Your User's Privacy

Your Users’ Privacy .
How Web 2.0 application providers and developers can enhance
their users’ privacy

Stefan Weiss
Web 2.0 Expo Berlin
November 8, 2007

Your users may control the Information Age but …

2 Web 2.0 Expo Berlin 2007 ©2007 Deloitte & Touche GmbH Wirtschaftsprüfungsgesellschaft

… are they controlling their own personal data too?


What are we talking about?

• Personal data
• Information privacy
• Harmful, privacy-invasive activities
• Its importance for Web 2.0 applications
• Your responsibilities
• What to do?


The EU (Art. 20 Working Party) has recently released
an opinion on what they consider to be personal data

Personal data

shall mean any information relating to an identified
or identifiable natural person (“data subject”);

an identifiable person is one who can be identified,
directly or indirectly, in particular by reference to
an identification number or to one or more factors
specific to his physical, physiological, mental,
economic, cultural or social identity.1
1 Opinion 4/2007, WP 136, Article 29 Data Protection Working Party, adopted June 20, 2007.


That’s a broad definition and includes a lot of data
that you are processing with your applications

EXAMPLES:
• Name, Gender, Date of birth
• Home address, Personal telephone number or Email
• Government identifiers (ex. social security number, ID numbers)
PERSONAL • Biometric identifier
• Photograph or video identifiable to an individual
• Behavioural information (e.g., in a CRM system)

• Medical records, Health plan beneficiary information
HEALTH • Physical or mental health information
• Provided health services or any information collected during the health service

• Account numbers (bank accounts, credit cards, etc.)
FINANCIAL • Financial history
• Salary information
• Racial or ethnic origin
• Religious or philosophical beliefs
• Trade-union membership
SENSITIVE • Sexual orientation
• Offences, criminal convictions or security measures
• Combinations of certain information (e.g., name and SSN)


With 2.0 applications, add personal data that is
indirectly used in a different context such as:

EXAMPLES:
• Name, Gender, Date of birth
• Home address, Personal telephone number or Email
• Government identifiers (ex. social security number, ID numbers)
PERSONAL • Biometric identifier
• Photograph or video identifiable to an individual
• Behavioural Group and personal affiliations
• information (e.g., in a CRM system)
• User behaviour
• Medical records, Health plan beneficiary information
HEALTH • Surfing patterns
• Physical or mental health information
• Provided health services or any information or feelings the health service
• Comments, opinions collected during
• Likes and dislikes
• Account numbers (bank accounts, credit cards, etc.)
• Graphical material (photos, videos)
FINANCIAL • Financial history
• Salary information and functions
• Roles
•
• etc.
Racial or ethnic origin
• Religious or philosophical beliefs
• Trade-union membership
SENSITIVE • Sexual orientation
• Offences, criminal convictions or security measures
• Combinations of certain information (e.g., name and SSN)


Information privacy should determine when, how,
and to what extent this personal data is processed.

Information Privacy

is defined as
“being the claim of individuals, groups, or
institutions to determine for themselves when,
how, and to what extent information about them is
communicated to others.2

2 Alan Westin, Privacy and Freedom, 1967.


Privacy is not about getting your private space


Harmful and privacy-invasive activities on the Web
are continuously increasing

Examples for privacy invasive activities

Lost Data
Adware/Spyware Distortion
Misuse
Appropriation Unwanted Exposure
Phishing
Blackmail Fraud
Sexual Solicitation
Breach of Confidentiality Identity Theft
Spam
Cyber Crime Inaccuracy
Unsolicited Marketing
Data Integrity Intrusion
Third Party Sharing
Discrimination Loss of Control
etc.2

2 Also see ENISA Position Paper No. 1 – Security Issues and Recommendations for Online Social Networks, October 2007.

How come these guys didn’t think of that?


And how does that relate to the Web 2.0?


Do you know Freddie Staur4?

• Sophos Facebook ID probe shows 41% of users happy
to reveal all to potential identity thieves
• Research highlights dangers of irresponsible behavior on
social networking sites

4 www.sophos.com/facebook, Survey among 200 randomly chosen Facebook users, August 2007.


Privacy 2.0 needs to address new challenges that go
way beyond simple data protection measures

New rules New Privacy Challenges
on the Web 2.02

Openness Openness contradicts protection schemes

Peering Peer-produced personal data

Sharing Difficult to set data ownership

Acting globally Myriad of rules and regulations to adhere to

2 Don Tapscott, “Wikinomics – How Mass Collaboration Changes Everything”, December 2006.


Privacy 1.0 focused more on access authorization
and protecting data

• Data security
• Information hiding
• Access control
• And maybe limiting the collection of data


But simple data protection measures do not work for
lots of Web 2.0 applications

Contradictions

1.0 2.0

Limit data collection Data is everywhere
Disguise identity Visible identity
Only authorized access Everyone can see


Example: New group dynamics in social networking
applications create more complex data structures

Source: Forrester Research
“Social Computing Upends Past Knowledge Management Archetypes” Report, March 8, 2007


Example: Attractive user data on social networking
sites increase the expected risk of data abuse


Challenge: Manage the Privacy 2.0 Bermuda Triangle

Data is
everywhere

User’s
Privacy

High value of Vulnerable
personal data technology

What are your responsibilities?

• Meeting user expectations
• Complying with laws and regulations
• Protecting your company’s assets, brand and image
• Communicating your data handling practices openly


Allow the user to participate (!) and address all
privacy principles (not only data protection)

•Have the user control his data
Self-Control
•Provide choices (privacy settings)

•Context-driven
Rules for Usage •Assign purpose to data
•Assure data provenance is known

•Set privacy policies, code of conduct
•Provide notices and “alarms”
Accountability
•Full transparency over what you do
•Control third-party sharing

At a minimum, your users expect from you as a
provider that

• their personal data is processed fairly and only for the
“specified” purpose
• you comply with laws and regulations


Compliance goes beyond local data protection laws

Laws and Regulations
(Regional, National/Federal, State)

Contracts, Service Agreements

Privacy
Professional/Industry Standards
Requirements
Brand/Competitive Requirements

Corporate Policies, Codes of Conduct


It is like steering a treasure chest full of personal data
through the rough and open waters of Cyberspace …


How to handle and steer the ship through different waters:
Regional, federal or state data protection legislation
(BDSG, EU Directive, PIPEDA etc.)

How to signal and communicate:
Email, Fax, Telecommunications
(E-Privacy Directive, TCPA, TSR, etc.)

How to deal with pirates:
Anti-fraud, Unfair practices
(UDTP, CAN-SPAM, JFPA etc.)

Protecting very vulnerable gems:
Personal data from children
(COPPA)

How to protect the most valuable treasures:
Financial data, credit data, health data
(GLBA, FCRA, FACTA, HIPPA, etc.)


You need to set up your individual compliance
strategy – what applies to you?

s
w
la
Special privacy and

e

al
tiv

n
data protection

tio
c

86

A
re

PP
na
13
Di
regulations that may go 20%

CO
SB

EU
EU
beyond the „norm“.

Privacy and data
protection legislation
that are similar in 80%
various jurisdictions


Adhering to the following set of internationally
applicable Privacy Principles should be your strategy

• Consent and Choice
• Accountability
• Purpose Specification
• Collection Limitation
• Use, Retention and Disclosure Limitation
• Data Minimization
• Accuracy and Quality
• Openness, Transparency and Notice
• Individual Participation and Access
• Security Safeguards
• Compliance

Using the following data life cycle reference
framework focuses your efforts to key data processes

• Which privacy requirements do you have to think about
in each data processing life cycle?

2
1 Usage
Collection

Disposal
3

Storage
4

Transfer 5


Implementing a Privacy Management Program

Assess Design

Privacy
Program
.
Maintain Communicate


The challenge remains on how to communicate your
privacy handling practices to your users!


How to communicate to your users?


How to communicate to your users?

Source: Mary Rundle, International Data Protection and Digital Identity Management Tools, mrundle[at]cyber.law.harvard.edu, 2006.

Communicating your Privacy Policy Using P3P3

• Basic elements of a Website privacy policy
– Surrounding tags
– Entity information
– Access information
– Dispute/Remedies information
– Statements regarding the data practices
– Information types within categories tag (see Appendix 1)
• Cookies Handling Practices (Appendix 4)
• Example for user tool: ‘Privacy Bird’
(www.privacybird.org)
• Tagging Data in P3P
(see Appendices 1-3)

3 Helena and Stefan Lindskog, “Web Site Privacy with P3P”, Wiley Publishing, Inc., 2003.


And what if you don’t?

Think of
• Compliance with laws and regulations
• Corporate Liability
• Image, Brand Reputation
• Your users’ expectations
• Trust


“History will record what we, here in the early
decades of the information age, did to foster
freedom, liberty and democracy.quot;

-- Bruce Schneier, July 15, 2007


Contact Details

Stefan Weiss Franklinstrasse 50 Stefan Weiss Gräfstraße 78
60486 Frankfurt am Main 60054 Frankfurt am Main
Senior Manager PhD Student
Tel.: + 49 69 75695 6355 Tel.: + 49 69 798 25301
Security & Privacy Services T-Mobile Chair of
Fax: + 49 69 75695 6719 Fax: + 49 69 798 25306
M-Commerce and
Mobile + 49 172 3590 674 Mobile + 49 172 3590 674
Multilateral Security
stefanweiss@deloitte.de stefan.weiss@m-lehrstuhl.de
www.deloitte.com/de/security www.m-lehrstuhl.de


Deloitte refers to one or more of Deloitte Touche Tohmatsu, a Swiss Verein, its member firms, and their respective subsidiaries and
affiliates. As a Swiss Verein (association), neither Deloitte Touche Tohmatsu nor any of its member firms has any liability for each other's
acts or omissions. Each of the member firms is a separate and independent legal entity operating under the names quot;Deloittequot;, quot;Deloitte &
Touchequot;, quot;Deloitte Touche Tohmatsuquot;, or other related names. Services are provided by the member firms or their subsidiaries or affiliates Member of
and not by the Deloitte Touche Tohmatsu Verein. Copyright ©2007 by Deloitte Touche Tohmatsu. All rights reserved. Deloitte Touche Tohmatsu

Appendix 1
Possible Elements within the Categories Tag

<physical/> <state/>
<online/> <political/>
<uniqueid/> <health/>
<purchase/> <preference/>
<financial/> <location/>
<computer/> <government/>
<navigation/>
<interactive/> <other-category>
<demographic/> string
<content/> </other-category>


Appendix 2
Possible Elements within the Purpose Tag

<current/>
<admin/>
<develop/>
<tailoring/>
<pseudo-analysis/>
<pseudo-decision/>
<individual-analysis/>
<individual-decision/>
<contact/>
<historical/>
<telemarketing/>

Appendix 3
Possible Elements within the Recipient Tag

<ours/>
<delivery/>
<same/>
<other-recipient/>
<unrelated/>
<public/>


Appendix 4
A Privacy Recipe for Cookies

• Include statements on cookies in your privacy policy
• Remember to enhance user privacy also by managing
the data used for cookies
• Do not store any data in a cookie (only on a server)
• Add the following tokens to the policy statements on
cookies practices for:
– Access, Remedies, Purpose, Recipient, Retention,
Categories
• The use of cookies within European countries will be
allowed only if the user is provided with clear and
comprehensive information about the purpose of the
cookies and is offered the right to refuse cookies –
thus, the need for policy statements is clear!

Call for Participation

Research Study on Concerns for Information Privacy in
Social Networking (Web 2.0) Applications

Inviting Privacy, Security, and Web 2.0 Experts

Stefan Weiss
Johann Wolfgang Goethe University
Frankfurt am Main
November 8, 2007


Research Goals and Research Methods

Research Goals
• Conduct expert surveys to understand and focus in on most important
requirements for a privacy-enhanced Web experience
• Develop privacy-enhanced method/concept for Social Networking (Web 2.0)
Applications

Research Method: Series of 2-3 expert surveys (Delphi)
• Get understanding of main concerns, requirements and existing material
• Applying applicable expert knowledge to technical use case „Social Networking
Applications“
• Evaluating and justifying the privacy-enhanced method to be developed


Your Participation

Requirements for Participation
• Have good expertise on either one or all of these areas: privacy, security or
web 2.0 applications
• Maximum of 3 x 40 minutes of your time over the course of 6 months

Notes
• Research is university research and will be made public through the published
PhD thesis
• Your personal information is not used for any other purpose than contacting
you throughout the research project

Please speak to me or write me an Email if you like to participate:
stefan.weiss@m-lehrstuhl.de
+49 172 3590674


Your User's Privacy

Recommended

Recommended

More Related Content

Similar to Your User's Privacy

Similar to Your User's Privacy (20)

More from adunne

More from adunne (20)

Recently uploaded

Recently uploaded (20)

Your User's Privacy