SlideShare una empresa de Scribd logo

ICO Data Protection Officer Conference Privacy Technology Outlook

R
racingsnake

Robin Wilton presented at the ICO Data Protection Officer Conference in March 2010 in Salford. He discussed the relationship between identity and privacy using the "onion model" to represent layers of personal information. Wilton addressed challenges to online privacy such as managing metadata and finding workable privacy metaphors. He highlighted several projects taking privacy principles to practical applications and encouraged participation in the Kantara Initiative to further such work.

TecnologíaNoticias y política
1 de 12
Descargar para leer sin conexión
ICO Data Protection Officer Conference March 2010 Salford A Privacy and Technology Outlook Robin Wilton Director, Future Identity Ltd Director of Privacy and Public Policy, Kantara Initiative Future identity
Do any of these strike a chord? “You have zero privacy anyway. “If you have something that you Get over it” (45) don't want anyone to know, maybe you shouldn't be doing it “Privacy in the first place” (56) is no longer a social norm” (25) “People forgive and forget; computers can't do either” [Voiceover: It will be a strange day indeed when the definitive arbiter of social privacy norms is a single white 25-year-old male billionaire college drop-out...] Future identity
“Ladders, Onions, and Surfing Naked...” Topics for this session: ● How are identity and privacy related? ● What is privacy anyway, and why is it important? ● Is privacy just a matter of protecting PII? ● What future challenges does online privacy present? This presentation draws on the input of many people, including: ● The Liberty Alliance Privacy Summit participants ● Bob Blakley and Ian Glazer of Burton Group ● Dr Mireille Hildebrandt, Vrije Universiteit Brussel My sincere thanks to all of them Future identity
How are identity and privacy related? (The 'Onion' Model) ● The BIS (Basic Identifier Set) is what usually suffices to provide 'proof of uniqueness' ● Credentials usually encapsulate data from multiple 'rings' of the onion ● One 'good practice' approach is for B.I.S credentials to 'gravitate' towards the centre – i.e. not be overloaded with “Other PII” attribute data, but provide: ● the means to link to it; Attributes ● proof of uniqueness. Credentials are not privacy-neutral ● e.g. Using a driver's license to prove your age reveals more than your age; ● By their nature, credentials tend to make transactions 'linkable'; ● Privacy-enhancing systems will (must) be better at attribute-level disclosures, or better still, “Yes/No” answers to attribute-level questions. (cf. Dave Birch's paper on the "Psychic ID" metaphor) http://www.springerlink.com/content/hk1p8r133867x402/fulltext.pdf Future identity
Slicing the Onion ● A 'segment' of the onion may correspond to sector-specific data (healthcare, tax, employment...). ● Some sectors are 'informal' – such as the separation between your Flickr and B.I.S MySpace accounts. ● Others, you might prefer to keep strictly “Other PII” separate – such as online banking. Attributes ● One way to look at privacy is as the preservation of “contextual integrity” between sectoral data sets (Helen Nissenbaum, via Piotr Cofta of BT) We become uneasy if our personal data shows up 'out of context'... Future identity
What risks does this model suggest? ● Privacy is not a 'state': it's a relationship, often involving multiple parties. And like any relationship: ● Privacy brings interests and motivations into conflict: ● What we tell different people often depends on context; ● There are rules – mostly implicit: ● When third parties exchange data about you, is that co-operation or collusion? B.I.S ● Like any relationship, without maintenance and management it may go awry. “Other PII” Attributes Intuitively we know all these things, because humans are social animals... and yet ... Future identity
Beyond the Onion: the DAO of privacy... Increasingly, third parties interact with you based on data at the edge of the Onion and beyond... D.A.O. − Data About You: with enough of your attributes, and/or linkability, you can be identified even if you're not asked for credentials; D.A.P.L.Y. − Data About People Like You: if you can be categorised, third parties will apply inferences from D.A.Y. other 'group' characteristics; − Data About Others: mass data mining makes third party intervention viable without you disclosing any PII. “You don't have to be in the statistics to be affected by the statistics” (Jason Pridmore) Future identity
Flawed Perceptions ● The online world neither works nor behaves like the real world; despite occasional appearances to the contrary... ● The online world often presents us with metaphors, but not ones which would help us overcome these differences. ● We therefore frequently – and willingly - base our behaviour on a flawed perception of risks and the reality which gives rise to them. In other words, we could be surfing naked and not even know it. Brrr. Future identity
Getting the Privacy 'Big Picture' ● “Privacy management” implies being aware of relationships and contexts, and acting accordingly; ● It means taking diverse, legitimate stakeholder perspectives into account; ● It needs a new set of metaphors, which help build a privacy- enhancing culture: 'protocol rules' are not the same as 'social rules'; ● It will involve privacy-enhancing technologies, but those are doomed without a privacy-enhancing ecosystem of governance, adoption and behaviours which, largely, remain to be developed; ● So: what are some of the challenges, if online privacy is to have a future? Privacy is not about secrecy: it's about disclosure... but disclosure with consent and control appropriate to the context. Future identity
Challenges Managing meta-data: − Implied by most governance regimes - strongly indicated for good practice; − Sticky policy: preserving privacy preferences “beyond first disclosure” − Managing revocation as well as disclosure. Finding workable metaphors for online privacy concepts: − Personas, contextual integrity; − Informed consent in social networks. Managing attribute-level assertions:  If credentials are “minimalist”, attribute management becomes critical;  “Yes/No” answers need to be built in from early on;  How to address the “DAO” problem:  “You don't have to be in the statistics to be affected by the statistics” (Pridmore). Future identity
Practical next steps Talk to the stakeholders, and reflect their perspectives and their needs in the 'ecosystem': There are tried and tested models for productive multi- stakeholder conversations. Several relevant projects taking principles to practicalities: PrimeLife (EU): whole-life privacy/identity management; VOME and EnCoRe (UK): privacy perception, consent, revocation; The Kantara Initiative (w/w) has work-groups on: ● User-managed access to personal data ● Information-sharing and user preferences ● Privacy and public policy ● Identity assurance ... and would welcome your projects and participation http://kantarainitiative.org Future identity
ICO Data Protection Officer Conference March 2010 Salford Thank you... ... any questions? Robin Wilton Director, Future Identity Ltd Director of Privacy and Public Policy, Kantara Initiative mail@futureidentity.eu +44 (0)705 005 2931 http://futureidentity.eu http://futureidentity.blogspot.com Future identity

Recomendados

Interpersonal data, identity, and relationships – in pursuit of collective mi...
Interpersonal data, identity, and relationships – in pursuit of collective mi...Interpersonal data, identity, and relationships – in pursuit of collective mi...
Interpersonal data, identity, and relationships – in pursuit of collective mi...SSIMeetup
 
Insight analytics: Identity Nexus - The Future of Consumer Personal Information
Insight analytics: Identity Nexus - The Future of Consumer Personal InformationInsight analytics: Identity Nexus - The Future of Consumer Personal Information
Insight analytics: Identity Nexus - The Future of Consumer Personal InformationKaliya "Identity Woman" Young
 
The future of Content management when the mobile Broadcasts Intent
The future of Content management when the mobile Broadcasts Intent The future of Content management when the mobile Broadcasts Intent
The future of Content management when the mobile Broadcasts Intent Tony Fish
 
Big Data
Big Data Big Data
Big Data Tony Fish
 
Big Data.... and digital footprint
Big Data.... and digital footprintBig Data.... and digital footprint
Big Data.... and digital footprintTony Fish
 
Jonathan Cave, University of Warwick (Plenary): Agreeing to Disagree About Pr...
Jonathan Cave, University of Warwick (Plenary): Agreeing to Disagree About Pr...Jonathan Cave, University of Warwick (Plenary): Agreeing to Disagree About Pr...
Jonathan Cave, University of Warwick (Plenary): Agreeing to Disagree About Pr...i_scienceEU
 
Iot privacy vs convenience
Iot privacy vs convenienceIot privacy vs convenience
Iot privacy vs convenienceDon Lovett
 
Social life in digital societies: Trust, Reputation and Privacy EINS summer s...
Social life in digital societies: Trust, Reputation and Privacy EINS summer s...Social life in digital societies: Trust, Reputation and Privacy EINS summer s...
Social life in digital societies: Trust, Reputation and Privacy EINS summer s...i_scienceEU
 

Recomendados

Interpersonal data, identity, and relationships – in pursuit of collective mi...
Interpersonal data, identity, and relationships – in pursuit of collective mi...Interpersonal data, identity, and relationships – in pursuit of collective mi...
Interpersonal data, identity, and relationships – in pursuit of collective mi...SSIMeetup
 
Insight analytics: Identity Nexus - The Future of Consumer Personal Information
Insight analytics: Identity Nexus - The Future of Consumer Personal InformationInsight analytics: Identity Nexus - The Future of Consumer Personal Information
Insight analytics: Identity Nexus - The Future of Consumer Personal InformationKaliya "Identity Woman" Young
 
The future of Content management when the mobile Broadcasts Intent
The future of Content management when the mobile Broadcasts Intent The future of Content management when the mobile Broadcasts Intent
The future of Content management when the mobile Broadcasts Intent Tony Fish
 
Big Data
Big Data Big Data
Big Data Tony Fish
 
Big Data.... and digital footprint
Big Data.... and digital footprintBig Data.... and digital footprint
Big Data.... and digital footprintTony Fish
 
Jonathan Cave, University of Warwick (Plenary): Agreeing to Disagree About Pr...
Jonathan Cave, University of Warwick (Plenary): Agreeing to Disagree About Pr...Jonathan Cave, University of Warwick (Plenary): Agreeing to Disagree About Pr...
Jonathan Cave, University of Warwick (Plenary): Agreeing to Disagree About Pr...i_scienceEU
 
Iot privacy vs convenience
Iot privacy vs convenienceIot privacy vs convenience
Iot privacy vs convenienceDon Lovett
 
Social life in digital societies: Trust, Reputation and Privacy EINS summer s...
Social life in digital societies: Trust, Reputation and Privacy EINS summer s...Social life in digital societies: Trust, Reputation and Privacy EINS summer s...
Social life in digital societies: Trust, Reputation and Privacy EINS summer s...i_scienceEU
 
Extreme Information - 8 Charts That Tell You Everything You Need to Know
Extreme Information - 8 Charts That Tell You Everything You Need to KnowExtreme Information - 8 Charts That Tell You Everything You Need to Know
Extreme Information - 8 Charts That Tell You Everything You Need to KnowJohn Mancini
 
Engineering Authority
Engineering AuthorityEngineering Authority
Engineering AuthoritySteve Waldman
 
Newrulesforlivinginadigitalage 101101063746-phpapp01
Newrulesforlivinginadigitalage 101101063746-phpapp01Newrulesforlivinginadigitalage 101101063746-phpapp01
Newrulesforlivinginadigitalage 101101063746-phpapp01Lokinos
 
Who and how am I online
Who and how am I onlineWho and how am I online
Who and how am I onlineJISC SSBR
 
Cookies and Data Protection - a Practitioner's perspective
Cookies and Data Protection - a Practitioner's perspectiveCookies and Data Protection - a Practitioner's perspective
Cookies and Data Protection - a Practitioner's perspectiveCastlebridge Associates
 
MindingTheCloud_NPR_Sum2014-no cover
MindingTheCloud_NPR_Sum2014-no coverMindingTheCloud_NPR_Sum2014-no cover
MindingTheCloud_NPR_Sum2014-no coverPJStarr
 
Trust Factory Slides (2015)
Trust Factory Slides (2015)Trust Factory Slides (2015)
Trust Factory Slides (2015)Timothy Holborn
 
Feb 2020 - Senate Submission Financial Technology and Regulatory Technology
Feb 2020 - Senate Submission Financial Technology and Regulatory TechnologyFeb 2020 - Senate Submission Financial Technology and Regulatory Technology
Feb 2020 - Senate Submission Financial Technology and Regulatory TechnologyTimothy Holborn
 
SSI Meetup – interpersonal data, identity and collective minds
SSI Meetup – interpersonal data, identity and collective mindsSSI Meetup – interpersonal data, identity and collective minds
SSI Meetup – interpersonal data, identity and collective mindsPhilip Sheldrake
 
Personal identity Management
Personal identity ManagementPersonal identity Management
Personal identity ManagementGeorge Roberts
 
Security & Privacy of Information Technology
Security & Privacy of Information TechnologySecurity & Privacy of Information Technology
Security & Privacy of Information TechnologyAshish Mathew
 
Privacy, Emerging Technology, and Information Professionals
Privacy, Emerging Technology, and Information ProfessionalsPrivacy, Emerging Technology, and Information Professionals
Privacy, Emerging Technology, and Information ProfessionalsCentre for Advanced Management Education
 
Information Privacy
Information PrivacyInformation Privacy
Information Privacyprimeteacher32
 
Information privacy
Information privacyInformation privacy
Information privacyNicholas Davis
 
Privacy in the Information Age [Q3 2015 version]
Privacy in the Information Age [Q3 2015 version]Privacy in the Information Age [Q3 2015 version]
Privacy in the Information Age [Q3 2015 version]Jordan Peacock
 
Privacy , Security and Ethics Presentation
Privacy , Security and Ethics PresentationPrivacy , Security and Ethics Presentation
Privacy , Security and Ethics PresentationHajarul Cikyen
 
Piecing Together Your Personal Privacy Profile (CPV 2021)
Piecing Together Your Personal Privacy Profile (CPV 2021)Piecing Together Your Personal Privacy Profile (CPV 2021)
Piecing Together Your Personal Privacy Profile (CPV 2021)Margaret Fero
 
Business considerations for privacy and open data: how not to get caught out
Business considerations for privacy and open data: how not to get caught outBusiness considerations for privacy and open data: how not to get caught out
Business considerations for privacy and open data: how not to get caught outtheODI
 
Digital Privacy Revisited
Digital Privacy RevisitedDigital Privacy Revisited
Digital Privacy RevisitedFing
 
How fluently do you speak data
How fluently do you speak dataHow fluently do you speak data
How fluently do you speak dataMary Aviles
 
Algorithms and Fundamental Rights - Jeroen van den Hoven
Algorithms and Fundamental Rights - Jeroen van den HovenAlgorithms and Fundamental Rights - Jeroen van den Hoven
Algorithms and Fundamental Rights - Jeroen van den HovenDelft Design for Values Institute
 
Itri icl 0116_distribute
Itri icl 0116_distributeItri icl 0116_distribute
Itri icl 0116_distributeFuming Shih
 

Más contenido relacionado

La actualidad más candente

Extreme Information - 8 Charts That Tell You Everything You Need to Know
Extreme Information - 8 Charts That Tell You Everything You Need to KnowExtreme Information - 8 Charts That Tell You Everything You Need to Know
Extreme Information - 8 Charts That Tell You Everything You Need to KnowJohn Mancini
 
Engineering Authority
Engineering AuthorityEngineering Authority
Engineering AuthoritySteve Waldman
 
Newrulesforlivinginadigitalage 101101063746-phpapp01
Newrulesforlivinginadigitalage 101101063746-phpapp01Newrulesforlivinginadigitalage 101101063746-phpapp01
Newrulesforlivinginadigitalage 101101063746-phpapp01Lokinos
 
Who and how am I online
Who and how am I onlineWho and how am I online
Who and how am I onlineJISC SSBR
 
Cookies and Data Protection - a Practitioner's perspective
Cookies and Data Protection - a Practitioner's perspectiveCookies and Data Protection - a Practitioner's perspective
Cookies and Data Protection - a Practitioner's perspectiveCastlebridge Associates
 
MindingTheCloud_NPR_Sum2014-no cover
MindingTheCloud_NPR_Sum2014-no coverMindingTheCloud_NPR_Sum2014-no cover
MindingTheCloud_NPR_Sum2014-no coverPJStarr
 
Trust Factory Slides (2015)
Trust Factory Slides (2015)Trust Factory Slides (2015)
Trust Factory Slides (2015)Timothy Holborn
 
Feb 2020 - Senate Submission Financial Technology and Regulatory Technology
Feb 2020 - Senate Submission Financial Technology and Regulatory TechnologyFeb 2020 - Senate Submission Financial Technology and Regulatory Technology
Feb 2020 - Senate Submission Financial Technology and Regulatory TechnologyTimothy Holborn
 
SSI Meetup – interpersonal data, identity and collective minds
SSI Meetup – interpersonal data, identity and collective mindsSSI Meetup – interpersonal data, identity and collective minds
SSI Meetup – interpersonal data, identity and collective mindsPhilip Sheldrake
 
Personal identity Management
Personal identity ManagementPersonal identity Management
Personal identity ManagementGeorge Roberts
 

La actualidad más candente (10)

Extreme Information - 8 Charts That Tell You Everything You Need to Know
Extreme Information - 8 Charts That Tell You Everything You Need to KnowExtreme Information - 8 Charts That Tell You Everything You Need to Know
Extreme Information - 8 Charts That Tell You Everything You Need to Know
 
Engineering Authority
Engineering AuthorityEngineering Authority
Engineering Authority
 
Newrulesforlivinginadigitalage 101101063746-phpapp01
Newrulesforlivinginadigitalage 101101063746-phpapp01Newrulesforlivinginadigitalage 101101063746-phpapp01
Newrulesforlivinginadigitalage 101101063746-phpapp01
 
Who and how am I online
Who and how am I onlineWho and how am I online
Who and how am I online
 
Cookies and Data Protection - a Practitioner's perspective
Cookies and Data Protection - a Practitioner's perspectiveCookies and Data Protection - a Practitioner's perspective
Cookies and Data Protection - a Practitioner's perspective
 
MindingTheCloud_NPR_Sum2014-no cover
MindingTheCloud_NPR_Sum2014-no coverMindingTheCloud_NPR_Sum2014-no cover
MindingTheCloud_NPR_Sum2014-no cover
 
Trust Factory Slides (2015)
Trust Factory Slides (2015)Trust Factory Slides (2015)
Trust Factory Slides (2015)
 
Feb 2020 - Senate Submission Financial Technology and Regulatory Technology
Feb 2020 - Senate Submission Financial Technology and Regulatory TechnologyFeb 2020 - Senate Submission Financial Technology and Regulatory Technology
Feb 2020 - Senate Submission Financial Technology and Regulatory Technology
 
SSI Meetup – interpersonal data, identity and collective minds
SSI Meetup – interpersonal data, identity and collective mindsSSI Meetup – interpersonal data, identity and collective minds
SSI Meetup – interpersonal data, identity and collective minds
 
Personal identity Management
Personal identity ManagementPersonal identity Management
Personal identity Management
 

Destacado

Security & Privacy of Information Technology
Security & Privacy of Information TechnologySecurity & Privacy of Information Technology
Security & Privacy of Information TechnologyAshish Mathew
 
Privacy in the Information Age [Q3 2015 version]
Privacy in the Information Age [Q3 2015 version]Privacy in the Information Age [Q3 2015 version]
Privacy in the Information Age [Q3 2015 version]Jordan Peacock
 
Privacy , Security and Ethics Presentation
Privacy , Security and Ethics PresentationPrivacy , Security and Ethics Presentation
Privacy , Security and Ethics PresentationHajarul Cikyen
 

Destacado (6)

Security & Privacy of Information Technology
Security & Privacy of Information TechnologySecurity & Privacy of Information Technology
Security & Privacy of Information Technology
 
Privacy, Emerging Technology, and Information Professionals
Privacy, Emerging Technology, and Information ProfessionalsPrivacy, Emerging Technology, and Information Professionals
Privacy, Emerging Technology, and Information Professionals
 
Information Privacy
Information PrivacyInformation Privacy
Information Privacy
 
Information privacy
Information privacyInformation privacy
Information privacy
 
Privacy in the Information Age [Q3 2015 version]
Privacy in the Information Age [Q3 2015 version]Privacy in the Information Age [Q3 2015 version]
Privacy in the Information Age [Q3 2015 version]
 
Privacy , Security and Ethics Presentation
Privacy , Security and Ethics PresentationPrivacy , Security and Ethics Presentation
Privacy , Security and Ethics Presentation
 

Similar a ICO Data Protection Officer Conference Privacy Technology Outlook

Piecing Together Your Personal Privacy Profile (CPV 2021)
Piecing Together Your Personal Privacy Profile (CPV 2021)Piecing Together Your Personal Privacy Profile (CPV 2021)
Piecing Together Your Personal Privacy Profile (CPV 2021)Margaret Fero
 
Business considerations for privacy and open data: how not to get caught out
Business considerations for privacy and open data: how not to get caught outBusiness considerations for privacy and open data: how not to get caught out
Business considerations for privacy and open data: how not to get caught outtheODI
 
Digital Privacy Revisited
Digital Privacy RevisitedDigital Privacy Revisited
Digital Privacy RevisitedFing
 
How fluently do you speak data
How fluently do you speak dataHow fluently do you speak data
How fluently do you speak dataMary Aviles
 
Itri icl 0116_distribute
Itri icl 0116_distributeItri icl 0116_distribute
Itri icl 0116_distributeFuming Shih
 
01 Introduction atala prism.pdf
01 Introduction atala prism.pdf01 Introduction atala prism.pdf
01 Introduction atala prism.pdfDuongNguyenNgoc10
 
Module 5 - Legislation - Online
Module 5 - Legislation - OnlineModule 5 - Legislation - Online
Module 5 - Legislation - Onlinecaniceconsulting
 
Employee Monitoring DiscussionKindly discuss in 100 words wh
Employee Monitoring DiscussionKindly discuss in 100 words whEmployee Monitoring DiscussionKindly discuss in 100 words wh
Employee Monitoring DiscussionKindly discuss in 100 words whTanaMaeskm
 
Joanna Drake, Global SVP, Technology Services Group - Wood Mackenzie
Joanna Drake, Global SVP, Technology Services Group - Wood MackenzieJoanna Drake, Global SVP, Technology Services Group - Wood Mackenzie
Joanna Drake, Global SVP, Technology Services Group - Wood MackenzieGlobal Business Intelligence
 
Big Data Ethics Cjbe july 2021
Big Data Ethics Cjbe july 2021Big Data Ethics Cjbe july 2021
Big Data Ethics Cjbe july 2021andygustafson
 
Lecture 2 Social Web 2017 (Guest Lecture By Dr. Giulia Ranzini)
Lecture 2 Social Web 2017 (Guest Lecture By Dr. Giulia Ranzini)Lecture 2 Social Web 2017 (Guest Lecture By Dr. Giulia Ranzini)
Lecture 2 Social Web 2017 (Guest Lecture By Dr. Giulia Ranzini)Davide Ceolin
 
Epistemic Responsibility in the IT Society
Epistemic Responsibility in the IT SocietyEpistemic Responsibility in the IT Society
Epistemic Responsibility in the IT SocietyPeerEvaluation
 
The other world of it
The other world of itThe other world of it
The other world of itFing
 
IAC21: Shedding Light on Dark Patterns.pdf
IAC21: Shedding Light on Dark Patterns.pdfIAC21: Shedding Light on Dark Patterns.pdf
IAC21: Shedding Light on Dark Patterns.pdfNoreen Whysel
 
Privacy and data protection primer - City of Portland
Privacy and data protection primer - City of PortlandPrivacy and data protection primer - City of Portland
Privacy and data protection primer - City of PortlandHector Dominguez
 
The future of digital identity 2019 future agenda
The future of digital identity 2019 future agendaThe future of digital identity 2019 future agenda
The future of digital identity 2019 future agendaFuture Agenda
 

Similar a ICO Data Protection Officer Conference Privacy Technology Outlook (20)

Piecing Together Your Personal Privacy Profile (CPV 2021)
Piecing Together Your Personal Privacy Profile (CPV 2021)Piecing Together Your Personal Privacy Profile (CPV 2021)
Piecing Together Your Personal Privacy Profile (CPV 2021)
 
Business considerations for privacy and open data: how not to get caught out
Business considerations for privacy and open data: how not to get caught outBusiness considerations for privacy and open data: how not to get caught out
Business considerations for privacy and open data: how not to get caught out
 
Digital Privacy Revisited
Digital Privacy RevisitedDigital Privacy Revisited
Digital Privacy Revisited
 
How fluently do you speak data
How fluently do you speak dataHow fluently do you speak data
How fluently do you speak data
 
Algorithms and Fundamental Rights - Jeroen van den Hoven
Algorithms and Fundamental Rights - Jeroen van den HovenAlgorithms and Fundamental Rights - Jeroen van den Hoven
Algorithms and Fundamental Rights - Jeroen van den Hoven
 
Itri icl 0116_distribute
Itri icl 0116_distributeItri icl 0116_distribute
Itri icl 0116_distribute
 
01 Introduction atala prism.pdf
01 Introduction atala prism.pdf01 Introduction atala prism.pdf
01 Introduction atala prism.pdf
 
Module 5 - Legislation - Online
Module 5 - Legislation - OnlineModule 5 - Legislation - Online
Module 5 - Legislation - Online
 
Employee Monitoring DiscussionKindly discuss in 100 words wh
Employee Monitoring DiscussionKindly discuss in 100 words whEmployee Monitoring DiscussionKindly discuss in 100 words wh
Employee Monitoring DiscussionKindly discuss in 100 words wh
 
Hope x talk
Hope x talkHope x talk
Hope x talk
 
Joanna Drake, Global SVP, Technology Services Group - Wood Mackenzie
Joanna Drake, Global SVP, Technology Services Group - Wood MackenzieJoanna Drake, Global SVP, Technology Services Group - Wood Mackenzie
Joanna Drake, Global SVP, Technology Services Group - Wood Mackenzie
 
Out of Control? Managing our digital reputations
Out of Control? Managing our digital reputationsOut of Control? Managing our digital reputations
Out of Control? Managing our digital reputations
 
Ethics and Data
Ethics and DataEthics and Data
Ethics and Data
 
Big Data Ethics Cjbe july 2021
Big Data Ethics Cjbe july 2021Big Data Ethics Cjbe july 2021
Big Data Ethics Cjbe july 2021
 
Lecture 2 Social Web 2017 (Guest Lecture By Dr. Giulia Ranzini)
Lecture 2 Social Web 2017 (Guest Lecture By Dr. Giulia Ranzini)Lecture 2 Social Web 2017 (Guest Lecture By Dr. Giulia Ranzini)
Lecture 2 Social Web 2017 (Guest Lecture By Dr. Giulia Ranzini)
 
Epistemic Responsibility in the IT Society
Epistemic Responsibility in the IT SocietyEpistemic Responsibility in the IT Society
Epistemic Responsibility in the IT Society
 
The other world of it
The other world of itThe other world of it
The other world of it
 
IAC21: Shedding Light on Dark Patterns.pdf
IAC21: Shedding Light on Dark Patterns.pdfIAC21: Shedding Light on Dark Patterns.pdf
IAC21: Shedding Light on Dark Patterns.pdf
 
Privacy and data protection primer - City of Portland
Privacy and data protection primer - City of PortlandPrivacy and data protection primer - City of Portland
Privacy and data protection primer - City of Portland
 
The future of digital identity 2019 future agenda
The future of digital identity 2019 future agendaThe future of digital identity 2019 future agenda
The future of digital identity 2019 future agenda
 

Último

The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024TopCSSGallery
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesManik S Magar
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesBernd Ruecker
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 

Último (20)

The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architectures
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 

ICO Data Protection Officer Conference Privacy Technology Outlook

  • 1. ICO Data Protection Officer Conference March 2010 Salford A Privacy and Technology Outlook Robin Wilton Director, Future Identity Ltd Director of Privacy and Public Policy, Kantara Initiative Future identity
  • 2. Do any of these strike a chord? “You have zero privacy anyway. “If you have something that you Get over it” (45) don't want anyone to know, maybe you shouldn't be doing it “Privacy in the first place” (56) is no longer a social norm” (25) “People forgive and forget; computers can't do either” [Voiceover: It will be a strange day indeed when the definitive arbiter of social privacy norms is a single white 25-year-old male billionaire college drop-out...] Future identity
  • 3. “Ladders, Onions, and Surfing Naked...” Topics for this session: ● How are identity and privacy related? ● What is privacy anyway, and why is it important? ● Is privacy just a matter of protecting PII? ● What future challenges does online privacy present? This presentation draws on the input of many people, including: ● The Liberty Alliance Privacy Summit participants ● Bob Blakley and Ian Glazer of Burton Group ● Dr Mireille Hildebrandt, Vrije Universiteit Brussel My sincere thanks to all of them Future identity
  • 4. How are identity and privacy related? (The 'Onion' Model) ● The BIS (Basic Identifier Set) is what usually suffices to provide 'proof of uniqueness' ● Credentials usually encapsulate data from multiple 'rings' of the onion ● One 'good practice' approach is for B.I.S credentials to 'gravitate' towards the centre – i.e. not be overloaded with “Other PII” attribute data, but provide: ● the means to link to it; Attributes ● proof of uniqueness. Credentials are not privacy-neutral ● e.g. Using a driver's license to prove your age reveals more than your age; ● By their nature, credentials tend to make transactions 'linkable'; ● Privacy-enhancing systems will (must) be better at attribute-level disclosures, or better still, “Yes/No” answers to attribute-level questions. (cf. Dave Birch's paper on the "Psychic ID" metaphor) http://www.springerlink.com/content/hk1p8r133867x402/fulltext.pdf Future identity
  • 5. Slicing the Onion ● A 'segment' of the onion may correspond to sector-specific data (healthcare, tax, employment...). ● Some sectors are 'informal' – such as the separation between your Flickr and B.I.S MySpace accounts. ● Others, you might prefer to keep strictly “Other PII” separate – such as online banking. Attributes ● One way to look at privacy is as the preservation of “contextual integrity” between sectoral data sets (Helen Nissenbaum, via Piotr Cofta of BT) We become uneasy if our personal data shows up 'out of context'... Future identity
  • 6. What risks does this model suggest? ● Privacy is not a 'state': it's a relationship, often involving multiple parties. And like any relationship: ● Privacy brings interests and motivations into conflict: ● What we tell different people often depends on context; ● There are rules – mostly implicit: ● When third parties exchange data about you, is that co-operation or collusion? B.I.S ● Like any relationship, without maintenance and management it may go awry. “Other PII” Attributes Intuitively we know all these things, because humans are social animals... and yet ... Future identity
  • 7. Beyond the Onion: the DAO of privacy... Increasingly, third parties interact with you based on data at the edge of the Onion and beyond... D.A.O. − Data About You: with enough of your attributes, and/or linkability, you can be identified even if you're not asked for credentials; D.A.P.L.Y. − Data About People Like You: if you can be categorised, third parties will apply inferences from D.A.Y. other 'group' characteristics; − Data About Others: mass data mining makes third party intervention viable without you disclosing any PII. “You don't have to be in the statistics to be affected by the statistics” (Jason Pridmore) Future identity
  • 8. Flawed Perceptions ● The online world neither works nor behaves like the real world; despite occasional appearances to the contrary... ● The online world often presents us with metaphors, but not ones which would help us overcome these differences. ● We therefore frequently – and willingly - base our behaviour on a flawed perception of risks and the reality which gives rise to them. In other words, we could be surfing naked and not even know it. Brrr. Future identity
  • 9. Getting the Privacy 'Big Picture' ● “Privacy management” implies being aware of relationships and contexts, and acting accordingly; ● It means taking diverse, legitimate stakeholder perspectives into account; ● It needs a new set of metaphors, which help build a privacy- enhancing culture: 'protocol rules' are not the same as 'social rules'; ● It will involve privacy-enhancing technologies, but those are doomed without a privacy-enhancing ecosystem of governance, adoption and behaviours which, largely, remain to be developed; ● So: what are some of the challenges, if online privacy is to have a future? Privacy is not about secrecy: it's about disclosure... but disclosure with consent and control appropriate to the context. Future identity
  • 10. Challenges Managing meta-data: − Implied by most governance regimes - strongly indicated for good practice; − Sticky policy: preserving privacy preferences “beyond first disclosure” − Managing revocation as well as disclosure. Finding workable metaphors for online privacy concepts: − Personas, contextual integrity; − Informed consent in social networks. Managing attribute-level assertions:  If credentials are “minimalist”, attribute management becomes critical;  “Yes/No” answers need to be built in from early on;  How to address the “DAO” problem:  “You don't have to be in the statistics to be affected by the statistics” (Pridmore). Future identity
  • 11. Practical next steps Talk to the stakeholders, and reflect their perspectives and their needs in the 'ecosystem': There are tried and tested models for productive multi- stakeholder conversations. Several relevant projects taking principles to practicalities: PrimeLife (EU): whole-life privacy/identity management; VOME and EnCoRe (UK): privacy perception, consent, revocation; The Kantara Initiative (w/w) has work-groups on: ● User-managed access to personal data ● Information-sharing and user preferences ● Privacy and public policy ● Identity assurance ... and would welcome your projects and participation http://kantarainitiative.org Future identity
  • 12. ICO Data Protection Officer Conference March 2010 Salford Thank you... ... any questions? Robin Wilton Director, Future Identity Ltd Director of Privacy and Public Policy, Kantara Initiative mail@futureidentity.eu +44 (0)705 005 2931 http://futureidentity.eu http://futureidentity.blogspot.com Future identity