You are here: Resources > FIDIS Deliverables > Privacy and legal-social content > D14.2: Study on Privacy in Business Processes by Identity Management > 
Personalised Profiles and the Need for ‘Ambient Law’  Title:
 Privacy and Security Threats


‘Ambient Law’

To regain control in an AmI world, clients will need the right to have access to automated profiles that may be applied to them and the right to actively adapt their own profiles. But new legal regulations in the sense of enacted written law will not suffice. The problem with data protection legislation, as with all administrative law, is a lack of effectiveness. If there is no incentive for service providers to comply with the law they will only implement it in as far as they expect to be checked and sanctioned. The costs for governments to institutionalise adequate monitoring of service providers are simply too high and at this moment in time the transaction costs for clients to find out which profiles may be relevant, let alone to actively adapt them to their conscious preferences are way beyond measure.

In the course of the FIDIS cooperation within the workpackage on profiling we have come to the conclusion that to achieve an effective legal regulation of the access to profiles (including the possibility to contest them), these regulations must be articulated in the technological design of AmI devices. The vision of AmI thus requires a vision of Ambient Law. At present workpackage 7 on profiling is preparing the ground for a report on such ‘Ambient Law’, to be finalised in the middle of 2007. For a start such ambient law would for instance require:

  1. technological embodiment of mandatory data protection legislation, effectively ruling out non compliance by service providers 

  2. technological embodiment of transparency, for instance requiring a user’s proxy that is able to detect the types of profiles that may be applied and that warns the user if this may be disadvantageous

  3. technological embodiment of machine to machine (M2M) communication to negotiate with the service provider about the level of anonymity and unlinkability 

  4. technological embodiment of machine to machine (M2M) communication to negotiate about the application of profiles predefined by the (potential) client; such negotiations could concern the terms of the contracts made between service provider and client, for instance the price, the exchange of data etc.  

Having access to the types of profiles that may be applied will reduce the risk of falling victim to illegitimate price (or other) discrimination and should counter attempts to manipulate behaviour without awareness of the client.   

Conclusion: The Design of Technologically Embodied Law

An AmI environment will facilitate business processed leading to profits for service providers and benefits for their clients. Protection of personal data is not the only issue that is stake if the vision of AmI is realised; protection against illegitimate or undesirable application of automatically generated profiles is needed. To achieve such protection legal provisions need to be embodied in technological devices other than the script (Lévy, 1990) in order to establish a renewed balance between the power of those that profile and those that are being profiled. 


Personalised Profiles and the Need for ‘Ambient Law’  fidis_wp14_d14.2-study_on_privacy_in_business_processes_by_identity_management-v09_02.sxw  Privacy and Security Threats
15 / 38