your user's privacy
DESCRIPTION
Speaker: Stefan WeissTRANSCRIPT
Your Users’ Privacy.How Web 2.0 application providers and developers can enhance their users’ privacy
Stefan WeissWeb 2.0 Expo BerlinNovember 8, 2007
2 ©2007 Deloitte & Touche GmbH WirtschaftsprüfungsgesellschaftWeb 2.0 Expo Berlin 2007
Your users may control the Information Age but …
3 ©2007 Deloitte & Touche GmbH WirtschaftsprüfungsgesellschaftWeb 2.0 Expo Berlin 2007
… are they controlling their own personal data too?
4 ©2007 Deloitte & Touche GmbH WirtschaftsprüfungsgesellschaftWeb 2.0 Expo Berlin 2007
•Personal data
•Information privacy
•Harmful, privacy-invasive activities
•Its importance for Web 2.0 applications
•Your responsibilities
•What to do?
What are we talking about?
5 ©2007 Deloitte & Touche GmbH WirtschaftsprüfungsgesellschaftWeb 2.0 Expo Berlin 2007
The EU (Art. 20 Working Party) has recently released an opinion on what they consider to be personal data
shall mean any information relating to an identified or identifiable natural person (“data subject”);
Personal data
1 Opinion 4/2007, WP 136, Article 29 Data Protection Working Party, adopted June 20, 2007.
an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors
specific to his physical, physiological, mental, economic, cultural or social identity.1
6 ©2007 Deloitte & Touche GmbH WirtschaftsprüfungsgesellschaftWeb 2.0 Expo Berlin 2007
EXAMPLES:
PERSONAL
• Name, Gender, Date of birth• Home address, Personal telephone number or Email• Government identifiers (ex. social security number, ID numbers)• Biometric identifier• Photograph or video identifiable to an individual• Behavioural information (e.g., in a CRM system)
HEALTH• Medical records, Health plan beneficiary information• Physical or mental health information• Provided health services or any information collected during the health service
FINANCIAL• Account numbers (bank accounts, credit cards, etc.)• Financial history• Salary information
SENSITIVE
• Racial or ethnic origin• Religious or philosophical beliefs• Trade-union membership• Sexual orientation• Offences, criminal convictions or security measures• Combinations of certain information (e.g., name and SSN)
That’s a broad definition and includes a lot of data that you are processing with your applications
7 ©2007 Deloitte & Touche GmbH WirtschaftsprüfungsgesellschaftWeb 2.0 Expo Berlin 2007
EXAMPLES:
PERSONAL
• Name, Gender, Date of birth• Home address, Personal telephone number or Email• Government identifiers (ex. social security number, ID numbers)• Biometric identifier• Photograph or video identifiable to an individual• Behavioural information (e.g., in a CRM system)
HEALTH• Medical records, Health plan beneficiary information• Physical or mental health information• Provided health services or any information collected during the health service
FINANCIAL• Account numbers (bank accounts, credit cards, etc.)• Financial history• Salary information
SENSITIVE
• Racial or ethnic origin• Religious or philosophical beliefs• Trade-union membership• Sexual orientation• Offences, criminal convictions or security measures• Combinations of certain information (e.g., name and SSN)
With 2.0 applications, add personal data that is indirectly used in a different context such as:
• Group and personal affiliations• User behaviour• Surfing patterns• Comments, opinions or feelings• Likes and dislikes• Graphical material (photos, videos)• Roles and functions• etc.
8 ©2007 Deloitte & Touche GmbH WirtschaftsprüfungsgesellschaftWeb 2.0 Expo Berlin 2007
Information privacy should determine when, how, and to what extent this personal data is processed.
“being the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is
communicated to others.2
Information Privacy
2 Alan Westin, Privacy and Freedom, 1967.
is defined as
9 ©2007 Deloitte & Touche GmbH WirtschaftsprüfungsgesellschaftWeb 2.0 Expo Berlin 2007
Privacy is not about getting your private space
10 ©2007 Deloitte & Touche GmbH WirtschaftsprüfungsgesellschaftWeb 2.0 Expo Berlin 2007
Harmful and privacy-invasive activities on the Web are continuously increasing
Examples for privacy invasive activities
Adware/Spyware
Appropriation
Blackmail
Breach of Confidentiality
Cyber Crime
Data Integrity
Discrimination
Distortion
Unwanted Exposure
Fraud
Identity Theft
Inaccuracy
Intrusion
Loss of Control
Lost Data
Misuse
Phishing
Sexual Solicitation
Spam
Unsolicited Marketing
Third Party Sharing
etc.2
2 Also see ENISA Position Paper No. 1 – Security Issues and Recommendations for Online Social Networks, October 2007.
11 ©2007 Deloitte & Touche GmbH WirtschaftsprüfungsgesellschaftWeb 2.0 Expo Berlin 2007
How come these guys didn’t think of that?
12 ©2007 Deloitte & Touche GmbH WirtschaftsprüfungsgesellschaftWeb 2.0 Expo Berlin 2007
And how does that relate to the Web 2.0?
13 ©2007 Deloitte & Touche GmbH WirtschaftsprüfungsgesellschaftWeb 2.0 Expo Berlin 2007
Do you know Freddie Staur4?
4 www.sophos.com/facebook, Survey among 200 randomly chosen Facebook users, August 2007.
•Sophos Facebook ID probe shows 41% of users happy to reveal all to potential identity thieves
•Research highlights dangers of irresponsible behavior on social networking sites
14 ©2007 Deloitte & Touche GmbH WirtschaftsprüfungsgesellschaftWeb 2.0 Expo Berlin 2007
Privacy 2.0 needs to address new challenges that go way beyond simple data protection measures
New rules
on the Web 2.02
New Privacy Challenges
Openness Openness contradicts protection schemes
Peering Peer-produced personal data
Sharing Difficult to set data ownership
Acting globally Myriad of rules and regulations to adhere to
2 Don Tapscott, “Wikinomics – How Mass Collaboration Changes Everything”, December 2006.
15 ©2007 Deloitte & Touche GmbH WirtschaftsprüfungsgesellschaftWeb 2.0 Expo Berlin 2007
•Data security
•Information hiding
•Access control
•And maybe limiting the collection of data
Privacy 1.0 focused more on access authorization and protecting data
16 ©2007 Deloitte & Touche GmbH WirtschaftsprüfungsgesellschaftWeb 2.0 Expo Berlin 2007
1.0
Limit data collectionDisguise identity
Only authorized access
2.0
Data is everywhereVisible identity
Everyone can see
Contradictions
But simple data protection measures do not work for lots of Web 2.0 applications
17 ©2007 Deloitte & Touche GmbH WirtschaftsprüfungsgesellschaftWeb 2.0 Expo Berlin 2007
Example: New group dynamics in social networking applications create more complex data structures
Source: Forrester Research “Social Computing Upends Past Knowledge Management Archetypes” Report, March 8, 2007
18 ©2007 Deloitte & Touche GmbH WirtschaftsprüfungsgesellschaftWeb 2.0 Expo Berlin 2007
Example: Attractive user data on social networking sites increase the expected risk of data abuse
19 ©2007 Deloitte & Touche GmbH WirtschaftsprüfungsgesellschaftWeb 2.0 Expo Berlin 2007
Challenge: Manage the Privacy 2.0 Bermuda Triangle
User’s Privacy
Data iseverywhere
High value ofpersonal data
Vulnerabletechnology
20 ©2007 Deloitte & Touche GmbH WirtschaftsprüfungsgesellschaftWeb 2.0 Expo Berlin 2007
•Meeting user expectations
•Complying with laws and regulations
•Protecting your company’s assets, brand and image
•Communicating your data handling practices openly
What are your responsibilities?
21 ©2007 Deloitte & Touche GmbH WirtschaftsprüfungsgesellschaftWeb 2.0 Expo Berlin 2007
Allow the user to participate (!) and address all privacy principles (not only data protection)
Self-Control•Have the user control his data
•Provide choices (privacy settings)
Rules for Usage
•Context-driven
•Assign purpose to data
•Assure data provenance is known
Accountability
•Set privacy policies, code of conduct
•Provide notices and “alarms”
•Full transparency over what you do
•Control third-party sharing
22 ©2007 Deloitte & Touche GmbH WirtschaftsprüfungsgesellschaftWeb 2.0 Expo Berlin 2007
•their personal data is processed fairly and only for the “specified” purpose
•you comply with laws and regulations
At a minimum, your users expect from you as a provider that
23 ©2007 Deloitte & Touche GmbH WirtschaftsprüfungsgesellschaftWeb 2.0 Expo Berlin 2007
Compliance goes beyond local data protection laws
Laws and Regulations(Regional, National/Federal, State)
Contracts, Service Agreements
Professional/Industry Standards
Brand/Competitive Requirements
Corporate Policies, Codes of Conduct
Privacy
Requirements
24 ©2007 Deloitte & Touche GmbH WirtschaftsprüfungsgesellschaftWeb 2.0 Expo Berlin 2007
It is like steering a treasure chest full of personal data
through the rough and open waters of Cyberspace …
25 ©2007 Deloitte & Touche GmbH WirtschaftsprüfungsgesellschaftWeb 2.0 Expo Berlin 2007
How to deal with pirates:Anti-fraud, Unfair practices
(UDTP, CAN-SPAM, JFPA etc.)
How to handle and steer the ship through different waters:Regional, federal or state data protection legislation
(BDSG, EU Directive, PIPEDA etc.)
How to protect the most valuable treasures:Financial data, credit data, health data
(GLBA, FCRA, FACTA, HIPPA, etc.)
Protecting very vulnerable gems:Personal data from children
(COPPA)
How to signal and communicate:Email, Fax, Telecommunications
(E-Privacy Directive, TCPA, TSR, etc.)
26 ©2007 Deloitte & Touche GmbH WirtschaftsprüfungsgesellschaftWeb 2.0 Expo Berlin 2007
Privacy and data protection legislation that are similar in various jurisdictions
Special privacy and data protection regulations that may go beyond the „norm“. SB 13
86
EU n
atio
nal
80%
laws
COPPA
20%
EU Dire
ctive
You need to set up your individual compliance strategy – what applies to you?
27 ©2007 Deloitte & Touche GmbH WirtschaftsprüfungsgesellschaftWeb 2.0 Expo Berlin 2007
• Consent and Choice
• Accountability
• Purpose Specification
• Collection Limitation
• Use, Retention and Disclosure Limitation
• Data Minimization
• Accuracy and Quality
• Openness, Transparency and Notice
• Individual Participation and Access
• Security Safeguards
• Compliance
Adhering to the following set of internationally applicable Privacy Principles should be your strategy
28 ©2007 Deloitte & Touche GmbH WirtschaftsprüfungsgesellschaftWeb 2.0 Expo Berlin 2007
Using the following data life cycle reference framework focuses your efforts to key data processes
Colle
ctio
n
Usage
Storage
Transfer
Dis
posa
l
1
2
3
4
5
•Which privacy requirements do you have to think about in each data processing life cycle?
29 ©2007 Deloitte & Touche GmbH WirtschaftsprüfungsgesellschaftWeb 2.0 Expo Berlin 2007
Implementing a Privacy Management Program
Assess
Maintain
Design
Communicate
PrivacyProgram .
30 ©2007 Deloitte & Touche GmbH WirtschaftsprüfungsgesellschaftWeb 2.0 Expo Berlin 2007
The challenge remains on how to communicate your privacy handling practices to your users!
31 ©2007 Deloitte & Touche GmbH WirtschaftsprüfungsgesellschaftWeb 2.0 Expo Berlin 2007
How to communicate to your users?
32 ©2007 Deloitte & Touche GmbH WirtschaftsprüfungsgesellschaftWeb 2.0 Expo Berlin 2007
How to communicate to your users?
Source: Mary Rundle, International Data Protection and Digital Identity Management Tools, mrundle[at]cyber.law.harvard.edu, 2006.
33 ©2007 Deloitte & Touche GmbH WirtschaftsprüfungsgesellschaftWeb 2.0 Expo Berlin 2007
• Basic elements of a Website privacy policy– Surrounding tags– Entity information– Access information– Dispute/Remedies information– Statements regarding the data practices– Information types within categories tag (see Appendix 1)
• Cookies Handling Practices (Appendix 4)
• Example for user tool: ‘Privacy Bird’(www.privacybird.org)
• Tagging Data in P3P (see Appendices 1-3)
Communicating your Privacy Policy Using P3P3
3 Helena and Stefan Lindskog, “Web Site Privacy with P3P”, Wiley Publishing, Inc., 2003.
34 ©2007 Deloitte & Touche GmbH WirtschaftsprüfungsgesellschaftWeb 2.0 Expo Berlin 2007
And what if you don’t?
Think of
• Compliance with laws and regulations
• Corporate Liability
• Image, Brand Reputation
• Your users’ expectations
• Trust
35 ©2007 Deloitte & Touche GmbH WirtschaftsprüfungsgesellschaftWeb 2.0 Expo Berlin 2007
“History will record what we, here in the early
decades of the information age, did to foster
freedom, liberty and democracy."
-- Bruce Schneier, July 15, 2007
36 ©2007 Deloitte & Touche GmbH WirtschaftsprüfungsgesellschaftWeb 2.0 Expo Berlin 2007
Contact Details
Stefan WeissSenior Manager Security & Privacy Services
Franklinstrasse 5060486 Frankfurt am MainTel.: + 49 69 75695 6355 Fax: + 49 69 75695 6719Mobile + 49 172 3590 [email protected]/de/security
Stefan WeissPhD Student T-Mobile Chair of M-Commerce and Multilateral Security
Gräfstraße 7860054 Frankfurt am MainTel.: + 49 69 798 25301 Fax: + 49 69 798 25306Mobile + 49 172 3590 [email protected]
Member ofDeloitte Touche Tohmatsu
Deloitte refers to one or more of Deloitte Touche Tohmatsu, a Swiss Verein, its member firms, and their respective subsidiaries and affiliates. As a Swiss Verein (association), neither Deloitte Touche Tohmatsu nor any of its member firms has any liability for each other's acts or omissions. Each of the member firms is a separate and independent legal entity operating under the names "Deloitte", "Deloitte & Touche", "Deloitte Touche Tohmatsu", or other related names. Services are provided by the member firms or their subsidiaries or affiliates and not by the Deloitte Touche Tohmatsu Verein. Copyright ©2007 by Deloitte Touche Tohmatsu. All rights reserved.
38 ©2007 Deloitte & Touche GmbH WirtschaftsprüfungsgesellschaftWeb 2.0 Expo Berlin 2007
<physical/> <state/>
<online/> <political/>
<uniqueid/> <health/>
<purchase/> <preference/>
<financial/> <location/>
<computer/> <government/>
<navigation/>
<interactive/> <other-category>
<demographic/> string
<content/> </other-category>
Appendix 1Possible Elements within the Categories Tag
39 ©2007 Deloitte & Touche GmbH WirtschaftsprüfungsgesellschaftWeb 2.0 Expo Berlin 2007
<current/>
<admin/>
<develop/>
<tailoring/>
<pseudo-analysis/>
<pseudo-decision/>
<individual-analysis/>
<individual-decision/>
<contact/>
<historical/>
<telemarketing/>
Appendix 2Possible Elements within the Purpose Tag
40 ©2007 Deloitte & Touche GmbH WirtschaftsprüfungsgesellschaftWeb 2.0 Expo Berlin 2007
<ours/>
<delivery/>
<same/>
<other-recipient/>
<unrelated/>
<public/>
Appendix 3Possible Elements within the Recipient Tag
41 ©2007 Deloitte & Touche GmbH WirtschaftsprüfungsgesellschaftWeb 2.0 Expo Berlin 2007
• Include statements on cookies in your privacy policy
• Remember to enhance user privacy also by managing the data used for cookies
• Do not store any data in a cookie (only on a server)
• Add the following tokens to the policy statements on cookies practices for:
– Access, Remedies, Purpose, Recipient, Retention, Categories
• The use of cookies within European countries will be allowed only if the user is provided with clear and comprehensive information about the purpose of the cookies and is offered the right to refuse cookies –thus, the need for policy statements is clear!
Appendix 4A Privacy Recipe for Cookies
42 ©2007 Deloitte & Touche GmbH WirtschaftsprüfungsgesellschaftWeb 2.0 Expo Berlin 2007
Call for Participation
Research Study on Concerns for Information Privacy in Social Networking (Web 2.0) Applications
Inviting Privacy, Security, and Web 2.0 Experts
Stefan WeissJohann Wolfgang Goethe UniversityFrankfurt am MainNovember 8, 2007
43 ©2007 Deloitte & Touche GmbH WirtschaftsprüfungsgesellschaftWeb 2.0 Expo Berlin 2007
Research Goals and Research Methods
Research Goals
• Conduct expert surveys to understand and focus in on most important requirements for a privacy-enhanced Web experience
• Develop privacy-enhanced method/concept for Social Networking (Web 2.0) Applications
Research Method: Series of 2-3 expert surveys (Delphi)
• Get understanding of main concerns, requirements and existing material
• Applying applicable expert knowledge to technical use case „Social Networking Applications“
• Evaluating and justifying the privacy-enhanced method to be developed
44 ©2007 Deloitte & Touche GmbH WirtschaftsprüfungsgesellschaftWeb 2.0 Expo Berlin 2007
Your Participation
Requirements for Participation
• Have good expertise on either one or all of these areas: privacy, security or web 2.0 applications
• Maximum of 3 x 40 minutes of your time over the course of 6 months
Notes
• Research is university research and will be made public through the published PhD thesis
• Your personal information is not used for any other purpose than contacting you throughout the research project
Please speak to me or write me an Email if you like to participate:
+49 172 3590674