legal issues about metadata data privacy vs information
play

Legal Issues about Metadata: Data Privacy vs Information Security - PowerPoint PPT Presentation

Nov 17, 2022 •162 likes •521 views

Legal Issues about Metadata: Data Privacy vs Information Security Manuel Munier 1 V. Lalanne 1 P.Y. Ardoy 2 M. Ricarde 3 1 LIUPPA Universit e de Pau et des Pays de lAdour Mont de Marsan, France (IT security) 2 CRAJ Universit e de Pau

  1. Legal Issues about Metadata: Data Privacy vs Information Security Manuel Munier 1 V. Lalanne 1 P.Y. Ardoy 2 M. Ricarde 3 1 LIUPPA Universit´ e de Pau et des Pays de l’Adour Mont de Marsan, France (IT security) 2 CRAJ Universit´ e de Pau et des Pays de l’Adour Pau, France (private law) 3 BackPlan Project Communication Control Pau, France (company) DPM 2013 Egham, UK, September 12th-13th, 2013

  2. Motivations Legal Issues Socio-Economic Issues Conclusion This paper Information system security is currently one of the most important goals for enterprises. New IT: ADSL, BYOD devices, cloud services,. . . � Users exchange and store more and more information � Users accomplish almost anything from anywhere � Information systems are connected to the Internet � Data is more and more complex structured documents combination of public data and confidential data ⇒ Information security concerns ? Manuel Munier : Legal Issues about Metadata: Data Privacy vs Information Security DPM 2013 2 / 34

  3. Motivations Legal Issues Socio-Economic Issues Conclusion This paper New information system security mechanisms need to know more about operations user & role, resource, action date, location, tools,. . . previous operations (traceability), pending obligations,. . . ⇒ Metadata (”data about data”) � access control → usage control � contexts & dynamic security policies � indicator computation (confidence, impact risk of a change, trustworthiness,. . . ). ⇒ Legal issues about (meta)data privacy ? Manuel Munier : Legal Issues about Metadata: Data Privacy vs Information Security DPM 2013 3 / 34

  4. Motivations Legal Issues Socio-Economic Issues Conclusion Outline Motivations for Metadata 1 Metadata & Legal Issues 2 Metadata & Socio-Economic Issues 3 Conclusion 4 Manuel Munier : Legal Issues about Metadata: Data Privacy vs Information Security DPM 2013 4 / 34

  5. Motivations Legal Issues Socio-Economic Issues Conclusion Motivations for Metadata From ”information system security” to ”information security” Our previous work is related to usage control for cross-organizational collaborative work management ⊲ ”Self-Protecting Documents for Cloud Storage Security” (TrustCom 2012) ⊲ Enterprise Digital Right Management (E-DRM) ⊲ usage control ≡ security policy to control how users operate on documents ⊲ dynamic security policy ≡ contextual security rules ⇒ The system must collect various metadata to enable/disable contexts: user location, user’s confidence in partners, state of related documents, compliance in observing deadlines, revision notes,. . . Manuel Munier : Legal Issues about Metadata: Data Privacy vs Information Security DPM 2013 5 / 34

  6. Motivations Legal Issues Socio-Economic Issues Conclusion Motivations for Metadata From ”information system security” to ”information security” By enabling/disabling contexts the system can add/remove permissions, obligations,. . . according to operation history, metadata content,. . . NB: We work on structured documents ⇒ metadata is stored on nodes of the document ( � fine granularity) Metadata is used: → during the document lifecycle : usage control, indicator computation,. . . → a posteriori : traceability, evidence in case of litigation,. . . Our current work We focus on the information security rather than the security of the system itself. Manuel Munier : Legal Issues about Metadata: Data Privacy vs Information Security DPM 2013 6 / 34

  7. Motivations Legal Issues Socio-Economic Issues Conclusion Motivations for Metadata From ”IT” to ”legal domain” Metadata is a well-known concept in computer sciences in data warehousing → to manage and store the data in business intelligence → usage of the data to facilitate reporting and analysis But increasing use of metadata leads to legal issues (e.g. between partners on a project) � Metadata impacts on contexts and thus modifies how partners can use the document (and do the job): add obligation, remove permission,. . . � Metadata is used to compute indicators (new metadata) and can reveal opinions, quality of the partners and their work,. . . � Analysis of metadata can lead to impose penalties: unfulfilled commitments, missed deadlines,. . . Manuel Munier : Legal Issues about Metadata: Data Privacy vs Information Security DPM 2013 7 / 34

  8. Motivations Legal Issues Socio-Economic Issues Conclusion Motivations for Metadata Sample application: Oil & Gas project Consider an Oil & Gas project as the construction of a pipeline or an oil installation ⊲ Such a project obviously involves many partners and sub-contractors (and from various countries). ⊲ The information system (aka document registry) consists of numerous documents. � specifications, design documents, drawings, reviews from experts, certifications, good practice guides, standards,. . . ⊲ Such a project also defines many workflows for collaborative work management � process monitoring, ”up to date” documents between partners, compliance with deadlines,. . . Manuel Munier : Legal Issues about Metadata: Data Privacy vs Information Security DPM 2013 8 / 34

  9. Motivations Legal Issues Socio-Economic Issues Conclusion Motivations for Metadata Sample application: Oil & Gas project BackPlan → project communication control BackPlan’s business aims to provide: collaborative work facilities between companies � workflow monitoring, dashboards,. . . document registry service � common document repository, traceability of changes,. . . BackPlan & metadata ? ⊲ improve workflow management ⊲ add new and fine grain indicators to dashboards ⊲ ”bind” the various documents for traceability and responsability purposes during and after the project ⇒ Legal issues are central to BackPlan’s business ! Manuel Munier : Legal Issues about Metadata: Data Privacy vs Information Security DPM 2013 9 / 34

  10. Motivations Legal Issues Socio-Economic Issues Conclusion Motivations for Metadata New field: Service Oriented Architecture security We also decided to apply same practices to SOA security, especially to information systems connected through services � usage control policy between service providers, clients, sub-contractors ⊲ ”Information Security in Business Intelligence based on Cloud” (WOSIS 2013) � metadata, traceability, indicators,. . . for information security risk management (cf. ISO 27005 standard) ⊲ ”Information Security Risk Management in a World of Services” (PASSAT 2013) ⇒ But obviously we can not avoid legal issues when addressing vulnerabilities, threats, SLA,. . . Manuel Munier : Legal Issues about Metadata: Data Privacy vs Information Security DPM 2013 10 / 34

  11. Motivations Legal Issues Socio-Economic Issues Conclusion Metadata & Legal Issues Information security � metadata � legal concerns Questions: computing → law ⊲ What metadata are we authorized to collect and to store ? ⊲ What indicators can we calculate ? (as automated processings) ⊲ On the basis of such information, can we legally influence the ”normal” usages ? Questions: computing ← law ⊲ Security mechanisms required to use metadata as evidence ? (e.g. authenticity, integrity, stability) ⊲ How to use metadata as evidence ? (jurisprudence) ⊲ Metadata necessary to anticipate the need for evidences ? (e.g. project achieved with compliance to current regulations) Manuel Munier : Legal Issues about Metadata: Data Privacy vs Information Security DPM 2013 11 / 34

  12. Motivations Legal Issues Socio-Economic Issues Conclusion Metadata & Legal Issues Information security � metadata � legal concerns Clearly, these questions are not within our competence as IT specialists ( LIUPPA ) ⇒ We got in touch with our jurist colleagues of the CRAJ ( Centre de Recherche et d’Analyse Juridique ) The CRAJ is a UPPA research center in private law. They work on civil law, business law, criminal law and criminology. The ODJ team ( Observatoire De la Jurisprudence ) analyses jurisprudence of European, national and local jurisdictions. Manuel Munier : Legal Issues about Metadata: Data Privacy vs Information Security DPM 2013 12 / 34

  13. Motivations Legal Issues Socio-Economic Issues Conclusion Metadata & Legal Issues What is a metadata in the law ? Metadata The concept of metadata is not a well-known concept of the law. The Greek prefix meta- refers to the reference to itself � The term ”metadata” refers to data within data, data which describes other data. � The law does not define, at the moment, a specific legal regime for metadata and handles it as traditional data. � Metadata raises three types of difficulties: its collection, its storage and its use Manuel Munier : Legal Issues about Metadata: Data Privacy vs Information Security DPM 2013 13 / 34

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Privacy and your data Christopher Scholefield Commercial Partner Lara Zambon Legal

Privacy and your data Christopher Scholefield Commercial Partner Lara Zambon Legal

Privacy & your data Privacy and your data Christopher Scholefield Commercial Partner Lara Zambon Legal Assistant Privacy & your data Data protection What are we talking about? What is personal data? Rights of the data

486 views • 19 slides
More mobility options, more data: Transportation and privacy issues in shared-mobility data use

More mobility options, more data: Transportation and privacy issues in shared-mobility data use

More mobility options, more data: Transportation and privacy issues in shared-mobility data use Tuesday, February 25, 2020 1:30pm California Legislature Information Hearing State Capitol, Room 4203 Senate Transportation & Judiciary

315 views • 14 slides
THE EVOLVING ZONES OF PRIVACY: SAFEGUARDING THIRD PARTY INFORMATION AND MINIMIZING PRIVACY CLAIM

THE EVOLVING ZONES OF PRIVACY: SAFEGUARDING THIRD PARTY INFORMATION AND MINIMIZING PRIVACY CLAIM

THE EVOLVING ZONES OF PRIVACY: SAFEGUARDING THIRD PARTY INFORMATION AND MINIMIZING PRIVACY CLAIM EXPOSURE Presented By LAURA J. COE INTRODUCTION Why Privacy Law Issues Matter During 2017, over 1,500 data breaches resulted in:

586 views • 57 slides
DATA PRIVACY FROM THE LEGAL TO THE ETHICAL ? ERIC SALAMA, SENIOR FELLOW HARVARD KENNEDY SCHOOL

DATA PRIVACY FROM THE LEGAL TO THE ETHICAL ? ERIC SALAMA, SENIOR FELLOW HARVARD KENNEDY SCHOOL

DATA PRIVACY FROM THE LEGAL TO THE ETHICAL ? ERIC SALAMA, SENIOR FELLOW HARVARD KENNEDY SCHOOL M-RCBG 29 TH OCTOBER 2020 HOUSE REPORT SEES POOR STANDARDS OF DATA PRIVACY AS EVIDENCE OF MONOPOLY POWER In the absence of adequate privacy

523 views • 29 slides
Network Privacy Mostly issues of preserving privacy of data flowing through network Start

Network Privacy Mostly issues of preserving privacy of data flowing through network Start

Network Privacy Mostly issues of preserving privacy of data flowing through network Start with encryption With good encryption, data values not readable So whats the problem? Lecture 17 Page 1 CS 236 Online Traffic Analysis

532 views • 21 slides
Privacy in the Big Data Era SDS2015 ZHAW , June 12, 2015 O LIVIER H EUBERGER -G TSCH Legal

Privacy in the Big Data Era SDS2015 ZHAW , June 12, 2015 O LIVIER H EUBERGER -G TSCH Legal

Privacy in the Big Data Era SDS2015 ZHAW , June 12, 2015 O LIVIER H EUBERGER -G TSCH Legal Counsel | Attorney at Law Introduction Big Data Profiling Aspects re Privacy and Data Protection Quo Vadis Privacy? Introduction

326 views • 19 slides
$ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that

$ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that

Presentation Slides $ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that involves the rights of individuals in relation to information about them that is circulating in society. why privacy is an

318 views • 13 slides
LIABILITY ISSUES 101 LIABILITY ISSUES 101 The legal information and assistance provided in this

LIABILITY ISSUES 101 LIABILITY ISSUES 101 The legal information and assistance provided in this

PARKS AND RECREATION POLICY AND LEGAL TOOLS FOR A HEALTHIER FUTURE LEGAL TOOLS FOR A HEALTHIER FUTURE LIABILITY ISSUES 101 LIABILITY ISSUES 101 The legal information and assistance provided in this workshop does not constitute legal advice or

515 views • 39 slides
Session 5b Privacy, Data Security and Legal Considerations in Software as a Service and Cloud

Session 5b Privacy, Data Security and Legal Considerations in Software as a Service and Cloud

Session 5b Privacy, Data Security and Legal Considerations in Software as a Service and Cloud Computing Services for Educational Institutions Presented by: Cristina Blanton Erin Fonte Associate Systemwide Compliance and Member, Privacy

310 views • 28 slides
$ Lesson Fourteen Consumer Privacy 04/09 privacy and information information privacy: privacy

$ Lesson Fourteen Consumer Privacy 04/09 privacy and information information privacy: privacy

Presentation Slides $ Lesson Fourteen Consumer Privacy 04/09 privacy and information information privacy: privacy that involves the rights of individuals in relation to information about them that is circulating in society. why privacy is an

429 views • 13 slides
DIMACS/PORTIA Workshop on Privacy Preserving Data Mining Data Mining & Information Privacy:

DIMACS/PORTIA Workshop on Privacy Preserving Data Mining Data Mining & Information Privacy:

DIMACS/PORTIA Workshop on Privacy Preserving Data Mining Data Mining & Information Privacy: New Problems and the Search for Solutions March 15 th , 2004 Tal Zarsky The Information Society Project, Yale Law School Introduction: Various

273 views • 25 slides
Davide Gallino - AGCOM Summary Why regulators should discuss such a far-fetched topic as

Davide Gallino - AGCOM Summary Why regulators should discuss such a far-fetched topic as

Regulatory issues in IOT and focus on autonomous driving Legal and regulatory issues Sample regulations an international overview road safety, data privacy, cyber-security, and interoperability across borders in the European Union

459 views • 42 slides
Government and Big Data: Privacy Risks and Solutions Ontarios Access and Privacy Laws The

Government and Big Data: Privacy Risks and Solutions Ontarios Access and Privacy Laws The

Brian Beamish Information and Privacy Commissioner of Ontario January 26, 2017 Government and Big Data: Privacy Risks and Solutions Ontarios Access and Privacy Laws The Freedom of Information and Protection of Privacy Act (FIPPA) o

356 views • 17 slides
Privacy by Design Deirdre K. Mulligan Privacy by design, why now? Legal Drivers E- Government

Privacy by Design Deirdre K. Mulligan Privacy by design, why now? Legal Drivers E- Government

Privacy by Design Deirdre K. Mulligan Privacy by design, why now? Legal Drivers E- Government Act of 2002 and OMB Guidance for Implementing the Privacy Provisions of the E-Government Act of 2002 Resolution on Privacy by Design, Data Protection

556 views • 41 slides
AI in Healthcare: Privacy & Ethics considerations Ivana Bartoletti Head of Privacy, Data

AI in Healthcare: Privacy & Ethics considerations Ivana Bartoletti Head of Privacy, Data

AI in Healthcare: Privacy & Ethics considerations Ivana Bartoletti Head of Privacy, Data Protection and Ethics Contents Privacy in the Digital age: main issues Ethics: definitions and background Privacy challenges in Health

713 views • 23 slides
Can Data Privacy Be Good for Brands? The opinions expressed in this presentation do not

Can Data Privacy Be Good for Brands? The opinions expressed in this presentation do not

Can Data Privacy Be Good for Brands? The opinions expressed in this presentation do not constitute or represent legal advice. No liability is accepted by the presenters or W2O Group for any action taken or not taken based on the information in

987 views • 73 slides
Talks outline iptables versus ipchains The goal (or: my goal) The packets way through

Talks outline iptables versus ipchains The goal (or: my goal) The packets way through

IP Masquerading using iptables Eli Billauer eli billauer@yahoo.com IP Masquerading using iptables p.1 Talks outline iptables versus ipchains The goal (or: my goal) The packets way through iptables Classic masquerading (SNAT)

785 views • 31 slides
Reliable transmission CSCI 466: Networks Keith Vertanen

Reliable transmission CSCI 466: Networks Keith Vertanen

Reliable transmission CSCI 466: Networks Keith Vertanen Fall 2011 Ge/ng connected thus far Physical connec8vity Aggrega8ng bits into

741 views • 31 slides
University of Wisconsin - Madison 1 Indirection Reference an object with a different name

University of Wisconsin - Madison 1 Indirection Reference an object with a different name

Yiying Zhang , Leo Prasath Aruraj, Andrea C. Arpaci-Dusseau, and Remzi H. Arpaci-Dusseau University of Wisconsin - Madison 1 Indirection Reference an object with a different name Flexible, simple, and modular Indirection in

696 views • 31 slides
Connectivity Connectivity Week 9 March 21, 23 1 Computers and Society Carnegie Mellon

Connectivity Connectivity Week 9 March 21, 23 1 Computers and Society Carnegie Mellon

Connectivity Connectivity Week 9 March 21, 23 1 Computers and Society Carnegie Mellon University Spring 2006 Cranor/Tongia/Farber http://cups.cs.cmu.edu/courses/compsoc-sp06/ The 4C Framework The 4C Framework

197 views • 19 slides
Link properties advertisement from modem to router

Link properties advertisement from modem to router

Link properties advertisement from modem to router draft-wood-dna-link-properties-advertisement-01 Lloyd Wood, Rajiv Asati and Daniel Floreani Cisco Systems Detecting Network Attachments session IETF 72, Dublin, July 2008. Contents Contents

500 views • 11 slides
Financial Results Presentation Q3 FY14: Quarter ended 31 December 2013 13 February 2014 Chua

Financial Results Presentation Q3 FY14: Quarter ended 31 December 2013 13 February 2014 Chua

Financial Results Presentation Q3 FY14: Quarter ended 31 December 2013 13 February 2014 Chua Sock Koong Group CEO 1 Forward looking statement important note The following presentation contains forward looking statements by the management

484 views • 29 slides
Detection and Mitigation of Fast-Flux Service Networks Thorsten Holz, Christian Gorecki, Felix

Detection and Mitigation of Fast-Flux Service Networks Thorsten Holz, Christian Gorecki, Felix

Detection and Mitigation of Fast-Flux Service Networks Thorsten Holz, Christian Gorecki, Felix Freiling, Konrad Rieck Pi1 - Laboratory for Dependable Distributed Systems Motivation Yesterday: presentation by Dagon Corrupt DNS

634 views • 42 slides
Product update Broadband Products 1. ACN ADSL Need to know 2. ACN Naked DSL 3. ACN ADSL

Product update Broadband Products 1. ACN ADSL Need to know 2. ACN Naked DSL 3. ACN ADSL

Product update Broadband Products 1. ACN ADSL Need to know 2. ACN Naked DSL 3. ACN ADSL Bundle (with traditional Regional and metro areas phone line) ACN Naked DSL Bundle Envision 4. Set expectations around the end-to-

702 views • 34 slides

More recommend