More Related Content Similar to Your User's Privacy (20) Your User's Privacy1. Your Users’ Privacy .
How Web 2.0 application providers and developers can enhance
their users’ privacy
Stefan Weiss
Web 2.0 Expo Berlin
November 8, 2007 2. Your users may control the Information Age but …
2 Web 2.0 Expo Berlin 2007 ©2007 Deloitte & Touche GmbH Wirtschaftsprüfungsgesellschaft 3. … are they controlling their own personal data too?
3 Web 2.0 Expo Berlin 2007 ©2007 Deloitte & Touche GmbH Wirtschaftsprüfungsgesellschaft 4. What are we talking about?
• Personal data
• Information privacy
• Harmful, privacy-invasive activities
• Its importance for Web 2.0 applications
• Your responsibilities
• What to do?
4 Web 2.0 Expo Berlin 2007 ©2007 Deloitte & Touche GmbH Wirtschaftsprüfungsgesellschaft 5. The EU (Art. 20 Working Party) has recently released
an opinion on what they consider to be personal data
Personal data
shall mean any information relating to an identified
or identifiable natural person (“data subject”);
an identifiable person is one who can be identified,
directly or indirectly, in particular by reference to
an identification number or to one or more factors
specific to his physical, physiological, mental,
economic, cultural or social identity.1
1 Opinion 4/2007, WP 136, Article 29 Data Protection Working Party, adopted June 20, 2007.
5 Web 2.0 Expo Berlin 2007 ©2007 Deloitte & Touche GmbH Wirtschaftsprüfungsgesellschaft 6. That’s a broad definition and includes a lot of data
that you are processing with your applications
EXAMPLES:
• Name, Gender, Date of birth
• Home address, Personal telephone number or Email
• Government identifiers (ex. social security number, ID numbers)
PERSONAL • Biometric identifier
• Photograph or video identifiable to an individual
• Behavioural information (e.g., in a CRM system)
• Medical records, Health plan beneficiary information
HEALTH • Physical or mental health information
• Provided health services or any information collected during the health service
• Account numbers (bank accounts, credit cards, etc.)
FINANCIAL • Financial history
• Salary information
• Racial or ethnic origin
• Religious or philosophical beliefs
• Trade-union membership
SENSITIVE • Sexual orientation
• Offences, criminal convictions or security measures
• Combinations of certain information (e.g., name and SSN)
6 Web 2.0 Expo Berlin 2007 ©2007 Deloitte & Touche GmbH Wirtschaftsprüfungsgesellschaft 7. With 2.0 applications, add personal data that is
indirectly used in a different context such as:
EXAMPLES:
• Name, Gender, Date of birth
• Home address, Personal telephone number or Email
• Government identifiers (ex. social security number, ID numbers)
PERSONAL • Biometric identifier
• Photograph or video identifiable to an individual
• Behavioural Group and personal affiliations
• information (e.g., in a CRM system)
• User behaviour
• Medical records, Health plan beneficiary information
HEALTH • Surfing patterns
• Physical or mental health information
• Provided health services or any information or feelings the health service
• Comments, opinions collected during
• Likes and dislikes
• Account numbers (bank accounts, credit cards, etc.)
• Graphical material (photos, videos)
FINANCIAL • Financial history
• Salary information and functions
• Roles
•
• etc.
Racial or ethnic origin
• Religious or philosophical beliefs
• Trade-union membership
SENSITIVE • Sexual orientation
• Offences, criminal convictions or security measures
• Combinations of certain information (e.g., name and SSN)
7 Web 2.0 Expo Berlin 2007 ©2007 Deloitte & Touche GmbH Wirtschaftsprüfungsgesellschaft 8. Information privacy should determine when, how,
and to what extent this personal data is processed.
Information Privacy
is defined as
“being the claim of individuals, groups, or
institutions to determine for themselves when,
how, and to what extent information about them is
communicated to others.2
2 Alan Westin, Privacy and Freedom, 1967.
8 Web 2.0 Expo Berlin 2007 ©2007 Deloitte & Touche GmbH Wirtschaftsprüfungsgesellschaft 9. Privacy is not about getting your private space
9 Web 2.0 Expo Berlin 2007 ©2007 Deloitte & Touche GmbH Wirtschaftsprüfungsgesellschaft 10. Harmful and privacy-invasive activities on the Web
are continuously increasing
Examples for privacy invasive activities
Lost Data
Adware/Spyware Distortion
Misuse
Appropriation Unwanted Exposure
Phishing
Blackmail Fraud
Sexual Solicitation
Breach of Confidentiality Identity Theft
Spam
Cyber Crime Inaccuracy
Unsolicited Marketing
Data Integrity Intrusion
Third Party Sharing
Discrimination Loss of Control
etc.2
2 Also see ENISA Position Paper No. 1 – Security Issues and Recommendations for Online Social Networks, October 2007.
10 Web 2.0 Expo Berlin 2007 ©2007 Deloitte & Touche GmbH Wirtschaftsprüfungsgesellschaft 11. How come these guys didn’t think of that?
11 Web 2.0 Expo Berlin 2007 ©2007 Deloitte & Touche GmbH Wirtschaftsprüfungsgesellschaft 12. And how does that relate to the Web 2.0?
12 Web 2.0 Expo Berlin 2007 ©2007 Deloitte & Touche GmbH Wirtschaftsprüfungsgesellschaft 13. Do you know Freddie Staur4?
• Sophos Facebook ID probe shows 41% of users happy
to reveal all to potential identity thieves
• Research highlights dangers of irresponsible behavior on
social networking sites
4 www.sophos.com/facebook, Survey among 200 randomly chosen Facebook users, August 2007.
13 Web 2.0 Expo Berlin 2007 ©2007 Deloitte & Touche GmbH Wirtschaftsprüfungsgesellschaft 14. Privacy 2.0 needs to address new challenges that go
way beyond simple data protection measures
New rules New Privacy Challenges
on the Web 2.02
Openness Openness contradicts protection schemes
Peering Peer-produced personal data
Sharing Difficult to set data ownership
Acting globally Myriad of rules and regulations to adhere to
2 Don Tapscott, “Wikinomics – How Mass Collaboration Changes Everything”, December 2006.
14 Web 2.0 Expo Berlin 2007 ©2007 Deloitte & Touche GmbH Wirtschaftsprüfungsgesellschaft 15. Privacy 1.0 focused more on access authorization
and protecting data
• Data security
• Information hiding
• Access control
• And maybe limiting the collection of data
15 Web 2.0 Expo Berlin 2007 ©2007 Deloitte & Touche GmbH Wirtschaftsprüfungsgesellschaft 16. But simple data protection measures do not work for
lots of Web 2.0 applications
Contradictions
1.0 2.0
Limit data collection Data is everywhere
Disguise identity Visible identity
Only authorized access Everyone can see
16 Web 2.0 Expo Berlin 2007 ©2007 Deloitte & Touche GmbH Wirtschaftsprüfungsgesellschaft 17. Example: New group dynamics in social networking
applications create more complex data structures
Source: Forrester Research
“Social Computing Upends Past Knowledge Management Archetypes” Report, March 8, 2007
17 Web 2.0 Expo Berlin 2007 ©2007 Deloitte & Touche GmbH Wirtschaftsprüfungsgesellschaft 18. Example: Attractive user data on social networking
sites increase the expected risk of data abuse
18 Web 2.0 Expo Berlin 2007 ©2007 Deloitte & Touche GmbH Wirtschaftsprüfungsgesellschaft 19. Challenge: Manage the Privacy 2.0 Bermuda Triangle
Data is
everywhere
User’s
Privacy
High value of Vulnerable
personal data technology
19 Web 2.0 Expo Berlin 2007 ©2007 Deloitte & Touche GmbH Wirtschaftsprüfungsgesellschaft 20. What are your responsibilities?
• Meeting user expectations
• Complying with laws and regulations
• Protecting your company’s assets, brand and image
• Communicating your data handling practices openly
20 Web 2.0 Expo Berlin 2007 ©2007 Deloitte & Touche GmbH Wirtschaftsprüfungsgesellschaft 21. Allow the user to participate (!) and address all
privacy principles (not only data protection)
•Have the user control his data
Self-Control
•Provide choices (privacy settings)
•Context-driven
Rules for Usage •Assign purpose to data
•Assure data provenance is known
•Set privacy policies, code of conduct
•Provide notices and “alarms”
Accountability
•Full transparency over what you do
•Control third-party sharing
21 Web 2.0 Expo Berlin 2007 ©2007 Deloitte & Touche GmbH Wirtschaftsprüfungsgesellschaft 22. At a minimum, your users expect from you as a
provider that
• their personal data is processed fairly and only for the
“specified” purpose
• you comply with laws and regulations
22 Web 2.0 Expo Berlin 2007 ©2007 Deloitte & Touche GmbH Wirtschaftsprüfungsgesellschaft 23. Compliance goes beyond local data protection laws
Laws and Regulations
(Regional, National/Federal, State)
Contracts, Service Agreements
Privacy
Professional/Industry Standards
Requirements
Brand/Competitive Requirements
Corporate Policies, Codes of Conduct
23 Web 2.0 Expo Berlin 2007 ©2007 Deloitte & Touche GmbH Wirtschaftsprüfungsgesellschaft 24. It is like steering a treasure chest full of personal data
through the rough and open waters of Cyberspace …
24 Web 2.0 Expo Berlin 2007 ©2007 Deloitte & Touche GmbH Wirtschaftsprüfungsgesellschaft 25. How to handle and steer the ship through different waters:
Regional, federal or state data protection legislation
(BDSG, EU Directive, PIPEDA etc.)
How to signal and communicate:
Email, Fax, Telecommunications
(E-Privacy Directive, TCPA, TSR, etc.)
How to deal with pirates:
Anti-fraud, Unfair practices
(UDTP, CAN-SPAM, JFPA etc.)
Protecting very vulnerable gems:
Personal data from children
(COPPA)
How to protect the most valuable treasures:
Financial data, credit data, health data
(GLBA, FCRA, FACTA, HIPPA, etc.)
25 Web 2.0 Expo Berlin 2007 ©2007 Deloitte & Touche GmbH Wirtschaftsprüfungsgesellschaft 26. You need to set up your individual compliance
strategy – what applies to you?
s
w
la
Special privacy and
e
al
tiv
n
data protection
tio
c
86
A
re
PP
na
13
Di
regulations that may go 20%
CO
SB
EU
EU
beyond the „norm“.
Privacy and data
protection legislation
that are similar in 80%
various jurisdictions
26 Web 2.0 Expo Berlin 2007 ©2007 Deloitte & Touche GmbH Wirtschaftsprüfungsgesellschaft 27. Adhering to the following set of internationally
applicable Privacy Principles should be your strategy
• Consent and Choice
• Accountability
• Purpose Specification
• Collection Limitation
• Use, Retention and Disclosure Limitation
• Data Minimization
• Accuracy and Quality
• Openness, Transparency and Notice
• Individual Participation and Access
• Security Safeguards
• Compliance
27 Web 2.0 Expo Berlin 2007 ©2007 Deloitte & Touche GmbH Wirtschaftsprüfungsgesellschaft 28. Using the following data life cycle reference
framework focuses your efforts to key data processes
• Which privacy requirements do you have to think about
in each data processing life cycle?
2
1 Usage
Collection
Disposal
3
Storage
4
Transfer 5
28 Web 2.0 Expo Berlin 2007 ©2007 Deloitte & Touche GmbH Wirtschaftsprüfungsgesellschaft 29. Implementing a Privacy Management Program
Assess Design
Privacy
Program
.
Maintain Communicate
29 Web 2.0 Expo Berlin 2007 ©2007 Deloitte & Touche GmbH Wirtschaftsprüfungsgesellschaft 30. The challenge remains on how to communicate your
privacy handling practices to your users!
30 Web 2.0 Expo Berlin 2007 ©2007 Deloitte & Touche GmbH Wirtschaftsprüfungsgesellschaft 31. How to communicate to your users?
31 Web 2.0 Expo Berlin 2007 ©2007 Deloitte & Touche GmbH Wirtschaftsprüfungsgesellschaft 32. How to communicate to your users?
Source: Mary Rundle, International Data Protection and Digital Identity Management Tools, mrundle[at]cyber.law.harvard.edu, 2006.
32 Web 2.0 Expo Berlin 2007 ©2007 Deloitte & Touche GmbH Wirtschaftsprüfungsgesellschaft 33. Communicating your Privacy Policy Using P3P3
• Basic elements of a Website privacy policy
– Surrounding tags
– Entity information
– Access information
– Dispute/Remedies information
– Statements regarding the data practices
– Information types within categories tag (see Appendix 1)
• Cookies Handling Practices (Appendix 4)
• Example for user tool: ‘Privacy Bird’
(www.privacybird.org)
• Tagging Data in P3P
(see Appendices 1-3)
3 Helena and Stefan Lindskog, “Web Site Privacy with P3P”, Wiley Publishing, Inc., 2003.
33 Web 2.0 Expo Berlin 2007 ©2007 Deloitte & Touche GmbH Wirtschaftsprüfungsgesellschaft 34. And what if you don’t?
Think of
• Compliance with laws and regulations
• Corporate Liability
• Image, Brand Reputation
• Your users’ expectations
• Trust
34 Web 2.0 Expo Berlin 2007 ©2007 Deloitte & Touche GmbH Wirtschaftsprüfungsgesellschaft 35. “History will record what we, here in the early
decades of the information age, did to foster
freedom, liberty and democracy.quot;
-- Bruce Schneier, July 15, 2007
35 Web 2.0 Expo Berlin 2007 ©2007 Deloitte & Touche GmbH Wirtschaftsprüfungsgesellschaft 36. Contact Details
Stefan Weiss Franklinstrasse 50 Stefan Weiss Gräfstraße 78
60486 Frankfurt am Main 60054 Frankfurt am Main
Senior Manager PhD Student
Tel.: + 49 69 75695 6355 Tel.: + 49 69 798 25301
Security & Privacy Services T-Mobile Chair of
Fax: + 49 69 75695 6719 Fax: + 49 69 798 25306
M-Commerce and
Mobile + 49 172 3590 674 Mobile + 49 172 3590 674
Multilateral Security
stefanweiss@deloitte.de stefan.weiss@m-lehrstuhl.de
www.deloitte.com/de/security www.m-lehrstuhl.de
36 Web 2.0 Expo Berlin 2007 ©2007 Deloitte & Touche GmbH Wirtschaftsprüfungsgesellschaft 37. Deloitte refers to one or more of Deloitte Touche Tohmatsu, a Swiss Verein, its member firms, and their respective subsidiaries and
affiliates. As a Swiss Verein (association), neither Deloitte Touche Tohmatsu nor any of its member firms has any liability for each other's
acts or omissions. Each of the member firms is a separate and independent legal entity operating under the names quot;Deloittequot;, quot;Deloitte &
Touchequot;, quot;Deloitte Touche Tohmatsuquot;, or other related names. Services are provided by the member firms or their subsidiaries or affiliates Member of
and not by the Deloitte Touche Tohmatsu Verein. Copyright ©2007 by Deloitte Touche Tohmatsu. All rights reserved. Deloitte Touche Tohmatsu 38. Appendix 1
Possible Elements within the Categories Tag
<physical/> <state/>
<online/> <political/>
<uniqueid/> <health/>
<purchase/> <preference/>
<financial/> <location/>
<computer/> <government/>
<navigation/>
<interactive/> <other-category>
<demographic/> string
<content/> </other-category>
38 Web 2.0 Expo Berlin 2007 ©2007 Deloitte & Touche GmbH Wirtschaftsprüfungsgesellschaft 39. Appendix 2
Possible Elements within the Purpose Tag
<current/>
<admin/>
<develop/>
<tailoring/>
<pseudo-analysis/>
<pseudo-decision/>
<individual-analysis/>
<individual-decision/>
<contact/>
<historical/>
<telemarketing/>
39 Web 2.0 Expo Berlin 2007 ©2007 Deloitte & Touche GmbH Wirtschaftsprüfungsgesellschaft 40. Appendix 3
Possible Elements within the Recipient Tag
<ours/>
<delivery/>
<same/>
<other-recipient/>
<unrelated/>
<public/>
40 Web 2.0 Expo Berlin 2007 ©2007 Deloitte & Touche GmbH Wirtschaftsprüfungsgesellschaft 41. Appendix 4
A Privacy Recipe for Cookies
• Include statements on cookies in your privacy policy
• Remember to enhance user privacy also by managing
the data used for cookies
• Do not store any data in a cookie (only on a server)
• Add the following tokens to the policy statements on
cookies practices for:
– Access, Remedies, Purpose, Recipient, Retention,
Categories
• The use of cookies within European countries will be
allowed only if the user is provided with clear and
comprehensive information about the purpose of the
cookies and is offered the right to refuse cookies –
thus, the need for policy statements is clear!
41 Web 2.0 Expo Berlin 2007 ©2007 Deloitte & Touche GmbH Wirtschaftsprüfungsgesellschaft 42. Call for Participation
Research Study on Concerns for Information Privacy in
Social Networking (Web 2.0) Applications
Inviting Privacy, Security, and Web 2.0 Experts
Stefan Weiss
Johann Wolfgang Goethe University
Frankfurt am Main
November 8, 2007
42 Web 2.0 Expo Berlin 2007 ©2007 Deloitte & Touche GmbH Wirtschaftsprüfungsgesellschaft 43. Research Goals and Research Methods
Research Goals
• Conduct expert surveys to understand and focus in on most important
requirements for a privacy-enhanced Web experience
• Develop privacy-enhanced method/concept for Social Networking (Web 2.0)
Applications
Research Method: Series of 2-3 expert surveys (Delphi)
• Get understanding of main concerns, requirements and existing material
• Applying applicable expert knowledge to technical use case „Social Networking
Applications“
• Evaluating and justifying the privacy-enhanced method to be developed
43 Web 2.0 Expo Berlin 2007 ©2007 Deloitte & Touche GmbH Wirtschaftsprüfungsgesellschaft 44. Your Participation
Requirements for Participation
• Have good expertise on either one or all of these areas: privacy, security or
web 2.0 applications
• Maximum of 3 x 40 minutes of your time over the course of 6 months
Notes
• Research is university research and will be made public through the published
PhD thesis
• Your personal information is not used for any other purpose than contacting
you throughout the research project
Please speak to me or write me an Email if you like to participate:
stefan.weiss@m-lehrstuhl.de
+49 172 3590674
44 Web 2.0 Expo Berlin 2007 ©2007 Deloitte & Touche GmbH Wirtschaftsprüfungsgesellschaft