DATA PROTECTION IMPACT ASSESSMENT

Similar documents
ARTICLE 29 DATA PROTECTION WORKING PARTY

Integrating Fundamental Values into Information Flows in Sustainability Decision-Making

ARTICLE 29 DATA PROTECTION WORKING PARTY

Interactive Workshop on Data Protection Impact Assessment

IAB Europe Guidance THE DEFINITION OF PERSONAL DATA. IAB Europe GDPR Implementation Working Group WHITE PAPER

A Critical Analysis of Privacy Design Strategies Michael Colesky. Our Goals

Biometric Data, Deidentification. E. Kindt Cost1206 Training school 2017

Robert Bond Partner, Commercial/IP/IT

Our position. ICDPPC declaration on ethics and data protection in artificial intelligence

Privacy and the EU GDPR US and UK Privacy Professionals

Dr Nicholas J. Gervassis University of Plymouth THE EMERGING UK DATA PROTECTION FRAMEWORK AND BEYOND

ANEC response to the CEN-CENELEC questionnaire on the possible need for standardisation on smart appliances

GDPR Awareness. Kevin Styles. Certified Information Privacy Professional - Europe Member of International Association of Privacy professionals

Improving long-term Persuasion for Energy Consumption Behavior: User-centered Development of an Ambient Persuasive Display for private Households

ICC POSITION ON LEGITIMATE INTERESTS

CCTV Policy. Policy reviewed by Academy Transformation Trust on June This policy links to: Safeguarding Policy Data Protection Policy

Having regard to the Treaty on the Functioning of the European Union, and in particular Article 16 thereof,

COMMISSION OF THE EUROPEAN COMMUNITIES COMMISSION RECOMMENDATION

Comments of the ELECTRONIC PRIVACY INFORMATION CENTER

The General Data Protection Regulation and use of health data: challenges for pharmaceutical regulation

A Hybrid Risk Management Process for Interconnected Infrastructures

April 2015 newsletter. Efficient Energy Planning #3

COMMISSION IMPLEMENTING DECISION. of XXX

Ocean Energy Europe Privacy Policy

CCTV Policy. Policy reviewed by Academy Transformation Trust on June This policy links to: T:Drive. Safeguarding Policy Data Protection Policy

The EFPIA Perspective on the GDPR. Brendan Barnes, EFPIA 2 nd Nordic Real World Data Conference , Helsinki

ISO/TR TECHNICAL REPORT. Intelligent transport systems System architecture Privacy aspects in ITS standards and systems

Southern California Edison EPIC Overview

encompass - an Integrative Approach to Behavioural Change for Energy Saving

Technology Needs Assessments under GEF Enabling Activities Top Ups

ICO submission to the inquiry of the House of Lords Select Committee on Communications - The Internet : To Regulate or not to Regulate?

THE EUROPEAN DATA PROTECTION SUPERVISOR, Having regard to the Treaty on the Functioning of the European Union, and in particular Article 16 thereof,

Pan-Canadian Trust Framework Overview

The Information Commissioner s response to the Draft AI Ethics Guidelines of the High-Level Expert Group on Artificial Intelligence

(Text with EEA relevance)

EXIN Privacy and Data Protection Foundation. Preparation Guide. Edition

Executive Summary Industry s Responsibility in Promoting Responsible Development and Use:

SMB/5835/SBP. TC13 Scope

Metrology in the Digital Transformation

Presentation Outline

Responsible Data Use Policy Framework

RECOMMENDATIONS. COMMISSION RECOMMENDATION (EU) 2018/790 of 25 April 2018 on access to and preservation of scientific information

WFEO STANDING COMMITTEE ON ENGINEERING FOR INNOVATIVE TECHNOLOGY (WFEO-CEIT) STRATEGIC PLAN ( )

Smart Cities Member States Initiative

Smart Grids (SG) and European policy

An Improved Event Detection Algorithm for Non- Intrusive Load Monitoring System for Low Frequency Smart Meters

Effective Data Protection Governance An Approach to Information Governance in an Information Age. OECD Expert Consultation Boston October 2016

Comments from CEN CENELEC on COM(2010) 245 of 19 May 2010 on "A Digital Agenda for Europe"

Foresight for policy-making

SMART PLACES WHAT. WHY. HOW.

COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT. pursuant to Article 294(6) of the Treaty on the Functioning of the European Union

GamECAR JULY ULY Meetings. 5 Toward the future. 5 Consortium. E Stay updated

IATA Proprietary. Checkpoint of the Future. .A Risk-based Approach to. Passenger Screening. ICAO Regional Seminar on Aviation Security May 2012

COUNCIL OF THE EUROPEAN UNION. Brussels, 19 May 2014 (OR. en) 9879/14 Interinstitutional File: 2013/0165 (COD) ENT 123 MI 428 CODEC 1299

C-ITS Platform WG: Data Protection & Privacy 3 rd Meeting: Phase II: 19 October 2016, 09:00 13:00 Meeting Minutes

Stakeholders Acting Together On the ethical impact assessment of Research and Innovation

DIGITAL WITH PLYMOUTH UNIVERSITY DIGITAL STRATEGY

ITAC RESPONSE: Modernizing Consent and Privacy in PIPEDA

Factories of the Future 2020 Roadmap. PPP Info Days 9 July 2012 Rikardo Bueno Anirban Majumdar

Societal and Ethical Challenges in the Era of Big Data: Exploring the emerging issues and opportunities of big data management and analytics

How to Keep a Reference Ontology Relevant to the Industry: a Case Study from the Smart Home

Consultation on Proposed National Rollout of Electricity and Gas Smart Metering

The new GDPR legislative changes & solutions for online marketing

Data Protection and Ethics in Healthcare

Managing Information Systems Seventh Canadian Edition. Laudon, Laudon and Brabston. CHAPTER 4 Social, Ethical, and Legal Issues in the Digital Firm

ARTICLE 29 Data Protection Working Party

First Components Ltd, Savigny Oddie Ltd, & Datum Engineering Ltd. is pleased to provide the following

RADIO SPECTRUM COMMITTEE

Open Research Online The Open University s repository of research publications and other research outputs

The GDPR and Upcoming mhealth Code of Conduct. Dr Etain Quigley Postdoctoral Research Fellow (ARCH, UCD)

TOWARDS AN EU PRODUCT POLICY FRAMEWORK CONTRIBUTING TO THE CIRCULAR ECONOMY

TOOL #21. RESEARCH & INNOVATION

The AMADEOS SysML Profile for Cyber-physical Systems-of-Systems

Stakeholder Comments Template

MESINFOS by Fing THE PILOT

Nothing s out of reach. SMART CITIES START WITH SMARTER UTILITIES: The role of smart gas

Privacy Management in Smart Cities

Preparing for the new Regulations for healthcare providers

The EU's new data protection regime Key implications for marketers and adtech service providers Nick Johnson and Stephen Groom 11 February 2016

Self regulation applied to interactive games : success and challenges

ISACA Privacy Principles and Program Management Guide. Yves LE ROUX CISM, CISSP ISACA Privacy TF Chairman. Insert Date Here

12 April Fifth World Congress for Freedom of Scientific research. Speech by. Giovanni Buttarelli

Regionaal Platform. 19 oktober 2016

Engaging UK Climate Service Providers a series of workshops in November 2014

Spring Conference of European Data Protection Authorities (Budapest, May 2016)

Personal Data Protection Competency Framework for School Students. Intended to help Educators

2

LAB3-R04 A Hard Privacy Impact Assessment. Post conference summary

Measures to Reduce Concerns Related to Smart Meter Data

The Privacy Case. Matching Privacy-Protection Goals to Human and Organizational Privacy Concerns. Tudor B. Ionescu, Gerhard Engelbrecht SIEMENS AG

Submission to the Ministry of Economic Development. on MHz Band Replanning Options

Details of the Proposal

Privacy and Security in an On Demand World

Nymity Demonstrating Compliance Manual: A Structured Approach to Privacy Management Accountability

Privacy Impact Assessment on use of CCTV

EUROPEAN COMMISSION Directorate-General for Communications Networks, Content and Technology CONCEPT NOTE

Privacy Policy SOP-031

COMMISSION REGULATION (EU) No /.. of XXX

UNIVERSAL SERVICE PRINCIPLES IN E-COMMUNICATIONS

acatech Industrie 4.0 Maturity Index Development of company-specific Industrie 4.0 roadmaps FIR e. V. an der RWTH Aachen

Transcription:

DATA PROTECTION IMPACT ASSESSMENT Tool to support implementation of DPIA Ewa Piatkowska ewa.piatkowska@ait.ac.at Centre for Digital Safety and Security AIT Austrian Institute of Technology

PRIVACY AND SMART GRID Large quantities of sensing data collected, processed and retained by smart grid stakeholders Demand response and flexibility services require high frequency data readings for profiling and forecasting Applications for energy consumption monitoring and analysis Smart Grid data reveal personal details about one s behaviour at home M. Weiss, A. Helfenstein, F. Mattern and T. Staake, "Leveraging smart 2 meter data to recognize home appliances," 2012 IEEE International Conference on Pervasive Computing and Communications, Lugano, 2012, pp. 190-197.

POTENTIAL PRIVACY IMPACTS Identity Theft Determine Personal Behavior Patterns Determine Specific Appliances Used Perform Real- Time Surveillance Fraud Profiling Targeted advertisement Law enforcement access Targeted home invasions Tracking Behavior Of Renters/Leasers 3

GENERAL DATA PROTECTION REGULATION (GDPR) In April 2016, the General Data Protection Regulation (GDPR) was adopted by the Council of the European Union and European Parliament, replacing Directive 95/46/EC The regulation ensures that personal data can be gathered under strict conditions, with data subject consent and only for legitimate purposes It is mandated that new services that collect or process personal data are subjected to a Data Protection Impact Assessment (DPIA) GDPR provisions will be directly applicable in all Member States from 25 May 2018 4

DATA PROTECTION IMPACT ASSESSMENT (DPIA) TEMPLATE Template proposed by Smart Grid Task Force 2012-14, Expert Group 2, in consultation with Article 29 Working Party Risk driven approach to privacy impact assessment Considered as complementary or included in a risk management process Most recent available version from March 2014 Final version, addressing the feedback from review process expected to be released March/April 2017 5

DATA PROTECTION IMPACT ASSESSMENT PROCESS What data is being collected and how is it processed? What are the risks to rights and freedom of data subjects? What are the measures, privacy targets and controls to ensure privacy? Step 1 Pre-assessment Step 2 Initiation Step 3 Smart Grid system description Step 4 Identification of relevant risks Step 5 Data protection risk assessment Step 6 Controls and residual risks Step 7 Documentation and reporting Step 8 Review and maintenance 6

TOOL SUPPORTING DPIA IMPLEMENTATION 7

SYSTEM DESCRIPTION 8

LIKELIHOOD ASSESSMENT 9

IMPACT ASSESSMENT 10

RISK TREATMENT 11

PRIVACY TARGETS IMPLEMENTATION 12

FEATURES OF THE DPIA TOOL Direct support for distributed team working Guidance about how to implement each step embedded directly in the tool Hints about the nature of the required input (catalogues, tooltips) Pre-selected relevant content to support analyses The automatic generation of documentation 13

CONCLUSIONS Tool provides user-friendly interface and makes the implementation of the DPIA more straightforward, and therefore requiring less effort. Our future work include further improvements of the tool and process as well, addressing feedback received during a series of DPIA workshops that we have conducted. Moreover, we are also planning to align the tool with the newest version of the DPIA template expected to be released by the end of March 2017 14

THANK YOU! Ewa Piatkowska ewa.piatkowska@ait.ac.at

2024 © hobbydocbox.com Privacy Policy | Terms of Service | Feedback