Authors:
(1) Ángel Merino, Department of Telematic Engineering Universidad Carlos III de Madrid {angel.merino@uc3m.es};
(2) José González-Cabañas, UC3M-Santander Big Data Institute {jose.gonzalez.cabanas@uc3m.es}
(3) Ángel Cuevas, Department of Telematic Engineering Universidad Carlos III de Madrid & UC3M-Santander Big Data Institute {acrumin@it.uc3m.es};
(4) Rubén Cuevas, Department of Telematic Engineering Universidad Carlos III de Madrid & UC3M-Santander Big Data Institute {rcuevas@it.uc3m.es}. Table of Links Abstract and Introduction LinkedIn Advertising Platform Background Dataset Methodology User’s Uniqueness on LinkedIn Nanotargeting proof of concept Discussion Related work Ethics and legal considerations Conclusions, Acknowledgments, and References Appendix 9 Ethics and legal considerations Our research aims to reduce the privacy risks for users due to nanotargeting and to create awareness about how personal data, as defined in the General Data Protection Regulation (GDPR) [1] in the European Union, is different from Personal Identifiable Information (PII). We believe this work is a relevant contribution in the context of the GDPR (and other advanced data protection regulations) as it provides a concrete example extending the vision of what should be considered personal data. We expected that the combination of location and some professional skills would lead to a high uniqueness probability on LinkedIn. Hence, we took a conservative approach and considered we were managing personal data in our study, and thus, it was subject to the GDPR. We consulted with our institution’s Data Protection Officer (DPO), based in the EU, to ensure compliance with the GDPR. The DPO confirmed that our research has a clear public interest as it aims to improve user privacy and helps to clarify whether the GDPR applies to specific combinations of data items. Therefore, the DPO informed us the legal basis supporting our research is the public interest, one of the legal bases exposed in the GDPR to allow personal data processing. The only potential unique identifier we could have stored in our dataset was the URL used to access the LinkedIn profile. To protect user privacy, we replaced each profile’s unique identifying URL with a random identifier to prevent anyone from potentially identifying individual users based on the information stored in our dataset. Following the instructions of our DPO, we implemented several security measures to minimize unauthorized access to our dataset. We kept the dataset in a server behind our institution’s firewall and a second self-configured firewall. The server is only accessible from a device connected to our institution’s physical network or VPN. Server access requires having an account and password on the server. Finally, the dataset was encrypted, and only the paper’s authors had the credentials to access the information. We adopted these security measures to safeguard the data from unauthorized access and comply with the requirements of the GDPR. In summary, this research is closely linked to ethical principles and aims to reduce the privacy risks of users on LinkedIn and enhance the application of the GDPR. Furthermore, we have ensured compliance with the GDPR by following the instructions of our institution’s DPO, who reviewed and approved this research work. This paper is available on arxiv under CC BY-NC-ND 4.0 DEED license. Authors: (1) Ángel Merino, Department of Telematic Engineering Universidad Carlos III de Madrid {angel.merino@uc3m.es}; (2) José González-Cabañas, UC3M-Santander Big Data Institute {jose.gonzalez.cabanas@uc3m.es} (3) Ángel Cuevas, Department of Telematic Engineering Universidad Carlos III de Madrid & UC3M-Santander Big Data Institute {acrumin@it.uc3m.es}; (4) Rubén Cuevas, Department of Telematic Engineering Universidad Carlos III de Madrid & UC3M-Santander Big Data Institute {rcuevas@it.uc3m.es}. Authors: Authors: (1) Ángel Merino, Department of Telematic Engineering Universidad Carlos III de Madrid {angel.merino@uc3m.es}; (2) José González-Cabañas, UC3M-Santander Big Data Institute {jose.gonzalez.cabanas@uc3m.es} (3) Ángel Cuevas, Department of Telematic Engineering Universidad Carlos III de Madrid & UC3M-Santander Big Data Institute {acrumin@it.uc3m.es}; (4) Rubén Cuevas, Department of Telematic Engineering Universidad Carlos III de Madrid & UC3M-Santander Big Data Institute {rcuevas@it.uc3m.es}. Table of Links Abstract and Introduction Abstract and Introduction LinkedIn Advertising Platform Background LinkedIn Advertising Platform Background Dataset Dataset Methodology Methodology User’s Uniqueness on LinkedIn User’s Uniqueness on LinkedIn Nanotargeting proof of concept Nanotargeting proof of concept Discussion Discussion Related work Related work Ethics and legal considerations Ethics and legal considerations Conclusions, Acknowledgments, and References Conclusions, Acknowledgments, and References Appendix Appendix 9 Ethics and legal considerations Our research aims to reduce the privacy risks for users due to nanotargeting and to create awareness about how personal data, as defined in the General Data Protection Regulation (GDPR) [1] in the European Union, is different from Personal Identifiable Information (PII). We believe this work is a relevant contribution in the context of the GDPR (and other advanced data protection regulations) as it provides a concrete example extending the vision of what should be considered personal data. We expected that the combination of location and some professional skills would lead to a high uniqueness probability on LinkedIn. Hence, we took a conservative approach and considered we were managing personal data in our study, and thus, it was subject to the GDPR. We consulted with our institution’s Data Protection Officer (DPO), based in the EU, to ensure compliance with the GDPR. The DPO confirmed that our research has a clear public interest as it aims to improve user privacy and helps to clarify whether the GDPR applies to specific combinations of data items. Therefore, the DPO informed us the legal basis supporting our research is the public interest, one of the legal bases exposed in the GDPR to allow personal data processing. The only potential unique identifier we could have stored in our dataset was the URL used to access the LinkedIn profile. To protect user privacy, we replaced each profile’s unique identifying URL with a random identifier to prevent anyone from potentially identifying individual users based on the information stored in our dataset. Following the instructions of our DPO, we implemented several security measures to minimize unauthorized access to our dataset. We kept the dataset in a server behind our institution’s firewall and a second self-configured firewall. The server is only accessible from a device connected to our institution’s physical network or VPN. Server access requires having an account and password on the server. Finally, the dataset was encrypted, and only the paper’s authors had the credentials to access the information. We adopted these security measures to safeguard the data from unauthorized access and comply with the requirements of the GDPR. In summary, this research is closely linked to ethical principles and aims to reduce the privacy risks of users on LinkedIn and enhance the application of the GDPR. Furthermore, we have ensured compliance with the GDPR by following the instructions of our institution’s DPO, who reviewed and approved this research work. This paper is available on arxiv under CC BY-NC-ND 4.0 DEED license. This paper is available on arxiv under CC BY-NC-ND 4.0 DEED license. available on arxiv

Part of HackerNoon's growing list of open-source research papers, promoting free access to academic material.

Nanotargeting Risks: The Urgent Need for Better Privacy Protections

How Non-PII Data Can Deanonymize Users

Read My Stories

Too Long; Didn't Read

Make resilience your competitive advantage

Ethics and Legal Considerations in Nanotargeting Research

About Author

Comments

TOPICS

THIS ARTICLE WAS FEATURED IN

Related Stories

Untitled Story

What's the Ideal Width of the iPhone? We Asked HackerNoon Readers to Find Out

Analysis and Implementation of Nanotargeting on LinkedIn Based on Publicly Available Non-Pii

Privacy and Targeting on LinkedIn: Insights into the Campaign Manager

Creating a Dataset for LinkedIn User Analysis

LinkedIn User Uniqueness Study: Computation Methods and Selection Strategies

What's the Ideal Width of the iPhone? We Asked HackerNoon Readers to Find Out

Analysis and Implementation of Nanotargeting on LinkedIn Based on Publicly Available Non-Pii

Privacy and Targeting on LinkedIn: Insights into the Campaign Manager

Creating a Dataset for LinkedIn User Analysis

LinkedIn User Uniqueness Study: Computation Methods and Selection Strategies

Light-Mode

Classic

Newspaper

Dark-Mode

Neon Noir

Minty

HN StartUps