SMART TOURISM DESTINATIONS PRIVACY RISKS ON DATA PROTECTION
A FIRST APPROACH, FROM AN EUROPEAN PERSPECTIVE
Resumen
Tourism-related data created by tourists and processed in a smart tourism environment concern mostly personal data deriving from diverse sources: social networks, intelligent apps, ubiquitous sensors, big data analytics, etc., providing a massive size of volunteered, observed, inferred or collected digital traces, resulting in multidimensional sets of available and accessible data, at least for its controllers. Such data is the fabric for organizations to convert tourism information into future preferences and value propositions of empowered tourism experiences, ready to be monetarized. Therefore, the exploitation of data related to this perceived enjoyment must be considered in the legal framework of data protection by exposing potential risks to data protection and privacy, along with the available compliance tools, namely those provided by the New GDPR. In short, Smart Tourism Destinations are one of the best available benchmarks regarding data protection regulations
Citas
- ANUAR, Faiz I.; GRETZEL, Ulrike. Privacy Concerns in the Context of Location-Based Services for Tourism.ENTER 2011 Conference. Accessibility of ICTs and Accessible Travel Information, Innsbruck, Austria, 2001,accessible at http://agrilifecdn.tamu.edu/ertr/files/2013/02/13.pdf, consulted on 20/05/2018.
ART 29 WP – Article 29 Work Party of the European Union. Opinion 7/2003, on the re-use of public sector information, accessible at http://ec.europa.eu/justice/article-29/documentation/opinion-recommendation/files/2003/wp83_en.pdf, consulted on 20/05/2018.
______. Opinion 4/2007, on the concept of personal data, accessible at http://ec.europa.eu/justice/article-29/documentation/opinion-recommendation/files/2007/wp136_en.pdf, consulted on 20/05/2018.
______. Opinion 15/2011, on the definition of consent, accessible at http://ec.europa.eu/justice/article-29/documentation/opinion-recommendation/files/2011/wp187_en.pdf, consulted on 20/05/2018.
______. Opinion 3/2013, on purpose limitation, accessible at http://ec.europa.eu/justice/article-29/documentation/opinion-recommendation/files/2013/wp203_en.pdf, consulted on 20/05/2018.
______. Opinion 6/2013, on open data and public-sector information (PSI) reuse, accessible at http://ec.europa.eu/justice/article-29/documentation/opinion-recommendation/files/2013/wp207_en.pdf, consulted on 20/05/2018.
______. Opinion 05/2014, on anonymisationtechniques, accessible at http://ec.europa.eu/justice/article-29/documentation/opinion-recommendation/files/2014/wp216_en.pdf, consulted on 20/05/2018.
______. Opinion 8/2014, on the recent developments on the Internet of Things, accessible at http://ec.europa.eu/justice/article-29/documentation/opinion-recommendation/files/2014/wp223_en.pdf, consulted on 20/05/2018.
______. Guidelines on Consent under Regulation 2016/679, accessible at http://ec.europa.eu/newsroom/article29/document.cfm?action=display&doc_id=51030, consulted on 20/05/2018.
- ATEMBE, Roland.The Use of Smart Technology in Tourism: Evidence from Wearable Devices. Journal of Tourism and Hospitality Management, Amsterdam, Vol. 3, n. 11-12, 2015, pp. 224-234.
- BARTOLINI, Cesare; SIRY, Lawrence. The right to be forgotten in the light of the consent of the data subject. Computer Law and Security Review, Amsterdam, Vol. 32, n. 2, 2016, pp. 218-237.
- BAUZÀ M., Felio. Tourism, Technology and Citizens’ Legal Protection: Tourism Data. Athens Journal of Tourism, Athens, Vol. 5, n. 1, 2018, pp. 55-68.
- BUHALIS, Dimitrios. Marketing the Competitive Destination of the Future. Tourism Management,Amsterdam, Vol. 21, 2000, pp. 97–116.
- BUHALIS, Dimitrios; AMARANGGANA, Aditya. Smart Tourism Destinations.In XIANG, Zheng; TUSSYADIAH, Lis (Eds.).Information and Communication Technologies in Tourism 2014 - Proceedings of the International Conference in Dublin, Ireland. Heidelberg: Springer, 2014, pp. 553-564.
- BUHALIS, Dimitrios; AMARANGANNA, Aditya. STD: Enhancing Tourism Experience Through Personalisation of Services. In TUSSYADIAH, Lis; INVERSINI, Alessandro (Eds.).Information and Communication Technologies in Tourism 2015 - Proceedings of the International Conference in Lugano, Switzerland. Heidelberg: Springer, 2015, pp. 377-389.
- CAROLAN, Eoin. The continuing problems with online consent under the EU's emerging data protection principles. Computer Law and Security Review, Amsterdam, Vol. 32, n. 3, 2016, pp. 462-473
- ČAS, Johann.Ubiquitous Computing, Privacy and Data Protection.In GUTWIRTH, Serge et al. (Eds.). Computers, Privacy and Data Protection: An Element of Choice. Heidelberg: Springer, 2009, pp. 139-169.
- COE – Council of Europe. Guidelines on the Protection of individuals with regard to the processing of personal data in a world of Big Data, T-PD, 2017, accessible at https://rm.coe.int/16806ebe7a, consulted on 20/05/2018.
- DAVENPORT, Thomas H. At the Big Data Crossroads: turning towards a smarter travel experience. Amadeus IT Group Report, 2013, accessible athttp://www.amadeus.com/web/binaries/blobs/703/769/Amadeus_Big_Data,1.pdf, consulted on 20/05/2018.
- EDPS – European Data Protection Supervisor. Opinion 3/2015, Europe’s big opportunity, EDPS Recommendations on the EU’s options for data protection reform, accessible at https://edps.europa.eu/sites/edp/files/publication/15-10-09_gdpr_with_addendum_en.pdf, consulted on 20/05/2018.
-______. Opinion 7/2015 on Meeting the challenges of big data, accessible at https://edps.europa.eu/sites/edp/files/publication/15-11-19_big_data_en.pdf, consulted on 20/05/2018.
- EDWARDS, Lilian. Privacy, security and data protection in smart cities: a critical EU law perspective. European Data Protection Law Review, Berlin, Vol. 2, 2016, pp. 28-58.
- ENISA – European Networks and Information Security Agency. 2015 Report on Privacy and Data Protection by Design – from policy to engineering, accessible at https://www.enisa.europa.eu/publications/privacy-and-data-protection-by-design/at_download/fullReport, consulted on 20/05/2018.
______. 2017Recommendations on European Data Protection Certification, accessible at https://www.enisa.europa.eu/publications/recommendations-on-european-data-protection-certification/at_download/fullReport, consulted on 20/05/2018.
- EU – European Union. Regulation (EU) 2016/679, of the European Parliament and of the Council of 27/04/2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), applicable from the 25th May of 2018, accessible at https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679&from=EN, consulted on 20/05/2018.
______.Directive (EU) 2016/1148, of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union, accessible at https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016L1148&from=EN, consulted on 20/05/2018.
______.Proposal for a Regulation of the European Parliament and of the Council concerning the respect for private life and the protection of personal data in electronic communications, COM/2017/010 final - 2017/03 (COD), accessible at https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:52017PC0010&from=EN, consulted on 20/05/2018.
- GRETZEL, Ulrike; SIGALA, Marianna et al. Smart tourism: foundations and developments. Electronic Markets, Heidelberg, Vol. 25, n. 3, 2015, pp. 179–188.
- GRETZEL, Ulrike; REINO, Sofiaet al. Smart Tourism Challenges. Journal of Tourism, Garhwal University,Vol. 16, n. 1,2015, pp. 41-47.
- ICO - Information Commissioner's Office. Guide on Big Data, Artificial Intelligence, Machine Learning and Data Protection, 2017, accessible at https://ico.org.uk/for-organisations/guide-to-data-protection/big-data/, consulted on 20/05/2018.
- HABEGGER, Benjaminet al. Personalization vs. Privacy in Big Data Analysis. International Journal of Big Data. New York, n. 1, 2014, pp. 25-35.
- HADAR, Iritet al. Privacy by designers: software developers’ privacy mindset. Empirical Software Engineering.Heidelberg, Vol. 23, n. 1, 2018, pp 259–289.
- HOEREN, Thomas. Big Data and Data Quality.In HOEREN, Thomas; KOLANY-RAISER, Barbara (Eds.), Big Data in Context - Legal, Social and Technological Insights. Heidelberg: Springer, 2018, pp. 1-11.
- HÖJER, Mattias; WANGEL, Josefin, Smart Sustainable Cities: Definition and Challenges. In HILTY, Lorenz; AEBISCHER, Bernard (Eds.). ICT Innovations for Sustainability, Advances in Intelligent Systems and Computing. Heidelberg: Springer, 2015, pp. 333-349.
- JÜLICHER, Tim; DELISLE, Marc. Step into ‘The Circle’—A Close Look at Wearables and Quantified Self. In HOEREN, Thomas; KOLANY-RAISER, Barbara (Eds.). Big Data in Context - Legal, Social and Technological Insights, Heidelberg: Springer, 2018, pp. 81-91.
- KEMP, Richard. Legal aspects of managing big data. Computer Law and Security Review, Amsterdam, Vol. 30, n. 5, 2014, pp. 482-491.
- KITCHIN, Rob. Getting smarter about smart cities: Improving data privacy and data security. Dublin: Data Protection Unit / Department of the Taoiseach, 2016, accessible athttp://eprints.maynoothuniversity.ie/7242/, consulted on 20/05/2018.
- LAW, Rob et al. Information technology applications in hospitality and tourism: a review of publications from 2005 to 2007. Journal of Travel & Tourism Marketing, Abingdon-on-Thames, Vol. 26, n. 5-6, 2009, pp. 599-623.
- LEONARD, Peter. Customer data analytics: privacy settings for ‘Big Data’ business. International Data Privacy Law, Oxford, Vol. 4, n. 1, 2014, pp. 53-68.
- LUZAK, Joasia, Vulnerable Travellers in the Digital Age. Journal of European Consumer and Market Law, München, Vol. 5, n. 3, 2016, pp. 130-135.
- MANTELERO, Alessandro. The future of consumer data protection in the E.U. Re-thinking the ‘notice and consent’ paradigm in the new era of predictive analytics. Computer Law and Security Review, Amsterdam, Vol 30, n. 6, 2014, pp. 643-660
-______. Data protection, e-ticketing, and intelligent systems for public transport.International Data Privacy Law, Oxford, Vol 5, n. 4, 2015, pp. 309-320.
- MANTELERO, Alessandro; VACIAGO, Giuseppe. The 'Dark Side' of Big Data: Private and Public Interaction in Social Surveillance. How data collections by private entities affect governmental social control and how the EU reform on data protection responds in Social Surveillance. Computer Law Review International, Berlin, Vol. 14, 2013, pp. 161-169.
- MANYIKA, James et al. Big data: The next frontier for innovation, competition, and productivity. Report - McKinsey Global Institute, 2011,accessible athttps://www.mckinsey.com/business-functions/digital-mckinsey/our-insights/big-data-the-next-frontier-for-innovation, consulted on 20/05/2018.
- MASSENO, Manuel David. On the relevance of Big Data for the formation of contracts regarding package tours or linked travel arrangements, according to the New Package Travel Directive. Comparazione e diritto civile.Salerno, n. 4, 2016, 1-14.
- NEUHOFER, Barbara et al. Smart technologies for personalized experiences: a case study in the hospitality domain. Electronic Markets, Heidelberg,Vol 25, n. 3, 2015, pp. 243-254.
- OHM, Paul. Broken promises of privacy: Responding to the surprising failure of anonymization. UCLA LawReview, Los Angeles, Vol. 57, n. 6, pp. 1701-1777, 2010.
- PANTANO, Eleonora et al. ‘You will like it!’ Using open data to predict tourists’ responses to a tourist attraction.Tourism Management, Amsterdam, Vol. 60, 2017, pp. 430-438.
- PARISER, Eli.The Filter Bubble: What the Internet is Hiding from You. New York: The Penguin Press, 2011.
- PIHLSTRÖM, Minna, Perceived Value of Mobile Service Use and its Consequences. Helsinki: Swedish School of Economics and Business Administration, 2008, accessible athttps://helda.helsinki.fi/bitstream/handle/10227/269/176-978-951-555-977-7.pdf?sequence=2&origin=publication_detail, consulted on 20/05/2018.
- PRAHALAND, C. K.; RAMASWAMY, Venkat. Co-creation experiences: the next practice in value creation. Journal of Interactive Marketing, Amsterdam, Vol. 18, n. 3, 2004, pp. 5-14.
- RODRIGUES, Rowena et al. The future of privacy certification in Europe: an exploration of options under article 42 of the GDPR. International Review of Law, Computers & Technology, Abingdon-on-Thames, Vol. 30, n. 3, 2016, pp. 248-270.
- ROMANOU, Anna. The necessity of the implementation of Privacy by Design in sectors where data protection concerns arise. Computer Law and Security Review, Amsterdam, Vol. 34, n. 1, pp. 99-110
- RUBINSTEIN, Ira S. Big Data: The End of Privacy or a New Beginning. International Data Privacy Law, Oxford, Vol. 3, n. 2, 2013, pp. 74-87.
- SANTOS, Cristiana et al. Detecting and Editing Privacy Policy Pitfalls on the Web. In Proceedings of 1st Workshop on Technologies for Regulatory Compliance / 30th International Conference on Legal Knowledge and Information Systems (JURIX).University of Luxembourg. Luxembourg, 13th of December 2017, pp. 87-99,accessible athttp://ceur-ws.org/Vol-2049/09paper.pdf, consulted on 20/05/2018.
- SARAVANAN, Shanti; SADHU RAMAKRISHNAN, Balasundaram. Preserving privacy in the context of location based services through location hider in mobile-tourism. Information Technology & Tourism, Heidelberg, Vol. 16, n. 2, 2016, pp 229–248.
-SCHWARTZ, Paul; SOLOVE, Daniel.The PII Problem: Privacy and a New Concept of Personally Identifiable Information.New York University Law Review, Vol. 86, 2011, pp. 1814-1894.
- SOLOVE, Daniel. I’ve Got Nothing to Hide and Other Misunderstandings of Privacy. San Diego Law Review, San Diego, Vol. 44, 2017, pp. 745–772.
- SOUALAH-ALILA, Fayrouzet al. DataTourism: Designing Architecture to Process Tourism Data. In INVERSINI, Alessandro; SCHEGG, Roland (Eds.), Information and Communication Technologies in Tourism 2016 - Proceedings of the International Conference inBilbao, Spain. Heidelberg: Springer, 2016, pp. 751-763.
- TALLON, Paul. Corporate governance of big data: perspectives on value, risk, and cost. Computer, Long Beach, Vol. 46, Issue 6, 2013, pp. 32-38.
- TUSSYADIAH, Lis; FESENMAIER, Daniel. Mediating the tourist experiences access to places via shared videos. Annals of Tourism Research, Amsterdam, Vol. 36, n. 1, 2009, pp. 24-40.
- WATERMAN, K.; BRUENING, Paula, Big Data analytics: risks and responsibilities. International Data Privacy Law, Oxford, Vol. 4, n. 2, 2014, pp. 89-95.
- ZUIDERVEEN BORGESIUS, Frederik J. Singling out people without knowing their names – Behavioural targeting, pseudonymous data, and the new Data Protection Regulation. Computer Law and Security Review, Amsterdam, Vol. 32, n. 2, 2016, pp. 256-271.