smartm2m; teaching material; part 2: iot privacy slides associated to tr 103 534...this teaching...
TRANSCRIPT
Presented by: For:
© ETSI 2018
05.03.2019
SmartM2M;Teaching material; Part 2: IoT Privacy
STF 547 Task 3.2 V0.1.0
© ETSI 2019 2
Content
Learning Objectives
Part 1: What is Privacy?
Part 2: Privacy in the context of IoT
Part 3: What are the risks associated to privacy?
Part 4: How to Protect from Privacy Risks?
Conclusion
© ETSI 2019 3
Learning objectives
Understanding the key aspects relating to privacy and GDPR
01Understanding the key aspects relating to ePrivacy for IoT
02Understanding the risks associated with privacy
03Identify how to protect from privacy risks
04
© ETSI 2019 4
Target audience of this teaching material
The main target reader has no knowledge on the issue of privacy
This teaching material addresses key aspects of privacy by raising a set of relevant questions
Accordingly, this teaching material
provides learners with the necessary information,
so as to gain basic knowledge on the concept of privacy,
allowing them to make decisions and act in relation to the IoT environment.
Target group of learners
holds functions both upstream and downstream of the IoT supply chain, thus, mirroring the entire
spectrum of the IoT stakeholders
Upstream e.g. Device Manufacturers
Midstream e.g. Professionals designing IoT products; 3rd party using and designing products; IoT platform
manufacturers
Downstream e.g. subscribers, users, non-users, Authorities
© ETSI 2019
Part 1: What is Privacy?
© ETSI 2019 6
1. What is Privacy?Contents
Introduction
The General Data Protection Regulation (GDPR)
What is the link between privacy and security?
© ETSI 2019 7
1.1 Introduction to Privacy
Privacy is the ability of an individual to be left alone, out of public view,
and in control of information about oneself.
One can distinguish the ability to prevent intrusion in one's physical space
("physical privacy", for example with regard to the protection of the
private home) and the ability to control the collection and sharing of
information about oneself ("informational privacy").
The right to privacy is enshrined in the Universal Declaration of Human
Rights (Article 12) as well as in the European Convention of Human Rights
(Article 8).
© ETSI 2019 8
1.1 Introduction to PrivacyPersonal Data
The concept of privacy overlaps, but does not coincide, with the concept
of data protection. The right to privacy is enshrined in the Universal
Declaration of Human Rights (Article 12) as well as in the European
Convention of Human Rights (Article 8).
Personal Data: any information relating to an identified or identifiable
natural person ('data subject'); an identifiable person is one who can be
identified, directly or indirectly, in particular by reference to an
identification number or to one or more factors specific to his physical,
physiological, mental, economic, cultural or social identity
© ETSI 2019 9
1.1 Introduction to PrivacyPersonal Data categorization
Non-Personal PersonalSpecial
Categories
Non-identifiable data, which
has never been labelled
with individual identifiers ,
to which no specific
individual can be identified
Any information relating to
an identified or identifiable
individual
Any information relating to
an identified or identifiable
individual that is sensitive
in nature
• Hours worked
• Weather
• Number of Employees
• Anonymised data
• Individual’s name
• Date of Birth
• Postal Code
• Online identifier
• Racial or ethnic origin
• Data concerning health
• Sexual orientation
• Religion
• Political beliefs
• Biometric/genetic data
© ETSI 2019 10
1.2 The General Data Protection Regulation (GDPR)Overview
Introduced to protect personal data (not all data), due largely to the
increase in technology and free flow of information.
Also referred to as Regulation (EU) 2016/679.
Created by the European Parliament and Council to strengthen and unify
data privacy for EU individuals as well as regulate the international transfer
of their data.
Came into force on 25th May 2018 as a Regulation
Examples of Privacy scandals:
Facebook’s launch of Portal has been stymied by trust issues: “The company’s
privacy scandals have made us wary of its connected devices”
Amazon confirms Alexa recorded and shared a family's conversation
© ETSI 2019 11
1.2 The General Data Protection Regulation (GDPR)Territorial Scope of GDPR
GPDR intends to extend the reach of EU Data Protection Law. As
well as protecting personal data that is held within the EU, even
if no EU presence exists in an organisation, if personal data of a
resident of the EU is processed by this organisation in connection
with goods or services provided, GDPR will still apply.
NON-EU organization will be subject to GDPR if they:
Offer goods or services to EU residents
Monitoring the behaviour of EU residents
© ETSI 2019 12
1.2 The General Data Protection Regulation (GDPR)What is Personal Data Processing?
In
• Gathering
• Recording
• Amendments
In
• Gathering
• Recording
• Amendments
Data
• Storage
• Structure
• Organisation
Data
• Storage
• Structure
• Organisation
Out
• Use
• Analysis
• Transmitting
• Extraction
• Profiling
Out
• Use
• Analysis
• Transmitting
• Extraction
• Profiling
© ETSI 2019 13
1.2 The General Data Protection Regulation (GDPR)Processing of Data
Processing in GDPR means any operations which is performed on
personal data or sets of data whether or not it is automated.
collection, recording, organizing, structuring, storage, adaption,
alteration, retrieval, transmission, erasure or destruction
Profiling of data and Automated decision
automated processing of personal data to evaluate certain personal
aspects relating to a natural person, in order to predict aspects
concerning that natural person.
Requirement for profiling: Data has to be personal, automated and
some form of evaluation must take place
© ETSI 2019 14
1.2 The General Data Protection Regulation (GDPR)Roles within GDPR
Data subject: an identified or identifiable natural person
Data controller: person, public authority, agency, organization, alone or
jointly which determines the purpose and means of the processing of
personal data
Data Protection Officer (DPO): person who ensures that the organization is
aware of and complies with its data protection responsibilities and
obligations according to GDPR and Member state
Data processor: natural or legal person, public authority, agency or any
other body which processes personal data on behalf of the data controller
© ETSI 2019 15
1.2 The General Data Protection Regulation (GDPR)Roles within GDPR
Third Party: natural or legal person, public authority, agency or body which
is authorized to process personal data under the direct authority of the
data controller or processor
Supervisory Authorities: monitor and enforce the application of GDPR with
the aim to protect the fundamental rights and freedom of natural persons
in relation to processing and to facilitate the free flow or personal data
within the European Union
© ETSI 2019 16
1.2 The General Data Protection Regulation (GDPR)Data Protection Principles
There are six principles that define the conditions under which data should
be processed they define the (“HOW”)
Breaking this principles make the processing unlawful.
These principles are as follows:
Lawfulness, Fairness and transparency
Purpose Limitation
Data minimization
Accuracy
Storage Limitation
Integrity and Confidentiality
© ETSI 2019 17
1.2 The General Data Protection Regulation (GDPR)Reasons to process data
There are six reasons under which data should be processed and they
answer the “WHY” for processing
These reasons must also be lawful.
These six reasons are:
Consent
Contract
Compliance
Vital interest
Public interest
Legitimate interest
© ETSI 2019 18
1.2 The General Data Protection Regulation (GDPR)Rights of Individual
The GDPR provides the following rights for individuals:
Right to be informed: transparency about use of data collected, aim of collection
and retention period
Right of access: right to have access to data either asking verbally or in writing
Right to rectification: right to request data to be corrected or complete if incomplete
either verbally or in writing
Right to erasure: right to have their data erased (right to be forgotten)
Right to restrict processing: right to request the restriction or suppression of their
personal data (applies only in certain circumstances)
© ETSI 2019 19
1.2 The General Data Protection Regulation (GDPR)Rights of Individual (cont.)
The GDPR provides the following rights for individuals (cont.):
Right to data portability: right to ask their data to be copied or transferred easily from
one IT environment to another in a safe and secure way, without affecting their
usability
Right to object: right to stop their data being used for direct marketing.
Rights in relation to automated decision making and profiling: give individuals
information about the processing; introduce simple ways for them to request human
intervention or challenge a decision; carry out regular checks to make sure that
systems are working as intended
© ETSI 2019 20
1.2 The General Data Protection Regulation (GDPR)Novelties of the GDPR
Privacy by Design
Accountability
Consent management
Data Protection Impact Assessment (DPIA)
Data breach notification
© ETSI 2019 21
1.2 The General Data Protection Regulation (GDPR)Breaches and Procedure
Personal data breach: this is a breach of security leading to accidental or unlawful
destruction. Loss, alteration, unauthorised disclosure, access to personal data
transmitted stored or processed.
Procedures to follow:
The GDPR introduces a duty on all organisations to report certain types of personal data breach to the relevant
supervisory authority. You must do this within 72 hours of becoming aware of the breach, where feasible.
If the breach is likely to result in a high risk of adversely affecting individuals’ rights and freedoms, you must also
inform those individuals without undue delay.
You should ensure you have robust breach detection, investigation and internal reporting procedures in place. This
will facilitate decision-making about whether or not you need to notify the relevant supervisory authority and the
affected individuals.
You must also keep a record of any personal data breaches, regardless of whether you are required to notify.
© ETSI 2019 22
1.3 Link between privacy and securityPrivacy and Security
Privacy and security are separate concepts in the sense, for example, that
privacy can be perceived independently of security
But they are complementary, given that in reality security is an enabler of
privacy.
It can be stressed that security is a basic requirement for the effective
protection of privacy.
© ETSI 2019
Part 2: Privacy in the context of IoT
© ETSI 2019 24
2. Privacy in the context of IoTContents
Global Approach of IoT Systems
Challenge of Privacy in IoT
Use case examples
Data processing within the IoT ecosystem
© ETSI 2019 25
2.1 Global Approach of IoT SystemsPrivacy in the context of IoT
This teaching material proposes an approach that suggests reinforcing the role of
human users with privacy concerns at the heart of IoT and as the users and
beneficiaries of IoT
© ETSI 2019 26
2.1 Global Approach of IoT SystemsMain differences and characteristics of IoT systems
Stakeholders: large variety of potential stakeholders with a wide range of roles that
shape the way; each of them can be considered in the IoT system. Moreover, none of
them can be ignored.
Privacy. In the case of IoT systems that deal with critical data in critical applications
(e.g., e-Health, Intelligent Transport, Food, Industrial systems), privacy becomes a make
or break property.
Interoperability. There are very strong interoperability requirements because of the
need to provide seamless interoperability across many different systems, sub-systems,
devices, etc.
Security. As an essential enabling property for trust, security is a key feature of all IoT
systems and needs to be dealt with in a global manner. One key challenge is that it is
involving a variety of users in a variety of use cases.
© ETSI 2019 27
2.1 Global Approach of IoT SystemsMain differences and characteristics of IoT systems
Technologies. By nature, all IoT systems have to integrate potentially very diverse
technologies, very often for the same purpose (with a risk of overlap). The balance
between proprietary and standardized solutions has to be carefully managed, with a lot
of potential implications on the choice of the supporting platforms.
Deployment. A key aspect of IoT systems is that they emerge at the very same time
where Cloud Computing and Edge Computing have become mainstream technologies.
All IoT systems have to deal with the need to support both Cloud-based and Edge-
based deployments with the associated challenges of management of data, etc.
Legacy. Many IoT systems have to deal with legacy (e.g., existing connectivity, back-end
ERP systems). The challenge is to deal with these requirements without compromising
the “IoT centric” approach.
© ETSI 2019 28
2.1 Global Approach of IoT SystemsNeed for an "IoT-centric" view
Examples of roles to be characterized and analyzed:
System Designer
System Developer
System Deployer
End-user
Device Manufacturer
Reference Architecture(s)
Many elements (e.g., vocabularies, definitions, models) have to be defined, agreed and shared by the
IoT stakeholders.
Existence of a great variety of IoT systems architectures, it is also necessary to adopt Reference
Architectures, in particular Functional Architectures
Very large span of requirements, use cases and roles within an IoT system make it
difficult to provide prototypical solutions applicable to all of the various issues
addressed
© ETSI 2019 29
2.2 Challenge of Privacy in IoT
IoT forms a clear example of hyper connectivity and distributed control
Appropriate safeguards are needed to ensure that individuals’ right to
privacy is effectively protected
The following are some of the challenges in identifying:
the stakeholders that are impacted by Privacy
the personal data and who owns the data
privacy in various domains in IoT
how stakeholders need to think of Privacy as part of design not an afterthought
the implication of non-compliance with Regulation not just standards.
© ETSI 2019 30
2.3 Use case examplesAmbient assisted living in smart homes, older people - illustration
© ETSI 2019 31
2.3 Use case examplesAmbient assisted living in smart homes, older people - stakeholders
Main actors
Beneficiary: elderly person (Angela, 84 years-old) with raised cardiovascular risk
Family caregiver: the relatives (Alba) or family caregiver with interest and with permission to
check the status of the beneficiary
Formal caregiver: in this case, the Spanish Red Cross that provides the 24/7 telecare and
assistance service
Data Subject
Angela
Data Controller
CCTV camera manufacturer
Blood pressure device manufacturer
© ETSI 2019 32
2.3 Use case examplesAmbient assisted living in smart homes, older people - stakeholders
Data Processor
Location service provider (provides Angela’s location service to Alba)
Caregiver -Spanish Red cross company (provides staff that reviews Angela medical record)
Relative
Blood Pressure device manufacturer
© ETSI 2019 33
2.3 Use case examplesAmbient assisted living in smart homes, older people - challenges
The CCTV camera and the blood pressure tracker will be monitoring and
maintaining a record Angela’s location, blood pressure, body temperature and
other forms of health data
These data will be accessible to the camera manufacturer, blood pressure device
manufacturer, Spanish Red Cross and the like.
Concerns such as
how these data will be stored and used by the respective parties,
for how long
whether sufficient safeguards have been implemented to protect the data from being accessed
by an unauthorised party.
© ETSI 2019 34
2.3 Use case examplesSmart home solutions - illustration
Movie night scenario: with a press of a button Erik’s
flat door is locked, lights are off all over the house
but in the living room where a dimmed discrete
illumination is still present and the temperature in
the living room is set a bit warmer than usual.
Security at night scenario: Daniel is in his bedroom.
From his mobile phone, he can look at the video streams coming from the video
cameras installed outside home.
checks the motion detectors around the home
also checks the contact sensors installed on the
windows to see if any of them is forgotten open.
Power saving scenario: Olaf lives in a remote cottage
in the mountains. From his mobile phone, he can set the preferred room temperatures, the priority of
the rooms and the consumption limits
keep his instant power consumption within the
required limits at all time
© ETSI 2019 35
2.3 Use case examplesSmart home solutions - stakeholders
Main actors
home residents
housekeeper (with a passive role in the solution)
technician
Data Subject
Depending on the scenario: Erik, Daniel or Olaf
Data Controller
Smart home application developer
Data Processor
Video camera manufacturer
Technician
© ETSI 2019 36
2.3 Use case examplesSmart home solutions - challenges
Smart homes require several sensors and actuators to be installed that allow it to
be aware of the home parameters and events in every moment and take
appropriate actions when needed.
These new technologies bring with them specific threats:
network security, hacking,
people’s privacy,
complexity of the installation
maintenance of the devices which needs to be accounted for when these devices are being
manufactured
© ETSI 2019 37
2.3 Use case examplesLogistics and workplace – story line
The port of Rotterdam is a multipurpose port with numerous terminals.
The type and quantity of data related to transiting goods are processed through a sophisticated
equipment and IT systems, which are coordinated by employees from IT Department and
protected under the supervision of the Department for port’s security. The overall system is
constantly checked through a sophisticated internal system, which allows the interchange of data
with external entities and logistic actors.
Peter is an employee who coordinates the incoming and outgoing shipments, ensures that the
traffic is managed in an effective manner
Peter is equipped with a smart watch that he is required to wear during office hours.
The equipment allows the respective managers to keep track of the time and duration for which the warehouse was
accessed by their delivery representatives.
Additionally, , a secure system allows the deliver representatives only to pick up the cargo after clearance is given by
their managers along with a 4-digit OTP (One Time Password) which would be sent to their smart watches.
Access to the information on the watch is only provided to shipment owners when the cargo is arriving or at the
premises of the port
© ETSI 2019 38
2.3 Use case examplesSmart home solutions - stakeholders
Main actors
Peter
The employer (Sky Shipping & Logistics Company Ltd)
The cargo shipment owner (Glitterati and Co)
Watch Company
Location service provider
Data Subject
Peter (Personal data: location, email address, phone number ; health data: hearth rate, body
temperature)
Data Controller
The employer
Data Processor
The employer (Sky Shipping & Logistics Company Ltd)
The cargo shipment owner (Glitterati and Co)
© ETSI 2019 39
2.3 Use case examplesSmart home solutions - challenges
The smart watch can track and store different types of data with respect to Peter
including his location, email address, heart rate and body temperature
Thus it is essential that his employer ensures that effective measures are put in
place to ensure that
only the relevant personnel have access to such data
such data is tracked during office hours only when it is required for an assignment.
Further, the smart watch manufacturers must implement sufficient security
mechanisms to prevent it from getting hacked by third parties
© ETSI 2019
Part 3: What are the risks
associated to Privacy?
© ETSI 2019 41
3. What are the risks associated to Privacy?Contents
The GDPR is a risk-based regulation requiring organizations to take appropriate
technical and organizational measures on the basis of the risks identified.
When identifying risk organisation have to take into account several parameters such
as the specific types of data to be processed and the scale of processing itself.
The risks pertaining to personal data protection relate to each individual separately, but
since the harm can proliferate in the IoT environment they are relevant for society at
large.
© ETSI 2019 42
3.1 What are the risks associated to Privacy?Contents -Categories
In order to be able to capture and explain risk across the relevant areas in
an IoT ecosystem, it is worth categorising risk as it relates to relevant
stakeholders as follows:
Upstream: Parties that are directly involved in the creation of the IoT device i.e.
device manufacturers
Midstream: Third parties that assist the device manufacturers in the creation of the
IoT device i.e. product designers, platform manufacturers and the like.
Downstream: The final users of the IoT device.
© ETSI 2019 43
3.2 What are the risks associated to Privacy?Data Protection Impact Assessment 1/2
Data Protection Impact Assessment – DPIA (an art of privacy assessment) is a tool to
help you identify and minimize the data protection risks of new projects. They are part
of your accountability obligations under the GDPR, and an integral part of the ‘data
protection by default and by design’ approach
DPIA can address a single processing operation or a set of similar processing
operations.
DPIA should be carried out prior to the processing, as early as practical in the design of
the processing operation.
DPIA should be continuously updated.
© ETSI 2019 44
3.3 What are the risks associated to Privacy?Data Protection Impact Assessment 2/2
The five key stages of DPIA may be
summarized as follows:
Identify the need for DPIA (e.g. processing
special categories of data)
Describe the information Flow
Identify data protection related risks
Identify and evaluate privacy solutions
Sign-off and record the outcome
© ETSI 2019 45
3.3 What are the risks associated to Privacy?Data Protection Impact Assessment-Example of ICO Template
© ETSI 2019
Part 4: How to Protect from
Privacy Risks?
© ETSI 2019 47
4. How to Protect from Privacy Risks?Contents
Introduction
Device Manufacturers
Professionals designing IoT products (Social Network)
Professionals using IoT products (Third Party Application developers)
IoT Platforms
Individuals as Data Subjects: Subscribers, Users, Non-Users
© ETSI 2019 48
4.1 How to Protect from Privacy Risks?Introduction
Having suggested a tool to help identify risk which can be used by the categories of
stakeholders mentioned earlier: Upstream, Midstream, Downstream, this section now
wants to suggest key set of recommendations.
The recommendations are primarily, but not exclusively relevant for the stakeholders
identified.
The recommendations here are subset of details found in the main TR.
© ETSI 2019 49
4.2 How to Protect from Privacy Risks?Upstream – Device Manufacturer
Most of them actually collect and process personal data which is generated by the
device, for purposes and means which they have wholly determined.
This effectively means if device manufacturers have built in sensors that collect data
from devices for transmit for other purposes such as to track employee’s usage in order
to help determine what sites visited or to sell data to insurance companies, basically if
the device collects and process personal data generated, this needs to be made clear
to the users who are the data subjects.
In this aspects the Device Manufacturer qualify as data controllers
© ETSI 2019 50
4.3 How to Protect from Privacy Risks?Upstream – Device Manufacturer - Recommendations
• Data protection by design: Privacy of users must be
embedded into the design of business processes,
technologies, end-to-end ecosystems, operations
and information architectures. Each service or
business process designed to use – or to may later
on use – personal data must take all the necessary
security requirements into consideration at the initial
stages of their developments;
• Data Protection by default: The strictest privacy
settings and mechanisms must automatically apply
once a user acquires a new product or service; no
manual change to the privacy settings should be
required on the part of the user. The user ‘own’ or at
least controls its own data, by law
• Transparency of privacy policy: The Device
manufacturers should ensure that the user is and
remains clear and aware of privacy issues, choices it
makes and possible consequences thereof;
• Non-discriminatory practices: The vendor, supplier or
other provider should ensure non-discriminatory
practices against users and businesses on the basis of
information derived from digital ecosystems and
deployments;
• Accountability: Any vendor, supplier or other provider
should have the appropriate levels of being
accountable for regulatory, contractual and ethical
compliance, both upstream, midstream and
downstream in the ecosystem.
© ETSI 2019 51
4.3 How to Protect from Privacy Risks?Midstream - Professionals designing IoT products (Social Network)
In the world of IoT with connected devices where data from one device can be shared
with other devices depending on the platforms. The owner of the platforms is
responsible for maintaining the privacy of the data as this data is pushed by the user
(data subject) onto them. The social platform owner now becomes the data controller
and is subject to GDPR
In light of the GDPR, the following set of recommendations is relevant for such actors
Default settings of social applications based on IoT devices should ask users to review, edit and
decide on information generated by their device before publication on social platforms.
Default settings of IoT devices should allow end users to withdraw the originally given consent for the
processing of their personal data.
Information published by IoT devices on social platforms should, by default, not become public or be
indexed by search engines.
© ETSI 2019 52
4.4 How to Protect from Privacy Risks?Midstream – Professionals using IoT products (3rd Party App developers)
For professionals using IoT products e.g. a 3rd
party application developers an API is needed
for the developer to access software needed or
development.
Some of this Applications may be installed on an
“opt-in” or “opt-out” basis which is subject to
user’s prior consent.
These authorization request made by third-
party application developers needs to display
sufficient information for users consent to be
considered as specific and sufficiently informed.
The diagram across shows an example of an App
developer registering on an API to access 3rd
party service. API owner is the data controller
© ETSI 2019 53
4.4 How to Protect from Privacy Risks?Midstream – Professionals using IoT products- Recommendation
• Notices or warnings should be designed to frequently
remind users that sensors are collecting data. When
the application developer does not have a direct
access to the device, the app should periodically send
a notification to the user to let him know that it is still
recording data.
• Applications should facilitate the exercise of data
subject rights of access, modification and deletion of
personal information collected by IoT devices.
• Application developers should provide tools so that
data-subjects can export both raw and/or aggregated
data in a standard and usable format.
• Developers should pay special attention to the types
of data being processed and to the possibility of
inferring sensitive personal data from them.
• Application developers should apply a data
minimisation principle. More generally, developers
should follow a Privacy by Design approach and
minimise the amount of collected data to that
required to provide the service.
• Continuous Updates: From the inception of an IoT
device, it should be continuously updated in order to
reduce vulnerabilities.
• Encryption can and should be used as an effective
tool for ensuring the security of data.
© ETSI 2019 54
4.5 How to Protect from Privacy Risks?Midstream - IoT Platforms
IoT manufacturers are design standards platform interfaces with an aim to host the
data collected through different devices in order to centralize and simplify their
management.
Examples are the AIOTI platform and oneM2M platform. Such platforms may qualify as
data controllers in the fact that they collect user’s personal data for their own
purposes.
Recommendation:
Consent to use of connected device and to the resulting data processing must be informed and freely
given.
Data subject whose data is being processed in the context of a contractual relationship with the user
of a connected device should be in a position to administrate the device.
© ETSI 2019 55
4.6 How to Protect from Privacy Risks?Downstream - Individuals as Data Subjects: Subscribers, Users, Non-Users
GDPR applies to human personal data so within IoT if data collected are machine data
e.g temperature in a factory or sensor data from a sensor in a vegetable farm then they
are not subject to GDPR.
Also, if data collected although human data but are used exclusively for personal or
domestic purposes they will fall under the “house hold exemption”.
In IoT however this will be limited as IoT by nature considers user’s data that are
systematically transferred to device manufacturer, app developers and other 3rd
parties who qualify as data controllers.
© ETSI 2019 56
4.6 How to Protect from Privacy Risks?Downstream - Individuals as Data Subjects: Subscribers, Users, Non-Users
Recommendation
Consent to the use of a connected device and to the resulting data processing must be informed and
freely given. Users should not be economically penalized or have degraded access to the capabilities
of their devices if they decide not to use the device or a specific service.
The data subject whose data is being processed in the context of a contractual relationship with the
user of a connected device (i.e. hotel, health-insurance or a car renter) should be in a position to
administrate the device. Irrespective of the existence of any contractual relationship, any non-user
data subject must be in a capacity to exercise his/her rights of access and opposition.
Users of IoT devices should inform non-user data subjects whose data are collected of the presence
of IoT devices and the type of collected data. They should also respect the data subject’s preference
not to have their data collected by the device.
© ETSI 2019
Conclusion
© ETSI 2019 58
ConclusionPreliminary set of key takeways [To be finalized]
Roles and context matters
Risk can be only mitigated (not eliminated)
Risks also for society at large
© ETSI 2019
Other useful information
© ETSI 2019 60
A1. Other useful informationGuide to Certification in Privacy
Introduction
Guide to certification in Privacy
© ETSI 2019 61
A1. Other useful informationIntroduction
Aiming to increase organizations’ accountability in relation to the processing of personal data of
individuals, there may be need for training hence this section describes potential certification area
available today in the area of Privacy.
The International Association of Privacy Professionals (IAPP) is a non-profit, non-advocacy membership
association founded in 2000 The IAPP is responsible for developing and launching the only globally
recognized credentialing programs in information privacy:
The Certified Information Privacy Professional (CIPP),
The Certified Information Privacy Manager (CIPM)
The Certified Information Privacy Technologist (CIPT).
The CIPP, CIPM and CIPT are the leading privacy certifications for thousands of professionals around the
world who serve the data protection, information auditing, information security, legal compliance and/or
risk management needs of their organizations but they are not the only ones (https://iapp.org)
© ETSI 2019 62
A1. Other useful informationGuide to Certification in Privacy
A.1 Certified Information Privacy Professional (CIPP)
The CIPP is for IT and other professionals whose responsibility involves data privacy and protection
along with legal and compliance matters, plus information management, data governance, and
human resources.
A.2 Certified Information Privacy Manager (CIPM)
The CIPM targets people responsible for managing information privacy programs. It stresses both
knowledge of privacy law and regulations and how to translate that knowledge into workable
practices, policies, and procedures for organizations to adopt and employ day to day
A.3 Certified Information Privacy Technologist (CIPT)
The CIPT is for the people who implement the technical controls and components that go into a
privacy program. This credential is the most likely starting point for IT professionals interested in
working with data privacy and protection. It would be best coupled with the CIPP/E for those
interested in coming fully up to speed on GDPR.
© ETSI 2019
References
© ETSI 2019 64
References
ETSI TR 103 591: SmartM2M; Privacy study report; Standards Landscape and best practices
European Data Protection Supervisor: "Glossary", available at: https://edps.europa.eu/data-protection/data-protection/glossary_en
Cloud Service Level Agreement Standardisation Guidelines, available at https://ec.europa.eu/digital-single-market/en/news/cloud-service-level-
agreement-standardisation-guidelines
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the
processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), OJ 2016
L 119/1.
Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data)
Data Protection Working Party, Opinion 8/2014 on the Recent Developments on the Internet of Things, adopted on 16 September 2014
ETSI TR 103 534-1: SmartM2M; Teaching Material; Part 1: Security
Protecting Privacy and Data in the Internet of Things: Considerations and techniques for big data, machine learning and analytics February 2019
GSMA www.gsma.com
Privacy in Mobile Apps: Guidance for app developers ICO
ETSI TS 103 485: CYBER; Mechanisms for privacy assurance and verification
© ETSI 2019 65
Abbreviations
AIOTI Alliance for IoT Innovation
API Application Programming Interface
CIPM Certified Information Privacy Manager
CIPP Certified Information Privacy Professional
CIPT Certified Information Privacy Technologist
DPIA Data Protection Impact Assessment
DPO Data Protection Officer
ERP Enterprise Resource Planning
ETSI European Telecommunication Standards Institute
EU European Union
GDPR General Data Protection Regulation
IAPP International Association of Privacy Professionals
IoT Internet of Things
TR Technical Report
PREVIOUS SET OF SLIDES
TO BE MOVED BACK TO THE MAIN SECTIONS
66