data protection

Data Protection for the Common Good: Developing a framework for a data protection-focused data commons

In our data-driven society, personal data are increasingly being collected and processed by sizeable and international companies. While data protection laws and privacy technologies attempt to limit the impact of data breaches and privacy scandals, …

The ‘Personal’ in Personal Data: Who is Responsible for Our Data and How Do We Get it Back?

Winner of Best in Category, Justis International Law and Technology Writing Competition 2020 for the Category of Social Media, Data and Privacy In our data-driven society, every piece of technology that connects us to the internet collects our personal data (any information relating to an identified or identifiable natural person), building elaborate profiles on what we are doing, where we are, and even who we are. As data subjects (those about whom personal data are collected), we can no longer hide from data controllers (those who collect and determine what these data are used for).

Co-Creating Autonomy: Group data protection and individual self-determination within a data commons

Recent privacy scandals such as Cambridge Analytica and the Nightingale Project show that data sharing must be carefully managed and regulated to prevent data misuse. Data protection law, legal frameworks, and technological solutions tend to focus on …

Protests Decentralised: How technology enabled civil disobedience by Hong Kong anti-extradition bill protesters

This work in progress paper was presented at the 8th Asian Privacy Scholars Network Conference held at the Faculty of Law, National University of Singapore.

The Right to Data Portability in Practice: Exploring the Implications of the Technologically Neutral GDPR

Our paper explores the right to data portability in depth by making 230 requests to data controllers on the day the GDPR was enforced. We found the key points summarised below: The European General Data Protection Regulation (GDPR) introduces one new data subject right, Article 20’s right to data portability (RtDP). The RtDP aims to allow data subjects to obtain and reuse their personal data for their own purposes across different services.

How Portable is Portable? Exercising the GDPR’s Right to Data Portability

For a more updated and detailed version of this paper, see our work ‘The Right to Data Portability in Practice: Exploring the Implications of the Technologically Neutral GDPR’.