tlabs - deutsche telekom
TRANSCRIPT
Understanding Privacy… … and data in personalized marketing: How to become a responsible data handler
ILLEGAL BIG DATA
You should be scared
…. ore at least awake right now. Good Morning!
Understanding Privacy…
… and data in personalized marketing: How to become a responsible data handler
EU Privacy Directive 95/46/EC
• It’s the law
• --- it must be boring
EU Privacy Directive 2016/680
• It’s the law
• --- it must stay boring
Relax …
• This is not my style
• I’m not a lawyer
• I’m an engineer.
Actually, I’m a researcher
• doing “real” research
• not “market” research
• (or do you deny that academia is “real”?)
• And: I’m a doctor
• but not a “real one”
I work for T-Labs
• Telekom Innovation Laboratories
(Deutsche Telekom’s R & D Unit)
• 300 Employees, DT-corporate and
Technical University researchers
• Our Slides look like this:
But not today
• Today I’m here to present some insights
we gained in our projects on data privacy
Privacy is NOT
• the preventer of innovative marketing
• an excuse for poor personalization
Innovative Privacy,
Privacy
Protection
Privacy
© dilbert.com
Privacy is Rather
• your opportunity for an USP
• a technology that serves your customers
• a source of deep insights to customer
preferences and fears
• A means to make the world a better place.
This talk is about
• Privacy enhancing technologies
• “Privacy By Design”
• Monetizing privacy (features)
• some trends in privacy research
• and YOUR quesitions!
This talk is NOT
• a legal training (§§)
• aimed at security experts
• a typical market research speech (sorry!)
• to be ignored
A few remarks impulses:
• Who owns user data?
• who controls them?
• who makes money with user data?
• Does privacy impact business?
YES! P.E.T. are here to
increase (your) profits!
• P.E.T. = Privacy Enhancing Technologies
• N.B.: P.E.T. also can increase your
customer’s profits/benefits (end customers)
Privacy Enhancing Technologies
• Cryptography
• Traceability
• Transparency
• Anonymization/Pseudonymization
• “artificial data”, “differential privacy” & more
• IT security
“Privacy By Design”
• by Ann Cavoukian (Privacy Commissioner of Ontario, Canada, 1995)
(https://www.ipc.on.ca/wp-content/uploads/Resources/7foundationalprinciples.pdf )
• general adoption in many countries and
companies
• a good starting point
Ann Cavoukian, PhD
Information & Privacy
Commissioner,
Ontario, Canada 10.11.2016
Concept, developed in the 1990s, still growing
Assumption:
Compliance and regulatory frameworks are not sufficient
Instead, privacy assurance must be “in the genes” of the
organization, so it will be its “default” mode of operation
and design/development.
PbD extends PETs (Privacy Extendig Technologies) to
PETplus added value!
applies to:
• IT systems, business practices,
• physical design and
• (networked) infrastructure
• … market research and CRM? …
PBD: 7 foundational principles
1. Proactive not reactive; Preventative not remedial
2. Privacy as the default setting
3. Privacy embedded into design
4. Full functionality – positive-sum, not zero-sum
5. End-to-end security – full lifecycle protection
6. Visibility and transparency – keep it open
7. Respect for user privacy – keep it user-centric
1. Proactive not Reactive; Preventative not
Remedial • The Privacy by Design (PbD) approach is characterized
by proactive rather than reactive measures. It anticipates
and prevents privacy-invasive events before they
happen. PbD does not wait for privacy risks to
materialize, nor does it offer remedies for resolving
privacy infractions once they have occurred – it aims to
prevent them from occurring. In short, Privacy by
Design comes before-the-fact, not after.
Have a privacy (by design) expert in your (design) team
2. Privacy as the Default Setting
• We can all be certain of one thing – the default rules!
Privacy by Design seeks to deliver the maximum degree
of privacy by ensuring that personal data are
automatically protected in any given IT system or
business practice. If an individual does nothing, their
privacy still remains intact. No action is required on the
part of the individual to protect their privacy – it is built
into the system, by default.
Let the user take over initiative (results in better quality insights)
3. Privacy Embedded into Design
• Privacy is embedded into the design and architecture of
IT systems and business practices. It is not bolted on as
an add-on, after the fact. The result is that it becomes an
essential component of the core functionality being
delivered. Privacy is integral to the system, without
diminishing functionality.
once done, this is easy to repeat later on in market research
4. Full Functionality – Positive-Sum, not Zero-
Sum • Privacy by Design seeks to accommodate all legitimate
interests and objectives in a positive-sum “win-win”
manner, not through a dated, zero-sum approach, where
unnecessary trade-offs are made. Privacy by Design
avoids the pretense of false dichotomies, such as privacy
vs. security, demonstrating that it is possible to have
both.
How can the “subject” of market research benefit? Think!
5. End-to-End Security – Full Lifecycle Protection
• Privacy by Design, having been embedded into the
system prior to the first element of information being
collected, extends throughout the entire lifecycle of the
data involved, from start to finish. This ensures that at the
end of the process, all data are securely destroyed, in a
timely fashion. Thus, Privacy by Design ensures cradle to
grave, lifecycle management of information, end-to-end.
security is a “must have” anyway. Why not use it for privacy too?
6. Visibility and Transparency – Keep it Open
• Privacy by Design seeks to assure all stakeholders that
whatever the business practice or technology involved, it
is in fact, operating according to the stated promises and
objectives, subject to independent verification. Its
component parts and operations remain visible and
transparent, to users and providers alike. Remember,
trust but verify.
Transparency guarantees insights (sic!)
7. Respect for User Privacy – Keep it User-Centric
• Above all, Privacy by Design requires architects and
operators to keep the interests of the individual
uppermost by offering such measures as strong privacy
defaults, appropriate notice, and empowering user-
friendly options. Keep it user-centric.
the “subject “ (end-customer) is the eventual source of your revenue
nice “side effect”: the user maintains his/her own data. So it stays
up-to-date with no extra effort (if done correctly ;-)
Example: Big Data & Privacy
New R&D project to start in Jan 2017:
• use “linked data”, a method of publishing structured
data so that it can be interlinked and become more useful
through semantic queries [Wikipedia]
• provide a “data dashboard” for tracking
• provide a “data cockpit” for control
expected outcome: more “opt ins” for survey and data usage
Benefits for the end user
reward the end user by
• money (simple but expensive and “vintage”)
• more accurate service offerings
• faster service delivery/operations
• gamification: let users compete and
compare their privacy settings/preferences
Be Open and Open Minded
• open your collection of personal data to the
end user (the source/owner of the data)
• open your derivates/conclusions of this
collection to the user. (no risk, no fun )
• open yourself and your data/findings to the
general public! (might be a challenge by itself!)
Trends in Privacy Research
• Differential Privacy
• Artificial Data
• Location Blur
• Blockchains (not always a P.E.T. !!)
• Apply to non-IT driven products (are their any?)
Thank you!
• Questions?
I hope so!
• Use the app, use your brain, and use your mouth!
• Contact me “privately”:
[email protected] +49 171b864 22 46
• https://www.linkedin.com/in/kurze