[PPT] - D e v e l o p i n g p r i v a c y - c o mp l i PowerPoint Presentation

SLIDE 1

D e v e l

p

i n g p r i v a c y

c
mp

l i a n t s

f

w a r e a n d s e l l i n g i t t

t

h e l e g a l d e p a r t me n t O t v a n D a a l e n G O T O A m s t e r d a m 2 1 5 – 1 9 J u n e 2 1 5

SLIDE 2

A b

u

t me

F
u

n d e r

f

p r i v a c y l a w b

u

t i q u e

L

e c t u r e r a t I n s t i t u t e f

r

I n f

r

m a t i

n

l a w

F
u

n d e r

f

B i t s

f

F r e e d

m
N

e r d / p r

g

r a m m e r

D e v e l

p

i n g p r i v a c y

c
mp

l i a n t s

f

w a r e a n d s e l l i n g i t t

t

h e l e g a l d e p a r t me n t

G

O T O A m s t e r d a m – 1 9 J u n e 2 1 5

SLIDE 3

G

a

l s

U

n d e r s t a n d t h e r i s k s i n v

l

v e d i n p r i v a c y l a w

U

n d e r s t a n d t h e b a s i c r u l e s

D

e v e l

p

p r i v a c y

c
m

p l i a n t s

fu

w a r e

C
n

v i n c e t h e l e g a l d e p a r t m e n t

D e v e l

p

i n g p r i v a c y

c
mp

l i a n t s

f

w a r e a n d s e l l i n g i t t

t

h e l e g a l d e p a r t me n t

G

O T O A m s t e r d a m – 1 9 J u n e 2 1 5

SLIDE 4

P r i v a c y i n f r i n g e me n t s c a r r y s e r i

u

s r i s k s

D

a m a g e t

r

e p u t a t i

n
R

e d e s i g n

f

s

fu

w a r e

r

p r

c

e s s e s

A

d m i n i s t r a t i v e p r

c

e e d i n g s ( l e g a l c

s

t s )

F

i n e s ( u p t

2

%

f

w

r

l d w i d e t u r n

v

e r ? )

D e v e l

p

i n g p r i v a c y

c
mp

l i a n t s

f

w a r e a n d s e l l i n g i t t

t

h e l e g a l d e p a r t me n t

G

O T O A m s t e r d a m – 1 9 J u n e 2 1 5

SLIDE 5

E u r

p

e a n p r i v a c y r u l e s r e q u i r e t r a n s p a r e n c y a n d c a r e

P

r

v

i d e i n f

r

m a t i

n
n

w h a t y

u

d

L

i m i t u s e

f

p e r s

n

a l d a t a

Mi

n i m i s e c

l

l e c t i

n

, r e t e n t i

n

a n d a c c e s s

f

p e r s

n

a l d a t a

R

e a d i n g a n d w r i t i n g t

u

s e r s d e v i c e s r e q u i r e s c

n

s e n t

S

e c u r e p e r s

n

a l d a t a

D e v e l

p

i n g p r i v a c y

c
mp

l i a n t s

f

w a r e a n d s e l l i n g i t t

t

h e l e g a l d e p a r t me n t

G

O T O A m s t e r d a m – 1 9 J u n e 2 1 5

SLIDE 6

P r

v

i d e i n f

r

ma t i

n
n

w h a t y

u

d

S

p e c i fj c i n f

r

m a t i

n
O

n i d e n t i t y , p u r p

s

e s , d a t a , e t c .

L

a y e r e d i n f

r

m a t i

n

i f c

m

p l e x

A

v

i

d l e g a l e s e

B

e c r e a t i v e , i n v

l

v e t h e U I / U X d e p t !

D e v e l

p

i n g p r i v a c y

c
mp

l i a n t s

f

w a r e a n d s e l l i n g i t t

t

h e l e g a l d e p a r t me n t

G

O T O A m s t e r d a m – 1 9 J u n e 2 1 5

SLIDE 7

L i mi t u s e

f

p e r s

n

a l d a t a

D

a t a n e e d s t

b

e c

l

l e c t e d f

r

a s p e c i fj c p u r p

s

e

U

s e

n

l y a l l

w

e d i f c

m

p a t i b l e w i t h i n i t i a l c

l

l e c t i

n
D

a t a m a y

n

l y b e u s e d i f t h e r e i s a b a s i s

T

h i s u s u a l l y r e q u i r e s ( i ) c

n

s e n t

r

( i i ) b a l a n c i n g

f

i n t e r e s t s

S
:

d e t e r m i n e p u r p

s

e a n d d e t e r m i n e b a s i s

D e v e l

p

i n g p r i v a c y

c
mp

l i a n t s

f

w a r e a n d s e l l i n g i t t

t

h e l e g a l d e p a r t me n t

G

O T O A m s t e r d a m – 1 9 J u n e 2 1 5

SLIDE 8

O b t a i n t r u e c

n

s e n t

C
n

s e n t n e e d s t

b

e s p e c i fj c , f r e e a n d i n f

r

m e d

T

e r m s a n d c

n

d i t i

n

s u s u a l l y d

n

' t c u t i t

P

r

v

i d e c

n

t e x t s p e c i fj c b u t t

n

s

B

e s p e c i fj c a n d i n f

r

m a t i v e

D e v e l

p

i n g p r i v a c y

c
mp

l i a n t s

f

w a r e a n d s e l l i n g i t t

t

h e l e g a l d e p a r t me n t

G

O T O A m s t e r d a m – 1 9 J u n e 2 1 5

SLIDE 9

O r b a l a n c e t h e i n t e r e s t s

T

h i s i n v

l

v e s a d i s c u s s i

n

w i t h t h e l e g a l d e p a r t m e n t

D

e v e l

p

e r s s h

u

l d f

c

u s

n

s a f e g u a r d s t

m

i n i m i s e t h e p r i v a c y i m p a c t :

– Mi

n i m i s e d a t a c

l

l e c t i

n

( s e e a l s

l

a t e r )

– O

fg e r

p

t

u

t p

s

s i b i l i t i e s

– U

s e h a s h i n g , c h i n e s e w a l l s

– O

fg e r d a t a p

r

t a b i l i t y

D e v e l

p

i n g p r i v a c y

c
mp

l i a n t s

f

w a r e a n d s e l l i n g i t t

t

h e l e g a l d e p a r t me n t

G

O T O A m s t e r d a m – 1 9 J u n e 2 1 5

SLIDE 10

R e a d i n g a n d w r i t i n g t

u

s e r s d e v i c e s r e q u i r e s c

n

s e n t

I

n

r

d e r t

p

r

t

e c t a g a i n s t m a l w a r e , E U l e g i s l a t

r

i n t r

d

u c e d R W- p r

t

e c t i

n

s f

r

u s e r d e v i c e s

A

fg e c t s a n a l y t i c s c

k

i e s , t r a n s f e r r i n g a d d r e s s b

k

s , e t c .

E

s p e c i a l l y f

r

a p p s , b e s p e c i fj c , i n f

r

m e d , e x p l a i n w h a t y

u

d

,

p r

v

i d e

p

t

u

t i f n e c e s s a r y

D e v e l

p

i n g p r i v a c y

c
mp

l i a n t s

f

w a r e a n d s e l l i n g i t t

t

h e l e g a l d e p a r t me n t

G

O T O A m s t e r d a m – 1 9 J u n e 2 1 5

SLIDE 11

S e c u r e p e r s

n

a l d a t a

Required to take technical and organisational measures to

secure personal data

This means security measures in the backend, frond, but also

in user devices (to a certain extent)

Encrypt: all user data over the internet, possibly on the device
Hash: passwords, identification mechanisms, user data (note

that this is not anonymisation, just pseudonymisation)

Also: patching, logging, auditing...
And be prepared for a data breach

D e v e l

p

i n g p r i v a c y

c
mp

l i a n t s

f

w a r e a n d s e l l i n g i t t

t

h e l e g a l d e p a r t me n t

G

O T O A m s t e r d a m – 1 9 J u n e 2 1 5

SLIDE 12

C

n

v i n c e t h e l e g a l d e p a r t me n t

Explain you're providing the necessary

information and obtaining specific consent

Explain you've checked whether the data

processing is proportionate and whether there are less infringing options

Explain which safeguards you've taken to

minimise privacy infringement, including opt-

ut, hashing

D e v e l

p

i n g p r i v a c y

c
mp

l i a n t s

f

w a r e a n d s e l l i n g i t t

t

h e l e g a l d e p a r t me n t

G

O T O A m s t e r d a m – 1 9 J u n e 2 1 5

SLIDE 13

Q u e s t i

n

s ?

O t v a n D a a l e n + 3 1 6 5 4 3 8 6 6 8

t

. v a n d a a l e n @ d i g i t a l d e f e n c e . n e t @ d i g i d e f e n c e

D e v e l

p

i n g p r i v a c y

c
mp

l i a n t s

f

w a r e a n d s e l l i n g i t t

t

h e l e g a l d e p a r t me n t

G

O T O A m s t e r d a m – 1 9 J u n e 2 1 5