dataprotection - université du luxembourg · 11/12/2015 · 1.identifytherequirements i...
TRANSCRIPT
![Page 1: DataProtection - Université du Luxembourg · 11/12/2015 · 1.Identifytherequirements I Requirementsengineering I Tropos,i*,SysML... 2.Complywiththelaw I Definethedataprotectionpolicy](https://reader033.vdocument.in/reader033/viewer/2022042803/5f4d5b99f8cda438361d9982/html5/thumbnails/1.jpg)
Data Protection
November 12, 2015
Cesare Bartolini
Interdisciplinary Centre for Security, Reliability and Trust (SnT),University of Luxembourg
![Page 2: DataProtection - Université du Luxembourg · 11/12/2015 · 1.Identifytherequirements I Requirementsengineering I Tropos,i*,SysML... 2.Complywiththelaw I Definethedataprotectionpolicy](https://reader033.vdocument.in/reader033/viewer/2022042803/5f4d5b99f8cda438361d9982/html5/thumbnails/2.jpg)
Outline
1 Privacy in history
2 Privacy vs. data protection
3 Data protection theory and practice
4 Data protection and IT
5 Engineering data protection
Cesare Bartolini (SnT) Data Protection November 12, 2015 1 / 54
![Page 3: DataProtection - Université du Luxembourg · 11/12/2015 · 1.Identifytherequirements I Requirementsengineering I Tropos,i*,SysML... 2.Complywiththelaw I Definethedataprotectionpolicy](https://reader033.vdocument.in/reader033/viewer/2022042803/5f4d5b99f8cda438361d9982/html5/thumbnails/3.jpg)
Outline
1 Privacy in history
2 Privacy vs. data protection
3 Data protection theory and practice
4 Data protection and IT
5 Engineering data protection
Cesare Bartolini (SnT) Data Protection November 12, 2015 2 / 54
![Page 4: DataProtection - Université du Luxembourg · 11/12/2015 · 1.Identifytherequirements I Requirementsengineering I Tropos,i*,SysML... 2.Complywiththelaw I Definethedataprotectionpolicy](https://reader033.vdocument.in/reader033/viewer/2022042803/5f4d5b99f8cda438361d9982/html5/thumbnails/4.jpg)
Ancient Greece
I Political participationI Privacy based on gender and wealthI Private vs. publicI No loneliness?
Cesare Bartolini (SnT) Data Protection November 12, 2015 3 / 54
![Page 5: DataProtection - Université du Luxembourg · 11/12/2015 · 1.Identifytherequirements I Requirementsengineering I Tropos,i*,SysML... 2.Complywiththelaw I Definethedataprotectionpolicy](https://reader033.vdocument.in/reader033/viewer/2022042803/5f4d5b99f8cda438361d9982/html5/thumbnails/5.jpg)
Middle Ages
I Moving to town. . .I No loneliness toleratedI No concept of privacyI Not at all
Cesare Bartolini (SnT) Data Protection November 12, 2015 4 / 54
![Page 6: DataProtection - Université du Luxembourg · 11/12/2015 · 1.Identifytherequirements I Requirementsengineering I Tropos,i*,SysML... 2.Complywiththelaw I Definethedataprotectionpolicy](https://reader033.vdocument.in/reader033/viewer/2022042803/5f4d5b99f8cda438361d9982/html5/thumbnails/6.jpg)
Enlightenment
I Books and literatureI No noise, pleaseI Privacy is valued and appreciated
Cesare Bartolini (SnT) Data Protection November 12, 2015 5 / 54
![Page 7: DataProtection - Université du Luxembourg · 11/12/2015 · 1.Identifytherequirements I Requirementsengineering I Tropos,i*,SysML... 2.Complywiththelaw I Definethedataprotectionpolicy](https://reader033.vdocument.in/reader033/viewer/2022042803/5f4d5b99f8cda438361d9982/html5/thumbnails/7.jpg)
USA, nineteenth century
I Yellow journalism (Pulitzer)I Victorian ritual of self-presentation (Barbas)I Intrusions, unauthorized use of image (Pavesich case)I Warren and Brandeis
Cesare Bartolini (SnT) Data Protection November 12, 2015 6 / 54
![Page 8: DataProtection - Université du Luxembourg · 11/12/2015 · 1.Identifytherequirements I Requirementsengineering I Tropos,i*,SysML... 2.Complywiththelaw I Definethedataprotectionpolicy](https://reader033.vdocument.in/reader033/viewer/2022042803/5f4d5b99f8cda438361d9982/html5/thumbnails/8.jpg)
Pavesich v. New England Insurance Co.
Figure: New England Insurance Co. adCesare Bartolini (SnT) Data Protection November 12, 2015 7 / 54
![Page 9: DataProtection - Université du Luxembourg · 11/12/2015 · 1.Identifytherequirements I Requirementsengineering I Tropos,i*,SysML... 2.Complywiththelaw I Definethedataprotectionpolicy](https://reader033.vdocument.in/reader033/viewer/2022042803/5f4d5b99f8cda438361d9982/html5/thumbnails/9.jpg)
Social revolution
I Dehumanizing workplaceI True selfI Personality idealI Non-spontaneous display of private selfI Personality as a productI HollywoodI Instant celebrity
Cesare Bartolini (SnT) Data Protection November 12, 2015 8 / 54
![Page 10: DataProtection - Université du Luxembourg · 11/12/2015 · 1.Identifytherequirements I Requirementsengineering I Tropos,i*,SysML... 2.Complywiththelaw I Definethedataprotectionpolicy](https://reader033.vdocument.in/reader033/viewer/2022042803/5f4d5b99f8cda438361d9982/html5/thumbnails/10.jpg)
Outline
1 Privacy in history
2 Privacy vs. data protection
3 Data protection theory and practice
4 Data protection and IT
5 Engineering data protection
Cesare Bartolini (SnT) Data Protection November 12, 2015 9 / 54
![Page 11: DataProtection - Université du Luxembourg · 11/12/2015 · 1.Identifytherequirements I Requirementsengineering I Tropos,i*,SysML... 2.Complywiththelaw I Definethedataprotectionpolicy](https://reader033.vdocument.in/reader033/viewer/2022042803/5f4d5b99f8cda438361d9982/html5/thumbnails/11.jpg)
Warren and Brandeis
I The Right to Privacy, 1890I 8132 citations (Google Scholar)I Marriage of Warren’s nieceI "The press is overstepping in every direction the obvious bounds of
propriety and decency"I Beginning of privacy torts
Cesare Bartolini (SnT) Data Protection November 12, 2015 10 / 54
![Page 12: DataProtection - Université du Luxembourg · 11/12/2015 · 1.Identifytherequirements I Requirementsengineering I Tropos,i*,SysML... 2.Complywiththelaw I Definethedataprotectionpolicy](https://reader033.vdocument.in/reader033/viewer/2022042803/5f4d5b99f8cda438361d9982/html5/thumbnails/12.jpg)
Dean Prosser
I Privacy, 1906I Classification of privacy torts
I IntrusionI Public disclosure of private factsI False light in the public eyeI Appropriation
I Mainly for public figuresI Milestone for future decisions
Cesare Bartolini (SnT) Data Protection November 12, 2015 11 / 54
![Page 13: DataProtection - Université du Luxembourg · 11/12/2015 · 1.Identifytherequirements I Requirementsengineering I Tropos,i*,SysML... 2.Complywiththelaw I Definethedataprotectionpolicy](https://reader033.vdocument.in/reader033/viewer/2022042803/5f4d5b99f8cda438361d9982/html5/thumbnails/13.jpg)
Bloustein
I Privacy as an Aspect of Human Dignity: An Answer to Dean Prosser,1964
I Betrayal of Warren and BrandeisI Monetary value vs. human dignityI Not four torts but just oneI "Liberty as individuals to do as we will"
Cesare Bartolini (SnT) Data Protection November 12, 2015 12 / 54
![Page 14: DataProtection - Université du Luxembourg · 11/12/2015 · 1.Identifytherequirements I Requirementsengineering I Tropos,i*,SysML... 2.Complywiththelaw I Definethedataprotectionpolicy](https://reader033.vdocument.in/reader033/viewer/2022042803/5f4d5b99f8cda438361d9982/html5/thumbnails/14.jpg)
Death of the torts
I NewsworthinessI Example: Sidis, 1941I All privacy torts lost to newsworthiness
Cesare Bartolini (SnT) Data Protection November 12, 2015 13 / 54
![Page 15: DataProtection - Université du Luxembourg · 11/12/2015 · 1.Identifytherequirements I Requirementsengineering I Tropos,i*,SysML... 2.Complywiththelaw I Definethedataprotectionpolicy](https://reader033.vdocument.in/reader033/viewer/2022042803/5f4d5b99f8cda438361d9982/html5/thumbnails/15.jpg)
Federal laws
I Privacy Act, 1974I Mostly concerning agencies and disclosure
I Electronic Communications Privacy Act (ECPA), 1986I Wiretapping limitations extended to electronic communications
I Health Insurance Portability and Accountability Act (HIPAA), 1996I Protection of medical data against unauthorized access
I Gramm-Leach-Bliley Act (GLBA), 1999I Data security and integrity in financial services
Then came the PATRIOT Act.
Cesare Bartolini (SnT) Data Protection November 12, 2015 14 / 54
![Page 16: DataProtection - Université du Luxembourg · 11/12/2015 · 1.Identifytherequirements I Requirementsengineering I Tropos,i*,SysML... 2.Complywiththelaw I Definethedataprotectionpolicy](https://reader033.vdocument.in/reader033/viewer/2022042803/5f4d5b99f8cda438361d9982/html5/thumbnails/16.jpg)
Federal laws
I Privacy Act, 1974I Mostly concerning agencies and disclosure
I Electronic Communications Privacy Act (ECPA), 1986I Wiretapping limitations extended to electronic communications
I Health Insurance Portability and Accountability Act (HIPAA), 1996I Protection of medical data against unauthorized access
I Gramm-Leach-Bliley Act (GLBA), 1999I Data security and integrity in financial services
Then came the PATRIOT Act.
Cesare Bartolini (SnT) Data Protection November 12, 2015 14 / 54
![Page 17: DataProtection - Université du Luxembourg · 11/12/2015 · 1.Identifytherequirements I Requirementsengineering I Tropos,i*,SysML... 2.Complywiththelaw I Definethedataprotectionpolicy](https://reader033.vdocument.in/reader033/viewer/2022042803/5f4d5b99f8cda438361d9982/html5/thumbnails/17.jpg)
Federal laws
I Privacy Act, 1974I Mostly concerning agencies and disclosure
I Electronic Communications Privacy Act (ECPA), 1986I Wiretapping limitations extended to electronic communications
I Health Insurance Portability and Accountability Act (HIPAA), 1996I Protection of medical data against unauthorized access
I Gramm-Leach-Bliley Act (GLBA), 1999I Data security and integrity in financial services
Then came the PATRIOT Act.
Cesare Bartolini (SnT) Data Protection November 12, 2015 14 / 54
![Page 18: DataProtection - Université du Luxembourg · 11/12/2015 · 1.Identifytherequirements I Requirementsengineering I Tropos,i*,SysML... 2.Complywiththelaw I Definethedataprotectionpolicy](https://reader033.vdocument.in/reader033/viewer/2022042803/5f4d5b99f8cda438361d9982/html5/thumbnails/18.jpg)
Federal laws
I Privacy Act, 1974I Mostly concerning agencies and disclosure
I Electronic Communications Privacy Act (ECPA), 1986I Wiretapping limitations extended to electronic communications
I Health Insurance Portability and Accountability Act (HIPAA), 1996I Protection of medical data against unauthorized access
I Gramm-Leach-Bliley Act (GLBA), 1999I Data security and integrity in financial services
Then came the PATRIOT Act.
Cesare Bartolini (SnT) Data Protection November 12, 2015 14 / 54
![Page 19: DataProtection - Université du Luxembourg · 11/12/2015 · 1.Identifytherequirements I Requirementsengineering I Tropos,i*,SysML... 2.Complywiththelaw I Definethedataprotectionpolicy](https://reader033.vdocument.in/reader033/viewer/2022042803/5f4d5b99f8cda438361d9982/html5/thumbnails/19.jpg)
Federal laws
I Privacy Act, 1974I Mostly concerning agencies and disclosure
I Electronic Communications Privacy Act (ECPA), 1986I Wiretapping limitations extended to electronic communications
I Health Insurance Portability and Accountability Act (HIPAA), 1996I Protection of medical data against unauthorized access
I Gramm-Leach-Bliley Act (GLBA), 1999I Data security and integrity in financial services
Then came the PATRIOT Act.
Cesare Bartolini (SnT) Data Protection November 12, 2015 14 / 54
![Page 20: DataProtection - Université du Luxembourg · 11/12/2015 · 1.Identifytherequirements I Requirementsengineering I Tropos,i*,SysML... 2.Complywiththelaw I Definethedataprotectionpolicy](https://reader033.vdocument.in/reader033/viewer/2022042803/5f4d5b99f8cda438361d9982/html5/thumbnails/20.jpg)
And now for something completely different
I European Convention on Human Rights (ECHR), art. 8I Hessisches Datenschutzgesetz, 1970I Convention n. 108, 1981
I Data Protection Directive (DPD), or Directive 95/46/EC, 1995
I Electronic Privacy Directive (EPD), or Directive 2002/58/EC, 2002I Charter of Fundamental Rights of the European Union, art. 8, 2009I Recommendations and opinions of the European Data Protection
Supervisor (EDPS)
I General Data Protection Regulation (GDPR), 2015 (maybe)
Cesare Bartolini (SnT) Data Protection November 12, 2015 15 / 54
![Page 21: DataProtection - Université du Luxembourg · 11/12/2015 · 1.Identifytherequirements I Requirementsengineering I Tropos,i*,SysML... 2.Complywiththelaw I Definethedataprotectionpolicy](https://reader033.vdocument.in/reader033/viewer/2022042803/5f4d5b99f8cda438361d9982/html5/thumbnails/21.jpg)
Data protection 101
I Focus on protecting the personal dataI Damage in itself, not for the monetary value
I Judicial enforcementI Applies to any form of data processing
I Paper archivesI Electronic processing
Cesare Bartolini (SnT) Data Protection November 12, 2015 16 / 54
![Page 22: DataProtection - Université du Luxembourg · 11/12/2015 · 1.Identifytherequirements I Requirementsengineering I Tropos,i*,SysML... 2.Complywiththelaw I Definethedataprotectionpolicy](https://reader033.vdocument.in/reader033/viewer/2022042803/5f4d5b99f8cda438361d9982/html5/thumbnails/22.jpg)
Data protection reform
I Stefano Rodot\‘a, Elaboratori elettronici e controllo sociale, 1973I Birth of new technologies
I Social networksI Ubiquitous computing, IoTI "Bounces"
I Need for a uniform legislationI GDPRI Directive for criminal investigation
Cesare Bartolini (SnT) Data Protection November 12, 2015 17 / 54
![Page 23: DataProtection - Université du Luxembourg · 11/12/2015 · 1.Identifytherequirements I Requirementsengineering I Tropos,i*,SysML... 2.Complywiththelaw I Definethedataprotectionpolicy](https://reader033.vdocument.in/reader033/viewer/2022042803/5f4d5b99f8cda438361d9982/html5/thumbnails/23.jpg)
European law
Primary law
I Treaty on European Union (TEU)
I Treaty on the Functioning of the European Union (TFEU)I Charter of Fundamental Rights of the European Union
I Which is not the European Convention on Human Rights
Secondary lawI RegulationsI DirectivesI DecisionsI . . . (recommendations, framework directives. . . )I http://europa.eu/eu-law/decision-making/legal-acts/
index_en.htm
Cesare Bartolini (SnT) Data Protection November 12, 2015 18 / 54
![Page 24: DataProtection - Université du Luxembourg · 11/12/2015 · 1.Identifytherequirements I Requirementsengineering I Tropos,i*,SysML... 2.Complywiththelaw I Definethedataprotectionpolicy](https://reader033.vdocument.in/reader033/viewer/2022042803/5f4d5b99f8cda438361d9982/html5/thumbnails/24.jpg)
European law
Primary lawI Treaty on European Union (TEU)I Treaty on the Functioning of the European Union (TFEU)I Charter of Fundamental Rights of the European Union
I Which is not the European Convention on Human Rights
Secondary lawI RegulationsI DirectivesI DecisionsI . . . (recommendations, framework directives. . . )I http://europa.eu/eu-law/decision-making/legal-acts/
index_en.htm
Cesare Bartolini (SnT) Data Protection November 12, 2015 18 / 54
![Page 25: DataProtection - Université du Luxembourg · 11/12/2015 · 1.Identifytherequirements I Requirementsengineering I Tropos,i*,SysML... 2.Complywiththelaw I Definethedataprotectionpolicy](https://reader033.vdocument.in/reader033/viewer/2022042803/5f4d5b99f8cda438361d9982/html5/thumbnails/25.jpg)
Directive vs. Regulation
DirectiveI Sets a minimum standardI Must be implemented in Member State law
I Italy: legislative decree
I Not directly applicableI Self-executing
RegulationI Sets a uniform legislationI Directly applicable in Member State lawI Does not need implementation
I Some Member States initially did
I Generic provisions
Cesare Bartolini (SnT) Data Protection November 12, 2015 19 / 54
![Page 26: DataProtection - Université du Luxembourg · 11/12/2015 · 1.Identifytherequirements I Requirementsengineering I Tropos,i*,SysML... 2.Complywiththelaw I Definethedataprotectionpolicy](https://reader033.vdocument.in/reader033/viewer/2022042803/5f4d5b99f8cda438361d9982/html5/thumbnails/26.jpg)
Directive vs. Regulation
DirectiveI Sets a minimum standardI Must be implemented in Member State law
I Italy: legislative decree
I Not directly applicableI Self-executing
RegulationI Sets a uniform legislationI Directly applicable in Member State lawI Does not need implementation
I Some Member States initially did
I Generic provisions
Cesare Bartolini (SnT) Data Protection November 12, 2015 19 / 54
![Page 27: DataProtection - Université du Luxembourg · 11/12/2015 · 1.Identifytherequirements I Requirementsengineering I Tropos,i*,SysML... 2.Complywiththelaw I Definethedataprotectionpolicy](https://reader033.vdocument.in/reader033/viewer/2022042803/5f4d5b99f8cda438361d9982/html5/thumbnails/27.jpg)
Data protection principles
I Data subject, controller, processorI ConsentI Purpose limitationI Sensitive dataI Right of accessI Right of opposition
I Data Protection Authority (DPA)I Data transferI Necessity (Germany & Italy)
Cesare Bartolini (SnT) Data Protection November 12, 2015 20 / 54
![Page 28: DataProtection - Université du Luxembourg · 11/12/2015 · 1.Identifytherequirements I Requirementsengineering I Tropos,i*,SysML... 2.Complywiththelaw I Definethedataprotectionpolicy](https://reader033.vdocument.in/reader033/viewer/2022042803/5f4d5b99f8cda438361d9982/html5/thumbnails/28.jpg)
New in the GDPR
I Data minimizationI Data Protection Officer (DPO)I Right to erasure
I Privacy by Design (PbD)I Privacy by DefaultI Inquisitive powersI Exemptions (journalism, research, healthcare. . . )
Cesare Bartolini (SnT) Data Protection November 12, 2015 21 / 54
![Page 29: DataProtection - Université du Luxembourg · 11/12/2015 · 1.Identifytherequirements I Requirementsengineering I Tropos,i*,SysML... 2.Complywiththelaw I Definethedataprotectionpolicy](https://reader033.vdocument.in/reader033/viewer/2022042803/5f4d5b99f8cda438361d9982/html5/thumbnails/29.jpg)
Europe vs. US
EU US
Cesare Bartolini (SnT) Data Protection November 12, 2015 22 / 54
![Page 30: DataProtection - Université du Luxembourg · 11/12/2015 · 1.Identifytherequirements I Requirementsengineering I Tropos,i*,SysML... 2.Complywiththelaw I Definethedataprotectionpolicy](https://reader033.vdocument.in/reader033/viewer/2022042803/5f4d5b99f8cda438361d9982/html5/thumbnails/30.jpg)
EU law vs. US operators
I EU law applies in EU (really?)I Most controllers are US-basedI Cookies
The EDPS ideaI You use cookiesI You store data on the data subject’s computerI So you use EU-based equipmentI Then you are subject to EU law and must protect personal data
Meanwhile, in the US, the NSA requests accessWhat would you do?
Cesare Bartolini (SnT) Data Protection November 12, 2015 23 / 54
![Page 31: DataProtection - Université du Luxembourg · 11/12/2015 · 1.Identifytherequirements I Requirementsengineering I Tropos,i*,SysML... 2.Complywiththelaw I Definethedataprotectionpolicy](https://reader033.vdocument.in/reader033/viewer/2022042803/5f4d5b99f8cda438361d9982/html5/thumbnails/31.jpg)
EU law vs. US operators
I EU law applies in EU (really?)I Most controllers are US-basedI Cookies
The EDPS ideaI You use cookiesI You store data on the data subject’s computerI So you use EU-based equipmentI Then you are subject to EU law and must protect personal data
Meanwhile, in the US, the NSA requests accessWhat would you do?
Cesare Bartolini (SnT) Data Protection November 12, 2015 23 / 54
![Page 32: DataProtection - Université du Luxembourg · 11/12/2015 · 1.Identifytherequirements I Requirementsengineering I Tropos,i*,SysML... 2.Complywiththelaw I Definethedataprotectionpolicy](https://reader033.vdocument.in/reader033/viewer/2022042803/5f4d5b99f8cda438361d9982/html5/thumbnails/32.jpg)
EU law vs. US operators
I EU law applies in EU (really?)I Most controllers are US-basedI Cookies
The EDPS ideaI You use cookiesI You store data on the data subject’s computerI So you use EU-based equipmentI Then you are subject to EU law and must protect personal data
Meanwhile, in the US, the NSA requests accessWhat would you do?
Cesare Bartolini (SnT) Data Protection November 12, 2015 23 / 54
![Page 33: DataProtection - Université du Luxembourg · 11/12/2015 · 1.Identifytherequirements I Requirementsengineering I Tropos,i*,SysML... 2.Complywiththelaw I Definethedataprotectionpolicy](https://reader033.vdocument.in/reader033/viewer/2022042803/5f4d5b99f8cda438361d9982/html5/thumbnails/33.jpg)
International Safe Harbor Privacy Principles
I Introduced in 2000I Set of 7 rulesI Allow US companies to process data in EUI Then came 2001
Cesare Bartolini (SnT) Data Protection November 12, 2015 24 / 54
![Page 34: DataProtection - Université du Luxembourg · 11/12/2015 · 1.Identifytherequirements I Requirementsengineering I Tropos,i*,SysML... 2.Complywiththelaw I Definethedataprotectionpolicy](https://reader033.vdocument.in/reader033/viewer/2022042803/5f4d5b99f8cda438361d9982/html5/thumbnails/34.jpg)
PATRIOT Act + Snowden + Max Schrems
Figure: Safe Harbor nowCesare Bartolini (SnT) Data Protection November 12, 2015 25 / 54
![Page 35: DataProtection - Université du Luxembourg · 11/12/2015 · 1.Identifytherequirements I Requirementsengineering I Tropos,i*,SysML... 2.Complywiththelaw I Definethedataprotectionpolicy](https://reader033.vdocument.in/reader033/viewer/2022042803/5f4d5b99f8cda438361d9982/html5/thumbnails/35.jpg)
Outline
1 Privacy in history
2 Privacy vs. data protection
3 Data protection theory and practice
4 Data protection and IT
5 Engineering data protection
Cesare Bartolini (SnT) Data Protection November 12, 2015 26 / 54
![Page 36: DataProtection - Université du Luxembourg · 11/12/2015 · 1.Identifytherequirements I Requirementsengineering I Tropos,i*,SysML... 2.Complywiththelaw I Definethedataprotectionpolicy](https://reader033.vdocument.in/reader033/viewer/2022042803/5f4d5b99f8cda438361d9982/html5/thumbnails/36.jpg)
What is data protection?
It is the right of the individual that personal data pertaining to him or herare processed in a fair and transparent manner.
Conflicts with. . .I Freedom of expressionI Access to documentsI Freedom of arts and scienceI Protection of property
Cesare Bartolini (SnT) Data Protection November 12, 2015 27 / 54
![Page 37: DataProtection - Université du Luxembourg · 11/12/2015 · 1.Identifytherequirements I Requirementsengineering I Tropos,i*,SysML... 2.Complywiththelaw I Definethedataprotectionpolicy](https://reader033.vdocument.in/reader033/viewer/2022042803/5f4d5b99f8cda438361d9982/html5/thumbnails/37.jpg)
What is data protection?
It is the right of the individual that personal data pertaining to him or herare processed in a fair and transparent manner.
Conflicts with. . .I Freedom of expressionI Access to documentsI Freedom of arts and scienceI Protection of property
Cesare Bartolini (SnT) Data Protection November 12, 2015 27 / 54
![Page 38: DataProtection - Université du Luxembourg · 11/12/2015 · 1.Identifytherequirements I Requirementsengineering I Tropos,i*,SysML... 2.Complywiththelaw I Definethedataprotectionpolicy](https://reader033.vdocument.in/reader033/viewer/2022042803/5f4d5b99f8cda438361d9982/html5/thumbnails/38.jpg)
Data protection is not privacy
Figure: Can’t shop if my data are "private"Cesare Bartolini (SnT) Data Protection November 12, 2015 28 / 54
![Page 39: DataProtection - Université du Luxembourg · 11/12/2015 · 1.Identifytherequirements I Requirementsengineering I Tropos,i*,SysML... 2.Complywiththelaw I Definethedataprotectionpolicy](https://reader033.vdocument.in/reader033/viewer/2022042803/5f4d5b99f8cda438361d9982/html5/thumbnails/39.jpg)
Main problem
I Data protection law is EUI Most controllers are US-basedI No applicationI Subject to US lawsI US privacy policies
Cesare Bartolini (SnT) Data Protection November 12, 2015 29 / 54
![Page 40: DataProtection - Université du Luxembourg · 11/12/2015 · 1.Identifytherequirements I Requirementsengineering I Tropos,i*,SysML... 2.Complywiththelaw I Definethedataprotectionpolicy](https://reader033.vdocument.in/reader033/viewer/2022042803/5f4d5b99f8cda438361d9982/html5/thumbnails/40.jpg)
Consent
The law requires the data subject’s consent.
A lot of processing without consent.
Try these!I GhosteryI Lightbeam
Cesare Bartolini (SnT) Data Protection November 12, 2015 30 / 54
![Page 41: DataProtection - Université du Luxembourg · 11/12/2015 · 1.Identifytherequirements I Requirementsengineering I Tropos,i*,SysML... 2.Complywiththelaw I Definethedataprotectionpolicy](https://reader033.vdocument.in/reader033/viewer/2022042803/5f4d5b99f8cda438361d9982/html5/thumbnails/41.jpg)
Consent
The law requires the data subject’s consent.A lot of processing without consent.
Try these!I GhosteryI Lightbeam
Cesare Bartolini (SnT) Data Protection November 12, 2015 30 / 54
![Page 42: DataProtection - Université du Luxembourg · 11/12/2015 · 1.Identifytherequirements I Requirementsengineering I Tropos,i*,SysML... 2.Complywiththelaw I Definethedataprotectionpolicy](https://reader033.vdocument.in/reader033/viewer/2022042803/5f4d5b99f8cda438361d9982/html5/thumbnails/42.jpg)
Actual consent
I By means of privacy policiesI EU vs. USI Information flooding = no informationI "Herod clause"I Take or leave
Cesare Bartolini (SnT) Data Protection November 12, 2015 31 / 54
![Page 43: DataProtection - Université du Luxembourg · 11/12/2015 · 1.Identifytherequirements I Requirementsengineering I Tropos,i*,SysML... 2.Complywiththelaw I Definethedataprotectionpolicy](https://reader033.vdocument.in/reader033/viewer/2022042803/5f4d5b99f8cda438361d9982/html5/thumbnails/43.jpg)
Purpose limitation
Data processing only for the specified purpose to which the data subjecthas consented.
I Lack of transparency and clear informationI Inefficient supervisionI Hard to track violations
Cesare Bartolini (SnT) Data Protection November 12, 2015 32 / 54
![Page 44: DataProtection - Université du Luxembourg · 11/12/2015 · 1.Identifytherequirements I Requirementsengineering I Tropos,i*,SysML... 2.Complywiththelaw I Definethedataprotectionpolicy](https://reader033.vdocument.in/reader033/viewer/2022042803/5f4d5b99f8cda438361d9982/html5/thumbnails/44.jpg)
Purpose limitation
Data processing only for the specified purpose to which the data subjecthas consented.
I Lack of transparency and clear informationI Inefficient supervisionI Hard to track violations
Cesare Bartolini (SnT) Data Protection November 12, 2015 32 / 54
![Page 45: DataProtection - Université du Luxembourg · 11/12/2015 · 1.Identifytherequirements I Requirementsengineering I Tropos,i*,SysML... 2.Complywiththelaw I Definethedataprotectionpolicy](https://reader033.vdocument.in/reader033/viewer/2022042803/5f4d5b99f8cda438361d9982/html5/thumbnails/45.jpg)
Right of access
The law grants access to one’s own personal data
Max Schrems has shown the problems of the right of access.
Cesare Bartolini (SnT) Data Protection November 12, 2015 33 / 54
![Page 46: DataProtection - Université du Luxembourg · 11/12/2015 · 1.Identifytherequirements I Requirementsengineering I Tropos,i*,SysML... 2.Complywiththelaw I Definethedataprotectionpolicy](https://reader033.vdocument.in/reader033/viewer/2022042803/5f4d5b99f8cda438361d9982/html5/thumbnails/46.jpg)
Right of access
The law grants access to one’s own personal data
Max Schrems has shown the problems of the right of access.
Cesare Bartolini (SnT) Data Protection November 12, 2015 33 / 54
![Page 47: DataProtection - Université du Luxembourg · 11/12/2015 · 1.Identifytherequirements I Requirementsengineering I Tropos,i*,SysML... 2.Complywiththelaw I Definethedataprotectionpolicy](https://reader033.vdocument.in/reader033/viewer/2022042803/5f4d5b99f8cda438361d9982/html5/thumbnails/47.jpg)
Right of opposition
The law grants the right of opposition:I if there is a prejudiceI in any case against advertising
I "Unsubscribe"I Registry of opposition
Cesare Bartolini (SnT) Data Protection November 12, 2015 34 / 54
![Page 48: DataProtection - Université du Luxembourg · 11/12/2015 · 1.Identifytherequirements I Requirementsengineering I Tropos,i*,SysML... 2.Complywiththelaw I Definethedataprotectionpolicy](https://reader033.vdocument.in/reader033/viewer/2022042803/5f4d5b99f8cda438361d9982/html5/thumbnails/48.jpg)
Right of opposition
The law grants the right of opposition:I if there is a prejudiceI in any case against advertising
I "Unsubscribe"I Registry of opposition
Cesare Bartolini (SnT) Data Protection November 12, 2015 34 / 54
![Page 49: DataProtection - Université du Luxembourg · 11/12/2015 · 1.Identifytherequirements I Requirementsengineering I Tropos,i*,SysML... 2.Complywiththelaw I Definethedataprotectionpolicy](https://reader033.vdocument.in/reader033/viewer/2022042803/5f4d5b99f8cda438361d9982/html5/thumbnails/49.jpg)
Third parties
Several requirements for transferring to third parties.
I Many transfers from without EUI NSA
Cesare Bartolini (SnT) Data Protection November 12, 2015 35 / 54
![Page 50: DataProtection - Université du Luxembourg · 11/12/2015 · 1.Identifytherequirements I Requirementsengineering I Tropos,i*,SysML... 2.Complywiththelaw I Definethedataprotectionpolicy](https://reader033.vdocument.in/reader033/viewer/2022042803/5f4d5b99f8cda438361d9982/html5/thumbnails/50.jpg)
Third parties
Several requirements for transferring to third parties.
I Many transfers from without EUI NSA
Cesare Bartolini (SnT) Data Protection November 12, 2015 35 / 54
![Page 51: DataProtection - Université du Luxembourg · 11/12/2015 · 1.Identifytherequirements I Requirementsengineering I Tropos,i*,SysML... 2.Complywiththelaw I Definethedataprotectionpolicy](https://reader033.vdocument.in/reader033/viewer/2022042803/5f4d5b99f8cda438361d9982/html5/thumbnails/51.jpg)
After Snowden. . .
Figure: Try to whois/traceroute this!
Cesare Bartolini (SnT) Data Protection November 12, 2015 36 / 54
![Page 52: DataProtection - Université du Luxembourg · 11/12/2015 · 1.Identifytherequirements I Requirementsengineering I Tropos,i*,SysML... 2.Complywiththelaw I Definethedataprotectionpolicy](https://reader033.vdocument.in/reader033/viewer/2022042803/5f4d5b99f8cda438361d9982/html5/thumbnails/52.jpg)
Cookies
I EU is overattentive about cookiesI Many opinions by the EDPSI Cookie noticesI Problem: cookies are almost necessary in modern web
Cesare Bartolini (SnT) Data Protection November 12, 2015 37 / 54
![Page 53: DataProtection - Université du Luxembourg · 11/12/2015 · 1.Identifytherequirements I Requirementsengineering I Tropos,i*,SysML... 2.Complywiththelaw I Definethedataprotectionpolicy](https://reader033.vdocument.in/reader033/viewer/2022042803/5f4d5b99f8cda438361d9982/html5/thumbnails/53.jpg)
Profiling
Law: no decision based solely on profiling.
I Dangers of profiling (Hildebrandt)I Crossing information for profiling (Ohm)I Identity is not requiredI Profiling virtual persons
Cesare Bartolini (SnT) Data Protection November 12, 2015 38 / 54
![Page 54: DataProtection - Université du Luxembourg · 11/12/2015 · 1.Identifytherequirements I Requirementsengineering I Tropos,i*,SysML... 2.Complywiththelaw I Definethedataprotectionpolicy](https://reader033.vdocument.in/reader033/viewer/2022042803/5f4d5b99f8cda438361d9982/html5/thumbnails/54.jpg)
Profiling
Law: no decision based solely on profiling.
I Dangers of profiling (Hildebrandt)I Crossing information for profiling (Ohm)I Identity is not requiredI Profiling virtual persons
Cesare Bartolini (SnT) Data Protection November 12, 2015 38 / 54
![Page 55: DataProtection - Université du Luxembourg · 11/12/2015 · 1.Identifytherequirements I Requirementsengineering I Tropos,i*,SysML... 2.Complywiththelaw I Definethedataprotectionpolicy](https://reader033.vdocument.in/reader033/viewer/2022042803/5f4d5b99f8cda438361d9982/html5/thumbnails/55.jpg)
DPAs
Authorities have reactive powers.
I InefficientI SlowI Few IT experts
Cesare Bartolini (SnT) Data Protection November 12, 2015 39 / 54
![Page 56: DataProtection - Université du Luxembourg · 11/12/2015 · 1.Identifytherequirements I Requirementsengineering I Tropos,i*,SysML... 2.Complywiththelaw I Definethedataprotectionpolicy](https://reader033.vdocument.in/reader033/viewer/2022042803/5f4d5b99f8cda438361d9982/html5/thumbnails/56.jpg)
DPAs
Authorities have reactive powers.
I InefficientI SlowI Few IT experts
Cesare Bartolini (SnT) Data Protection November 12, 2015 39 / 54
![Page 57: DataProtection - Université du Luxembourg · 11/12/2015 · 1.Identifytherequirements I Requirementsengineering I Tropos,i*,SysML... 2.Complywiththelaw I Definethedataprotectionpolicy](https://reader033.vdocument.in/reader033/viewer/2022042803/5f4d5b99f8cda438361d9982/html5/thumbnails/57.jpg)
What is missing?
Personal opinionData protection should be partitioned into two categories:
I "Typical" processingI Shops, IT/mail providers, booking services, chats. . .I Codes of conduct (Articles 38–39 of the GDPR)I Streamline the legal requirements if they comply
I "Non-typical" processingI Unique services, advertisement, financial servicesI Anything that is not recognized as secureI Thorough checking (consent, documentation, etc.)I Display little significant information
Cesare Bartolini (SnT) Data Protection November 12, 2015 40 / 54
![Page 58: DataProtection - Université du Luxembourg · 11/12/2015 · 1.Identifytherequirements I Requirementsengineering I Tropos,i*,SysML... 2.Complywiththelaw I Definethedataprotectionpolicy](https://reader033.vdocument.in/reader033/viewer/2022042803/5f4d5b99f8cda438361d9982/html5/thumbnails/58.jpg)
Outline
1 Privacy in history
2 Privacy vs. data protection
3 Data protection theory and practice
4 Data protection and IT
5 Engineering data protection
Cesare Bartolini (SnT) Data Protection November 12, 2015 41 / 54
![Page 59: DataProtection - Université du Luxembourg · 11/12/2015 · 1.Identifytherequirements I Requirementsengineering I Tropos,i*,SysML... 2.Complywiththelaw I Definethedataprotectionpolicy](https://reader033.vdocument.in/reader033/viewer/2022042803/5f4d5b99f8cda438361d9982/html5/thumbnails/59.jpg)
"Privacy"
Common misconceptionI Data protection = privacyI Secrecy, concealment
Consequently. . .I "I have nothing to hide" (Solove)I "They were free to decline" (Smith v. Chase Manhattan Bank)I No single actI US case
Cesare Bartolini (SnT) Data Protection November 12, 2015 42 / 54
![Page 60: DataProtection - Université du Luxembourg · 11/12/2015 · 1.Identifytherequirements I Requirementsengineering I Tropos,i*,SysML... 2.Complywiththelaw I Definethedataprotectionpolicy](https://reader033.vdocument.in/reader033/viewer/2022042803/5f4d5b99f8cda438361d9982/html5/thumbnails/60.jpg)
"Privacy"
Common misconceptionI Data protection = privacyI Secrecy, concealment
Consequently. . .I "I have nothing to hide" (Solove)I "They were free to decline" (Smith v. Chase Manhattan Bank)I No single actI US case
Cesare Bartolini (SnT) Data Protection November 12, 2015 42 / 54
![Page 61: DataProtection - Université du Luxembourg · 11/12/2015 · 1.Identifytherequirements I Requirementsengineering I Tropos,i*,SysML... 2.Complywiththelaw I Definethedataprotectionpolicy](https://reader033.vdocument.in/reader033/viewer/2022042803/5f4d5b99f8cda438361d9982/html5/thumbnails/61.jpg)
Subset of security
Figure: Also for IEEE
But the law is the other way around.
Cesare Bartolini (SnT) Data Protection November 12, 2015 43 / 54
![Page 62: DataProtection - Université du Luxembourg · 11/12/2015 · 1.Identifytherequirements I Requirementsengineering I Tropos,i*,SysML... 2.Complywiththelaw I Definethedataprotectionpolicy](https://reader033.vdocument.in/reader033/viewer/2022042803/5f4d5b99f8cda438361d9982/html5/thumbnails/62.jpg)
Subset of security
Figure: Also for IEEE
But the law is the other way around.
Cesare Bartolini (SnT) Data Protection November 12, 2015 43 / 54
![Page 63: DataProtection - Université du Luxembourg · 11/12/2015 · 1.Identifytherequirements I Requirementsengineering I Tropos,i*,SysML... 2.Complywiththelaw I Definethedataprotectionpolicy](https://reader033.vdocument.in/reader033/viewer/2022042803/5f4d5b99f8cda438361d9982/html5/thumbnails/63.jpg)
A more realistic view
Figure: Distinguishing between privacy and data protection
Cesare Bartolini (SnT) Data Protection November 12, 2015 44 / 54
![Page 64: DataProtection - Université du Luxembourg · 11/12/2015 · 1.Identifytherequirements I Requirementsengineering I Tropos,i*,SysML... 2.Complywiththelaw I Definethedataprotectionpolicy](https://reader033.vdocument.in/reader033/viewer/2022042803/5f4d5b99f8cda438361d9982/html5/thumbnails/64.jpg)
Dangers
I Tracking toolsI Profiling techniques
I Respawning cookiesI Flash cookiesI Canvas watermarking
I Claudia Diaz, The Web never forgets, 2010I Defenses
I The Onion Ring (TOR)
PEBCAK
Cesare Bartolini (SnT) Data Protection November 12, 2015 45 / 54
![Page 65: DataProtection - Université du Luxembourg · 11/12/2015 · 1.Identifytherequirements I Requirementsengineering I Tropos,i*,SysML... 2.Complywiththelaw I Definethedataprotectionpolicy](https://reader033.vdocument.in/reader033/viewer/2022042803/5f4d5b99f8cda438361d9982/html5/thumbnails/65.jpg)
Dangers
I Tracking toolsI Profiling techniques
I Respawning cookiesI Flash cookiesI Canvas watermarking
I Claudia Diaz, The Web never forgets, 2010I Defenses
I The Onion Ring (TOR)
PEBCAK
Cesare Bartolini (SnT) Data Protection November 12, 2015 45 / 54
![Page 66: DataProtection - Université du Luxembourg · 11/12/2015 · 1.Identifytherequirements I Requirementsengineering I Tropos,i*,SysML... 2.Complywiththelaw I Definethedataprotectionpolicy](https://reader033.vdocument.in/reader033/viewer/2022042803/5f4d5b99f8cda438361d9982/html5/thumbnails/66.jpg)
Standards
What do companies need?
ProblemsI Few standards or privacy
I ISO 27018:2014I Something in security
standardsI ISO 27001:2013I CSA matrixI . . .
I No standards for dataprotection
Cesare Bartolini (SnT) Data Protection November 12, 2015 46 / 54
![Page 67: DataProtection - Université du Luxembourg · 11/12/2015 · 1.Identifytherequirements I Requirementsengineering I Tropos,i*,SysML... 2.Complywiththelaw I Definethedataprotectionpolicy](https://reader033.vdocument.in/reader033/viewer/2022042803/5f4d5b99f8cda438361d9982/html5/thumbnails/67.jpg)
Standards
What do companies need?
ProblemsI Few standards or privacy
I ISO 27018:2014I Something in security
standardsI ISO 27001:2013I CSA matrixI . . .
I No standards for dataprotection
Cesare Bartolini (SnT) Data Protection November 12, 2015 46 / 54
![Page 68: DataProtection - Université du Luxembourg · 11/12/2015 · 1.Identifytherequirements I Requirementsengineering I Tropos,i*,SysML... 2.Complywiththelaw I Definethedataprotectionpolicy](https://reader033.vdocument.in/reader033/viewer/2022042803/5f4d5b99f8cda438361d9982/html5/thumbnails/68.jpg)
Techniques
I Separation of roles (organizational)I Anonymization
I k-anonymityI l-diversityI t-closenessI Differential privacy
I Paul Ohm, Broken promises of privacy: Responding to the surprisingfailure of anonymization, 2010
Cesare Bartolini (SnT) Data Protection November 12, 2015 47 / 54
![Page 69: DataProtection - Université du Luxembourg · 11/12/2015 · 1.Identifytherequirements I Requirementsengineering I Tropos,i*,SysML... 2.Complywiththelaw I Definethedataprotectionpolicy](https://reader033.vdocument.in/reader033/viewer/2022042803/5f4d5b99f8cda438361d9982/html5/thumbnails/69.jpg)
Languages
Several languages for privacy policies:I W3C Platform for Privacy Preferences (P3P), 2002I W3C A P3P Preference Exchange Language (APPEL), 2002
I Enterprise Privacy Authorization Language (EPAL), 2003I eXtensible Access Control Markup Language (XACML) Privacy Policy
Profile, 2010I urn:oasis:names:tc:xacml:2.0:resource:purposeI urn:oasis:names:tc:xacml:2.0:action:purpose
Cesare Bartolini (SnT) Data Protection November 12, 2015 48 / 54
![Page 70: DataProtection - Université du Luxembourg · 11/12/2015 · 1.Identifytherequirements I Requirementsengineering I Tropos,i*,SysML... 2.Complywiththelaw I Definethedataprotectionpolicy](https://reader033.vdocument.in/reader033/viewer/2022042803/5f4d5b99f8cda438361d9982/html5/thumbnails/70.jpg)
Outline
1 Privacy in history
2 Privacy vs. data protection
3 Data protection theory and practice
4 Data protection and IT
5 Engineering data protection
Cesare Bartolini (SnT) Data Protection November 12, 2015 49 / 54
![Page 71: DataProtection - Université du Luxembourg · 11/12/2015 · 1.Identifytherequirements I Requirementsengineering I Tropos,i*,SysML... 2.Complywiththelaw I Definethedataprotectionpolicy](https://reader033.vdocument.in/reader033/viewer/2022042803/5f4d5b99f8cda438361d9982/html5/thumbnails/71.jpg)
Addressing the problem
Many stakeholders involved:I LegislatorI ControllerI ProcessorI DPOI Data subjectI AuditorI DPAsI Standard committees
Cesare Bartolini (SnT) Data Protection November 12, 2015 50 / 54
![Page 72: DataProtection - Université du Luxembourg · 11/12/2015 · 1.Identifytherequirements I Requirementsengineering I Tropos,i*,SysML... 2.Complywiththelaw I Definethedataprotectionpolicy](https://reader033.vdocument.in/reader033/viewer/2022042803/5f4d5b99f8cda438361d9982/html5/thumbnails/72.jpg)
Perspectives
1. Identify the requirementsI Requirements engineeringI Tropos, i*, SysML. . .
2. Comply with the lawI Define the data protection policyI Show the highlights to the userI Natural Language Processing (NLP) could be useful here
3. Design for data protectionI Modeling toolsI Software engineeringI Verification and validation (V&V)
4. MaintainI RegressionI Monitoring
Cesare Bartolini (SnT) Data Protection November 12, 2015 51 / 54
![Page 73: DataProtection - Université du Luxembourg · 11/12/2015 · 1.Identifytherequirements I Requirementsengineering I Tropos,i*,SysML... 2.Complywiththelaw I Definethedataprotectionpolicy](https://reader033.vdocument.in/reader033/viewer/2022042803/5f4d5b99f8cda438361d9982/html5/thumbnails/73.jpg)
Data protection by design/by default
I Article 23 of the GDPRI By design: have data protection in mind from early stages
I Often mentioned as Privacy by Design (PbD)I By default: settings for the dumb user
I Often ignored
Cesare Bartolini (SnT) Data Protection November 12, 2015 52 / 54
![Page 74: DataProtection - Université du Luxembourg · 11/12/2015 · 1.Identifytherequirements I Requirementsengineering I Tropos,i*,SysML... 2.Complywiththelaw I Definethedataprotectionpolicy](https://reader033.vdocument.in/reader033/viewer/2022042803/5f4d5b99f8cda438361d9982/html5/thumbnails/74.jpg)
My recent work
I Define an ontology for data protectionI With a focus on the controller’s legal requirements
I Integrate it into a design modelI Unified Modeling Language (UML)I WS-BPELI Business Process Model and Notation (BPMN)
What next?I Improve the ontologyI Model requirements elicitationI Define a testing/compliance methodology
Cesare Bartolini (SnT) Data Protection November 12, 2015 53 / 54
![Page 75: DataProtection - Université du Luxembourg · 11/12/2015 · 1.Identifytherequirements I Requirementsengineering I Tropos,i*,SysML... 2.Complywiththelaw I Definethedataprotectionpolicy](https://reader033.vdocument.in/reader033/viewer/2022042803/5f4d5b99f8cda438361d9982/html5/thumbnails/75.jpg)
My recent work
I Define an ontology for data protectionI With a focus on the controller’s legal requirements
I Integrate it into a design modelI Unified Modeling Language (UML)I WS-BPELI Business Process Model and Notation (BPMN)
What next?I Improve the ontologyI Model requirements elicitationI Define a testing/compliance methodology
Cesare Bartolini (SnT) Data Protection November 12, 2015 53 / 54
![Page 76: DataProtection - Université du Luxembourg · 11/12/2015 · 1.Identifytherequirements I Requirementsengineering I Tropos,i*,SysML... 2.Complywiththelaw I Definethedataprotectionpolicy](https://reader033.vdocument.in/reader033/viewer/2022042803/5f4d5b99f8cda438361d9982/html5/thumbnails/76.jpg)
Thank you for your attention
Cesare Bartolini (SnT) Data Protection November 12, 2015 54 / 54