Societal and political implications of emerging digital technologies and big data
Lead Research Organisation:
University of Oxford
Department Name: Computer Science
Abstract
Data-processing companies face unprecedented scrutiny these days, from both authorities and users. Following the Cambridge Analytica revelations, investigations by the UK data authority ICO identified "a disturbing disregard for voters' privacy" spread across the data industry. The House of Commons concluded that the current "situation is unlikely to change". Even risk-averse investors agree, with technology shares being continuously on the rise. The reason lies in the pervasive, ongoing, and apparently irreversible amalgamation of digital devices in our daily lives. Mobile applications secretly share personal information with third parties, whilst other "smart devices" are spreading. This necessitates rigorous scrutiny of current data practices and impartial checks and balances, which academia can provide.
The PhD research will be conducted as part of the "Human-Centred Computing" group at the University of Oxford. This group seeks to understand the current challenges of the Digital Economy, so as to support human flourishing in the 21st century. More specifically, the group aims to inform and empower individuals with regards to their day-to-day use of technology. A prominent example of such is X-Ray, a software framework developed as part of the EPSRC-funded SOCIAM project. This software aims to uncover hidden data flows to companies all over the world. X-Ray analysed almost 1m Android apps, finding that roughly 90% of apps could send data to Google and 40% to Facebook. The X-Ray project will be the starting point of the PhD research, with potentially significant relevance for current society due to the ubiquity of apps.
With the introduction of the EU Data Protection Regulation (GDPR), the field of data protection has recently gained increased prominence and importance. The GDPR strengthens the rights of individuals as well as the powers of the regulating bodies. The data protection authorities (DPAs) of the EU member states can now impose penalties of up to 20m Euros or 4% of worldwide annual turnover (whichever is higher) for data protection infringements. Due to these new capabilities, data protection research can profoundly improve the lives of individuals.
The PhD research will expand on the X-Ray project, to add automated legal compliance analysis, as well as create new tools in the realm of law and technology. The novelty of the research methodology lies in the combination of computer science, law, and policy-making, particularly through automated program analysis and machine learning analysis of GDPR violations.
In alignment with the objectives of the research group and the EPSRC research theme Digital Economy, the PhD project seeks to raise awareness amongst individuals of the implications of large-scale data collection, and empower individuals to make more meaningful choices with regards to data collection. A further objective is informing policy-making regarding current and emerging digital technologies.
This project falls within the EPSRC Digital Economy research area.
The PhD research will be conducted as part of the "Human-Centred Computing" group at the University of Oxford. This group seeks to understand the current challenges of the Digital Economy, so as to support human flourishing in the 21st century. More specifically, the group aims to inform and empower individuals with regards to their day-to-day use of technology. A prominent example of such is X-Ray, a software framework developed as part of the EPSRC-funded SOCIAM project. This software aims to uncover hidden data flows to companies all over the world. X-Ray analysed almost 1m Android apps, finding that roughly 90% of apps could send data to Google and 40% to Facebook. The X-Ray project will be the starting point of the PhD research, with potentially significant relevance for current society due to the ubiquity of apps.
With the introduction of the EU Data Protection Regulation (GDPR), the field of data protection has recently gained increased prominence and importance. The GDPR strengthens the rights of individuals as well as the powers of the regulating bodies. The data protection authorities (DPAs) of the EU member states can now impose penalties of up to 20m Euros or 4% of worldwide annual turnover (whichever is higher) for data protection infringements. Due to these new capabilities, data protection research can profoundly improve the lives of individuals.
The PhD research will expand on the X-Ray project, to add automated legal compliance analysis, as well as create new tools in the realm of law and technology. The novelty of the research methodology lies in the combination of computer science, law, and policy-making, particularly through automated program analysis and machine learning analysis of GDPR violations.
In alignment with the objectives of the research group and the EPSRC research theme Digital Economy, the PhD project seeks to raise awareness amongst individuals of the implications of large-scale data collection, and empower individuals to make more meaningful choices with regards to data collection. A further objective is informing policy-making regarding current and emerging digital technologies.
This project falls within the EPSRC Digital Economy research area.
People |
ORCID iD |
Nigel Shadbolt (Primary Supervisor) | |
Konrad Kollnig (Student) |
Publications
Datta S
(2022)
GreaseVision: Rewriting the Rules of the Interface
Datta S
(2022)
GreaseVision: Rewriting the Rules of the Interface
Kollnig K
(2022)
Are iPhones Really Better for Privacy? A Comparative Study of iOS and Android Apps
in Proceedings on Privacy Enhancing Technologies
Kollnig K
(2022)
TrackerControl: Transparency and Choice around App Tracking
in Journal of Open Source Software
Kollnig K
(2023)
Ready for the EU Digital Services Act? How Decisions by Apple and by Google Impede App Privacy
in SSRN Electronic Journal
Kollnig K
(2021)
Before and after GDPR: tracking in mobile apps
in Internet Policy Review
Kollnig K
(2021)
I Want My App That Way: Reclaiming Sovereignty Over Personal Devices
Kollnig K
(2021)
Before and after GDPR: tracking in mobile apps
in Internet Policy Review
Studentship Projects
Project Reference | Relationship | Related To | Start | End | Student Name |
---|---|---|---|---|---|
EP/R513295/1 | 30/09/2018 | 29/09/2023 | |||
2219016 | Studentship | EP/R513295/1 | 30/09/2019 | 29/09/2022 | Konrad Kollnig |
Description | The research analysed the impacts of the GDPR and other laws on apps privacy practices. It has been highlighted that relevant laws don't (yet) achieve their intended aims in practice. To support this research, the PhD researcher developed a wealth of tooling to support regulatory compliance, most notably PlatformControl at https://www.platformcontrol.org |
Exploitation Route | Expand on work |
Sectors | Digital/Communication/Information Technologies (including Software) |
URL | https://www.platformcontrol.org |
Description | The research has been widely covered by news outlets and been picked up by various tech regulators. |
Sector | Digital/Communication/Information Technologies (including Software) |
Impact Types | Societal Economic Policy & public services |
Description | Coverage and interview by German Federal Cartel Office |
Geographic Reach | Europe |
Policy Influence Type | Citation in other policy documents |
Impact | A widely circulated assessment of the German Federal Cartel Office, that feeds into the ongoing negotiations in the EU Parliament on the Digital Services and Markets Acts. |
URL | https://www.bundeskartellamt.de/SharedDocs/Publikation/DE/Sektoruntersuchungen/Sektoruntersuchung_Mo... |
Description | Coverage by Federal Trade Commission |
Geographic Reach | North America |
Policy Influence Type | Citation in other policy documents |
Impact | Dark patterns are a widespread concern in software technologies. Our work presented a novel way to tackle such dark patterns, and has been widely covered in the news. |
URL | https://www.ftc.gov/news-events/events-calendar/bringing-dark-patterns-light-ftc-workshop |
Description | Response to the UK government's public consultation on the planned reform of UK data protection law |
Geographic Reach | National |
Policy Influence Type | Contribution to a national consultation/review |
URL | https://hcc.cs.ox.ac.uk/news/2021/11/19/dcsm-consultation.html |
Description | Hertford College Travel Grant |
Amount | £300 (GBP) |
Organisation | University of Oxford |
Sector | Academic/University |
Country | United Kingdom |
Start | 12/2019 |
End | 12/2019 |
Description | SIGCHI Development Fund Grant |
Amount | $3,750 (USD) |
Organisation | Association for Computing Machinery Special Interest Group on Computer–Human Interaction (ACM SIGCHI) |
Sector | Charity/Non Profit |
Country | United States |
Start | 03/2021 |
End | 05/2021 |
Title | PlatformControl: Analysis of iOS and Android App Privacy At Scale |
Description | Download and privacy analysis of iOS and Android apps at scale. Previously, no similar tool existed. |
Type Of Material | Improvements to research infrastructure |
Year Produced | 2021 |
Provided To Others? | Yes |
Impact | Various publications, see website. |
URL | https://platformcontrol.org/ |
Description | Open Data Institute |
Organisation | Open Data Institute |
Country | United Kingdom |
Sector | Charity/Non Profit |
PI Contribution | Together with the ODI, we're investigating privacy-enhancing technologies in practice. |
Collaborator Contribution | Knowledge, research and writing |
Impact | Report: https://www.theodi.org/article/federated-learning-an-introduction-report/ |
Start Year | 2022 |
Description | Sitra Digipower investigation |
Organisation | Sitra |
Country | Finland |
Sector | Public |
PI Contribution | The Finnish innovation fund Sitra (reporting directly to the Finnish parliament) is currently pursuing a study into the power of digital gatekeepers. As part of this, high-ranking Finnish politicians and journalists use my TrackerControl app to investigate to what companies other apps on their phone send personal data. |
Collaborator Contribution | Sitra organises the whole investigations. |
Impact | Widespread news coverage in Finland, for example: https://www.hbl.fi/artikel/de-flesta-appar-spionerar-pa-anvandarna/ |
Start Year | 2021 |
Title | TrackerControl: An Android App for Choice and Transparency around App Tracking |
Description | Android app that allows individuals to see and control to what companies their mobile apps can send personal data. |
Type Of Technology | Webtool/Application |
Year Produced | 2020 |
Open Source License? | Yes |
Impact | More than 100,000 downloads, and shaping individuals' privacy expectations. Apple and DuckDuckGo (an online search engine) have now added very exact copies of the functionality of TrackerControl to their own systems. |
URL | https://trackercontrol.org/ |
Description | Combatting Dark Patterns with Privacy Tech |
Form Of Engagement Activity | A talk or presentation |
Part Of Official Scheme? | No |
Geographic Reach | International |
Primary Audience | Public/other audiences |
Results and Impact | Discussed dark patterns other experts in the field, and also talk about my ongoing research into dark patterns |
Year(s) Of Engagement Activity | 2021 |
URL | https://www.linkedin.com/events/tropttwitterspaces-combattingda6797602404805181441/ |
Description | Is iOS really more private than Android? |
Form Of Engagement Activity | A talk or presentation |
Part Of Official Scheme? | No |
Geographic Reach | National |
Primary Audience | Postgraduate students |
Results and Impact | Presented my ongoing research on comparing iOS and Android app privacy to a general academic audience. |
Year(s) Of Engagement Activity | 2021 |
URL | https://www.facebook.com/events/284012920116021/ |
Description | OpenRightsGroup: Digital Security Lightning Talks |
Form Of Engagement Activity | A talk or presentation |
Part Of Official Scheme? | No |
Geographic Reach | International |
Primary Audience | Public/other audiences |
Results and Impact | Presented my ongoing research into app privacy, and discussed with other academic experts |
Year(s) Of Engagement Activity | 2020 |
URL | https://www.openrightsgroup.org/events/org-oxford-digital-security-lightning-talks/ |
Description | The Power of App Stores |
Form Of Engagement Activity | A talk or presentation |
Part Of Official Scheme? | No |
Geographic Reach | National |
Primary Audience | Postgraduate students |
Results and Impact | Presented my ongoing research into iOS app privacy. |
Year(s) Of Engagement Activity | 2020 |
Description | TrackerControl Discussion Group |
Form Of Engagement Activity | Engagement focused website, blog or social media channel |
Part Of Official Scheme? | No |
Geographic Reach | International |
Primary Audience | Public/other audiences |
Results and Impact | Managing online community around my TrackerControl app. Participating individuals do not just discuss aspects relating to TrackerControl, but also issues relating to app privacy in general. |
Year(s) Of Engagement Activity | 2020,2021 |
URL | https://github.com/kasnder/tracker-control-android#communities |
Description | iOS is always more private than Android - and other myths |
Form Of Engagement Activity | A talk or presentation |
Part Of Official Scheme? | No |
Geographic Reach | National |
Primary Audience | Postgraduate students |
Results and Impact | Presented my ongoing research on comparing iOS and Android app privacy to a general academic audience. |
Year(s) Of Engagement Activity | 2021 |