Privacy by Design

Basic Facts

• Initially developed and formalized in 1995
• Published as a framework in 2009
• Privacy taken into account in the whole engineering process
  • Design
  • Implementation
  • Test
  • Maintenance
• Based on seven foundational principles

1. Proactive not reactive; preventive not remedial

• Anticipate privacy invasive events before they happen
  • Do not wait for privacy risks to materialize
  • Does not solve already occurred privacy risks

2. Privacy as the default setting

• Personal data is automatically protected
• No user action is required
• Data collection is restrained
  • Purpose Specification
  • Collection Limitation
  • Data Minimization
  • Use, Retention and Disclosure Limitation

3. Privacy embedded into design

• Embedded into design and architecture of IT systems and business practices, not an addon
• privacy integral part of the system which does not diminish functionality

4. Full functionality

• accomodate all legitimate interests and objectives
• no unnecessary trade-offs eg. privacy vs. security, possible to have both

positive-sum, not zero-sum

5. End-to-end security

• strong security measures in whole lifecycle of data
• retain data securely - destroy data securely in a timely fashion

full lifecycle protection

6. Visibility and transparency

• stakeholders can verify stated promises and objectives independently
• components and parts remain visible and transparent
• Principles
  • Accountability
  • Openness
  • Compliance

keep it open

7. Respect for user privacy

• interests of individual over everything
• strong privacy defaults, appropriate notice and user friendly options
• Principles:
  • Consent
  • Accuracy
  • Access
  • Compliance

keep it user-centric

Privacy by Design & GDPR

Principles relating to processing of personal data

• §1a: lawfulness, fairness and transparency
• §1b: purpose limitation
• §1c: data minimisation
• §1d: accuracy
• §1e: storage limitation
• §1f: integrity and confidentiality
• §2: accountability

Article 5 GDPR

Data protection by design and by default

• §1: "[...] implement appropriate technical and organisational measures [...] to implement data-protection principles [...]"
   
• §2: "[...] by default, only personal data which are necessary [...] are processed [...]"
   
• §3: "An approved certification mechanism [...] may be used [...] to demonstrate compliance [...]"

Article 25 GDPR

Getting started

... during design and development

• Use anonymization or pseudonymization where possible
• Only process and store relevant data
• Delete unneeded data
• Use/publish Open Source software
• User can see or request all it's data
• User knows which data is stored and what it is used for
• ...

Actions to derive...

... during service

• Document data processing
• Restrict data access according to organizational role
• Periodically reevaluate access roles
• ...

Actions to derive...

... in your organization

• Have a documented commitment to data protection
• Appoint a data protection officer
• Privacy training for employees
• ...

Actions to derive...

Privacy by Design examples

Brave Browser

• Ungoogled Chromium
• Open source
• Enforces https where possible
• Do not track by default
• Tracker & ad blocking
• Tor incognito mode

Corona Warn App

• Open source
• Anonymization
  • Hashes
  • Change every 15 mins
• Contact hashes shared locally - Bluetooth LE
• Hashes locally stored
• Delete data older than 2 weeks
• Upload data only in case of an infection

CovPass App

• QR Code
  • Data
  • Data hashed and signed
• Stored locally
• Verified with public key

Further reading & sources

• GDPR Article 5:
  https://gdpr-info.eu/art-5-gdpr/
• GDPR Article 25:
  https://gdpr-info.eu/art-25-gdpr/
• Privacy by Design - 7 Foundational Principles:
  https://www.ipc.on.ca/wp-content/uploads/Resources/7foundationalprinciples.pdf
  https://www.ipc.on.ca/wp-content/uploads/Resources/pbd-implement-7found-principles.pdf