This presentation walks through the challenges and opportunities for data scientists and big data professionals, with a focus on Privacy, describing which future roles will be needed in order to successfully bridge the written word of the law with coded data trails. Data Science will inevitably need to jump through intricate compliance hoops that could also sound the drum of a new ethical data dawn, in light of globalisation. Or... it might not.
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Brussels data science - Privacy Engineering for Big Data & Data Science
1. INTELLIGENT MARKETING HUB
Privacy Engineering for Big Data
& Data Science
Brussels, October 11th 2016
European Data Innovation Hub @ AXA
2. @aureliepols
Data Governance & Privacy Advocate
Data is the New Oil – Privacy is the New Green – Trust is the
New Currency
AURELIE POLS,
KRUX PRIVACY ADVOCATE
• Data Governance & Privacy Advocate – Krux Digital
• Ethics Advisory Group – European Data Protection Supervisor (EDPS)
• Chief Visionary Officer – Mind Your Privacy
• Training Advisory Board – International Association of Privacy Professionals (IAPP)
• Professor of Ethics & Privacy, Big Data & Analytics Master – Instituto de Empresa (IE)
OX2 Co-founder
Webanalytics.be
3. @aureliepols
”My” in “my information” is not the same as “my” in “my car”
but rather the same as “my” in “my body” or “my feelings”; it
expresses a sense of constitutive belonging, not external
ownership, a sense in which my body, my feelings, and my
information are part of me but are not my (legal) possessions
- Luciano Floridi, The Ontological Interpretation of
Informational Privacy, Ethics and Information Technology,
7(4): 185-2005
5. @aureliepols
Consider before crucifying the Rule of law
1. The specifics of data as an Economic Asset:
² Data in infinitely transferable without decay
2. Often forgotten Legislative Challenges
² Defining and recognizing Data Harms
3. Related to evolving Privacy Legislation
² Compliance is a Risk Exercise
4. Minimizing Privacy related Risks
² YOUR liability within the Data Ecosystem
6. @aureliepols
Privacy Engineering
VALUE / ETHICS
Corporate social
responsibility
Respect individuals
RISK
Standard operating
procedure
Do not harm
COMPLIANCE
LegislationDon’t hit people!
6
7. Parties Involved in Data Privacy
PEOPLE
Have People Data
GOVERNMENTS
Laws to
protect People Data
COMPANIES
Collect, use & protect
People Data
INDUSTRY
ORGANIZATIONS
Guidelines to
protect People Data
Data Quality
Ad Blocking Class Actions
ComplianceSelf-Regulation
11. @aureliepols
Erosion of human dignity through
Article 1 EU Charter of Fundamental Rights
• Discrimination => pothole app eg.
=> representativity of population?
• Loss of choices => credit scoring
=> transparency & recourse
• Loss of serendipity: tunneled vision
• Loss of life?
11
12. @aureliepols
Privacy Risk: it depends?
Risk Ontology
12
Experiences in the Development and Usage of a Privacy Requirements Framework by Ian Oliver,
Security Research Group, Bell Labs, Nokia
13. @aureliepols
Ethics of the Data Analyst
I shall remember data are not only numbers but actual people, that could be harmed by my work;
I shall treat data that might identify individuals with the utmost care, which includes respect for their dignity, avoiding
discrimination, as well as security best practices;
I will not do to personal data what I wouldn’t find acceptable for data related to my family, friends, loved ones or myself;
I understand personal data, PII &/or sensitive data is context based and often difficult to identify. In case of doubt, I
will ask for help or escalate in order to take the appropriate measures;
I understand data about individuals needs to travel with initial purpose of the data – the reason why it exists - & their
respective consent mechanisms;
a) I will never use data without knowing where it comes from, it’s purpose and consent mechanisms (see Quién es
la Última Principle);
b) I will never sell non consented data about individuals;
c) If I sell consented data, it will be accompanied by purpose. Up to the buyer to define whether subsequent data
uses are aligned.
I understand consent might be revoked and a Right to be Forgotten – i.e. deletion – could be requested, that might need
to be applied;
I shall align security protocols with how personal &/or sensitive the data is;
I will keep trace and document the data used in order to minimize risk related to data uses.
13
GOVERNANCE
14. V I S I T K R U X . C O M F O L L O W @ K R U X D I G I TA L
Thank you.
Aurélie Pols / apols@krux.com