Ethics and Legal Considerations in Nanotargeting Research
by Netizenship Meaning in Online CommunitiesMay 30th, 2024
Too Long; Didn't Read
The research highlights efforts to reduce privacy risks from nanotargeting by complying with GDPR. It involves ethical practices like replacing LinkedIn profile URLs with random identifiers and implementing robust security measures, ensuring data protection and public interest.
Authors:
(1) Ángel Merino, Department of Telematic Engineering Universidad Carlos III de Madrid {[email protected]};
(2) José González-Cabañas, UC3M-Santander Big Data Institute {[email protected]}
(3) Ángel Cuevas, Department of Telematic Engineering Universidad Carlos III de Madrid & UC3M-Santander Big Data Institute {[email protected]};
(4) Rubén Cuevas, Department of Telematic Engineering Universidad Carlos III de Madrid & UC3M-Santander Big Data Institute {[email protected]}.
Table of Links
LinkedIn Advertising Platform Background
Nanotargeting proof of concept
Ethics and legal considerations
Conclusions, Acknowledgments, and References
9 Ethics and legal considerations
Our research aims to reduce the privacy risks for users due to nanotargeting and to create awareness about how personal data, as defined in the General Data Protection Regulation (GDPR) [1] in the European Union, is different from Personal Identifiable Information (PII). We believe this work is a relevant contribution in the context of the GDPR (and other advanced data protection regulations) as it provides a concrete example extending the vision of what should be considered personal data.
We expected that the combination of location and some professional skills would lead to a high uniqueness probability on LinkedIn. Hence, we took a conservative approach and considered we were managing personal data in our study, and thus, it was subject to the GDPR. We consulted with our institution’s Data Protection Officer (DPO), based in the EU, to ensure compliance with the GDPR. The DPO confirmed that our research has a clear public interest as it aims to improve user privacy and helps to clarify whether the GDPR applies to specific combinations of data items. Therefore, the DPO informed us the legal basis supporting our research is the public interest, one of the legal bases exposed in the GDPR to allow personal data processing.
The only potential unique identifier we could have stored in our dataset was the URL used to access the LinkedIn profile. To protect user privacy, we replaced each profile’s unique identifying URL with a random identifier to prevent anyone from potentially identifying individual users based on the information stored in our dataset. Following the instructions of our DPO, we implemented several security measures to minimize unauthorized access to our dataset. We kept the dataset in a server behind our institution’s firewall and a second self-configured firewall. The server is only accessible from a device connected to our institution’s physical network or VPN. Server access requires having an account and password on the server. Finally, the dataset was encrypted, and only the paper’s authors had the credentials to access the information. We adopted these security measures to safeguard the data from unauthorized access and comply with the requirements of the GDPR.
In summary, this research is closely linked to ethical principles and aims to reduce the privacy risks of users on LinkedIn and enhance the application of the GDPR. Furthermore, we have ensured compliance with the GDPR by following the instructions of our institution’s DPO, who reviewed and approved this research work.
This paper is available on arxiv under CC BY-NC-ND 4.0 DEED license.
L O A D I N G
. . . comments & more!
. . . comments & more!
