The document discusses frameworks for managing privacy in complex information and communication technology ecosystems like smart cities. It presents standards like ISO/IEC 30145-1 and ISO/IEC 27570 which provide frameworks for smart city business processes and privacy guidelines. It also discusses viewpoints for data sharing agreements between organizations in different ecosystems. A panel discussion addresses questions around what kind of framework is needed to address data protection issues in ecosystems, what kinds of collaboration is required between stakeholders, and how to develop a roadmap and community around privacy engineering.
1. Methods and Tools for GDPR Compliance through
Privacy and Data
Protection 4 Engineering
Granular or Holistic Approach?
Enforcing Privacy Rights in
Complex ICT Ecosystems
Antonio Kung, Trialog
25 rue du Général Foy 75008 Paris, antonio.kung@trialog.com
25 January 2021 - CPDP 2021 https://www.pdp4e-project.eu/ Slide 1
2. Smart Cities Manage Privacy in
Ecosystems
❑ISO/IEC 30145-1
❑Smart city ICT reference framework – Part 1: Smart city
business process framework
25 January 2021 - CPDP 2021 https://www.pdp4e-project.eu/ Slide 2
Governance processes
Core processes
Supporting processes
Enterprise & Process Legal & Regulations
Integrated portfolio
management
Open innovation Knowledge management Integrated management
City
Enterprise
processes
Health &
Social Care &
Wellness
Education
Legal &
Regulatory
Systems &
Services
Open
Innovation
Transport Resources
Sustainability
&
Environment
Safety,
Security &
Resilience
External
interfaces
Leadership Stakeholder engagement Integrated management
Sustainability & resilience
management
External interface management
Infrastructure
& Building
3. Smart Cities Manage Privacy in Ecosystems
ISO/IEC 27570 – Privacy guidelines for smart cities
25 January 2021 - CPDP 2021 https://www.pdp4e-project.eu/ Slide 3
Data Controller
Data processor
Comply Privacy
Obligations
Integrator
Contract (s)
Supplier
PIA and PbD
Purpose known
Requirements
Purpose unknown
Apply
Apply
Municipality
stakeholder
PIA (s)
Citizen
Give consent
Agree
Request (s)
Agreement (s)
For data
exchange
4. A Data Sharing Agreement Viewpoint
(ISO/IEC 23751)
❑Example
❑Five organisations
❑Granular?
❑ Holistic?
❑Two ecosystems
25 January 2021 - CPDP 2021 https://www.pdp4e-project.eu/ Slide 4
Ecosystem A
Ecosystem B
Broker
3
Data
collector
1
Data
collector
4
Cloud
operator
2
Cloud
operator
5
Data sharing
agreements
5. SoS Emerging
capability
SoS Input SoS output
A system of system viewpoint
❑ISO/IEC/IEEE 21839, 21840, 21841
25 January 2021 - CPDP 2021 https://www.pdp4e-project.eu/ Slide 5
Organisation A
System X
capability
input output
Organisation B
System Y
capability
input output
Risk
Risk
Risk
7. Question 1 on framework
❑What kind of framework is needed?
❑Can it help address data protection issues raised by ecosystems?
❑Can it help create an ecosystem practice?
▪ for instance in a data space?
25 January 2021 - CPDP 2021 https://www.pdp4e-project.eu/ Slide 7
8. Question 2 on collaboration needs
❑What kind of collaboration is needed?
❑Are there specific collaboration needs between stakeholders in the
ecosystem, concerning
▪ Risk management
▪ Architecture and engineering practice
▪ Contractual agreements
25 January 2021 - CPDP 2021 https://www.pdp4e-project.eu/ Slide 8
9. Question 3 on the way forward
❑How can this work?
❑Do we need a roadmap?
❑Can we have a community?
25 January 2021 - CPDP 2021 https://www.pdp4e-project.eu/ Slide 9
Community
Models for application
privacy protection
Health
Social
network
e-Commerce Fintech IoT …
Models for privacy
engineering
Risk
management
Requirement
engineering
Privacy-by-
design
Privacy
assurance
…