Scribd
Upload
65 views10 pages

Privacy-Data Protection Enforcement

The document describes the PRECIOSA project, which aimed to ensure cooperative systems meet privacy regulations by demonstrating suitable privacy protection technologies. The project took a system-oriented approach to privacy by design, focusing on enforcing privacy policies within a "privacy perimeter" using four key elements: data, policy, a mandatory privacy control, and a policy perimeter protection. It discussed how this concept of PRECIOSA differs from traditional privacy-enhancing technologies and shifts enforcement from organizational to technical measures.

Uploaded by

Jeremie
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
65 views10 pages

Privacy-Data Protection Enforcement

The document describes the PRECIOSA project, which aimed to ensure cooperative systems meet privacy regulations by demonstrating suitable privacy protection technologies. The project took a system-oriented approach to privacy by design, focusing on enforcing privacy policies within a "privacy perimeter" using four key elements: data, policy, a mandatory privacy control, and a policy perimeter protection. It discussed how this concept of PRECIOSA differs from traditional privacy-enhancing technologies and shifts enforcement from organizational to technical measures.

Uploaded by

Jeremie
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

Contribution to Privacy

Antonio Kung
Trialog

3 December 2009 Joint eSecurity - Article 29WG Slide 1


PRECIOSA
 PRivacy Enabled Capability In co-Operative
systems and Safety Applications
 FP7 STREP Project
 1/3/2008-31/8/2010
 [Link]

3 December 2009 Joint eSecurity - Article 29WG Slide 2


Goal and Objectives
 Goal
 Ensure that co-operative systems meet (future)
privacy regulations
 Demonstrate an example application with suitable
technology for privacy protection
 Objectives
 approach for privacy by design
 privacy verifiability
 privacy aware architecture
 guidelines for privacy by design
 specific research challenges

3 December 2009 Joint eSecurity - Article 29WG Slide 3


Technical Concept
 Privacy Perimeter
 Examples

Control Vehicle
centre Box

Control Vehicle
centre Box

3 December 2009 Joint eSecurity - Article 29WG Slide 4


Technical Concept
 Enforce privacy policy within perimeter
 Four elements
 Data
 Policy (allowed operations)
 Mandatory Privacy Control (enforces policy)
 Policy Perimeter Protection (ensures integrity)
Describes allowed
Protects policy Only allows operations on data
perimeter policy compliant
integrity operations on data

PPP MPC Policy Data

3 December 2009 Joint eSecurity - Article 29WG Slide 5


PRECIOSA Concept vs PETs
 PETS are often described as a list of
technologies:
 Encryption
 Anonymisation and pseudonymisation
 Securely management of logins
 …
 PRECIOSA Viewpoint
 System oriented new PET category
 Policy Enforcement PET

3 December 2009 Joint eSecurity - Article 29WG Slide 6


PRECIOSA Shift
 From organisational enforcement
Data controller

Sphere of Measures Organizational


responsibility
Policy Enforcement

 To technical enforcement
Data controller

Sphere of Measures Technical


responsibility
Policy Enforcement

3 December 2009 Joint eSecurity - Article 29WG Slide 7


Technologies (PETs)
 Storage Secure
access through Application
Metadata Query-based API
 Data and meta data
MPC (Mandatory Privacy Control)
bound together
securely Data+Metadata manipulation
 MPC verifies policy Secure Secure
stored in meta data Local Communi-
Storage cation
 Access through a
query-based API

3 December 2009 Joint eSecurity - Article 29WG Slide 8


Technologies (PETs)
 Communication
 Pseudonymisation Application
(from Sevecom)
Query-based API
 Trusted computing for
remote attestation MPC (Mandatory Privacy Control)

Data+Metadata manipulation
Secure Secure
Local Communi-
Storage cation

3 December 2009 Joint eSecurity - Article 29WG Slide 9


Conclusion
 PRECIOSA promotes
 Privacy by design
 Privacy preservation (vs privacy enhancement)
 PRECIOSA PET
 Policy enforcement PET
 Notion of distributed perimeter could lead to notion
of logical minimisation
 E.g. Lots of data collected, but very limited access

3 December 2009 Joint eSecurity - Article 29WG Slide 10

You might also like