privacy management in smart citieseu-smartcities.eu/sites/default/files/2017-10/eip-scc 2nd...
TRANSCRIPT
EIP-SCC Citizen Focus
Privacy Management in Smart Cities
Antonio Kung
Chris Cooper
12/05/2016 EIP-SCC Webinar: Addressing Privacy in Smart Cities 1
EIP-SCC Citizen Focus
Introduction Speaker
• Antonio Kung, Trialog (www.trialog.com,FR)
– Engineering background - CTO
– ISO activities on privacy engineering (SC27/WG5)
– OASIS activities on privacy-by-design (PMRM, PbD-SE)
– Member
• PRIPARE support action (pripareproject.eu)
– Handbook (March 7th 2016 Press release)
• Methodological Tools to Implement Privacy and Foster Compliance with the GDPR
12/05/2016 EIP-SCC Webinar: Addressing Privacy in Smart Cities 2
EIP-SCC Citizen Focus
Introduction Speaker
• Chris Cooper, KnowNow (www.kn-i.com,UK) • Chartered Engineer - CTO for KnowNow
• 20 years in IT - Enterprise Architect
• Member City Standards Institute @CitiesStandards
• Participant in Open Consent Group (openconsent.org)
• Active in Privacy & Data Trust Network (pdtn.org)
• Participated in EIP-SCC since 2014
• Involved in Citizen Centric Data since 2015
12/05/2016 EIP-SCC Webinar: Addressing Privacy in Smart Cities 3
EIP-SCC Citizen Focus
Privacy Management from the demand-side to the
supply-side
12/05/2016 EIP-SCC Webinar: Addressing Privacy in Smart Cities 4
EIP-SCC Citizen Focus
GDPR: General Data Protection Regulation Published on May 4th 2016
Enter into force on May 24th 2016 Apply on May 25th 2018
• Privacy-by-design (PbD) and by-default • Privacy Impact Assessment (PIA) • Data Protection Officers
– All public authorities – Companies processing more than 5000 data subjects
• Sanctions for breaches – up to 20,000,000 EUR – up to 4% of the annual worldwide turnover
12/05/2016 EIP-SCC Webinar: Addressing Privacy in Smart Cities 5
EIP-SCC Citizen Focus
Definitions
• Privacy-by-design: PbD
– Institutionalisation of privacy management
– Integration of privacy concern in the engineering of systems
• Privacy-by-default
– Highest level of protection by default
• Privacy Impact assessment: PIA
– Process that evaluates impact on privacy
• Note that the GDPR uses the term “data protection” instead of “privacy”
12/05/2016 EIP-SCC Webinar: Addressing Privacy in Smart Cities 6
EIP-SCC Citizen Focus
Privacy in Complex Ecosystems
12/05/2016 EIP-SCC Webinar: Addressing Privacy in Smart Cities 7
Security
Privacy
Safety Smart grid
Transport
Health
Smart Cities
Big data
IoT
Ecosystems Domains Concerns
EIP-SCC Citizen Focus
Privacy Management in Ecosystem
12/05/2016 EIP-SCC Webinar: Addressing Privacy in Smart Cities 8
Operator Data Controller
Operator Data processor
Request Service
Comply with
Privacy Legal Obligations
Supplier Integrator
Procurement contract
Supplier others
PIA / Pbd Purpose specified
PIA / PbD No purpose
specified
Apply
Apply Citizen Purpose info Consent Trust Empowerment
Interact with
Is informed
Smart city stakeholder
EIP-SCC Citizen Focus
Several Types of Concerns
12/05/2016 EIP-SCC Webinar: Addressing Privacy in Smart Cities 9
Stakeholder Legal
Compliance Level
Management Level
System Lifecycle
Level
Demand side Policy maker Compliance Check
Operator Data Controller Regulation
GPDR
Privacy Impact
Assessment PIA
Privacy-by-Design
PbD
Supply side
Operator Data processor
Supplier Operators Requirements
EIP-SCC Citizen Focus
GDPR
Demand Side Concern
• Compliance Check for accountability
12/05/2016 EIP-SCC Webinar: Addressing Privacy in Smart Cities 10
Data analytics Data transformation
Data exchange Data storage Data collecting
Chain of data controllers / data processors
PIA
PbD
GDPR
PIA
PbD
GDPR
PIA
PbD
GDPR
PIA
PbD
GDPR
PIA
PbD
EIP-SCC Citizen Focus
Operator vs Supplier Concerns
• Operator concerns
– Data controller and data processor obligations in the data chain
• Supplier concerns?
– Meet market demand
12/05/2016 EIP-SCC Webinar: Addressing Privacy in Smart Cities 11
Product supplier
Product
Product operator
GDPR
PIA
PbD
EIP-SCC Citizen Focus
Supplier Concerns?
12/05/2016 EIP-SCC Webinar: Addressing Privacy in Smart Cities
Middleware
Sensor
OS Security module
Electronics
Smart device
Device Cloud solution
Smart City Application operator
Sup
ply
Ch
ain
Issues • Purpose
unknown
• Big supplier VS small operator
GDPR PIA PbD
GDPR ?
PIA ?
PbD ?
EIP-SCC Citizen Focus
Privacy-by-design and Privacy Impact Assessment
Engineering viewpoint
It’s all about integration
12/05/2016 EIP-SCC Webinar: Addressing Privacy in Smart Cities 13
EIP-SCC Citizen Focus
Integrating Privacy Concerns in the Lifecycle
12/05/2016 EIP-SCC Webinar: Addressing Privacy in Smart Cities 14
Privacy concern Privacy
concern
Privacy concern
Privacy concern
Privacy concern
Privacy concern
EIP-SCC Citizen Focus
Privacy-by-design Lifecycle Process
PIA Process
A Glimpse on the Process
12/05/2016 EIP-SCC Webinar: Addressing Privacy in Smart Cities 15
Analysis Design Privacy controls
Privacy Principles
Privacy Requirements
Architecture
PETs
PIA Phase 1
PIA Phase 2
EIP-SCC Citizen Focus
Privacy Principles
12/05/2016 EIP-SCC Webinar: Addressing Privacy in Smart Cities 16
• Seven principles from Ann Cavoukian
– Proactive not reactive, privacy as default setting, privacy-by-design, positive sum, security, transparency, user-centric
• ISO 29100 – privacy framework
– Consent and choice, purpose, collection limitation, data minimization, use limitation, accuracy and quality, openness/transparency/notice, individual participation and access, accountability, security,
Analysis Design Privacy Principles
Requirements
Architecture
PETs
EIP-SCC Citizen Focus
Analysis
• Identify privacy policies and privacy management requirements
12/05/2016 EIP-SCC Webinar: Addressing Privacy in Smart Cities 17
Service Purpose
OASIS PMRM Privacy Management Reference Model and Methodology
Agreement Management of permissions and rules
Usage Controlling personal data usage
Validation Checking personal data
Certification Checking stakeholders credentials
Enforcement Monitor operations and react to exceptions / Accountability
Security Safeguard privacy information and operations
Interaction Information presentation and communication
Access Data subject access to their personal data
Analysis Design Privacy Principles
Requirements
Architecture
PETs
EIP-SCC Citizen Focus
Design Strategies
12/05/2016 EIP-SCC Webinar: Addressing Privacy in Smart Cities 18
Jaap Henk Hoepman Design strategies
1 Minimization Select collecting, anonymisation / pseudonyms
2 Hide Encryption of data, mix networks, hide traffic patterns, attribute based credentials, anonymisation / pseudonyms
3 Separate Partitioning
4 Aggregate Aggregation over time, dynamic location granularity, k-anonymity, differential privacy
5 Inform Platform for privacy preferences, Data breach notification
6 Control User centric identity management, end-to-end encryption support control
7 Enforce Access control, Sticky policies and privacy rights management
8 Demonstrate Privacy management systems, use of logging and auditing
Analysis Design Privacy Principles
Requirements
Architecture
PETs
EIP-SCC Citizen Focus
Design Strategies can Change Requirements
12/05/2016 EIP-SCC Webinar: Addressing Privacy in Smart Cities 19
Collect Birth date
Data minimisation
Do not collect Birth date
Get a proof > 18 year old
Design Privacy controls
Attribute-based credentials
EIP-SCC Citizen Focus
PIA Process
• Risk analysis (example : CNIL risk analysis)
12/05/2016 EIP-SCC Webinar: Addressing Privacy in Smart Cities 20
Analysis Design Privacy Principles
Requirements
Architecture
PETs
Absolutely avoided or
reduced
Must be avoided or
reduced
Must be reduced
These risks may be taken
Negligible Likelihood
Limited Likelihood
Significant Likelihood
Maximum Likelihood
Negligible Severity
Limited Severity
Significant Severity
Maximum Severity
EIP-SCC Citizen Focus
Current Standards and Practices
It’s all about integration
12/05/2016 EIP-SCC Webinar: Addressing Privacy in Smart Cities 21
EIP-SCC Citizen Focus
Standards, References, Practices • Principles
– Ann Cavoukian seven’s principles – ISO 29100 privacy framework (freely accessible)
• Impact assessment – ISO 29134 privacy impact assessment (in progress) – Data Protection Authority guidelines
• UK • France • Spain • Germany (BSI)
– Domain specific guidelines • Smart grid • Biometrics • RFid • Cloud
12/05/2016 EIP-SCC Webinar: Addressing Privacy in Smart Cities 22
EIP-SCC Citizen Focus
Standards, References, Practices
• Risk management – CNIL PIA methodology
– NISTIR 8062 Privacy Risk Management Framework for Federal Information Systems
• Analysis and Design – OASIS Privacy management reference model and methodology
– ISO 29151 personally identifiable information privacy control (in progress)
– Privacy Patterns (in the making)
• privacypatterns.org
• Privacypatterns.eu
12/05/2016 EIP-SCC Webinar: Addressing Privacy in Smart Cities 23
EIP-SCC Citizen Focus
Standards, References, Practices • Entire Lifecycle
– PRIPARE methodology handbook (pripareproject.eu) – New ISO work item: Privacy engineering – And wealth of standards on engineering such as
• Software and systems – ISO 29148 Requirements engineering – ISO 42010 Architecture – ISO 42020 Architecture Processes – ISO 15288 System Life Cycle Processes – ISO 12207 Software Life Cycle Processes – ISO 29110 Systems and Software Life Cycle Profiles and Guidelines for Very
Small Entities
• Domain specific standards – Automotive – Railways – Grid – …
12/05/2016 EIP-SCC Webinar: Addressing Privacy in Smart Cities 24
EIP-SCC Citizen Focus
It’s about Learning and Practicing
12/05/2016 EIP-SCC Webinar: Addressing Privacy in Smart Cities 25
EIP-SCC Citizen Focus
How can EIP-SCC help?
• EIP-SCC is the opportunity to work together
– on the integration of privacy management
– on compliance with GDPR
• EIP-SCC includes – Representatives of smart cities
– Smart cities development projects
– … and stakeholders promoting citizen focus
12/05/2016 EIP-SCC Webinar: Addressing Privacy in Smart Cities 26
EIP-SCC Citizen Focus
Smart Cities Representatives Concerns
• Ensuring compliance of supply side
– Relation with application operators (data controllers/processors)
– Overall compliance of chain of application operators
• Supervision and incident management
• Public relations management
12/05/2016 EIP-SCC Webinar: Addressing Privacy in Smart Cities 27
EIP-SCC Citizen Focus
Helping Smart Cities Representatives
• Identify approaches/guidelines/recommendations – for compliance assurance
• GDPR
• PIA practice
• PbD practice
– for supervision and incident management
– for interactions with citizens
• Consent
• Define privacy management integration plans – Synchronised with smart cities roadmap
• Experimenting with smart city projects
12/05/2016 EIP-SCC Webinar: Addressing Privacy in Smart Cities 28
EIP-SCC Citizen Focus
Application Operators Concerns
• GPDR compliance
• PIA compliance
• PbD compliance
Data analytics Data transformation
Data exchange Data storage Data collecting
GDPR
PIA
PbD
Purpose known
12/05/2016 EIP-SCC Webinar: Addressing Privacy in Smart Cities 29
EIP-SCC Citizen Focus
Helping Application Operators
• Compliance guidelines
• Privacy impact assessment practice
• Privacy-by-design practice
Application Operator
Smart cities Stakeholders Guidelines
12/05/2016 EIP-SCC Webinar: Addressing Privacy in Smart Cities 30
EIP-SCC Citizen Focus
Suppliers Concerns
• Categorised requirements
Middleware
Sensor
OS Security module
Electronics
Smart device Device Cloud solution GDPR
?
PIA ?
PbD ?
Purpose unknown
12/05/2016 EIP-SCC Webinar: Addressing Privacy in Smart Cities 31
EIP-SCC Citizen Focus
Helping Suppliers
• Categorised compliance guidelines
• Categorised privacy impact assessment practice
• Categorised generic privacy-by-design practice
Supplier Application Operators Guidelines
12/05/2016 EIP-SCC Webinar: Addressing Privacy in Smart Cities 32
EIP-SCC Citizen Focus
Volunteering Smart Cities
• Nominate privacy officer – coordinates within SCC
• Participate to the work on approaches/guidelines/recommendations – for compliance assurance
– for supervision and incident management
– for interactions with citizen
• Get help in the definition of privacy management integration plans – Synchronised their roadmap
• Practice within smart city projects
12/05/2016 EIP-SCC Webinar: Addressing Privacy in Smart Cities 33
EIP-SCC Citizen Focus
Volunteering Smart City Projects
• Nominate a privacy officer stakeholder
– Coordinates within SCC
• Participate to the definition of guidelines for operators
• Participate to the definition of guidelines for suppliers
• Practice – GPDR compliance
– PIA compliance
– PbD compliance
GDPR
PIA
PbD
12/05/2016 EIP-SCC Webinar: Addressing Privacy in Smart Cities 34
EIP-SCC Citizen Focus
EIP-SCC Support
• Define a training program (and resource plan)
• Define a support program (and resource plan)
• Support volunteering cities and projects – Help define roadmap
– Help define privacy management integration
12/05/2016 EIP-SCC Webinar: Addressing Privacy in Smart Cities 35
EIP-SCC Citizen Focus
Next steps
• Open discussion with a number of Smart City Stakeholders and Smart city Projects during general assembly
12/05/2016 EIP-SCC Webinar: Addressing Privacy in Smart Cities 36