Privacy by Design Practical aspects. Jaap-Henk Hoepman Radboud University Nijmegen

Transcription

1 Privacy by Design Practical aspects Jaap-Henk Hoepman Radboud University Nijmegen

2 2

3 Dank u voor uw aandacht 3

4 PI.lab Collaboration between: Radboud Universiteit ICIS Tilburg Universiteit TILT TNO Security; Strategy & Policy Scientific director Jaap-Henk Hoepman Business director Marc van Lieshout 4

5 About me Associate professor Radboud Universiteit Privacy enhancing technologies Applied cryptography Internet of Things Blogger 5

6 Government surveillance 6

7 Commercial surveillance 7

8 Privacy definities The right to be let alone [Warren & Brandeis, 1890] Informationeel zelfbeschikkingsrecht: Het recht om zelf te beslissen wanneer, hoe en in welke mate persoonlijke informatie met anderen wordt gedeeld. [Westin, 1967] Vrijheid van onredelijke beperkingen om je eigen identiteit te construeren. [Agre & Rottenberg, 2001] Contextuele integriteit: het recht om te voorkomen dat informatie uit een bepaalde context gebruikt wordt in een andere context. [Nissenbaum, 2004] 8

9 Een metafoor voor het belang van privacy orwell / big brother chandler / little sister kafka / the trial 9

10 Different types of data/information Volunteered What you reveal explicitly when asked Observed What you reveal implicitly by your behaviour Inferred What is derived from other data about you Transfer [World Economic Forum Report Personal Data: The Emergence of a New Asset Class] 10

11 Privacy by design Protect privacy during technology development: From conception to realisation. Throughout the system development lifecycle 11

12 Software development cycle Concept Development 12 Implementation Privacy enhancing technologies

13 Impact assessment & strategies Privacy Impact Assessment Concept Development Analysis Privacy Design Strategies 13

14 Individuals Database tables Attributes minimise separate aggregate hide 14

15 Acht privacy design strategiën 15

16 What is Data Processing Action Relevant GDPR Personal Data Processing Examples Operate Adaptation; Alteration; Retrieval; Consultation; Use; Alignment; Combination Organisation; Structuring; Storage Store Retain Collect Share Change Breach opposite to (Erasure; Destruction) Collection; Recording Transmission; Dissemination; Making Available; opposite to (Restriction; Blocking) unauthorised third party (Adaptation; Alteration; Use; Alignment; Combination) unauthorised third party (Retrieval; Consultation) 16

17 preventing limiting as much as possible by providing storage, or operation on as abundant as possible for collection, retention, sharing, ensuring changes, breaches personal data, in a timely manner, within the constraints of the agreed upon purposes. The 8 privacy design strategies in detail Strategy Underlying Goals Effects on Actions Regarding Personal Data ENFORCE DEMONSTRATE commitment evidence creating, maintaining and upholding on policies and technical testing, auditing, logging, and reporting controls regarding CONTROL means consenting to, choosing, updating, and retracting From INFORM clarity providing, explaining, and notifying On sharing MINIMISE usage excluding, selecting, stripping, or destroying retention AGGREGATE detail summarising or grouping SEPARATE correlation distributing or isolating Any collection HIDE exposure mixing, obfuscating, dissociating, or restricting access to sharing 17

18 Examples EXAMPLES 18

19 Social networks Centralised Peer to peer 19

20 Cloud Cloud provider has the key Only user has the key 20

21 eid: traditional Security and privacy risks User All parties are on line Identity Provider attributes Relying Party 21

22 eid: ABC based : Issuing User Credential Issuer Relying Party 22

23 eid: ABC based : showing User unlinkable Has certificate granting access to attributes Credential Issuer Relying Party 23

24 Zero knowledge 24

25 Discussie 25 [Monty Python s Argument Clinic sketch]