The Privacy Case. Matching Privacy-Protection Goals to Human and Organizational Privacy Concerns. Tudor B. Ionescu, Gerhard Engelbrecht SIEMENS AG

Similar documents
SAFETY CASE PATTERNS REUSING SUCCESSFUL ARGUMENTS. Tim Kelly, John McDermid

Standards and privacy engineering ISO, OASIS, PRIPARE and Other Important Developments

Privacy Management in Smart Cities

SAFETY CASES: ARGUING THE SAFETY OF AUTONOMOUS SYSTEMS SIMON BURTON DAGSTUHL,

The AMADEOS SysML Profile for Cyber-physical Systems-of-Systems

Our position. ICDPPC declaration on ethics and data protection in artificial intelligence

Pan-Canadian Trust Framework Overview

Towards a multi-view point safety contract Alejandra Ruiz 1, Tim Kelly 2, Huascar Espinoza 1

Model Based Systems Engineering with MagicGrid

Towards Trusted AI Impact on Language Technologies

next generation internet Fabrizio Sestini, DG CONNECT

ISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Privacy framework

Effective Data Protection Governance An Approach to Information Governance in an Information Age. OECD Expert Consultation Boston October 2016

A FRAMEWORK FOR PERFORMING V&V WITHIN REUSE-BASED SOFTWARE ENGINEERING

Transparency and Accountability of Algorithmic Systems vs. GDPR?

progressive assurance using Evidence-based Development

ISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Privacy framework

Сonceptual framework and toolbox for digital transformation of industry of the Eurasian Economic Union

CyPhers Project: Main Results

HealthTech: What does it mean for compliance?

Analysis of Privacy and Data Protection Laws and Directives Around the World

Distributed Artificial Intelligence Laboratory. Future in touch. at CeBIT 2014 on March, 10th to 14th, Hall 9, Booth A 44

ARGUING THE SAFETY OF MACHINE LEARNING FOR HIGHLY AUTOMATED DRIVING USING ASSURANCE CASES LYDIA GAUERHOF BOSCH CORPORATE RESEARCH

MORE POWER TO THE ENERGY AND UTILITIES BUSINESS, FROM AI.

Principled Construction of Software Safety Cases

A Computing Research Perspective on a Learning Healthcare System. Kevin Sullivan Computer Science University of Virginia 4/11/2013

Regional cooperation: building SDI for better governance

Executive Summary Industry s Responsibility in Promoting Responsible Development and Use:

IMPLEMENTING HSPD-12: A PROGRAM MANAGER S PERSPECTIVE

Toward Objective Global Privacy Standards. Ari Schwartz Senior Internet Policy Advisor

Issues and Challenges in Ecosystems of Federated Embedded Systems

A Roadmap for Ethics-Aware Software Engineering

Combination Products Verification, Validation & Human Factors Sept. 12, 2017

Smart cities Europe. Eddy Hartog, Head of Unit Smart Mobility and Living DG CONNECT European Commission

Towards a Magna Carta for Data

Background T

Rick Clemmer Media briefing in China. Rick Clemmer, President & CEO NXP Semiconductors March 19, 2012 Shanghai

Applied Safety Science and Engineering Techniques (ASSET TM )

Model Based Systems Engineering

Safety Case Construction and Reuse using Patterns. Abstract

Metrology in the Digital Transformation

Frontiers of big and open linked data Seminar 11 May 2016, University of Minho, Braga

Protection of Privacy Policy

UNITED NATIONS COMMISSION ON SCIENCE AND TECHNOLOGY FOR DEVELOPMENT (CSTD)

FSMA Update. Jennifer Thomas Interim Director for FSMA Operations Center for Food Safety and Applied Nutrition Food and Drug Administration May 2018

IEEE Smart Cities Initiative

A Pattern Catalog for GDPR Compliant Data Protection

The future of software engineering

William Milam Ford Motor Co

Making Identity Use Predictable. UNCITRAL Colloquium on Identity Management and Trust Services 21 April, 2016

Industrial Innovation Information Days Brussels 3-4 October 2017

National Medical Device Evaluation System: CDRH s Vision, Challenges, and Needs

FOODINTEGRITY Ensuring the Integrity of the European food chain

Taking a broader view

The new deal of data in the data-driven person centric-care

Integrating Fundamental Values into Information Flows in Sustainability Decision-Making

Systems Engineering Overview. Axel Claudio Alex Gonzalez

The IEEE Global Initiative for Ethical Considerations in Artificial Intelligence and Autonomous Systems. Overview June, 2017

Outline. Outline. Assurance Cases: The Safety Case. Things I Like Safety-Critical Systems. Assurance Case Has To Be Right

Smart Cities as a platform

CONSENT IN THE TIME OF BIG DATA. Richard Austin February 1, 2017

Compliance & Safety. Mark-Alexander Sujan Warwick CSI

Data Protection and Privacy in a M2M world. Yiannis Theodorou, Regulatory Policy Manager GSMA Latam Plenary Peru, November 2013

Nuclear Ecosystem and Safety Culture Self-Assessment at a Regulatory Body

The Information Commissioner s response to the Draft AI Ethics Guidelines of the High-Level Expert Group on Artificial Intelligence

Enhancing Model-Based Engineering of Product Lines by Adding Functional Safety

Computational Reproducibility in Medical Research:

Towards an MDA-based development methodology 1

HL7 Standards and Components to Support Implementation of the European General Data Protection Regulation (GDPR)

Hamburg, 25 March nd International Science 2.0 Conference Keynote. (does not represent an official point of view of the EC)

TRUSTING THE MIND OF A MACHINE

Roadmap Pitch: Road2CPS - Roadmapping Project Platforms4CPS Roadmap Workshop

ICSU World Data System Strategic Plan Trusted Data Services for Global Science

Enabling a Smarter World. Dr. Joao Schwarz da Silva DG INFSO European Commission

Tutorials.

A Knowledge-Centric Approach for Complex Systems. Chris R. Powell 1/29/2015

SMART CITY VNPT s APPROACH & EXPERIENCE. VNPT Group

DATA PROTECTION IMPACT ASSESSMENT

Towards Code of Conduct on Processing of Personal Data for Purposes of Scientific Research in the Area of Health

Deviational analyses for validating regulations on real systems

Contextual Integrity through the lens of computer science

UNIT-III LIFE-CYCLE PHASES

Towards Digital Ecosystems

APEC Internet and Digital Economy Roadmap

Responsible Data Use Policy Framework

Distilling Scenarios from Patterns for Software Architecture Evaluation A Position Paper

Information and Communication Technology

Privacy, Technology and Economics in the 5G Environment

RFID and privacy - Some industry perspectives (ICC, EICTA)

The Internet of Things: an overview

SPECIFICATIONS FOR GAMMA IMAGING SYSTEM

GDPR & Teknologiske Trends

Tuning-CALOHEE Assessment Frameworks for the Subject Area of CIVIL ENGINEERING The Tuning-CALOHEE Assessment Frameworks for Civil Engineering offers

Food Product Standards to Support Exports

Horizon 2020 ICT Robotics Work Programme (draft - Publication: 20 October 2015)

clarification to bring legal certainty to these issues have been voiced in various position papers and statements.

City Protocol. Empowering and Improving Cities Through Collaboration

Smart City Indicators

CBD Request to WIPO on the Interrelation of Access to Genetic Resources and Disclosure Requirements

Comments from CEN CENELEC on COM(2010) 245 of 19 May 2010 on "A Digital Agenda for Europe"

Transcription:

The Privacy Case Matching Privacy-Protection Goals to Human and Organizational Privacy Concerns Tudor B. Ionescu, Gerhard Engelbrecht SIEMENS AG

Agenda Introduction Defining the privacy case Privacy-relevant Aspern smart grid use cases Example artifacts from the Aspern privacy case Conclusion and future work

Introduction Processing smart grid data privacy-related issues Example: Aspern smart grid data Informed consent from ~50% of inhabitants Data collected in a centralized data warehouse Data are used for analytics purposes Stakeholders Concerned about unintended uses of measurement and personal data Stakeholders: grid and building operators, smart citizens, application ecosystem operator (Siemens)

Data warehouse (DWH) Software ecosystem (Third party) App developers Figure credits: Wiener Netze (power grid operator)

Aspern Stakeholders Privacy Concerns Privacy concerns Smart citizen Building operator Smart grid operator Ecosystem operator Personal data including names, addresses, consumption and home presence-absence patterns could end up in the wrong hands. Full compliance with regulatory guidelines. Data provided by the building operator may be used by third parties in uncontrollable ways. Providing suitable and effective data protection mechanisms. Compromising privacy may also compromise trust relations with data providers and data subjects. Device types (heat pumps, solar devices, batteries, etc.) can be identified by the energy consumption and generation patterns. Providing data which are not yet well understood (especially in the low voltage grid, which has not yet been monitored in that detail). Providing data in the context of current and potentially changing law.

Challenges How can we differentiate between privacy concerns and reasonable privacy risks? How can we address reasonable privacy risks through privacy goals and strategies? How can we design and implement solutions that fulfill the identified privacy goals? How can we represent and document privacy arguments in a comprehensive way?

The Privacy Case A PC provides a systematic and comprehensive documented account of: (1) Business goals of different smart grid stakeholders wrt. a specific data source (2) Privacy concerns of smart grid stakeholders wrt. business goals (3) Privacy goals and strategies derived from the concerns of the involved stakeholders (4) Technical solutions for achieving privacy goals and implementing strategies (5) The point-by-point argumentation and evaluation of the technical solutions proposed to fulfill the privacy goals Business goals Privacy concerns Privacy goals and strategies Technical solutions Argumentation and evaluation

Safety Case vs. Privacy Case Safety cases required by standards such as ISO26262 (automotive) Also used in the railway, aerospace, medical, and industrial domains Criticisms of the safety case Positively oriented goals peripheral blindness for risk Inoculation of a certain mindset biased safety arguments Bureaucratic approach obscure language Safety Case Argumentation for safety Hazardous events driven by safety risks Safety goals Privacy Case Argumentation for privacy Privacy concerns driven by privacy risks Privacy goals Strategies and technical solutions Evidence safety of (sub)systems Safety claims verified by certification authorities Evidence privacy preserving data services Privacy claims presented to all concerned stakeholders Privacy case: (1) More transparent, (2) use nonexpert language, (3) consider the perspectives of different stakeholders independently, (4) including that of a hypothetical adversary.

Goal Structuring Notation (GSN) Graphical notation for presenting the structure of assurance arguments Used within the nuclear, defense, aerospace and railway industries Represents the elements of an argument and the relationships between them

Example: The Aspern Smart Grid

UC1: Low Voltage Grid Anomaly Detection Fine-grained grid measurements are analyzed to detect outliers or unusual patterns Data are retrieved from the grid operator in aggregated form The building operators (as legal entities) need to agree on the usage of the data UC2: Smart Grid Simulation Grid simulation is required whenever an anomaly is detected within a grid segment The processed data includes grid measurements and individual load profiles derived from personal data. Personal data can only be used with the written consent of the concerned smart citizens

Matching Privacy Concerns to Privacy Goals

Kruchten, P., Capilla, R., & Dueas, J. C. (2009). The decision view's role in software architecture practice. Software, IEEE, 26(2), 36-42. M5: Privacy protection Rules for designing and documenting technical solutions Provide traceability information Provide alternative solutions Provide a rationale for the choice of one solution over another

M6: Flexible privacy policies Advantages of using GSN diagrams and solution decision sheets Comprehensive shareable and reusable privacy arguments Clear and practical traceability of privacy goals from solutions Alternatives may represent innovative solutions which might have not been taken into consideration

Conclusion and Future Work The Privacy Case an adaptation of the safety case approach to data privacy assurance PCs help to differentiate between reasonable privacy risks and stakeholder-specific concerns, while addressing both of them The Aspern PC revealed alternative solutions not previously considered (e.g., data microservices) Future work Develop a complete PC for the Aspern Smart ICT Ecosystem Develop web-based tool support for collaboratively authoring, sharing, and reviewing privacy cases

Questions? tudor.ionescu@siemens.com For more information, please also visit the Aspern Smart City booth @CPS Week 2016!

2024 © hobbydocbox.com Privacy Policy | Terms of Service | Feedback