Privacy by Design
Basic Facts
- Initially developed and formalized in 1995
- Published as a framework in 2009
- Privacy taken into account in the whole engineering process
- Design
- Implementation
- Test
- Maintenance
- Based on seven foundational principles
1. Proactive not reactive; preventive not remedial
- Anticipate privacy invasive events before they happen
- Do not wait for privacy risks to materialize
- Does not solve already occurred privacy risks
2. Privacy as the default setting
- Personal data is automatically protected
- No user action is required
- Data collection is restrained
- Purpose Specification
- Collection Limitation
- Data Minimization
- Use, Retention and Disclosure Limitation
3. Privacy embedded into design
- Embedded into design and architecture of IT systems and business practices, not an addon
- privacy integral part of the system which does not diminish functionality
4. Full functionality
- accomodate all legitimate interests and objectives
- no unnecessary trade-offs eg. privacy vs. security, possible to have both
positive-sum, not zero-sum
5. End-to-end security
- strong security measures in whole lifecycle of data
- retain data securely - destroy data securely in a timely fashion
full lifecycle protection
6. Visibility and transparency
- stakeholders can verify stated promises and objectives independently
- components and parts remain visible and transparent
- Principles
- Accountability
- Openness
- Compliance
keep it open
7. Respect for user privacy
- interests of individual over everything
- strong privacy defaults, appropriate notice and user friendly options
- Principles:
- Consent
- Accuracy
- Access
- Compliance
keep it user-centric
Privacy by Design & GDPR
Principles relating to processing of personal data
- §1a: lawfulness, fairness and transparency
- §1b: purpose limitation
- §1c: data minimisation
- §1d: accuracy
- §1e: storage limitation
- §1f: integrity and confidentiality
- §2: accountability
Article 5 GDPR
Data protection by design and by default
- §1: "[...] implement appropriate technical and organisational measures [...] to implement data-protection principles [...]"
- §2: "[...] by default, only personal data which are necessary [...] are processed [...]"
- §3: "An approved certification mechanism [...] may be used [...] to demonstrate compliance [...]"
Article 25 GDPR
Getting started
... during design and development
- Use anonymization or pseudonymization where possible
- Only process and store relevant data
- Delete unneeded data
- Use/publish Open Source software
- User can see or request all it's data
- User knows which data is stored and what it is used for
- ...
Actions to derive...
... during service
- Document data processing
- Restrict data access according to organizational role
- Periodically reevaluate access roles
- ...
Actions to derive...
... in your organization
- Have a documented commitment to data protection
- Appoint a data protection officer
- Privacy training for employees
- ...
Actions to derive...
Privacy by Design examples
Brave Browser
- Ungoogled Chromium
- Open source
- Enforces https where possible
- Do not track by default
- Tracker & ad blocking
- Tor incognito mode
Corona Warn App
- Open source
- Anonymization
- Hashes
- Change every 15 mins
- Contact hashes shared locally - Bluetooth LE
- Hashes locally stored
- Delete data older than 2 weeks
- Upload data only in case of an infection
CovPass App
- QR Code
- Data
- Data hashed and signed
- Stored locally
- Verified with public key
Further reading & sources
- GDPR Article 5:
https://gdpr-info.eu/art-5-gdpr/ - GDPR Article 25:
https://gdpr-info.eu/art-25-gdpr/ - Privacy by Design - 7 Foundational Principles:
https://www.ipc.on.ca/wp-content/uploads/Resources/7foundationalprinciples.pdf
https://www.ipc.on.ca/wp-content/uploads/Resources/pbd-implement-7found-principles.pdf
Privacy by Design
By Jens Knipper
Privacy by Design
- 891