| Big data |
|
Extremely large data sets — usually used for analysis and even Machine learning |
| Data governance |
|
How entities might control, or govern, data; e.g. an organisation might govern it's data by choosing to never sell it. |
| Data ownership |
|
The idea of owning data became popularised after the GDPR came into effect — it's a misleading idea, because no one can really 'own' data, but they can have unfettered access to it. |
| Data portability |
|
The ability to move data between apps and services freely, ideally in a standardised format. E.g. take all of your data out of Spotify, and put it into another music streaming service. |
| Data stewards |
|
Individuals who work within some kind of Data trust model and are responsible for ensuring the data fed into the trust is used for the right things. |
| Data trust |
|
An institution who's sole purpose is to store data, and make it accessible for those who want to use it. E.g. to do research, to build an app, etc. |
| Personal data |
|
A term with open interpretation: usually refers to data that identifies you in some way such as your name, age, or address. Biometrics could even fall under this |
| Biometrics |
|
Data captured from your physical body. E.g. finger print, iris, gait, eye movement, posture, facial expressions, your face itself. |
| Encryption |
|
The method used to keep information secure: if you're sending data over the internet, encryption ensures that only you and the recipient of the data can access it. |
| Hashing |
|
Disguising a piece of data with a string of random characters — the most common way of storing passwords |
| Two-factor authentication |
|
Using two 'factors' to verify who you are, where a factor is either something you have, something you are, or something you know. E.g. you have your phone, you know your password, you are your fingerprint. |
| Bluetooth beacons |
|
Low-energy beacons that can be placed in public spaces such as museums and airports, and transmit/receive data to and from personal devices such as your phone. |
| Cookies |
|
Small bits of information that get stored in your browser as you surf the web. Can be used for things like remembering what's in your shopping basket to tracking your browsing behaviours. |
| Device fingerprinting |
|
The act of recording device information such as hardware, operating system, browser type, and installed fonts to create a kind of 'user profile' out of data that would otherwise be anonymised. |
| Facebook pixel |
|
Facebook 'loads a pixel' onto any website that uses this, and therefore Facebook can see that you have visited any site with the Facebook pixel on it (which is many). |
| Real time bidding |
|
Procedurally loaded ads: in the milliseconds it takes to load a webpage, Ad networks will find adverts based on your Advertising profile , and show them on the page. |
| Targeted advertising |
|
Using data about you, very often Behavioural data, to show you ads for products you're most likely to want/be told that you need. |
| Facial recognition |
|
The act of using your face as your identifier, like using your face to unlock your phone |
| Federated learning |
|
A Machine learning technique done across many devices: the algorithm learns from the local data on each device, without sharing that data between devices or to some central server |
| Machine learning |
|
The branch of AI where you teach a machine by feeding it data: e.g. a Twitter bot produces tweets that look and sound like yours by analysing your existing tweets. |
| Rekognition |
|
Amazon's controversial Facial recognition software used in smart doorbells and police departments in the USA. Hass been used to build up a database of suspicious people. |
| Inferred data |
|
Data about a person that is entirely synthetic — it is information that exists based on conclusions drawn from data that already exists about a person, or people similar to that person. |
| Behavioural data |
|
Data gathered based on someone's behaviours, such as where they usually go, watch stuff they like to watch on TV. This is usually used to predict behaviour and make better Targeted advertising |
| Active consent |
|
The explicit act of saying yes or no to something, for instance by checking a box and clicking 'save', or simply by clicking a button that clearly says 'yes'. |
| Data controller |
|
The entity or organisation who actually collects, and then controls your data. E.g. if you fill in a form on Company X's website, Company X are the controller of that data. |
| Data processing |
|
What is done with data after it's collected — the Data controller could store it somewhere, analyse it, or send it to any number of third-parties. |
| Data subject |
|
The user of a website or app — the person who's data is being collected by a Data controller |
| ePrivacy Regulation |
|
This regulation will replace the ePrivacy Directive. The ePrivacy Regulation is still in draft mode, with no confirmed date for it to come into effect. It will provide comprehensive cookie legislation which will compliment current rules set out by the GDPR |
| GDPR |
|
The General Data Protection Regulation: came into effect on the 25th of May 2018. Protects the data of European citizens by creating rules on what organisations are allowed to do with user data, and giving users more Data Rights |
| Subject access request |
|
Where a user (or Data subject ) makes a request to an organisation to exercise one or more of their Data Rights . E.g. you could email Deliveroo and ask them to delete every piece of data they have about you. |
| Data Rights |
|
Usually referring to the rights Data subjects have over the data they produce, such as being able to delete or change it. |
| Surveillance Capitalism |
|
Term coined by Shoshana Zuboff , meaning the commodification of our private experiences and the data we produce. This is perpetuated by free online services: when the product is free, you are the product. |
| Ad network |
|
Broadly, the platform which connect advertisers with people who want to show adverts. Ad profiles have the data and resources to know which ads should be shown to which people (ad targeting). Google and Facebook are ad networks. |
| Advertising profile |
|
A profile of information built up about different kinds of users — like demographics, but more detailed and segmented. This information is used to understand what kind of ads to show people. E.g. user X who fits this ad profile, should be shown advert Y. |
| CCPA |
|
The California Consumer Privacy Act. Goes into effect on 1st January 2020 and affords Californians new data rights that no other US citizens have. |
| BIPA |
|
Biometric Information Privacy Act. An Illinois state law that regulates the use of Biometrics . |
| Act to Protect the Privacy of Online Consumer Information |
|
This is a privacy regulation imposed by the US state of Maine. It prohibits internet service providers from using or selling the personal data of its users. In their case 'personal data' means identifying information, and other data such as browsing and geolocation. Read full text. |
| Nevada Senate Bill 220 |
|
Signed into law on 19th of May 2019, this bill states that consumers within Nevada are protected from the sale of their data by websites they visit. So if a site collects personal details, such as a social security number, they will not be allowed to sell that on to someone else. |
| Jeff Bezos |
|
CEO of Amazon |
| Mark Zuckerberg |
|
CEO of Facebook |
| Shoshana Zuboff |
|
Author of The Age of Surveillance Capitalism, a book outlining the effects of the now well-established models of digitally tracking our behaviours. |
| Sundar Pichai |
|
CEO of Google |
| Tim Cook |
|
CEO of Apple |
| Cambridge Analytica |
|
Cambridge Analytica was a political consulting firm, made famous by a scandal in which the company harvested personal data from millions of Facebook profiles, without any knowledge or consent from Facebook users. This scandal was key in bringing data privacy concerns into the public consciousness. |
| Brandwatch |
|
Brandwatch are a consumer insights company that recently merged with Crimson Hexagon. Both of these companies do something very similar to what Cambridge Analytica did: they look at social media data, and use it to help brands advertise. |
| EFF |
|
The Electronic Frontier Foundation are a non-profit organisation who seek to protect user data, and illuminate issues within data privacy. They made Pirvacy badger. |
| Palantir |
|
A big data analytics platform. Considered somewhat controversial because of how powerful their tools are. Their tools are used to develop intelligence for CIA, for example. |
| The IAB |
|
The Internet Advertising Bureau are the body which dictates the standards of online advertising. They essentially provide frameworks for publishing online ads, such as Real time bidding |
| The ICO |
|
The Information Commissioners Office are the UK's enforcement body for the GDPR. They provide guidelines for GDPR compliance, and are responsible for finding those who are found to be in breech of regulation. |
| The ODI |
|
The Open Data Institute are a non-profit organisation who champion the use of Data trusts models to help companies and governments do more with data in an ethical way. |
| The Open Rights Group |
|
A non-profit organisation established to protect the digital rights of UK citizens. |
| The Panoptykon Society |
|
A non-profit organisation set up to protect people's right to privacy. |
| Pirvacy badger |
|
blah blah |
| Panoptoclick |
|
A research tool made by EFF. Will scan your browser and see how susceptible you are to Device fingerprinting. Try it here |
| Hyperface |
|
https://ahprojects.com/hyperface/ (facial recognition obfuscation) |
| Jumbo |
|
Privacy tool for consumers. Does things like automatically delete your tweets after a certain length of time. Get it here |
| Trackthis.link |
|
https://trackthis.link/ |
| GovLab |
|
GovLab have created a platform called Data Collaboratives, where companies can share data on an open exchange in order to open up access so that more people and organisations can get use out of data. |