End-to-End Privacy Accountability

Similar documents
Formal Accountability for Biometric Surveillance: A Case Study

Biometric Data, Deidentification. E. Kindt Cost1206 Training school 2017

Robert Bond Partner, Commercial/IP/IT

ARTICLE 29 Data Protection Working Party

EXIN Privacy and Data Protection Foundation. Preparation Guide. Edition

Interest Balancing Test Assessment on the processing of the copies of data subjects driving licences for the MOL Limo service

GDPR Implications for ediscovery from a legal and technical point of view

TechAmerica Europe comments for DAPIX on Pseudonymous Data and Profiling as per 19/12/2013 paper on Specific Issues of Chapters I-IV

IAB Europe Guidance THE DEFINITION OF PERSONAL DATA. IAB Europe GDPR Implementation Working Group WHITE PAPER

Our position. ICDPPC declaration on ethics and data protection in artificial intelligence

Standards and privacy engineering ISO, OASIS, PRIPARE and Other Important Developments

ICO submission to the inquiry of the House of Lords Select Committee on Communications - The Internet : To Regulate or not to Regulate?

ISO/TR TECHNICAL REPORT. Intelligent transport systems System architecture Privacy aspects in ITS standards and systems

Legal Aspects of Identity Management and Trust Services

clarification to bring legal certainty to these issues have been voiced in various position papers and statements.

Ministry of Justice: Call for Evidence on EU Data Protection Proposals

2

Fiscal 2007 Environmental Technology Verification Pilot Program Implementation Guidelines

Application for Assessment of a full quality assurance system regarding Measuring Instruments in accordance with MID

The EU's new data protection regime Key implications for marketers and adtech service providers Nick Johnson and Stephen Groom 11 February 2016

The new GDPR legislative changes & solutions for online marketing

Integrating Fundamental Values into Information Flows in Sustainability Decision-Making

ICC POSITION ON LEGITIMATE INTERESTS

The Information Commissioner s role

Information Privacy Awareness Seminar

ANEC-ICT-2014-G-020final April 2014

ARTICLE 29 DATA PROTECTION WORKING PARTY

e-submission Quick Reference Guide for Economic Operators

DEVELOPMENTS IN EU MDD & IVDD SOFTWARE REGULATION

The GDPR and Upcoming mhealth Code of Conduct. Dr Etain Quigley Postdoctoral Research Fellow (ARCH, UCD)

Analysis of Privacy and Data Protection Laws and Directives Around the World

Commonwealth Data Forum. Giovanni Buttarelli

Office for Nuclear Regulation

Personal Data Protection Competency Framework for School Students. Intended to help Educators

Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

IAB Europe Response to European Commission Consultation on the DP Framework

The Information Commissioner s response to the Draft AI Ethics Guidelines of the High-Level Expert Group on Artificial Intelligence

I hope you will find these comments constructive and helpful.

Public consultation on Europeana

GDPR Awareness. Kevin Styles. Certified Information Privacy Professional - Europe Member of International Association of Privacy professionals

ITAC RESPONSE: Modernizing Consent and Privacy in PIPEDA

D1.10 SECOND ETHICAL REPORT

Wireless Sensor Networks and Privacy

Efese, ethics in research

Swedish Proposal for Research Data Act

Data Protection and Ethics in Healthcare

European Nuclear Education Network Association

Justice Select Committee: Inquiry on EU Data Protection Framework Proposals

ARTICLE 29 DATA PROTECTION WORKING PARTY

EU-GDPR The General Data Protection Regulation

Getting the evidence: Using research in policy making

Children s rights in the digital environment: Challenges, tensions and opportunities

Methodology for Agent-Oriented Software

ISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Privacy framework

Years 5 and 6 standard elaborations Australian Curriculum: Design and Technologies

Years 9 and 10 standard elaborations Australian Curriculum: Digital Technologies

IN VITRO DIAGNOSTICS: CAPITA EXOTICA

Having regard to the Treaty on the Functioning of the European Union, and in particular Article 16 thereof,

What does the revision of the OECD Privacy Guidelines mean for businesses?

EU Research Integrity Initiative

PEGASUS Effectively ensuring automated driving. Prof. Dr.-Ing. Karsten Lemmer April 6, 2017

Interaction btw. the GDPR and Clinical Trials Regulation

We appreciate your feedback

European Union General Data Protection Regulation Effects on Research

Towards Code of Conduct on Processing of Personal Data for Purposes of Scientific Research in the Area of Health

About the Office of the Australian Information Commissioner

2016 IAU Consortium Audit Plan

12 April Fifth World Congress for Freedom of Scientific research. Speech by. Giovanni Buttarelli

WG food contact materials

The General Data Protection Regulation and use of health data: challenges for pharmaceutical regulation

PRIVACY ANALYTICS WHITE PAPER

GENERAL DESCRIPTION OF THE CMC SERVICES

Interactive Workshop on Data Protection Impact Assessment

Violent Intent Modeling System

Years 9 and 10 standard elaborations Australian Curriculum: Design and Technologies

Global Alliance for Genomics & Health Data Sharing Lexicon

REPORT OF THE UNITED STATES OF AMERICA ON THE 2010 WORLD PROGRAM ON POPULATION AND HOUSING CENSUSES

European Charter for Access to Research Infrastructures - DRAFT

Grade 3 Geometry Rectangle Dimensions

Position Paper.

B) Issues to be Prioritised within the Proposed Global Strategy and Plan of Action:

General Manager Assurance and Risk Management in Oakton;

COUNCIL OF THE EUROPEAN UNION. Brussels, 19 May 2014 (OR. en) 9879/14 Interinstitutional File: 2013/0165 (COD) ENT 123 MI 428 CODEC 1299

Pan-Canadian Trust Framework Overview

MIRACLE Impact Assessment Report Results from the online survey 2016

Definitions proposals for draft Framework for state aid for research and development and innovation Document Original text Proposal Notes

JOINT STATEMENT POSITION PAPER. List of Goods and Services 512 characters restriction. 10 February 2016

(Non-legislative acts) DECISIONS

Assemblies according to the Pressure Equipment Directive - a consideration provided by the PED-AdCo Group 1 -

8 Executive summary. Intelligent Software Agent Technologies: Turning a Privacy Threat into a Privacy Protector

Gender pay gap reporting tight for time

Part 2: Medical device software. Validation of software for medical device quality systems

Self regulation applied to interactive games : success and challenges

Applying Privacy by Design in Software Engineering - An European Perspective

Separation of Concerns in Software Engineering Education

InterPARES Project. The Future of Our Digital Memory. The Contribution of the InterPARES Project to the Preservation of the Memory of the World

510 Data Responsibility Policy

CARAPELLI FOR ART COMPETITION RULES AND REGULATIONS

SECTION 2. Computer Applications Technology

Privacy Management in Smart Cities

Transcription:

End-to-End Privacy Accountability Denis Butin 1 and Daniel Le Métayer 2 1 TU Darmstadt 2 Inria, Université de Lyon TELERISE, 18 May 2015 1 / 17

Defining Accountability 2 / 17

Is Accountability Needed? Ever-increasing exchanges of personal data between systems and across countries Accountability as a means to provide verifiability of actual personal data handling Key idea: data controllers (DC) must not only comply with data protection rules but also demonstrate compliance Empower data subjects (DS), e.g. individuals restore balance of power Importance of accountability increasingly acknowledged in legal systems, notably EU General Data Protection Regulation Draft Benefits also for DC, e.g. organisations, corporations 3 / 17

Defining Accountability 1/2 Principle of accountability introduced 30 years ago (OECD), increasingly mentioned Buzzword? Used both in technical and legal settings, widely varying situations Working definition: Article 29 Working Party Opinion. Accountability principle defined as showing how responsibility is exercised and making this verifiable More than mere privacy policy compliance. Includes burden of proof 4 / 17

Defining Accountability 2/2 Existing literature split in two strands: Technical approaches: focus on specific security properties, e.g. authentication, non-repudiation, privacy property verification, log security... Policy-oriented perspectives: focus on organizational measures, legal compliance Gap between those stances. Problematic: need integrated approach to take into account all dimensions. Combination of organisational, legal and technical measures 5 / 17

Categories of Accountability Zooming in, using Colin Bennett s 3-tier terminology: Acc. of policy: demonstrate intent existence of privacy policy (natural language + technical), show policy adequacy wrt norm Acc. of procedures: demonstrate adequacy of organisational mechanisms for implementation of privacy policies, e.g. documented processes Acc. of practice: a posteriori demonstration of effectiveness of acc. of procedures. Requires recording sufficient information about system operation. Formalisation useful Excessive focus on first two layers common 6 / 17

Privacy requirements from many sources: Laws, i.e. national implementations of EU Data Protection Directive 95/46/EC or forthcoming General Data Protection Regulation Self-defined privacy policies by data controllers usually declarative statements in natural language Technical, machine-readable privacy policies in form of data handling rules, possibly automatically negotiated with data subjects Many technical privacy policy languages: PPL, XACML, UCON... General purpose / access control / usage control. Can be used to assess log compliance 7 / 17

Methodology Look in turn at each stage of personal data life cycle wrt design and operation of accountable systems Data collection / storage / usage / forwarding / deletion + aspects common to all Illustration: requirements from General Data Protection Regulation Draft. Just an example. Key idea: general approach 8 / 17

Overview In this talk: focus on two data cycle life stages to convey approach 9 / 17

Data Collection: GDPR Requirements DC must inform DS about many aspects of personal data collection: right to object/access/rectify/delete, purpose of processing, retention period, whether data encrypted... Purposes must be specific, explicit, legitimate Amount of collected data must be proportional to purposes of processing Specific and informed consent is needed for personal data collection DC must keep records of data collection to enable DS to exercise right of information later (directly or via DPA) 10 / 17

Data Collection: Accountability Measures Demonstrate that right of information was respected: keep pseudonymised database listings, metadata (notably purpose). Samples of messages sent to DS. Quality assurance mechanism Privacy Impact Assessments to show legitimacy and proportionality of personal data processing. Performed before the design of system (PbD). PIAs are not mandatory by themselves but strongly contribute to acc. Demonstrate DS consent: ideally, full electronic signatures not always feasible. Lengthy legal texts not acceptable (concision criteria) 11 / 17

Data Usage: GDPR Requirements DC must inform DS about logic of automated processing, profiling, data usage purposes... DC must demonstrate compliance of data processing with Regulation extremely broad requirement DC must implement compliance procedures and policies that persistently respect the autonomous choices of DS DC may only use personal data in line with initially declared purpose 12 / 17

Data Usage: Accountability Measures (1/2) Acc. of practice approach to personal data processing compliance: use technical privacy policy language (PPL, SIMPLE, FLAVOR... ) Combine with evidence about data handling. Evidence generated as system logs (log: trace/record of system events) Two aspects: existence of evidence, compliance of evidence with policies log analysis Abstract away from internals: translation between low-level system events and events on categories of personal data 13 / 17

Data Usage: Accountability Measures (2/2) Adequate log design not trivial. Missing details can be enough to render logs useless for compliance checking. Semantic comprehensiveness imperative. Other log considerations: Trustworthiness: logs must reflect actual system behaviour. Use partial formal modelling for critical components Storage security: monitor log access; prevent tampering (e.g. forward integrity) Minimisation: keep no extraneous data 14 / 17

(1/2) Systematic analysis of acc. requirements for DC, and indirectly for system designers, across personal data life cycle Each requirement leads to key evidence fragments, to be gathered to present convincing narrative to auditors Evidence must not introduce new privacy threats e.g. special care for system event logs 15 / 17

(2/2) Acc. costs for DC can be minimised by including provisions in design phase Also added value for DC: clarify internal processes, encourage quantification, potential competitive advantage No promise of absolute privacy guarantees, but best bet to protect individuals by increasing pressure on DC 16 / 17

Thank you! Questions & feedback welcome 17 / 17

2024 © hobbydocbox.com Privacy Policy | Terms of Service | Feedback