Data Protection and Privacy in a M2M world. Yiannis Theodorou, Regulatory Policy Manager GSMA Latam Plenary Peru, November 2013

Similar documents
Our position. ICDPPC declaration on ethics and data protection in artificial intelligence

Pan-Canadian Trust Framework Overview

ITAC RESPONSE: Modernizing Consent and Privacy in PIPEDA

Analysis of Privacy and Data Protection Laws and Directives Around the World

Ten Principles for a Revised US Privacy Framework

Nymity Demonstrating Compliance Manual: A Structured Approach to Privacy Management Accountability

EUROPEAN COMMISSION. Dynamic spectrum & Mobile Multimedia Services. EU policy dimension. Philippe J. Lefebvre

Digital Identity Innovation Canada s Opportunity to Lead the World. Digital ID and Authentication Council of Canada Pre-Budget Submission

ARTICLE 29 Data Protection Working Party

Global Trade and Personal Data Flows Are the Rules of Engagement Incompatible with Privacy?

IAB Europe Guidance THE DEFINITION OF PERSONAL DATA. IAB Europe GDPR Implementation Working Group WHITE PAPER

Privacy, Technology and Economics in the 5G Environment

Effective Data Protection Governance An Approach to Information Governance in an Information Age. OECD Expert Consultation Boston October 2016

Connected Living -- Smart Cities Developing collaborative mobile-based city solutions for smart cities

APEC Internet and Digital Economy Roadmap

About the Office of the Australian Information Commissioner

Comments from CEN CENELEC on COM(2010) 245 of 19 May 2010 on "A Digital Agenda for Europe"

Regulatory cooperation in APEC member economies. Evgeny Petrosyan

(Text with EEA relevance)

REPORT FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT AND THE COUNCIL. on the evaluation of Europeana and the way forward. {SWD(2018) 398 final}

IPEG Convenor Report to CTI

Hong Kong Personal Data Protection Regulatory Framework From Compliance to Accountability

CONSENT IN THE TIME OF BIG DATA. Richard Austin February 1, 2017

Catalogue of Responses to Consultation Paper (Draft APEC Internet Economy Principles)

ITI Comment Submission to USTR Negotiating Objectives for a U.S.-Japan Trade Agreement

COMMISSION IMPLEMENTING DECISION. of XXX

TechAmerica Europe comments for DAPIX on Pseudonymous Data and Profiling as per 19/12/2013 paper on Specific Issues of Chapters I-IV

Latin-American non-state actor dialogue on Article 6 of the Paris Agreement

(Text with EEA relevance)

March 27, The Information Technology Industry Council (ITI) appreciates this opportunity

Access to Research Infrastructures under Horizon 2020 and beyond

EXPLORATION DEVELOPMENT OPERATION CLOSURE

Details of the Proposal

COMMISSION RECOMMENDATION. of on access to and preservation of scientific information. {SWD(2012) 221 final} {SWD(2012) 222 final}

Standards and privacy engineering ISO, OASIS, PRIPARE and Other Important Developments

Media Literacy Policy

RADIO SPECTRUM COMMITTEE

clarification to bring legal certainty to these issues have been voiced in various position papers and statements.

First Components Ltd, Savigny Oddie Ltd, & Datum Engineering Ltd. is pleased to provide the following

REPORT ON THE INTERNATIONAL CONFERENCE MEMORY OF THE WORLD IN THE DIGITAL AGE: DIGITIZATION AND PRESERVATION OUTLINE

TBT Provisions in RTAs: Do they go beyond the TBT Agreement?

ISO/TR TECHNICAL REPORT. Intelligent transport systems System architecture Privacy aspects in ITS standards and systems

REPORT FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT, THE COUNCIL, THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE AND THE COMMITTEE OF THE REGIONS

ITU-D activities on EMF

TERMS OF REFERENCE. Preparation of a Policymakers Handbook on E-Commerce and Digital Trade for LDCs, small states and Sub-Saharan Africa

Spectrum and licensing in the mobile telecommunications market

Parenteral Nutrition Down Under Inc. (PNDU) Working with Pharmaceutical Companies Policy (Policy)

R5 Enlarge participation to the standardisation process. Mihai Calin

Development Dimensions of Digital Platforms

COMMISSION IMPLEMENTING DECISION

What does the revision of the OECD Privacy Guidelines mean for businesses?

IGDRP Mission, Scope, How it works

Mobile Content & Advertising Perspective

Food Product Standards to Support Exports

Public consultation on Europeana

DaPIS: an Ontology-based Data Protection Icon Set

SPECTRUM FOR MOBILE. Digital Dividend Status. Peter Lyons, Head of Middle East and North Africa, Government & Regulatory Affairs, GSMA

Report OIE Animal Welfare Global Forum Supporting implementation of OIE Standards Paris, France, March 2018

Ethical issues raised by big data and real world evidence projects. Dr Andrew Turner

Big data: a complex and evolving regulatory framework

WIPO Development Agenda

The 45 Adopted Recommendations under the WIPO Development Agenda

Second APEC Ministers' Conference on Regional Science & Technology Cooperation (Seoul, Korea, Nov 13-14, 1996) JOINT COMMUNIQUÉ

Trade facilitation in the context of the SPS Agreement

Building TRUST Literally & Practically. Philippe Desmeth World Federation for Culture Collections

Connected Living -- Smart Cities The Impact of Big Data for Smart Cities. Smart Cities Forum, Brussels, 6 Sept 2013

ISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Privacy framework

Convention on Biological Diversity: ABS. The Nagoya Protocol on Access and Benefit-sharing

CRIRSCO and evolving international accounting standards: IFRSs

Whatever Happened to the. Fair Information Practices?

SMA Europe Code of Practice on Relationships with the Pharmaceutical Industry

Global Harmonization Task Force

Setting out the EU approach to Standard Essential Patents:

Societal and Ethical Challenges in the Era of Big Data: Exploring the emerging issues and opportunities of big data management and analytics

FACULTY OF ENGINEERING & INFORMATION TECHNOLOGIES RESEARCH DATA MANAGEMENT PROVISIONS 2015

Committee on the Internal Market and Consumer Protection. of the Committee on the Internal Market and Consumer Protection

National approach to artificial intelligence

The GDPR and Upcoming mhealth Code of Conduct. Dr Etain Quigley Postdoctoral Research Fellow (ARCH, UCD)

The EU SME Policy in the Single Market Strategy

Protection of Privacy Policy

ICC POSITION ON LEGITIMATE INTERESTS

Executive Summary Industry s Responsibility in Promoting Responsible Development and Use:

Smart Grid Maturity Model: A Vision for the Future of Smart Grid

Science Impact Enhancing the Use of USGS Science

ITU RadiocommunicationSector and the Americas Region

General Questionnaire

The Information Commissioner s role

Committee on Development and Intellectual Property (CDIP)

RADIO SPECTRUM POLICY GROUP. Opinion on Spectrum Aspects of Intelligent Transport Systems

Ethics Guideline for the Intelligent Information Society

Response to the Western Australian Government Sustainable Health Review

ANEC response to the CEN-CENELEC questionnaire on the possible need for standardisation on smart appliances

Justice Select Committee: Inquiry on EU Data Protection Framework Proposals

The TRIPS Agreement and Patentability Criteria

next generation internet Fabrizio Sestini, DG CONNECT

Privacy, Ethics, & Accountability. Lenore D Zuck (UIC)

OECD Innovation Strategy: Key Findings

The Internet of Things: an overview

INTERGOVERNMENTAL COMMITTEE FOR THE PROTECTION AND PROMOTION OF THE DIVERSITY OF CULTURAL EXPRESSIONS

The Information Commissioner s response to the Draft AI Ethics Guidelines of the High-Level Expert Group on Artificial Intelligence

Transcription:

Data Protection and Privacy in a M2M world Yiannis Theodorou, Regulatory Policy Manager GSMA Latam Plenary Peru, November 2013

A M2M world?

Machine-to-machine (M2M) is the exchange of mainly data communications generated in a fully or partially automated way between machines within a predefined group Image source: www.intellimec.com

Mobile privacy: Moving from old to new paradigms & regulating for Homo Digitalis http://snowballsinwinter.wordpress.com

Rethinking privacy in a converged, digitally connected mobile world Users are broadcasters of data By default GSM Association 2012

What are the key privacy challenges?

Mobile Privacy in M2M - Key Challenges ECOSYSTEM global, fragmented but hyper-connected information flows: global, multiparty, in real-time inconsistent approaches to privacy REGULATION patchwork of geographically bound laws applies unequally according to technology and sector increasingly unable to address global flows of personal data USERS want: their privacy to be respected regardless of device, service, platform or where they are located easy ways to understand and manage permissions

What are regulators doing about it?

Growing concerns drive policy and regulation but new rules may erode privacy Online and mobile privacy increasingly in the spotlight New rules and Guidelines emerging (APEC, OECD, USA, EU, Japan, Canada, Australia, Hong Kong etc.) Latin America Increasing collaboration between Data Protection Authorities New laws influenced by Spain / EU principles Peru: New Data protection laws since April 2013 Consent to be "free, prior, express, informed & unequivocal Cross-border transfers of personal data permitted only if recipient entity agrees (in writing) the same obligations as the transferor What is the impact on business and user experience?

What is the GSMA doing about it?

Mobile Privacy Principles 1. Openness, Transparency and Notice 2. Purpose & Use 3. User Choice and Control 4. Data Minimisation and Retention 5. Respect User Rights 6. Security 6. Education 7. Children & Adolescents 8. Accountability and Enforcement Can be used as the basis for developing codes of conduct and business practices

Privacy Design Guidelines for app development Express principles in functional terms Provide Best Practice for Apps Illustrative examples and use cases Foster a privacy by design approach Include modules on: Location Mobile advertising Children Social networking

But it s not just about the rules Mobile users care!

GSMA Consumer research: Overview Over 11,500 mobile users in 8 countries in the last 3 years Users privacy concerns? Impact of concerns on mobile use? Help shape privacy policies Help design better and simpler ways for users to manage their privacy

Mobile users want 3 rd parties to seek their permission before using their personal data Brazil:83% Mexico:79% Colombia:77% 14 Base: All respondents (Brazil 1.505, Mexico 1,505, Colombia 1.511)

Most mobile users want their location information to be respected equally by any company that can access it Brazil Mexico Colombia of mobile users thought that a consistent set of rules should apply to any company that had access to their location 15 Base: All Audience A respondents (Brazil 752, Mexico 752, Colombia 755)

Consumer & regulatory concerns around privacy are exacerbated in a M2M world More connected devices More data More parties and data-sharing interfaces More profiling and possible discrimination What is and what isn t personal data (device id, IP address etc) How can aggregated, anonymised data be used in public policy? How to ensure data remains anonymised? Risk of re-identification? How to help users understand and manage their permissions?

What role does privacy play in the success of M2M?

M2M removes the human factor from many decision making processes TRUST is key Smart Cities mautomotive $30 bn $11.4 bn mhealth $3.1 bn Source: Machina Research (2013) - Total MNO Expected M2M Revenues by 2020

What does this mean for M2M service providers?

What does this mean for M2M service providers and regulators? Industry: Make it easy for users Think about privacy from the start Give users choice and control Identify and mitigate risks (e.g. coding, interoperability, security) Show you mean it Support Privacy by Design Regulators rules that: Consider desired privacy outcomes for users Based on RISK and potential harm Technology-neutral and non-discriminatory Apply consistently irrespective of device, platform or application Industry and regulators should work together to support innovative privacy management tools

Thank you Yiannis Theodorou ytheodorou@gsma.com www.gsma.com/mobileprivacy GSM Association 2013 21

ANNEX 22

Latin America key considerations Area Future priority Technological Neutrality & Interoperability MNOs often subject to additional more restrictive rules than other sectors Focus on the desired privacy outcomes for users Treat functionally equivalent data and services in equivalent ways (e.g. traffic and location data) Notice and Consent Move from binary opt-in v opt-out approaches Recognition of privacy in context, just in time approach Support alternative models to consent and broader big data uses that meet public policy objectives/provides social goods Education and awareness raising International Transfers Create a framework that facilitates the flow of data without unwarranted restriction (draw on the principle of accountability) Support intra-group transfers Accountability & Self Regulation Support explicit Privacy by Design approach Create incentives for self regulation GSM Association 2013 23

Draft EU Data Protection Regulation: Coding for law - assisting usability & trust? Article 13(a) Standardised information policies to provide notice: (a) whether personal data are collected beyond the minimum necessary for each specific purpose of the processing; (b) whether personal data are retained beyond the minimum necessary for each specific purpose of the processing; (c) whether personal data are processed for purposes other than the purposes for which they were collected; (d) whether personal data are disseminated to commercial third parties; e) whether personal data are sold or rented out; (f) whether personal data are retained in encrypted form. http://www.janalbrecht.eu/fileadmin/material/dokumente/dpr-regulation-inofficial-consolidated-libe.pdf

25

2024 © hobbydocbox.com Privacy Policy | Terms of Service | Feedback