Privacy and online data storage
Upcoming SlideShare
Loading in...5

Like this? Share it with your network


Privacy and online data storage






Total Views
Views on SlideShare
Embed Views



0 Embeds 0

No embeds



Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

Privacy and online data storage Presentation Transcript

  • 1. Privacy and online data storage Dr Ian Brown, UCL
  • 2. Introduction
    • 1st and 2nd generation online services
    • Encrypted storage
    • Key opportunity for DP commissioners
  • 3. Personalised web sites
    • Gather information on user’s preferences, interests, purchases…
    • Use previous search terms to customise results
    • User normally has choice to remain anonymous
  • 4. IP addresses are personal data
    • Buried in a list of 20 million Web searches collected by AOL and recently released on the Internet is user No. 4417749. The number was assigned by the company to protect the searcher's anonymity, but it was not much of a shield.
    • N o.4417749 conducted hundreds of searches over a three-month period on topics ranging from "numb fingers" to "60 single men" to "dog that urinates on everything”.
    • S earch by search, click by click, the identity of AOL user No.4417749 became easier to discern. There are queries for several people with the last name Arnold, for "landscapers in Lilburn," Georgia, and for "homes sold in shadow lake subdivision gwinnett county georgia”.
    • I t did not take much investigating to follow that data trail to Thelma Arnold, a 62-year-old widow who lives in Lilburn, frequently researches her friends' medical ailments and loves her three dogs. "Those are my searches," she said, after a reporter read part of the list to her over the phone
  • 5. Network-centric services
    • Store user data (e-mail, documents, contacts) on servers, where they are directly edited
    • Data can be mined, hacked, blagged and accessed by govt
  • 6. Insider fraud Source: “What price privacy?”, Information Commissioner, May 2006
  • 7. Networked data could be encrypted
    • And hence be inaccessible to those storing the data (and their friends)
    • Would require non-trivial changes to network apps and browsers
    • Trusted computing not trustworthy enough
  • 8. Directive on privacy and electronic communications (2002/58/EC)
    • Recital 9: “The Member States, providers and users concerned, together with the competent Community bodies, should cooperate in introducing and developing the relevant technologies where this is necessary to apply the guarantees provided for by this Directive and taking particular account of the objectives of minimising the processing of personal data and of using anonymous or pseudonymous data where possible.”
  • 9. Key opportunity for DP authorities
    • Require that network-centric applications live up to same minimisation standards as personalised websites
    • This will be much harder to do once network apps become mainstream