SlideShare une entreprise Scribd logo

The 3 Secrets of Online Privacy

Télécharger en tant que PPTX, PDF
Laurent Liscia
Laurent Liscia

Everyone seems to think that Big Social has made privacy a thing of the past. Think again. It's a human right and it's on the Endangered Species list, but there are ways to save it. Find out how.

TechnologieActualités & Politique
1  sur  35
Secret Truths about Privacy 1. Privacy is subject to the Law of Unintended Consequences 2. Knowledge is Power: Consumers should know what privacy Faustian pacts they’re signing 3. Privacy requires technical and policy standards! Laurent Liscia, CEO OASIS Open 1
Big Data: A Brave New Privacy World 2
The Westchester Gun Map Harmless, right? Do the maps show everyone in my neighborhood who owns a gun? No. New York law does not require a permit to own a long gun such as a rifle or shotgun. How was this information obtained? Through requests to the individual county clerks under New York’s Freedom of Information Law. Isn’t that private information? No. There is no right to privacy regarding handgun ownership in New York. [Source: The Journal News] 3
4
The Gun Map Proved Quite Harmful • Interactive map included names and addresses of police officers and prison guards: inmates used the map to find out where they lived and threaten them. • Former thieves said criminals could use map either to target houses with no guns (to avoid getting shot) or take the risk and steal the weapons themselves. • Democratic legislator: “I never owned a gun but now have no choice. I have been exposed as someone that has no gun. And I’ll do anything to protect my family.” • Resident feared her ex, who tried to kill her in past, might find her with the map • Journalists received death threats, stationed an armed guard outside their offices. 5
Lesson From The Gun Map • If you juxtapose two perfectly legit data sources: online maps and gun ownership information for instance, you can enter scary privacy territory • That’s the Law of Unintended Consequences 6
European Genetic Map, Harmless, right? 7
Maybe 8
Potentially Harmful Implications “Imagine if you could figure out what town a criminal’s ancestors were likely from based on DNA alone?” Razib Khan, Discover Magazine You can’t stop ideas that threaten privacy from popping up: yet another instance of the Law of Unintended Consequences 9
3D Map of Vancouver: Harmless, right? 10
11
Here’s Why: The Law of Unintended Consequences What if you could juxtapose two data sets and target specific occupants of the building ? 12
What About A Beautiful Wind Map? http://hint.fm/wind/ 13
Pure science Big Data visualizations that provide a useful service and don’t rely on personal data are clearly OK 14
1st takeaway: Juxtaposing data sets (what Big Data does!) may result in privacy nightmares 15
2. A Detour Through Big Social 16
Big Social Can Make Great Things Better … Tahriri Square 17
• Audrie Pott and Rehtaeh Parsons both committed suicide after photos documenting how they had been sexually assaulted were circulated on social media • In both cases, many sided with the assailants rather than victims, calling them “sluts” And Bad Things Worse 18
Annoying! Social Media Is Always Asking for More 19
Is Privacy a Top Issue for Big Social? Who said: “All these concerns about privacy tend to be old-people issues”? ? 20
Reid Hoffman 21
Is Privacy In Big Social’s Business Model ? • Nope • “Google to pay record $22.5 million fine for Safari privacy evasion” [2012] • Twitter agreed to settle charges that it "deceived customers" and failed to protect their personal information [FTC fine, 2010] 22
Is Privacy Even Possible in Big Social? “Just remember when you post something, the computers remember forever” “Every young person one day will be entitled automatically to change his or her name on reaching adulthood in order to disown youthful hijinks stored on their friends’ social media sites.” Eric Schmidt, when he was CEO of Google 23
2nd Takeaway: It’s OK for you to be the product when you’re not paying … if you know what you’re signing up for ? 24
Reactive or Proactive: Your Call 25
Privacy Regulation in Europe EU Data Protection Regulation will cover everything from consent to data portability and the right to be forgotten and will apply to any company storing EU resident data whether it’s HQ’d in the EU or not 26
Privacy Regulation in the US 27 The US approach is more laissez-faire, but also more unpredictable. To wit: the Do Not Track proposal from Sen. Jay Rockefeller following 2012 White House "Consumer Privacy Bill of Rights" asking industry to give consumers control over their personal information and Congress to pass laws.
Memorable Privacy Quotes "I do not believe that companies with business models based on the collection and monetization of personal information will voluntarily stop those practices if it negatively impacts their profit margins.“ Jay Rockefeller “Consumers are very pragmatic people. They want free content. They understand there's a value exchange. And they're OK with it.” Lou Mastria, director of the Digital Advertising Alliance ““You are the product!” Oh, fuck, off! For many people it wasn’t the new T&C that was the problem, it was that Instagram was no longer a service we felt comfortable making our “we’re the product deal” with.” Rev Dan Catt, blogger 28 You’re the consumer: how do YOU feel about it?
Do the Right Thing: Learn & Participate • Big Data and Privacy discussions of OECD’s ITAC http://www.internetac.org/wp-content/uploads/2012/10/UPDATE-ITAC-WPISP-v02.pdf • NSTIC’s Privacy Evaluation Methodology http://www.idecosystem.org/filedepot?fid=404 • European Data Protection & Privacy Conference http://www.eu-ems.com/summary.asp?event_id=123&page_id=983 • Kuppinger Cole’s EIC – premier event for Privacy • Listen to all sides! EPIC, EFF, Project VRM http://epic.org/privacy/intl/eu_data_protection_directive.html http://cyber.law.harvard.edu/projectvrm/Main_Page 29
Do the Right Thing: Scour the Web for Cool Big Data & Privacy Stuff! • Drummond Reed’s RESPECT network puts data control back into each user’s hands: http://respectnetwork.com/ • Kaliya Hamlin’s Personal Data Ecosystem reminds companies to put the user back at the center of their own data - http://pde.cc/ • Read Kord Davis’s “Ethics of Big Data: Balancing Risk and Innovation” http://www.goodreads.com/book/show/13230994-ethics-of-big-data 30
Do the Right Thing: Play in Standards – If you thought XACML was not relevant yet, you’d better think ahead to 2014: http://j.mp/oasisXACML – PMRM's model for translating & mapping privacy policies into a service architecture: http://j.mp/oasisPMRM – PbD-SE: Privacy by Design for Software Engineers: http://j.mp/PbDoasis 31 Help MAKE and IMPLEMENT open privacy standards, for access control, policy enforcement and impact assessment!
What To Do About The 3 Privacy Truths 1. You can’t dodge the Law of Unintended Consequences but when you’re processing several data sets, remind yourself that YOU are one of the people whose privacy is at risk and use the Golden Rule. 32
2. Knowledge is Power: Give the power to your customers to opt in and opt out at every possible turn 33
3. Standards make privacy easier to preserve. Get involved, NOW. http://www.oasis-open.org 34
Laurent Liscia, CEO OASIS首席执行官 [As a reminder that we haven’t covered Privacy and Big Data in Asia …] http://www.oasis-open.org 謝謝! 35

Recommandé

Florida social media
Florida social mediaFlorida social media
Florida social mediaNicole Black
 
Pennsylvania Rules on Lawyers Using Cloud Computing
Pennsylvania Rules on Lawyers Using Cloud ComputingPennsylvania Rules on Lawyers Using Cloud Computing
Pennsylvania Rules on Lawyers Using Cloud ComputingNicole Black
 
Privacy law and policy 2 - LIS550
Privacy law and policy 2 - LIS550 Privacy law and policy 2 - LIS550
Privacy law and policy 2 - LIS550 Brian Rowe
 
Whitt a deference to protocol revised journal draft december 2012 120612
Whitt a deference to protocol revised journal draft december 2012 120612Whitt a deference to protocol revised journal draft december 2012 120612
Whitt a deference to protocol revised journal draft december 2012 120612rswhitt1
 
Social media, surveillance and censorship
Social media, surveillance and censorshipSocial media, surveillance and censorship
Social media, surveillance and censorshiplilianedwards
 
Social Media Evidence: Ethics and Best Practices for Lawyers
Social Media Evidence: Ethics and Best Practices for LawyersSocial Media Evidence: Ethics and Best Practices for Lawyers
Social Media Evidence: Ethics and Best Practices for LawyersNicole Black
 
Chapter 8 big data and privacy
Chapter 8 big data and privacyChapter 8 big data and privacy
Chapter 8 big data and privacyopeyemiatilola1992
 
Privacy, Drones, and IoT
Privacy, Drones, and IoTPrivacy, Drones, and IoT
Privacy, Drones, and IoTLAURA VIVET
 

Recommandé

Florida social media
Florida social mediaFlorida social media
Florida social mediaNicole Black
 
Pennsylvania Rules on Lawyers Using Cloud Computing
Pennsylvania Rules on Lawyers Using Cloud ComputingPennsylvania Rules on Lawyers Using Cloud Computing
Pennsylvania Rules on Lawyers Using Cloud ComputingNicole Black
 
Privacy law and policy 2 - LIS550
Privacy law and policy 2 - LIS550 Privacy law and policy 2 - LIS550
Privacy law and policy 2 - LIS550 Brian Rowe
 
Whitt a deference to protocol revised journal draft december 2012 120612
Whitt a deference to protocol revised journal draft december 2012 120612Whitt a deference to protocol revised journal draft december 2012 120612
Whitt a deference to protocol revised journal draft december 2012 120612rswhitt1
 
Social media, surveillance and censorship
Social media, surveillance and censorshipSocial media, surveillance and censorship
Social media, surveillance and censorshiplilianedwards
 
Social Media Evidence: Ethics and Best Practices for Lawyers
Social Media Evidence: Ethics and Best Practices for LawyersSocial Media Evidence: Ethics and Best Practices for Lawyers
Social Media Evidence: Ethics and Best Practices for LawyersNicole Black
 
Chapter 8 big data and privacy
Chapter 8 big data and privacyChapter 8 big data and privacy
Chapter 8 big data and privacyopeyemiatilola1992
 
Privacy, Drones, and IoT
Privacy, Drones, and IoTPrivacy, Drones, and IoT
Privacy, Drones, and IoTLAURA VIVET
 
Regulating code
Regulating codeRegulating code
Regulating codeblogzilla
 
Online Privacy, the next Battleground
Online Privacy, the next BattlegroundOnline Privacy, the next Battleground
Online Privacy, the next BattlegroundSensePost
 
Deloitte Social Media Analytics Event: Social Media legal considerations
Deloitte Social Media Analytics Event: Social Media legal considerationsDeloitte Social Media Analytics Event: Social Media legal considerations
Deloitte Social Media Analytics Event: Social Media legal considerationskamalesl
 
Crowdsourcing & ethics: a few thoughts and refences.
Crowdsourcing & ethics: a few thoughts and refences. Crowdsourcing & ethics: a few thoughts and refences.
Crowdsourcing & ethics: a few thoughts and refences. Matthew Lease
 
I like it....whatever that means: The evolving relationship between disclosur...
I like it....whatever that means: The evolving relationship between disclosur...I like it....whatever that means: The evolving relationship between disclosur...
I like it....whatever that means: The evolving relationship between disclosur...Jessica Vitak
 
Meetings and the law chicago digital age 050813
Meetings and the law chicago digital age 050813Meetings and the law chicago digital age 050813
Meetings and the law chicago digital age 050813DMAI's Destinations Showcase
 
Media law for community journalists and bloggers
Media law for community journalists and bloggersMedia law for community journalists and bloggers
Media law for community journalists and bloggersjtownend
 
Legal Issues In Social Media Oct. 2012
Legal Issues In Social Media Oct. 2012Legal Issues In Social Media Oct. 2012
Legal Issues In Social Media Oct. 2012curlistl
 
The Impact of Social Media on Reputation Management – navigating a new legal ...
The Impact of Social Media on Reputation Management – navigating a new legal ...The Impact of Social Media on Reputation Management – navigating a new legal ...
The Impact of Social Media on Reputation Management – navigating a new legal ...Insignia Communications
 
Essay
EssayEssay
EssayDtaylor94
 
Your digital identity - are you feeling lucky?
Your digital identity - are you feeling lucky?Your digital identity - are you feeling lucky?
Your digital identity - are you feeling lucky?Kirsten Thompson
 
Online Identity and the Fragmentation of the Internet - Tobias Matzner
Online Identity and the Fragmentation of the Internet - Tobias Matzner Online Identity and the Fragmentation of the Internet - Tobias Matzner
Online Identity and the Fragmentation of the Internet - Tobias Matznercyborgology
 
Internet censorship by ronak
Internet censorship by ronakInternet censorship by ronak
Internet censorship by ronakRonak Karanpuria
 
Social Lawyers: Avoiding the Ethical Pitfalls of Using Social Media
Social Lawyers: Avoiding the Ethical Pitfalls of Using Social MediaSocial Lawyers: Avoiding the Ethical Pitfalls of Using Social Media
Social Lawyers: Avoiding the Ethical Pitfalls of Using Social MediaNicole Hyland
 
Digital Citizenship2
Digital Citizenship2Digital Citizenship2
Digital Citizenship2groot83
 
Reboot11 Elvira Berlingieri
Reboot11 Elvira BerlingieriReboot11 Elvira Berlingieri
Reboot11 Elvira BerlingieriElvira.Berlingieri
 
Internet Freedom and its Discontents
Internet Freedom and its DiscontentsInternet Freedom and its Discontents
Internet Freedom and its DiscontentsMsifry
 
Freedom of speech
Freedom of speechFreedom of speech
Freedom of speechUc Man
 
Internet censorship
Internet censorshipInternet censorship
Internet censorshipmateo davis
 
Privacy and Freedom of Expression
Privacy and Freedom of ExpressionPrivacy and Freedom of Expression
Privacy and Freedom of ExpressionMark Jhon Oxillo
 
Making sense of big data
Making sense of big dataMaking sense of big data
Making sense of big databis_foresight
 
Privacy guest lecture 3.31.15 T316
Privacy guest lecture 3.31.15 T316Privacy guest lecture 3.31.15 T316
Privacy guest lecture 3.31.15 T316Ryland Sherman
 

Contenu connexe

Tendances

Regulating code
Regulating codeRegulating code
Regulating codeblogzilla
 
Online Privacy, the next Battleground
Online Privacy, the next BattlegroundOnline Privacy, the next Battleground
Online Privacy, the next BattlegroundSensePost
 
Deloitte Social Media Analytics Event: Social Media legal considerations
Deloitte Social Media Analytics Event: Social Media legal considerationsDeloitte Social Media Analytics Event: Social Media legal considerations
Deloitte Social Media Analytics Event: Social Media legal considerationskamalesl
 
Crowdsourcing & ethics: a few thoughts and refences.
Crowdsourcing & ethics: a few thoughts and refences. Crowdsourcing & ethics: a few thoughts and refences.
Crowdsourcing & ethics: a few thoughts and refences. Matthew Lease
 
I like it....whatever that means: The evolving relationship between disclosur...
I like it....whatever that means: The evolving relationship between disclosur...I like it....whatever that means: The evolving relationship between disclosur...
I like it....whatever that means: The evolving relationship between disclosur...Jessica Vitak
 
Media law for community journalists and bloggers
Media law for community journalists and bloggersMedia law for community journalists and bloggers
Media law for community journalists and bloggersjtownend
 
Legal Issues In Social Media Oct. 2012
Legal Issues In Social Media Oct. 2012Legal Issues In Social Media Oct. 2012
Legal Issues In Social Media Oct. 2012curlistl
 
The Impact of Social Media on Reputation Management – navigating a new legal ...
The Impact of Social Media on Reputation Management – navigating a new legal ...The Impact of Social Media on Reputation Management – navigating a new legal ...
The Impact of Social Media on Reputation Management – navigating a new legal ...Insignia Communications
 
Your digital identity - are you feeling lucky?
Your digital identity - are you feeling lucky?Your digital identity - are you feeling lucky?
Your digital identity - are you feeling lucky?Kirsten Thompson
 
Online Identity and the Fragmentation of the Internet - Tobias Matzner
Online Identity and the Fragmentation of the Internet - Tobias Matzner Online Identity and the Fragmentation of the Internet - Tobias Matzner
Online Identity and the Fragmentation of the Internet - Tobias Matznercyborgology
 
Internet censorship by ronak
Internet censorship by ronakInternet censorship by ronak
Internet censorship by ronakRonak Karanpuria
 
Social Lawyers: Avoiding the Ethical Pitfalls of Using Social Media
Social Lawyers: Avoiding the Ethical Pitfalls of Using Social MediaSocial Lawyers: Avoiding the Ethical Pitfalls of Using Social Media
Social Lawyers: Avoiding the Ethical Pitfalls of Using Social MediaNicole Hyland
 
Digital Citizenship2
Digital Citizenship2Digital Citizenship2
Digital Citizenship2groot83
 
Internet Freedom and its Discontents
Internet Freedom and its DiscontentsInternet Freedom and its Discontents
Internet Freedom and its DiscontentsMsifry
 
Freedom of speech
Freedom of speechFreedom of speech
Freedom of speechUc Man
 
Internet censorship
Internet censorshipInternet censorship
Internet censorshipmateo davis
 
Privacy and Freedom of Expression
Privacy and Freedom of ExpressionPrivacy and Freedom of Expression
Privacy and Freedom of ExpressionMark Jhon Oxillo
 

Tendances (20)

Regulating code
Regulating codeRegulating code
Regulating code
 
Online Privacy, the next Battleground
Online Privacy, the next BattlegroundOnline Privacy, the next Battleground
Online Privacy, the next Battleground
 
Deloitte Social Media Analytics Event: Social Media legal considerations
Deloitte Social Media Analytics Event: Social Media legal considerationsDeloitte Social Media Analytics Event: Social Media legal considerations
Deloitte Social Media Analytics Event: Social Media legal considerations
 
Crowdsourcing & ethics: a few thoughts and refences.
Crowdsourcing & ethics: a few thoughts and refences. Crowdsourcing & ethics: a few thoughts and refences.
Crowdsourcing & ethics: a few thoughts and refences.
 
I like it....whatever that means: The evolving relationship between disclosur...
I like it....whatever that means: The evolving relationship between disclosur...I like it....whatever that means: The evolving relationship between disclosur...
I like it....whatever that means: The evolving relationship between disclosur...
 
Meetings and the law chicago digital age 050813
Meetings and the law chicago digital age 050813Meetings and the law chicago digital age 050813
Meetings and the law chicago digital age 050813
 
Media law for community journalists and bloggers
Media law for community journalists and bloggersMedia law for community journalists and bloggers
Media law for community journalists and bloggers
 
Legal Issues In Social Media Oct. 2012
Legal Issues In Social Media Oct. 2012Legal Issues In Social Media Oct. 2012
Legal Issues In Social Media Oct. 2012
 
The Impact of Social Media on Reputation Management – navigating a new legal ...
The Impact of Social Media on Reputation Management – navigating a new legal ...The Impact of Social Media on Reputation Management – navigating a new legal ...
The Impact of Social Media on Reputation Management – navigating a new legal ...
 
Essay
EssayEssay
Essay
 
Your digital identity - are you feeling lucky?
Your digital identity - are you feeling lucky?Your digital identity - are you feeling lucky?
Your digital identity - are you feeling lucky?
 
Online Identity and the Fragmentation of the Internet - Tobias Matzner
Online Identity and the Fragmentation of the Internet - Tobias Matzner Online Identity and the Fragmentation of the Internet - Tobias Matzner
Online Identity and the Fragmentation of the Internet - Tobias Matzner
 
Internet censorship by ronak
Internet censorship by ronakInternet censorship by ronak
Internet censorship by ronak
 
Social Lawyers: Avoiding the Ethical Pitfalls of Using Social Media
Social Lawyers: Avoiding the Ethical Pitfalls of Using Social MediaSocial Lawyers: Avoiding the Ethical Pitfalls of Using Social Media
Social Lawyers: Avoiding the Ethical Pitfalls of Using Social Media
 
Digital Citizenship2
Digital Citizenship2Digital Citizenship2
Digital Citizenship2
 
Reboot11 Elvira Berlingieri
Reboot11 Elvira BerlingieriReboot11 Elvira Berlingieri
Reboot11 Elvira Berlingieri
 
Internet Freedom and its Discontents
Internet Freedom and its DiscontentsInternet Freedom and its Discontents
Internet Freedom and its Discontents
 
Freedom of speech
Freedom of speechFreedom of speech
Freedom of speech
 
Internet censorship
Internet censorshipInternet censorship
Internet censorship
 
Privacy and Freedom of Expression
Privacy and Freedom of ExpressionPrivacy and Freedom of Expression
Privacy and Freedom of Expression
 

Similaire à The 3 Secrets of Online Privacy

Making sense of big data
Making sense of big dataMaking sense of big data
Making sense of big databis_foresight
 
Privacy guest lecture 3.31.15 T316
Privacy guest lecture 3.31.15 T316Privacy guest lecture 3.31.15 T316
Privacy guest lecture 3.31.15 T316Ryland Sherman
 
Iot privacy vs convenience
Iot privacy vs convenienceIot privacy vs convenience
Iot privacy vs convenienceDon Lovett
 
Privacy reconsidered
Privacy reconsideredPrivacy reconsidered
Privacy reconsideredBrian Rowe
 
Big data privacy security regulation
Big data privacy security regulation Big data privacy security regulation
Big data privacy security regulationcjw119
 
The death of data protection
The death of data protection The death of data protection
The death of data protection Lilian Edwards
 
The death of data protection sans obama
The death of data protection sans obamaThe death of data protection sans obama
The death of data protection sans obamaLilian Edwards
 
Privacy In Emerging Technology
Privacy In Emerging TechnologyPrivacy In Emerging Technology
Privacy In Emerging Technologyorrenprunckun
 
Cybersecurity Strategies - time for the next generation
Cybersecurity Strategies - time for the next generationCybersecurity Strategies - time for the next generation
Cybersecurity Strategies - time for the next generationHinne Hettema
 
Great Issues Reflective Essay CybersecurityLI
Great Issues Reflective Essay CybersecurityLIGreat Issues Reflective Essay CybersecurityLI
Great Issues Reflective Essay CybersecurityLIJames Bollen
 
Motivations behind Software Piracy: Relevance to Computer Ethics Theories
Motivations behind Software Piracy: Relevance to Computer Ethics Theories Motivations behind Software Piracy: Relevance to Computer Ethics Theories
Motivations behind Software Piracy: Relevance to Computer Ethics Theories Saptarshi Ghosh
 
the Death of Privacy in Three Acts
the Death of Privacy in Three Actsthe Death of Privacy in Three Acts
the Death of Privacy in Three ActsLilian Edwards
 
The Death of Privacy in Three Acts
The Death of Privacy in Three ActsThe Death of Privacy in Three Acts
The Death of Privacy in Three ActsLilian Edwards
 
“Permissionless Innovation” & the Grand Tech Policy Clash of Visions to Come
“Permissionless Innovation” & the Grand Tech Policy Clash of Visions to Come“Permissionless Innovation” & the Grand Tech Policy Clash of Visions to Come
“Permissionless Innovation” & the Grand Tech Policy Clash of Visions to ComeMercatus Center
 
Lofty Ideals: The Nature of Clouds and Encryption
Lofty Ideals: The Nature of Clouds and EncryptionLofty Ideals: The Nature of Clouds and Encryption
Lofty Ideals: The Nature of Clouds and EncryptionSean Whalen
 
Marsden #Regulatingcode MIT
Marsden #Regulatingcode MITMarsden #Regulatingcode MIT
Marsden #Regulatingcode MITChris Marsden
 

Similaire à The 3 Secrets of Online Privacy (20)

Making sense of big data
Making sense of big dataMaking sense of big data
Making sense of big data
 
Privacy guest lecture 3.31.15 T316
Privacy guest lecture 3.31.15 T316Privacy guest lecture 3.31.15 T316
Privacy guest lecture 3.31.15 T316
 
Iot privacy vs convenience
Iot privacy vs convenienceIot privacy vs convenience
Iot privacy vs convenience
 
Privacy reconsidered
Privacy reconsideredPrivacy reconsidered
Privacy reconsidered
 
Big data privacy security regulation
Big data privacy security regulation Big data privacy security regulation
Big data privacy security regulation
 
Multimedia Privacy
Multimedia PrivacyMultimedia Privacy
Multimedia Privacy
 
The death of data protection
The death of data protection The death of data protection
The death of data protection
 
The death of data protection sans obama
The death of data protection sans obamaThe death of data protection sans obama
The death of data protection sans obama
 
Marden - Privacy in the 21st Century Why It Matters Now More Than Ever
Marden - Privacy in the 21st Century Why It Matters Now More Than EverMarden - Privacy in the 21st Century Why It Matters Now More Than Ever
Marden - Privacy in the 21st Century Why It Matters Now More Than Ever
 
Privacy In Emerging Technology
Privacy In Emerging TechnologyPrivacy In Emerging Technology
Privacy In Emerging Technology
 
Cybersecurity Strategies - time for the next generation
Cybersecurity Strategies - time for the next generationCybersecurity Strategies - time for the next generation
Cybersecurity Strategies - time for the next generation
 
Great Issues Reflective Essay CybersecurityLI
Great Issues Reflective Essay CybersecurityLIGreat Issues Reflective Essay CybersecurityLI
Great Issues Reflective Essay CybersecurityLI
 
Motivations behind Software Piracy: Relevance to Computer Ethics Theories
Motivations behind Software Piracy: Relevance to Computer Ethics Theories Motivations behind Software Piracy: Relevance to Computer Ethics Theories
Motivations behind Software Piracy: Relevance to Computer Ethics Theories
 
Internet Privacy Essay
Internet Privacy EssayInternet Privacy Essay
Internet Privacy Essay
 
the Death of Privacy in Three Acts
the Death of Privacy in Three Actsthe Death of Privacy in Three Acts
the Death of Privacy in Three Acts
 
The Death of Privacy in Three Acts
The Death of Privacy in Three ActsThe Death of Privacy in Three Acts
The Death of Privacy in Three Acts
 
“Permissionless Innovation” & the Grand Tech Policy Clash of Visions to Come
“Permissionless Innovation” & the Grand Tech Policy Clash of Visions to Come“Permissionless Innovation” & the Grand Tech Policy Clash of Visions to Come
“Permissionless Innovation” & the Grand Tech Policy Clash of Visions to Come
 
Lofty Ideals: The Nature of Clouds and Encryption
Lofty Ideals: The Nature of Clouds and EncryptionLofty Ideals: The Nature of Clouds and Encryption
Lofty Ideals: The Nature of Clouds and Encryption
 
Marsden #Regulatingcode MIT
Marsden #Regulatingcode MITMarsden #Regulatingcode MIT
Marsden #Regulatingcode MIT
 
Ethical Issues and Relevant Laws on Computing
Ethical Issues and Relevant Laws on ComputingEthical Issues and Relevant Laws on Computing
Ethical Issues and Relevant Laws on Computing
 

Dernier

What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 

Dernier (20)

What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 

The 3 Secrets of Online Privacy

  • 1. Secret Truths about Privacy 1. Privacy is subject to the Law of Unintended Consequences 2. Knowledge is Power: Consumers should know what privacy Faustian pacts they’re signing 3. Privacy requires technical and policy standards! Laurent Liscia, CEO OASIS Open 1
  • 2. Big Data: A Brave New Privacy World 2
  • 3. The Westchester Gun Map Harmless, right? Do the maps show everyone in my neighborhood who owns a gun? No. New York law does not require a permit to own a long gun such as a rifle or shotgun. How was this information obtained? Through requests to the individual county clerks under New York’s Freedom of Information Law. Isn’t that private information? No. There is no right to privacy regarding handgun ownership in New York. [Source: The Journal News] 3
  • 4. 4
  • 5. The Gun Map Proved Quite Harmful • Interactive map included names and addresses of police officers and prison guards: inmates used the map to find out where they lived and threaten them. • Former thieves said criminals could use map either to target houses with no guns (to avoid getting shot) or take the risk and steal the weapons themselves. • Democratic legislator: “I never owned a gun but now have no choice. I have been exposed as someone that has no gun. And I’ll do anything to protect my family.” • Resident feared her ex, who tried to kill her in past, might find her with the map • Journalists received death threats, stationed an armed guard outside their offices. 5
  • 6. Lesson From The Gun Map • If you juxtapose two perfectly legit data sources: online maps and gun ownership information for instance, you can enter scary privacy territory • That’s the Law of Unintended Consequences 6
  • 7. European Genetic Map, Harmless, right? 7
  • 9. Potentially Harmful Implications “Imagine if you could figure out what town a criminal’s ancestors were likely from based on DNA alone?” Razib Khan, Discover Magazine You can’t stop ideas that threaten privacy from popping up: yet another instance of the Law of Unintended Consequences 9
  • 10. 3D Map of Vancouver: Harmless, right? 10
  • 11. 11
  • 12. Here’s Why: The Law of Unintended Consequences What if you could juxtapose two data sets and target specific occupants of the building ? 12
  • 13. What About A Beautiful Wind Map? http://hint.fm/wind/ 13
  • 14. Pure science Big Data visualizations that provide a useful service and don’t rely on personal data are clearly OK 14
  • 15. 1st takeaway: Juxtaposing data sets (what Big Data does!) may result in privacy nightmares 15
  • 16. 2. A Detour Through Big Social 16
  • 17. Big Social Can Make Great Things Better … Tahriri Square 17
  • 18. • Audrie Pott and Rehtaeh Parsons both committed suicide after photos documenting how they had been sexually assaulted were circulated on social media • In both cases, many sided with the assailants rather than victims, calling them “sluts” And Bad Things Worse 18
  • 19. Annoying! Social Media Is Always Asking for More 19
  • 20. Is Privacy a Top Issue for Big Social? Who said: “All these concerns about privacy tend to be old-people issues”? ? 20
  • 22. Is Privacy In Big Social’s Business Model ? • Nope • “Google to pay record $22.5 million fine for Safari privacy evasion” [2012] • Twitter agreed to settle charges that it "deceived customers" and failed to protect their personal information [FTC fine, 2010] 22
  • 23. Is Privacy Even Possible in Big Social? “Just remember when you post something, the computers remember forever” “Every young person one day will be entitled automatically to change his or her name on reaching adulthood in order to disown youthful hijinks stored on their friends’ social media sites.” Eric Schmidt, when he was CEO of Google 23
  • 24. 2nd Takeaway: It’s OK for you to be the product when you’re not paying … if you know what you’re signing up for ? 24
  • 25. Reactive or Proactive: Your Call 25
  • 26. Privacy Regulation in Europe EU Data Protection Regulation will cover everything from consent to data portability and the right to be forgotten and will apply to any company storing EU resident data whether it’s HQ’d in the EU or not 26
  • 27. Privacy Regulation in the US 27 The US approach is more laissez-faire, but also more unpredictable. To wit: the Do Not Track proposal from Sen. Jay Rockefeller following 2012 White House "Consumer Privacy Bill of Rights" asking industry to give consumers control over their personal information and Congress to pass laws.
  • 28. Memorable Privacy Quotes "I do not believe that companies with business models based on the collection and monetization of personal information will voluntarily stop those practices if it negatively impacts their profit margins.“ Jay Rockefeller “Consumers are very pragmatic people. They want free content. They understand there's a value exchange. And they're OK with it.” Lou Mastria, director of the Digital Advertising Alliance ““You are the product!” Oh, fuck, off! For many people it wasn’t the new T&C that was the problem, it was that Instagram was no longer a service we felt comfortable making our “we’re the product deal” with.” Rev Dan Catt, blogger 28 You’re the consumer: how do YOU feel about it?
  • 29. Do the Right Thing: Learn & Participate • Big Data and Privacy discussions of OECD’s ITAC http://www.internetac.org/wp-content/uploads/2012/10/UPDATE-ITAC-WPISP-v02.pdf • NSTIC’s Privacy Evaluation Methodology http://www.idecosystem.org/filedepot?fid=404 • European Data Protection & Privacy Conference http://www.eu-ems.com/summary.asp?event_id=123&page_id=983 • Kuppinger Cole’s EIC – premier event for Privacy • Listen to all sides! EPIC, EFF, Project VRM http://epic.org/privacy/intl/eu_data_protection_directive.html http://cyber.law.harvard.edu/projectvrm/Main_Page 29
  • 30. Do the Right Thing: Scour the Web for Cool Big Data & Privacy Stuff! • Drummond Reed’s RESPECT network puts data control back into each user’s hands: http://respectnetwork.com/ • Kaliya Hamlin’s Personal Data Ecosystem reminds companies to put the user back at the center of their own data - http://pde.cc/ • Read Kord Davis’s “Ethics of Big Data: Balancing Risk and Innovation” http://www.goodreads.com/book/show/13230994-ethics-of-big-data 30
  • 31. Do the Right Thing: Play in Standards – If you thought XACML was not relevant yet, you’d better think ahead to 2014: http://j.mp/oasisXACML – PMRM's model for translating & mapping privacy policies into a service architecture: http://j.mp/oasisPMRM – PbD-SE: Privacy by Design for Software Engineers: http://j.mp/PbDoasis 31 Help MAKE and IMPLEMENT open privacy standards, for access control, policy enforcement and impact assessment!
  • 32. What To Do About The 3 Privacy Truths 1. You can’t dodge the Law of Unintended Consequences but when you’re processing several data sets, remind yourself that YOU are one of the people whose privacy is at risk and use the Golden Rule. 32
  • 33. 2. Knowledge is Power: Give the power to your customers to opt in and opt out at every possible turn 33
  • 34. 3. Standards make privacy easier to preserve. Get involved, NOW. http://www.oasis-open.org 34
  • 35. Laurent Liscia, CEO OASIS首席执行官 [As a reminder that we haven’t covered Privacy and Big Data in Asia …] http://www.oasis-open.org 謝謝! 35

Notes de l'éditeur

  1. Legislation is on your side, right?
  2. Wrong.
  3. Wrong.
  4. The authors note thatthey're able to distinguish with some confidence individuals that are from the German, Italian, and French-speaking parts of Switzerland. With full re-sequencing data, it's likely that even the precise village of origin of an individual will be predictable from genetics alone.
  5. EU Data Protection Regulation [From Wikipedia] ScopeThe regulation applies if the data controller or processor (organization) or the data subject (person) is based in the EU. Furthermore (and unlike the current Directive) the Regulation also applies to organizations based outside the European Union if they process personal data of EU residents. According to the European Commission "personal data is any information relating to an individual, whether it relates to his or her private, professional or public life. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer’s IP address."Single Set of RulesOne single set of rules applies to all EU member states and there will be one Single Data Protection Authority (DPA) responsible for each company depending on where the Company is based or which DPA it chooses. A European Data Protection Board will coordinate the DPAs. There is an exception for employee data that still might be subject to individual country regulations.Responsibility & AccountabilityThe notice requirements remain and are expanded. They must include the retention time for personal data and contact information for data controller and data protection officer has to be provided. Privacy by Design and by Default (Article 23) require that data protection is designed into the development of business processes for products and services privacy settings are set at a high level by default. Data Protection Impact Assessments (Article 33) have to be conducted when specific risks occur to the rights and freedoms of data subjects. Risk assessment and mitigation is required and an prior approval of the DPA for high risks. Data Protection Officers (Articles 35-37) are to ensure compliance within organizations. They have to be appointed for all public authorities and for enterprises with more than 250 employees.ConsentValid consent must be explicit for data collected and purposes data used (Article 7; defined in Article 4). Consent for children under 13 must be given by child’s parent or custodian, and should be verifiable (Article 8). Data controllers must be able to prove “consent” (opt-in) and consent may be withdrawn.Data breachesThe data controller has to notify the DPA without undue delay and, where feasible, not later than 24 hours after having become aware of the data breach (Article 31). Individuals have to be notified if adverse impact is determined (Article 32).FinesThe following fines can be imposedUp to €250K or up to 0.5% of the annual global sales for intentionally or negligently not responding to requests by the data subject or the DPA,Up to €500K or up to 1% of annual global sales for intentionally or negligently not complying with GDPRUp to €1,000K or up to 2% of annual global sales for intentionally or negligently not complying with specific GDPR regulationsRight to be ForgottenPersonal data has to be deleted when the individual withdraws consent or the data is no longer necessary and there is no legitimate reason for an organization to keep it. (Article 17)Data PortabilityA user shall be able to request a copy of personal data being processed in a format usable by this person and be able to transmit it electronically to another processing system. (Article 18)
  6. EU Data Protection Regulation [From Wikipedia] ScopeThe regulation applies if the data controller or processor (organization) or the data subject (person) is based in the EU. Furthermore (and unlike the current Directive) the Regulation also applies to organizations based outside the European Union if they process personal data of EU residents. According to the European Commission "personal data is any information relating to an individual, whether it relates to his or her private, professional or public life. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer’s IP address."Single Set of RulesOne single set of rules applies to all EU member states and there will be one Single Data Protection Authority (DPA) responsible for each company depending on where the Company is based or which DPA it chooses. A European Data Protection Board will coordinate the DPAs. There is an exception for employee data that still might be subject to individual country regulations.Responsibility & AccountabilityThe notice requirements remain and are expanded. They must include the retention time for personal data and contact information for data controller and data protection officer has to be provided. Privacy by Design and by Default (Article 23) require that data protection is designed into the development of business processes for products and services privacy settings are set at a high level by default. Data Protection Impact Assessments (Article 33) have to be conducted when specific risks occur to the rights and freedoms of data subjects. Risk assessment and mitigation is required and an prior approval of the DPA for high risks. Data Protection Officers (Articles 35-37) are to ensure compliance within organizations. They have to be appointed for all public authorities and for enterprises with more than 250 employees.ConsentValid consent must be explicit for data collected and purposes data used (Article 7; defined in Article 4). Consent for children under 13 must be given by child’s parent or custodian, and should be verifiable (Article 8). Data controllers must be able to prove “consent” (opt-in) and consent may be withdrawn.Data breachesThe data controller has to notify the DPA without undue delay and, where feasible, not later than 24 hours after having become aware of the data breach (Article 31). Individuals have to be notified if adverse impact is determined (Article 32).FinesThe following fines can be imposedUp to €250K or up to 0.5% of the annual global sales for intentionally or negligently not responding to requests by the data subject or the DPA,Up to €500K or up to 1% of annual global sales for intentionally or negligently not complying with GDPRUp to €1,000K or up to 2% of annual global sales for intentionally or negligently not complying with specific GDPR regulationsRight to be ForgottenPersonal data has to be deleted when the individual withdraws consent or the data is no longer necessary and there is no legitimate reason for an organization to keep it. (Article 17)Data PortabilityA user shall be able to request a copy of personal data being processed in a format usable by this person and be able to transmit it electronically to another processing system. (Article 18)
  7. EU Data Protection Regulation [From Wikipedia] ScopeThe regulation applies if the data controller or processor (organization) or the data subject (person) is based in the EU. Furthermore (and unlike the current Directive) the Regulation also applies to organizations based outside the European Union if they process personal data of EU residents. According to the European Commission "personal data is any information relating to an individual, whether it relates to his or her private, professional or public life. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer’s IP address."Single Set of RulesOne single set of rules applies to all EU member states and there will be one Single Data Protection Authority (DPA) responsible for each company depending on where the Company is based or which DPA it chooses. A European Data Protection Board will coordinate the DPAs. There is an exception for employee data that still might be subject to individual country regulations.Responsibility & AccountabilityThe notice requirements remain and are expanded. They must include the retention time for personal data and contact information for data controller and data protection officer has to be provided. Privacy by Design and by Default (Article 23) require that data protection is designed into the development of business processes for products and services privacy settings are set at a high level by default. Data Protection Impact Assessments (Article 33) have to be conducted when specific risks occur to the rights and freedoms of data subjects. Risk assessment and mitigation is required and an prior approval of the DPA for high risks. Data Protection Officers (Articles 35-37) are to ensure compliance within organizations. They have to be appointed for all public authorities and for enterprises with more than 250 employees.ConsentValid consent must be explicit for data collected and purposes data used (Article 7; defined in Article 4). Consent for children under 13 must be given by child’s parent or custodian, and should be verifiable (Article 8). Data controllers must be able to prove “consent” (opt-in) and consent may be withdrawn.Data breachesThe data controller has to notify the DPA without undue delay and, where feasible, not later than 24 hours after having become aware of the data breach (Article 31). Individuals have to be notified if adverse impact is determined (Article 32).FinesThe following fines can be imposedUp to €250K or up to 0.5% of the annual global sales for intentionally or negligently not responding to requests by the data subject or the DPA,Up to €500K or up to 1% of annual global sales for intentionally or negligently not complying with GDPRUp to €1,000K or up to 2% of annual global sales for intentionally or negligently not complying with specific GDPR regulationsRight to be ForgottenPersonal data has to be deleted when the individual withdraws consent or the data is no longer necessary and there is no legitimate reason for an organization to keep it. (Article 17)Data PortabilityA user shall be able to request a copy of personal data being processed in a format usable by this person and be able to transmit it electronically to another processing system. (Article 18)