Privacy by Design

Basic Facts

  • Initially developed and formalized in 1995
  • Published as a framework in 2009
  • Privacy taken into account in the whole engineering process
    • Design
    • Implementation
    • Test
    • Maintenance
  • Based on seven foundational principles

1. Proactive not reactive; preventive not remedial

  • Anticipate privacy invasive events before they happen
    • Do not wait for privacy risks to materialize
    • Does not solve already occurred privacy risks

2. Privacy as the default setting

  • Personal data is automatically protected
  • No user action is required
  • Data collection is restrained
    • Purpose Specification
    • Collection Limitation
    • Data Minimization
    • Use, Retention and Disclosure Limitation

3. Privacy embedded into design

  • Embedded into design and architecture of IT systems and business practices, not an addon
  • privacy integral part of the system which does not diminish functionality

4. Full functionality

  • accomodate all legitimate interests and objectives
  • no unnecessary trade-offs eg. privacy vs. security, possible to have both

positive-sum, not zero-sum

5. End-to-end security

  • strong security measures in whole lifecycle of data
  • retain data securely - destroy data securely in a timely fashion

full lifecycle protection

6. Visibility and transparency

  • stakeholders can verify stated promises and objectives independently
  • components and parts remain visible and transparent
  • Principles
    • Accountability
    • Openness
    • Compliance

keep it open

7. Respect for user privacy

  • interests of individual over everything
  • strong privacy defaults, appropriate notice and user friendly options
  • Principles:
    • Consent
    • Accuracy
    • Access
    • Compliance

keep it user-centric

Privacy by Design & GDPR

Principles relating to processing of personal data

  • §1a: lawfulness, fairness and transparency
  • §1b: purpose limitation
  • §1c: data minimisation
  • §1d: accuracy
  • §1e: storage limitation
  • §1f: integrity and confidentiality
  • §2: accountability

Article 5 GDPR

Data protection by design and by default

  • §1: "[...] implement appropriate technical and organisational measures [...] to implement data-protection principles [...]"
     
  • §2: "[...] by default, only personal data which are necessary [...] are processed [...]"
     
  • §3: "An approved certification mechanism [...] may be used [...] to demonstrate compliance [...]"

Article 25 GDPR

Getting started

... during design and development

  • Use anonymization or pseudonymization where possible
  • Only process and store relevant data
  • Delete unneeded data
  • Use/publish Open Source software
  • User can see or request all it's data
  • User knows which data is stored and what it is used for
  • ...

Actions to derive...

... during service

  • Document data processing
  • Restrict data access according to organizational role
  • Periodically reevaluate access roles
  • ...

Actions to derive...

... in your organization

  • Have a documented commitment to data protection
  • Appoint a data protection officer
  • Privacy training for employees
  • ...

Actions to derive...

Privacy by Design examples

Brave Browser

  • Ungoogled Chromium
  • Open source
  • Enforces https where possible
  • Do not track by default
  • Tracker & ad blocking
  • Tor incognito mode

Corona Warn App

  • Open source
  • Anonymization
    • Hashes
    • Change every 15 mins
  • Contact hashes shared locally - Bluetooth LE
  • Hashes locally stored
  • Delete data older than 2 weeks
  • Upload data only in case of an infection

CovPass App

  • QR Code
    • Data
    • Data hashed and signed
  • Stored locally
  • Verified with public key

Further reading & sources