Privacy by Design – Principles of Privacy-Aware Ubiquitous Systems Marc Langheinrich - Swiss Federal Institute of Technology, Zurich Whitney Hess.

Slides:

Advertisements

Similar presentations

EU Privacy Directive. What is a directive? A piece of European legislation, passed by bureaucrats, addressed to member states Member states must ensure.

Advertisements

HES Data Management Ari Haukijärvi. Planning of HES Data Management Purpose of the data management The data will be available for analysis The available.

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.

DATA PROTECTION and Research University Research Ethics Committee – David Cauchi David Cauchi Office of the Commissioner for Data Protection.

Administrative Systems and the Law What you need to know to produce an oral presentation for Unit 7 When the presentations will take place Resources you.

1 Privacy Prof. Ravi Sandhu Executive Director and Endowed Chair March 8, © Ravi Sandhu World-Leading Research.

Today’s Schools face:  Numerous State and Federal Regulations  Reduced Technology Funding  More Stringent Guidelines for Technology Use.

Privacy and the Right to Know Grayson Barber, Esq. Grayson Barber, LLC.

1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,

Jan. 28, 2004UCB Sensor Nets Day1 TOWARD A LEGAL FRAMEWORK FOR SENSOR NETWORKS Pamela Samuelson, Law/SIMS UCB Sensor Nets Day January 28, 2004.

Your Presenter Amer Sharaf Electronic Payments: Where do we go from here? ByMarkus Jakobsson David Mraihi Yiannis Tsiounis Moti Yung.

March 13, 2004Securing Privacy Conference1 SENSOR NETWORKS & PRIVACY Pamela Samuelson, UC Berkeley, Securing Privacy Conference, March 13, 2004.

Lecture to Carleton University, Center for European Studies, December 1, 2010.

Security and Privacy in Ubiquitous Computing. Agenda Project issues? Project issues? Ubicomp quick overview Ubicomp quick overview Privacy and security.

4/3/20011 Ethics in Special Education Assessment and Testing and Maintenance of Student Information.

DATA PROTECTION AND PATIENT CONFIDENTIALITY IN RESEARCH Nic Drew Data Protection Manager University Hospital of Wales   

Personal Data (Privacy) Ordinance Hong Kong Personal Data (Privacy) Ordinance Hong Kong by Stephen Lau Privacy Commissioner for Personal Data Hong Kong.

Data Protection Act. Lesson Objectives To understand the data protection act.

Lawyer at the Brussels Bar Lecturer at the University of Strasbourg Assistant at the University of Brussels Data Protection & Electronic Communications.

1 Privacy issues on pan-European White Pages service 4rd TF-LSD Meeting Amsterdam, Peter Gietz

Privacy Law for Network Administrators Steven Penney Faculty of Law University of New Brunswick.

1 The interplay of stopping computer crime while protecting privacy Svein Yngvar Willassen Department of Telematics, Norwegian University of Science and.

UDMIS.info Ethics and IS. UDMIS.info The Ethics of IS Ethics and Privacy Ethical Issues Law & Order.

7-Oct-15 Threat on personal data Let the user be aware Privacy and protection.

Use of U.T. Austin Property Computers: Security & Acceptable Use The University of Texas at Austin General Compliance Training Program.

Data Protection Compliance Professor Ian Walden Institute of Computer and Communications Law, Centre for Commercial Law Studies, Queen Mary, University.

Privacy in computing Material/text on the slides from Chapter 10 Textbook: Pfleeger.

IBT - Electronic Commerce Privacy Concerns Victor H. Bouganim WCL, American University.

Europe's work in progress: quality of mHealth Pēteris Zilgalvis, J.D., Head of Unit, Health and Well-Being, DG CONNECT Voka Health Community 29 September.

Lesson Title: Privacy Overview Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas 1 This.

Location, Location, Location: The Emerging Crisis in Wireless Data Privacy Ari Schwartz & Alan Davidson Center for Democracy and Technology

The Data Protection Act (1998). The Data Protection Act allows you to Check if any organisation keeps information about you on computer or in paper form.

What is personal data? Personal data is data about an individual which they consider to be private.

The Data Protection Act What Data is Held on Individuals? By institutions: –Criminal information, –Educational information; –Medical Information;

Privacy Engineering for Digital Rights Management Systems By XiaoYu Chen.

Robert Guerra Director, CryptoRights Foundation Implementing Privacy Implementing Privacy: Rules of the Game for Developers Mac-Crypto Conference on Macintosh.

Legal issues The Data Protection Act Legal issues What the Act covers The misuse of personal data By organizations and businesses.

Data, Security and Human Subjects Research Deborah Barnard, MS.

Data Protection Property Management Conference. What’s it got to do with me ? As a member of a management committee responsible for Guiding property you.

ICT and the Law: We are going to look at 3 areas.  The Copyright, Design, and Patents Act controls Illegal Copying  The Computer Misuse Act prevents.

THE DATA PROTECTION ACT Data Protection Act 1998 DPA 1. Reasons2. People3. Principles 4. Exemptions 4 key points you need to learn/understand/revise.

Issues Related to Global Information Systems A business can’t just worry about its home- country laws, rules and regulations. If a business has global.

Personal data protection in research projects

Data Protection and research Rachael Maguire Records Manager.

Data Protection Philip Reed. Introduction What is data? What is data protection? Who needs your data? Who wants your data? Who does not need your data?

Privacy Compliance in Schools Darrebin A/P’s Network 7 May 2009.

Privacy, data protection and connected cars Lilian Edwards, Professor of Internet Law University of Strathclyde Researcher in Residence, Digital Catapult.

GCSE ICT Data and you: The Data Protection Act. Loyalty cards Many companies use loyalty cards to encourage consumers to use their shops and services.

Blogs How to use the bog safely and secure? Create new username. Create a strong password to your account. Create the password to your uploaded files.

| Argentina | Belgium | Canada | France | Germany | Israel | Italy | Luxembourg | Mexico | Morocco | Norway | South Africa | Spain | Switzerland | Tunisia.

Security of, privacy of and access to personal/confidential information/data.

Workshop Understanding your responsibilities under the Data Protection Act 1998 and the Freedom of Information Act 2000 Adele Rhodes Girling.

Protection of Personal Information Act An Analysis on the impact.

TRANSBORDER DATA FLOWS INA MEIRING. THE PROTECTION OF PERSONAL INFORMATION ACT (“POPI”) > 'personal information' means information relating to an identifiable,

How to Make Yourself More Secure Using Public Computers and Free Public Wi-Fi.

Privacy and Public Policy Implications of IoT

Privacy and the Law.

Ethics and Politics of Research

Microsoft 365 Get help with regulatory compliance

EU Directive 95/46/EC (Paragraph 2) “Whereas data-processing systems are designed to serve man; whereas they must Respect their fundamental rights.

Confidentiality October 14, 2005.

Who Uses Encryption? Module 7 Section 3.

Employee Privacy and Privacy of Employee Information

OECD Guidelines Collection Limitation: should be limited to personal data, obtained by lawful and fair means, and (where appropriate) with knowledge and.

Data Protection What’s new about The General Data Protection Regulation (GDPR) May 2018? Call Kerry on Or .

Protecting Yourself from Fraud including Identity Theft

 How does GDPR impact your business? Pro Tip: Pro Tip: Pro Tip:

HIPAA Privacy and Security Update - 5 Years After Implementation

Privacy & Interfederation

Presentation transcript:

Privacy by Design – Principles of Privacy-Aware Ubiquitous Systems Marc Langheinrich - Swiss Federal Institute of Technology, Zurich Whitney Hess

What we already know Privacy is a matter of opinion It has always been a hot button issue ex: Who did you vote for? ex: Are you a virgin? Some people are willing to share, others aren’t

Technology = Privacy This is nothing new: Photography exposes ppl w/o their permission Telephones allow for wiretapping Electronic data in central storages gives ppl easy access (Nazis finding Jews during WWII) Credit cards, Internet

Influential Legislation US Privacy Art of “fair information practices” Openness and transparency - honest Individual participation - verifiable Collection limitation - frugal Data quality - relevant Use limitation - purposeful Reasonable security - secure Accountability - accountable

Influential Legislation EU Directive 95/46/EC of 1995 Data only shared with non-EU countries if they have ample privacy protection Subject of data must give consent to share it

Privacy limits technology Computer scientists don’t like privacy because it diminishes what technology is capable of achieving “Should I be knocked unconscious in a road traffic accident in New York – please let the ambulance have my medical record.”

Key questions Is it feasible to enforce privacy laws? Convenient tech outweighs loss of privacy? What’s good for community outweighs good for individual? We have equal access – eye for an eye?

Social Implications We’ve been over this… Live among computers Never know what they’re doing Constantly being watched/judged Help us remember/manage more info

Development Principles Notice - let user know what’s going on Choice & consent - let user turn off detection Anonymity & pseudonymity - let user be detected w/o revealing identity Proximity & locality - let user’s and device’s location implicitly indicate the appropriateness of detection and dissemination Adequate security - encrypt transferred data as appropriate Access & recourse - follow privacy regulations

How are these achieved? How do we inform a user of system’s presence? How will users tell system to stop looking at them? How will users tell system that they want to be watched but not revealed? How will systems understand “appropriateness” based on location of user and device? How do we decide what data should be encrypted and what doesn’t need to be? How do we inform user that we are taking privacy precautions? Are these precautions sufficient?