jjb e psi warsaw
DESCRIPTION
TRANSCRIPT
PRIVACY-BY-DESIGN
Dr. John Borking
Of counsel CMS Derks Star Busmann. & elaw Researcher University Leiden
Built-in Privacy Protection Inevitable
And Making Open Data Feasible
25-2-2013 ePSI Warsaw 1
ePSI Warsaw
That’s me ≠ I am personal data
• Dr. J. J. Borking * 1945 - Director /Owner Borking Consultancy Wassenaar Netherlands
• Of counsel Privacy-by-Design Law firm CMS Derks Star Busmann in Utrecht
• EU/ CEN/ NR Researcher & Researcher e-Law University of Leiden
• Arbitrator/ Mediator SGOA (ADR- ICT)
• Former Privacy Commissioner & Board Member Dutch Data Protection Authority & Former Board member Gaming & Lotteries Authority
• Senior Counsel Europe Xerox Corp
25-2-2013 2
WHAT IS PRIVACY BY DESIGN?
• Article 23 of the Draft Regulation requires “data
protection by design” and “data protection by default”. (DPbD is applauded as a core innnovation of reform (Albrecht Report
2012/011 (COD))
• Privacy or Data protection or Compliance-by-Design?
• Having regard to the state of art and the cost of implementation, the controller shall, both at the time of the
determination of the means for processing and at the time of the processing itself, implement appropriate
technical and organizational measures and procedures in such a way that the processing will meet the
requirements of this Regulation and ensure the protection of the rights of the data subject.
• The controller shall implement mechanisms for ensuring that, by default, only those personal data are
processed which are necessary for each specific purpose of the processing and are especially not collected
or retained beyond the minimum necessary for those purposes, both in terms of the amount of the data and
the time of their storage. In particular, those mechanisms shall ensure that by default personal data are not
made accessible to an indefinite number of individuals.
25-2-2013 ePSI Warsaw 3
WHAT IS PRIVACY BY DESIGN?
The objective is:
“Privacy assurance must ideally become an
organization’s default mode of operation (…)
by deploying PETs (…) extending to a trilogy
of encompassing applications: 1. IT
systems; 2. Accountable business practices;
3.Physical design and networked
infrastructure.”
25-2-2013 ePSI Warsaw
http://www.ipc.on.ca/images/Resources/7 foundational principles.pdf
4
WHAT IS PRIVACY BY DESIGN?
• WP 168 The Future of Privacy p.13:
The application of such principle would emphasize the need to implement privacy enhancing technologies (PETs), privacy by default settings and the necessary tools to enable users to better protect their personal data (e.g. access controls, encryption).
• Achieving transparency and opacity
25-2-2013 ePSI Warsaw 5
PRIVACY BY DESIGN -WHAT IS IT?
25-2-2013 ePSI Warsaw
DESIGN
GUIDED BY
PRIVACY
PRINCIPLES
AND VALUES
INFORMATION TECHNOLOGY PRIVACY SUPPORTING
ARCHITECTURE
PRIVACY ENHANCING
TECHNOLOGIES
ORGANIZATION
PRIVACY SUPPORTING BUSINESSES
& PROCESSES & PIAs
MANAGEMENT SUPPORT FOR
PRIVACY
PHYSICAL ENVIRONMENT
PRIVACY SUPPORTING ORGANIZ-
ATION OF PHYSICAL SPACES
EXPERIENCE OF PRIVACY,
ESSENTIAL
FOR PRIVACY,
TRUST AND
ADOPTION
6
M. Van Lieshout Stimulerende en remmende factoren van Privacy by Design in Nederland (2012)
ONE EXAMPLE OF PbD: The Identity Protector as Design Pattern
ePSI Warsaw
THE IDENTITY PROTECTOR (IDP)
PID 1
PID n
PID 2
USER KNOWN
PSEUDO IDENTITY DOMAIN
7
IDENTITY DOMAIN
Borking J., Der Identity-Protector, in Datenschutz
und Datensicherheit (DuD) 1996, 11
patient
seq_patient
patient_number
nac
ONE PRACTICAL EXAMPLE OF PbD: Hospital Information System
Hospital Information System Basic tables with Pseudo Identities & ID Domains
caretaker
seq_caretaker
crt_number
crt_name
admission
seq_admission
pid_carerelation
date_from
date_till
Care relation
seq_care relation
seq_patient
pid_caretaker
date_from
date_till
anamnesis
seq_anamnesis
seq_admission
pid_caretaker
details
medication
seq_medication
seq_admission
pid_caretaker
details
etc
seq_etc
seq_admission
pid_caretaker
details
notes
seq_notes
seq_admission
pid_caretaker
text
ePSI Warsaw 25-2-2013 8
Van Blarkum 1997 & Borking, 2010
No links between tables due to IDP
25-2-2013 9
patient seq_patient patient_number nac
HOSPITAL INFORMATION SYSTEM ID Domain 3 till n for research and open data purposes
Care taker seq_care -taker crt_number crt_name
admission seq_admission pid_care taker date_from date_till
Care relation Care relation seq_patient pid_care taker date_from date_till
anamnesis seq_anamnesis seq_admission pid_ care taker details
medication seq_medication seq_admission pid_ zcare taker details
etc seq_etc seq_admission pid_ care taker details
notes seq_notes seq_admission pid_ care taker text
ID domain 1 ID domain 2
Pseudo domain 3 till n
PROBLEMS FOR PRIVACY BY DESIGN
• PbD is done mostly without a proper privacy risk analysis up front (PIA) ( J.J. Borking, Privacy Law is Code 2010)
• The translation of PbD (the legal specs +) into actual designs of systems is done by example. Therefore, everybody is free to postulate a particular design (process) as “Privacy or Data Protection by Design” (Van Rest Designing Privacy by Design 2012)
• On top of that, actual implementation is confronted with difficulties such as lack of economic incentives, transparency of systems, legacy systems, and lack of adoption by organizations/end-users and consumers in PbD. ( J.J. Borking, Privacy Law is Code 2010)
25-2-2013 ePSI Warsaw 10
HOW FURTHER? • Do we let each designing party (industry and government) decide
per case or product line what PbD means (an evolutionary approach? Each different party implements PbD in its own way), (Van Rest Designing Privacy by Design 2012) or
• As we don’t know enough of and cannot leave it to (behavioral) economics, that urgently justifies the need for EU Commission/ government/ data protection authority (DPA) involvement,
• “to adopt delegated acts (…) for the purpose of specifying any further criteria and requirements for appropriate measures and mechanisms referred to in paragraph 1 and 2 ( of article 23 GDPR), in particular for data protection by design requirements applicable across sectors, products and services.
• The Commission may lay down technical standards for the requirements laid down in paragraph 1 and 2)
25-2-2013 ePSI Warsaw 11
RECOMMENDATIONS
• PbD: No one-size-fits-all solution (Van Rest Designing Privacy by Design 2012)
• We need a toolbox with PIA, Privacy Design Patterns, PETs, PMS and design processes (Waterfall etc.)
• Validate (use of) PbD-toolbox via design processes
• We do need the collection of and publication of concrete examples to learn from and collect and create metrics for the consequences of PbD
• PbD: Should facilitate certification of [product, production process, design], like certificates from EuroPrise & Certification should proof the presence of PbD (a sine qua non)
• Adoption of PbD should be promoted strongly by the DPA & Behavioural Economics on Privacy should be researched
25-2-2013 ePSI Warsaw 12
ePSI Warsaw
QUESTIONS ?
THANK YOU
25-2-2013 13