SlideShare ist ein Scribd-Unternehmen logo

GDPR, User Data, Privacy, and Your Apps

Carl Brown
Carl Brown

The document discusses the General Data Protection Regulation (GDPR) which takes effect in May 2018 and imposes strict rules and heavy fines on companies regarding the collection and processing of users' personal data. It outlines several principles of GDPR including rights to access, correct and delete personal data. The document also provides strategies for app developers to comply with GDPR such as determining if all collected personal data is necessary, encrypting data, and informing users about data collection and sharing.

Technologie
1 von 21
Downloaden Sie, um offline zu lesen
User Data, App Development, GDPR, Ethics and you CocoaCoders April 26th, 2018
Disclaimer • I am not a lawyer • Viewer discretion advised
Interactivity This is not supposed to be me lecturing Stop me and ask questions or interject
Disclaimer
What is GDPR? • European Union regulation on Privacy (more detail later) • Takes effect May 25th 2018 • Penalties: The greater of €10 million or 2% of global annual revenue
Does this matter here? Some people think so
Will (something like) this come to U.S.? What do you think?
What Data is Affected? • Basic identity information such as name, address and ID numbers • Web data such as location, IP address, cookie data and RFID tags • Health and genetic data • Biometric data • Racial or ethnic data • Political opinions • Sexual orientation https://www.csoonline.com/article/3202771/data-protection/general-data-protection-regulation-gdpr-requirements-deadlines-and-facts.html
GDPR Principles (1/4) • "Easier access to your own data: individuals will have more information on how their data is processed and this information should be available in a clear and understandable way."
GDPR Principles (2/4) • "A right to data portability: it will be easier to transfer your personal data between service providers."
GDPR Principles (3/4) • "A clarified 'right to be forgotten': when you no longer want your data to be processed, and provided that there are no legitimate grounds for retaining it, the data will be delete."
GDPR Principles (4/4) • "The right to know when your data has been hacked: For example, companies and organizations must notify the national supervisory authority of serious data breaches as soon as possible so that users can take appropriate measures.” • (“The 72-hour reporting window that the GDPR requires makes it especially important that vendors know how to properly report a breach.") https://www.csoonline.com/article/3202771/data-protection/general-data-protection-regulation-gdpr-requirements-deadlines-and-facts.html
New Apple APIs • Providing User Access to CloudKit Data • https://developer.apple.com/documentation/cloudkit/ providing_user_access_to_cloudkit_data/ • Responding to Requests to Delete Data • https://developer.apple.com/documentation/cloudkit/ responding_to_requests_to_delete_data/
GreyKey Cracks a phones passkey Provides complete Keychain contents…
Blue’s Suggestions •I recommend Apple's WWDC privacy sessions for Best Practices on obvious(?) concepts such as transparency, consent, and user control. The videos also cover ways to re-think data collection, trading firehoses for eye-droppers (and/or muddy water). For instance ... •"Privacy and Your Apps" (2017) https://developer.apple.com/videos/play/wwdc2017/702/ •"Engineering Privacy for Your Users" (2016) https://developer.apple.com/videos/play/ wwdc2016/709/ •The first video includes discussion (6:15) of how to back-away from raw data in order to get just the information you need. •The second video has a nice description (14:00) of Differential Privacy: adding noise to collected data.
Strategies • 1. Determine whether the app really needs all the requested personal data • 2. Encrypt all personal data and inform users about it • 3. Think OAUTH for data portability • 4. Enforce secure communications through HTTPS • 5. Inform users about and encrypt personal data from ‘contact us' forms https://techbeacon.com/15-steps-developing-eu-privacy-policy-compliant-apps
Strategies (cont) • 6. Make sure sessions and cookies expire and are destroyed after logout • 7. Do not track user activity for business intelligence  • 8. Tell users about logs that save location or IP addresses  • 9. Store logs in a safe place, preferably encrypted • 10. Security questions should not turn on users' personal data https://techbeacon.com/15-steps-developing-eu-privacy-policy-compliant-apps
Strategies (cont) • 11. Create clear terms and conditions and make sure users read them • 12. Inform users about any data sharing with third parties   • 13. Create clear policies for data breaches • 14. Delete data of users who cancel their service • 15. Patch web/dependency vulnerabilities  https://techbeacon.com/15-steps-developing-eu-privacy-policy-compliant-apps
Get Apple’s data on you • https://www.cnbc.com/2018/04/25/how-to-download-a-copy-of-apple- data-about-me.html
Since We’re on the Subject Big Data is Everywhere…
Further Reading • https://www.prnewswire.com/news-releases/lookout-report-84-of-it- executives-expect-data-accessed-on-mobile-to-cause-gdpr- violations-300555381.html • https://techbeacon.com/15-steps-developing-eu-privacy-policy-compliant- apps • http://europa.eu/rapid/press-release_IP-15-6321_en.htm • https://www.schneier.com/blog/archives/2018/03/greykey_iphone_.html • https://www.wsj.com/articles/how-europes-new-privacy-rules-favor-google- and-facebook-1524536324

Empfohlen

Privacy by Design and by Default + General Data Protection Regulation with Si...
Privacy by Design and by Default + General Data Protection Regulation with Si...Privacy by Design and by Default + General Data Protection Regulation with Si...
Privacy by Design and by Default + General Data Protection Regulation with Si...
Peter Procházka
 
Presentation by Seclore Technologies at Zensar #TechShowcase. An iSPIRT Produ...
Presentation by Seclore Technologies at Zensar #TechShowcase. An iSPIRT Produ...Presentation by Seclore Technologies at Zensar #TechShowcase. An iSPIRT Produ...
Presentation by Seclore Technologies at Zensar #TechShowcase. An iSPIRT Produ...
ProductNation/iSPIRT
 
Big data contains valuable information - Protect It!
Big data contains valuable information - Protect It!Big data contains valuable information - Protect It!
Big data contains valuable information - Protect It!
Praveenkumar Hosangadi
 
GDPR FTW, or, How I Learned to Stop Worrying and Love Privacy By Design
GDPR FTW, or, How I Learned to Stop Worrying and Love Privacy By DesignGDPR FTW, or, How I Learned to Stop Worrying and Love Privacy By Design
GDPR FTW, or, How I Learned to Stop Worrying and Love Privacy By Design
John Eckman
 
Trustable Tech Mark / Magic Monday at Casa Jasmina Torino
Trustable Tech Mark / Magic Monday at Casa Jasmina TorinoTrustable Tech Mark / Magic Monday at Casa Jasmina Torino
Trustable Tech Mark / Magic Monday at Casa Jasmina Torino
Peter Bihr
 
Information Leakage & DLP
Information Leakage & DLPInformation Leakage & DLP
Information Leakage & DLP
Yun Lu
 
The REAL Impact of Big Data on Privacy
The REAL Impact of Big Data on PrivacyThe REAL Impact of Big Data on Privacy
The REAL Impact of Big Data on Privacy
Claudiu Popa
 
Privacy by Design: White Papaer
Privacy by Design: White PapaerPrivacy by Design: White Papaer
Privacy by Design: White Papaer
Kristyn Greenwood
 

Empfohlen

Privacy by Design and by Default + General Data Protection Regulation with Si...
Privacy by Design and by Default + General Data Protection Regulation with Si...Privacy by Design and by Default + General Data Protection Regulation with Si...
Privacy by Design and by Default + General Data Protection Regulation with Si...
Peter Procházka
 
Presentation by Seclore Technologies at Zensar #TechShowcase. An iSPIRT Produ...
Presentation by Seclore Technologies at Zensar #TechShowcase. An iSPIRT Produ...Presentation by Seclore Technologies at Zensar #TechShowcase. An iSPIRT Produ...
Presentation by Seclore Technologies at Zensar #TechShowcase. An iSPIRT Produ...
ProductNation/iSPIRT
 
Big data contains valuable information - Protect It!
Big data contains valuable information - Protect It!Big data contains valuable information - Protect It!
Big data contains valuable information - Protect It!
Praveenkumar Hosangadi
 
GDPR FTW, or, How I Learned to Stop Worrying and Love Privacy By Design
GDPR FTW, or, How I Learned to Stop Worrying and Love Privacy By DesignGDPR FTW, or, How I Learned to Stop Worrying and Love Privacy By Design
GDPR FTW, or, How I Learned to Stop Worrying and Love Privacy By Design
John Eckman
 
Trustable Tech Mark / Magic Monday at Casa Jasmina Torino
Trustable Tech Mark / Magic Monday at Casa Jasmina TorinoTrustable Tech Mark / Magic Monday at Casa Jasmina Torino
Trustable Tech Mark / Magic Monday at Casa Jasmina Torino
Peter Bihr
 
Information Leakage & DLP
Information Leakage & DLPInformation Leakage & DLP
Information Leakage & DLP
Yun Lu
 
The REAL Impact of Big Data on Privacy
The REAL Impact of Big Data on PrivacyThe REAL Impact of Big Data on Privacy
The REAL Impact of Big Data on Privacy
Claudiu Popa
 
Privacy by Design: White Papaer
Privacy by Design: White PapaerPrivacy by Design: White Papaer
Privacy by Design: White Papaer
Kristyn Greenwood
 
Avoid Privacy by Disaster by Adopting Privacy by Design
Avoid Privacy by Disaster by Adopting Privacy by DesignAvoid Privacy by Disaster by Adopting Privacy by Design
Avoid Privacy by Disaster by Adopting Privacy by Design
bradley_g
 
Privacy by design for peerlyst meetup
Privacy by design for peerlyst meetupPrivacy by design for peerlyst meetup
Privacy by design for peerlyst meetup
Ishay Tentser
 
Direct Edge and BATS Global Markets Trusts Intralinks Dealspace™
Direct Edge and BATS Global Markets Trusts Intralinks Dealspace™Direct Edge and BATS Global Markets Trusts Intralinks Dealspace™
Direct Edge and BATS Global Markets Trusts Intralinks Dealspace™
Intralinks
 
Privacy by Design as a system design strategy - EIC 2019
Privacy by Design as a system design strategy - EIC 2019 Privacy by Design as a system design strategy - EIC 2019
Privacy by Design as a system design strategy - EIC 2019
Sagara Gunathunga
 
Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...
Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...
Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...
Trivadis
 
Enlightened Privacy – by Design for a Smarter Grid
Enlightened Privacy – by Design for a Smarter GridEnlightened Privacy – by Design for a Smarter Grid
Enlightened Privacy – by Design for a Smarter Grid
bradley_g
 
Introduction to Ethics of Big Data
Introduction to Ethics of Big DataIntroduction to Ethics of Big Data
Introduction to Ethics of Big Data
28 Burnside
 
Privacy by Design - taking in account the state of the art
Privacy by Design - taking in account the state of the artPrivacy by Design - taking in account the state of the art
Privacy by Design - taking in account the state of the art
James Mulhern
 
Data Privacy
Data PrivacyData Privacy
Data Privacy
cliff_rudolph
 
Data Leakage Presentation
Data Leakage PresentationData Leakage Presentation
Data Leakage Presentation
Mike Spaulding
 
Ethics of Big Data
Ethics of Big DataEthics of Big Data
Ethics of Big Data
Matti Vesala
 
Data Analytics Governance and Ethics
Data Analytics Governance and EthicsData Analytics Governance and Ethics
Data Analytics Governance and Ethics
HPCC Systems
 
BigID IAPP webinar on data-driven enterprise privacy management
BigID IAPP webinar on data-driven enterprise privacy managementBigID IAPP webinar on data-driven enterprise privacy management
BigID IAPP webinar on data-driven enterprise privacy management
BigID Inc
 
TBEX 2018 - Digital Security and GDPR Considerations for the Travel and Hospi...
TBEX 2018 - Digital Security and GDPR Considerations for the Travel and Hospi...TBEX 2018 - Digital Security and GDPR Considerations for the Travel and Hospi...
TBEX 2018 - Digital Security and GDPR Considerations for the Travel and Hospi...
Omo Osagiede
 
Internet of Things With Privacy in Mind
Internet of Things With Privacy in MindInternet of Things With Privacy in Mind
Internet of Things With Privacy in Mind
Gosia Fraser
 
Big data security the perfect storm
Big data security the perfect stormBig data security the perfect storm
Big data security the perfect storm
Ulf Mattsson
 
Privacy and Security by Design
Privacy and Security by DesignPrivacy and Security by Design
Privacy and Security by Design
Unisys Corporation
 
How privacy by design can be the key of your success at the time of the digit...
How privacy by design can be the key of your success at the time of the digit...How privacy by design can be the key of your success at the time of the digit...
How privacy by design can be the key of your success at the time of the digit...
Giulio Coraggio
 
Storgrid-Encryption-White-Paper
Storgrid-Encryption-White-PaperStorgrid-Encryption-White-Paper
Storgrid-Encryption-White-Paper
Toshio Spoor
 
Privacy by design
Privacy by designPrivacy by design
Privacy by design
blogzilla
 
GDPR- The Buck Stops Here
GDPR- The Buck Stops HereGDPR- The Buck Stops Here
GDPR- The Buck Stops Here
Kellyn Pot'Vin-Gorman
 
Helping Developers with Privacy
Helping Developers with PrivacyHelping Developers with Privacy
Helping Developers with Privacy
Jason Hong
 

Weitere ähnliche Inhalte

Was ist angesagt?

Introduction to Ethics of Big Data
Introduction to Ethics of Big DataIntroduction to Ethics of Big Data
Introduction to Ethics of Big Data
28 Burnside
 
Big data security the perfect storm
Big data security the perfect stormBig data security the perfect storm
Big data security the perfect storm
Ulf Mattsson
 
Storgrid-Encryption-White-Paper
Storgrid-Encryption-White-PaperStorgrid-Encryption-White-Paper
Storgrid-Encryption-White-Paper
Toshio Spoor
 

Was ist angesagt? (20)

Avoid Privacy by Disaster by Adopting Privacy by Design
Avoid Privacy by Disaster by Adopting Privacy by DesignAvoid Privacy by Disaster by Adopting Privacy by Design
Avoid Privacy by Disaster by Adopting Privacy by Design
 
Privacy by design for peerlyst meetup
Privacy by design for peerlyst meetupPrivacy by design for peerlyst meetup
Privacy by design for peerlyst meetup
 
Direct Edge and BATS Global Markets Trusts Intralinks Dealspace™
Direct Edge and BATS Global Markets Trusts Intralinks Dealspace™Direct Edge and BATS Global Markets Trusts Intralinks Dealspace™
Direct Edge and BATS Global Markets Trusts Intralinks Dealspace™
 
Privacy by Design as a system design strategy - EIC 2019
Privacy by Design as a system design strategy - EIC 2019 Privacy by Design as a system design strategy - EIC 2019
Privacy by Design as a system design strategy - EIC 2019
 
Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...
Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...
Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...
 
Enlightened Privacy – by Design for a Smarter Grid
Enlightened Privacy – by Design for a Smarter GridEnlightened Privacy – by Design for a Smarter Grid
Enlightened Privacy – by Design for a Smarter Grid
 
Introduction to Ethics of Big Data
Introduction to Ethics of Big DataIntroduction to Ethics of Big Data
Introduction to Ethics of Big Data
 
Privacy by Design - taking in account the state of the art
Privacy by Design - taking in account the state of the artPrivacy by Design - taking in account the state of the art
Privacy by Design - taking in account the state of the art
 
Data Privacy
Data PrivacyData Privacy
Data Privacy
 
Data Leakage Presentation
Data Leakage PresentationData Leakage Presentation
Data Leakage Presentation
 
Ethics of Big Data
Ethics of Big DataEthics of Big Data
Ethics of Big Data
 
Data Analytics Governance and Ethics
Data Analytics Governance and EthicsData Analytics Governance and Ethics
Data Analytics Governance and Ethics
 
BigID IAPP webinar on data-driven enterprise privacy management
BigID IAPP webinar on data-driven enterprise privacy managementBigID IAPP webinar on data-driven enterprise privacy management
BigID IAPP webinar on data-driven enterprise privacy management
 
TBEX 2018 - Digital Security and GDPR Considerations for the Travel and Hospi...
TBEX 2018 - Digital Security and GDPR Considerations for the Travel and Hospi...TBEX 2018 - Digital Security and GDPR Considerations for the Travel and Hospi...
TBEX 2018 - Digital Security and GDPR Considerations for the Travel and Hospi...
 
Internet of Things With Privacy in Mind
Internet of Things With Privacy in MindInternet of Things With Privacy in Mind
Internet of Things With Privacy in Mind
 
Big data security the perfect storm
Big data security the perfect stormBig data security the perfect storm
Big data security the perfect storm
 
Privacy and Security by Design
Privacy and Security by DesignPrivacy and Security by Design
Privacy and Security by Design
 
How privacy by design can be the key of your success at the time of the digit...
How privacy by design can be the key of your success at the time of the digit...How privacy by design can be the key of your success at the time of the digit...
How privacy by design can be the key of your success at the time of the digit...
 
Storgrid-Encryption-White-Paper
Storgrid-Encryption-White-PaperStorgrid-Encryption-White-Paper
Storgrid-Encryption-White-Paper
 
Privacy by design
Privacy by designPrivacy by design
Privacy by design
 

Ähnlich wie GDPR, User Data, Privacy, and Your Apps

#1NWebinar: GDPR and Privacy Best Practices for Digital Marketers
#1NWebinar: GDPR and Privacy Best Practices for Digital Marketers#1NWebinar: GDPR and Privacy Best Practices for Digital Marketers
#1NWebinar: GDPR and Privacy Best Practices for Digital Marketers
One North
 
Gdpr ccpa steps to near as close to compliancy as possible with low risk of f...
Gdpr ccpa steps to near as close to compliancy as possible with low risk of f...Gdpr ccpa steps to near as close to compliancy as possible with low risk of f...
Gdpr ccpa steps to near as close to compliancy as possible with low risk of f...
Steven Meister
 

Ähnlich wie GDPR, User Data, Privacy, and Your Apps (20)

GDPR- The Buck Stops Here
GDPR- The Buck Stops HereGDPR- The Buck Stops Here
GDPR- The Buck Stops Here
 
Helping Developers with Privacy
Helping Developers with PrivacyHelping Developers with Privacy
Helping Developers with Privacy
 
A Pratical Guide to GDPR - F.Coin
A Pratical Guide to GDPR - F.CoinA Pratical Guide to GDPR - F.Coin
A Pratical Guide to GDPR - F.Coin
 
The Rise of Data Ethics and Security - AIDI Webinar
The Rise of Data Ethics and Security - AIDI WebinarThe Rise of Data Ethics and Security - AIDI Webinar
The Rise of Data Ethics and Security - AIDI Webinar
 
Webinar - Compliance with the Microsoft Cloud- 2017-04-19
Webinar - Compliance with the Microsoft Cloud- 2017-04-19Webinar - Compliance with the Microsoft Cloud- 2017-04-19
Webinar - Compliance with the Microsoft Cloud- 2017-04-19
 
Cookies and Data Protection - a Practitioner's perspective
Cookies and Data Protection - a Practitioner's perspectiveCookies and Data Protection - a Practitioner's perspective
Cookies and Data Protection - a Practitioner's perspective
 
GDPR solutions (JS Event 28/2/18) | Greenlight Computers
GDPR solutions (JS Event 28/2/18) | Greenlight Computers GDPR solutions (JS Event 28/2/18) | Greenlight Computers
GDPR solutions (JS Event 28/2/18) | Greenlight Computers
 
A Global Marketer's Guide to Privacy
A Global Marketer's Guide to PrivacyA Global Marketer's Guide to Privacy
A Global Marketer's Guide to Privacy
 
Bridging the Gap Between Privacy and Retention
Bridging the Gap Between Privacy and RetentionBridging the Gap Between Privacy and Retention
Bridging the Gap Between Privacy and Retention
 
Privacy & Data Ethics
Privacy & Data EthicsPrivacy & Data Ethics
Privacy & Data Ethics
 
Internal social networks
Internal social networksInternal social networks
Internal social networks
 
#1NWebinar: GDPR and Privacy Best Practices for Digital Marketers
#1NWebinar: GDPR and Privacy Best Practices for Digital Marketers#1NWebinar: GDPR and Privacy Best Practices for Digital Marketers
#1NWebinar: GDPR and Privacy Best Practices for Digital Marketers
 
Microsoft Cloud GDPR Compliance Options (SUGUK)
Microsoft Cloud GDPR Compliance Options (SUGUK)Microsoft Cloud GDPR Compliance Options (SUGUK)
Microsoft Cloud GDPR Compliance Options (SUGUK)
 
The GDPR Most Wanted: The Marketer and Analyst's Role in Compliance
The GDPR Most Wanted: The Marketer and Analyst's Role in ComplianceThe GDPR Most Wanted: The Marketer and Analyst's Role in Compliance
The GDPR Most Wanted: The Marketer and Analyst's Role in Compliance
 
Falcon.io | 2021 Trends Virtual Summit - Data Privacy
Falcon.io | 2021 Trends Virtual Summit - Data PrivacyFalcon.io | 2021 Trends Virtual Summit - Data Privacy
Falcon.io | 2021 Trends Virtual Summit - Data Privacy
 
Internal social media: risks and added value
Internal social media: risks and added valueInternal social media: risks and added value
Internal social media: risks and added value
 
Gdpr ccpa steps to near as close to compliancy as possible with low risk of f...
Gdpr ccpa steps to near as close to compliancy as possible with low risk of f...Gdpr ccpa steps to near as close to compliancy as possible with low risk of f...
Gdpr ccpa steps to near as close to compliancy as possible with low risk of f...
 
Privacy Implications of Biometric Data - Kevin Nevias
Privacy Implications of Biometric Data - Kevin NeviasPrivacy Implications of Biometric Data - Kevin Nevias
Privacy Implications of Biometric Data - Kevin Nevias
 
Big data - What is It?
Big data - What is It?Big data - What is It?
Big data - What is It?
 
Web Marketing Wednesday Ottawa Oct 12th 2011
Web Marketing Wednesday Ottawa Oct 12th 2011Web Marketing Wednesday Ottawa Oct 12th 2011
Web Marketing Wednesday Ottawa Oct 12th 2011
 

Mehr von Carl Brown

Cocoa coders 141113-watch
Cocoa coders 141113-watchCocoa coders 141113-watch
Cocoa coders 141113-watch
Carl Brown
 
Writing Apps that Can See: Getting Data from CoreImage to Computer Vision - ...
Writing Apps that Can See: Getting Data from CoreImage to Computer Vision - ...Writing Apps that Can See: Getting Data from CoreImage to Computer Vision - ...
Writing Apps that Can See: Getting Data from CoreImage to Computer Vision - ...
Carl Brown
 
360iDev iOS AntiPatterns
360iDev iOS AntiPatterns360iDev iOS AntiPatterns
360iDev iOS AntiPatterns
Carl Brown
 

Mehr von Carl Brown (20)

New in iOS 11.3b4 and Xcode 9.3b4
New in iOS 11.3b4 and Xcode 9.3b4New in iOS 11.3b4 and Xcode 9.3b4
New in iOS 11.3b4 and Xcode 9.3b4
 
Managing Memory in Swift (Yes, that's a thing)
Managing Memory in Swift (Yes, that's a thing)Managing Memory in Swift (Yes, that's a thing)
Managing Memory in Swift (Yes, that's a thing)
 
Better Swift from the Foundation up #tryswiftnyc17 09-06
Better Swift from the Foundation up #tryswiftnyc17 09-06Better Swift from the Foundation up #tryswiftnyc17 09-06
Better Swift from the Foundation up #tryswiftnyc17 09-06
 
Generics, the Swift ABI and you
Generics, the Swift ABI and youGenerics, the Swift ABI and you
Generics, the Swift ABI and you
 
Swift GUI Development without Xcode
Swift GUI Development without XcodeSwift GUI Development without Xcode
Swift GUI Development without Xcode
 
what's new in iOS10 2016-06-23
what's new in iOS10 2016-06-23what's new in iOS10 2016-06-23
what's new in iOS10 2016-06-23
 
Open Source Swift: Up and Running
Open Source Swift: Up and RunningOpen Source Swift: Up and Running
Open Source Swift: Up and Running
 
Parse migration CocoaCoders April 28th, 2016
Parse migration CocoaCoders April 28th, 2016Parse migration CocoaCoders April 28th, 2016
Parse migration CocoaCoders April 28th, 2016
 
Swift 2.2 Design Patterns CocoaConf Austin 2016
Swift 2.2 Design Patterns CocoaConf Austin 2016Swift 2.2 Design Patterns CocoaConf Austin 2016
Swift 2.2 Design Patterns CocoaConf Austin 2016
 
Advanced, Composable Collection Views, From CocoaCoders meetup Austin Feb 12,...
Advanced, Composable Collection Views, From CocoaCoders meetup Austin Feb 12,...Advanced, Composable Collection Views, From CocoaCoders meetup Austin Feb 12,...
Advanced, Composable Collection Views, From CocoaCoders meetup Austin Feb 12,...
 
Gcd cc-150205
Gcd cc-150205Gcd cc-150205
Gcd cc-150205
 
Cocoa coders 141113-watch
Cocoa coders 141113-watchCocoa coders 141113-watch
Cocoa coders 141113-watch
 
iOS8 and the new App Store
iOS8 and the new App Store iOS8 and the new App Store
iOS8 and the new App Store
 
Dark Art of Software Estimation 360iDev2014
Dark Art of Software Estimation 360iDev2014Dark Art of Software Estimation 360iDev2014
Dark Art of Software Estimation 360iDev2014
 
Intro to cloud kit Cocoader.org 24 July 2014
Intro to cloud kit Cocoader.org 24 July 2014Intro to cloud kit Cocoader.org 24 July 2014
Intro to cloud kit Cocoader.org 24 July 2014
 
Welcome to Swift (CocoaCoder 6/12/14)
Welcome to Swift (CocoaCoder 6/12/14)Welcome to Swift (CocoaCoder 6/12/14)
Welcome to Swift (CocoaCoder 6/12/14)
 
Writing Apps that Can See: Getting Data from CoreImage to Computer Vision - ...
Writing Apps that Can See: Getting Data from CoreImage to Computer Vision - ...Writing Apps that Can See: Getting Data from CoreImage to Computer Vision - ...
Writing Apps that Can See: Getting Data from CoreImage to Computer Vision - ...
 
Introduction to Git Commands and Concepts
Introduction to Git Commands and ConceptsIntroduction to Git Commands and Concepts
Introduction to Git Commands and Concepts
 
REST/JSON/CoreData Example Code - A Tour
REST/JSON/CoreData Example Code - A TourREST/JSON/CoreData Example Code - A Tour
REST/JSON/CoreData Example Code - A Tour
 
360iDev iOS AntiPatterns
360iDev iOS AntiPatterns360iDev iOS AntiPatterns
360iDev iOS AntiPatterns
 

Kürzlich hochgeladen

Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
 

Kürzlich hochgeladen (20)

Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 

GDPR, User Data, Privacy, and Your Apps

  • 1. User Data, App Development, GDPR, Ethics and you CocoaCoders April 26th, 2018
  • 2. Disclaimer • I am not a lawyer • Viewer discretion advised
  • 3. Interactivity This is not supposed to be me lecturing Stop me and ask questions or interject
  • 5. What is GDPR? • European Union regulation on Privacy (more detail later) • Takes effect May 25th 2018 • Penalties: The greater of €10 million or 2% of global annual revenue
  • 6. Does this matter here? Some people think so
  • 7. Will (something like) this come to U.S.? What do you think?
  • 8. What Data is Affected? • Basic identity information such as name, address and ID numbers • Web data such as location, IP address, cookie data and RFID tags • Health and genetic data • Biometric data • Racial or ethnic data • Political opinions • Sexual orientation https://www.csoonline.com/article/3202771/data-protection/general-data-protection-regulation-gdpr-requirements-deadlines-and-facts.html
  • 9. GDPR Principles (1/4) • "Easier access to your own data: individuals will have more information on how their data is processed and this information should be available in a clear and understandable way."
  • 10. GDPR Principles (2/4) • "A right to data portability: it will be easier to transfer your personal data between service providers."
  • 11. GDPR Principles (3/4) • "A clarified 'right to be forgotten': when you no longer want your data to be processed, and provided that there are no legitimate grounds for retaining it, the data will be delete."
  • 12. GDPR Principles (4/4) • "The right to know when your data has been hacked: For example, companies and organizations must notify the national supervisory authority of serious data breaches as soon as possible so that users can take appropriate measures.” • (“The 72-hour reporting window that the GDPR requires makes it especially important that vendors know how to properly report a breach.") https://www.csoonline.com/article/3202771/data-protection/general-data-protection-regulation-gdpr-requirements-deadlines-and-facts.html
  • 13. New Apple APIs • Providing User Access to CloudKit Data • https://developer.apple.com/documentation/cloudkit/ providing_user_access_to_cloudkit_data/ • Responding to Requests to Delete Data • https://developer.apple.com/documentation/cloudkit/ responding_to_requests_to_delete_data/
  • 14. GreyKey Cracks a phones passkey Provides complete Keychain contents…
  • 15. Blue’s Suggestions •I recommend Apple's WWDC privacy sessions for Best Practices on obvious(?) concepts such as transparency, consent, and user control. The videos also cover ways to re-think data collection, trading firehoses for eye-droppers (and/or muddy water). For instance ... •"Privacy and Your Apps" (2017) https://developer.apple.com/videos/play/wwdc2017/702/ •"Engineering Privacy for Your Users" (2016) https://developer.apple.com/videos/play/ wwdc2016/709/ •The first video includes discussion (6:15) of how to back-away from raw data in order to get just the information you need. •The second video has a nice description (14:00) of Differential Privacy: adding noise to collected data.
  • 16. Strategies • 1. Determine whether the app really needs all the requested personal data • 2. Encrypt all personal data and inform users about it • 3. Think OAUTH for data portability • 4. Enforce secure communications through HTTPS • 5. Inform users about and encrypt personal data from ‘contact us' forms https://techbeacon.com/15-steps-developing-eu-privacy-policy-compliant-apps
  • 17. Strategies (cont) • 6. Make sure sessions and cookies expire and are destroyed after logout • 7. Do not track user activity for business intelligence  • 8. Tell users about logs that save location or IP addresses  • 9. Store logs in a safe place, preferably encrypted • 10. Security questions should not turn on users' personal data https://techbeacon.com/15-steps-developing-eu-privacy-policy-compliant-apps
  • 18. Strategies (cont) • 11. Create clear terms and conditions and make sure users read them • 12. Inform users about any data sharing with third parties   • 13. Create clear policies for data breaches • 14. Delete data of users who cancel their service • 15. Patch web/dependency vulnerabilities  https://techbeacon.com/15-steps-developing-eu-privacy-policy-compliant-apps
  • 19. Get Apple’s data on you • https://www.cnbc.com/2018/04/25/how-to-download-a-copy-of-apple- data-about-me.html
  • 20. Since We’re on the Subject Big Data is Everywhere…
  • 21. Further Reading • https://www.prnewswire.com/news-releases/lookout-report-84-of-it- executives-expect-data-accessed-on-mobile-to-cause-gdpr- violations-300555381.html • https://techbeacon.com/15-steps-developing-eu-privacy-policy-compliant- apps • http://europa.eu/rapid/press-release_IP-15-6321_en.htm • https://www.schneier.com/blog/archives/2018/03/greykey_iphone_.html • https://www.wsj.com/articles/how-europes-new-privacy-rules-favor-google- and-facebook-1524536324