privacy by design and by default
DESCRIPTION
FLORENCE, NOVEMBER 1st, 2014. Sébastien FANTI Attorney at law and public Notary Elected as Cantonal Data Privacy Officer (Valais) www.sebastienfanti.ch s [email protected]. PRIVACY BY DESIGN AND BY DEFAULT. Preliminary remarks and definitions - PowerPoint PPT PresentationTRANSCRIPT
| Argentina | Belgium | Brazil I Canada | China I Colombia I France | Germany | Greece | Israel | Italy | Lebanon I Luxembourg | Mexico | Norway | Portugal| South Africa | Spain | Switzerland | Tunisia | United Kingdom | USA
PRIVACY BY DESIGN AND BY DEFAULT
Sébastien FANTI
Attorney at law and public Notary Elected as Cantonal Data Privacy Officer (Valais)
www.sebastienfanti.ch [email protected]
FLORENCE, NOVEMBER 1st, 2014
PRIVACY BY DESIGN AND BY DEFAULT
| Switzerland | Me Sébastien FANTI | [email protected]
Page 2
• Preliminary remarks and definitions• The example of the Blackphone• The Swiss Privacy by Design and by Default
approach• Impact analysis about privacy - modelization of
risks – a practical approach• Future evolutions• Conclusions
Overview
PRIVACY BY DESIGN AND BY DEFAULT
| Switzerland | Me Sébastien FANTI | [email protected]
Page 3
Privacy by Design refers to the philosophy and approach of embedding privacy into the design specifications of various technologies. Ann Cavoukian
Privacy by Default has another dimension than Privacy by Design. Privacy by Default covers applying default settings in such a way that the best possible privacy is guaranteed. Privacy by Default reacts to the enormous growth of internet facilities and apps and must ensure that the low-threshold use leads too quickly to the unwanted showing and/or sharing of (too much) of personal data or compromising of security. Viviane Reding
Preliminary remarks and definitions
PRIVACY BY DESIGN AND BY DEFAULT
| Switzerland | Me Sébastien FANTI | [email protected]
Page 4
The 7 Foundational Principles of Privacy by Design:- Proactive not Reactive; Preventive not Remedial- Privacy as the Default Setting- Privacy Embedded into Design- Full Functionality – Positive-Sum, not Zero-Sum- End-to-End Security – Full Lifecycle Protection- Visibility and Transparency – Keep it Open- Respect for User Privacy – Keep it User-Centric
Operationalizing Privacy by Design: A Guide to Implementing Strong Privacy Practices, Ann Cavoukian, Ph.D., Information and Privacy Commissioner, Ontario, Canada, December 2012, p. 8
Preliminary remarks and definitions
PRIVACY BY DESIGN AND BY DEFAULT
| Switzerland | Me Sébastien FANTI | [email protected]
Page 5
The example of the Blackphone www.blackphone.ch
PRIVACY BY DESIGN AND BY DEFAULT
| Switzerland | Me Sébastien FANTI | [email protected]
Page 6
• Spider Oak: Online File Sharing & Secure Cloud Backup – strongly recommanded by Edward Snowden
• “Our smartphone won’t make you NSA-proof, but it’s a good start”
• Phil Zimmerman
The example of the Blackphone
PRIVACY BY DESIGN AND BY DEFAULT
| Switzerland | Me Sébastien FANTI | [email protected]
Page 7Source: ars technica: http://arstechnica.com/gadgets/2014/02/everything-you-wanted-to-know-about-the-security-focused-blackphone/
The example of the BlackphoneFeature Android Default PrivateOS EnhancementSearch Trackable Anonymous
Bundled Apps Many, with privacy disabled by default
Few, and all privacy-enabled
Wi-Fi usage Always on for geolocalisation and user tracking
Smart disabling of all Wi-Fi except trusted hotspots
App permissions All-or-nothing Fine-grained control in a single interface
Communications tools Traceable dialer, SMS, MMS, browser. Vulnerable to spoofed
cell networks and wi-fi
Private calls, texting, video chat, file exchange up to 100 MB,
browsing, and conference calls
Updates Supplied infrequently after carrier blessing
Frequent secure updates from Blackphone directly
Remote Wipe & Anti Theft Requires use of centralized cloud account
Anonymous
Business Model Personal data mining for tracking and marketing
Delivering privacy as a premium, valued feature
PRIVACY BY DESIGN AND BY DEFAULT
| Switzerland | Me Sébastien FANTI | [email protected]
Page 8
I have read this article and I’m very surprised. I have bought this phone because it was a secured phone. If not, I think you should give the money back! I would be happy to have a feed-back quickly. August 12, 2014 / 08:00 PM
The example of the Blackphone: Nothing is perfect!
PRIVACY BY DESIGN AND BY DEFAULT
| Switzerland | Me Sébastien FANTI | [email protected]
Page 9
Thanks for contacting us and I understand your concern. I think the links in https://support.blackphone.ch/customer/portal/questions/8315538-blackphone-rooted-in-5mn will address your concerns.
Please let me know if you have any more questions.August 13, 2014 / 01:44 AM
Source: ars technica: http://arstechnica.com/security/2014/08/blackphone-goes-to-def-con-and-gets-hacked-sort-of/
The example of the Blackphone: Nothing is perfect!
PRIVACY BY DESIGN AND BY DEFAULT
| Switzerland | Me Sébastien FANTI | [email protected]
Page 10
No legal rule refers explicitly to these principles at the moment in the Federal Act on Data Protection of 19 June 1992. Federal Data Protection and Information Commissioner has taken part to the 32th international Conference of Data Protection and Privacy Commissioners in Jerusalem, where one resolution was adopted about the need to include the principle of Privacy by Design in the legislation.The need to revise our Federal Act on Data Protection is evaluated by a Commission of experts.
The Swiss Privacy by Design and by Default approach
PRIVACY BY DESIGN AND BY DEFAULT
| Switzerland | Me Sébastien FANTI | [email protected]
Page 11
Each Swiss Company who handles the data of European citizens or receives such data from one member of the UE should respect the legal rules of the UE and of all the Member States.
Art. 23 of the future European regulation:Data protection by design and by default
The Swiss Privacy by Design and by Default approach
PRIVACY BY DESIGN AND BY DEFAULT
| Switzerland | Me Sébastien FANTI | [email protected]
Page 12
https://www.apps.edoeb.admin.ch/dsfa/fr/index.html
Privacy and data protection impact assessment : a practical approach !
PRIVACY BY DESIGN AND BY DEFAULT
| Switzerland | Me Sébastien FANTI | [email protected]
Page 13
• Switzerland can’t afford to stay out of significant legislative changes which will undoubtedly impact a lot a companies in our country
• Ordinarily, we adopt new UE legal rules with a slight delay• Even if the rules aren’t changed immediately in our country,
most international companies will have to adapt their legal approach and become early adopters
• The global market with a fierce competition is the best way to uphold these principles
The Swiss Privacy by Design and by Default approach
PRIVACY BY DESIGN AND BY DEFAULT
| Switzerland | Me Sébastien FANTI | [email protected]
Page 14
Future evolutionsTwo postulates are now pending before our Parliament to introduce in our Federal Act on Data Protection of 19 June 1992 the principles of Privacy by Design and Privacy by Default (postulates Schwaab).
The Government agrees with both postulates.
Our law should normally change in some … years!
PRIVACY BY DESIGN AND BY DEFAULT
| Switzerland | Me Sébastien FANTI | [email protected]
Page 15
Swiss citizens really love Privacy !Our companies and schools are for some of them between the best in the world in their scale of competences (Logitech, Swisscom, EPFL, etc.).
The only solution is to apply immediately both principles and go further than what the law currently requires.
Conclusions
| Argentina | Belgium | Brazil I Canada | China I Colombia I France | Germany | Greece | Israel | Italy | Lebanon I Luxembourg | Mexico | Norway | Portugal| South Africa | Spain | Switzerland | Tunisia | United Kingdom | USA
Thank you for your attentionFollow me on:
Twitter : @sebastienfantiFacebook: https://www.facebook.com/sebastien.fanti
Linkedin: http://ch.linkedin.com/in/sebastienfanti/
| G l o b a l n e t w o r k o f a tt o r n e y s s p e c i a l i z e d i n e m e r g i n g t e c h n o l o g y l a w
GermanyBernd ReinmüllerNeue Mainzer Strasse 2860311 Frankfurt Am MainT. 0049 69 971 09 71 00F. 0049 69 971 09 72 00
-
Tim Christopher CaesarAn der Hauptwache 7D-60313 Frankfurt am MainT. 0049 69 900 26 6F. 0049 69 900 26 [email protected]
BelgiumJean-François Henrotte & Alexandre [email protected] www.philippelaw.eu
LiègeBoulevard d’Avroy, 2804020 LiègeT. 0032 4 229 20 10F. 0032 78 15 56 56
BrusselsChaussée de la Hulpe, 1811170 BruxellesT. 0032 2 250 39 80F. 0032 78 15 56 56
CanadaJean-François De Ricojean-francois.derico@lkd.cawww.langloiskronstromdesjardins.com
Montreal1002, rue Sherbrooke Ouest, 28th FloorH3A3L6 MontréalT. 0015 148 42 95 12F. 0015 148 45 65 73
QuebecComplexe Jules-Dallaire, T32820, Laurier Bld, 13th FloorG1V 0C1 Québec City T. 0014 186 50 70 00F. 0014 186 50 70 75
SpainMarc GallardoRonda General Mitre, 16408006 BarceloneT. 0034 93 476 40 48 [email protected]
USAFrançoise Gilbert555 Bryant Street #603Palo Alto, CA 94301T. 0016 508 04 12 35F. 0016 507 35 18 [email protected]
FranceAlain Bensoussan, Isabelle Tellier& Frédéric Forsterwww.alain-bensoussan.com
Paris58, boulevard Gouvion-Saint-CyrF75017 Paris (Porte Maillot)T. 0033 141 33 35 35F. 0033 141 33 35 [email protected]
Grenoble7, place Firmin GautierF38000 GrenobleT. 0033 476 70 09 95F. 0033 476 70 09 [email protected]
IsraelRussell D. MayerJérusalem Technology Park, Building 9, 4th FloorP.O. Box 48193 Malcha91481 Jérusalem T. 0097 226 79 95 33F. 0097 226 79 95 [email protected]
ItalyRaffaele Zallone31 Via Dell’Annunciata20121 MilanoT. 0039 229 01 35 83F. 0039 229 01 03 [email protected]
LuxembourgMarc Gouden, François Cautaerts & Jean-François Henrotte41 avenue de la Liberté1931 LuxembourgT. 00352 266 886F. 00352 266 887 00 [email protected]
NorwayArve FøyenPostboks 7086 St. Olavs pl.0130 OsloT. 0047 21 93 10 00F. 0047 21 93 10 [email protected]
MexicoEnrique OchoaTorre Axis Santa FeProlongación Paseo de la Reforma # 61, PB-B1Col. Paseo de las Lomas01330 Mexico, D.F.T. 0052 55 25 91 10 70F. 0052 55 25 91 10 [email protected]
PortugalJoão P. Alves Pereira Avenida da Liberdade, 38, 3º 1250-145 LisboaT. 00351 213 700 190F. 00351 213 829 [email protected]
United KingdomDanny Preiskel5 Fleet PlaceLondon EC4M 7RDT. 0044 20 7332 5640 F. 0044 20 7332 [email protected]
SwitzerlandSébastien Fanti8B rue de Pré-Fleuri, CP 4971951 SionT. 0041 27 322 15 15F. 0041 27 322 15 [email protected]
South AfricaLance Michalson and John [email protected] www.michalsons.co.za
JohannesburgGround FloorTwickenham BuildingThe Campus, 57 Sloane & Cnr Main Road2021 BryanstonT. 0027 11 568 0331F. 0027 86 529 4276 Cape TownBoyes DriveSt James7945 Cape TowT. 0027 21 300 1070F. 0027 86 529 4276
TunisiaYassine Younsi4, Rue Petite Malte1001 TunisT. 00 216 71 346 564 [email protected]://younsiandyounsilawfirm.e-monsite.com
ArgentinaAntonio & Rosario MilléSuipacha 1111 - piso 11C1008AAW Buenos AiresT. 0054 11 5297 7000F. 0054 11 5297-7009 [email protected]
BrazilSilvia Regina Barbuy MelchiorRua do Rócio, 351 cj 102Vila Olímpia 04552-000São Paulo SPT./F. 0055 11 [email protected]
ChinaJade & FountainJun [email protected]
Shanghai 31/F Tower BFar East International Plaza317 Xian Xia Road,Zip code: 200051lT. 0086 21 62351488F. 0086 21 62351477
BeijingUnit 803, Floor 8, Tower E1Oriental Plaza,No.1 E.Chang An Avenue,Zip code: 100738 T. 0086 10 85183285F. 0086 10 85183217
ColombiaIvan Dario Marrugo Jimenez Cra. 52 No. 45-15 P. 1 - La EsmeraldaBogotáT. 0057 571 4760798 - 3158738 F. 0057 571 3244200 [email protected]
LebanonKouatly & Associés – AvocatsRayan Kouatly63, rue Amine Mneimné, BP 11 2242 Beyrouth T. +961 175 17 77 F. +961 175 17 [email protected]
GreeceGeorge A. Ballas10 Solonos Street, Kolonaki106 73 AthensT. 0030 210 36 25 943F. 0030 210 36 47 [email protected]. ballas-pelecanos.com