SlideShare une entreprise Scribd logo

Privacy & innovation digital enterprise

Sabrina Kirrane
Sabrina Kirrane

The document discusses the development and implementation of the General Data Protection Regulation (GDPR) in the European Union from 2012 to 2018. It provides a timeline showing key events including the initial draft of the regulation in 2012, revisions through 2015, discussions and finalization by the EU Council, and the regulation coming into force in 2018. The document aims to outline the process by which the GDPR was established as the new data protection rules in the EU.

Technologie
1  sur  19
Télécharger pour lire hors ligne
Privacy  &  Innovation Sabrina  Kirrane,  Wirtschaftsuniversität Wien  
2013 2014 2015 2016 2017 2018 Draft  of  the  regulation 7/22/2012 Revisions  in  the  draft 3/12/2013 Discussions  in  the  EU  Council 5/19/2014 EU  Council  finalises  the  chapters 8/6/2015 Trilogue  starts 6/24/2015 Trilogue  agrees 12/17/2015 Comes  into  force 5/15/2018 The  General  Data  Protection  Regulation
2013 2014 2015 2016 2017 2018 Draft  of  the  regulation 7/22/2012 Revisions  in  the  draft 3/12/2013 Discussions  in  the  EU  Council 5/19/2014 EU  Council  finalises  the  chapters 8/6/2015 Trilogue  starts 6/24/2015 Trilogue  agrees 12/17/2015 Comes  into  force 5/15/2018 The  General  Data  Protection  Regulation
Slide 4 Taken  from  CNIL's  twitter  account Impact  for  data  subjects?
https://solutionsreview.com/data-­‐integration/the-­‐emergence-­‐of-­‐data-­‐lake-­‐pros-­‐and-­‐cons/ http://themerkle.com/slur-­‐io/http://www.miamidatavault.com/ Data Vault Data Market Data Lake Impact  on  data  driven  operations  &  Innovation?
Innovation  via  Anonymisation! Which  K should   we  use  for   K-­‐Anonymity? The  GDPR  does  not  apply  to  anonymous   data  where  the    data  subject  is  no  longer   identifiable.
K-­‐anonymity § A  record  cannot  be   distinguished  from  at   least  K-­‐1  others • Approach § Suppression  certain   values  of  the  attributes   are  replaced  by  an   asterisk § Generalization   individual  values  of   attributes  are  replaced   by  with  a  broader   category Samarati,  Pierangela,  and  Latanya Sweeney. Protecting  privacy  when  disclosing  information:  k-­‐anonymity  and  its  enforcement  through  generalization  and   suppression.  Technical  report,  SRI  International,  1998. Zipcode Age Disease 476** 2* Heart Disease 476** 2* Heart Disease 476** 2* Heart Disease 4790* ≥40 Flu 4790* ≥40 Heart Disease 4790* ≥40 Cancer 476** 3* Heart Disease 476** 3* Cancer 476** 3* Cancer A 3-anonymous patient table
Is  K-­‐Anonymity  enough? Zipcode Age Disease 476** 2* Heart Disease 476** 2* Heart Disease 476** 2* Heart Disease 4790* ≥40 Flu 4790* ≥40 Heart Disease 4790* ≥40 Cancer 476** 3* Heart Disease 476** 3* Cancer 476** 3* Cancer A 3-anonymous patient table Bob Zipcode Age 47678 27 Carl Zipcode Age 47673 36 Homogeneity Attack Background Knowledge Attack Machanavajjhala,  Ashwin,  et  al.  "l-­‐diversity:  Privacy  beyond  k-­‐anonymity." ACM  Transactions  on  Knowledge  Discovery  from  Data  (TKDD) 1.1  (2007):  3. K-anonymity has deficiencies when sensitive values in an equivalence class lack diversity or the attacker has background knowledge
Is  K-­‐Anonymity  &  L-­‐Diversity  enough? Bob Zip Age 47678 27 Zipcode Age Salary Disease 476** 2* 20K Gastric Ulcer 476** 2* 30K Gastritis 476** 2* 40K Stomach Cancer 4790* ≥40 50K Gastritis 4790* ≥40 100K Flu 4790* ≥40 70K Bronchitis 476** 3* 60K Bronchitis 476** 3* 80K Pneumonia 476** 3* 90K Stomach Cancer A 3-diverse patient table Conclusion o Bob’s salary is between [20k,40k]. o Bob has some stomach-related disease. L-diversity does not consider the semantic meanings of the sensitive values Similarity Attack Machanavajjhala,  Ashwin,  et  al.  "l-­‐diversity:  Privacy  beyond  k-­‐anonymity." ACM  Transactions  on  Knowledge  Discovery  from  Data  (TKDD) 1.1  (2007):  3. § Each  equivalence  class  has   at  least  L well-­‐represented   sensitive  values  
Is  K-­‐Anonymity,  L-­‐Diversity  &  T-­‐Closeness  enough? • Distribution  of  sensitive   attributes  within  each  quasi   identifier  group  should  be   “close”  to  their  distribution  in   the  entire  original  database Age Zipcode …… Gender Disease 2* 476** …… Male Flu 2* 476** …… Male Heart Disease 2* 476** …… Male Cancer . . . . . . …… …… …… . . . . . . ≥50 4766* …… * Gastritis A released table Age Zipcode …… Gender Disease * * …… * Flu * * …… * Heart Disease * * …… * Cancer . . . . . . …… …… …… . . . . . . * * …… * Gastritis A completely generalised table Li,  Ninghui,  Tiancheng Li,  and  Suresh  Venkatasubramanian.  "t-­‐closeness:  Privacy  beyond  k-­‐anonymity  and  l-­‐diversity." Data  Engineering,  2007.  ICDE   2007.  IEEE  23rd  International  Conference  on.  IEEE,  2007. There are other anonymisation approaches however it is getting harder and harder to guarantee anonymity! Bob Zip Age 47678 27 Conclusion o Bob could have Flu, Heart Disease or Cancer! Background Knowledge Attack
Is  K-­‐Anonymity,  L-­‐Diversity  &  T-­‐Closeness  enough? • A  layered  approach  to   anonymisationmay  be   needed • Even  then  K,  L &  T are   highly  dependent  on  the   data • Also,  there  is  a  tradeoff   between  anonymisation and  utility Which  K should   we  use  for   K-­‐Anonymity? Considering that it is getting harder and harder to guarantee anonymity, what is the alternative?
Innovation  via  consent &  transparency?
Innovation  via  consent &  transparency? What  level  of   consent  is   specific  enough? Can  we  adopt  a   soft  opt-­‐out   approach? Affirmative  action,  freely  given,  specific,   informed  and  unambiguous  indication
Innovation  via  consent &  transparency? Can  we  adopt  a   soft  opt-­‐out   approach?• Condition  of  use § Consent  will  not  be  valid  if  the  individual  has  no   choice  but  to  give  their  consent • Opt-­‐In § Research  shows  that  users  spend  almost  no  time   browsing  the  text  of  the  agreement  before   clicking  the  box § It  is  far  from  clear  that  the  opt-­‐in  model  achieves   the  goal  of  informed § Opt-­‐Out § Facilitates  innovation  while  still  safeguarding   autonomy § Suitably  prominent  opt-­‐out  box  might  help  to   establish  that  clicking  the  button  was  a  positive   indication  of  consent Vayena,  Effy,  Anna  Mastroianni,  and  Jeffrey  Kahn.  "Caught  in  the  web:  informed  consent  for  online  health  research."Sci Transl Med 5.173   (2013).
Innovation  via  consent &  transparency? What  level  of   consent  is   specific  enough? § We  need  a  non-­‐intrusive means  to   obtain  consent  for  new  usages § When  it  comes  to  data  driven  services   we  may  not  know  the  type  of  consent   we  need  a  priori • At  this  stage  it  is  difficult  to  say  what   constitutes  specific  enough
Innovation  via  consent  &  transparency? Do  we  have  to   delete  data  from   logs  &  backups? -­‐Personal  data  that  is  corrected,  used,   consulted  or  otherwise  processed -­‐time  limits  should  be  established -­‐rectification  or  deletion
Innovation  via  consent  &  transparency? Do  we  need    to   delete  data  from   logs  &  backups? • Time  limits  will  involve  a  major   cultural  change • In  the  case  of  rectification  it  may   suffice  to  update  data  in  the  line  of   business  application(s)   and  enter  a   new  record  in  the  log  indicating  that   the  data  was  updated  at  the  request   of  the  data  subject • It  might  be  possible  to  use   cryptographic   delete In the Era of Big Data how can we support consent and transparency at scale?
Payload'Data Permissions Semantification Policy'ingestion Compression'&'Encryption Persisting'policies'with''data: “Sticky”'Policies Policy>aware'Querrying: Data'Subsets/Filtering' Policies HDT SPECIAL APIs User'Control Dashboards Scalable  Policy-­‐awarE Linked  Data  arChitecture for  prIvacy,  trAnsparencyand  compLiance
Technical/Scientific  contact   Sabrina  Kirrane Vienna  University  of  Economics   and  Business sabrina.kirrane@wu.ac.at Adminsitrative contact   Philippe  Rohou ERCIM  W3C philippe.rohou@ercim.eu Scalable  Policy-­‐awarE Linked  Data  arChitecture for  prIvacy,  trAnsparencyand  compLiance

Recommandé

Privacy by Design and by Default + General Data Protection Regulation with Si...
Privacy by Design and by Default + General Data Protection Regulation with Si...Privacy by Design and by Default + General Data Protection Regulation with Si...
Privacy by Design and by Default + General Data Protection Regulation with Si...Peter Procházka
 
Privacy by design
Privacy by designPrivacy by design
Privacy by designblogzilla
 
Avoid Privacy by Disaster by Adopting Privacy by Design
Avoid Privacy by Disaster by Adopting Privacy by DesignAvoid Privacy by Disaster by Adopting Privacy by Design
Avoid Privacy by Disaster by Adopting Privacy by Designbradley_g
 
GDPR FTW, or, How I Learned to Stop Worrying and Love Privacy By Design
GDPR FTW, or, How I Learned to Stop Worrying and Love Privacy By DesignGDPR FTW, or, How I Learned to Stop Worrying and Love Privacy By Design
GDPR FTW, or, How I Learned to Stop Worrying and Love Privacy By DesignJohn Eckman
 
The REAL Impact of Big Data on Privacy
The REAL Impact of Big Data on PrivacyThe REAL Impact of Big Data on Privacy
The REAL Impact of Big Data on PrivacyClaudiu Popa
 
Mobile Devices and Internet of Things
Mobile Devices and Internet of ThingsMobile Devices and Internet of Things
Mobile Devices and Internet of ThingsPaul Hastings
 
Sabrina Kirrane INSIGHT Viva Presentation
Sabrina Kirrane INSIGHT Viva Presentation Sabrina Kirrane INSIGHT Viva Presentation
Sabrina Kirrane INSIGHT Viva Presentation Sabrina Kirrane
 
Society, Privacy and the Semantic Web - Policy and Technology PrivOn 2017
Society, Privacy and the Semantic Web - Policy and Technology PrivOn 2017Society, Privacy and the Semantic Web - Policy and Technology PrivOn 2017
Society, Privacy and the Semantic Web - Policy and Technology PrivOn 2017Sabrina Kirrane
 

Recommandé

Privacy by Design and by Default + General Data Protection Regulation with Si...
Privacy by Design and by Default + General Data Protection Regulation with Si...Privacy by Design and by Default + General Data Protection Regulation with Si...
Privacy by Design and by Default + General Data Protection Regulation with Si...Peter Procházka
 
Privacy by design
Privacy by designPrivacy by design
Privacy by designblogzilla
 
Avoid Privacy by Disaster by Adopting Privacy by Design
Avoid Privacy by Disaster by Adopting Privacy by DesignAvoid Privacy by Disaster by Adopting Privacy by Design
Avoid Privacy by Disaster by Adopting Privacy by Designbradley_g
 
GDPR FTW, or, How I Learned to Stop Worrying and Love Privacy By Design
GDPR FTW, or, How I Learned to Stop Worrying and Love Privacy By DesignGDPR FTW, or, How I Learned to Stop Worrying and Love Privacy By Design
GDPR FTW, or, How I Learned to Stop Worrying and Love Privacy By DesignJohn Eckman
 
The REAL Impact of Big Data on Privacy
The REAL Impact of Big Data on PrivacyThe REAL Impact of Big Data on Privacy
The REAL Impact of Big Data on PrivacyClaudiu Popa
 
Mobile Devices and Internet of Things
Mobile Devices and Internet of ThingsMobile Devices and Internet of Things
Mobile Devices and Internet of ThingsPaul Hastings
 
Sabrina Kirrane INSIGHT Viva Presentation
Sabrina Kirrane INSIGHT Viva Presentation Sabrina Kirrane INSIGHT Viva Presentation
Sabrina Kirrane INSIGHT Viva Presentation Sabrina Kirrane
 
Society, Privacy and the Semantic Web - Policy and Technology PrivOn 2017
Society, Privacy and the Semantic Web - Policy and Technology PrivOn 2017Society, Privacy and the Semantic Web - Policy and Technology PrivOn 2017
Society, Privacy and the Semantic Web - Policy and Technology PrivOn 2017Sabrina Kirrane
 
Transparent Personal Data Processing: The Road Ahead
Transparent Personal Data Processing: The Road AheadTransparent Personal Data Processing: The Road Ahead
Transparent Personal Data Processing: The Road AheadSabrina Kirrane
 
Modelling the General Data Protection Regulation
Modelling the General Data Protection RegulationModelling the General Data Protection Regulation
Modelling the General Data Protection RegulationSabrina Kirrane
 
Self-Enforcing Access Control for Encrypted RDF
Self-Enforcing Access Control for Encrypted RDFSelf-Enforcing Access Control for Encrypted RDF
Self-Enforcing Access Control for Encrypted RDFSabrina Kirrane
 
Access Control for Linked Data: Past, Present and Future
Access Control for Linked Data: Past, Present and FutureAccess Control for Linked Data: Past, Present and Future
Access Control for Linked Data: Past, Present and FutureSabrina Kirrane
 
Data License Clearance Center
Data License Clearance Center Data License Clearance Center
Data License Clearance Center Sabrina Kirrane
 
Scalable policy-aware Linked Data architecture for prIvacy, transparency and ...
Scalable policy-aware Linked Data architecture for prIvacy, transparency and ...Scalable policy-aware Linked Data architecture for prIvacy, transparency and ...
Scalable policy-aware Linked Data architecture for prIvacy, transparency and ...Sabrina Kirrane
 
big-data-and-data-sharing_ethical-issues.pdf
big-data-and-data-sharing_ethical-issues.pdfbig-data-and-data-sharing_ethical-issues.pdf
big-data-and-data-sharing_ethical-issues.pdfAsefaAdimasu2
 
RCA CERN Grand Challenge 10 dec 2018
RCA CERN Grand Challenge 10 dec 2018RCA CERN Grand Challenge 10 dec 2018
RCA CERN Grand Challenge 10 dec 2018Future Agenda
 
Information Security Forum (ISF) Congress 2013
Information Security Forum (ISF) Congress 2013 Information Security Forum (ISF) Congress 2013
Information Security Forum (ISF) Congress 2013 NIHR Clinical Research Network
 
Implementing Blockchain applications in healthcare
Implementing Blockchain applications in healthcareImplementing Blockchain applications in healthcare
Implementing Blockchain applications in healthcarePistoia Alliance
 
Review of Data Security, Consent and Opt-Outs
Review of Data Security, Consent and Opt-OutsReview of Data Security, Consent and Opt-Outs
Review of Data Security, Consent and Opt-OutsMohammad Al-Ubaydli
 
Digital Rights Management
Digital Rights ManagementDigital Rights Management
Digital Rights ManagementSabrina Kirrane
 
Use of data in safe havens: ethics and reproducibility issues
Use of data in safe havens: ethics and reproducibility issuesUse of data in safe havens: ethics and reproducibility issues
Use of data in safe havens: ethics and reproducibility issuesLouise Corti
 
dkNET Webinar - Vivli: A Global Clinical Trials Data Sharing Platform 12/11/2020
dkNET Webinar - Vivli: A Global Clinical Trials Data Sharing Platform 12/11/2020dkNET Webinar - Vivli: A Global Clinical Trials Data Sharing Platform 12/11/2020
dkNET Webinar - Vivli: A Global Clinical Trials Data Sharing Platform 12/11/2020dkNET
 
Clare Sanderon, IG Solutions
Clare Sanderon, IG SolutionsClare Sanderon, IG Solutions
Clare Sanderon, IG SolutionsInvestnet
 
A Case for Expectation Informed Design - Full
A Case for Expectation Informed Design - FullA Case for Expectation Informed Design - Full
A Case for Expectation Informed Design - Fullgloriakt
 
20160523 23 Research Data Things
20160523 23 Research Data Things20160523 23 Research Data Things
20160523 23 Research Data ThingsKatina Toufexis
 
From personal health data to a personalized advice
From personal health data to a personalized adviceFrom personal health data to a personalized advice
From personal health data to a personalized adviceWessel Kraaij
 
Secure information sharing (sis) models
Secure information sharing (sis) modelsSecure information sharing (sis) models
Secure information sharing (sis) modelsAbu Osama
 
Data science and pending EU privacy laws - a storm on the horizon
Data science and pending EU privacy laws - a storm on the horizonData science and pending EU privacy laws - a storm on the horizon
Data science and pending EU privacy laws - a storm on the horizonDavid Stephenson, Ph.D.
 
Lessons from the UK: Data access, patient trust & real-world impact with heal...
Lessons from the UK: Data access, patient trust & real-world impact with heal...Lessons from the UK: Data access, patient trust & real-world impact with heal...
Lessons from the UK: Data access, patient trust & real-world impact with heal...Varsha Khodiyar
 
HISI conference 2016 - Dame Fiona Caldicott - Nov 16th 2016
HISI conference 2016 - Dame Fiona Caldicott - Nov 16th 2016HISI conference 2016 - Dame Fiona Caldicott - Nov 16th 2016
HISI conference 2016 - Dame Fiona Caldicott - Nov 16th 2016ipposi
 

Contenu connexe

En vedette

Transparent Personal Data Processing: The Road Ahead
Transparent Personal Data Processing: The Road AheadTransparent Personal Data Processing: The Road Ahead
Transparent Personal Data Processing: The Road AheadSabrina Kirrane
 
Modelling the General Data Protection Regulation
Modelling the General Data Protection RegulationModelling the General Data Protection Regulation
Modelling the General Data Protection RegulationSabrina Kirrane
 
Self-Enforcing Access Control for Encrypted RDF
Self-Enforcing Access Control for Encrypted RDFSelf-Enforcing Access Control for Encrypted RDF
Self-Enforcing Access Control for Encrypted RDFSabrina Kirrane
 
Access Control for Linked Data: Past, Present and Future
Access Control for Linked Data: Past, Present and FutureAccess Control for Linked Data: Past, Present and Future
Access Control for Linked Data: Past, Present and FutureSabrina Kirrane
 
Data License Clearance Center
Data License Clearance Center Data License Clearance Center
Data License Clearance Center Sabrina Kirrane
 
Scalable policy-aware Linked Data architecture for prIvacy, transparency and ...
Scalable policy-aware Linked Data architecture for prIvacy, transparency and ...Scalable policy-aware Linked Data architecture for prIvacy, transparency and ...
Scalable policy-aware Linked Data architecture for prIvacy, transparency and ...Sabrina Kirrane
 

En vedette (6)

Transparent Personal Data Processing: The Road Ahead
Transparent Personal Data Processing: The Road AheadTransparent Personal Data Processing: The Road Ahead
Transparent Personal Data Processing: The Road Ahead
 
Modelling the General Data Protection Regulation
Modelling the General Data Protection RegulationModelling the General Data Protection Regulation
Modelling the General Data Protection Regulation
 
Self-Enforcing Access Control for Encrypted RDF
Self-Enforcing Access Control for Encrypted RDFSelf-Enforcing Access Control for Encrypted RDF
Self-Enforcing Access Control for Encrypted RDF
 
Access Control for Linked Data: Past, Present and Future
Access Control for Linked Data: Past, Present and FutureAccess Control for Linked Data: Past, Present and Future
Access Control for Linked Data: Past, Present and Future
 
Data License Clearance Center
Data License Clearance Center Data License Clearance Center
Data License Clearance Center
 
Scalable policy-aware Linked Data architecture for prIvacy, transparency and ...
Scalable policy-aware Linked Data architecture for prIvacy, transparency and ...Scalable policy-aware Linked Data architecture for prIvacy, transparency and ...
Scalable policy-aware Linked Data architecture for prIvacy, transparency and ...
 

Similaire à Privacy & innovation digital enterprise

big-data-and-data-sharing_ethical-issues.pdf
big-data-and-data-sharing_ethical-issues.pdfbig-data-and-data-sharing_ethical-issues.pdf
big-data-and-data-sharing_ethical-issues.pdfAsefaAdimasu2
 
RCA CERN Grand Challenge 10 dec 2018
RCA CERN Grand Challenge 10 dec 2018RCA CERN Grand Challenge 10 dec 2018
RCA CERN Grand Challenge 10 dec 2018Future Agenda
 
Implementing Blockchain applications in healthcare
Implementing Blockchain applications in healthcareImplementing Blockchain applications in healthcare
Implementing Blockchain applications in healthcarePistoia Alliance
 
Review of Data Security, Consent and Opt-Outs
Review of Data Security, Consent and Opt-OutsReview of Data Security, Consent and Opt-Outs
Review of Data Security, Consent and Opt-OutsMohammad Al-Ubaydli
 
Digital Rights Management
Digital Rights ManagementDigital Rights Management
Digital Rights ManagementSabrina Kirrane
 
Use of data in safe havens: ethics and reproducibility issues
Use of data in safe havens: ethics and reproducibility issuesUse of data in safe havens: ethics and reproducibility issues
Use of data in safe havens: ethics and reproducibility issuesLouise Corti
 
dkNET Webinar - Vivli: A Global Clinical Trials Data Sharing Platform 12/11/2020
dkNET Webinar - Vivli: A Global Clinical Trials Data Sharing Platform 12/11/2020dkNET Webinar - Vivli: A Global Clinical Trials Data Sharing Platform 12/11/2020
dkNET Webinar - Vivli: A Global Clinical Trials Data Sharing Platform 12/11/2020dkNET
 
Clare Sanderon, IG Solutions
Clare Sanderon, IG SolutionsClare Sanderon, IG Solutions
Clare Sanderon, IG SolutionsInvestnet
 
A Case for Expectation Informed Design - Full
A Case for Expectation Informed Design - FullA Case for Expectation Informed Design - Full
A Case for Expectation Informed Design - Fullgloriakt
 
20160523 23 Research Data Things
20160523 23 Research Data Things20160523 23 Research Data Things
20160523 23 Research Data ThingsKatina Toufexis
 
From personal health data to a personalized advice
From personal health data to a personalized adviceFrom personal health data to a personalized advice
From personal health data to a personalized adviceWessel Kraaij
 
Secure information sharing (sis) models
Secure information sharing (sis) modelsSecure information sharing (sis) models
Secure information sharing (sis) modelsAbu Osama
 
Data science and pending EU privacy laws - a storm on the horizon
Data science and pending EU privacy laws - a storm on the horizonData science and pending EU privacy laws - a storm on the horizon
Data science and pending EU privacy laws - a storm on the horizonDavid Stephenson, Ph.D.
 
Lessons from the UK: Data access, patient trust & real-world impact with heal...
Lessons from the UK: Data access, patient trust & real-world impact with heal...Lessons from the UK: Data access, patient trust & real-world impact with heal...
Lessons from the UK: Data access, patient trust & real-world impact with heal...Varsha Khodiyar
 
HISI conference 2016 - Dame Fiona Caldicott - Nov 16th 2016
HISI conference 2016 - Dame Fiona Caldicott - Nov 16th 2016HISI conference 2016 - Dame Fiona Caldicott - Nov 16th 2016
HISI conference 2016 - Dame Fiona Caldicott - Nov 16th 2016ipposi
 
iHT2 Health IT Summit in Austin 2012 – Deborah C. Peel, MD, Founder and Chai...
iHT2 Health IT Summit in Austin 2012 – Deborah C. Peel, MD, Founder and Chai...iHT2 Health IT Summit in Austin 2012 – Deborah C. Peel, MD, Founder and Chai...
iHT2 Health IT Summit in Austin 2012 – Deborah C. Peel, MD, Founder and Chai...Health IT Conference – iHT2
 
Data City | Data Nation: Health & Wellness Challenge
Data City | Data Nation: Health & Wellness ChallengeData City | Data Nation: Health & Wellness Challenge
Data City | Data Nation: Health & Wellness ChallengeDigital Catapult
 
Anonos Dynamic Data Obscurity - Privacy For The Interconnected World
Anonos Dynamic Data Obscurity - Privacy For The Interconnected WorldAnonos Dynamic Data Obscurity - Privacy For The Interconnected World
Anonos Dynamic Data Obscurity - Privacy For The Interconnected WorldTed Myerson
 
Privacy Preserving for Mobile Health Data
Privacy Preserving for Mobile Health DataPrivacy Preserving for Mobile Health Data
Privacy Preserving for Mobile Health DataIRJET Journal
 

Similaire à Privacy & innovation digital enterprise (20)

big-data-and-data-sharing_ethical-issues.pdf
big-data-and-data-sharing_ethical-issues.pdfbig-data-and-data-sharing_ethical-issues.pdf
big-data-and-data-sharing_ethical-issues.pdf
 
RCA CERN Grand Challenge 10 dec 2018
RCA CERN Grand Challenge 10 dec 2018RCA CERN Grand Challenge 10 dec 2018
RCA CERN Grand Challenge 10 dec 2018
 
Information Security Forum (ISF) Congress 2013
Information Security Forum (ISF) Congress 2013 Information Security Forum (ISF) Congress 2013
Information Security Forum (ISF) Congress 2013
 
Implementing Blockchain applications in healthcare
Implementing Blockchain applications in healthcareImplementing Blockchain applications in healthcare
Implementing Blockchain applications in healthcare
 
Review of Data Security, Consent and Opt-Outs
Review of Data Security, Consent and Opt-OutsReview of Data Security, Consent and Opt-Outs
Review of Data Security, Consent and Opt-Outs
 
Digital Rights Management
Digital Rights ManagementDigital Rights Management
Digital Rights Management
 
Use of data in safe havens: ethics and reproducibility issues
Use of data in safe havens: ethics and reproducibility issuesUse of data in safe havens: ethics and reproducibility issues
Use of data in safe havens: ethics and reproducibility issues
 
dkNET Webinar - Vivli: A Global Clinical Trials Data Sharing Platform 12/11/2020
dkNET Webinar - Vivli: A Global Clinical Trials Data Sharing Platform 12/11/2020dkNET Webinar - Vivli: A Global Clinical Trials Data Sharing Platform 12/11/2020
dkNET Webinar - Vivli: A Global Clinical Trials Data Sharing Platform 12/11/2020
 
Clare Sanderon, IG Solutions
Clare Sanderon, IG SolutionsClare Sanderon, IG Solutions
Clare Sanderon, IG Solutions
 
A Case for Expectation Informed Design - Full
A Case for Expectation Informed Design - FullA Case for Expectation Informed Design - Full
A Case for Expectation Informed Design - Full
 
20160523 23 Research Data Things
20160523 23 Research Data Things20160523 23 Research Data Things
20160523 23 Research Data Things
 
From personal health data to a personalized advice
From personal health data to a personalized adviceFrom personal health data to a personalized advice
From personal health data to a personalized advice
 
Secure information sharing (sis) models
Secure information sharing (sis) modelsSecure information sharing (sis) models
Secure information sharing (sis) models
 
Data science and pending EU privacy laws - a storm on the horizon
Data science and pending EU privacy laws - a storm on the horizonData science and pending EU privacy laws - a storm on the horizon
Data science and pending EU privacy laws - a storm on the horizon
 
Lessons from the UK: Data access, patient trust & real-world impact with heal...
Lessons from the UK: Data access, patient trust & real-world impact with heal...Lessons from the UK: Data access, patient trust & real-world impact with heal...
Lessons from the UK: Data access, patient trust & real-world impact with heal...
 
HISI conference 2016 - Dame Fiona Caldicott - Nov 16th 2016
HISI conference 2016 - Dame Fiona Caldicott - Nov 16th 2016HISI conference 2016 - Dame Fiona Caldicott - Nov 16th 2016
HISI conference 2016 - Dame Fiona Caldicott - Nov 16th 2016
 
iHT2 Health IT Summit in Austin 2012 – Deborah C. Peel, MD, Founder and Chai...
iHT2 Health IT Summit in Austin 2012 – Deborah C. Peel, MD, Founder and Chai...iHT2 Health IT Summit in Austin 2012 – Deborah C. Peel, MD, Founder and Chai...
iHT2 Health IT Summit in Austin 2012 – Deborah C. Peel, MD, Founder and Chai...
 
Data City | Data Nation: Health & Wellness Challenge
Data City | Data Nation: Health & Wellness ChallengeData City | Data Nation: Health & Wellness Challenge
Data City | Data Nation: Health & Wellness Challenge
 
Anonos Dynamic Data Obscurity - Privacy For The Interconnected World
Anonos Dynamic Data Obscurity - Privacy For The Interconnected WorldAnonos Dynamic Data Obscurity - Privacy For The Interconnected World
Anonos Dynamic Data Obscurity - Privacy For The Interconnected World
 
Privacy Preserving for Mobile Health Data
Privacy Preserving for Mobile Health DataPrivacy Preserving for Mobile Health Data
Privacy Preserving for Mobile Health Data
 

Plus de Sabrina Kirrane

Different perspectives on data science
Different perspectives on data scienceDifferent perspectives on data science
Different perspectives on data scienceSabrina Kirrane
 
Intelligent agents the vision revisited
Intelligent agents the vision revisitedIntelligent agents the vision revisited
Intelligent agents the vision revisitedSabrina Kirrane
 
SPECIAL ESWC project networking
SPECIAL ESWC project networkingSPECIAL ESWC project networking
SPECIAL ESWC project networkingSabrina Kirrane
 
DALICC ESWC Project Networking 2018
DALICC ESWC Project Networking 2018DALICC ESWC Project Networking 2018
DALICC ESWC Project Networking 2018Sabrina Kirrane
 
W3C Data Privacy Vocabularies and Controls Community Group
W3C Data Privacy Vocabularies and Controls Community GroupW3C Data Privacy Vocabularies and Controls Community Group
W3C Data Privacy Vocabularies and Controls Community GroupSabrina Kirrane
 
Propelling the Potential of Linked Data in Enterprises
Propelling the Potential of Linked Data in EnterprisesPropelling the Potential of Linked Data in Enterprises
Propelling the Potential of Linked Data in EnterprisesSabrina Kirrane
 
Cryptocurrencies and Blockchain technology
Cryptocurrencies and Blockchain technologyCryptocurrencies and Blockchain technology
Cryptocurrencies and Blockchain technologySabrina Kirrane
 

Plus de Sabrina Kirrane (7)

Different perspectives on data science
Different perspectives on data scienceDifferent perspectives on data science
Different perspectives on data science
 
Intelligent agents the vision revisited
Intelligent agents the vision revisitedIntelligent agents the vision revisited
Intelligent agents the vision revisited
 
SPECIAL ESWC project networking
SPECIAL ESWC project networkingSPECIAL ESWC project networking
SPECIAL ESWC project networking
 
DALICC ESWC Project Networking 2018
DALICC ESWC Project Networking 2018DALICC ESWC Project Networking 2018
DALICC ESWC Project Networking 2018
 
W3C Data Privacy Vocabularies and Controls Community Group
W3C Data Privacy Vocabularies and Controls Community GroupW3C Data Privacy Vocabularies and Controls Community Group
W3C Data Privacy Vocabularies and Controls Community Group
 
Propelling the Potential of Linked Data in Enterprises
Propelling the Potential of Linked Data in EnterprisesPropelling the Potential of Linked Data in Enterprises
Propelling the Potential of Linked Data in Enterprises
 
Cryptocurrencies and Blockchain technology
Cryptocurrencies and Blockchain technologyCryptocurrencies and Blockchain technology
Cryptocurrencies and Blockchain technology
 

Dernier

[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKJago de Vreede
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Zilliz
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfOverkill Security
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024The Digital Insurer
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 

Dernier (20)

[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 

Privacy & innovation digital enterprise

  • 1. Privacy  &  Innovation Sabrina  Kirrane,  Wirtschaftsuniversität Wien  
  • 2. 2013 2014 2015 2016 2017 2018 Draft  of  the  regulation 7/22/2012 Revisions  in  the  draft 3/12/2013 Discussions  in  the  EU  Council 5/19/2014 EU  Council  finalises  the  chapters 8/6/2015 Trilogue  starts 6/24/2015 Trilogue  agrees 12/17/2015 Comes  into  force 5/15/2018 The  General  Data  Protection  Regulation
  • 3. 2013 2014 2015 2016 2017 2018 Draft  of  the  regulation 7/22/2012 Revisions  in  the  draft 3/12/2013 Discussions  in  the  EU  Council 5/19/2014 EU  Council  finalises  the  chapters 8/6/2015 Trilogue  starts 6/24/2015 Trilogue  agrees 12/17/2015 Comes  into  force 5/15/2018 The  General  Data  Protection  Regulation
  • 4. Slide 4 Taken  from  CNIL's  twitter  account Impact  for  data  subjects?
  • 6. Innovation  via  Anonymisation! Which  K should   we  use  for   K-­‐Anonymity? The  GDPR  does  not  apply  to  anonymous   data  where  the    data  subject  is  no  longer   identifiable.
  • 7. K-­‐anonymity § A  record  cannot  be   distinguished  from  at   least  K-­‐1  others • Approach § Suppression  certain   values  of  the  attributes   are  replaced  by  an   asterisk § Generalization   individual  values  of   attributes  are  replaced   by  with  a  broader   category Samarati,  Pierangela,  and  Latanya Sweeney. Protecting  privacy  when  disclosing  information:  k-­‐anonymity  and  its  enforcement  through  generalization  and   suppression.  Technical  report,  SRI  International,  1998. Zipcode Age Disease 476** 2* Heart Disease 476** 2* Heart Disease 476** 2* Heart Disease 4790* ≥40 Flu 4790* ≥40 Heart Disease 4790* ≥40 Cancer 476** 3* Heart Disease 476** 3* Cancer 476** 3* Cancer A 3-anonymous patient table
  • 8. Is  K-­‐Anonymity  enough? Zipcode Age Disease 476** 2* Heart Disease 476** 2* Heart Disease 476** 2* Heart Disease 4790* ≥40 Flu 4790* ≥40 Heart Disease 4790* ≥40 Cancer 476** 3* Heart Disease 476** 3* Cancer 476** 3* Cancer A 3-anonymous patient table Bob Zipcode Age 47678 27 Carl Zipcode Age 47673 36 Homogeneity Attack Background Knowledge Attack Machanavajjhala,  Ashwin,  et  al.  "l-­‐diversity:  Privacy  beyond  k-­‐anonymity." ACM  Transactions  on  Knowledge  Discovery  from  Data  (TKDD) 1.1  (2007):  3. K-anonymity has deficiencies when sensitive values in an equivalence class lack diversity or the attacker has background knowledge
  • 9. Is  K-­‐Anonymity  &  L-­‐Diversity  enough? Bob Zip Age 47678 27 Zipcode Age Salary Disease 476** 2* 20K Gastric Ulcer 476** 2* 30K Gastritis 476** 2* 40K Stomach Cancer 4790* ≥40 50K Gastritis 4790* ≥40 100K Flu 4790* ≥40 70K Bronchitis 476** 3* 60K Bronchitis 476** 3* 80K Pneumonia 476** 3* 90K Stomach Cancer A 3-diverse patient table Conclusion o Bob’s salary is between [20k,40k]. o Bob has some stomach-related disease. L-diversity does not consider the semantic meanings of the sensitive values Similarity Attack Machanavajjhala,  Ashwin,  et  al.  "l-­‐diversity:  Privacy  beyond  k-­‐anonymity." ACM  Transactions  on  Knowledge  Discovery  from  Data  (TKDD) 1.1  (2007):  3. § Each  equivalence  class  has   at  least  L well-­‐represented   sensitive  values  
  • 10. Is  K-­‐Anonymity,  L-­‐Diversity  &  T-­‐Closeness  enough? • Distribution  of  sensitive   attributes  within  each  quasi   identifier  group  should  be   “close”  to  their  distribution  in   the  entire  original  database Age Zipcode …… Gender Disease 2* 476** …… Male Flu 2* 476** …… Male Heart Disease 2* 476** …… Male Cancer . . . . . . …… …… …… . . . . . . ≥50 4766* …… * Gastritis A released table Age Zipcode …… Gender Disease * * …… * Flu * * …… * Heart Disease * * …… * Cancer . . . . . . …… …… …… . . . . . . * * …… * Gastritis A completely generalised table Li,  Ninghui,  Tiancheng Li,  and  Suresh  Venkatasubramanian.  "t-­‐closeness:  Privacy  beyond  k-­‐anonymity  and  l-­‐diversity." Data  Engineering,  2007.  ICDE   2007.  IEEE  23rd  International  Conference  on.  IEEE,  2007. There are other anonymisation approaches however it is getting harder and harder to guarantee anonymity! Bob Zip Age 47678 27 Conclusion o Bob could have Flu, Heart Disease or Cancer! Background Knowledge Attack
  • 11. Is  K-­‐Anonymity,  L-­‐Diversity  &  T-­‐Closeness  enough? • A  layered  approach  to   anonymisationmay  be   needed • Even  then  K,  L &  T are   highly  dependent  on  the   data • Also,  there  is  a  tradeoff   between  anonymisation and  utility Which  K should   we  use  for   K-­‐Anonymity? Considering that it is getting harder and harder to guarantee anonymity, what is the alternative?
  • 12. Innovation  via  consent &  transparency?
  • 13. Innovation  via  consent &  transparency? What  level  of   consent  is   specific  enough? Can  we  adopt  a   soft  opt-­‐out   approach? Affirmative  action,  freely  given,  specific,   informed  and  unambiguous  indication
  • 14. Innovation  via  consent &  transparency? Can  we  adopt  a   soft  opt-­‐out   approach?• Condition  of  use § Consent  will  not  be  valid  if  the  individual  has  no   choice  but  to  give  their  consent • Opt-­‐In § Research  shows  that  users  spend  almost  no  time   browsing  the  text  of  the  agreement  before   clicking  the  box § It  is  far  from  clear  that  the  opt-­‐in  model  achieves   the  goal  of  informed § Opt-­‐Out § Facilitates  innovation  while  still  safeguarding   autonomy § Suitably  prominent  opt-­‐out  box  might  help  to   establish  that  clicking  the  button  was  a  positive   indication  of  consent Vayena,  Effy,  Anna  Mastroianni,  and  Jeffrey  Kahn.  "Caught  in  the  web:  informed  consent  for  online  health  research."Sci Transl Med 5.173   (2013).
  • 15. Innovation  via  consent &  transparency? What  level  of   consent  is   specific  enough? § We  need  a  non-­‐intrusive means  to   obtain  consent  for  new  usages § When  it  comes  to  data  driven  services   we  may  not  know  the  type  of  consent   we  need  a  priori • At  this  stage  it  is  difficult  to  say  what   constitutes  specific  enough
  • 16. Innovation  via  consent  &  transparency? Do  we  have  to   delete  data  from   logs  &  backups? -­‐Personal  data  that  is  corrected,  used,   consulted  or  otherwise  processed -­‐time  limits  should  be  established -­‐rectification  or  deletion
  • 17. Innovation  via  consent  &  transparency? Do  we  need    to   delete  data  from   logs  &  backups? • Time  limits  will  involve  a  major   cultural  change • In  the  case  of  rectification  it  may   suffice  to  update  data  in  the  line  of   business  application(s)   and  enter  a   new  record  in  the  log  indicating  that   the  data  was  updated  at  the  request   of  the  data  subject • It  might  be  possible  to  use   cryptographic   delete In the Era of Big Data how can we support consent and transparency at scale?
  • 19. Technical/Scientific  contact   Sabrina  Kirrane Vienna  University  of  Economics   and  Business sabrina.kirrane@wu.ac.at Adminsitrative contact   Philippe  Rohou ERCIM  W3C philippe.rohou@ercim.eu Scalable  Policy-­‐awarE Linked  Data  arChitecture for  prIvacy,  trAnsparencyand  compLiance