İbrahim DOLAPCİ

150140722
What is “Privacy”?

That the individual shall

have full protection in person
and property is a principle as old
as the common law; but it has
been found necessary from time
to time to define anew the exact
nature and extend of such
protection. Political, social, and
economic changes entail the recognition
of new rights and the common law in its eternal youth, grows to meet the demands of
society. Thus, in very early times, the law gave a remedy only for physical interference
with life and property. Then the “right to life” served only to protect the subject from
actual restraint; and the right to property scared to the individual his lands and his
castle.
Later there came a recognition of man’s spiritual nature of his feelings and his
intellect. Gradually the scope of these legal rights broadened and now the right to life
has come to mean the right to enjoy life, right to life has come to be let alone, the
right to liberty secures the exercise of extensive civil privileges and term “property” has
grown to comprise every form of possession.
The transforming effect of IT on commerce, communication, health care, and
learning, among other areas, was noted in the 1999 PITAC report. Inherent in this
transformation, because of the speed and reach of IT, is the critical need for attention
to the security of identity. In this era of faceless business transactions enabled by IT,
identity can no longer be taken for granted as a fundamental physical characteristic.
Rather, identity has become a database entity that can be disconnected from
physical recognition even bought and sold as a commodity and as such is subject to
easy theft and widespread misuse.
 What About Privacy and
Technology?

The rapid advance of newspapers in the 19th century led to

information technology(IT) over past legal protections against the harms or
decade has threatened two essential adverse consequences of “intrusion
components of individual security; upon seclusion,” public disclosure of
identity and privacy. Institutions which private facts, and unauthorized use of
must deal with identity name or likeness in
and privacy of commerce. Wire and
students on a large radio
scale have aand communications led
obligation at least, to 20th century laws
and an exposure to against wiretapping
liabity at worst, in the and the interception
verification and of private
protection of information directly communications – laws that, PCAST
related to an individual’s identity and notes, have not always kept pace with
privacy. the technological realities of today’s
Identity theft is being called the digital communications. Past conflicts
“Crime of Twenty-First Century”. It was, between privacy and new technology
in fact, made a federal crime in 1998. have generally related to what is now
Although the locality of life in small termed “small data,” the collection
towns, and n college campuses, has and use of data sets by private‐ and
traditionally insulated these public‐sector organizations where the
communities from criminal access, the data are disseminated in their original
broad reach of IT now allows criminals form or analyzed by conventional
read access to faceless victims statistical methods. Today’s concerns
anywhere in the world. about big data reflect both the
Conflicts between privacy and substantial increases in the amount of
new technology have occurred data being collected and associated
throughout American history. Concern changes, both actual and potential, in
with the rise of mass media such as how they are used.
 Data Privacy

Big data and individual privacy might be data collected directly from
are intentionally broad and inclusive. some source, or data derived by some
Business consultants Gartner, Inc. define process of analysis. They might be
big data as “high‐volume, high‐velocity saved for a long period of time, or they
and high‐variety information assets that might be analyzed and discarded as
demand cost‐effective, innovative they are streamed. The term “privacy”
forms of information processing for encompasses not only avoiding
enhanced insight and decision observation, or keeping one’s personal
making,” while computer scientists matters and relationships secret, but
reviewing multiple definitions offer the also the ability to share information
more technical, “a selectively but not
term describing the publicly. Anonymity
storage and analysis of overlaps with privacy,
large and/or complex but the two are not
data sets using a series identical. Voting is
of techniques recognized as private,
including, but not but not anonymous,
limited to, NoSQL, while authorship of a
MapReduce, and machine political tract may be anonymous, but
learning.” In a privacy context, the it is not private. Likewise, the ability to
term “big data” typically means data make intimate personal decisions
about one or a group of individuals, or without government interference is
that might be analyzed to make considered to be a privacy right, as is
inferences about individuals. It might protection from discrimination on the
include data or metadata collected by basis of certain personal characteristics
government, by the private sector, or (such as an individual’s race, gender, or
by individuals. The data and metadata genome). So, privacy is not just about
might be proprietary or open, they secrets.
might be collected intentionally or The promise of big‐data
incidentally or accidentally. They collection and analysis is that the
might be text, audio, video, sensor‐ derived data can be used for purposes
based, or some combination. They that benefit both individuals and
society. Threats to privacy stem from the misuse of the data, and the fact
the deliberate or inadvertent disclosure that derived data may be inaccurate
of collected or derived individual data, or false.

It was not telecommunications, relating to privacy have been

however, but the invention of the continually reinterpreted and
portable, consumer‐operable camera rearticulated in light of the impact of
(soon known as the Kodak) that gave new technologies.
impetus to Warren and Brandeis’s 1890 The nationwide postal system
article “The Right to Privacy,” then a advocated by Benjamin Franklin and
controversial title, but now viewed as established in 1775 was a new
the foundational document for modern technology designed to promote
privacy law. In the article, Warren and interstate commerce. But mail was
Brandeis gave voice to the concern routinely and opportunistically opened
that “Instantaneous photographs and in transit until Congress made this action
newspaper enterprise have invaded illegal in 1782. While the Constitution’s
the sacred precincts of private and Fourth Amendment codified the
domestic life; and numerous heightened privacy protection
mechanical devices threaten to make afforded to people in their homes or on
good the prediction that ‘what is their persons (previously principles of
whispered in the closet shall be British common law), it took another
proclaimed from the house‐tops,’” century of technological challenges to
further noting that “For years there has expand the concept of privacy rights
been a feeling that the law must afford into more abstract spaces, including
some remedy for the unauthorized the electronic.
circulation of portraits of private
persons…”
The conflict between privacy
and new technology is not new, except
perhaps now in its

greater scope, degree of intimacy, and

pervasiveness. For more than two
centuries, values and expectations
 Differences at Today About Privacy

New collisions between false negatives ‐‐ information that is a

technologies and privacy have consequence of the analysis but is not
become evident, as new technological true or correct. Furthermore, to a much
capabilities have emerged at a rapid greater extent than before, the same
pace. It is no longer clear that the five personal data have both beneficial
privacy concerns raised above, or their and harmful uses, depending on the
current legal interpretations, are purposes for which and the contexts in
sufficient in the court of public which they are used. Information
opinion. Much of the public’s concern supplied by the individual might be
is with the harm done by the use of used only to derive other information
personal data, both in isolation or in such as identity or a correlation, after
combination. Controlling access to which it is not needed. The derived
personal data data, which were never under the
individual’s control, might then be used
after they leave one’s exclusive either for good or some assert that the
possession has been seen historically as issues concerning privacy protection
a means of controlling potential are collective as well as individual,
harm. But today, personal data may particularly in the domain of civil rights
never be, or have been, within one’s for example, identification of certain
possession – for instance they may be individuals at a gathering using facial
acquired passively from external recognition from videos, and the
sources such as public cameras and inference that other individuals at the
sensors, or without one’s knowledge same gathering, also identified from
from public electronic disclosures by videos, have similar opinions or
others using social media. In addition, behaviors.
personal data may be derived from For many companies in recent
powerful data analyses whose use and years, privacy has simply been a matter
output is unknown to the individual. of legal and regulatory compliance,
Those analyses sometimes yield valid best left to lawyers and IT professionals
conclusions that the individual would hired to “take care of it.” But
not want disclosed. Worse yet, the increasingly, privacy has become part
analyses can produce false positives or of a broader business strategy as
consumer awareness and demand for
privacy continues to grow. There is
growing evidence of real consumer
concern about privacy, and even
consumer reluctance to engage fully in
the marketplace as a result. Surveys of
consumers show not only rising levels of
concern but also concrete actions
consumers have taken to shield their
personal information. For example, a
recent Pew study found that 86% of
consumers have taken steps to remove
or mask their digital footprints. These
include steps ranging from clearing
cookies to encrypting email, and from
consumers avoiding use of their names
to using virtual networks that mask their
IP addresses. Surveys also show that
younger consumers care about
privacy, despite assertions to the
contrary. In fact, a second Pew survey
found that children and teenagers
actively engage with their privacy
settings on social networks, often set
their profiles to privacy-protective
settings, and value the control that the
settings provide.
Other evidence of consumer
concern comes from their reactions to
privacy and security breaches when
revealed by the company or in the
press. Let me take you way back to
2005 and the now infamous
ChoicePoint breaches. These incidents
provided a good lesson about the
business impact of poor privacy and
security practices. Due to
ChoicePoint’s allegedly poor privacy
and data security practices, identity
thieves were able to obtain highly
sensitive consumer information from the
company, including Social Security
numbers, and perpetrate identity theft
affecting at least 800 consumers.

Data Protection in Turkey

Currently, Turkey does not have Convention for the Protection of

a specific data protection law. There is Individuals with Regard to Automatic
a Draft Code on the Protection of Processing of Personal Data in 1981.
Personal Data which aims to harmonize Turkey has signed but not yet ratified
Turkish data protection laws with the the Data Processing Convention.
Council of Europe’s Strasbourg
Likewise, the Draft Code has not been  The jurisdiction where the
adopted yet. damage occurred, provided
In the absence of a specific data that the liable party was in a
protection law, general provisions position to know that the
found in various codes regulate data damage could occur in that
protection as follows. jurisdiction.
General laws apply to all In relation to the extra-territorial
individual in Turley. Specific laws apply application of the Turkish Criminal
to persons who deal with personal data Code, Turkish law applies to offences
during their commercial activities committed in Turkey. Where the
(employers, banking personal or offence is partially or entirely
electronic communication committed in Turkey or the result Is felt
companies). in Turkey, the offence is assumed to
In addition to some definition have been committed in Turkey.
provided in specific Turkish regulations, Article 20 of the Constitution
definition of personal data in Data states that everyone has the right to
Processing Convention is relied on in ask for protection of his/ her personal
practice in Turkey. Accordingly, information; and such right includes
personal data means any information the right to be informed of personal
relating to an identified or identifiable data pertaining to such person, the
individual data subject. right to access, delete and/or correct
Recording, obtaining and such data and the right to find out
processing personal data, as well as its whether the data is being used in
transmission, are regulated. The rules accordance with the purpose for
apply to individuals and entities in which it was collected.
Turkey. However, claims arising from the The provision also stipulates that
violation of personal rights through any personal data can only be processed
means of mass media are governed by, for reasons stated in the law or with
at the discretion of the injured party, the explicit consent of the data subject.
law of one of the following Data protection is enforced through
 The injured party’s habitual general provisions laid down in a
residence. number of laws and regulations. In this
 The liable party’s place of regard, each situation needs to be
business. evaluated individually as it may be
subject to provisions of an applicable
specific law, if any.
In general terms, the Turkish Criminal
Code No. 5237 contains provisions
regulating collecting and processing of
personal data and imposes penalties
for acquiring and unlawful recording of
personal data.
Furthermore, the Turkish Criminal Code
No. 5237 stipulates that upon expiry of
the time period specified by law to
retain data, such data must be
deleted or destroyed.
The Draft Law stipulates personal data
can only be processed in accordance
with the Draft Law and other laws and
sets forth personal data may be
collected and processed if:
 processed fairly and lawfully;
 collected for specified, explicit
and legitimate purposes and
not further processed in a way
incompatible with those
purposes.
 adequate, relevant and not
excessive in relation to the
purposes for which they are
collected and/or processed;
 accurate and, where
necessary, kept up to date;
 kept in a form which permits
identification of data subjects
for no longer than is necessary
for the purposes for which the
data were collected or for
which they are further
processed.
Personal data may be processed only
if:
 the data subject has given his
explicit consent;
 processing is necessary for
compliance with a legal
obligation to which the
controller is subject;
 processing is necessary in order
to protect the life or physical
integrity of the data subject or
another where the data subject
is incapable of giving his
consent;
 processing is necessary for the
execution or performance of a
contract to which the data
subject is party;
 processing of data that has
been disclosed/published by
the data subject or is available
in the public domain;
 processing is necessary for the
purposes of the legitimate
interests pursued by the
controller or by the third party or
parties to whom the data are
disclosed, except where such
interests are overridden by the
interests for fundamental rights
 and freedoms of the data circumstances defined under the Draft
subject. Law provided precautions/safeguards
In collection of data from the data are taken to protect the family and
subject the controller is obliged to private life.
provide the data subject the following
information:
 the identity of the controller and
of his representative, if any;
 the purposes of the processing
for which the data is intended;
 the recipients of the data;
 the process of collecting data,
the legal grounds and probable
effects;
 the existence of the right of
access data collected;
 the right to rectify the data
concerning the data subject
Where the data has not been
obtained from the data subject, the
controller shall provide the data
subject with the above stated
information as well as details of the
categories of data concerned.
Processing of sensitive personal data
revealing race, political opinions,
philosophical beliefs, religion, sect or
other beliefs, foundation or union
membership, and the processing of
data concerning health or private life
and all kinds of convictions is
forbidden.
Sensitive personal data may be
processed under a number of
 References

[1] A. Acquisti and R. Gross. Imagined communities: Awareness, information sharing,

and privacy on the Facebook. In Privacy Enhancing Technologies, pages 36–58.
Springer Berlin, 2006.

[2] I. Altman. The Environment and Social Behavior: Privacy, Personal Space, Territory,
and Crowding. Brooks/Cole Pub. Co., 1975.

[3] A. Besmer and H. Richter Lipford. Moving beyond untagging: photo privacy in a
tagged world. In CHI 2010, pages 1563–1572. ACM, 2010.

[4] d. boyd and E. Hargittai. Facebook privacy settings: Who cares? First Monday,
15(8), August 2010.

[5] d. m. boyd and N. B. Ellison. Social network sites: Definition, history, and scholarship.
Journal of Computer-Mediated Communication, 13:210–230, 2007.

[6] S. Egelman and M. Johnson. How good is good enough? the sisyphean struggle for
optimal privacy settings. In Proceedings of the CSCW Reconciling Privay with Social
Media Workshop, 2012.

[7] S. Egelman, A. Oates, and S. Krishnamurthi. Oops, I did it again: Mitigating repeated
access control errors on Facebook. In CHI 2011, pages 2295–2304, 2011.

[8] Facebook. http://newsroom.fb.com/content/ default.aspx?NewsAreaId=22, 2012.

[9] R. Gross and A. Acquisti. Information revelation and privacy in online social
networks. In Proceedings of Workshop on Privacy in the Electronic Society, pages 71–
80. ACM, 2005.