Societal and political implications of emerging digital technologies and big data

Lead Research Organisation: University of Oxford
Department Name: Computer Science

Abstract

Data-processing companies face unprecedented scrutiny these days, from both authorities and users. Following the Cambridge Analytica revelations, investigations by the UK data authority ICO identified "a disturbing disregard for voters' privacy" spread across the data industry. The House of Commons concluded that the current "situation is unlikely to change". Even risk-averse investors agree, with technology shares being continuously on the rise. The reason lies in the pervasive, ongoing, and apparently irreversible amalgamation of digital devices in our daily lives. Mobile applications secretly share personal information with third parties, whilst other "smart devices" are spreading. This necessitates rigorous scrutiny of current data practices and impartial checks and balances, which academia can provide.

The PhD research will be conducted as part of the "Human-Centred Computing" group at the University of Oxford. This group seeks to understand the current challenges of the Digital Economy, so as to support human flourishing in the 21st century. More specifically, the group aims to inform and empower individuals with regards to their day-to-day use of technology. A prominent example of such is X-Ray, a software framework developed as part of the EPSRC-funded SOCIAM project. This software aims to uncover hidden data flows to companies all over the world. X-Ray analysed almost 1m Android apps, finding that roughly 90% of apps could send data to Google and 40% to Facebook. The X-Ray project will be the starting point of the PhD research, with potentially significant relevance for current society due to the ubiquity of apps.

With the introduction of the EU Data Protection Regulation (GDPR), the field of data protection has recently gained increased prominence and importance. The GDPR strengthens the rights of individuals as well as the powers of the regulating bodies. The data protection authorities (DPAs) of the EU member states can now impose penalties of up to 20m Euros or 4% of worldwide annual turnover (whichever is higher) for data protection infringements. Due to these new capabilities, data protection research can profoundly improve the lives of individuals.

The PhD research will expand on the X-Ray project, to add automated legal compliance analysis, as well as create new tools in the realm of law and technology. The novelty of the research methodology lies in the combination of computer science, law, and policy-making, particularly through automated program analysis and machine learning analysis of GDPR violations.

In alignment with the objectives of the research group and the EPSRC research theme Digital Economy, the PhD project seeks to raise awareness amongst individuals of the implications of large-scale data collection, and empower individuals to make more meaningful choices with regards to data collection. A further objective is informing policy-making regarding current and emerging digital technologies.

This project falls within the EPSRC Digital Economy research area.

Studentship Projects

Project Reference Relationship Related To Start End Student Name
EP/R513295/1 30/09/2018 29/09/2023
2219016 Studentship EP/R513295/1 30/09/2019 29/09/2022 Konrad Kollnig
 
Description The research analysed the impacts of the GDPR and other laws on apps privacy practices. It has been highlighted that relevant laws don't (yet) achieve their intended aims in practice.

To support this research, the PhD researcher developed a wealth of tooling to support regulatory compliance, most notably PlatformControl at https://www.platformcontrol.org
Exploitation Route Expand on work
Sectors Digital/Communication/Information Technologies (including Software)

URL https://www.platformcontrol.org
 
Description The research has been widely covered by news outlets and been picked up by various tech regulators.
Sector Digital/Communication/Information Technologies (including Software)
Impact Types Societal

Economic

Policy & public services

 
Description Coverage and interview by German Federal Cartel Office
Geographic Reach Europe 
Policy Influence Type Citation in other policy documents
Impact A widely circulated assessment of the German Federal Cartel Office, that feeds into the ongoing negotiations in the EU Parliament on the Digital Services and Markets Acts.
URL https://www.bundeskartellamt.de/SharedDocs/Publikation/DE/Sektoruntersuchungen/Sektoruntersuchung_Mo...
 
Description Coverage by Federal Trade Commission
Geographic Reach North America 
Policy Influence Type Citation in other policy documents
Impact Dark patterns are a widespread concern in software technologies. Our work presented a novel way to tackle such dark patterns, and has been widely covered in the news.
URL https://www.ftc.gov/news-events/events-calendar/bringing-dark-patterns-light-ftc-workshop
 
Description Response to the UK government's public consultation on the planned reform of UK data protection law
Geographic Reach National 
Policy Influence Type Contribution to a national consultation/review
URL https://hcc.cs.ox.ac.uk/news/2021/11/19/dcsm-consultation.html
 
Description Hertford College Travel Grant
Amount £300 (GBP)
Organisation University of Oxford 
Sector Academic/University
Country United Kingdom
Start 12/2019 
End 12/2019
 
Description SIGCHI Development Fund Grant
Amount $3,750 (USD)
Organisation Association for Computing Machinery Special Interest Group on Computer–Human Interaction (ACM SIGCHI) 
Sector Charity/Non Profit
Country United States
Start 03/2021 
End 05/2021
 
Title PlatformControl: Analysis of iOS and Android App Privacy At Scale 
Description Download and privacy analysis of iOS and Android apps at scale. Previously, no similar tool existed. 
Type Of Material Improvements to research infrastructure 
Year Produced 2021 
Provided To Others? Yes  
Impact Various publications, see website. 
URL https://platformcontrol.org/
 
Description Open Data Institute 
Organisation Open Data Institute
Country United Kingdom 
Sector Charity/Non Profit 
PI Contribution Together with the ODI, we're investigating privacy-enhancing technologies in practice.
Collaborator Contribution Knowledge, research and writing
Impact Report: https://www.theodi.org/article/federated-learning-an-introduction-report/
Start Year 2022
 
Description Sitra Digipower investigation 
Organisation Sitra
Country Finland 
Sector Public 
PI Contribution The Finnish innovation fund Sitra (reporting directly to the Finnish parliament) is currently pursuing a study into the power of digital gatekeepers. As part of this, high-ranking Finnish politicians and journalists use my TrackerControl app to investigate to what companies other apps on their phone send personal data.
Collaborator Contribution Sitra organises the whole investigations.
Impact Widespread news coverage in Finland, for example: https://www.hbl.fi/artikel/de-flesta-appar-spionerar-pa-anvandarna/
Start Year 2021
 
Title TrackerControl: An Android App for Choice and Transparency around App Tracking 
Description Android app that allows individuals to see and control to what companies their mobile apps can send personal data. 
Type Of Technology Webtool/Application 
Year Produced 2020 
Open Source License? Yes  
Impact More than 100,000 downloads, and shaping individuals' privacy expectations. Apple and DuckDuckGo (an online search engine) have now added very exact copies of the functionality of TrackerControl to their own systems. 
URL https://trackercontrol.org/
 
Description Combatting Dark Patterns with Privacy Tech 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Public/other audiences
Results and Impact Discussed dark patterns other experts in the field, and also talk about my ongoing research into dark patterns
Year(s) Of Engagement Activity 2021
URL https://www.linkedin.com/events/tropttwitterspaces-combattingda6797602404805181441/
 
Description Is iOS really more private than Android? 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Postgraduate students
Results and Impact Presented my ongoing research on comparing iOS and Android app privacy to a general academic audience.
Year(s) Of Engagement Activity 2021
URL https://www.facebook.com/events/284012920116021/
 
Description OpenRightsGroup: Digital Security Lightning Talks 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Public/other audiences
Results and Impact Presented my ongoing research into app privacy, and discussed with other academic experts
Year(s) Of Engagement Activity 2020
URL https://www.openrightsgroup.org/events/org-oxford-digital-security-lightning-talks/
 
Description The Power of App Stores 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Postgraduate students
Results and Impact Presented my ongoing research into iOS app privacy.
Year(s) Of Engagement Activity 2020
 
Description TrackerControl Discussion Group 
Form Of Engagement Activity Engagement focused website, blog or social media channel
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Public/other audiences
Results and Impact Managing online community around my TrackerControl app. Participating individuals do not just discuss aspects relating to TrackerControl, but also issues relating to app privacy in general.
Year(s) Of Engagement Activity 2020,2021
URL https://github.com/kasnder/tracker-control-android#communities
 
Description iOS is always more private than Android - and other myths 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Postgraduate students
Results and Impact Presented my ongoing research on comparing iOS and Android app privacy to a general academic audience.
Year(s) Of Engagement Activity 2021