Goals and Principles - Privacy

Question 1

who are the stakeholders of privacy?

Answer 1

Users, businesses, regulators, public authorities etc.

Question 2

why do we need privacy?

Answer 2

Societal perspective
   -Foundation of democracy
   -Freedom of speech
Individual perspective
   -Free personal development
   -Ownership of personal data of any kind

Question 3

what happens if we have no privacy?

Answer 3

• we are afraid of observations and consquences

- Hesitance to develop personally

Question 4

What types of privacy protection exist?

Answer 4

• Data protection (by law)
• Privacy by design
• Technical data protection

Question 5

what are the goals of “Data protection” (Datenschutz)?

Answer 5

• Measures for the protection of stored and transferred personal data
• protection of citizens against governmental institutions

Question 6

what are the principles of data protection

Answer 6

Data minimisation
-The service should be offered with a minimum of needed data.
Information of data subject
-The person whose data is being stored, should know what has been stored.
Acceptance with consent
-The data subject is to be asked in advance.

Question 7

What are main aspects of EU General Data Protection Regulation?

Answer 7

• Explicit vs. assumed consent(Art. 6-8)
• Right to be forgotten (demand that personal data be deleted if there are no grounds it be kept; art. 12,14,17)
• Easier access + transfer to different provider (Art. 20)
• Privacy by design and by default(Art. 25)
• Notification about data breaches(Art. 33,34)
• Higher fines, ≤ max(20 Mio. €, 4% turnover) (Art. 83)

Question 8

what is the scope of the EU GDPR?

Answer 8

• Processing of personal data at least partly by automated means or as part of a filing system
• Establishment of controller/processor in EU
• Data subject in the EU
• -Even if processing takes place outside of EU, provided that goods/services are offered (regardless of payment) or behaviour is monitored

Question 9

What is personal data regarding to the EU GDPR?

Answer 9

• any information relating to an identified or identifiable natural person
• Identifiable directly or indirectly by reference
• -Name
• -ID Number
• -Location Data
• -Online identifier

Question 10

What is proccessing regarding to the EU GDPR?

Answer 10

any operation on personal data

• Collection
• Recording
• Adaption (Anpassung)
• Retrieval (Abrufen)
• Restriction, destruction

Question 11

What is privacy by design regarding to the EU GDPR?

Answer 11

• Implement measures (e.g. pseudonymisation) for data minimisation
• Ensure that by default only necessary personal data is processed
• Amount, storage period, accessibility

Question 12

What are the principles of privacy by design?

Answer 12

1. Proactive not Reactive; Preventative not Remedial
2. Privacy as the Default Setting
3. Privacy Embedded into Design
4. Full Functionality –Positive-Sum, not Zero-Sum
5. End-to-End Security –Full Lifecycle Protection
6. Visibilityand Transparency–Keep it Open
7. Respect for User Privacy –Keep it User-Centric