your user's privacy

Your Users’ Privacy.How Web 2.0 application providers and developers can enhance their users’ privacy

Stefan WeissWeb 2.0 Expo BerlinNovember 8, 2007

2 ©2007 Deloitte & Touche GmbH WirtschaftsprüfungsgesellschaftWeb 2.0 Expo Berlin 2007

Your users may control the Information Age but …


… are they controlling their own personal data too?


•Personal data

•Information privacy

•Harmful, privacy-invasive activities

•Its importance for Web 2.0 applications

•Your responsibilities

•What to do?

What are we talking about?


The EU (Art. 20 Working Party) has recently released an opinion on what they consider to be personal data

shall mean any information relating to an identified or identifiable natural person (“data subject”);

Personal data

1 Opinion 4/2007, WP 136, Article 29 Data Protection Working Party, adopted June 20, 2007.

an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors

specific to his physical, physiological, mental, economic, cultural or social identity.1


EXAMPLES:

PERSONAL

• Name, Gender, Date of birth• Home address, Personal telephone number or Email• Government identifiers (ex. social security number, ID numbers)• Biometric identifier• Photograph or video identifiable to an individual• Behavioural information (e.g., in a CRM system)

HEALTH• Medical records, Health plan beneficiary information• Physical or mental health information• Provided health services or any information collected during the health service

FINANCIAL• Account numbers (bank accounts, credit cards, etc.)• Financial history• Salary information

SENSITIVE

• Racial or ethnic origin• Religious or philosophical beliefs• Trade-union membership• Sexual orientation• Offences, criminal convictions or security measures• Combinations of certain information (e.g., name and SSN)

That’s a broad definition and includes a lot of data that you are processing with your applications


EXAMPLES:

PERSONAL

• Name, Gender, Date of birth• Home address, Personal telephone number or Email• Government identifiers (ex. social security number, ID numbers)• Biometric identifier• Photograph or video identifiable to an individual• Behavioural information (e.g., in a CRM system)

HEALTH• Medical records, Health plan beneficiary information• Physical or mental health information• Provided health services or any information collected during the health service

FINANCIAL• Account numbers (bank accounts, credit cards, etc.)• Financial history• Salary information

SENSITIVE

• Racial or ethnic origin• Religious or philosophical beliefs• Trade-union membership• Sexual orientation• Offences, criminal convictions or security measures• Combinations of certain information (e.g., name and SSN)

With 2.0 applications, add personal data that is indirectly used in a different context such as:

• Group and personal affiliations• User behaviour• Surfing patterns• Comments, opinions or feelings• Likes and dislikes• Graphical material (photos, videos)• Roles and functions• etc.


Information privacy should determine when, how, and to what extent this personal data is processed.

“being the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is

communicated to others.2

Information Privacy

2 Alan Westin, Privacy and Freedom, 1967.

is defined as


Privacy is not about getting your private space


Harmful and privacy-invasive activities on the Web are continuously increasing

Examples for privacy invasive activities

Adware/Spyware

Appropriation

Blackmail

Breach of Confidentiality

Cyber Crime

Data Integrity

Discrimination

Distortion

Unwanted Exposure

Fraud

Identity Theft

Inaccuracy

Intrusion

Loss of Control

Lost Data

Misuse

Phishing

Sexual Solicitation

Spam

Unsolicited Marketing

Third Party Sharing

etc.2

2 Also see ENISA Position Paper No. 1 – Security Issues and Recommendations for Online Social Networks, October 2007.


How come these guys didn’t think of that?


And how does that relate to the Web 2.0?


Do you know Freddie Staur4?

4 www.sophos.com/facebook, Survey among 200 randomly chosen Facebook users, August 2007.

•Sophos Facebook ID probe shows 41% of users happy to reveal all to potential identity thieves

•Research highlights dangers of irresponsible behavior on social networking sites

http://www.sophos.com/facebook


Privacy 2.0 needs to address new challenges that go way beyond simple data protection measures

New rules

on the Web 2.02

New Privacy Challenges

Openness Openness contradicts protection schemes

Peering Peer-produced personal data

Sharing Difficult to set data ownership

Acting globally Myriad of rules and regulations to adhere to

2 Don Tapscott, “Wikinomics – How Mass Collaboration Changes Everything”, December 2006.


•Data security

•Information hiding

•Access control

•And maybe limiting the collection of data

Privacy 1.0 focused more on access authorization and protecting data


1.0

Limit data collectionDisguise identity

Only authorized access

2.0

Data is everywhereVisible identity

Everyone can see

Contradictions

But simple data protection measures do not work for lots of Web 2.0 applications


Example: New group dynamics in social networking applications create more complex data structures

Source: Forrester Research “Social Computing Upends Past Knowledge Management Archetypes” Report, March 8, 2007


Example: Attractive user data on social networking sites increase the expected risk of data abuse


Challenge: Manage the Privacy 2.0 Bermuda Triangle

User’s Privacy

Data iseverywhere

High value ofpersonal data

Vulnerabletechnology


•Meeting user expectations

•Complying with laws and regulations

•Protecting your company’s assets, brand and image

•Communicating your data handling practices openly

What are your responsibilities?


Allow the user to participate (!) and address all privacy principles (not only data protection)

Self-Control•Have the user control his data

•Provide choices (privacy settings)

Rules for Usage

•Context-driven

•Assign purpose to data

•Assure data provenance is known

Accountability

•Set privacy policies, code of conduct

•Provide notices and “alarms”

•Full transparency over what you do

•Control third-party sharing


•their personal data is processed fairly and only for the “specified” purpose

•you comply with laws and regulations

At a minimum, your users expect from you as a provider that


Compliance goes beyond local data protection laws

Laws and Regulations(Regional, National/Federal, State)

Contracts, Service Agreements

Professional/Industry Standards

Brand/Competitive Requirements

Corporate Policies, Codes of Conduct

Privacy

Requirements


It is like steering a treasure chest full of personal data

through the rough and open waters of Cyberspace …


How to deal with pirates:Anti-fraud, Unfair practices

(UDTP, CAN-SPAM, JFPA etc.)

How to handle and steer the ship through different waters:Regional, federal or state data protection legislation

(BDSG, EU Directive, PIPEDA etc.)

How to protect the most valuable treasures:Financial data, credit data, health data

(GLBA, FCRA, FACTA, HIPPA, etc.)

Protecting very vulnerable gems:Personal data from children

(COPPA)

How to signal and communicate:Email, Fax, Telecommunications

(E-Privacy Directive, TCPA, TSR, etc.)


Privacy and data protection legislation that are similar in various jurisdictions

Special privacy and data protection regulations that may go beyond the „norm“. SB 13

86

EU n

atio

nal

80%

laws

COPPA

20%

EU Dire

ctive

You need to set up your individual compliance strategy – what applies to you?


• Consent and Choice

• Accountability

• Purpose Specification

• Collection Limitation

• Use, Retention and Disclosure Limitation

• Data Minimization

• Accuracy and Quality

• Openness, Transparency and Notice

• Individual Participation and Access

• Security Safeguards

• Compliance

Adhering to the following set of internationally applicable Privacy Principles should be your strategy


Using the following data life cycle reference framework focuses your efforts to key data processes

Colle

ctio

n

Usage

Storage

Transfer

Dis

posa

l

1

2

3

4

5

•Which privacy requirements do you have to think about in each data processing life cycle?


Implementing a Privacy Management Program

Assess

Maintain

Design

Communicate

PrivacyProgram .


The challenge remains on how to communicate your privacy handling practices to your users!


How to communicate to your users?


How to communicate to your users?

Source: Mary Rundle, International Data Protection and Digital Identity Management Tools, mrundle[at]cyber.law.harvard.edu, 2006.


• Basic elements of a Website privacy policy– Surrounding tags– Entity information– Access information– Dispute/Remedies information– Statements regarding the data practices– Information types within categories tag (see Appendix 1)

• Cookies Handling Practices (Appendix 4)

• Example for user tool: ‘Privacy Bird’(www.privacybird.org)

• Tagging Data in P3P (see Appendices 1-3)

Communicating your Privacy Policy Using P3P3

3 Helena and Stefan Lindskog, “Web Site Privacy with P3P”, Wiley Publishing, Inc., 2003.

http://www.privacybird.org/


And what if you don’t?

Think of

• Compliance with laws and regulations

• Corporate Liability

• Image, Brand Reputation

• Your users’ expectations

• Trust


“History will record what we, here in the early

decades of the information age, did to foster

freedom, liberty and democracy."

-- Bruce Schneier, July 15, 2007


Contact Details

Stefan WeissSenior Manager Security & Privacy Services

Franklinstrasse 5060486 Frankfurt am MainTel.: + 49 69 75695 6355 Fax: + 49 69 75695 6719Mobile + 49 172 3590 [email protected]/de/security

Stefan WeissPhD Student T-Mobile Chair of M-Commerce and Multilateral Security

Gräfstraße 7860054 Frankfurt am MainTel.: + 49 69 798 25301 Fax: + 49 69 798 25306Mobile + 49 172 3590 [email protected]

Member ofDeloitte Touche Tohmatsu

Deloitte refers to one or more of Deloitte Touche Tohmatsu, a Swiss Verein, its member firms, and their respective subsidiaries and affiliates. As a Swiss Verein (association), neither Deloitte Touche Tohmatsu nor any of its member firms has any liability for each other's acts or omissions. Each of the member firms is a separate and independent legal entity operating under the names "Deloitte", "Deloitte & Touche", "Deloitte Touche Tohmatsu", or other related names. Services are provided by the member firms or their subsidiaries or affiliates and not by the Deloitte Touche Tohmatsu Verein. Copyright ©2007 by Deloitte Touche Tohmatsu. All rights reserved.


<physical/> <state/>

<online/> <political/>

<uniqueid/> <health/>

<purchase/> <preference/>

<financial/> <location/>

<computer/> <government/>

<navigation/>

<interactive/> <other-category>

<demographic/> string

<content/> </other-category>

Appendix 1Possible Elements within the Categories Tag


<current/>

<admin/>

<develop/>

<tailoring/>

<pseudo-analysis/>

<pseudo-decision/>

<individual-analysis/>

<individual-decision/>

<contact/>

<historical/>

<telemarketing/>

Appendix 2Possible Elements within the Purpose Tag


<ours/>

<delivery/>

<same/>

<other-recipient/>

<unrelated/>

<public/>

Appendix 3Possible Elements within the Recipient Tag


• Include statements on cookies in your privacy policy

• Remember to enhance user privacy also by managing the data used for cookies

• Do not store any data in a cookie (only on a server)

• Add the following tokens to the policy statements on cookies practices for:

– Access, Remedies, Purpose, Recipient, Retention, Categories

• The use of cookies within European countries will be allowed only if the user is provided with clear and comprehensive information about the purpose of the cookies and is offered the right to refuse cookies –thus, the need for policy statements is clear!

Appendix 4A Privacy Recipe for Cookies


Call for Participation

Research Study on Concerns for Information Privacy in Social Networking (Web 2.0) Applications

Inviting Privacy, Security, and Web 2.0 Experts

Stefan WeissJohann Wolfgang Goethe UniversityFrankfurt am MainNovember 8, 2007


Research Goals and Research Methods

Research Goals

• Conduct expert surveys to understand and focus in on most important requirements for a privacy-enhanced Web experience

• Develop privacy-enhanced method/concept for Social Networking (Web 2.0) Applications

Research Method: Series of 2-3 expert surveys (Delphi)

• Get understanding of main concerns, requirements and existing material

• Applying applicable expert knowledge to technical use case „Social Networking Applications“

• Evaluating and justifying the privacy-enhanced method to be developed


Your Participation

Requirements for Participation

• Have good expertise on either one or all of these areas: privacy, security or web 2.0 applications

• Maximum of 3 x 40 minutes of your time over the course of 6 months

Notes

• Research is university research and will be made public through the published PhD thesis

• Your personal information is not used for any other purpose than contacting you throughout the research project

Please speak to me or write me an Email if you like to participate:

[email protected]

+49 172 3590674

mailto:[email protected]

your user's privacy

Technology