guiding app developers on privacy and security design matters · app developers guide 24.06.2019 8...
TRANSCRIPT
Guiding App Developers on Privacy and Security
Design Matters
Majid HatamianChair of Mobile Business & Multilateral Security
Goethe University Frankfurt
www.hatamian.net
12th June 2019 – Rome, Italy
IPEN Workshop 2019
Outline
24.06.2019 2
App Developers Guide2
Introduction1
Summary3
Outline
24.06.2019 3
App Developers Guide2
Introduction1
Summary3
After one year…
IntroductionProblem Definition
24.06.2019 4
Lack of
developer-centric
privacy research
Law itself is not
enough
IntroductionProblem Definition
24.06.2019 5
Users are more concerned
Apps are still greedy
Outline
24.06.2019 6
App Developers Guide2
Introduction1
Summary3
App Developers Guide
24.06.2019
National and international bodies
Legal and technical documents
Institutes and authorities
Not only what to do, but also how to do it
7
App Developers Guide
24.06.2019 8
App
Developers
Guide
Extraction of Relevant
Principles
Checking the Overlaps
Compilation and
Categorization of
Principles
Regulatory
Documents
Review
Data Protection Expert
Discussion
Supports
Developer
Scientific/Technical Documents Review
App Developers GuidePrivacy & Security Design Principles Catalog
24.06.2019 9
Purpose limitation &
Data minimization
Unlinkability
Storage limitation
Transparency
Integrity &
Confidentiality
Accountability
Intervenability
24.06.2019 9
Purpose limitation &
Data minimization
Unlinkability
Storage limitation
Transparency
Integrity &
Confidentiality
Accountability
Intervenability
• Sharing limitation
• 3rd parties & 3rd countries
• 3rd party content
App Developers GuidePrivacy & Security Design Principles Catalog
24.06.2019 9
Purpose limitation &
Data minimization
Unlinkability
Storage limitation
Transparency
Integrity &
Confidentiality
Accountability
Intervenability
• Anonymization
• Pseudonymization
App Developers GuidePrivacy & Security Design Principles Catalog
24.06.2019 9
Purpose limitation &
Data minimization
Unlinkability
Storage limitation
Transparency
Integrity &
Confidentiality
Accountability
Intervenability
• Data retention
• Data accuracy
App Developers GuidePrivacy & Security Design Principles Catalog
24.06.2019 9
Purpose limitation &
Data minimization
Unlinkability
Storage limitation
Transparency
Integrity &
Confidentiality
Accountability
Intervenability
• Ex-ante measures
• Ex-post measures
App Developers GuidePrivacy & Security Design Principles Catalog
24.06.2019 9
Purpose limitation &
Data minimization
Unlinkability
Storage limitation
Transparency
Integrity &
Confidentiality
Accountability
Intervenability
• Sharing security
• Storage security
• Unauthorized access
prevention
• Safeguard measures
• Secure payment
• Device & OS
App Developers GuidePrivacy & Security Design Principles Catalog
24.06.2019 9
Purpose limitation &
Data minimization
Unlinkability
Storage limitation
Transparency
Integrity &
Confidentiality
Accountability
Intervenability
• Internal procedures
• Data Protection Impact
Assessments (DPIAs)
App Developers GuidePrivacy & Security Design Principles Catalog
24.06.2019 9
Purpose limitation &
Data minimization
Unlinkability
Storage limitation
Transparency
Integrity &
Confidentiality
Accountability
Intervenability
• User’s rights
• User’s consent
App Developers GuidePrivacy & Security Design Principles Catalog
Outline
24.06.2019 10
App Developers Guide2
Introduction1
Summary3
Summary
24.06.2019
Promises do not match actions
• Absolute freedom!
There is a gap between privacy regulation and
implementation of real world app privacy practices
• The presented guide catalog may help filling it.
11
24.06.2019 19
Chair of Mobile Business & Multilateral Security
Majid Hatamian, Ph.D. candidateGoethe University Frankfurt
E-Mail: [email protected]
WWW: www.hatamian.net
www.m-chair.de