3.2 Goals and Principles - Privacy Flashcards
who are the stakeholders of privacy?
Users, businesses, regulators, public authorities etc.
why do we need privacy?
Societal perspective -Foundation of democracy -Freedom of speech Individual perspective -Free personal development -Ownership of personal data of any kind
what happens if we have no privacy?
- we are afraid of observations and consquences
- Hesitance to develop personally
What types of privacy protection exist?
- Data protection (by law)
- Privacy by design
- Technical data protection
what are the goals of “Data protection” (Datenschutz)?
- Measures for the protection of stored and transferred personal data
- protection of citizens against governmental institutions
what are the principles of data protection
Data minimisation
-The service should be offered with a minimum of needed data.
Information of data subject
-The person whose data is being stored, should know what has been stored.
Acceptance with consent
-The data subject is to be asked in advance.
What are main aspects of EU General Data Protection Regulation?
- Explicit vs. assumed consent(Art. 6-8)
- Right to be forgotten (demand that personal data be deleted if there are no grounds it be kept; art. 12,14,17)
- Easier access + transfer to different provider (Art. 20)
- Privacy by design and by default(Art. 25)
- Notification about data breaches(Art. 33,34)
- Higher fines, ≤ max(20 Mio. €, 4% turnover) (Art. 83)
what is the scope of the EU GDPR?
- Processing of personal data at least partly by automated means or as part of a filing system
- Establishment of controller/processor in EU
- Data subject in the EU
- -Even if processing takes place outside of EU, provided that goods/services are offered (regardless of payment) or behaviour is monitored
What is personal data regarding to the EU GDPR?
- any information relating to an identified or identifiable natural person
- Identifiable directly or indirectly by reference
- -Name
- -ID Number
- -Location Data
- -Online identifier
What is proccessing regarding to the EU GDPR?
any operation on personal data
- Collection
- Recording
- Adaption (Anpassung)
- Retrieval (Abrufen)
- Restriction, destruction
What is privacy by design regarding to the EU GDPR?
- Implement measures (e.g. pseudonymisation) for data minimisation
- Ensure that by default only necessary personal data is processed
- Amount, storage period, accessibility
What are the principles of privacy by design?
- Proactive not Reactive; Preventative not Remedial
- Privacy as the Default Setting
- Privacy Embedded into Design
- Full Functionality –Positive-Sum, not Zero-Sum
- End-to-End Security –Full Lifecycle Protection
- Visibilityand Transparency–Keep it Open
- Respect for User Privacy –Keep it User-Centric