privacy and data protection by design cross over of
play

Privacy and data protection by design cross-over of multiple - PDF document

Apr 17, 2023 •248 likes •551 views

Privacy and data protection by design cross-over of multiple disciplines Marit Hansen Privacy and Information Commissioner Schleswig-Holstein, Germany marit.hansen@datenschutzzentrum.de Annual Privacy Forum 2015 Luxembourg, 7 October,

  1. Privacy and data protection by design – cross-over of multiple disciplines Marit Hansen Privacy and Information Commissioner Schleswig-Holstein, Germany marit.hansen@datenschutzzentrum.de Annual Privacy Forum 2015 Luxembourg, 7 October, 2015 www.datenschutzzentrum.de Setting of ULD • Data Protection Authority (DPA) for both the public and private sector • Also responsible for freedom of information Source: en.wikipedia.org/ wiki/Schleswig-Holstein Privacy & data protection by design – cross-over of disciplines Source: www.maps-for-free.com

  2. www.datenschutzzentrum.de Overview 1. Privacy and Data Protection by Design 2. A motivated approach of all relevant disciplines 3. Beware of obstacles 4. Conclusion Privacy & data protection by design – cross-over of disciplines www.datenschutzzentrum.de 1. Privacy and Data Protection by Design Source: Colin Kinner Privacy & data protection by design – cross-over of disciplines

  3. www.datenschutzzentrum.de Cavoukian’s Privacy by Design http://privacybydesign.ca/ Privacy & data protection by design – cross-over of disciplines www.datenschutzzentrum.de General Data Protection Regulation (GDPR) Art. 23 (1) – Discussion In short: • “… by design” = built-in • “Data protection” = reqs from the GDPR, esp. rights of the data subject • Differences: who, when, how, how much? Privacy & data protection by design – cross-over of disciplines

  4. www.datenschutzzentrum.de General Data Protection Regulation (GDPR) Art. 23 (2) – Discussion European 1st reading position General Approach EDPS Commission of the European Parliament of the Council recommendations In short: • “… by default” = configuration should be privacy-friendly • Related to necessity for purpose Privacy & data protection by design – cross-over of disciplines www.datenschutzzentrum.de Six protection goals for privacy engineering Confidentiality Unlinkability classical IT security protection goals*) I ntegrity I ntervenability *) From the data subject’s perspective Transparency Availability Privacy & data protection by design – cross-over of disciplines

  5. www.datenschutzzentrum.de Protection goal “unlinkability” The protection goal of Unlinkability is defined as the property that privacy-relevant data cannot be linked across domains that are constituted by a common purpose and context. Reference: Hansen/Jensen/Rost: Protection Goals for Privacy Engineering, Proc. 1st International Workshop on Privacy Engineering, IEEE, 2015 Privacy & data protection by design – cross-over of disciplines www.datenschutzzentrum.de Protection goal “transparency” The protection goal of Transparency is defined as the property that all privacy-relevant data processing − including the legal, technical, and organisational setting − can be understood and reconstructed at any time. Reference: Hansen/Jensen/Rost: Protection Goals for Privacy Engineering, Proc. 1st International Workshop on Privacy Engineering, IEEE, 2015 Privacy & data protection by design – cross-over of disciplines

  6. www.datenschutzzentrum.de Protection goal “intervenability” The protection goal of I ntervenability is defined as the property that intervention is possible concerning all ongoing or planned privacy-relevant data processing. Reference: Hansen/Jensen/Rost: Protection Goals for Privacy Engineering, Proc. 1st International Workshop on Privacy Engineering, IEEE, 2015 Privacy & data protection by design – cross-over of disciplines www.datenschutzzentrum.de Protection goals need multiple disciplines – in particular intervenability • Intervenability is not prominent in privacy engineering literature • Reasons for that: � Hard to formalise and to measure � Compared with data minimisation research far less proposed techniques and technologies � Can often not be solved within the IT system alone � Needs a running system with clear responsibilities (operator, users) – not on prototype level � Not one fixed solution, but process-oriented, taking into account the full lifecycle of system evolution The Art of Intervenability for Privacy Engineering

  7. www.datenschutzzentrum.de 2. A motivated approach of all relevant disciplines – the ideal scenario Source: Olga Berrios Privacy & data protection by design – cross-over of disciplines www.datenschutzzentrum.de Puzzle metaphor Privacy by Design • Means involvement of all relevant stakeholders for putting together the puzzle • Including representatives from � The application context � Technology / computer science / soft-/hardware engineering � (Data protection) law � Business studies � Psychology Source: rama_miguel � Social sciences � Ethics … Privacy & data protection by design – cross-over of disciplines

  8. www.datenschutzzentrum.de Puzzle metaphor • Think of a puzzle • The colours represent various disciplines • The pieces are the methods/tools/ instruments for Privacy by Design Source: Olga Berrios Privacy & data protection by design – cross-over of disciplines www.datenschutzzentrum.de Multiple disciplines necessary • Law: lawfulness • Technology: engineering • Economy: � Organisational processes � Business models • Psychology++: user interaction, organisational culture Source: Ken Teegardin • Ethics & social / political sciences … Privacy & data protection by design – cross-over of disciplines

  9. www.datenschutzzentrum.de Effects for data subjects? How it could work Effects for society? Lawfulness? • Starting point: task to implement • � Purpose Source: Kevin Dooley • Which information is necessary? • How to gather & process the necessary data? • Protection level “normal” / “high” / “very high”? Risks? • Consider the protection goals; perspective: data subject • Choice of measures from “PbD repository” • Evaluate � Privacy & data protection by design – cross-over of disciplines www.datenschutzzentrum.de Nice idea: “PbD repository” But not that easy: • Dependencies and interrelations • Side effects • Usually no naïve plug & play possible Current status: • Some attempts • Not well sorted Source: Olga Berrios Especially lack of cross- • Not well understood disciplinary understanding! Privacy & data protection by design – cross-over of disciplines

  10. www.datenschutzzentrum.de How to integrate privacy modules the same idea of Legacy systems that are not designed with privacy in mind • Technology, e.g. architectures, infrastructures • Business processes • Law … Building in privacy may be difficult / impossible! Source: Horia Varlan Whose task? Privacy & data protection by design – cross-over of disciplines www.datenschutzzentrum.de I f everything works out However, the puzzle comparison is flawed: • Several solutions, several pictures • Not using all pieces • You may not notice quickly if something Source: Olga Berrios goes wrong Privacy & data protection by design – cross-over of disciplines

  11. www.datenschutzzentrum.de “Understanding is an illusion” Data minimisation: Obstacles: “… necessary for • Different vocabulary legitimate business purposes …“ � Even hijacked vocab • Inherent logic of each discipline � Binary or fuzzy? � Solution-oriented? • Still learning from non-understanding is possible Source: Horia Varlan Privacy & data protection by design – cross-over of disciplines www.datenschutzzentrum.de Data Protection by Design is about data human beings with their rights Source: Ashtyn Renee Privacy & data protection by design – cross-over of disciplines

  12. www.datenschutzzentrum.de careless dark? 3. Beware of obstacles – the careless scenario real-life Source: The U.S. Army Privacy & data protection by design – cross-over of disciplines www.datenschutzzentrum.de Challenge 1: Storage by default • Statements often heard: � “For functionality tests or debugging, we need data, much data.” � “You never know when you are going to need it.” • Problem: if erasure, often no real erasure • Problem: logfiles+temporary files are often not taken into account – even in privacy assessment Privacy & data protection by design – cross-over of disciplines

  13. www.datenschutzzentrum.de Challenge 2a: Linkability by default • Principle in I T: � Keep accurate data � Avoidance of redundancies in databases � Naïve approach: central world-wide database of all subjects/objects + access control / different views • Problem: difficult for desired separation of powers (and separation of purposes) ⇒ risk • Problem: real life Privacy & data protection by design – cross-over of disciplines www.datenschutzzentrum.de pseudonymised Example: 2006: AOL publishes anonymised -------------- search engine requests of 3 months Quelle: http://www.lunchoverip.com/2006/08/being_user_4417.html Privacy & data protection by design – cross-over of disciplines

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

EU Art.29 Data Protection Users care about privacy Working Party From: Special Eurobarometer

EU Art.29 Data Protection Users care about privacy Working Party From: Special Eurobarometer

28/05/15 Outline Data privacy and the evolving regulation Privacy threats from LBS to geoSN EveryWare Lab Main (location) privacy protection techniques Data Management for Mobile Protecting geo-tagged resource publication

411 views • 7 slides
#MicroFocusCyberSummit Cloud-based Data Privacy and Protection Protecting data and privacy

#MicroFocusCyberSummit Cloud-based Data Privacy and Protection Protecting data and privacy

#MicroFocusCyberSummit Cloud-based Data Privacy and Protection Protecting data and privacy across hybrid IT Farshad Ghazi - Moderator Mat Spitz Lacy Gruen #MicroFocusCyberSummit Reiner Kappenberger Cloud-based Data Privacy and Protection:

453 views • 10 slides
Privacy by Design Deirdre K. Mulligan Privacy by design, why now? Legal Drivers E- Government

Privacy by Design Deirdre K. Mulligan Privacy by design, why now? Legal Drivers E- Government

Privacy by Design Deirdre K. Mulligan Privacy by design, why now? Legal Drivers E- Government Act of 2002 and OMB Guidance for Implementing the Privacy Provisions of the E-Government Act of 2002 Resolution on Privacy by Design, Data Protection

556 views • 41 slides
Big Data, Key Challenges: Privacy Protection & Cooperation Observations on international

Big Data, Key Challenges: Privacy Protection & Cooperation Observations on international

Big Data, Key Challenges: Privacy Protection & Cooperation Observations on international efforts to develop frameworks to enhance privacy while realising big datas benefits Seminar arranged by the Office for Personal Data Protection, Macao,

305 views • 8 slides
Privacy and Data Protection Designing for Privacy Tobias Pulls CC-BY-4.0 Privacy is a Human

Privacy and Data Protection Designing for Privacy Tobias Pulls CC-BY-4.0 Privacy is a Human

Privacy and Data Protection Designing for Privacy Tobias Pulls CC-BY-4.0 Privacy is a Human Right (1/2) From the United Nations Universal Declaration of Human Rights: Article 12 No one shall be subjected to arbitrary interference with his

338 views • 7 slides
From Privacy Protection to Interface Design: Implementing Information Privacy in Human-Computer

From Privacy Protection to Interface Design: Implementing Information Privacy in Human-Computer

From Privacy Protection to Interface Design: Implementing Information Privacy in Human-Computer Interactions Andrew S. Patrick Steve Kenny Independent Consultant National Research Council of Canada stephen_mh_kenny@yahoo.com

407 views • 22 slides
Web and privacy Privacy and protection of personal data specific purpose (to collect and

Web and privacy Privacy and protection of personal data specific purpose (to collect and

Web and privacy Industrial perspectives on Cryptography A. Esterle - ENISA Antwerp 29 May 2008 www.enisa.europa.eu Web and privacy Privacy and protection of personal data specific purpose (to collect and process it) subject

732 views • 7 slides
Privacy & Data Protection Laws Overview and History Introduction to Privacy and the GDPR

Privacy & Data Protection Laws Overview and History Introduction to Privacy and the GDPR

Privacy & Data Protection Laws Overview and History Introduction to Privacy and the GDPR Simone Fischer-Hbner CC-BY-4.0 Privacy Legislation - History 1950 Art. 8 ECHR: Everyone has the right to respect for his private and family

413 views • 4 slides
Data Protection and Privacy & Impact of Personal Data Protection Bill (PDPB) 1 November, 2019

Data Protection and Privacy & Impact of Personal Data Protection Bill (PDPB) 1 November, 2019

CONSUMER AWARENESS WORKSHOP on Data Protection and Privacy & Impact of Personal Data Protection Bill (PDPB) 1 November, 2019 Kolkata OBJECTIVE Engage with the consumer and civil society organisations (CSOs) in tier II locations to

623 views • 50 slides
Engineering privacy by design Privacy by Design Let's have it! Information and Privacy

Engineering privacy by design Privacy by Design Let's have it! Information and Privacy

Engineering privacy by design Privacy by Design Let's have it! Information and Privacy Commissioner of Ontario https://www.ipc.on.ca/images/resources/7foundationalprinciples.pdf Privacy by Design Let's have it! Article 25 European

1.32k views • 118 slides
Privacy, Data Protection Law and Privacy, Data Protection Law and Flow Data Anonymisation

Privacy, Data Protection Law and Privacy, Data Protection Law and Flow Data Anonymisation

Privacy, Data Protection Law and Privacy, Data Protection Law and Flow Data Anonymisation Anonymisation: : Flow Data requirements, issues, and challenges requirements, issues, and challenges Elisa Boschi , Elisa Boschi , Hitachi Europe

507 views • 15 slides
Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in

Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in

Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in vehicular networks; Security and Cooperation in Wireless Networks Georg-August University Gttingen Chapter outline 1 Important privacy related

1.12k views • 33 slides
Data Privacy/Cybersecurity 2019-2020 How do we ensure protection of f student and staff data?

Data Privacy/Cybersecurity 2019-2020 How do we ensure protection of f student and staff data?

Data Privacy/Cybersecurity 2019-2020 How do we ensure protection of f student and staff data? What is Cybersecurity? The protection of Internet-connected systems and data from accidental damage, intentional attacks, or unauthorized access.

463 views • 19 slides
Cross-border Flow of Health Information: is Privacy by Design sufficient to obtain complete

Cross-border Flow of Health Information: is Privacy by Design sufficient to obtain complete

EUropean Best Information through Regional Outcomes in Diabetes Cross-border Flow of Health Information: is Privacy by Design sufficient to obtain complete and accurate data for Public Health in Europe? The case of BIRO/EUBIROD Diabetes

325 views • 20 slides
Paradigms of Privacy Research & Privacy Engineering Seda Grses f.s.gurses@tudelft.nl TU

Paradigms of Privacy Research & Privacy Engineering Seda Grses f.s.gurses@tudelft.nl TU

Paradigms of Privacy Research & Privacy Engineering Seda Grses f.s.gurses@tudelft.nl TU Delft/ KU Leuven 18. June 2019 GDPR requires data protection by design and by default (Article 25) A complex law with many requirements. More

950 views • 58 slides
Frederik Borgesius 21 Nov 2014, W3C Workshop Defending Privacy Empowerment Protection

Frederik Borgesius 21 Nov 2014, W3C Workshop Defending Privacy Empowerment Protection

Frederik Borgesius 21 Nov 2014, W3C Workshop Defending Privacy Empowerment Protection Defending Privacy Empowerment Protection Transparency Firms must always Informed consent secure personal data Consumer law Empowerment Protection

543 views • 10 slides
Iran and the Soft War for Internet Dominance Claudio Guarnieri (@botherder) & Collin Anderson

Iran and the Soft War for Internet Dominance Claudio Guarnieri (@botherder) & Collin Anderson

Iran and the Soft War for Internet Dominance Claudio Guarnieri (@botherder) & Collin Anderson (@cda) Who we are nex cda @botherder @cda Technologist at Amnesty Networked systems researcher, International. based in

870 views • 85 slides
in Digital Currenc y Soups Ranjan (soups@coinbase.com) Dir. of Data Science & Risk

in Digital Currenc y Soups Ranjan (soups@coinbase.com) Dir. of Data Science & Risk

Preventing Fraud and Account Takeovers in Digital Currenc y Soups Ranjan (soups@coinbase.com) Dir. of Data Science & Risk engineering Weve helped ~6M users in 33 countries exchange $6B in & out of digital currency cross-border

789 views • 49 slides
NetFPGA Hardware Modules for Input, Output and EWMA Bit-Rate Computation 1 Alfio Lombardo, 2 Diego

NetFPGA Hardware Modules for Input, Output and EWMA Bit-Rate Computation 1 Alfio Lombardo, 2 Diego

I n t e r n a t i o n a l J o u r n a l o f F u t u r e G e n e r a t i o n C o mmu n i c a t i o n a n d N e t w o r k i n g V o l . 5 , N o . 2 , J u n e , 2 0 1 2

318 views • 14 slides
Building Secure ColdFusion Applications Presented By Pete Freitag Principal Consultant, Foundeo

Building Secure ColdFusion Applications Presented By Pete Freitag Principal Consultant, Foundeo

Building Secure ColdFusion Applications Presented By Pete Freitag Principal Consultant, Foundeo Inc. The Plan: 1. Unchecked Input 2. File Uploads 3. XSS - Cross Site Scripting 4. SQL Injection 5. Cross Site Request Forgery 6. CRLF

425 views • 16 slides
Web Standards: The Right Tool for the Right Job Kazuhito Kidachi Mitsue-Links Co.,Ltd.

Web Standards: The Right Tool for the Right Job Kazuhito Kidachi Mitsue-Links Co.,Ltd.

Web Standards: The Right Tool for the Right Job Kazuhito Kidachi Mitsue-Links Co.,Ltd. Corporate Officer & Web Development Team Front-end Engineer Web Standards Project (WaSP) Liaison in Japan SOFTEXPO & DCF 2006, Seoul, Korea About

966 views • 47 slides
November 14, 2017 StillfrontGroup in brief A developer and publisher of games, with the aim of

November 14, 2017 StillfrontGroup in brief A developer and publisher of games, with the aim of

Presentation Q3 Report November 14, 2017 StillfrontGroup in brief A developer and publisher of games, with the aim of becoming the leading group of independent studio Approximately 1 159k monthly active users (MAUs) and 235k daily

725 views • 23 slides
Welcome to 5 th Grade! We are Team Determination Mrs. Jaimie Hammond Mr. Chad Ritchey Mrs.

Welcome to 5 th Grade! We are Team Determination Mrs. Jaimie Hammond Mr. Chad Ritchey Mrs.

Welcome to 5 th Grade! We are Team Determination Mrs. Jaimie Hammond Mr. Chad Ritchey Mrs. Jessica Scott Mrs. Melody Wolfe Mr. Dennis Reardon Mrs. Kristin Myers M Our philosophy is that all children can and will learn. We believe the

487 views • 21 slides
IT DOES NOT GIVE US THE POSSIBILITY TO DEVELOP A MODERN, IMMERSIVE GAMEPLAY What type of gameplay

IT DOES NOT GIVE US THE POSSIBILITY TO DEVELOP A MODERN, IMMERSIVE GAMEPLAY What type of gameplay

S CALE M ODEL G AMES An introduction to a New Type of Gameplay A gameplay for modern scale models Alain Simons - Karsten Pedersen - Hasan Abdulaziz - Davide Melacca OVERVIEW 1. I NTRODUCTION 2. E XISTING SOLUTIONS 3. P ROPOSED SOLUTION 4. R

529 views • 22 slides

More recommend