The Future of Privacy Insights from the Internet technical community



Similar documents
SHORT FORM NOTICE CODE OF CONDUCT TO PROMOTE TRANSPARENCY IN MOBILE APP PRACTICES. I. Preamble: Principles Underlying the Code of Conduct

PREPLY PRIVACY POLICY

INCO-TRUST. INCO-TRUST: to set up a co-operation framework based on mutual interests & capabilities! Canada US S. Korea Japan.

2. A Note about Children. We do not intentionally gather Personal Data from visitors who are under the age of 13.

Cloud Security Trust Cisco to Protect Your Data

1. TYPES OF INFORMATION WE COLLECT.

Information We Collect and Store as You Access and Use the Site

ICC/ESOMAR INTERNATIONAL CODE ON MARKET AND SOCIAL RESEARCH

The problem of cloud data governance

ACA is committed to protecting your privacy. ACA ( we, us or our ) safeguards your personal information to maintain member trust.

BEREC Monitoring quality of Internet access services in the context of Net Neutrality

LIDL PRIVACY POLICY. Effective Date: June 11, 2015

Online Privacy Policy

Response of the German Medical Association

CASL Compliance: A Primer on Canada's Anti-Spam Legislation. Whitepaper by David O. Klein, Esq.

A guide to affilinet s tracking technology

Privacy Policy and Notice of Information Practices

Privacy Policy & Terms of Use Effective: 12/13/2011. Terms and Conditions. Changes in this Privacy Policy. Internet Privacy & Security

Synapse Privacy Policy

Seizing Opportunity: Good Privacy Practices for Developing Mobile Apps

Guidelines on Data Protection. Draft. Version 3.1. Published by

CoreMedia 6

Johnson Controls Privacy Notice

Leveraging MassTransit and Active Directory for Easier Account Provisioning and Management

Opinion 04/2012 on Cookie Consent Exemption

Document ID. Cyber security for substation automation products and systems

Privacy Policy. Introduction. Scope of Privacy Policy. 1. Definitions

TargetingMantra Privacy Policy

ESOMAR PRACTICAL GUIDE ON COOKIES JULY 2012

TrustedX: eidas Platform

IDT Financial Services Limited. Prime Card Privacy Policy

Trusted Personal Data Management A User-Centric Approach

HomeConvenience.com. Creating Trust Online CASE STUDY. Comodo Identity and Trust Assurance Suite. Content Verification Certificate.

RDM on Demand Privacy Policy

RezScore SM Privacy Policy

Opinion and recommendations on challenges raised by biometric developments

Access Control BUSINESS REQUIREMENTS FOR ACCESS CONTROL

The Manitowoc Company, Inc.

FISHER & PAYKEL PRIVACY POLICY

Leveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs

ESTRO PRIVACY AND DATA SECURITY NOTICE

CA Single Sign-On r12.x (CA SiteMinder) Implementation Proven Professional Exam

Some Specific Parawise Suggestinons. 2. An application which collects and analyzes this data for further consolidation and,

Coordinating Attack Response at Internet Scale (CARIS)

UNILEVER PRIVACY PRINCIPLES UNILEVER PRIVACY POLICY

Unless otherwise stated, our SaaS Products and our Downloadable Products are treated the same for the purposes of this document.

Privacy & Big Data: Enable Big Data Analytics with Privacy by Design. Datenschutz-Vereinigung von Luxemburg Ronald Koorn DRAFT VERSION 8 March 2014

Guidelines on Executive Order on Information and Consent Required in Case of Storing and Accessing Information in End-User Terminal Equipment

McZeely Coterie, LLC Privacy Notice. Effective Date of this Privacy Notice: February 11, 2015.

Iowa Student Loan Online Privacy Statement

W H I T E P A P E R E X E C U T I V E S U M M AR Y S I T U AT I O N O V E R V I E W. Sponsored by: EMC Corporation. Laura DuBois May 2010

Estée Lauder Companies Global Jobs Website Privacy Policy

] RIN 0660 XA23:

Virtual Data Room. From Deal Making to Due Diligence

The Phios Whole Product Solution Methodology

PRIVACY POLICY. Last Revised: June 23, About this Privacy Policy.

COMMENTARY Scope & Purpose Definitions I. Education. II. Transparency III. Consumer Control

FORWARD: Standards-and-Guidelines-Process.pdf. 1

ADVANCED CABLE COMMUNICATIONS WEBSITE PRIVACY POLICY COLLECTION AND USE OF INFORMATION FROM USERS

1. Introduction. 2. Sectoral Areas Affected. 3. Data Security. 4. Data Breach Requirements. 5. Traffic Data

Security Information & Policies

GLOBAL BUSINESS DIALOGUE ON ELECTRONIC COMMERCE CYBER SECURITY AND CYBER CRIME SEPTEMBER 26, CEO EDS Corporation

Privacy Policy. If you have questions or complaints regarding our Privacy Policy or practices, please see Contact Us. Introduction

Article 29 Working Party Issues Opinion on Cloud Computing

How New EU Privacy Laws Will Change Your Marketing

PRIVACY REGULATIONS regarding the Web Health History ("W.H.H.") Service called LifepassportPRO provided by Meshpass SA

AdvancedMD Online Privacy Statement

San Juan County Abstract & Title Company 111 North Orchard Avenue Farmington, NM (505) FAX (505)

NBA Math Hoops Privacy Statement and Children s Privacy Statement Updated October 17, 2013.

The European Lotteries

1. Understanding Big Data

SafeNet DataSecure vs. Native Oracle Encryption

Bodywhys Privacy Policy

Transcription:

The Future of Privacy Insights from the Internet technical community Internet Governance Forum 2010 Workshop: The Future of Privacy Presented by the Internet Society www.internetsociety.org

An ongoing project Collecting innovative, thought-provoking, forward-looking perspectives on the Future of Privacy from individuals, groups and organisations within the Internet technical community with expertise in Privacy, Data Protection, Identity Management and other related fields Documenting them at www.isoc.org/privacyinsights

Internet Society (ISOC) www.internetsociety.org In the future, privacy will be redefined in response to changing social, technical, and regulatory realities. While the concept of privacy will remain contextual, individuals will become more actively engaged with the protection of their privacy by actively managing their identity and related personal data. People will be more informed custodians of their personal data able to help decide when the sharing of personal information requires explicit consent, and choosing appropriate levels of security and protection. Internet-based solutions to support user-managed privacy protection are emerging, and the Internet Society is helping to provide clarity about their use to individuals, enterprise, and governments.

Jon Peterson, Hannes Tschofenig and Bernard Aboba Internet Architecture Board (IAB) www.iab.org The W3C, the IETF and the Internet community of privacy experts must work together to provide an online experience that conforms with user expectations of privacy and the emerging regulatory environment. To keep up with the speed of innovation at the application layer, the IETF needs to develop privacy guidelines, building blocks and tools that are useful for an entire class of applications. Technical work needs to be backed-up by providing incentives to incorporate privacy into system design and at the same time to keep the speed of innovation and the openness of the Internet intact. The best technology will not help end users if it does not get implemented properly and deployed in a privacy friendly way.

Rigo Wenning and Thomas Roessler, World Wide Web Consortium (W3C) www.w3.org As a universal, distributed application platform, the Web links personal data across individuals, organizations, and countries. New sensor APIs also give Web applications access to users' location and to their physical environment. Everyday events from the morning run to the credit card payment are automatically brought online and shared online among friends and strangers. Technology helps users defend against some intrusions, and it helps users understand who learns what about them. But when the data about preferences and habits that fuels the business models behind today's ecosystem of free services is gleaned from users' online interactions, the policy framework needs to encourage privacy friendly behavior.

Kantara Initiative Privacy & Public Policy Work Group (P3WG) www.kantarainitiative.org The Kantara Initiative Privacy & Public Policy Work Group (P3WG) believes that it is important to support the open development of globally-applicable privacy standards, both technical and regulatory, in order to continue having confidence in the Internet ecosystem. To do so, the P3WG actively engages with individuals, enterprises, policymakers, regulators and adoption communities on best practices and common solutions. Fundamental to effective privacy are transparent architectures that secure private information and enable information-sharing in a secure, privacy-enhancing manner. Only by multi-stakeholder collaboration will viable solutions emerge, be deployed, and maintained.

OASIS (Organization for the Advancement of Structured Information Standards) www.oasis-open.org The state of privacy and information protection has changed substantially because of changes in technology, business models, and the role of the individual, bringing ever significant challenges to effective application of traditional privacy management. Implementing policies for increasingly federated networks, systems and applications is a problem as typical policy expressions provide little insight into how to actually implement them, as well as the lack of standards-based technical privacy frameworks or reference models that can enable development and implementation of privacy and associated security requirements. An effective solution would be a collection of privacy and security policy-configurable, IT-based, systematic behaviors that satisfy the requirements of privacy and security policies within a wide variety of contexts and implementation use-case scenarios.

Dr. Jose Manuel Gómez-Pérez R&D Director, Intelligent Software Components (isoco) S.A. The Internet provides us with more and more online services, virtualized online for our own convenience, which relieve us from cumbersome installation and configuration processes. It is possible to write email, compose and share documents, virtually everything, without installing a piece of software in our computers beyond a web browser. However, as usual, such advantages also have a price to pay, in this case in terms of a potential privacy loss. For example, online email services usually scan and process our emails, sending us personalized advertisements and offering other potentially interesting (but usually undesired) services.

Dr. Jose Manuel Gómez-Pérez R&D Director, Intelligent Software Components (isoco) S.A. continued In general, the processes by which our own personal data are manipulated are often opaque to us, but citizens have the right to have knowledge of the logic involved in any process concerning their personal data (EU directive D 95/46). These rights can only be enforced by a combination of legal but also automated means that analyze the provenance of the data [1] to support users in understanding such processes, are capable to determine what and by whom has been done with the data (attribution), and determine whether the processes are compliant with established contracts (accountability), while facilitating the analysis of the (potentially large and complex) processes by the users themselves (abstraction). [1] http://www.w3.org/2005/incubator/prov

James Clarke jclarke@tssg.org Program Manager / Project coordinator of INCO-TRUST Waterford Institute of Technology Future Internet Assembly caretaker www.future-internet.eu It is important to ensure that privacy is addressed as fundamental to the design and development of the Future Internet as an aspect of maintaining the digital rights, dignity and sovereignty of the citizen. FIA Ghent workshop 16-17 December 2010 http://security.future-internet.eu/index.php/fia_ghent 2

Antonio F. Gómez Skarmeta University of Murcia Spain UMU (RTSI ISG INS Partner) Identity and Access Management for Networks and Services (ETSI INS) ETSI Industry Specification Group (ISG) Today, the need for Identity Management is present whenever the user needs to login or the provider needs information about the user. Information, authentication and authorization should be consistent and act as the glue between the different applications the user interacts with. This will be especially important in Network and Service Providers in relation to the user s control of his/her identity and privacy. In future Distributed Identity Management Platform the user should be able to deal with various services, specify the preferences regarding the information revealed, and especially within privacy policy enforcement with respect to usage of quest and with regards to the attribute provider s privacy policy and user policies on what to disclose.

Antonio F. Gómez Skarmeta Researcher, University of Murcia Spain UMU Future Identity Frameworks should provide privacy-enabled Future Internet using Identities such that user control is maximized at all layers User in the center of the control of its data and where they are stored and who use/access it More controlled privacy than today: Not letting technology dictate level of privacy (IP addresses in the network) The capability to establish zones of privacy as in real life Controlled linkability and identity disclosure for accountability Capability of limited identities for minors Identity, Privacy and Trust as a key enabler of a Citizen Living Use Case in Future Internet

Sam Coppens, Researcher and Ph.D. candidate in computer science and engineering at Multimedia Lab of Ghent Nowadays, the Internet has become such a big information space, people need technologies to filter out the information of interest. Examples are recommendation engines, RSS, social networks, etc. This leads to a situation where the Web has become a giant storage space for profile information on which the technologies rely to target the user with the information of interest. This profile information gets exchanged, even traded on the Internet like any other piece of information. People have no control anymore over this profile. The problem gets worse, because all this information is stored on a medium that has no expiration date. What ends up on the Internet, stays on the Internet. E.g., you can delete a photo on a certain social network, but chances are big it is already cached by some search engine, making it very hard to delete every trace of that photo. So, the users must recover full control over their profile information and this information, actually information in general, on the Internet should get an expiration date.

Center for Democracy & Technology www.cdt.org The Future of Privacy & Global Information Flows Substantive consumer protections facilitate global flows of information Growing recognition that the opt-in vs. opt-out debate is insufficient. Emphasis on the responsibilities of companies to comply with the full range of Fair Information Practice principles (FIPs). Likely implementation of accountability programs, consumer access and control tools, and other mechanisms to both protect consumer privacy and encourage innovation. Recognition of these principles within the US and US government US privacy bill is introduced and receives industry support US Department of Commerce initiative emphasizes that privacy protections and global commerce and innovation are intertwined. Privacy protections should facilitate, rather than impede, free speech, the creation of user-generated content, and the proliferation of innovative platforms and services

Thank you Jon Peterson, Hannes Tschofenig and Bernard Aboba, Internet Architecture Board Rigo Wenning and Thomas Roessler, World Wide Web Consortium Kantara Initiative Privacy & Public Policy Work Group Gershon Janssen, OASIS (Organization for the Advancement of Structured Information Standards) Dr. Jose Manuel Gómez-Pérez, R&D Director, Intelligent Software Components (isoco) S.A. James Clarke, Program Manager / Project coordinator of INCO-TRUST, Waterford Institute of Technology, Future Internet Assembly caretaker Antonio F. Gómez Skarmeta, University of Murcia Spain UMU (RTSI ISG INS Partner) Identity and Access Management for Networks and Services (ETSI INS) ETSI Industry Specification Group (ISG) Antonio F. Gómez Skarmeta, Researcher, University of Murcia Spain UMU Sam Coppens, Researcher and Ph.D. candidate in computer science and engineering at Multimedia Lab of Ghent John Morris, Cynthia Wong, Alissa Cooper, Center for Democracy & Technology

ISOC Headquarters Internet Society 1775 Wiehle Avenue Suite 201 Reston, VA 20190-5108 Tel: +1-703-439-2120 Fax: +1-703-326-9881 ISOC EMEA Internet Society 4, rue des Falaises CH-1205 Genvea Switzerland Tel: +41 22 807 1444 Fax: +41 22 807 1445

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information