Simone Fischer-Hübner Privacy October 2006
Overview I. Definition II. Basic Privacy Principles III. Privacy Issues (LBS, RFID,...) IV. European Privacy Legislation/ Directives
I. Definition Warren & Brandeis 1890 “The right to be let alone”
Definition- Alan Westin 1967 “Privacy is the claim of individuals, groups and institutions to determine for themselves, when, how and to what extent information about them is communicated to others”
Privacy Dimensions � Informational self- determination � Spatial privacy
II. Basic Privacy principles (implemented in EU-Directive 95/46/EC) � Legitimisation by law, informed consent (Art. 7 EU Directive) � Purpose specification and purpose binding (Art. 6 I b) ”Non-sensitive” data do not exist ! • � Data minimisation and avoidance (Art. 6 I c, Art. 7) � No processing of ” special categories of data ” (Art. 8)
Basic privacy principles (II) � Transparency , rights of data subjects � to be informed (Art.10) � to be notified, if data have not been obtained from the data subject (Art.11) � of access to data (Art.12 a) � of correction of incorrect data / erasure or blocking of illegally stored data (Art.12b) � to object to direct marketing (Art.14)
Basic privacy principles (III) � Supervision (Art. 28): Supervisory authorities � monitor compliance � act upon complaints � be consulted when drawing up data protection regulations � draw up regularly reports Supervisory Authority in Sweden: Datainspektionen Fleminggatan 14, plan 9, Stockholm Tel: + 46 8 657 61 00 http://www.datainspektionen.se/
Basic privacy principles (IV) � Sanctions (Art.24) � Requirement of security mechanisms (Art.17)
I I I . Privacy I ssues Location Based Services (LBS) Provider of LBS application Mobile user Wireles operator Location data provided by • communication network • or special hardware at user terminal (e.g., GPS receiver)
LBS - Applications Example Applications: � City Guide/Price comparision � ”Find the nearest cheap gasoline station, restaurant, hotel, catholic church,...” � Friend Finder � Disaster management � Child control service
LBS - Risks Privacy Risks: � Unsolicited Profiling (-> blackmailing of politicians, ”digging in the past”) � Unsolicited tracking of users’ position, movements (-> burglary, kidnapping) � Disclosure of the user’s current context (e.g., John is currently in a night club) � Disclosure of social networks
Airline Bonus Cards / Customer Databases Benefits: � Better service adapted to customer needs Awards for frequent flyers � Risks: � Extensive customer profiles � Access requests to airline customer databases by USA after 9/11
Tag RFID Technology Reader RFID
RFI D tags in the supply chain
RFID tags in packages - Benefits � Real-Time access to inventory information (”smart shelves”) � Fast payment without barcode scanning � Prevent shop lifting (Anti-Theft tags) � ”Added value” for customers (information about product freshness, cooking instructions, warranty claims)
RFID tags in packages - Methods of personal data collection � RFID used to � Store personal data � Collect information linked to personal data (e.g., customer database) � Track persons without ”traditional” identifiers being available (e.g., RFID number of a customer’s watch)
RFID tags in packages – Privacy Threats � Monitoring of customer habits inside the shops � Scanning of goods that customers are carrying/wearing � No transparancy-> hidden data collection � Lacking user control
The consumer privacy problem Wig Here’s model #4456 Replacement hip (cheap polyester) medical part #459382 Mr. Jones in 2020… Das Kapital and Communist- party handbook 1500 Euros in wallet Serial numbers: 30 items 597387,389473 … of lingerie Source:Ari Juels, RSA Laboratories
…and the tracking problem Wig serial #A817TS8 Mr. Jones pays with a credit card; his RFID tags now linked to � his identity Mr. Jones attends a political rally; law enforcement scans his � RFID tags Mr. Jones wins Turing Award; physically tracked by paparazzi � via RFID
...RFIDs even used as Implants
Enhanced risks: Biometrics on RFIDs in new EU passports � Biometrics – sensitive personal data, e.g.: � retina scan reveals information on consumption of alcohol, fingerprint might reveal data on homosexuality or ethnicity � Processing of personal data without the data subject getting to know of it , e.g. face recognition � RFI Ds integrated into passports support allows � creation of movement profiles � identification of persons in crowds � building I D-document specific bombs detonating exactly when (the holder of) the ID-document is in close proximity
IV. Privacy Legislation Problem of International Harmonisation of Privacy Legislation Is a common harmonised approach to privacy possible due to cultural/ historical/ political differences ? Example: Europe: USA: � EU Data Protection Directive 95/46/EC � no data protection commissioner � no omnibus privacy legislation Public Sector: U.S. Privacy Act (1974) � EU Directive 2002/58/EC on Privacy and Electronic Communications & Privacy acts of the states Private Sector: ”patchwork”: Fair Credit Reporting Act, etc. & self-regulation ( -> codes of conducts) Safe Harbour principles as a solution ?
EU Data Protection Directive 95/46/EC � Objective: � Protection of fundamental rights, freedom of individuals � Harmonsation of privacy legislation in Europe � Scope: Does not apply for data processing for defense, public/state security, criminal law enforcement (Art.3) � Enforces basic privacy principles (see above) � Restricts personal data transfer from EU to third countries (Art. 25)
EU Directive 2002/ 58/ EC on privacy and electronic communications � Confidentiality of communications (Art.5): • No interception/ surveillance without the data subject’s consent • Protection against cookies, spyware, web-bugs
EU Directive 2002/ 58/ EC on privacy and electronic communications (cont.) � Traffic data (Art.6): • Must be erased or made anonymous upon completion of transmission • Processing for billing purposes permissible • Processing for the purposes of value added services/marketing with the consent of the subscriber/user
EU Directive 2002/ 58/ EC on privacy and electronic communications (cont.) � Location data other than Traffic data (Art.9): • May only be processed when made anonymous, or with the informed consent of the user/subscriber • Where consent has been obtained, the user/subscriber must still have possibility of temporarily refusing the processing of location data Problem: Also Location Data within Traffic Data can be very sensitive
EU Directive 2002/ 58/ EC on privacy and electronic communications (cont.) � Unsolicited communications (Art.13): Opt-in system for electronic mail for direct marketing (so-called “spam”) Problem: US American CAN-SPAM Act of 2003 requires only Opt-out system, no SPAM legislation in most countries
Data Retention according to EU Directives 2002/ 58/ EC and 2006/ 24/ EC � Art.15 of EU-Directive 2002/ 58/ EC: � allows member states to adopt laws for data retention for safeguarding security, defence, law enforcement � Data Retention Directive 2006/ 24/ EC: � Requires telco companies to retain traffic and location data for 6-24 months Problems/ Questions: � Appropriate ? � Threat to online privacy: Traffic data contains mainly ”fingerprints” of non-criminal users � Criminals find ways ”around” � Will anonymisation service providers be forced to collect more data than they would normally collect ?
Need for Privacy-Enhancing Technologies (PET) � Minimizing/ avoiding personal data (providing Anonymity, Pseudonymity, Unobservability) • Mix nets • Crowds � Control of data collection/ processing according to legislation • P3P (Platform for Privacy Preferences Protocol) • Privacy-enhanced Identity Management
Recommend
More recommend
