guiding app developers on privacy and security design matters · app developers guide 24.06.2019 8...
TRANSCRIPT
![Page 1: Guiding App Developers on Privacy and Security Design Matters · App Developers Guide 24.06.2019 8 A p p D evelop ers G uide E x tra ction of R eleva nt P rincip les C hecking the](https://reader035.vdocuments.site/reader035/viewer/2022062602/5ede0a27ad6a402d66694e48/html5/thumbnails/1.jpg)
Guiding App Developers on Privacy and Security
Design Matters
Majid HatamianChair of Mobile Business & Multilateral Security
Goethe University Frankfurt
www.hatamian.net
12th June 2019 – Rome, Italy
IPEN Workshop 2019
![Page 2: Guiding App Developers on Privacy and Security Design Matters · App Developers Guide 24.06.2019 8 A p p D evelop ers G uide E x tra ction of R eleva nt P rincip les C hecking the](https://reader035.vdocuments.site/reader035/viewer/2022062602/5ede0a27ad6a402d66694e48/html5/thumbnails/2.jpg)
Outline
24.06.2019 2
App Developers Guide2
Introduction1
Summary3
![Page 3: Guiding App Developers on Privacy and Security Design Matters · App Developers Guide 24.06.2019 8 A p p D evelop ers G uide E x tra ction of R eleva nt P rincip les C hecking the](https://reader035.vdocuments.site/reader035/viewer/2022062602/5ede0a27ad6a402d66694e48/html5/thumbnails/3.jpg)
Outline
24.06.2019 3
App Developers Guide2
Introduction1
Summary3
![Page 4: Guiding App Developers on Privacy and Security Design Matters · App Developers Guide 24.06.2019 8 A p p D evelop ers G uide E x tra ction of R eleva nt P rincip les C hecking the](https://reader035.vdocuments.site/reader035/viewer/2022062602/5ede0a27ad6a402d66694e48/html5/thumbnails/4.jpg)
After one year…
IntroductionProblem Definition
24.06.2019 4
Lack of
developer-centric
privacy research
Law itself is not
enough
![Page 5: Guiding App Developers on Privacy and Security Design Matters · App Developers Guide 24.06.2019 8 A p p D evelop ers G uide E x tra ction of R eleva nt P rincip les C hecking the](https://reader035.vdocuments.site/reader035/viewer/2022062602/5ede0a27ad6a402d66694e48/html5/thumbnails/5.jpg)
IntroductionProblem Definition
24.06.2019 5
Users are more concerned
Apps are still greedy
![Page 6: Guiding App Developers on Privacy and Security Design Matters · App Developers Guide 24.06.2019 8 A p p D evelop ers G uide E x tra ction of R eleva nt P rincip les C hecking the](https://reader035.vdocuments.site/reader035/viewer/2022062602/5ede0a27ad6a402d66694e48/html5/thumbnails/6.jpg)
Outline
24.06.2019 6
App Developers Guide2
Introduction1
Summary3
![Page 7: Guiding App Developers on Privacy and Security Design Matters · App Developers Guide 24.06.2019 8 A p p D evelop ers G uide E x tra ction of R eleva nt P rincip les C hecking the](https://reader035.vdocuments.site/reader035/viewer/2022062602/5ede0a27ad6a402d66694e48/html5/thumbnails/7.jpg)
App Developers Guide
24.06.2019
National and international bodies
Legal and technical documents
Institutes and authorities
Not only what to do, but also how to do it
7
![Page 8: Guiding App Developers on Privacy and Security Design Matters · App Developers Guide 24.06.2019 8 A p p D evelop ers G uide E x tra ction of R eleva nt P rincip les C hecking the](https://reader035.vdocuments.site/reader035/viewer/2022062602/5ede0a27ad6a402d66694e48/html5/thumbnails/8.jpg)
App Developers Guide
24.06.2019 8
App
Developers
Guide
Extraction of Relevant
Principles
Checking the Overlaps
Compilation and
Categorization of
Principles
Regulatory
Documents
Review
Data Protection Expert
Discussion
Supports
Developer
Scientific/Technical Documents Review
![Page 9: Guiding App Developers on Privacy and Security Design Matters · App Developers Guide 24.06.2019 8 A p p D evelop ers G uide E x tra ction of R eleva nt P rincip les C hecking the](https://reader035.vdocuments.site/reader035/viewer/2022062602/5ede0a27ad6a402d66694e48/html5/thumbnails/9.jpg)
App Developers GuidePrivacy & Security Design Principles Catalog
24.06.2019 9
Purpose limitation &
Data minimization
Unlinkability
Storage limitation
Transparency
Integrity &
Confidentiality
Accountability
Intervenability
![Page 10: Guiding App Developers on Privacy and Security Design Matters · App Developers Guide 24.06.2019 8 A p p D evelop ers G uide E x tra ction of R eleva nt P rincip les C hecking the](https://reader035.vdocuments.site/reader035/viewer/2022062602/5ede0a27ad6a402d66694e48/html5/thumbnails/10.jpg)
24.06.2019 9
Purpose limitation &
Data minimization
Unlinkability
Storage limitation
Transparency
Integrity &
Confidentiality
Accountability
Intervenability
• Sharing limitation
• 3rd parties & 3rd countries
• 3rd party content
App Developers GuidePrivacy & Security Design Principles Catalog
![Page 11: Guiding App Developers on Privacy and Security Design Matters · App Developers Guide 24.06.2019 8 A p p D evelop ers G uide E x tra ction of R eleva nt P rincip les C hecking the](https://reader035.vdocuments.site/reader035/viewer/2022062602/5ede0a27ad6a402d66694e48/html5/thumbnails/11.jpg)
24.06.2019 9
Purpose limitation &
Data minimization
Unlinkability
Storage limitation
Transparency
Integrity &
Confidentiality
Accountability
Intervenability
• Anonymization
• Pseudonymization
App Developers GuidePrivacy & Security Design Principles Catalog
![Page 12: Guiding App Developers on Privacy and Security Design Matters · App Developers Guide 24.06.2019 8 A p p D evelop ers G uide E x tra ction of R eleva nt P rincip les C hecking the](https://reader035.vdocuments.site/reader035/viewer/2022062602/5ede0a27ad6a402d66694e48/html5/thumbnails/12.jpg)
24.06.2019 9
Purpose limitation &
Data minimization
Unlinkability
Storage limitation
Transparency
Integrity &
Confidentiality
Accountability
Intervenability
• Data retention
• Data accuracy
App Developers GuidePrivacy & Security Design Principles Catalog
![Page 13: Guiding App Developers on Privacy and Security Design Matters · App Developers Guide 24.06.2019 8 A p p D evelop ers G uide E x tra ction of R eleva nt P rincip les C hecking the](https://reader035.vdocuments.site/reader035/viewer/2022062602/5ede0a27ad6a402d66694e48/html5/thumbnails/13.jpg)
24.06.2019 9
Purpose limitation &
Data minimization
Unlinkability
Storage limitation
Transparency
Integrity &
Confidentiality
Accountability
Intervenability
• Ex-ante measures
• Ex-post measures
App Developers GuidePrivacy & Security Design Principles Catalog
![Page 14: Guiding App Developers on Privacy and Security Design Matters · App Developers Guide 24.06.2019 8 A p p D evelop ers G uide E x tra ction of R eleva nt P rincip les C hecking the](https://reader035.vdocuments.site/reader035/viewer/2022062602/5ede0a27ad6a402d66694e48/html5/thumbnails/14.jpg)
24.06.2019 9
Purpose limitation &
Data minimization
Unlinkability
Storage limitation
Transparency
Integrity &
Confidentiality
Accountability
Intervenability
• Sharing security
• Storage security
• Unauthorized access
prevention
• Safeguard measures
• Secure payment
• Device & OS
App Developers GuidePrivacy & Security Design Principles Catalog
![Page 15: Guiding App Developers on Privacy and Security Design Matters · App Developers Guide 24.06.2019 8 A p p D evelop ers G uide E x tra ction of R eleva nt P rincip les C hecking the](https://reader035.vdocuments.site/reader035/viewer/2022062602/5ede0a27ad6a402d66694e48/html5/thumbnails/15.jpg)
24.06.2019 9
Purpose limitation &
Data minimization
Unlinkability
Storage limitation
Transparency
Integrity &
Confidentiality
Accountability
Intervenability
• Internal procedures
• Data Protection Impact
Assessments (DPIAs)
App Developers GuidePrivacy & Security Design Principles Catalog
![Page 16: Guiding App Developers on Privacy and Security Design Matters · App Developers Guide 24.06.2019 8 A p p D evelop ers G uide E x tra ction of R eleva nt P rincip les C hecking the](https://reader035.vdocuments.site/reader035/viewer/2022062602/5ede0a27ad6a402d66694e48/html5/thumbnails/16.jpg)
24.06.2019 9
Purpose limitation &
Data minimization
Unlinkability
Storage limitation
Transparency
Integrity &
Confidentiality
Accountability
Intervenability
• User’s rights
• User’s consent
App Developers GuidePrivacy & Security Design Principles Catalog
![Page 17: Guiding App Developers on Privacy and Security Design Matters · App Developers Guide 24.06.2019 8 A p p D evelop ers G uide E x tra ction of R eleva nt P rincip les C hecking the](https://reader035.vdocuments.site/reader035/viewer/2022062602/5ede0a27ad6a402d66694e48/html5/thumbnails/17.jpg)
Outline
24.06.2019 10
App Developers Guide2
Introduction1
Summary3
![Page 18: Guiding App Developers on Privacy and Security Design Matters · App Developers Guide 24.06.2019 8 A p p D evelop ers G uide E x tra ction of R eleva nt P rincip les C hecking the](https://reader035.vdocuments.site/reader035/viewer/2022062602/5ede0a27ad6a402d66694e48/html5/thumbnails/18.jpg)
Summary
24.06.2019
Promises do not match actions
• Absolute freedom!
There is a gap between privacy regulation and
implementation of real world app privacy practices
• The presented guide catalog may help filling it.
11
![Page 19: Guiding App Developers on Privacy and Security Design Matters · App Developers Guide 24.06.2019 8 A p p D evelop ers G uide E x tra ction of R eleva nt P rincip les C hecking the](https://reader035.vdocuments.site/reader035/viewer/2022062602/5ede0a27ad6a402d66694e48/html5/thumbnails/19.jpg)
24.06.2019 19
Chair of Mobile Business & Multilateral Security
Majid Hatamian, Ph.D. candidateGoethe University Frankfurt
E-Mail: [email protected]
WWW: www.hatamian.net
www.m-chair.de