privacy data protection law and privacy data protection
play

Privacy, Data Protection Law and Privacy, Data Protection Law and - PowerPoint PPT Presentation

Dec 23, 2023 •354 likes •507 views

Privacy, Data Protection Law and Privacy, Data Protection Law and Flow Data Anonymisation Anonymisation: : Flow Data requirements, issues, and challenges requirements, issues, and challenges Elisa Boschi , Elisa Boschi , Hitachi Europe

  1. Privacy, Data Protection Law and Privacy, Data Protection Law and Flow Data Anonymisation Anonymisation: : Flow Data requirements, issues, and challenges requirements, issues, and challenges Elisa Boschi , Elisa Boschi , Hitachi Europe Hitachi Europe Ralph Gramigna, KPMG Ralph Gramigna, KPMG Acknowledgement: M. Bossardt (KPMG), D. Battisti (ETH) Acknowledgement: M. Bossardt (KPMG), D. Battisti (ETH)

  2. Outline Outline � Review of law principles and requirements on Review of law principles and requirements on � data protection data protection – European viewpoint European viewpoint – – What is personal data? What is personal data? – – Why is data protection law relevant for network Why is data protection law relevant for network – monitoring? monitoring? – Law principles overview Law principles overview – � The role of flow data anonymisation to support The role of flow data anonymisation to support � data protection data protection – Discussion on its applicability and weaknesses Discussion on its applicability and weaknesses – – Suggestions for future steps Suggestions for future steps –

  3. Data Protection Law: EU Directives Data Protection Law: EU Directives � Goal: protect the privacy of individuals Goal: protect the privacy of individuals � – Not limited to information confidentiality Not limited to information confidentiality – � EU Directives define the the EU Directives define the the minimum minimum law law � requirements to be implemented by each EU requirements to be implemented by each EU member state member state – Applicable to international data transfers with EU Applicable to international data transfers with EU – � Relevant to data protection: Relevant to data protection: � – Directive 1995/46/EC Directive 1995/46/EC - - on data protection on data protection – – Directive 2002/58/EC Directive 2002/58/EC - - on privacy and electronic on privacy and electronic – communications communications

  4. Applicability and Personal Data Applicability and Personal Data � Directive 95/46/EC applies to the Directive 95/46/EC applies to the � „processing processing of of personal data personal data“ “ „ “ any information relating to an identified or identifiable natural person ('data subject'); an identifiable person is one who can be identified, directly or indirectly , in particular by reference to an identification number or to one or more factors specific to his … identity ”. “any operation performed upon personal data, such as e.g. collection, storage, adaptation or alteration, consultation, disclosure by transmission, dissemination or otherwise making available, alignment or combination, erasure or destruction” � Note: in some countries (e.g. Switzerland) this applies to Note: in some countries (e.g. Switzerland) this applies to � „legal entities legal entities“ “ as well as well „

  5. Applicability to Network Monitoring Applicability to Network Monitoring � Indirect identification data comprise any Indirect identification data comprise any � information that may lead to identification of the information that may lead to identification of the data subject through association with other data subject through association with other available information available information – information available to the entity in information available to the entity in charge of the charge of the – data processing (ISP), data processing (ISP), – any information possessed by third parties any information possessed by third parties – � IP addresses can identify someone IP addresses can identify someone “ “directly directly” ” � – Esp. legal entities Esp. legal entities – � Many more attributes in a flow record can Many more attributes in a flow record can � contribute to identifying someone “ “indirectly indirectly” ” contribute to identifying someone

  6. Principles: legitimation for processing Principles: legitimation for processing Consent Consent 1. 1. Data processing is „ „ necessary for the performance necessary for the performance Data processing is 2. 2. of a contract to which the data subject is a party ” ” of a contract to which the data subject is a party ... ... 3. 3. � Processing must be limited to specified purposes limited to specified purposes � Processing must be � Further processing of data for historical, statistical or scientific purposes is possible provided that appropriate safeguards are provided – – Left to national laws Left to national laws

  7. Principles: Information of the Subject Principles: Information of the Subject The subject must be informed about: The subject must be informed about: Identity of the data controller Identity of the data controller 1. 1. Purpose of the processing Purpose of the processing 2. 2. Other information, e.g. the recipient of the data. Other information, e.g. the recipient of the data. 3. 3. � I F the � It does not apply to scientific research, I F the It does not apply to scientific research, provision of such information provision of such information – – proves impossible proves impossible – – would involve a disproportionate effort would involve a disproportionate effort � Appropriate safeguards must be provided must be provided � Appropriate safeguards – – Their specification is let to national law national law Their specification is let to

  8. Border Crossing Border Crossing � Transfer to third countries is generally possible if Transfer to third countries is generally possible if � the third country ensures an adequate level of the third country ensures an adequate level of protection protection http://ec.europa.eu/justice_home/fsj/privacy/thrid http://ec.europa.eu/justice_home/fsj/privacy/thrid countries/index_en.htm countries/index_en.htm � E.g. E.g. � Switzerland, Canada, Argentina Switzerland, Canada, Argentina USA (except Safe Harbor) USA (except Safe Harbor)

  9. Traffic data and location data Traffic data and location data � Introduced in Directive 2002/58/EC Introduced in Directive 2002/58/EC � – Traffic data Traffic data: : any data processed for the purpose of the – conveyance of a communication or for the billing thereof – Location data Location data: data : data indicating the geographic position of – the terminal equipment of a user � Objectives: � Objectives: – Minimise Minimise the processing of personal data – – Use anonymous or pseudonymous data where possible. � „Anonymous“ = it is no longer possible to identify the data subject

  10. Processing of Traffic and Location Data Processing of Traffic and Location Data � Traffic and location data relating to subscribers and users must be erased or made anonymous when no longer needed � The processing of traffic data must be restricted – To persons acting under authority of providers – To certain activities (e.g. traffic management, fraud detection...) � Location data can be processed only if – There is consent, or – Data is made anonymous

  11. The Role of Flow Data Anonymisation to The Role of Flow Data Anonymisation to Support Data Protection Support Data Protection � The well known problem: The well known problem: � – The more you anonymise the better privacy is protected... The more you anonymise the better privacy is protected... – – ...but the less useful the data ...but the less useful the data – � Anonymisation � Anonymisation aims at removing sensitive information aims at removing sensitive information referring to an individual referring to an individual � Attacks to Attacks to anonymisation anonymisation schemes have proved that schemes have proved that � those schemes could be broken allowing to "indirectly" those schemes could be broken allowing to "indirectly" identify people. identify people. � Are known flow anonymisation techniques effective in Are known flow anonymisation techniques effective in � protecting the privacy of individuals? protecting the privacy of individuals?

  12. (4) Anonymization Techniques Field to be anonymized: IP address I P Truncation Permutation Black Prefix Preserving Marker 135.98.111.17 135.98 141. 2. 32.37 10.1.1.1 22.131.88.67 135.98.111.128 135.98 41.12.96. 67 10.1.1.1 22.131.88.157 135.98.132.37 135.98 142.72.8.5 10.1.1.1 22.131.201.29 141.161.3.3 141.161 21.33.4.1 10.1.1.1 12.192.32.51 10.1.1.1 141.72.8.5 141.72 11.14.96.118 12.78.201.97 32.53.48.1 32.53 12.161.3.3 10.1.1.1 31.197.3.82

  13. Some Anonymisation Attack Methods Some Anonymisation Attack Methods � Data injection injecting information to be logged with the purpose of later recognizing that data in the anonymized trace � Fingerprinting matching attributes of an anonymized object against those of a known object (e.g. web server) to discover a mapping between them system is exploited in a way that the victim � Semantic attacks thinks to do something, but he is doing something different. The attacker may infer part of the unanonymized IP address by exploiting the semantics of prefix preserving. � Structure recognition recognizing structure between anonymized and unanonymized objects

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

EU Art.29 Data Protection Users care about privacy Working Party From: Special Eurobarometer

EU Art.29 Data Protection Users care about privacy Working Party From: Special Eurobarometer

28/05/15 Outline Data privacy and the evolving regulation Privacy threats from LBS to geoSN EveryWare Lab Main (location) privacy protection techniques Data Management for Mobile Protecting geo-tagged resource publication

411 views • 7 slides
#MicroFocusCyberSummit Cloud-based Data Privacy and Protection Protecting data and privacy

#MicroFocusCyberSummit Cloud-based Data Privacy and Protection Protecting data and privacy

#MicroFocusCyberSummit Cloud-based Data Privacy and Protection Protecting data and privacy across hybrid IT Farshad Ghazi - Moderator Mat Spitz Lacy Gruen #MicroFocusCyberSummit Reiner Kappenberger Cloud-based Data Privacy and Protection:

453 views • 10 slides
Big Data, Key Challenges: Privacy Protection & Cooperation Observations on international

Big Data, Key Challenges: Privacy Protection & Cooperation Observations on international

Big Data, Key Challenges: Privacy Protection & Cooperation Observations on international efforts to develop frameworks to enhance privacy while realising big datas benefits Seminar arranged by the Office for Personal Data Protection, Macao,

305 views • 8 slides
Privacy and Data Protection Designing for Privacy Tobias Pulls CC-BY-4.0 Privacy is a Human

Privacy and Data Protection Designing for Privacy Tobias Pulls CC-BY-4.0 Privacy is a Human

Privacy and Data Protection Designing for Privacy Tobias Pulls CC-BY-4.0 Privacy is a Human Right (1/2) From the United Nations Universal Declaration of Human Rights: Article 12 No one shall be subjected to arbitrary interference with his

338 views • 7 slides
Web and privacy Privacy and protection of personal data specific purpose (to collect and

Web and privacy Privacy and protection of personal data specific purpose (to collect and

Web and privacy Industrial perspectives on Cryptography A. Esterle - ENISA Antwerp 29 May 2008 www.enisa.europa.eu Web and privacy Privacy and protection of personal data specific purpose (to collect and process it) subject

732 views • 7 slides
Privacy & Data Protection Laws Overview and History Introduction to Privacy and the GDPR

Privacy & Data Protection Laws Overview and History Introduction to Privacy and the GDPR

Privacy & Data Protection Laws Overview and History Introduction to Privacy and the GDPR Simone Fischer-Hbner CC-BY-4.0 Privacy Legislation - History 1950 Art. 8 ECHR: Everyone has the right to respect for his private and family

413 views • 4 slides
Data Protection and Privacy & Impact of Personal Data Protection Bill (PDPB) 1 November, 2019

Data Protection and Privacy & Impact of Personal Data Protection Bill (PDPB) 1 November, 2019

CONSUMER AWARENESS WORKSHOP on Data Protection and Privacy & Impact of Personal Data Protection Bill (PDPB) 1 November, 2019 Kolkata OBJECTIVE Engage with the consumer and civil society organisations (CSOs) in tier II locations to

623 views • 50 slides
Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in

Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in

Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in vehicular networks; Security and Cooperation in Wireless Networks Georg-August University Gttingen Chapter outline 1 Important privacy related

1.12k views • 33 slides
Data Privacy/Cybersecurity 2019-2020 How do we ensure protection of f student and staff data?

Data Privacy/Cybersecurity 2019-2020 How do we ensure protection of f student and staff data?

Data Privacy/Cybersecurity 2019-2020 How do we ensure protection of f student and staff data? What is Cybersecurity? The protection of Internet-connected systems and data from accidental damage, intentional attacks, or unauthorized access.

463 views • 19 slides
Privacy and data protection by design cross-over of multiple disciplines Marit Hansen

Privacy and data protection by design cross-over of multiple disciplines Marit Hansen

Privacy and data protection by design cross-over of multiple disciplines Marit Hansen Privacy and Information Commissioner Schleswig-Holstein, Germany marit.hansen@datenschutzzentrum.de Annual Privacy Forum 2015 Luxembourg, 7 October,

551 views • 29 slides
Frederik Borgesius 21 Nov 2014, W3C Workshop Defending Privacy Empowerment Protection

Frederik Borgesius 21 Nov 2014, W3C Workshop Defending Privacy Empowerment Protection

Frederik Borgesius 21 Nov 2014, W3C Workshop Defending Privacy Empowerment Protection Defending Privacy Empowerment Protection Transparency Firms must always Informed consent secure personal data Consumer law Empowerment Protection

543 views • 10 slides
Data Privacy Compliance in Global Transactions: Navigating Complex Data Protection Laws in U.S.,

Data Privacy Compliance in Global Transactions: Navigating Complex Data Protection Laws in U.S.,

Presenting a live 90-minute webinar with interactive Q&A Data Privacy Compliance in Global Transactions: Navigating Complex Data Protection Laws in U.S., Europe and Asia WEDNESDAY, MARCH 5, 2014 1pm Eastern | 12pm Central | 11am

524 views • 41 slides
Government and Big Data: Privacy Risks and Solutions Ontarios Access and Privacy Laws The

Government and Big Data: Privacy Risks and Solutions Ontarios Access and Privacy Laws The

Brian Beamish Information and Privacy Commissioner of Ontario January 26, 2017 Government and Big Data: Privacy Risks and Solutions Ontarios Access and Privacy Laws The Freedom of Information and Protection of Privacy Act (FIPPA) o

356 views • 17 slides
AI in Healthcare: Privacy & Ethics considerations Ivana Bartoletti Head of Privacy, Data

AI in Healthcare: Privacy & Ethics considerations Ivana Bartoletti Head of Privacy, Data

AI in Healthcare: Privacy & Ethics considerations Ivana Bartoletti Head of Privacy, Data Protection and Ethics Contents Privacy in the Digital age: main issues Ethics: definitions and background Privacy challenges in Health

713 views • 23 slides
PRIVACY POLICY IN INDONESIA AND MALAYSIA: FROM DIGITAL ECONOMY TO PERSONAL DATA PROTECTION LAWS

PRIVACY POLICY IN INDONESIA AND MALAYSIA: FROM DIGITAL ECONOMY TO PERSONAL DATA PROTECTION LAWS

PRIVACY POLICY IN INDONESIA AND MALAYSIA: FROM DIGITAL ECONOMY TO PERSONAL DATA PROTECTION LAWS The 3 rd Asia Privacy Bridge Forum @Seoul 27-06-2017 Dr. Sonny Zulhuda Civil Law Department Ahmad Ibrahim Kulliyyah of Laws International Islamic

188 views • 15 slides
PIA is a Process Designing for Privacy Leonardo H. Iwaya CC-BY-4.0 What is Data Protection

PIA is a Process Designing for Privacy Leonardo H. Iwaya CC-BY-4.0 What is Data Protection

PIA is a Process Designing for Privacy Leonardo H. Iwaya CC-BY-4.0 What is Data Protection Impact Assesment? Where a type of processing in particular using new technologies, and taking into account the nature, scope, context and

103 views • 8 slides
Getting the Most from Map Data Structures in Android Rubn Saborido , Rodrigo Morales Foutse

Getting the Most from Map Data Structures in Android Rubn Saborido , Rodrigo Morales Foutse

Getting the Most from Map Data Structures in Android Rubn Saborido , Rodrigo Morales Foutse Khomh, Yann-Gal Guhneuc, Giuliano Antoniol What about Android? What about Android? SparseArray if the key is an integer JAVA vs Android 1)

576 views • 18 slides
LOW ENERGY ANDROID GAMEPAD Marty Lewis Andrzej Forys FUNCTIONAL DESCRIPTION Project Idea:

LOW ENERGY ANDROID GAMEPAD Marty Lewis Andrzej Forys FUNCTIONAL DESCRIPTION Project Idea:

LOW ENERGY ANDROID GAMEPAD Marty Lewis Andrzej Forys FUNCTIONAL DESCRIPTION Project Idea: Low power, wireless, silicone game pad for Android Devices Ergonomic fit with standard controller layout Six buttons (4 + two triggers)

214 views • 19 slides
A Global Leader in Voice Technology Solutions Bringing Android, Wi-Fi and VoIP Together August

A Global Leader in Voice Technology Solutions Bringing Android, Wi-Fi and VoIP Together August

A Global Leader in Voice Technology Solutions Bringing Android, Wi-Fi and VoIP Together August 2016 Apivio Systems Inc. (TSX: APV.V) www.apivio.com DISCLAIMER THIS PRESENTATION HAS BEEN PREPARED BY APIVIO SYSTEMS INC. (THE COMPANY) SOLELY

431 views • 22 slides
Precise Positioning with Smartphones running Android 7 or later * Ren Warnant, * Ccile Deprez,

Precise Positioning with Smartphones running Android 7 or later * Ren Warnant, * Ccile Deprez,

Precise Positioning with Smartphones running Android 7 or later * Ren Warnant, * Ccile Deprez, + Quentin Warnant * University of Liege Geodesy and GNSS + Augmenteo, Plaine Image, Lille (France) Belgian Geography Day, Liege, 17 November 2017.

409 views • 13 slides
Issues of Data Mining Kyle Borah OutLine Background Data Anonymization Encryption

Issues of Data Mining Kyle Borah OutLine Background Data Anonymization Encryption

Social & Privacy Issues of Data Mining Kyle Borah OutLine Background Data Anonymization Encryption with demo OutLine Background Data Anonymization Encryption with demo Background Companies have your data

468 views • 12 slides
Sharing Information to Manage Risk USCIS /SEVP Joint Initiative Briefing December 18, 2015 What

Sharing Information to Manage Risk USCIS /SEVP Joint Initiative Briefing December 18, 2015 What

Sharing Information to Manage Risk USCIS /SEVP Joint Initiative Briefing December 18, 2015 What happened? What is current status? How do we prepare for whatever is next? Two related, but different perspectives 2 Information Sharing

314 views • 14 slides
Privacy at Uber June 2019 Privacy is not a blocker of innovation. Its essential to it.

Privacy at Uber June 2019 Privacy is not a blocker of innovation. Its essential to it.

Privacy at Uber June 2019 Privacy is not a blocker of innovation. Its essential to it. Required Product Review Process Product/Engineering/Legal Review Privacy/Security Review Does it collect or use personal information? What is the

158 views • 14 slides
Accelerating Digital Transformation to Drive Business Impact About Me Director Data

Accelerating Digital Transformation to Drive Business Impact About Me Director Data

Accelerating Digital Transformation to Drive Business Impact About Me Director Data Science, SparkBeyond 18 years in Data Science & Analytics, leading companies through their digital transformations. Professor of Data Science at

457 views • 12 slides

More recommend