SlideShare ist ein Scribd-Unternehmen logo

Cours CyberSécurité - Privacy

Franck Franchin
Franck Franchin

Cours CyberSécurité - Université Versailles St Quentin - Privacy - Avril 2013

BildungTechnologieBusiness
1 von 10
Mars- Avril 2013 Franck Franchin 1
Master Droit - Franck Franchin - © 2013 2 “Asking Google to educate consumers about privacy is like asking the fox to teach the chickens how to ensure the security of their coop” Consumer Watchdog, March 2013
Master Droit - Franck Franchin - © 2013  Search – Yahoo or Google keep your data for 18 months !  Webmail – Google goes through every word of every Gmail that’s sent or received to sell targeted ads.  Google Docs  Street View (Wifi traffic and pwd scans… hum ?)  Conference Management Systems - very used in academic research community with document sharing (papers, reviews, patent drafts) FREE SERVICE DOES NOT EXIST ! 3
Master Droit - Franck Franchin - © 2013  The Foreign Intelligence Surveillance Act of 1978 prescribes procedures for requesting judicial authorization for electronic surveillance and physical search of persons engaged in espionage or international terrorism against the United States on behalf of a foreign power.  The Stored Communications Act of 1986 is a law that addresses voluntary and compelled disclosure of "stored wire and electronic communications and transactional records" held by third- party internet service providers (ISPs)  Patriot Act - Signed by President George W. Bush on October 26, 200, renew by President Bush on March 9, 2006  The Foreign Intelligence Surveillance Act Amendment Act (FISAA - 2008) allows US authorities to spy on cloud data that includes Amazon Cloud Drive, Apple iCloud and Google Drive. 4
Master Droit - Franck Franchin - © 2013  The US law allows American agencies to access all private information stored with firms within Washington’s jurisdiction, without a warrant, if the information is felt to be in the US interests.  That means any company with a presence in the US and regardless of where the data is stored or the existence of any conflicting obligations under the laws where the data is located  Some US-based cloud services and hosting companies might not be able to comply with the EDPD : customers whose private data should have been disclosed under FISA won’t be always notified (which is not compliant with EC directives) 5
Master Droit - Franck Franchin - © 2013  The famous 95/46/EC Directive  The European Data Protection Directive requires companies to inform users when they disclose personal information  There are clauses in the Directive that allow data to be stored outside of the EU  Evolution in progress since 2012 ; but strong lobbying against data breach notification enforcement and data aggregation processing restrictions 6
Master Droit - Franck Franchin - © 2013  The U.S.-EU Safe Harbor Framework provides guidance for U.S. organizations on how to provide adequate protection for personal data from the EU as required by the European Union's Directive on Data Protection.  Participation is voluntary  Based on principles agreed by Directive 95/46 (October, 1995)  Five major points : ◦ Data owner has been informed of data processing and transfer ◦ Data owner can revoke the rights he granted. ◦ Explicit agreement ◦ Access and change right (aka droit d’accès et de rectification) ◦ Data security (confidentiality, integrity, availability) 7
Master Droit - Franck Franchin - © 2013  Payment card security standards body PCI Security Standards Council (PCI SSC) has released new guidance for merchants using cloud-based systems for customer payment data  “Many merchants mistakenly believe that if they outsource everything to a cloud service provider, much of of the responsibility goes away for being PCI compliant – unfortunately, that’s simply not the case,” Bob Russo, general manager at the PCI Security Standards Council “A merchant needs to ensure that a cloud services provider is PCI-compliant not just for its own piece, but for the entire spectrum, including what that provider is specifically doing for the merchant.” 8
Master Droit - Franck Franchin - © 2013  TFTP (Terrorist Financing Tracking System)/SWIFT (28 Juin 2010)  Europol in charge of  Audit conducted by Europol in Nov 2010, with warning report issued in March 2011  Too generic requests are made by US (Dpt of Treasury) but acknowledged by Europol  So generic, it’s impossible to confirm these requests are compliant with European Data Protection Directives 9
Master Droit - Franck Franchin - © 2013  Nova Scotia Case - As part of a criminal prosecution in US, the Court requested that the US subsidiary disclosed documents stored in Cayman Islands.  Valetta Case – Australian subsidiary of this Maltin bank was summoned by australian Court to disclose documents stored in Malta 10

Empfohlen

Data Privacy vs. National Security post Safe Harbor
Data Privacy vs. National Security post Safe HarborData Privacy vs. National Security post Safe Harbor
Data Privacy vs. National Security post Safe Harbor
Gayle Gorvett
 
33rd TWNIC IP OPM: Legal cooperation to overcome jurisdictional and territori...
33rd TWNIC IP OPM: Legal cooperation to overcome jurisdictional and territori...33rd TWNIC IP OPM: Legal cooperation to overcome jurisdictional and territori...
33rd TWNIC IP OPM: Legal cooperation to overcome jurisdictional and territori...
APNIC
 
EU Privacy Shield - Understanding the New Framework from TRUSTe
EU Privacy Shield - Understanding the New Framework from TRUSTeEU Privacy Shield - Understanding the New Framework from TRUSTe
EU Privacy Shield - Understanding the New Framework from TRUSTe
TrustArc
 
Martha Buyer V SCTC day conference 24 feb16
Martha Buyer V SCTC day conference 24 feb16Martha Buyer V SCTC day conference 24 feb16
Martha Buyer V SCTC day conference 24 feb16
Agustin Argelich Casals
 
Interoperable Solutions for Cross Border Data Transfers – APEC, CBPR, BCR fro...
Interoperable Solutions for Cross Border Data Transfers – APEC, CBPR, BCR fro...Interoperable Solutions for Cross Border Data Transfers – APEC, CBPR, BCR fro...
Interoperable Solutions for Cross Border Data Transfers – APEC, CBPR, BCR fro...
TrustArc
 
Patricia Ayojedi V SCTC day Cloud 24 feb16
Patricia Ayojedi V SCTC day Cloud 24 feb16Patricia Ayojedi V SCTC day Cloud 24 feb16
Patricia Ayojedi V SCTC day Cloud 24 feb16
Agustin Argelich Casals
 
[Privacy Webinar Slides] Global Enforcement Priorities
[Privacy Webinar Slides] Global Enforcement Priorities[Privacy Webinar Slides] Global Enforcement Priorities
[Privacy Webinar Slides] Global Enforcement Priorities
TrustArc
 
Should European Businesses Really Fear The Usa Patriot Act
Should European Businesses Really Fear The Usa Patriot ActShould European Businesses Really Fear The Usa Patriot Act
Should European Businesses Really Fear The Usa Patriot Act
frjennings
 

Empfohlen

Data Privacy vs. National Security post Safe Harbor
Data Privacy vs. National Security post Safe HarborData Privacy vs. National Security post Safe Harbor
Data Privacy vs. National Security post Safe Harbor
Gayle Gorvett
 
33rd TWNIC IP OPM: Legal cooperation to overcome jurisdictional and territori...
33rd TWNIC IP OPM: Legal cooperation to overcome jurisdictional and territori...33rd TWNIC IP OPM: Legal cooperation to overcome jurisdictional and territori...
33rd TWNIC IP OPM: Legal cooperation to overcome jurisdictional and territori...
APNIC
 
EU Privacy Shield - Understanding the New Framework from TRUSTe
EU Privacy Shield - Understanding the New Framework from TRUSTeEU Privacy Shield - Understanding the New Framework from TRUSTe
EU Privacy Shield - Understanding the New Framework from TRUSTe
TrustArc
 
Martha Buyer V SCTC day conference 24 feb16
Martha Buyer V SCTC day conference 24 feb16Martha Buyer V SCTC day conference 24 feb16
Martha Buyer V SCTC day conference 24 feb16
Agustin Argelich Casals
 
Interoperable Solutions for Cross Border Data Transfers – APEC, CBPR, BCR fro...
Interoperable Solutions for Cross Border Data Transfers – APEC, CBPR, BCR fro...Interoperable Solutions for Cross Border Data Transfers – APEC, CBPR, BCR fro...
Interoperable Solutions for Cross Border Data Transfers – APEC, CBPR, BCR fro...
TrustArc
 
Patricia Ayojedi V SCTC day Cloud 24 feb16
Patricia Ayojedi V SCTC day Cloud 24 feb16Patricia Ayojedi V SCTC day Cloud 24 feb16
Patricia Ayojedi V SCTC day Cloud 24 feb16
Agustin Argelich Casals
 
[Privacy Webinar Slides] Global Enforcement Priorities
[Privacy Webinar Slides] Global Enforcement Priorities[Privacy Webinar Slides] Global Enforcement Priorities
[Privacy Webinar Slides] Global Enforcement Priorities
TrustArc
 
Should European Businesses Really Fear The Usa Patriot Act
Should European Businesses Really Fear The Usa Patriot ActShould European Businesses Really Fear The Usa Patriot Act
Should European Businesses Really Fear The Usa Patriot Act
frjennings
 
What does the Proposed EU General Data Protection Regulation (GDPR) mean for ...
What does the Proposed EU General Data Protection Regulation (GDPR) mean for ...What does the Proposed EU General Data Protection Regulation (GDPR) mean for ...
What does the Proposed EU General Data Protection Regulation (GDPR) mean for ...
TrustArc
 
EU-US Privacy Shield - Safe Harbor Replacement
EU-US Privacy Shield - Safe Harbor ReplacementEU-US Privacy Shield - Safe Harbor Replacement
EU-US Privacy Shield - Safe Harbor Replacement
GACC_Midwest
 
ESET Quick Guide to the EU General Data Protection Regulation
ESET Quick Guide to the EU General Data Protection RegulationESET Quick Guide to the EU General Data Protection Regulation
ESET Quick Guide to the EU General Data Protection Regulation
ESET
 
Evertio Schrems II
Evertio Schrems IIEvertio Schrems II
Evertio Schrems II
Fanny Surjana
 
The EU Data Protection Regulation - what you need to know
The EU Data Protection Regulation - what you need to knowThe EU Data Protection Regulation - what you need to know
The EU Data Protection Regulation - what you need to know
Sophos Benelux
 
New Media Internet Expression and European Data Protection
New Media Internet Expression and European Data ProtectionNew Media Internet Expression and European Data Protection
New Media Internet Expression and European Data Protection
David Erdos
 
Internet and eCommerce Law Review 2016
Internet and eCommerce Law Review 2016Internet and eCommerce Law Review 2016
Internet and eCommerce Law Review 2016
Graham Smith
 
GDPR: More reasons for information security
GDPR: More reasons for information securityGDPR: More reasons for information security
GDPR: More reasons for information security
Jisc
 
Privacy shield: What You Need To Know About Storing EU Data
Privacy shield: What You Need To Know About Storing EU DataPrivacy shield: What You Need To Know About Storing EU Data
Privacy shield: What You Need To Know About Storing EU Data
Schellman & Company
 
EU General Data Protection Regulation
EU General Data Protection RegulationEU General Data Protection Regulation
EU General Data Protection Regulation
Ramiro Cid
 
BBW v UK - IP Act implications
BBW v UK - IP Act implicationsBBW v UK - IP Act implications
BBW v UK - IP Act implications
Graham Smith
 
The Patriot Act and Cloud Security - Busting the European FUD
The Patriot Act and Cloud Security - Busting the European FUDThe Patriot Act and Cloud Security - Busting the European FUD
The Patriot Act and Cloud Security - Busting the European FUD
Resilient Systems
 
Cross Border Data Transfers and the Privacy Shield
Cross Border Data Transfers and the Privacy ShieldCross Border Data Transfers and the Privacy Shield
Cross Border Data Transfers and the Privacy Shield
Parsons Behle & Latimer
 
Replacement standard contractual clauses
Replacement standard contractual clausesReplacement standard contractual clauses
Replacement standard contractual clauses
Brian Miller, Solicitor
 
No Man is an Island: The Battle for Data Privacy
No Man is an Island: The Battle for Data PrivacyNo Man is an Island: The Battle for Data Privacy
No Man is an Island: The Battle for Data Privacy
Kate Chan
 
Graham Smith - Internet and eCommerce Law Review 2017
Graham Smith - Internet and eCommerce Law Review 2017Graham Smith - Internet and eCommerce Law Review 2017
Graham Smith - Internet and eCommerce Law Review 2017
Graham Smith
 
DP on both sides of the Atlantic - august 2015
DP on both sides of the Atlantic - august 2015DP on both sides of the Atlantic - august 2015
DP on both sides of the Atlantic - august 2015
Saira Nayak, JD, CIPP/US/E
 
BVA (British Video Association)
BVA (British Video Association)BVA (British Video Association)
BVA (British Video Association)
Andrew Urben
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber Crime
Jason Quinlan
 
Cloud & Privacy - Lecture at University Paris Sud - March 18th, 2013
Cloud & Privacy - Lecture at University Paris Sud - March 18th, 2013Cloud & Privacy - Lecture at University Paris Sud - March 18th, 2013
Cloud & Privacy - Lecture at University Paris Sud - March 18th, 2013
Franck Franchin
 
Cours CyberSécurité - Infrastructures Critiques
Cours CyberSécurité - Infrastructures CritiquesCours CyberSécurité - Infrastructures Critiques
Cours CyberSécurité - Infrastructures Critiques
Franck Franchin
 
Biometrics - Basics
Biometrics - BasicsBiometrics - Basics
Biometrics - Basics
Franck Franchin
 

Weitere ähnliche Inhalte

Was ist angesagt?

New Media Internet Expression and European Data Protection
New Media Internet Expression and European Data ProtectionNew Media Internet Expression and European Data Protection
New Media Internet Expression and European Data Protection
David Erdos
 
The Patriot Act and Cloud Security - Busting the European FUD
The Patriot Act and Cloud Security - Busting the European FUDThe Patriot Act and Cloud Security - Busting the European FUD
The Patriot Act and Cloud Security - Busting the European FUD
Resilient Systems
 
DP on both sides of the Atlantic - august 2015
DP on both sides of the Atlantic - august 2015DP on both sides of the Atlantic - august 2015
DP on both sides of the Atlantic - august 2015
Saira Nayak, JD, CIPP/US/E
 

Was ist angesagt? (19)

What does the Proposed EU General Data Protection Regulation (GDPR) mean for ...
What does the Proposed EU General Data Protection Regulation (GDPR) mean for ...What does the Proposed EU General Data Protection Regulation (GDPR) mean for ...
What does the Proposed EU General Data Protection Regulation (GDPR) mean for ...
 
EU-US Privacy Shield - Safe Harbor Replacement
EU-US Privacy Shield - Safe Harbor ReplacementEU-US Privacy Shield - Safe Harbor Replacement
EU-US Privacy Shield - Safe Harbor Replacement
 
ESET Quick Guide to the EU General Data Protection Regulation
ESET Quick Guide to the EU General Data Protection RegulationESET Quick Guide to the EU General Data Protection Regulation
ESET Quick Guide to the EU General Data Protection Regulation
 
Evertio Schrems II
Evertio Schrems IIEvertio Schrems II
Evertio Schrems II
 
The EU Data Protection Regulation - what you need to know
The EU Data Protection Regulation - what you need to knowThe EU Data Protection Regulation - what you need to know
The EU Data Protection Regulation - what you need to know
 
New Media Internet Expression and European Data Protection
New Media Internet Expression and European Data ProtectionNew Media Internet Expression and European Data Protection
New Media Internet Expression and European Data Protection
 
Internet and eCommerce Law Review 2016
Internet and eCommerce Law Review 2016Internet and eCommerce Law Review 2016
Internet and eCommerce Law Review 2016
 
GDPR: More reasons for information security
GDPR: More reasons for information securityGDPR: More reasons for information security
GDPR: More reasons for information security
 
Privacy shield: What You Need To Know About Storing EU Data
Privacy shield: What You Need To Know About Storing EU DataPrivacy shield: What You Need To Know About Storing EU Data
Privacy shield: What You Need To Know About Storing EU Data
 
EU General Data Protection Regulation
EU General Data Protection RegulationEU General Data Protection Regulation
EU General Data Protection Regulation
 
BBW v UK - IP Act implications
BBW v UK - IP Act implicationsBBW v UK - IP Act implications
BBW v UK - IP Act implications
 
The Patriot Act and Cloud Security - Busting the European FUD
The Patriot Act and Cloud Security - Busting the European FUDThe Patriot Act and Cloud Security - Busting the European FUD
The Patriot Act and Cloud Security - Busting the European FUD
 
Cross Border Data Transfers and the Privacy Shield
Cross Border Data Transfers and the Privacy ShieldCross Border Data Transfers and the Privacy Shield
Cross Border Data Transfers and the Privacy Shield
 
Replacement standard contractual clauses
Replacement standard contractual clausesReplacement standard contractual clauses
Replacement standard contractual clauses
 
No Man is an Island: The Battle for Data Privacy
No Man is an Island: The Battle for Data PrivacyNo Man is an Island: The Battle for Data Privacy
No Man is an Island: The Battle for Data Privacy
 
Graham Smith - Internet and eCommerce Law Review 2017
Graham Smith - Internet and eCommerce Law Review 2017Graham Smith - Internet and eCommerce Law Review 2017
Graham Smith - Internet and eCommerce Law Review 2017
 
DP on both sides of the Atlantic - august 2015
DP on both sides of the Atlantic - august 2015DP on both sides of the Atlantic - august 2015
DP on both sides of the Atlantic - august 2015
 
BVA (British Video Association)
BVA (British Video Association)BVA (British Video Association)
BVA (British Video Association)
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber Crime
 

Andere mochten auch

Andere mochten auch (8)

Cloud & Privacy - Lecture at University Paris Sud - March 18th, 2013
Cloud & Privacy - Lecture at University Paris Sud - March 18th, 2013Cloud & Privacy - Lecture at University Paris Sud - March 18th, 2013
Cloud & Privacy - Lecture at University Paris Sud - March 18th, 2013
 
Cours CyberSécurité - Infrastructures Critiques
Cours CyberSécurité - Infrastructures CritiquesCours CyberSécurité - Infrastructures Critiques
Cours CyberSécurité - Infrastructures Critiques
 
Biometrics - Basics
Biometrics - BasicsBiometrics - Basics
Biometrics - Basics
 
Cours CyberSécurité - CyberGuerre & CyberTerrorisme
Cours CyberSécurité - CyberGuerre & CyberTerrorismeCours CyberSécurité - CyberGuerre & CyberTerrorisme
Cours CyberSécurité - CyberGuerre & CyberTerrorisme
 
Cryptographie quantique
Cryptographie quantiqueCryptographie quantique
Cryptographie quantique
 
Algorithme de chiffrement RC4, A5/1 & A5/2
Algorithme de chiffrement RC4, A5/1 & A5/2Algorithme de chiffrement RC4, A5/1 & A5/2
Algorithme de chiffrement RC4, A5/1 & A5/2
 
Cours CyberSécurité - Concepts Clés
Cours CyberSécurité - Concepts ClésCours CyberSécurité - Concepts Clés
Cours CyberSécurité - Concepts Clés
 
Sécurité des systèmes d'information
Sécurité des systèmes d'informationSécurité des systèmes d'information
Sécurité des systèmes d'information
 

Ähnlich wie Cours CyberSécurité - Privacy

httpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docxhttpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
adampcarr67227
 
Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...
Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...
Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...
John Nas
 
Data_Privacy_Protection_brochure_UK
Data_Privacy_Protection_brochure_UKData_Privacy_Protection_brochure_UK
Data_Privacy_Protection_brochure_UK
Sally Hunt
 
Data Security and Privacy Under The Compliance Spotlight April 2014
Data Security and Privacy Under The Compliance Spotlight April 2014Data Security and Privacy Under The Compliance Spotlight April 2014
Data Security and Privacy Under The Compliance Spotlight April 2014
Adriana Sanford
 
香港六合彩 » SlideShare
香港六合彩 » SlideShare香港六合彩 » SlideShare
香港六合彩 » SlideShare
pqkiykra
 
香港六合彩
香港六合彩香港六合彩
香港六合彩
pchgmf
 

Ähnlich wie Cours CyberSécurité - Privacy (20)

ISACA Houston - How to de-classify data and rethink transfer of data between ...
ISACA Houston - How to de-classify data and rethink transfer of data between ...ISACA Houston - How to de-classify data and rethink transfer of data between ...
ISACA Houston - How to de-classify data and rethink transfer of data between ...
 
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docxhttpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
 
Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...
Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...
Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...
 
Data_Privacy_Protection_brochure_UK
Data_Privacy_Protection_brochure_UKData_Privacy_Protection_brochure_UK
Data_Privacy_Protection_brochure_UK
 
[REPORT PREVIEW] GDPR Beyond May 25, 2018
[REPORT PREVIEW] GDPR Beyond May 25, 2018[REPORT PREVIEW] GDPR Beyond May 25, 2018
[REPORT PREVIEW] GDPR Beyond May 25, 2018
 
Data Security and Privacy Under The Compliance Spotlight April 2014
Data Security and Privacy Under The Compliance Spotlight April 2014Data Security and Privacy Under The Compliance Spotlight April 2014
Data Security and Privacy Under The Compliance Spotlight April 2014
 
Companies, digital transformation and information privacy: the next steps
Companies, digital transformation and information privacy: the next stepsCompanies, digital transformation and information privacy: the next steps
Companies, digital transformation and information privacy: the next steps
 
The Evolution of Data Privacy - A Symantec Information Security Perspective o...
The Evolution of Data Privacy - A Symantec Information Security Perspective o...The Evolution of Data Privacy - A Symantec Information Security Perspective o...
The Evolution of Data Privacy - A Symantec Information Security Perspective o...
 
Blake Lapthorn's In-House Lawyer and Decision Maker's forum - 12 September 2013
Blake Lapthorn's In-House Lawyer and Decision Maker's forum - 12 September 2013Blake Lapthorn's In-House Lawyer and Decision Maker's forum - 12 September 2013
Blake Lapthorn's In-House Lawyer and Decision Maker's forum - 12 September 2013
 
Blake lapthorn In House Lawyer forum - 11 Sept 2012
Blake lapthorn In House Lawyer forum - 11 Sept 2012Blake lapthorn In House Lawyer forum - 11 Sept 2012
Blake lapthorn In House Lawyer forum - 11 Sept 2012
 
Communications Privacy and the State
Communications Privacy and the StateCommunications Privacy and the State
Communications Privacy and the State
 
What is GDPR?
What is GDPR?What is GDPR?
What is GDPR?
 
PECB Webinar: The End of Safe Harbour! What happens Next?
PECB Webinar: The End of Safe Harbour! What happens Next?PECB Webinar: The End of Safe Harbour! What happens Next?
PECB Webinar: The End of Safe Harbour! What happens Next?
 
EU data protection issues in IoT
EU data protection issues in IoTEU data protection issues in IoT
EU data protection issues in IoT
 
Data Security Law and Management.pdf
Data Security Law and Management.pdfData Security Law and Management.pdf
Data Security Law and Management.pdf
 
香港六合彩 » SlideShare
香港六合彩 » SlideShare香港六合彩 » SlideShare
香港六合彩 » SlideShare
 
香港六合彩 » SlideShare
香港六合彩 » SlideShare香港六合彩 » SlideShare
香港六合彩 » SlideShare
 
香港六合彩
香港六合彩香港六合彩
香港六合彩
 
GDPR - Applift firstscreen june 2016
GDPR - Applift firstscreen june 2016GDPR - Applift firstscreen june 2016
GDPR - Applift firstscreen june 2016
 
General data protection regulation - European union
General data protection regulation - European unionGeneral data protection regulation - European union
General data protection regulation - European union
 

Kürzlich hochgeladen

Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
kauryashika82
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
heathfieldcps1
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptx
negromaestrong
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
ciinovamais
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
QucHHunhnh
 
An Overview of Mutual Funds Bcom Project.pdf
An Overview of Mutual Funds Bcom Project.pdfAn Overview of Mutual Funds Bcom Project.pdf
An Overview of Mutual Funds Bcom Project.pdf
SanaAli374401
 

Kürzlich hochgeladen (20)

Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdf
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across Sectors
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptx
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...
SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...
SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
 
PROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docxPROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docx
 
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
An Overview of Mutual Funds Bcom Project.pdf
An Overview of Mutual Funds Bcom Project.pdfAn Overview of Mutual Funds Bcom Project.pdf
An Overview of Mutual Funds Bcom Project.pdf
 
Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..
 

Cours CyberSécurité - Privacy

  • 2. Master Droit - Franck Franchin - © 2013 2 “Asking Google to educate consumers about privacy is like asking the fox to teach the chickens how to ensure the security of their coop” Consumer Watchdog, March 2013
  • 3. Master Droit - Franck Franchin - © 2013  Search – Yahoo or Google keep your data for 18 months !  Webmail – Google goes through every word of every Gmail that’s sent or received to sell targeted ads.  Google Docs  Street View (Wifi traffic and pwd scans… hum ?)  Conference Management Systems - very used in academic research community with document sharing (papers, reviews, patent drafts) FREE SERVICE DOES NOT EXIST ! 3
  • 4. Master Droit - Franck Franchin - © 2013  The Foreign Intelligence Surveillance Act of 1978 prescribes procedures for requesting judicial authorization for electronic surveillance and physical search of persons engaged in espionage or international terrorism against the United States on behalf of a foreign power.  The Stored Communications Act of 1986 is a law that addresses voluntary and compelled disclosure of "stored wire and electronic communications and transactional records" held by third- party internet service providers (ISPs)  Patriot Act - Signed by President George W. Bush on October 26, 200, renew by President Bush on March 9, 2006  The Foreign Intelligence Surveillance Act Amendment Act (FISAA - 2008) allows US authorities to spy on cloud data that includes Amazon Cloud Drive, Apple iCloud and Google Drive. 4
  • 5. Master Droit - Franck Franchin - © 2013  The US law allows American agencies to access all private information stored with firms within Washington’s jurisdiction, without a warrant, if the information is felt to be in the US interests.  That means any company with a presence in the US and regardless of where the data is stored or the existence of any conflicting obligations under the laws where the data is located  Some US-based cloud services and hosting companies might not be able to comply with the EDPD : customers whose private data should have been disclosed under FISA won’t be always notified (which is not compliant with EC directives) 5
  • 6. Master Droit - Franck Franchin - © 2013  The famous 95/46/EC Directive  The European Data Protection Directive requires companies to inform users when they disclose personal information  There are clauses in the Directive that allow data to be stored outside of the EU  Evolution in progress since 2012 ; but strong lobbying against data breach notification enforcement and data aggregation processing restrictions 6
  • 7. Master Droit - Franck Franchin - © 2013  The U.S.-EU Safe Harbor Framework provides guidance for U.S. organizations on how to provide adequate protection for personal data from the EU as required by the European Union's Directive on Data Protection.  Participation is voluntary  Based on principles agreed by Directive 95/46 (October, 1995)  Five major points : ◦ Data owner has been informed of data processing and transfer ◦ Data owner can revoke the rights he granted. ◦ Explicit agreement ◦ Access and change right (aka droit d’accès et de rectification) ◦ Data security (confidentiality, integrity, availability) 7
  • 8. Master Droit - Franck Franchin - © 2013  Payment card security standards body PCI Security Standards Council (PCI SSC) has released new guidance for merchants using cloud-based systems for customer payment data  “Many merchants mistakenly believe that if they outsource everything to a cloud service provider, much of of the responsibility goes away for being PCI compliant – unfortunately, that’s simply not the case,” Bob Russo, general manager at the PCI Security Standards Council “A merchant needs to ensure that a cloud services provider is PCI-compliant not just for its own piece, but for the entire spectrum, including what that provider is specifically doing for the merchant.” 8
  • 9. Master Droit - Franck Franchin - © 2013  TFTP (Terrorist Financing Tracking System)/SWIFT (28 Juin 2010)  Europol in charge of  Audit conducted by Europol in Nov 2010, with warning report issued in March 2011  Too generic requests are made by US (Dpt of Treasury) but acknowledged by Europol  So generic, it’s impossible to confirm these requests are compliant with European Data Protection Directives 9
  • 10. Master Droit - Franck Franchin - © 2013  Nova Scotia Case - As part of a criminal prosecution in US, the Court requested that the US subsidiary disclosed documents stored in Cayman Islands.  Valetta Case – Australian subsidiary of this Maltin bank was summoned by australian Court to disclose documents stored in Malta 10