we get somehow in the same problem as with data ownership but informational self-determination sounds much more empowering and of course this is why a lot of especially the bigger business to say well actually the problem of informational self-determination is a problem of information asymmetry if the people would know more they could decide better but of course we all know and as studies have said if we would read all the data prep all the services we need we would use six weeks each year only reading this of course that's that cannot be a solution the problem is not information asymmetry but power asymmetry okay so the only reason the only solution to this would be somehow hard limits for data protection and the best case is not the best case but the thing that the idea data protection would aim for with the democratic legitimization legitimization same goes for algorithm ethics we talk about algorithm ethics we need ethical algorithms but of course the algorithms are not actors the organizations are actors they use the algorithms to further their interests so to say we have to look at the algorithms somehow leaves out that they're actually actors using this and we had we have mentioned this at the beginning who makes the systems who creates the data models who plans and puts the purpose it's not the algorithm the algorithm is a tool and of course the tool can be regulated but it's the tool is not part of an ethical discussion okay so I would say our ethics are fine just the implementation of law legs behind and the discussion what we do with new actors like big tech companies but this is of course the place here to do this okay so and algorithm ethics of course I think now that we look at all those things all those like the smoke screens I think it makes total sense for a corporation who does not want regulation to say oh we need data ownership to empower the people the individual self-determination this is the most important thing and we also have to be very ethical and with everything we do we will be very transparent of course I would also make all those four points because none of those four points actually help the purpose of data protection okay comparison data protection forces organizations to consider the interests of data subjects when designing their data processing it's against their interest that's interesting the rights of a data subject is an obligation to the data controller so every time when a company says oh that's so much paperwork this means I'm not willing to make the effort to impose the protection of the people affected and yeah and now I think at least how I understand it we see that individual privacy the idea of the I go back into my living room I don't want cameras in my home this is a consequence of data protection and not the starting point so if we have those power asymmetries taken care of then we see it's actually not this camera in the in the sleeping room because if it's my own camera then it's of course it's a problem it's no problem because you know there is no power asymmetry between me and myself but it's a problem you know if it's if it's echo or whatever it is there is a company and the power asymmetries are so strong so this individual privacy we hear a lot being talked about in this understanding of data protection would be a result yeah okay so I think I would finish with a very with an interesting citation from Martin Rost because usually in computer science when we talk about attackers and the defense and IT security we say Alice and Bob are communicating and then is Mallory is attacking and then they both encrypt and and they both you know they have to group together to fight off Mallory and the citation or the proverb was if we talk about data protection it's not Alice and Bob preventing or protecting against Mallory but the attacker of Alice and Bob in this case is actually Bob Bob is the attacker and that's why we have to look at Bob and not at hackers around but to those people who actually design the processing so it reaches exactly what we want as a society okay that's it maybe some literature hints you could take if you found this topic interesting and then I think we have time for some questions thank you thank you so much I'm now running around the room taking questions please raise your hand if you have any and wave all cleared very very clear I guess I have a question we often also see that data I think this is the point about Bob right so my data can actually also not only harm myself but actually harm you if it's in some way used to to to make generalization so that you kind of fall out of the group of of of normalcy or and so on and so forth would that also fit into it can you maybe elaborate a little bit more on how you see that I think it's this is an important point too I would first look at of course the data processing could harm the individual but of course harm other people I think maybe I would extend your question even to say it is impossible to have data processing that does not affect other people and the classic example of course is we have our email providers and we sign up for them and then we say yeah we've read the privacy agreement and then this is the reason because we have agreed but of course with this process we have agreed for everyone who's writing us an email as well so if we take the network society seriously it's we can say it's a good or a bad thing at the same time but the network society means we are connected all the time and that's why I would agree that this has to be taken into consideration and that's why we need those kind of let's say regulations or the red lines collectively and the system we have right now somehow to determine this is a political system with democratic legitimacy and I think that's why it's so important to also fight against lobbyism and all this because this is kind of the self-realization of a society what it wants because yeah I agree it's all instantiations of the same problem that no decision only affects yourself and yeah that's the example with the going back to the cave if we go back to the cave then maybe it's only the family that's affected but this is not the case anymore and it's also nice I mean it's also to be in a nice community this is a wonderful thing but that's why yeah so in a way I would agree to this question and refer to the approach I outlined thank you can I now take a question from the audience somebody oh yeah okay hi thank you for your presentation I have a question that is some cities or some public actors especially in France start some projects called self-data projects which mean that they implement platforms where you can basically see very easily what the public actors or what of your data were given to the public actors or what you gave during making demands or processes so would that enter your self-determination definition or would it be you think a good kind of solution to also take control back on what data public or private actors if it's implemented by private actors really has on you and that you can then decide very easily to implement your rights that is in the law to okay I don't want that you have this data anymore you can cancel it thank you yeah thanks for the question I think this is a this is a quite good example in principle I think it's a really good idea to have those kind of I think they're called cockpits or transparency and information yeah central points but it gets all the good and the bad things about the transparency the good things are I can see what's happening and I can see how the data is processed but the bad thing is how can I really exercise this right how much time do I have how often can I do it can everyone do it is it accessible and if I if I want to contradict what can I do like what is if if I say okay now I see something but I'm not happy about it does those platform also allow me to say actually I don't want this usage I want to break this connection and I want to you know object to this so if it's only if it's only an information platform then I would be very critical of it and I would think okay this is again to wash away the problem of the power asymmetry to it's only a problem of information if you would know everything then everything would fine it would be fine and yeah and that's why I would say my basic question back would then be so how much can you intervene and how how much do also data protection regulatory authorities can they mass check those settings or the the usage can they and maybe even in an automatic way can this transparency also be used in a systematic way to check overreaching activities so is it only pointed to the individual to check or is it also has it also API's or whatever that yeah that data protection authorities could could use this in a way so I think then I would differentiate this yeah also thanks for the talk for me I have the feeling that discussion around data protection are always filled with memes like data protection makes everything more hard for businesses and so on do you have examples from successful from our point of view discussion around the topic of data protection and what can we learn of them from your point of view yeah that's actually that's a pretty good point well I think the the problem and that's why I try to I decided to make this talk is that data protection usually is a scapegoat for saying something with the IT doesn't work according to what I want I you know I can't access this or that data yeah it's because of data protection or so I think the first step is to make this clearer all those concepts and well things that worked well I think it it does not really make sense to always stay in the abstract area I think if people say ah actually data protection was bad for this or good for this okay let's get examples for that what were like how much how much more effort do you have and what are the results and there are I don't know there are examples of public software uses where maybe the design was inclusive and then we have to get more into the the concrete examples to get away from the memes because otherwise it just stays a conversation and my my impression is that in a lot of situations where the data protection is said to be a blocking for for businesses or even for public use if we look deeper into it we see the problem is not data protection because data protection says well if you have a certain purpose and the purpose is according to our values then you can do it and so if there's a big problem then probably there's something wrong with your purpose and but but this has to be yeah so a concrete example let me think about it yeah that's there are some some bigger and smaller well let's say I think there have been some let's say digital strategy now okay that's a that's a complex example to explain why this is a good example okay then my answer I would reduce my answer to say we have to we have to look at the the concrete processing if if if someone says okay this is a big this is a big issue it's I know it's a very unsatisfying answer but yeah I think this is I would leave it at that as for now okay we have one minute left and one question left so thanks for the talk my question I kind of goes back to the Alison Bob's situation so Bob is the untrusted actor there so what is it is it a practical situation is it practical to for example Alice encrypts homomorphically their data before they give it to Bob so it's only meaningful to Alice but Bob can still do some meaningful operations without actually knowing or getting any meaningful is it practical or that's a very good and very detailed interesting question and if we take data protection seriously there is no clear answer to this very common question because the question would be from a data protection point of view in which situation is this being used how are the actors related with each other do they share the same interest what are the dangers if the the encryption does not work or what are the dangers of the results of this analysis because if the results of the analysis can still be discriminating against the person or another group of people then it would not it would not help to have this homomorphic encryption so that's why it has to be decided from case to case you can there are situations where it's a good idea to encrypt but there's also a good situation you know if I encrypt all the data from the pension funds you know that's bad for everyone because they cannot be read and you don't get your pension so that's what I'm that's why I'm saying it you can't say let's encrypt and that's why it's good and maybe one one last comment to the question I just it just came to my mind the way how the Linux distribution Debian reaches their technical design goals is I think a very good way of of doing this looking at how data protection can be taken seriously how there's a democratic process how there's a discussion how there's a technical deep analysis of what should be done and that would what would happen there and then how the technology in the end looks like is a result of this whole inclusive process there are many problems with this example but I didn't want to leave you you know with totally no example at all and it's a partly technological example only so that's why I think it's a good example okay thank you so much and also thank you the audience and see you around in another session