Managing privacy: The importance of user control in the design of DEVELOP

Friday, 29. July 2016
by
Joanna Simon, Trilateral, London, United Kingdom

 

In today’s data-driven world, conversations about privacy and data protection are ubiquitous. In particular, privacy is often raised as a major concern when talking about new technologies. However, despite this widespread attention, the concept of privacy remains notoriously difficult to define. There have been several academic debates about the precise meaning and scope of the concept of privacy. In 1997, Roger Clarke outlined a taxonomy of four different types of privacy: privacy of the person, privacy of personal data, privacy of personal behaviour and privacy of personal communication [1]. More than a decade later, Finn, Wright and Friedewald updated Clarke’s categories to include three additional types of privacy including; privacy of thoughts and feelings, privacy of location and space and privacy of association (including group privacy) [2].

Privacy is enshrined as a fundamental human right in the European Convention on Human Rights. This right is echoed in the Charter for Fundamental Rights of the European Union. There are various legal regulations that have been enacted in order to protect data privacy, both at the EU level and in domestic law. However, privacy and data protection are not simply about legislative compliance. It goes beyond the letter of the law and encompasses various ethical values and principles, such as dignity and autonomy. It is our job to ensure that data is collected and used by the system in a way that not only complies with the legal framework but also respects the ethical values that underpin privacy considerations.

The DEVELOP project is designing and developing a system for career development. The system will allow for the assessment of transversal competencies and social capital to highlight learning opportunities for career development. It will combine this with personalised visualisations of potential career paths to inform and guide employees towards realistic and attainable careers. During the project, specific focus is given to the impact on privacy as a result of using and analysing employee-centric data. The protection of privacy is considered of high importance for the project in general. It is particularly important to consider privacy in the design and development of a system that will interact with and have an impact on end users. The DEVELOP system will necessarily collect data in performing its function as a career development tool. It is vital that users are aware of this and can control who has access to this information and data.

It may help to give a small example of the sorts of issues that can arise: an employee, let’s call her Laura, completes a course in order to gain a new skill that she believes will be helpful to her career development. Following the conclusion of the course, she is given feedback on her performance. This feedback will most likely be useful to Laura, but there are others who may also find this feedback useful. Other members of her team may like to know that Laura has specific skills and that she can be trusted to work on certain specialised tasks due to the positive feedback she received. Managers within the organisation who are looking to expand their department may want to target people who have received excellent feedback on a course such as the one completed by Laura. Laura’s manager might want to see the feedback in order to make sure that she is progressing satisfactorily. But what if the feedback is bad? Does Laura want to share this with everyone? Even if the feedback isn’t bad, it may be that Laura would be happy to share this information with her direct boss and with other managers, but would prefer not to have this visible to her social network. This is just one small example, but having assessed the various features of the proposed system, a recurrent issue that arises is that of user control. It is crucial that users are able to control how their data is used and with whom it is shared. The DEVELOP system will enable Laura to make these decisions by allowing for multi-layered privacy settings that give her complete control over what is visible and to whom.

By considering issues of privacy and data protection from the inception of the project, we can ensure that privacy and data protection is not simply bolted on as an afterthought. Rather, it will be built directly into the system and carefully considered throughout the design, development and implementation of DEVELOP, which will enhance user’s confidence and trust in the system.

 

REFERENCES

[1] Clarke, Roger, “Introduction to Dataveillance and Information Privacy, and Definitions of Terms”, Xamax Consultancy, Aug 1997. http://www.rogerclarke.com/DV/Intro.html.

[2] Finn, Rachel L., David Wright and Michael Friedewald, “Seven types of privacy”, in Serge Gutwirth, Yves Poullet et al. (eds.), European Data Protection: Coming of Age, Springer, Dordrecht, 2013.