Submit Search
Upload
Your User's Privacy
•
7 likes
•
1,325 views
adunne
Follow
Speaker: Stefan Weiss
Read less
Read more
Technology
News & Politics
Report
Share
Report
Share
1 of 44
Download now
Download to read offline
Recommended
Healthcare Security Essentials jean pawluk april 28 2011
Healthcare Security Essentials jean pawluk april 28 2011
slides2010
Massachusetts New Data Security Laws Presentation
Massachusetts New Data Security Laws Presentation
billanetworks
BGK Group Presentation - BDI 7/26/11 Social Media Security & Compliance Works...
BGK Group Presentation - BDI 7/26/11 Social Media Security & Compliance Works...
Business Development Institute
Cyber & Privacy Liability for Health Care Industry
Cyber & Privacy Liability for Health Care Industry
FerrariT1
Ecommerce Chap 10
Ecommerce Chap 10
Pimsat University
Cloud Privacy
Cloud Privacy
Act-On Software
Cloud Privacy Update: What You Need to Know
Cloud Privacy Update: What You Need to Know
Act-On Software
OSC2012: Identity Analytics: Exploiting Digital Breadcrumbs
OSC2012: Identity Analytics: Exploiting Digital Breadcrumbs
Accenture the Netherlands
Recommended
Healthcare Security Essentials jean pawluk april 28 2011
Healthcare Security Essentials jean pawluk april 28 2011
slides2010
Massachusetts New Data Security Laws Presentation
Massachusetts New Data Security Laws Presentation
billanetworks
BGK Group Presentation - BDI 7/26/11 Social Media Security & Compliance Works...
BGK Group Presentation - BDI 7/26/11 Social Media Security & Compliance Works...
Business Development Institute
Cyber & Privacy Liability for Health Care Industry
Cyber & Privacy Liability for Health Care Industry
FerrariT1
Ecommerce Chap 10
Ecommerce Chap 10
Pimsat University
Cloud Privacy
Cloud Privacy
Act-On Software
Cloud Privacy Update: What You Need to Know
Cloud Privacy Update: What You Need to Know
Act-On Software
OSC2012: Identity Analytics: Exploiting Digital Breadcrumbs
OSC2012: Identity Analytics: Exploiting Digital Breadcrumbs
Accenture the Netherlands
Lex mundi 2011 confidentiality and knowledge collaboration presentation - f...
Lex mundi 2011 confidentiality and knowledge collaboration presentation - f...
David Cunningham
piiLabsSeattleWorkshop_ChristinaGagnier
piiLabsSeattleWorkshop_ChristinaGagnier
pii2011
IST Presentation
IST Presentation
guest1d1ed5
Privacy Implications of Biometric Data - Kevin Nevias
Privacy Implications of Biometric Data - Kevin Nevias
Kevin Nevias
Id secure capabilities brochure
Id secure capabilities brochure
karenpasacreta
Gagnier's Portion of TechWeek Chicago Presentation
Gagnier's Portion of TechWeek Chicago Presentation
Christina Gagnier
Cybersecurity Seminar March 2015
Cybersecurity Seminar March 2015
Lawley Insurance
Data Loss Prevention: Challenges, Impacts & Effective Strategies
Data Loss Prevention: Challenges, Impacts & Effective Strategies
Seccuris Inc.
Ssi Data Protection Solutions V0.2
Ssi Data Protection Solutions V0.2
olambel
IBM Smarter Commerce Florida 2014 The Furture of Privacy by Aurélie Pols & Bl...
IBM Smarter Commerce Florida 2014 The Furture of Privacy by Aurélie Pols & Bl...
FLUZO
Callcredit's Fraud Summit - Customer experience stream
Callcredit's Fraud Summit - Customer experience stream
Callcredit123
Is More Data Always Better? The Legal Risks of Data Collection, Storage and U...
Is More Data Always Better? The Legal Risks of Data Collection, Storage and U...
Vivastream
Notes Version: Is More Data Always Better The Legal Risks of Data Collection,...
Notes Version: Is More Data Always Better The Legal Risks of Data Collection,...
Vivastream
Notes Version: Is More Data Always Better The Legal Risks of Data Collection,...
Notes Version: Is More Data Always Better The Legal Risks of Data Collection,...
Vivastream
Big Data and Big Law at Walmart - StampedeCon 2013
Big Data and Big Law at Walmart - StampedeCon 2013
StampedeCon
Deconstructing the cost of a data breach
Deconstructing the cost of a data breach
Patrick Florer
Data goverance two_8.2.18 - copy
Data goverance two_8.2.18 - copy
Sandra (Sandy) Dunn
Kevin Wharram Security Summit
Kevin Wharram Security Summit
Kevin Wharram
Privacy by design
Privacy by design
Michelangelo van Dam
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
Gohsuke Takama
Seedcamp Overview
Seedcamp Overview
adunne
Netvibes Preview
Netvibes Preview
adunne
More Related Content
Similar to Your User's Privacy
Lex mundi 2011 confidentiality and knowledge collaboration presentation - f...
Lex mundi 2011 confidentiality and knowledge collaboration presentation - f...
David Cunningham
piiLabsSeattleWorkshop_ChristinaGagnier
piiLabsSeattleWorkshop_ChristinaGagnier
pii2011
IST Presentation
IST Presentation
guest1d1ed5
Privacy Implications of Biometric Data - Kevin Nevias
Privacy Implications of Biometric Data - Kevin Nevias
Kevin Nevias
Id secure capabilities brochure
Id secure capabilities brochure
karenpasacreta
Gagnier's Portion of TechWeek Chicago Presentation
Gagnier's Portion of TechWeek Chicago Presentation
Christina Gagnier
Cybersecurity Seminar March 2015
Cybersecurity Seminar March 2015
Lawley Insurance
Data Loss Prevention: Challenges, Impacts & Effective Strategies
Data Loss Prevention: Challenges, Impacts & Effective Strategies
Seccuris Inc.
Ssi Data Protection Solutions V0.2
Ssi Data Protection Solutions V0.2
olambel
IBM Smarter Commerce Florida 2014 The Furture of Privacy by Aurélie Pols & Bl...
IBM Smarter Commerce Florida 2014 The Furture of Privacy by Aurélie Pols & Bl...
FLUZO
Callcredit's Fraud Summit - Customer experience stream
Callcredit's Fraud Summit - Customer experience stream
Callcredit123
Is More Data Always Better? The Legal Risks of Data Collection, Storage and U...
Is More Data Always Better? The Legal Risks of Data Collection, Storage and U...
Vivastream
Notes Version: Is More Data Always Better The Legal Risks of Data Collection,...
Notes Version: Is More Data Always Better The Legal Risks of Data Collection,...
Vivastream
Notes Version: Is More Data Always Better The Legal Risks of Data Collection,...
Notes Version: Is More Data Always Better The Legal Risks of Data Collection,...
Vivastream
Big Data and Big Law at Walmart - StampedeCon 2013
Big Data and Big Law at Walmart - StampedeCon 2013
StampedeCon
Deconstructing the cost of a data breach
Deconstructing the cost of a data breach
Patrick Florer
Data goverance two_8.2.18 - copy
Data goverance two_8.2.18 - copy
Sandra (Sandy) Dunn
Kevin Wharram Security Summit
Kevin Wharram Security Summit
Kevin Wharram
Privacy by design
Privacy by design
Michelangelo van Dam
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
Gohsuke Takama
Similar to Your User's Privacy
(20)
Lex mundi 2011 confidentiality and knowledge collaboration presentation - f...
Lex mundi 2011 confidentiality and knowledge collaboration presentation - f...
piiLabsSeattleWorkshop_ChristinaGagnier
piiLabsSeattleWorkshop_ChristinaGagnier
IST Presentation
IST Presentation
Privacy Implications of Biometric Data - Kevin Nevias
Privacy Implications of Biometric Data - Kevin Nevias
Id secure capabilities brochure
Id secure capabilities brochure
Gagnier's Portion of TechWeek Chicago Presentation
Gagnier's Portion of TechWeek Chicago Presentation
Cybersecurity Seminar March 2015
Cybersecurity Seminar March 2015
Data Loss Prevention: Challenges, Impacts & Effective Strategies
Data Loss Prevention: Challenges, Impacts & Effective Strategies
Ssi Data Protection Solutions V0.2
Ssi Data Protection Solutions V0.2
IBM Smarter Commerce Florida 2014 The Furture of Privacy by Aurélie Pols & Bl...
IBM Smarter Commerce Florida 2014 The Furture of Privacy by Aurélie Pols & Bl...
Callcredit's Fraud Summit - Customer experience stream
Callcredit's Fraud Summit - Customer experience stream
Is More Data Always Better? The Legal Risks of Data Collection, Storage and U...
Is More Data Always Better? The Legal Risks of Data Collection, Storage and U...
Notes Version: Is More Data Always Better The Legal Risks of Data Collection,...
Notes Version: Is More Data Always Better The Legal Risks of Data Collection,...
Notes Version: Is More Data Always Better The Legal Risks of Data Collection,...
Notes Version: Is More Data Always Better The Legal Risks of Data Collection,...
Big Data and Big Law at Walmart - StampedeCon 2013
Big Data and Big Law at Walmart - StampedeCon 2013
Deconstructing the cost of a data breach
Deconstructing the cost of a data breach
Data goverance two_8.2.18 - copy
Data goverance two_8.2.18 - copy
Kevin Wharram Security Summit
Kevin Wharram Security Summit
Privacy by design
Privacy by design
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
More from adunne
Seedcamp Overview
Seedcamp Overview
adunne
Netvibes Preview
Netvibes Preview
adunne
Community Practices: From Forums to Social Networks
Community Practices: From Forums to Social Networks
adunne
Designing Tag Navigation
Designing Tag Navigation
adunne
Social Commerce and Community
Social Commerce and Community
adunne
The Starfish and the Spider
The Starfish and the Spider
adunne
Ginger Preview
Ginger Preview
adunne
Add Powerful Full Text Search to Your Web App with Solr
Add Powerful Full Text Search to Your Web App with Solr
adunne
Web 2.0 Performance and Reliability: How to Run Large Web Apps
Web 2.0 Performance and Reliability: How to Run Large Web Apps
adunne
The Impact of Mobile Web 2.0 on the Telecoms Industry
The Impact of Mobile Web 2.0 on the Telecoms Industry
adunne
Building Web 2.0: Next-Generation Data Centers
Building Web 2.0: Next-Generation Data Centers
adunne
Killing the Org Chart: Organizational, Cultural and Leadership Models on the ...
Killing the Org Chart: Organizational, Cultural and Leadership Models on the ...
adunne
Designing for a Web of Data
Designing for a Web of Data
adunne
Web 2.0 Performance and Reliability: How to Run Large Web Apps
Web 2.0 Performance and Reliability: How to Run Large Web Apps
adunne
Disrupting the Platform: Harnessing social analytics and other musings on the...
Disrupting the Platform: Harnessing social analytics and other musings on the...
adunne
Under the Hood: How Geonames Aggregates Over 35 Sources into One Data Set
Under the Hood: How Geonames Aggregates Over 35 Sources into One Data Set
adunne
Scalable Web Architectures: Common Patterns and Approaches
Scalable Web Architectures: Common Patterns and Approaches
adunne
Trends in Search Engine Optimization and Search Engine Marketing
Trends in Search Engine Optimization and Search Engine Marketing
adunne
Wuala, P2P Online Storage
Wuala, P2P Online Storage
adunne
Breaking Down The Barriers: Design for Accessibility
Breaking Down The Barriers: Design for Accessibility
adunne
More from adunne
(20)
Seedcamp Overview
Seedcamp Overview
Netvibes Preview
Netvibes Preview
Community Practices: From Forums to Social Networks
Community Practices: From Forums to Social Networks
Designing Tag Navigation
Designing Tag Navigation
Social Commerce and Community
Social Commerce and Community
The Starfish and the Spider
The Starfish and the Spider
Ginger Preview
Ginger Preview
Add Powerful Full Text Search to Your Web App with Solr
Add Powerful Full Text Search to Your Web App with Solr
Web 2.0 Performance and Reliability: How to Run Large Web Apps
Web 2.0 Performance and Reliability: How to Run Large Web Apps
The Impact of Mobile Web 2.0 on the Telecoms Industry
The Impact of Mobile Web 2.0 on the Telecoms Industry
Building Web 2.0: Next-Generation Data Centers
Building Web 2.0: Next-Generation Data Centers
Killing the Org Chart: Organizational, Cultural and Leadership Models on the ...
Killing the Org Chart: Organizational, Cultural and Leadership Models on the ...
Designing for a Web of Data
Designing for a Web of Data
Web 2.0 Performance and Reliability: How to Run Large Web Apps
Web 2.0 Performance and Reliability: How to Run Large Web Apps
Disrupting the Platform: Harnessing social analytics and other musings on the...
Disrupting the Platform: Harnessing social analytics and other musings on the...
Under the Hood: How Geonames Aggregates Over 35 Sources into One Data Set
Under the Hood: How Geonames Aggregates Over 35 Sources into One Data Set
Scalable Web Architectures: Common Patterns and Approaches
Scalable Web Architectures: Common Patterns and Approaches
Trends in Search Engine Optimization and Search Engine Marketing
Trends in Search Engine Optimization and Search Engine Marketing
Wuala, P2P Online Storage
Wuala, P2P Online Storage
Breaking Down The Barriers: Design for Accessibility
Breaking Down The Barriers: Design for Accessibility
Recently uploaded
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
Pooja Nehwal
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
Martijn de Jong
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
HampshireHUG
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
hans926745
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
The Digital Insurer
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
The Digital Insurer
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Neo4j
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
Malak Abu Hammad
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
Paola De la Torre
How to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
naman860154
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
Anna Loughnan Colquhoun
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
Michael W. Hawkins
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
debabhi2
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
wesley chun
Recently uploaded
(20)
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
How to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
Your User's Privacy
1.
Your Users’ Privacy
. How Web 2.0 application providers and developers can enhance their users’ privacy Stefan Weiss Web 2.0 Expo Berlin November 8, 2007
2.
Your users may
control the Information Age but … 2 Web 2.0 Expo Berlin 2007 ©2007 Deloitte & Touche GmbH Wirtschaftsprüfungsgesellschaft
3.
… are they
controlling their own personal data too? 3 Web 2.0 Expo Berlin 2007 ©2007 Deloitte & Touche GmbH Wirtschaftsprüfungsgesellschaft
4.
What are we
talking about? • Personal data • Information privacy • Harmful, privacy-invasive activities • Its importance for Web 2.0 applications • Your responsibilities • What to do? 4 Web 2.0 Expo Berlin 2007 ©2007 Deloitte & Touche GmbH Wirtschaftsprüfungsgesellschaft
5.
The EU (Art.
20 Working Party) has recently released an opinion on what they consider to be personal data Personal data shall mean any information relating to an identified or identifiable natural person (“data subject”); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity.1 1 Opinion 4/2007, WP 136, Article 29 Data Protection Working Party, adopted June 20, 2007. 5 Web 2.0 Expo Berlin 2007 ©2007 Deloitte & Touche GmbH Wirtschaftsprüfungsgesellschaft
6.
That’s a broad
definition and includes a lot of data that you are processing with your applications EXAMPLES: • Name, Gender, Date of birth • Home address, Personal telephone number or Email • Government identifiers (ex. social security number, ID numbers) PERSONAL • Biometric identifier • Photograph or video identifiable to an individual • Behavioural information (e.g., in a CRM system) • Medical records, Health plan beneficiary information HEALTH • Physical or mental health information • Provided health services or any information collected during the health service • Account numbers (bank accounts, credit cards, etc.) FINANCIAL • Financial history • Salary information • Racial or ethnic origin • Religious or philosophical beliefs • Trade-union membership SENSITIVE • Sexual orientation • Offences, criminal convictions or security measures • Combinations of certain information (e.g., name and SSN) 6 Web 2.0 Expo Berlin 2007 ©2007 Deloitte & Touche GmbH Wirtschaftsprüfungsgesellschaft
7.
With 2.0 applications,
add personal data that is indirectly used in a different context such as: EXAMPLES: • Name, Gender, Date of birth • Home address, Personal telephone number or Email • Government identifiers (ex. social security number, ID numbers) PERSONAL • Biometric identifier • Photograph or video identifiable to an individual • Behavioural Group and personal affiliations • information (e.g., in a CRM system) • User behaviour • Medical records, Health plan beneficiary information HEALTH • Surfing patterns • Physical or mental health information • Provided health services or any information or feelings the health service • Comments, opinions collected during • Likes and dislikes • Account numbers (bank accounts, credit cards, etc.) • Graphical material (photos, videos) FINANCIAL • Financial history • Salary information and functions • Roles • • etc. Racial or ethnic origin • Religious or philosophical beliefs • Trade-union membership SENSITIVE • Sexual orientation • Offences, criminal convictions or security measures • Combinations of certain information (e.g., name and SSN) 7 Web 2.0 Expo Berlin 2007 ©2007 Deloitte & Touche GmbH Wirtschaftsprüfungsgesellschaft
8.
Information privacy should
determine when, how, and to what extent this personal data is processed. Information Privacy is defined as “being the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is communicated to others.2 2 Alan Westin, Privacy and Freedom, 1967. 8 Web 2.0 Expo Berlin 2007 ©2007 Deloitte & Touche GmbH Wirtschaftsprüfungsgesellschaft
9.
Privacy is not
about getting your private space 9 Web 2.0 Expo Berlin 2007 ©2007 Deloitte & Touche GmbH Wirtschaftsprüfungsgesellschaft
10.
Harmful and privacy-invasive
activities on the Web are continuously increasing Examples for privacy invasive activities Lost Data Adware/Spyware Distortion Misuse Appropriation Unwanted Exposure Phishing Blackmail Fraud Sexual Solicitation Breach of Confidentiality Identity Theft Spam Cyber Crime Inaccuracy Unsolicited Marketing Data Integrity Intrusion Third Party Sharing Discrimination Loss of Control etc.2 2 Also see ENISA Position Paper No. 1 – Security Issues and Recommendations for Online Social Networks, October 2007. 10 Web 2.0 Expo Berlin 2007 ©2007 Deloitte & Touche GmbH Wirtschaftsprüfungsgesellschaft
11.
How come these
guys didn’t think of that? 11 Web 2.0 Expo Berlin 2007 ©2007 Deloitte & Touche GmbH Wirtschaftsprüfungsgesellschaft
12.
And how does
that relate to the Web 2.0? 12 Web 2.0 Expo Berlin 2007 ©2007 Deloitte & Touche GmbH Wirtschaftsprüfungsgesellschaft
13.
Do you know
Freddie Staur4? • Sophos Facebook ID probe shows 41% of users happy to reveal all to potential identity thieves • Research highlights dangers of irresponsible behavior on social networking sites 4 www.sophos.com/facebook, Survey among 200 randomly chosen Facebook users, August 2007. 13 Web 2.0 Expo Berlin 2007 ©2007 Deloitte & Touche GmbH Wirtschaftsprüfungsgesellschaft
14.
Privacy 2.0 needs
to address new challenges that go way beyond simple data protection measures New rules New Privacy Challenges on the Web 2.02 Openness Openness contradicts protection schemes Peering Peer-produced personal data Sharing Difficult to set data ownership Acting globally Myriad of rules and regulations to adhere to 2 Don Tapscott, “Wikinomics – How Mass Collaboration Changes Everything”, December 2006. 14 Web 2.0 Expo Berlin 2007 ©2007 Deloitte & Touche GmbH Wirtschaftsprüfungsgesellschaft
15.
Privacy 1.0 focused
more on access authorization and protecting data • Data security • Information hiding • Access control • And maybe limiting the collection of data 15 Web 2.0 Expo Berlin 2007 ©2007 Deloitte & Touche GmbH Wirtschaftsprüfungsgesellschaft
16.
But simple data
protection measures do not work for lots of Web 2.0 applications Contradictions 1.0 2.0 Limit data collection Data is everywhere Disguise identity Visible identity Only authorized access Everyone can see 16 Web 2.0 Expo Berlin 2007 ©2007 Deloitte & Touche GmbH Wirtschaftsprüfungsgesellschaft
17.
Example: New group
dynamics in social networking applications create more complex data structures Source: Forrester Research “Social Computing Upends Past Knowledge Management Archetypes” Report, March 8, 2007 17 Web 2.0 Expo Berlin 2007 ©2007 Deloitte & Touche GmbH Wirtschaftsprüfungsgesellschaft
18.
Example: Attractive user
data on social networking sites increase the expected risk of data abuse 18 Web 2.0 Expo Berlin 2007 ©2007 Deloitte & Touche GmbH Wirtschaftsprüfungsgesellschaft
19.
Challenge: Manage the
Privacy 2.0 Bermuda Triangle Data is everywhere User’s Privacy High value of Vulnerable personal data technology 19 Web 2.0 Expo Berlin 2007 ©2007 Deloitte & Touche GmbH Wirtschaftsprüfungsgesellschaft
20.
What are your
responsibilities? • Meeting user expectations • Complying with laws and regulations • Protecting your company’s assets, brand and image • Communicating your data handling practices openly 20 Web 2.0 Expo Berlin 2007 ©2007 Deloitte & Touche GmbH Wirtschaftsprüfungsgesellschaft
21.
Allow the user
to participate (!) and address all privacy principles (not only data protection) •Have the user control his data Self-Control •Provide choices (privacy settings) •Context-driven Rules for Usage •Assign purpose to data •Assure data provenance is known •Set privacy policies, code of conduct •Provide notices and “alarms” Accountability •Full transparency over what you do •Control third-party sharing 21 Web 2.0 Expo Berlin 2007 ©2007 Deloitte & Touche GmbH Wirtschaftsprüfungsgesellschaft
22.
At a minimum,
your users expect from you as a provider that • their personal data is processed fairly and only for the “specified” purpose • you comply with laws and regulations 22 Web 2.0 Expo Berlin 2007 ©2007 Deloitte & Touche GmbH Wirtschaftsprüfungsgesellschaft
23.
Compliance goes beyond
local data protection laws Laws and Regulations (Regional, National/Federal, State) Contracts, Service Agreements Privacy Professional/Industry Standards Requirements Brand/Competitive Requirements Corporate Policies, Codes of Conduct 23 Web 2.0 Expo Berlin 2007 ©2007 Deloitte & Touche GmbH Wirtschaftsprüfungsgesellschaft
24.
It is like
steering a treasure chest full of personal data through the rough and open waters of Cyberspace … 24 Web 2.0 Expo Berlin 2007 ©2007 Deloitte & Touche GmbH Wirtschaftsprüfungsgesellschaft
25.
How to handle
and steer the ship through different waters: Regional, federal or state data protection legislation (BDSG, EU Directive, PIPEDA etc.) How to signal and communicate: Email, Fax, Telecommunications (E-Privacy Directive, TCPA, TSR, etc.) How to deal with pirates: Anti-fraud, Unfair practices (UDTP, CAN-SPAM, JFPA etc.) Protecting very vulnerable gems: Personal data from children (COPPA) How to protect the most valuable treasures: Financial data, credit data, health data (GLBA, FCRA, FACTA, HIPPA, etc.) 25 Web 2.0 Expo Berlin 2007 ©2007 Deloitte & Touche GmbH Wirtschaftsprüfungsgesellschaft
26.
You need to
set up your individual compliance strategy – what applies to you? s w la Special privacy and e al tiv n data protection tio c 86 A re PP na 13 Di regulations that may go 20% CO SB EU EU beyond the „norm“. Privacy and data protection legislation that are similar in 80% various jurisdictions 26 Web 2.0 Expo Berlin 2007 ©2007 Deloitte & Touche GmbH Wirtschaftsprüfungsgesellschaft
27.
Adhering to the
following set of internationally applicable Privacy Principles should be your strategy • Consent and Choice • Accountability • Purpose Specification • Collection Limitation • Use, Retention and Disclosure Limitation • Data Minimization • Accuracy and Quality • Openness, Transparency and Notice • Individual Participation and Access • Security Safeguards • Compliance 27 Web 2.0 Expo Berlin 2007 ©2007 Deloitte & Touche GmbH Wirtschaftsprüfungsgesellschaft
28.
Using the following
data life cycle reference framework focuses your efforts to key data processes • Which privacy requirements do you have to think about in each data processing life cycle? 2 1 Usage Collection Disposal 3 Storage 4 Transfer 5 28 Web 2.0 Expo Berlin 2007 ©2007 Deloitte & Touche GmbH Wirtschaftsprüfungsgesellschaft
29.
Implementing a Privacy
Management Program Assess Design Privacy Program . Maintain Communicate 29 Web 2.0 Expo Berlin 2007 ©2007 Deloitte & Touche GmbH Wirtschaftsprüfungsgesellschaft
30.
The challenge remains
on how to communicate your privacy handling practices to your users! 30 Web 2.0 Expo Berlin 2007 ©2007 Deloitte & Touche GmbH Wirtschaftsprüfungsgesellschaft
31.
How to communicate
to your users? 31 Web 2.0 Expo Berlin 2007 ©2007 Deloitte & Touche GmbH Wirtschaftsprüfungsgesellschaft
32.
How to communicate
to your users? Source: Mary Rundle, International Data Protection and Digital Identity Management Tools, mrundle[at]cyber.law.harvard.edu, 2006. 32 Web 2.0 Expo Berlin 2007 ©2007 Deloitte & Touche GmbH Wirtschaftsprüfungsgesellschaft
33.
Communicating your Privacy
Policy Using P3P3 • Basic elements of a Website privacy policy – Surrounding tags – Entity information – Access information – Dispute/Remedies information – Statements regarding the data practices – Information types within categories tag (see Appendix 1) • Cookies Handling Practices (Appendix 4) • Example for user tool: ‘Privacy Bird’ (www.privacybird.org) • Tagging Data in P3P (see Appendices 1-3) 3 Helena and Stefan Lindskog, “Web Site Privacy with P3P”, Wiley Publishing, Inc., 2003. 33 Web 2.0 Expo Berlin 2007 ©2007 Deloitte & Touche GmbH Wirtschaftsprüfungsgesellschaft
34.
And what if
you don’t? Think of • Compliance with laws and regulations • Corporate Liability • Image, Brand Reputation • Your users’ expectations • Trust 34 Web 2.0 Expo Berlin 2007 ©2007 Deloitte & Touche GmbH Wirtschaftsprüfungsgesellschaft
35.
“History will record
what we, here in the early decades of the information age, did to foster freedom, liberty and democracy.quot; -- Bruce Schneier, July 15, 2007 35 Web 2.0 Expo Berlin 2007 ©2007 Deloitte & Touche GmbH Wirtschaftsprüfungsgesellschaft
36.
Contact Details Stefan Weiss
Franklinstrasse 50 Stefan Weiss Gräfstraße 78 60486 Frankfurt am Main 60054 Frankfurt am Main Senior Manager PhD Student Tel.: + 49 69 75695 6355 Tel.: + 49 69 798 25301 Security & Privacy Services T-Mobile Chair of Fax: + 49 69 75695 6719 Fax: + 49 69 798 25306 M-Commerce and Mobile + 49 172 3590 674 Mobile + 49 172 3590 674 Multilateral Security stefanweiss@deloitte.de stefan.weiss@m-lehrstuhl.de www.deloitte.com/de/security www.m-lehrstuhl.de 36 Web 2.0 Expo Berlin 2007 ©2007 Deloitte & Touche GmbH Wirtschaftsprüfungsgesellschaft
37.
Deloitte refers to
one or more of Deloitte Touche Tohmatsu, a Swiss Verein, its member firms, and their respective subsidiaries and affiliates. As a Swiss Verein (association), neither Deloitte Touche Tohmatsu nor any of its member firms has any liability for each other's acts or omissions. Each of the member firms is a separate and independent legal entity operating under the names quot;Deloittequot;, quot;Deloitte & Touchequot;, quot;Deloitte Touche Tohmatsuquot;, or other related names. Services are provided by the member firms or their subsidiaries or affiliates Member of and not by the Deloitte Touche Tohmatsu Verein. Copyright ©2007 by Deloitte Touche Tohmatsu. All rights reserved. Deloitte Touche Tohmatsu
38.
Appendix 1 Possible Elements
within the Categories Tag <physical/> <state/> <online/> <political/> <uniqueid/> <health/> <purchase/> <preference/> <financial/> <location/> <computer/> <government/> <navigation/> <interactive/> <other-category> <demographic/> string <content/> </other-category> 38 Web 2.0 Expo Berlin 2007 ©2007 Deloitte & Touche GmbH Wirtschaftsprüfungsgesellschaft
39.
Appendix 2 Possible Elements
within the Purpose Tag <current/> <admin/> <develop/> <tailoring/> <pseudo-analysis/> <pseudo-decision/> <individual-analysis/> <individual-decision/> <contact/> <historical/> <telemarketing/> 39 Web 2.0 Expo Berlin 2007 ©2007 Deloitte & Touche GmbH Wirtschaftsprüfungsgesellschaft
40.
Appendix 3 Possible Elements
within the Recipient Tag <ours/> <delivery/> <same/> <other-recipient/> <unrelated/> <public/> 40 Web 2.0 Expo Berlin 2007 ©2007 Deloitte & Touche GmbH Wirtschaftsprüfungsgesellschaft
41.
Appendix 4 A Privacy
Recipe for Cookies • Include statements on cookies in your privacy policy • Remember to enhance user privacy also by managing the data used for cookies • Do not store any data in a cookie (only on a server) • Add the following tokens to the policy statements on cookies practices for: – Access, Remedies, Purpose, Recipient, Retention, Categories • The use of cookies within European countries will be allowed only if the user is provided with clear and comprehensive information about the purpose of the cookies and is offered the right to refuse cookies – thus, the need for policy statements is clear! 41 Web 2.0 Expo Berlin 2007 ©2007 Deloitte & Touche GmbH Wirtschaftsprüfungsgesellschaft
42.
Call for Participation
Research Study on Concerns for Information Privacy in Social Networking (Web 2.0) Applications Inviting Privacy, Security, and Web 2.0 Experts Stefan Weiss Johann Wolfgang Goethe University Frankfurt am Main November 8, 2007 42 Web 2.0 Expo Berlin 2007 ©2007 Deloitte & Touche GmbH Wirtschaftsprüfungsgesellschaft
43.
Research Goals and
Research Methods Research Goals • Conduct expert surveys to understand and focus in on most important requirements for a privacy-enhanced Web experience • Develop privacy-enhanced method/concept for Social Networking (Web 2.0) Applications Research Method: Series of 2-3 expert surveys (Delphi) • Get understanding of main concerns, requirements and existing material • Applying applicable expert knowledge to technical use case „Social Networking Applications“ • Evaluating and justifying the privacy-enhanced method to be developed 43 Web 2.0 Expo Berlin 2007 ©2007 Deloitte & Touche GmbH Wirtschaftsprüfungsgesellschaft
44.
Your Participation Requirements for
Participation • Have good expertise on either one or all of these areas: privacy, security or web 2.0 applications • Maximum of 3 x 40 minutes of your time over the course of 6 months Notes • Research is university research and will be made public through the published PhD thesis • Your personal information is not used for any other purpose than contacting you throughout the research project Please speak to me or write me an Email if you like to participate: stefan.weiss@m-lehrstuhl.de +49 172 3590674 44 Web 2.0 Expo Berlin 2007 ©2007 Deloitte & Touche GmbH Wirtschaftsprüfungsgesellschaft
Download now