22 02 18
play

22-02-18 Privacy Seminar Basic Techniques I Jaap-Henk Hoepman - PDF document

Jan 19, 2023 •182 likes •322 views

22-02-18 Privacy Seminar Basic Techniques I Jaap-Henk Hoepman Privacy & Identity Lab Radboud University Tilburg University University of Groningen * jhh@cs.ru.nl // 8 www.cs.ru.nl/~jhh // 8 blog.xot.nl // @xotoxot Agenda n Privacy by

  1. 22-02-18 Privacy Seminar Basic Techniques I Jaap-Henk Hoepman Privacy & Identity Lab Radboud University Tilburg University University of Groningen * jhh@cs.ru.nl // 8 www.cs.ru.nl/~jhh // 8 blog.xot.nl // @xotoxot Agenda n Privacy by Design ● Principles ● Privacy Design Strategies n Privacy Enhancing Technologies I Jaap-Henk Hoepman // 30-01-2018 // Privacy by design 2 Privacy by design 3 1

  2. 22-02-18 Privacy by design n Protect privacy when developing new technology: ● From concept… ● … to realisation Throughout the system development cycle n Privacy is a quality attribute (like security, performance,…) n Privacy by design is a process! Jaap-Henk Hoepman // 26-10-2017 // Privacy Design Strategies 4 But how? // Privacy Design Strategies Jaap-Henk Hoepman // 26-10-2017 5 Common engineering misconceptions #1 0/1 vs. Jaap-Henk Hoepman // 4-10-2017 // Privacy by Design 6 2

  3. 22-02-18 Common engineering misconceptions #2 Data controller = Jaap-Henk Hoepman // 4-10-2017 // Privacy by Design 7 Common engineering misconceptions #3 Privacy = Data minimisation Jaap-Henk Hoepman // 4-10-2017 // Privacy by Design 8 Personal data? n So… n But also… ● Name ● License plate ● Social security number ● IP Address ● Email address ● Likes ● Tweets ● Search terms Jaap-Henk Hoepman // 3-5-2017 // Eight Privacy Design Strategies 9 3

  4. 22-02-18 Aside: what is ‘Data Processing’… Action Relevant GDPR Personal Data Processing Examples Operate Adaptation; Alteration; Retrieval; Consultation; Use; Alignment; Combination Store Organisation; Structuring; Storage Retain opposite to (Erasure; Destruction) Collect Collection; Recording Transmission; Dissemination; Making Available; Share opposite to (Restriction; Blocking) Change unauthorised third party (Adaptation; Alteration; Use; Alignment; Combination) Breach unauthorised third party (Retrieval; Consultation) Jaap-Henk Hoepman // 3-5-2017 // Eight Privacy Design Strategies 10 Eight privacy design strategies 4-10-2017 // Privacy by Design 11 concept development evaluation analysis privacy design strategies privacy design testing patterns privacy design enhancing technologies implementation Jaap-Henk Hoepman // 3-5-2017 // Eight Privacy Design Strategies 12 4

  5. 22-02-18 Privacy design strategies map Legal norms fuzzy legal concepts to concrete data protection goals to help control (Technical) design requirements data processing Jaap-Henk Hoepman // 3-5-2017 // Eight Privacy Design Strategies 13 Levels of abstraction n Design strategy ● “A basic method to achieve a particular design goal” – that has certain properties that allow it to be distinguished from other basic design strategies n Design pattern ● “Commonly recurring structure to solve a general design problem within a particular context” n (Privacy enhancing) technology ● “A coherent set of ICT measures that protects privacy” – implemented using concrete technology Jaap-Henk Hoepman // 11-2-2016 // Privacy Enhancing Technologies 14 Privacy design patterns n Describes a recurring pattern of communicating components that solve a general problem in a specific context ● Summary ● Context ● Problem ● Solution ● Structure ● Consequences ● Requirements n http://privacypatterns.org n https://github.com/p4pnl/patterns Jaap-Henk Hoepman // 26-10-2017 // Privacy Design Strategies 15 5

  6. 22-02-18 Sources for the design strategies n Standards ● ISO 29100 Privacy framework n Principles ● OECD guidelines ● Fair Information Practices (FIPs) n Law ● General Data Protection Regulationn Jaap-Henk Hoepman // 30-01-2018 // Privacy by design 16 Data protection law n Core principles ● Data minimisation ● Purpose limitation ● Proportionality ● Subsidiarity ● Data subject rights: consent, (re)view ● Adequate protection ● (Provable) Compliance Jaap-Henk Hoepman // 11-2-2016 // Privacy Enhancing Technologies 17 IT system = essentially a database, so… Attributes Individuals minimise separate abstract hide Jaap-Henk Hoepman // 4-10-2017 // Privacy by Design 18 6

  7. 22-02-18 Data subject i inform control hide separate abstract minimise demonstrate enforce Data controller Jaap-Henk Hoepman // 4-10-2017 // Privacy by Design 19 #1 Minimize n Definition ● STRIP: partially remove unnecessary attributes. ● Limit as much as possible the processing of personal data. ● DESTROY: completely remove all personal data as soon as they n Associated tactics become unnecessary. ● EXCLUDE: refrain from n Examples processing a data subject’s personal data. ● ”Select before you collect”. ● SELECT: decide on a case by case ● Blacklist. only relevant personal data. ● Whitelist. Jaap-Henk Hoepman // 4-10-2017 // Privacy by Design 20 #2 Separate n Definition n Examples ● Separate the processing of ● Edge computing: process data in personal data as much as possible, the device of the user as much as to prevent correlation. possible. ● Peer-to-peer, e.g. a social network. n Associated tactics ● ISOLATE: process personal data (for different purposes) independently in (logically) separate databases or systems. ● DISTRIBUTE: process personal data (for one task) in physically separate locations. Jaap-Henk Hoepman // 4-10-2017 // Privacy by Design 21 7

  8. 22-02-18 #3 Abstract n Definition n Examples ● Limit as much as possible the detail ● Process age instead of date of birth. in which personal data is processed. ● Aggregate data over time, in e.g. smart grids. n Associated tactics ● Pproximate the real location of a ● GROUP: aggregate data over groups user (in e.g. 10 km 2 resolution). of individuals, instead of processing data of each person separately. ● SUMMARIZE: summarise detailed information into more abstract attributes. ● PERTURB: add noise or approximate the real value of a data item. Jaap-Henk Hoepman // 4-10-2017 // Privacy by Design 22 #4 Hide n Definition ● MIX: process personal data randomly within a large enough ● Prevent personal data to become group to reduce correlation. public or known. ● OBFUSCATE: prevent n Associated tactics understandability of personal ● RESTRICT: prevent unauthorized data, e.g. by hashing them. access to personal data. n Examples ● ENCRYPT: encrypt data (in transit ● Mix networks, Tor. or when stored). ● Pseudonimisation. ● DISSOCIATE: remove the correlation between data subjects ● Differential privacy. and their of personal data. ● Access control. ● Attribute based credentails. Jaap-Henk Hoepman // 4-10-2017 // Privacy by Design 23 #5 Inform n Definition ● NOTIFY: alert data subjects whenever their personal data are ● Inform data subjects about the being used, or get breached. processing of their personal data. n Examples n Associated tactics ● Readable privacy policy. ● SUPPLY: inform users which personal data is processed, ● Privacy icons. including policies, processes, and ● Algorithmic transparency. potential risks. ● EXPLAIN: provide this information in a concise and understandable form, and explain why the processing is necessary. Jaap-Henk Hoepman // 4-10-2017 // Privacy by Design 24 8

  9. 22-02-18 #6 Control n Definition ● UPDATE: provide data subjects with the means to keep their ● Provide data subjects control personal data accurate and up to about the processing of their date. personal data. ● RETRACT: honouring the data n Associated tactics subject’s right to the complete ● CONSENT: only process personal removal of any personal data in a data for which explicit, freely- timely fashion. given, and informed consent is n Examples received. ● Opt-in (instead of opt-out). ● CHOOSE: allow data subjects to select which personal data will be ● Privacy dashboard. processed. Jaap-Henk Hoepman // 4-10-2017 // Privacy by Design 25 #7 Enforce n Definition n Example ● Commit to processing personal data ● Specify and enforce a privacy in a privacy friendly way, and policy. enforce this. ● Assign responsibilities. n Associated tactics ● Check that the policy is effective, and adapt where necessary. ● CREATE: decide on a privacy policy that describes how you wish to ● Take alll necessary technical and protect personal data organisational measures. ● MAINTAIN: maintain this policy, and ● UPHOLD: ensuring that policies are adhered to by treating personal data as an asset, and privacy as a goal to incentivize as a critical feature. Jaap-Henk Hoepman // 4-10-2017 // Privacy by Design 26 #8 Demonstrate n Definition n Example ● Demonstrate you are processing ● Privacy management system (cf. ISO personal data in a privacy friendly 27001 information security way. management systems). ● Certification. n Associated tactics ● LOG: track all processing of data, and reviewing the information gathered for any risks. ● AUDIT: audit the processing of personal data regularly. ● REPORT: analyze collected information on tests, audits, and logs periodically and report to the people responsible. Jaap-Henk Hoepman // 4-10-2017 // Privacy by Design 27 9

Recommend

More recommend