SlideShare ist ein Scribd-Unternehmen logo

Privacy by design

blogzilla
blogzilla

Originally presented at PRIMMA mobile privacy workshop, Imperial College London, 23 Sep 2010. Updated version given at Security and Privacy in Implantable Medical Devices workshop, EPFL, 1 April 2011, and a German Academy of Engineering conference in Berlin on 26 March 2012. Compact version given at Urban Prototyping conference, Imperial College London, 9 April 2013. Updated with ENISA privacy engineering report for 3rd Latin American Data Protection conference in Medellin, 28-29 May 2015.

TechnologieNews & Politik
1 von 13
Downloaden Sie, um offline zu lesen
Privacy by Design Ian Brown, Prof. of Information Security and Privacy Oxford Internet Institute, University of Oxford @IanBrownOII
Privacy by Design principles 1. Proactive not Reactive; Preventative not Remedial 2. Privacy as the Default Setting 3. Privacy Embedded into Design 4. Full Functionality: Positive-Sum, not Zero-Sum 5. End-to-End Security — Full Lifecycle Protection 6. Visibility and Transparency — Keep it Open 7. Respect for User Privacy — Keep it User-Centric Cavoukian et al. (2010)
32nd International Conference of DP and Privacy Commissioners (Jerusalem 2010) 1. Recognize Privacy by Design as an essential component of fundamental privacy protection; 2. Encourage the adoption of Privacy by Design’s Foundational Principles… as guidance to establishing privacy as an organization’s default mode of operation; 3. Invite Data Protection and Privacy Commissioners/Authorities to: a. promote Privacy by Design, as widely as possible through distribution of materials, education and personal advocacy; b. foster the incorporation of the Privacy by Design Foundational Principles in the formulation of privacy policy and legislation within their respective jurisdictions; c. proactively encourage research on Privacy by Design…
General Data Protection Regulation §23: Data protection by design and by default 1. …the controller… shall…implement appropriate and proportionate technical and organisational measures and procedures in such a way that the processing will meet the requirements of this Regulation and ensure the protection of the rights of the data subject… 2. The controller shall ensure that, by default, only those personal data are processed which are necessary for each specific purpose of the processing and are especially not collected, retained or disseminated beyond the minimum necessary for those purposes… COM(2012) 11 final
European Parliament’s additions • 1 … Data protection by design shall have particular regard to the entire lifecycle management of personal data from collection to processing to deletion, systematically focusing on comprehensive procedural safeguards regarding the accuracy, confidentiality, integrity, physical security and deletion of personal data. • 1a In order to foster its widespread implementation in different economic sectors, data protection by design shall be a prerequisite for public procurement tenders
Privacy system requirements • Purpose limitation (comprising both specification of the purpose and limiting the use to that stated purpose) • Data minimisation • Data quality • Transparency (Openness in OECD terms). • Data subject rights (in terms of consent, and the right to view, erase, and rectify personal data) • The right to be forgotten. • Adequate protection (Security Safeguards in OECD terms). • Data portability • Data breach notifications. • Accountability and (provable) compliance J-H Hoepmann (2014)
Privacy design strategies Strategy Pattern Minimise Select before you collect; anonymisation; pseudonymisation Hide (from all, or third, parties) Encryption, onion routing, anonymous credentials, homomorphic encryption Separate Distributed processing and storage where feasible; split database tables; secure multi-party computation; unlinkability Aggregate Aggregation over time and geography; dynamic location granularity Inform Transparency, data breach notifications, UI design Control Informed consent, UI design Enforce Access control, privacy rights management Demonstrate Privacy rights management, logging J-H Hoepmann (2014)
“Spy bins” and smartphones Image: Renew London
Transport pricing • Monitor all traffic centrally (London), at kerbside (W London) or deduct payment from pay-as-you-go toll cards (Singapore)? On- board unit (Balasch et al. 2010)? Or tax parking spaces? • Link all payment card usage (Oyster) or use unlinkable RFID tokens (Shenzen)? MIT Technology Review (2006)
Privacy-friendly smart meters • Personal data remains at customer premises under their direct control • Network broadcasts tariff data to meters, which control appliances • Heavily aggregated information used for billing and price comparison Rial and Danezis (2011)
Location-Based Services • Can we use features of mobile phone networks to supply anonymous, targeted adverts? H Haddadi, P Hui, T Henderson and I Brown (2010) MobiAd: Private and Scalable Mobile Advertising, ACM International Workshop on Mobility in the Evolving Internet Architecture, Chicago
Limitations • ENISA experts identify: • Fragility/non-composability of privacy properties • Privacy metrics and utility limitations • Increased complexity • Implementation obstacles • Unclear or too narrow interpretation • Utility in Internet of Things and Big Data systems • FTC staff IoT report: “flexible” minimisation: don’t collect data, or unneeded data, or sensitive data; de-identify; or seek consent • Article 29 Working Party: “insists that the data minimisation principle plays an essential role” (Opinion 8/2014) • EDPS: DP must cover “use and collection of data. A differentiation in this regard has never been made in EU data protection law and it has the potential to weaken the protection of fundamental rights.”
References • J. Balasch, A. Rial, C. Troncoso, C. Geuens, B. Preneel and I. Verbauwhede (2010) PrETP: Privacy-Preserving Electronic Toll Pricing. Usenix Security Symposium, pp. 63-78. • ENISA (2014), Privacy and Data Protection by Design – from policy to engineering. • European Data Protection Supervisor (2015) Value of the EU Data Protection Reform against the Big Data challenges, 5th European Data Protection Days, Berlin. • Federal Trade Commission Staff Report, Internet of Things: Privacy & Security in a Connected World, Jan. 2015. • H. Haddadi, P. Hui and I. Brown (2010) MobiAd: Private and Scalable Mobile Advertising, ACM International Workshop on Mobility in the Evolving Internet Architecture, Chicago. • J.-H. Hoepman (2014) Privacy Design Strategies (extended abstract). ICT Systems Security and Privacy Protection - 29th IFIP TC 11 International Conference, SEC 2014, Marrakech. • A. Rial and G. Danezis (2011) Privacy-Preserving Smart Metering, ACM Workshop on Privacy in the Electronic Society, Chicago.

Empfohlen

Privacy by Design - taking in account the state of the art
Privacy by Design - taking in account the state of the artPrivacy by Design - taking in account the state of the art
Privacy by Design - taking in account the state of the artJames Mulhern
 
Privacy by Design and by Default + General Data Protection Regulation with Si...
Privacy by Design and by Default + General Data Protection Regulation with Si...Privacy by Design and by Default + General Data Protection Regulation with Si...
Privacy by Design and by Default + General Data Protection Regulation with Si...Peter Procházka
 
Privacy-ready Data Protection Program Implementation
Privacy-ready Data Protection Program ImplementationPrivacy-ready Data Protection Program Implementation
Privacy-ready Data Protection Program ImplementationEryk Budi Pratama
 
Privacy by Design: White Papaer
Privacy by Design: White PapaerPrivacy by Design: White Papaer
Privacy by Design: White PapaerKristyn Greenwood
 
LGPD | CICLO DE PALESTRAS
LGPD | CICLO DE PALESTRASLGPD | CICLO DE PALESTRAS
LGPD | CICLO DE PALESTRASWellington Monaco
 
Privacy by Design: legal perspective
Privacy by Design: legal perspectivePrivacy by Design: legal perspective
Privacy by Design: legal perspectiveDr. Mira Suleimenova, CIPPe
 
Common Practice in Data Privacy Program Management
Common Practice in Data Privacy Program ManagementCommon Practice in Data Privacy Program Management
Common Practice in Data Privacy Program ManagementEryk Budi Pratama
 
Practical steps to GDPR compliance
Practical steps to GDPR compliance Practical steps to GDPR compliance
Practical steps to GDPR compliance Jean-Michel Franco
 

Empfohlen

Privacy by Design - taking in account the state of the art
Privacy by Design - taking in account the state of the artPrivacy by Design - taking in account the state of the art
Privacy by Design - taking in account the state of the artJames Mulhern
 
Privacy by Design and by Default + General Data Protection Regulation with Si...
Privacy by Design and by Default + General Data Protection Regulation with Si...Privacy by Design and by Default + General Data Protection Regulation with Si...
Privacy by Design and by Default + General Data Protection Regulation with Si...Peter Procházka
 
Privacy-ready Data Protection Program Implementation
Privacy-ready Data Protection Program ImplementationPrivacy-ready Data Protection Program Implementation
Privacy-ready Data Protection Program ImplementationEryk Budi Pratama
 
Privacy by Design: White Papaer
Privacy by Design: White PapaerPrivacy by Design: White Papaer
Privacy by Design: White PapaerKristyn Greenwood
 
LGPD | CICLO DE PALESTRAS
LGPD | CICLO DE PALESTRASLGPD | CICLO DE PALESTRAS
LGPD | CICLO DE PALESTRASWellington Monaco
 
Privacy by Design: legal perspective
Privacy by Design: legal perspectivePrivacy by Design: legal perspective
Privacy by Design: legal perspectiveDr. Mira Suleimenova, CIPPe
 
Common Practice in Data Privacy Program Management
Common Practice in Data Privacy Program ManagementCommon Practice in Data Privacy Program Management
Common Practice in Data Privacy Program ManagementEryk Budi Pratama
 
Practical steps to GDPR compliance
Practical steps to GDPR compliance Practical steps to GDPR compliance
Practical steps to GDPR compliance Jean-Michel Franco
 
Data Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - ErykData Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - ErykEryk Budi Pratama
 
Training privacy by design
Training privacy by designTraining privacy by design
Training privacy by designTommy Vandepitte
 
Data Governance Intro.pptx
Data Governance Intro.pptxData Governance Intro.pptx
Data Governance Intro.pptxBHARATH KUNAMNENI
 
Everything you Need to Know about The Data Protection Officer Role
Everything you Need to Know about The Data Protection Officer Role Everything you Need to Know about The Data Protection Officer Role
Everything you Need to Know about The Data Protection Officer Role HackerOne
 
Privacy by design
Privacy by designPrivacy by design
Privacy by designMichelangelo van Dam
 
Gdpr presentation
Gdpr presentationGdpr presentation
Gdpr presentationSudarsan Reddy
 
GDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection RegulationGDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection RegulationVicky Dallas
 
Enterprise Security Architecture: From access to audit
Enterprise Security Architecture: From access to auditEnterprise Security Architecture: From access to audit
Enterprise Security Architecture: From access to auditBob Rhubart
 
Data Privacy Protection Competrency Guide by a Data Subject
Data Privacy Protection Competrency Guide by a Data SubjectData Privacy Protection Competrency Guide by a Data Subject
Data Privacy Protection Competrency Guide by a Data SubjectJohn Macasio
 
Data, Information And Knowledge Management Framework And The Data Management ...
Data, Information And Knowledge Management Framework And The Data Management ...Data, Information And Knowledge Management Framework And The Data Management ...
Data, Information And Knowledge Management Framework And The Data Management ...Alan McSweeney
 
Protection of big data privacy
Protection of big data privacyProtection of big data privacy
Protection of big data privacyredpel dot com
 
The Definitive Guide to Data Loss Prevention
The Definitive Guide to Data Loss PreventionThe Definitive Guide to Data Loss Prevention
The Definitive Guide to Data Loss PreventionDigital Guardian
 
Brochure forcepoint dlp_en
Brochure forcepoint dlp_enBrochure forcepoint dlp_en
Brochure forcepoint dlp_enSeenee Permal, CISA, CISM
 
Data Loss Prevention
Data Loss PreventionData Loss Prevention
Data Loss Preventiondj1arry
 
DLP
DLPDLP
DLPsaurabh.sood
 
Data Quality
Data QualityData Quality
Data Qualityjerdeb
 
DAS Slides: Data Governance - Combining Data Management with Organizational ...
DAS Slides: Data Governance - Combining Data Management with Organizational ...DAS Slides: Data Governance - Combining Data Management with Organizational ...
DAS Slides: Data Governance - Combining Data Management with Organizational ...DATAVERSITY
 
The Data Driven University - Automating Data Governance and Stewardship in Au...
The Data Driven University - Automating Data Governance and Stewardship in Au...The Data Driven University - Automating Data Governance and Stewardship in Au...
The Data Driven University - Automating Data Governance and Stewardship in Au...Pieter De Leenheer
 
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...PECB
 
Urgensi RUU Perlindungan Data Pribadi
Urgensi RUU Perlindungan Data PribadiUrgensi RUU Perlindungan Data Pribadi
Urgensi RUU Perlindungan Data PribadiEryk Budi Pratama
 
Nurturing User Trust_ Designing Privacy-Centric Websites in a Data-Driven Wor...
Nurturing User Trust_ Designing Privacy-Centric Websites in a Data-Driven Wor...Nurturing User Trust_ Designing Privacy-Centric Websites in a Data-Driven Wor...
Nurturing User Trust_ Designing Privacy-Centric Websites in a Data-Driven Wor...Gerryspeck
 
2020 Geography in Government: Trends
2020 Geography in Government: Trends2020 Geography in Government: Trends
2020 Geography in Government: TrendsPLACE
 

Weitere ähnliche Inhalte

Was ist angesagt?

Data Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - ErykData Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - ErykEryk Budi Pratama
 
Training privacy by design
Training privacy by designTraining privacy by design
Training privacy by designTommy Vandepitte
 
Everything you Need to Know about The Data Protection Officer Role
Everything you Need to Know about The Data Protection Officer Role Everything you Need to Know about The Data Protection Officer Role
Everything you Need to Know about The Data Protection Officer Role HackerOne
 
GDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection RegulationGDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection RegulationVicky Dallas
 
Enterprise Security Architecture: From access to audit
Enterprise Security Architecture: From access to auditEnterprise Security Architecture: From access to audit
Enterprise Security Architecture: From access to auditBob Rhubart
 
Data Privacy Protection Competrency Guide by a Data Subject
Data Privacy Protection Competrency Guide by a Data SubjectData Privacy Protection Competrency Guide by a Data Subject
Data Privacy Protection Competrency Guide by a Data SubjectJohn Macasio
 
Data, Information And Knowledge Management Framework And The Data Management ...
Data, Information And Knowledge Management Framework And The Data Management ...Data, Information And Knowledge Management Framework And The Data Management ...
Data, Information And Knowledge Management Framework And The Data Management ...Alan McSweeney
 
Protection of big data privacy
Protection of big data privacyProtection of big data privacy
Protection of big data privacyredpel dot com
 
The Definitive Guide to Data Loss Prevention
The Definitive Guide to Data Loss PreventionThe Definitive Guide to Data Loss Prevention
The Definitive Guide to Data Loss PreventionDigital Guardian
 
Data Loss Prevention
Data Loss PreventionData Loss Prevention
Data Loss Preventiondj1arry
 
Data Quality
Data QualityData Quality
Data Qualityjerdeb
 
DAS Slides: Data Governance - Combining Data Management with Organizational ...
DAS Slides: Data Governance - Combining Data Management with Organizational ...DAS Slides: Data Governance - Combining Data Management with Organizational ...
DAS Slides: Data Governance - Combining Data Management with Organizational ...DATAVERSITY
 
The Data Driven University - Automating Data Governance and Stewardship in Au...
The Data Driven University - Automating Data Governance and Stewardship in Au...The Data Driven University - Automating Data Governance and Stewardship in Au...
The Data Driven University - Automating Data Governance and Stewardship in Au...Pieter De Leenheer
 
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...PECB
 
Urgensi RUU Perlindungan Data Pribadi
Urgensi RUU Perlindungan Data PribadiUrgensi RUU Perlindungan Data Pribadi
Urgensi RUU Perlindungan Data PribadiEryk Budi Pratama
 

Was ist angesagt? (20)

Data Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - ErykData Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - Eryk
 
Training privacy by design
Training privacy by designTraining privacy by design
Training privacy by design
 
Data Governance Intro.pptx
Data Governance Intro.pptxData Governance Intro.pptx
Data Governance Intro.pptx
 
Everything you Need to Know about The Data Protection Officer Role
Everything you Need to Know about The Data Protection Officer Role Everything you Need to Know about The Data Protection Officer Role
Everything you Need to Know about The Data Protection Officer Role
 
Privacy by design
Privacy by designPrivacy by design
Privacy by design
 
Gdpr presentation
Gdpr presentationGdpr presentation
Gdpr presentation
 
GDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection RegulationGDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection Regulation
 
Enterprise Security Architecture: From access to audit
Enterprise Security Architecture: From access to auditEnterprise Security Architecture: From access to audit
Enterprise Security Architecture: From access to audit
 
Data Privacy Protection Competrency Guide by a Data Subject
Data Privacy Protection Competrency Guide by a Data SubjectData Privacy Protection Competrency Guide by a Data Subject
Data Privacy Protection Competrency Guide by a Data Subject
 
Data, Information And Knowledge Management Framework And The Data Management ...
Data, Information And Knowledge Management Framework And The Data Management ...Data, Information And Knowledge Management Framework And The Data Management ...
Data, Information And Knowledge Management Framework And The Data Management ...
 
Protection of big data privacy
Protection of big data privacyProtection of big data privacy
Protection of big data privacy
 
The Definitive Guide to Data Loss Prevention
The Definitive Guide to Data Loss PreventionThe Definitive Guide to Data Loss Prevention
The Definitive Guide to Data Loss Prevention
 
Brochure forcepoint dlp_en
Brochure forcepoint dlp_enBrochure forcepoint dlp_en
Brochure forcepoint dlp_en
 
Data Loss Prevention
Data Loss PreventionData Loss Prevention
Data Loss Prevention
 
DLP
DLPDLP
DLP
 
Data Quality
Data QualityData Quality
Data Quality
 
DAS Slides: Data Governance - Combining Data Management with Organizational ...
DAS Slides: Data Governance - Combining Data Management with Organizational ...DAS Slides: Data Governance - Combining Data Management with Organizational ...
DAS Slides: Data Governance - Combining Data Management with Organizational ...
 
The Data Driven University - Automating Data Governance and Stewardship in Au...
The Data Driven University - Automating Data Governance and Stewardship in Au...The Data Driven University - Automating Data Governance and Stewardship in Au...
The Data Driven University - Automating Data Governance and Stewardship in Au...
 
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
 
Urgensi RUU Perlindungan Data Pribadi
Urgensi RUU Perlindungan Data PribadiUrgensi RUU Perlindungan Data Pribadi
Urgensi RUU Perlindungan Data Pribadi
 

Ähnlich wie Privacy by design

Nurturing User Trust_ Designing Privacy-Centric Websites in a Data-Driven Wor...
Nurturing User Trust_ Designing Privacy-Centric Websites in a Data-Driven Wor...Nurturing User Trust_ Designing Privacy-Centric Websites in a Data-Driven Wor...
Nurturing User Trust_ Designing Privacy-Centric Websites in a Data-Driven Wor...Gerryspeck
 
2020 Geography in Government: Trends
2020 Geography in Government: Trends2020 Geography in Government: Trends
2020 Geography in Government: TrendsPLACE
 
Securing, storing and enabling safe access to data
Securing, storing and enabling safe access to dataSecuring, storing and enabling safe access to data
Securing, storing and enabling safe access to dataRobin Rice
 
Data Privacy of the Internet of Things
Data Privacy of the Internet of ThingsData Privacy of the Internet of Things
Data Privacy of the Internet of Thingsmabualsh
 
A Survey Paper on an Integrated Approach for Privacy Preserving In High Dimen...
A Survey Paper on an Integrated Approach for Privacy Preserving In High Dimen...A Survey Paper on an Integrated Approach for Privacy Preserving In High Dimen...
A Survey Paper on an Integrated Approach for Privacy Preserving In High Dimen...IJSRD
 
Privacy experience in Plone and other open source CMS
Privacy experience in Plone and other open source CMSPrivacy experience in Plone and other open source CMS
Privacy experience in Plone and other open source CMSInteraktiv
 
Overview of Ethical Issues in Digital Watermarking
Overview of Ethical Issues in Digital WatermarkingOverview of Ethical Issues in Digital Watermarking
Overview of Ethical Issues in Digital WatermarkingDr. Michael Agbaje
 
FINAL presentationMay2016
FINAL presentationMay2016FINAL presentationMay2016
FINAL presentationMay2016Melissa Krasnow
 
Privacy Preserving Data Mining Using Inverse Frequent ItemSet Mining Approach
Privacy Preserving Data Mining Using Inverse Frequent ItemSet Mining ApproachPrivacy Preserving Data Mining Using Inverse Frequent ItemSet Mining Approach
Privacy Preserving Data Mining Using Inverse Frequent ItemSet Mining ApproachIRJET Journal
 
Innovative Ideas in Privacy Research.ppt
Innovative Ideas in Privacy Research.pptInnovative Ideas in Privacy Research.ppt
Innovative Ideas in Privacy Research.pptssuser991de0
 
Security Industry Association Privacy Framework
Security Industry Association Privacy FrameworkSecurity Industry Association Privacy Framework
Security Industry Association Privacy Framework- Mark - Fullbright
 
A Lifecycle Approach to Information Privacy
A Lifecycle Approach to Information PrivacyA Lifecycle Approach to Information Privacy
A Lifecycle Approach to Information PrivacyMicah Altman
 
A survey on privacy preserving data publishing
A survey on privacy preserving data publishingA survey on privacy preserving data publishing
A survey on privacy preserving data publishingijcisjournal
 
Privacy, Accountability and Trust Privacy, Accountability and Trust Privacy, ...
Privacy, Accountability and Trust Privacy, Accountability and Trust Privacy, ...Privacy, Accountability and Trust Privacy, Accountability and Trust Privacy, ...
Privacy, Accountability and Trust Privacy, Accountability and Trust Privacy, ...Karlos Svoboda
 
Mobile Solutions and Privacy – Not One at the Expense of the Other
Mobile Solutions and Privacy – Not One at the Expense of the Other Mobile Solutions and Privacy – Not One at the Expense of the Other
Mobile Solutions and Privacy – Not One at the Expense of the Otherbradley_g
 
Abid - Final Presentation .pptx
Abid - Final Presentation .pptxAbid - Final Presentation .pptx
Abid - Final Presentation .pptxSyedSaqlain32
 

Ähnlich wie Privacy by design (20)

Nurturing User Trust_ Designing Privacy-Centric Websites in a Data-Driven Wor...
Nurturing User Trust_ Designing Privacy-Centric Websites in a Data-Driven Wor...Nurturing User Trust_ Designing Privacy-Centric Websites in a Data-Driven Wor...
Nurturing User Trust_ Designing Privacy-Centric Websites in a Data-Driven Wor...
 
2020 Geography in Government: Trends
2020 Geography in Government: Trends2020 Geography in Government: Trends
2020 Geography in Government: Trends
 
Securing, storing and enabling safe access to data
Securing, storing and enabling safe access to dataSecuring, storing and enabling safe access to data
Securing, storing and enabling safe access to data
 
Data Privacy of the Internet of Things
Data Privacy of the Internet of ThingsData Privacy of the Internet of Things
Data Privacy of the Internet of Things
 
A Survey Paper on an Integrated Approach for Privacy Preserving In High Dimen...
A Survey Paper on an Integrated Approach for Privacy Preserving In High Dimen...A Survey Paper on an Integrated Approach for Privacy Preserving In High Dimen...
A Survey Paper on an Integrated Approach for Privacy Preserving In High Dimen...
 
Preparing Research Data for Sharing
Preparing Research Data for SharingPreparing Research Data for Sharing
Preparing Research Data for Sharing
 
Data security and privacy
Data security and privacyData security and privacy
Data security and privacy
 
GDPR and Security.pdf
GDPR and Security.pdfGDPR and Security.pdf
GDPR and Security.pdf
 
Privacy experience in Plone and other open source CMS
Privacy experience in Plone and other open source CMSPrivacy experience in Plone and other open source CMS
Privacy experience in Plone and other open source CMS
 
Overview of Ethical Issues in Digital Watermarking
Overview of Ethical Issues in Digital WatermarkingOverview of Ethical Issues in Digital Watermarking
Overview of Ethical Issues in Digital Watermarking
 
FINAL presentationMay2016
FINAL presentationMay2016FINAL presentationMay2016
FINAL presentationMay2016
 
Privacy Preserving Data Mining Using Inverse Frequent ItemSet Mining Approach
Privacy Preserving Data Mining Using Inverse Frequent ItemSet Mining ApproachPrivacy Preserving Data Mining Using Inverse Frequent ItemSet Mining Approach
Privacy Preserving Data Mining Using Inverse Frequent ItemSet Mining Approach
 
Innovative Ideas in Privacy Research.ppt
Innovative Ideas in Privacy Research.pptInnovative Ideas in Privacy Research.ppt
Innovative Ideas in Privacy Research.ppt
 
dexa.ppt
dexa.pptdexa.ppt
dexa.ppt
 
Security Industry Association Privacy Framework
Security Industry Association Privacy FrameworkSecurity Industry Association Privacy Framework
Security Industry Association Privacy Framework
 
A Lifecycle Approach to Information Privacy
A Lifecycle Approach to Information PrivacyA Lifecycle Approach to Information Privacy
A Lifecycle Approach to Information Privacy
 
A survey on privacy preserving data publishing
A survey on privacy preserving data publishingA survey on privacy preserving data publishing
A survey on privacy preserving data publishing
 
Privacy, Accountability and Trust Privacy, Accountability and Trust Privacy, ...
Privacy, Accountability and Trust Privacy, Accountability and Trust Privacy, ...Privacy, Accountability and Trust Privacy, Accountability and Trust Privacy, ...
Privacy, Accountability and Trust Privacy, Accountability and Trust Privacy, ...
 
Mobile Solutions and Privacy – Not One at the Expense of the Other
Mobile Solutions and Privacy – Not One at the Expense of the Other Mobile Solutions and Privacy – Not One at the Expense of the Other
Mobile Solutions and Privacy – Not One at the Expense of the Other
 
Abid - Final Presentation .pptx
Abid - Final Presentation .pptxAbid - Final Presentation .pptx
Abid - Final Presentation .pptx
 

Mehr von blogzilla

Interoperability for SNS competition
Interoperability for SNS competitionInteroperability for SNS competition
Interoperability for SNS competitionblogzilla
 
Transatlantic data flows following the Schrems II judgment
Transatlantic data flows following the Schrems II judgmentTransatlantic data flows following the Schrems II judgment
Transatlantic data flows following the Schrems II judgmentblogzilla
 
Lessons for interoperability remedies from UK Open Banking
Lessons for interoperability remedies from UK Open BankingLessons for interoperability remedies from UK Open Banking
Lessons for interoperability remedies from UK Open Bankingblogzilla
 
Covid exposure apps in England and Wales
Covid exposure apps in England and WalesCovid exposure apps in England and Wales
Covid exposure apps in England and Walesblogzilla
 
Key issues in data protection policy
Key issues in data protection policyKey issues in data protection policy
Key issues in data protection policyblogzilla
 
Trusted government access to private sector data
Trusted government access to private sector dataTrusted government access to private sector data
Trusted government access to private sector datablogzilla
 
Interoperability in the Digital Services Act
Interoperability in the Digital Services ActInteroperability in the Digital Services Act
Interoperability in the Digital Services Actblogzilla
 
Making effective policy use of academic expertise
Making effective policy use of academic expertiseMaking effective policy use of academic expertise
Making effective policy use of academic expertiseblogzilla
 
Introduction to Cybersecurity for Elections
Introduction to Cybersecurity for ElectionsIntroduction to Cybersecurity for Elections
Introduction to Cybersecurity for Electionsblogzilla
 
Cyber Essentials for Managers
Cyber Essentials for ManagersCyber Essentials for Managers
Cyber Essentials for Managersblogzilla
 
Privacy and Data Protection in South Africa
Privacy and Data Protection in South AfricaPrivacy and Data Protection in South Africa
Privacy and Data Protection in South Africablogzilla
 
Human rights and the future of surveillance - Lord Anderson QC
Human rights and the future of surveillance - Lord Anderson QCHuman rights and the future of surveillance - Lord Anderson QC
Human rights and the future of surveillance - Lord Anderson QCblogzilla
 
Data science and privacy regulation
Data science and privacy regulationData science and privacy regulation
Data science and privacy regulationblogzilla
 
Where next for encryption regulation?
Where next for encryption regulation?Where next for encryption regulation?
Where next for encryption regulation?blogzilla
 
Where next for the Regulation of Investigatory Powers Act?
Where next for the Regulation of Investigatory Powers Act?Where next for the Regulation of Investigatory Powers Act?
Where next for the Regulation of Investigatory Powers Act?blogzilla
 
Regulation and the Internet of Things
Regulation and the Internet of ThingsRegulation and the Internet of Things
Regulation and the Internet of Thingsblogzilla
 
Global Cyber Security Capacity Centre
Global Cyber Security Capacity CentreGlobal Cyber Security Capacity Centre
Global Cyber Security Capacity Centreblogzilla
 
Privacy post-Snowden
Privacy post-SnowdenPrivacy post-Snowden
Privacy post-Snowdenblogzilla
 
Keeping our secrets? Shaping Internet technologies for the public good
Keeping our secrets? Shaping Internet technologies for the public goodKeeping our secrets? Shaping Internet technologies for the public good
Keeping our secrets? Shaping Internet technologies for the public goodblogzilla
 
The Data Retention Directive: recent developments
The Data Retention Directive: recent developmentsThe Data Retention Directive: recent developments
The Data Retention Directive: recent developmentsblogzilla
 

Mehr von blogzilla (20)

Interoperability for SNS competition
Interoperability for SNS competitionInteroperability for SNS competition
Interoperability for SNS competition
 
Transatlantic data flows following the Schrems II judgment
Transatlantic data flows following the Schrems II judgmentTransatlantic data flows following the Schrems II judgment
Transatlantic data flows following the Schrems II judgment
 
Lessons for interoperability remedies from UK Open Banking
Lessons for interoperability remedies from UK Open BankingLessons for interoperability remedies from UK Open Banking
Lessons for interoperability remedies from UK Open Banking
 
Covid exposure apps in England and Wales
Covid exposure apps in England and WalesCovid exposure apps in England and Wales
Covid exposure apps in England and Wales
 
Key issues in data protection policy
Key issues in data protection policyKey issues in data protection policy
Key issues in data protection policy
 
Trusted government access to private sector data
Trusted government access to private sector dataTrusted government access to private sector data
Trusted government access to private sector data
 
Interoperability in the Digital Services Act
Interoperability in the Digital Services ActInteroperability in the Digital Services Act
Interoperability in the Digital Services Act
 
Making effective policy use of academic expertise
Making effective policy use of academic expertiseMaking effective policy use of academic expertise
Making effective policy use of academic expertise
 
Introduction to Cybersecurity for Elections
Introduction to Cybersecurity for ElectionsIntroduction to Cybersecurity for Elections
Introduction to Cybersecurity for Elections
 
Cyber Essentials for Managers
Cyber Essentials for ManagersCyber Essentials for Managers
Cyber Essentials for Managers
 
Privacy and Data Protection in South Africa
Privacy and Data Protection in South AfricaPrivacy and Data Protection in South Africa
Privacy and Data Protection in South Africa
 
Human rights and the future of surveillance - Lord Anderson QC
Human rights and the future of surveillance - Lord Anderson QCHuman rights and the future of surveillance - Lord Anderson QC
Human rights and the future of surveillance - Lord Anderson QC
 
Data science and privacy regulation
Data science and privacy regulationData science and privacy regulation
Data science and privacy regulation
 
Where next for encryption regulation?
Where next for encryption regulation?Where next for encryption regulation?
Where next for encryption regulation?
 
Where next for the Regulation of Investigatory Powers Act?
Where next for the Regulation of Investigatory Powers Act?Where next for the Regulation of Investigatory Powers Act?
Where next for the Regulation of Investigatory Powers Act?
 
Regulation and the Internet of Things
Regulation and the Internet of ThingsRegulation and the Internet of Things
Regulation and the Internet of Things
 
Global Cyber Security Capacity Centre
Global Cyber Security Capacity CentreGlobal Cyber Security Capacity Centre
Global Cyber Security Capacity Centre
 
Privacy post-Snowden
Privacy post-SnowdenPrivacy post-Snowden
Privacy post-Snowden
 
Keeping our secrets? Shaping Internet technologies for the public good
Keeping our secrets? Shaping Internet technologies for the public goodKeeping our secrets? Shaping Internet technologies for the public good
Keeping our secrets? Shaping Internet technologies for the public good
 
The Data Retention Directive: recent developments
The Data Retention Directive: recent developmentsThe Data Retention Directive: recent developments
The Data Retention Directive: recent developments
 

Kürzlich hochgeladen

Kuma Meshes Part I - The basics - A tutorial
Kuma Meshes Part I - The basics - A tutorialKuma Meshes Part I - The basics - A tutorial
Kuma Meshes Part I - The basics - A tutorialJoão Esperancinha
 
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...BookNet Canada
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxfnnc6jmgwh
 
QMMS Lesson 2 - Using MS Excel Formula.pdf
QMMS Lesson 2 - Using MS Excel Formula.pdfQMMS Lesson 2 - Using MS Excel Formula.pdf
QMMS Lesson 2 - Using MS Excel Formula.pdfROWELL MARQUINA
 
WomenInAutomation2024: AI and Automation for eveyone
WomenInAutomation2024: AI and Automation for eveyoneWomenInAutomation2024: AI and Automation for eveyone
WomenInAutomation2024: AI and Automation for eveyoneUiPathCommunity
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
Landscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfLandscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfAarwolf Industries LLC
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...Karmanjay Verma
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...itnewsafrica
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Karmanjay Verma
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...panagenda
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024TopCSSGallery
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesManik S Magar
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesThousandEyes
 

Kürzlich hochgeladen (20)

Kuma Meshes Part I - The basics - A tutorial
Kuma Meshes Part I - The basics - A tutorialKuma Meshes Part I - The basics - A tutorial
Kuma Meshes Part I - The basics - A tutorial
 
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
 
QMMS Lesson 2 - Using MS Excel Formula.pdf
QMMS Lesson 2 - Using MS Excel Formula.pdfQMMS Lesson 2 - Using MS Excel Formula.pdf
QMMS Lesson 2 - Using MS Excel Formula.pdf
 
WomenInAutomation2024: AI and Automation for eveyone
WomenInAutomation2024: AI and Automation for eveyoneWomenInAutomation2024: AI and Automation for eveyone
WomenInAutomation2024: AI and Automation for eveyone
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
Landscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfLandscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdf
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
 

Privacy by design

  • 1. Privacy by Design Ian Brown, Prof. of Information Security and Privacy Oxford Internet Institute, University of Oxford @IanBrownOII
  • 2. Privacy by Design principles 1. Proactive not Reactive; Preventative not Remedial 2. Privacy as the Default Setting 3. Privacy Embedded into Design 4. Full Functionality: Positive-Sum, not Zero-Sum 5. End-to-End Security — Full Lifecycle Protection 6. Visibility and Transparency — Keep it Open 7. Respect for User Privacy — Keep it User-Centric Cavoukian et al. (2010)
  • 3. 32nd International Conference of DP and Privacy Commissioners (Jerusalem 2010) 1. Recognize Privacy by Design as an essential component of fundamental privacy protection; 2. Encourage the adoption of Privacy by Design’s Foundational Principles… as guidance to establishing privacy as an organization’s default mode of operation; 3. Invite Data Protection and Privacy Commissioners/Authorities to: a. promote Privacy by Design, as widely as possible through distribution of materials, education and personal advocacy; b. foster the incorporation of the Privacy by Design Foundational Principles in the formulation of privacy policy and legislation within their respective jurisdictions; c. proactively encourage research on Privacy by Design…
  • 4. General Data Protection Regulation §23: Data protection by design and by default 1. …the controller… shall…implement appropriate and proportionate technical and organisational measures and procedures in such a way that the processing will meet the requirements of this Regulation and ensure the protection of the rights of the data subject… 2. The controller shall ensure that, by default, only those personal data are processed which are necessary for each specific purpose of the processing and are especially not collected, retained or disseminated beyond the minimum necessary for those purposes… COM(2012) 11 final
  • 5. European Parliament’s additions • 1 … Data protection by design shall have particular regard to the entire lifecycle management of personal data from collection to processing to deletion, systematically focusing on comprehensive procedural safeguards regarding the accuracy, confidentiality, integrity, physical security and deletion of personal data. • 1a In order to foster its widespread implementation in different economic sectors, data protection by design shall be a prerequisite for public procurement tenders
  • 6. Privacy system requirements • Purpose limitation (comprising both specification of the purpose and limiting the use to that stated purpose) • Data minimisation • Data quality • Transparency (Openness in OECD terms). • Data subject rights (in terms of consent, and the right to view, erase, and rectify personal data) • The right to be forgotten. • Adequate protection (Security Safeguards in OECD terms). • Data portability • Data breach notifications. • Accountability and (provable) compliance J-H Hoepmann (2014)
  • 7. Privacy design strategies Strategy Pattern Minimise Select before you collect; anonymisation; pseudonymisation Hide (from all, or third, parties) Encryption, onion routing, anonymous credentials, homomorphic encryption Separate Distributed processing and storage where feasible; split database tables; secure multi-party computation; unlinkability Aggregate Aggregation over time and geography; dynamic location granularity Inform Transparency, data breach notifications, UI design Control Informed consent, UI design Enforce Access control, privacy rights management Demonstrate Privacy rights management, logging J-H Hoepmann (2014)
  • 8. “Spy bins” and smartphones Image: Renew London
  • 9. Transport pricing • Monitor all traffic centrally (London), at kerbside (W London) or deduct payment from pay-as-you-go toll cards (Singapore)? On- board unit (Balasch et al. 2010)? Or tax parking spaces? • Link all payment card usage (Oyster) or use unlinkable RFID tokens (Shenzen)? MIT Technology Review (2006)
  • 10. Privacy-friendly smart meters • Personal data remains at customer premises under their direct control • Network broadcasts tariff data to meters, which control appliances • Heavily aggregated information used for billing and price comparison Rial and Danezis (2011)
  • 11. Location-Based Services • Can we use features of mobile phone networks to supply anonymous, targeted adverts? H Haddadi, P Hui, T Henderson and I Brown (2010) MobiAd: Private and Scalable Mobile Advertising, ACM International Workshop on Mobility in the Evolving Internet Architecture, Chicago
  • 12. Limitations • ENISA experts identify: • Fragility/non-composability of privacy properties • Privacy metrics and utility limitations • Increased complexity • Implementation obstacles • Unclear or too narrow interpretation • Utility in Internet of Things and Big Data systems • FTC staff IoT report: “flexible” minimisation: don’t collect data, or unneeded data, or sensitive data; de-identify; or seek consent • Article 29 Working Party: “insists that the data minimisation principle plays an essential role” (Opinion 8/2014) • EDPS: DP must cover “use and collection of data. A differentiation in this regard has never been made in EU data protection law and it has the potential to weaken the protection of fundamental rights.”
  • 13. References • J. Balasch, A. Rial, C. Troncoso, C. Geuens, B. Preneel and I. Verbauwhede (2010) PrETP: Privacy-Preserving Electronic Toll Pricing. Usenix Security Symposium, pp. 63-78. • ENISA (2014), Privacy and Data Protection by Design – from policy to engineering. • European Data Protection Supervisor (2015) Value of the EU Data Protection Reform against the Big Data challenges, 5th European Data Protection Days, Berlin. • Federal Trade Commission Staff Report, Internet of Things: Privacy & Security in a Connected World, Jan. 2015. • H. Haddadi, P. Hui and I. Brown (2010) MobiAd: Private and Scalable Mobile Advertising, ACM International Workshop on Mobility in the Evolving Internet Architecture, Chicago. • J.-H. Hoepman (2014) Privacy Design Strategies (extended abstract). ICT Systems Security and Privacy Protection - 29th IFIP TC 11 International Conference, SEC 2014, Marrakech. • A. Rial and G. Danezis (2011) Privacy-Preserving Smart Metering, ACM Workshop on Privacy in the Electronic Society, Chicago.

Hinweis der Redaktion

  1. http://www.economist.com/news/world-week/21599834-kals-cartoon?fsrc=scn/tw_ec/kals_cartoon
  2. Parliament/Council versions: https://edri.org/files/EP_Council_Comparison.pdf
  3. http://www.docstoc.com/docs/88760415/PrETP-Privacy-Preserving-Electronic-Toll-Pricing
  4. http://research.microsoft.com/en-us/projects/privacy_in_metering/mainwpes.pdf