1 / 15

Selected bits and pieces from ongoing discussions on privacy

Selected bits and pieces from ongoing discussions on privacy. Input to WG 3 Dagstuhl, February 8, 2011 Marit Hansen marit.hansen@datenschutzzentrum.de. Overview. Expanding the notion of traditional security protection goals by privacy protection goals

luka
Download Presentation

Selected bits and pieces from ongoing discussions on privacy

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Selected bits and pieces from ongoing discussions on privacy Input to WG 3 Dagstuhl, February 8, 2011 Marit Hansen marit.hansen@datenschutzzentrum.de

  2. Overview • Expanding the notion of traditional security protection goals by privacy protection goals • Several aspects regarding lifelong privacy • Extending the notion of privacy? • Credits: • Andreas Pfitzmann †, TU Dresden • Martin Rost, ULD • PrimeLife Project, http://www.primelife.eu/ • DPAs in Germany

  3. Traditional IT security protection goals++ Confidentiality Integrity Availability

  4. Traditional IT security protection goals++ related: non-repudiation Integrity Confidentiality Availability ??? Contingency related: repudiation Reference: Andreas Pfitzmann: Schutzziele noch mal ganz von vorn, unpublished working paper, 2009

  5. How to make use of the notion of protection goals? • (Skilled) engineers know how to deal with the traditional security protection goals • Security protection goals are part of Information Security Information Systems (ISMS) – cf. ISO 27001 • Established procedure • Analysis of risks • Dealing with risks -> selecting the appropriate safeguards • Considering the lifecycle of development

  6. Plan-Do-Check-Act Model

  7. Plan Do Check Act Reference: BSI-Standard 100-1: Information Security Management Systems (ISMS)

  8. Deriving privacy-specific protection goals • The possibility to intervene: • for the data subject: e.g., the data subject rights to rectification and erasure or the right to lodge a claim • for the data controller: e.g., controlling the data processor • for the supervisory authority: e.g., ordering the blocking, erasure or destruction of data • Transparency • Unlinkability • Intervenability References: Martin Rost, Andreas Pfitzmann: Datenschutz-Schutzziele – revisited, DuD 2009, 353-358 Martin Rost, Kirsten Bock: Privacy By Design und die Neuen Schutzziele – Grundsätze, Ziele und Anforderungen, DuD 2011, 30-35

  9. Several aspects regarding lifelong privacy

  10. Lifelong privacy • We don’t know how to guarantee long-term security – long-term privacy is even more difficult to achieve • How to maintain privacy … • … in a changing environment? • … in different stages of life? • How to regain privacy? • Possible approaches: • Risk avoidance by data minimisation and by avoidance of (context-spanning) unique identifiers • Attaching context information • Demanding erasure and non-usage of published data (limited effect) Reference: PrimeLife WP1.3

  11. Consent • Should there be (more) restrictions on what kind of data processing may be based on consent? • How realistic is it that the consent is freely given, specific and based on sufficient understanding? • How to prove that the requirements to valid consent have been fulfilled? • Should there be a default to limit consent in time and/or scope, at least for some contexts? Reference: PrimeLife WP1.3

  12. Delegation • Delegation: representation of a data subject on behalf of her (either determined by herself or by an authorised entity) • How much of data subjects’ rights can be delegated?Under which conditions? • How to build organisational and technological tools for supporting fair delegation models? Reference: PrimeLife WP1.3

  13. Approach: addressing linkage control Data flow model: enriching information At each step, different parties (with different responsibilities) can be involved. • Possible consequences: • Personalized ads • Better/worse credit conditions • Lower/higher prices • Getting an insurance (or not) • Be under suspicion (or not) • … Specific attention needed to “linkage-enabling data”? Reference: Marit Hansen: Linkage Control – Integrating the Essence of Privacy Protection into IMS, Proc. eChallenges 2008, 1585-1592

  14. Exercising data subject rights • Exercising data subject rights such as access, rectification, erasure is at best provided for structured, personally related data • Real name or individual pseudonym needed • Authentication needed • BUT: stored data are very often not organised in that way (perhaps at a later stage, perhaps only with some probability referring to ONE individual) • Should there be a “right to identity” that guarantees that the data subject rights can be exercised? Reference: Norberto Andrade: The Right to Privacy and the Right to Identity in the Age of Ubiquitous Computing: Friends or Foes? Contribution to PrimeLife Summer School 2010

  15. Diversity of responsibility • How to maintain control … • … for data controllers? • … for data subjects? • Several PETs require an appropriate infrastructure • Whose tasks to set it up / pay for it? • Data / process separation as privacy-enhancing means • Can/should regulation demand from one data controller that other entities have to be involved? • How to effectively counter monopolies/oligopolies?

More Related