SlideShare a Scribd company logo

apidays LIVE Paris 2021 - Privacy in SDKs by Romain Robert, NOYB

apidays
apidays

apidays LIVE Paris 2021 - APIs and the Future of Software December 7, 8 & 9, 2021 Privacy in SDKs Romain Robert, Senior Lawyer and Program Director at NOYB

Technology
1 of 15
Download to read offline
@NOYBeu www.noyb.eu SDK AND DATA PROTECTIONS: WHAT SHOULD WE CARE ? APIDays - 9 December 2021 Romain ROBERT Program Director – None of Your Business
@NOYBeu www.noyb.eu PRESENTATION OF NOYB noyb? = None Of Your Business European Center for DigitalRights • Not-for-profit organisation • Independent • Createdby Max Schrems • Founded in May 2017 • Based in Vienna • 17 people, including 9 data protection lawyers from several jurisdictions • About 4500 supporting members at the moment who contribute around 400 000 € per year • Additional funding comes from institutional members and project funding by public and privateinstitutions (eg EFF). We also receive single donations and sponsorships on a non-regular basis
@NOYBeu www.noyb.eu PRESENTATION OF NOYB • fills a structural gap in private sector privacy enforcement • cooperate with existing NGOs and groups in the fields of privacy, IT security and consumer protection • support businesses that seek to comply with the law • not directly involved in issues of government surveillance • raises public awareness • provides legal assistance to members
@NOYBeu www.noyb.eu ORGANISATIONS AND THE GDPR Article 80.1 GDPR explained Who can act ? • not-for-profit body, organisation or association • properly constituted in accordance with the law of a Member State • statutory objectives which are in the public interest • active in the field of the protection of data subjects' rights and freedoms What can they do ? • to lodge the complaint on his or her behalf • to exercise the rights referred to in Articles 77, 78 and 79 on his or her behalf, • to exercise the right to receive compensation referred to in Article 82 on his or her behalf where provided for by Member State law.
@NOYBeu www.noyb.eu SDK AND GDPR/EPRIVACY WHAT ? - GDPR applies to all personal data - Personal data: all data that can link to a person - Includes: location, IDFA or Google ID, cookies, pictures, Phone number, …. - A lot of data sent by SDKs
@NOYBeu www.noyb.eu SDK AND GDPR/EPRIVACY WHAT ? - Eprivacy Directive (article 5.3) - use of electronic communications networks to store information or to gain access to information stored in the terminal equipment of a subscriber or user applies to all personal data only if - Consent - sole purpose of carrying out or facilitating the transmission of a communication over an electronic communications network, or as strictly necessary in order to provide an information society service explicitly requested by the subscriber or user.
@NOYBeu www.noyb.eu SDK AND GDPR/EPRIVACY WHO ? - Controller: the entity that determines the means and purposes - Can be the App developper and/or the SDK provider - Both can be « joint controllers » - An agreement needs to be signed - See Grindr decision from the NO DPA - The processor is the organisation/company that process the data on behalf of the controller
@NOYBeu www.noyb.eu SDK AND GDPR/EPRIVACY HOW ? Transparency - Information about: - Which data - For what (purpose) - Examples of formulationsthat are not specific enough are improving user experience (Vinted)and securing the service (Kolibrie). - Who are the recipients ? (see NO DP decision) - List of recipients - Importantto enforce the rights
@NOYBeu www.noyb.eu SDK AND GDPR/EPRIVACY HOW ? Consent - Must be - Specific: purpose and not general (per provider, perrecipient) - Free: not tied to the service - Unambiguous: what is this exactly about - Informed • Possibility to withdraw consent
@NOYBeu www.noyb.eu SDK AND GDPR/EPRIVACY HOW ? Sensitive data data about political views, sexual orientation, religion and ethnic background Ex: the Q’ran app
@NOYBeu www.noyb.eu SDK AND GDPR/EPRIVACY HOW ? Data protection by default - All settings must be by default set for the most data protection friendly configuration - The App provider, bu also the OS provider and the market place (see Apple IDFA in Pain) Data protection by design - Data protection should be embedded in the design
@NOYBeu www.noyb.eu SDK AND GDPR/EPRIVACY HOW ? Data minimisation • Only the data necessary for the purpose • Not more • Only to the extent necessary
@NOYBeu www.noyb.eu SDK AND GDPR/EPRIVACY HOW ? Transfer out of the EU As a principe not allowed Need to rely on adequacy (US, Schrmes I, Schrems II) Or Standard Contractual clauses
@NOYBeu www.noyb.eu SDK AND GDPR/EPRIVACY Action ? Collective redress in courts Complaints Cookies campagin: noyb intends to file 10 000 complaints SDK may be next
@NOYBeu www.noyb.eu SDK AND GDPR/EPRIVACY Tools/resources Exodus privacy https://exodus-privacy.eu.org/en/ Norvegian council: « Out of control » report https://www.forbrukerradet.no/out-of-control/ Thank you ! Support us on www.noyb.eu

Recommended

Teaching Session with Robin Joffe 1/2
Teaching Session with Robin Joffe 1/2Teaching Session with Robin Joffe 1/2
Teaching Session with Robin Joffe 1/2
SparkLabs
 
IoT Analytics Company Presentation
IoT Analytics Company Presentation IoT Analytics Company Presentation
IoT Analytics Company Presentation
IoTAnalytics
 
Industrial internet big data usa market study
Industrial internet big data usa market studyIndustrial internet big data usa market study
Industrial internet big data usa market study
Sari Ojala
 
Indonesia Digital Transformation Outlook Briefing 2016
Indonesia Digital Transformation Outlook Briefing 2016Indonesia Digital Transformation Outlook Briefing 2016
Indonesia Digital Transformation Outlook Briefing 2016
Mastel Indonesia
 
state-of-the-internet-of-things-market-report-2016
state-of-the-internet-of-things-market-report-2016state-of-the-internet-of-things-market-report-2016
state-of-the-internet-of-things-market-report-2016
Martin Marshall
 
The Financial Impact of BYOD
The Financial Impact of BYODThe Financial Impact of BYOD
The Financial Impact of BYOD
Cisco Services
 
Technological Trends Ready to Revolutionize in 2022!
Technological Trends Ready to Revolutionize in 2022! Technological Trends Ready to Revolutionize in 2022!
Technological Trends Ready to Revolutionize in 2022!
Inexture Solutions
 
How to fix the Governance Model for the Public Sector (Government)
How to fix the Governance Model for the Public Sector (Government)How to fix the Governance Model for the Public Sector (Government)
How to fix the Governance Model for the Public Sector (Government)
paul young cpa, cga
 

Recommended

Teaching Session with Robin Joffe 1/2
Teaching Session with Robin Joffe 1/2Teaching Session with Robin Joffe 1/2
Teaching Session with Robin Joffe 1/2
SparkLabs
 
IoT Analytics Company Presentation
IoT Analytics Company Presentation IoT Analytics Company Presentation
IoT Analytics Company Presentation
IoTAnalytics
 
Industrial internet big data usa market study
Industrial internet big data usa market studyIndustrial internet big data usa market study
Industrial internet big data usa market study
Sari Ojala
 
Indonesia Digital Transformation Outlook Briefing 2016
Indonesia Digital Transformation Outlook Briefing 2016Indonesia Digital Transformation Outlook Briefing 2016
Indonesia Digital Transformation Outlook Briefing 2016
Mastel Indonesia
 
state-of-the-internet-of-things-market-report-2016
state-of-the-internet-of-things-market-report-2016state-of-the-internet-of-things-market-report-2016
state-of-the-internet-of-things-market-report-2016
Martin Marshall
 
The Financial Impact of BYOD
The Financial Impact of BYODThe Financial Impact of BYOD
The Financial Impact of BYOD
Cisco Services
 
Technological Trends Ready to Revolutionize in 2022!
Technological Trends Ready to Revolutionize in 2022! Technological Trends Ready to Revolutionize in 2022!
Technological Trends Ready to Revolutionize in 2022!
Inexture Solutions
 
How to fix the Governance Model for the Public Sector (Government)
How to fix the Governance Model for the Public Sector (Government)How to fix the Governance Model for the Public Sector (Government)
How to fix the Governance Model for the Public Sector (Government)
paul young cpa, cga
 
IoT digital disruption and new IoT business models
IoT digital disruption and new IoT business modelsIoT digital disruption and new IoT business models
IoT digital disruption and new IoT business models
IoTAnalytics
 
Ten Technology Trends that Will Shape the Next-Generation Internet
Ten Technology Trends that Will Shape the Next-Generation InternetTen Technology Trends that Will Shape the Next-Generation Internet
Ten Technology Trends that Will Shape the Next-Generation Internet
Cisco Services
 
Internet of Things
Internet of ThingsInternet of Things
Internet of Things
moldovaictsummit2016
 
Marsden CELPU 2021 platform law co-regulation
Marsden CELPU 2021 platform law co-regulationMarsden CELPU 2021 platform law co-regulation
Marsden CELPU 2021 platform law co-regulation
Chris Marsden
 
apidays Paris 2019 - MyData for a fair, sustainable, and prosperous society b...
apidays Paris 2019 - MyData for a fair, sustainable, and prosperous society b...apidays Paris 2019 - MyData for a fair, sustainable, and prosperous society b...
apidays Paris 2019 - MyData for a fair, sustainable, and prosperous society b...
apidays
 
Internet of Things Ecosystem
Internet of Things Ecosystem Internet of Things Ecosystem
Internet of Things Ecosystem
CompTIA
 
Product tracking and tracing with Blockchain and Internet of Things
Product tracking and tracing with Blockchain and Internet of ThingsProduct tracking and tracing with Blockchain and Internet of Things
Product tracking and tracing with Blockchain and Internet of Things
Murali Venkatesh
 
Disruptive Technologies – A 2021 Update
Disruptive Technologies – A 2021 UpdateDisruptive Technologies – A 2021 Update
Disruptive Technologies – A 2021 Update
CTRM Center
 
Sizing up the Internet of Things
Sizing up the Internet of ThingsSizing up the Internet of Things
Sizing up the Internet of Things
CompTIA
 
Finpro report market study nigeria
Finpro report market study nigeriaFinpro report market study nigeria
Finpro report market study nigeria
Business Finland
 
The Digital Telecom. Internet of Things
The Digital Telecom. Internet of ThingsThe Digital Telecom. Internet of Things
The Digital Telecom. Internet of Things
Parviz Iskhakov, PhD
 
Selling the Internet of Things: Why are Retail Solutions a Challenge?
Selling the Internet of Things: Why are Retail Solutions a Challenge?Selling the Internet of Things: Why are Retail Solutions a Challenge?
Selling the Internet of Things: Why are Retail Solutions a Challenge?
MarketSource
 
Go-to-market services for IoT
Go-to-market services for IoTGo-to-market services for IoT
Go-to-market services for IoT
IoTAnalytics
 
Current state of industrial IoT / Industrie 4.0 markets - IoT Tech Expo
Current state of industrial IoT / Industrie 4.0 markets - IoT Tech ExpoCurrent state of industrial IoT / Industrie 4.0 markets - IoT Tech Expo
Current state of industrial IoT / Industrie 4.0 markets - IoT Tech Expo
IoTAnalytics
 
IoT Analytics Company Presentation
IoT Analytics Company Presentation IoT Analytics Company Presentation
IoT Analytics Company Presentation
IoTAnalytics
 
IoT Meetup Hamburg 3 February 2015 - Getting Hamburg set-up for the Internet ...
IoT Meetup Hamburg 3 February 2015 - Getting Hamburg set-up for the Internet ...IoT Meetup Hamburg 3 February 2015 - Getting Hamburg set-up for the Internet ...
IoT Meetup Hamburg 3 February 2015 - Getting Hamburg set-up for the Internet ...
Knud Lasse Lueth
 
Internet of Everything: Retail’s Future
Internet of Everything: Retail’s FutureInternet of Everything: Retail’s Future
Internet of Everything: Retail’s Future
Cisco Services
 
Smartphone Comparison
Smartphone ComparisonSmartphone Comparison
Smartphone Comparison
Scott Valentine, MBA, CSPO
 
Malaysia's Digital Economy: A New Driver of Development
Malaysia's Digital Economy: A New Driver of DevelopmentMalaysia's Digital Economy: A New Driver of Development
Malaysia's Digital Economy: A New Driver of Development
Ziaullah Mirza
 
IoT Analytics Company Presentation
IoT Analytics Company Presentation IoT Analytics Company Presentation
IoT Analytics Company Presentation
IoTAnalytics
 
Privacy Regulations and Your Digital Setup
Privacy Regulations and Your Digital SetupPrivacy Regulations and Your Digital Setup
Privacy Regulations and Your Digital Setup
Piwik PRO
 
TrustArc Webinar-Advertising, Privacy, and Data Management Working Together
TrustArc Webinar-Advertising, Privacy, and Data Management Working TogetherTrustArc Webinar-Advertising, Privacy, and Data Management Working Together
TrustArc Webinar-Advertising, Privacy, and Data Management Working Together
TrustArc
 

More Related Content

What's hot

Ten Technology Trends that Will Shape the Next-Generation Internet
Ten Technology Trends that Will Shape the Next-Generation InternetTen Technology Trends that Will Shape the Next-Generation Internet
Ten Technology Trends that Will Shape the Next-Generation Internet
Cisco Services
 
Disruptive Technologies – A 2021 Update
Disruptive Technologies – A 2021 UpdateDisruptive Technologies – A 2021 Update
Disruptive Technologies – A 2021 Update
CTRM Center
 
The Digital Telecom. Internet of Things
The Digital Telecom. Internet of ThingsThe Digital Telecom. Internet of Things
The Digital Telecom. Internet of Things
Parviz Iskhakov, PhD
 
Malaysia's Digital Economy: A New Driver of Development
Malaysia's Digital Economy: A New Driver of DevelopmentMalaysia's Digital Economy: A New Driver of Development
Malaysia's Digital Economy: A New Driver of Development
Ziaullah Mirza
 

What's hot (20)

IoT digital disruption and new IoT business models
IoT digital disruption and new IoT business modelsIoT digital disruption and new IoT business models
IoT digital disruption and new IoT business models
 
Ten Technology Trends that Will Shape the Next-Generation Internet
Ten Technology Trends that Will Shape the Next-Generation InternetTen Technology Trends that Will Shape the Next-Generation Internet
Ten Technology Trends that Will Shape the Next-Generation Internet
 
Internet of Things
Internet of ThingsInternet of Things
Internet of Things
 
Marsden CELPU 2021 platform law co-regulation
Marsden CELPU 2021 platform law co-regulationMarsden CELPU 2021 platform law co-regulation
Marsden CELPU 2021 platform law co-regulation
 
apidays Paris 2019 - MyData for a fair, sustainable, and prosperous society b...
apidays Paris 2019 - MyData for a fair, sustainable, and prosperous society b...apidays Paris 2019 - MyData for a fair, sustainable, and prosperous society b...
apidays Paris 2019 - MyData for a fair, sustainable, and prosperous society b...
 
Internet of Things Ecosystem
Internet of Things Ecosystem Internet of Things Ecosystem
Internet of Things Ecosystem
 
Product tracking and tracing with Blockchain and Internet of Things
Product tracking and tracing with Blockchain and Internet of ThingsProduct tracking and tracing with Blockchain and Internet of Things
Product tracking and tracing with Blockchain and Internet of Things
 
Disruptive Technologies – A 2021 Update
Disruptive Technologies – A 2021 UpdateDisruptive Technologies – A 2021 Update
Disruptive Technologies – A 2021 Update
 
Sizing up the Internet of Things
Sizing up the Internet of ThingsSizing up the Internet of Things
Sizing up the Internet of Things
 
Finpro report market study nigeria
Finpro report market study nigeriaFinpro report market study nigeria
Finpro report market study nigeria
 
The Digital Telecom. Internet of Things
The Digital Telecom. Internet of ThingsThe Digital Telecom. Internet of Things
The Digital Telecom. Internet of Things
 
Selling the Internet of Things: Why are Retail Solutions a Challenge?
Selling the Internet of Things: Why are Retail Solutions a Challenge?Selling the Internet of Things: Why are Retail Solutions a Challenge?
Selling the Internet of Things: Why are Retail Solutions a Challenge?
 
Go-to-market services for IoT
Go-to-market services for IoTGo-to-market services for IoT
Go-to-market services for IoT
 
Current state of industrial IoT / Industrie 4.0 markets - IoT Tech Expo
Current state of industrial IoT / Industrie 4.0 markets - IoT Tech ExpoCurrent state of industrial IoT / Industrie 4.0 markets - IoT Tech Expo
Current state of industrial IoT / Industrie 4.0 markets - IoT Tech Expo
 
IoT Analytics Company Presentation
IoT Analytics Company Presentation IoT Analytics Company Presentation
IoT Analytics Company Presentation
 
IoT Meetup Hamburg 3 February 2015 - Getting Hamburg set-up for the Internet ...
IoT Meetup Hamburg 3 February 2015 - Getting Hamburg set-up for the Internet ...IoT Meetup Hamburg 3 February 2015 - Getting Hamburg set-up for the Internet ...
IoT Meetup Hamburg 3 February 2015 - Getting Hamburg set-up for the Internet ...
 
Internet of Everything: Retail’s Future
Internet of Everything: Retail’s FutureInternet of Everything: Retail’s Future
Internet of Everything: Retail’s Future
 
Smartphone Comparison
Smartphone ComparisonSmartphone Comparison
Smartphone Comparison
 
Malaysia's Digital Economy: A New Driver of Development
Malaysia's Digital Economy: A New Driver of DevelopmentMalaysia's Digital Economy: A New Driver of Development
Malaysia's Digital Economy: A New Driver of Development
 
IoT Analytics Company Presentation
IoT Analytics Company Presentation IoT Analytics Company Presentation
IoT Analytics Company Presentation
 

Similar to apidays LIVE Paris 2021 - Privacy in SDKs by Romain Robert, NOYB

TrustArc Webinar-Advertising, Privacy, and Data Management Working Together
TrustArc Webinar-Advertising, Privacy, and Data Management Working TogetherTrustArc Webinar-Advertising, Privacy, and Data Management Working Together
TrustArc Webinar-Advertising, Privacy, and Data Management Working Together
TrustArc
 
Data Protection Scotland Summit 2019
Data Protection Scotland Summit 2019Data Protection Scotland Summit 2019
Data Protection Scotland Summit 2019
Ray Bugg
 

Similar to apidays LIVE Paris 2021 - Privacy in SDKs by Romain Robert, NOYB (20)

Privacy Regulations and Your Digital Setup
Privacy Regulations and Your Digital SetupPrivacy Regulations and Your Digital Setup
Privacy Regulations and Your Digital Setup
 
TrustArc Webinar-Advertising, Privacy, and Data Management Working Together
TrustArc Webinar-Advertising, Privacy, and Data Management Working TogetherTrustArc Webinar-Advertising, Privacy, and Data Management Working Together
TrustArc Webinar-Advertising, Privacy, and Data Management Working Together
 
Scot Cloud 2016
Scot Cloud 2016Scot Cloud 2016
Scot Cloud 2016
 
Privacy by Design
Privacy by DesignPrivacy by Design
Privacy by Design
 
Ritz 4th-july-gdpr
Ritz 4th-july-gdprRitz 4th-july-gdpr
Ritz 4th-july-gdpr
 
ABCON-AGM-2021-Final-2.pptx
ABCON-AGM-2021-Final-2.pptxABCON-AGM-2021-Final-2.pptx
ABCON-AGM-2021-Final-2.pptx
 
Impact of GDPR on the pre dominant business model for digital economies
Impact of GDPR on the pre dominant business model for digital economiesImpact of GDPR on the pre dominant business model for digital economies
Impact of GDPR on the pre dominant business model for digital economies
 
GDPR - General Data Protection Regulation
GDPR - General Data Protection RegulationGDPR - General Data Protection Regulation
GDPR - General Data Protection Regulation
 
Overview of privacy and data protection considerations - DEVELOP.
Overview of privacy and data protection considerations - DEVELOP.Overview of privacy and data protection considerations - DEVELOP.
Overview of privacy and data protection considerations - DEVELOP.
 
Data Protection Scotland Summit 2019
Data Protection Scotland Summit 2019Data Protection Scotland Summit 2019
Data Protection Scotland Summit 2019
 
Big data minute privacy
Big data minute privacyBig data minute privacy
Big data minute privacy
 
Iron Mountain® Policy Center Solution Enterprise Edition
Iron Mountain® Policy Center Solution Enterprise EditionIron Mountain® Policy Center Solution Enterprise Edition
Iron Mountain® Policy Center Solution Enterprise Edition
 
Sharp Cookie Advisors legal_botar_ai_dataskydd_gdpr
Sharp Cookie Advisors legal_botar_ai_dataskydd_gdprSharp Cookie Advisors legal_botar_ai_dataskydd_gdpr
Sharp Cookie Advisors legal_botar_ai_dataskydd_gdpr
 
Web Marketing Wednesday Ottawa Oct 12th 2011
Web Marketing Wednesday Ottawa Oct 12th 2011Web Marketing Wednesday Ottawa Oct 12th 2011
Web Marketing Wednesday Ottawa Oct 12th 2011
 
SoBigData. European Research Infrastructure for Big Data and Social Mining
SoBigData. European Research Infrastructure for Big Data and Social MiningSoBigData. European Research Infrastructure for Big Data and Social Mining
SoBigData. European Research Infrastructure for Big Data and Social Mining
 
GDPR - Applift firstscreen june 2016
GDPR - Applift firstscreen june 2016GDPR - Applift firstscreen june 2016
GDPR - Applift firstscreen june 2016
 
GDPR Part 1: Quick Facts
GDPR Part 1: Quick FactsGDPR Part 1: Quick Facts
GDPR Part 1: Quick Facts
 
Associates quick guide to gdpr v 1.0
Associates quick guide to gdpr v 1.0Associates quick guide to gdpr v 1.0
Associates quick guide to gdpr v 1.0
 
GDPR- The Buck Stops Here
GDPR- The Buck Stops HereGDPR- The Buck Stops Here
GDPR- The Buck Stops Here
 
A Pratical Guide to GDPR - F.Coin
A Pratical Guide to GDPR - F.CoinA Pratical Guide to GDPR - F.Coin
A Pratical Guide to GDPR - F.Coin
 

More from apidays

Apidays Singapore 2024 - API Monitoring x SRE by Ryan Ashneil and Eugene Wong...
Apidays Singapore 2024 - API Monitoring x SRE by Ryan Ashneil and Eugene Wong...Apidays Singapore 2024 - API Monitoring x SRE by Ryan Ashneil and Eugene Wong...
Apidays Singapore 2024 - API Monitoring x SRE by Ryan Ashneil and Eugene Wong...
apidays
 

More from apidays (20)

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Apidays New York 2024 - The secrets to Graph success, by Leah Hurwich Adler, ...
Apidays New York 2024 - The secrets to Graph success, by Leah Hurwich Adler, ...Apidays New York 2024 - The secrets to Graph success, by Leah Hurwich Adler, ...
Apidays New York 2024 - The secrets to Graph success, by Leah Hurwich Adler, ...
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Apidays New York 2024 - API Discovery - From Crawl to Run by Rob Dickinson, G...
Apidays New York 2024 - API Discovery - From Crawl to Run by Rob Dickinson, G...Apidays New York 2024 - API Discovery - From Crawl to Run by Rob Dickinson, G...
Apidays New York 2024 - API Discovery - From Crawl to Run by Rob Dickinson, G...
 
Apidays Singapore 2024 - Building with the Planet in Mind by Sandeep Joshi, M...
Apidays Singapore 2024 - Building with the Planet in Mind by Sandeep Joshi, M...Apidays Singapore 2024 - Building with the Planet in Mind by Sandeep Joshi, M...
Apidays Singapore 2024 - Building with the Planet in Mind by Sandeep Joshi, M...
 
Apidays Singapore 2024 - Connecting Cross Border Commerce with Payments by Gu...
Apidays Singapore 2024 - Connecting Cross Border Commerce with Payments by Gu...Apidays Singapore 2024 - Connecting Cross Border Commerce with Payments by Gu...
Apidays Singapore 2024 - Connecting Cross Border Commerce with Payments by Gu...
 
Apidays Singapore 2024 - Privacy Enhancing Technologies for AI by Mark Choo, ...
Apidays Singapore 2024 - Privacy Enhancing Technologies for AI by Mark Choo, ...Apidays Singapore 2024 - Privacy Enhancing Technologies for AI by Mark Choo, ...
Apidays Singapore 2024 - Privacy Enhancing Technologies for AI by Mark Choo, ...
 
Apidays Singapore 2024 - Blending AI and IoT for Smarter Health by Matthew Ch...
Apidays Singapore 2024 - Blending AI and IoT for Smarter Health by Matthew Ch...Apidays Singapore 2024 - Blending AI and IoT for Smarter Health by Matthew Ch...
Apidays Singapore 2024 - Blending AI and IoT for Smarter Health by Matthew Ch...
 
Apidays Singapore 2024 - OpenTelemetry for API Monitoring by Danielle Kayumbi...
Apidays Singapore 2024 - OpenTelemetry for API Monitoring by Danielle Kayumbi...Apidays Singapore 2024 - OpenTelemetry for API Monitoring by Danielle Kayumbi...
Apidays Singapore 2024 - OpenTelemetry for API Monitoring by Danielle Kayumbi...
 
Apidays Singapore 2024 - Connecting Product and Engineering Teams with Testin...
Apidays Singapore 2024 - Connecting Product and Engineering Teams with Testin...Apidays Singapore 2024 - Connecting Product and Engineering Teams with Testin...
Apidays Singapore 2024 - Connecting Product and Engineering Teams with Testin...
 
Apidays Singapore 2024 - The Growing Carbon Footprint of Digitalization and H...
Apidays Singapore 2024 - The Growing Carbon Footprint of Digitalization and H...Apidays Singapore 2024 - The Growing Carbon Footprint of Digitalization and H...
Apidays Singapore 2024 - The Growing Carbon Footprint of Digitalization and H...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Apidays Singapore 2024 - API Monitoring x SRE by Ryan Ashneil and Eugene Wong...
Apidays Singapore 2024 - API Monitoring x SRE by Ryan Ashneil and Eugene Wong...Apidays Singapore 2024 - API Monitoring x SRE by Ryan Ashneil and Eugene Wong...
Apidays Singapore 2024 - API Monitoring x SRE by Ryan Ashneil and Eugene Wong...
 
Apidays Singapore 2024 - A nuanced approach on AI costs and benefits for the ...
Apidays Singapore 2024 - A nuanced approach on AI costs and benefits for the ...Apidays Singapore 2024 - A nuanced approach on AI costs and benefits for the ...
Apidays Singapore 2024 - A nuanced approach on AI costs and benefits for the ...
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 
Apidays Singapore 2024 - How APIs drive business at BNP Paribas by Quy-Doan D...
Apidays Singapore 2024 - How APIs drive business at BNP Paribas by Quy-Doan D...Apidays Singapore 2024 - How APIs drive business at BNP Paribas by Quy-Doan D...
Apidays Singapore 2024 - How APIs drive business at BNP Paribas by Quy-Doan D...
 

Recently uploaded

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Roshan Dwivedi
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 

Recently uploaded (20)

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 

apidays LIVE Paris 2021 - Privacy in SDKs by Romain Robert, NOYB

  • 1. @NOYBeu www.noyb.eu SDK AND DATA PROTECTIONS: WHAT SHOULD WE CARE ? APIDays - 9 December 2021 Romain ROBERT Program Director – None of Your Business
  • 2. @NOYBeu www.noyb.eu PRESENTATION OF NOYB noyb? = None Of Your Business European Center for DigitalRights • Not-for-profit organisation • Independent • Createdby Max Schrems • Founded in May 2017 • Based in Vienna • 17 people, including 9 data protection lawyers from several jurisdictions • About 4500 supporting members at the moment who contribute around 400 000 € per year • Additional funding comes from institutional members and project funding by public and privateinstitutions (eg EFF). We also receive single donations and sponsorships on a non-regular basis
  • 3. @NOYBeu www.noyb.eu PRESENTATION OF NOYB • fills a structural gap in private sector privacy enforcement • cooperate with existing NGOs and groups in the fields of privacy, IT security and consumer protection • support businesses that seek to comply with the law • not directly involved in issues of government surveillance • raises public awareness • provides legal assistance to members
  • 4. @NOYBeu www.noyb.eu ORGANISATIONS AND THE GDPR Article 80.1 GDPR explained Who can act ? • not-for-profit body, organisation or association • properly constituted in accordance with the law of a Member State • statutory objectives which are in the public interest • active in the field of the protection of data subjects' rights and freedoms What can they do ? • to lodge the complaint on his or her behalf • to exercise the rights referred to in Articles 77, 78 and 79 on his or her behalf, • to exercise the right to receive compensation referred to in Article 82 on his or her behalf where provided for by Member State law.
  • 5. @NOYBeu www.noyb.eu SDK AND GDPR/EPRIVACY WHAT ? - GDPR applies to all personal data - Personal data: all data that can link to a person - Includes: location, IDFA or Google ID, cookies, pictures, Phone number, …. - A lot of data sent by SDKs
  • 6. @NOYBeu www.noyb.eu SDK AND GDPR/EPRIVACY WHAT ? - Eprivacy Directive (article 5.3) - use of electronic communications networks to store information or to gain access to information stored in the terminal equipment of a subscriber or user applies to all personal data only if - Consent - sole purpose of carrying out or facilitating the transmission of a communication over an electronic communications network, or as strictly necessary in order to provide an information society service explicitly requested by the subscriber or user.
  • 7. @NOYBeu www.noyb.eu SDK AND GDPR/EPRIVACY WHO ? - Controller: the entity that determines the means and purposes - Can be the App developper and/or the SDK provider - Both can be « joint controllers » - An agreement needs to be signed - See Grindr decision from the NO DPA - The processor is the organisation/company that process the data on behalf of the controller
  • 8. @NOYBeu www.noyb.eu SDK AND GDPR/EPRIVACY HOW ? Transparency - Information about: - Which data - For what (purpose) - Examples of formulationsthat are not specific enough are improving user experience (Vinted)and securing the service (Kolibrie). - Who are the recipients ? (see NO DP decision) - List of recipients - Importantto enforce the rights
  • 9. @NOYBeu www.noyb.eu SDK AND GDPR/EPRIVACY HOW ? Consent - Must be - Specific: purpose and not general (per provider, perrecipient) - Free: not tied to the service - Unambiguous: what is this exactly about - Informed • Possibility to withdraw consent
  • 10. @NOYBeu www.noyb.eu SDK AND GDPR/EPRIVACY HOW ? Sensitive data data about political views, sexual orientation, religion and ethnic background Ex: the Q’ran app
  • 11. @NOYBeu www.noyb.eu SDK AND GDPR/EPRIVACY HOW ? Data protection by default - All settings must be by default set for the most data protection friendly configuration - The App provider, bu also the OS provider and the market place (see Apple IDFA in Pain) Data protection by design - Data protection should be embedded in the design
  • 12. @NOYBeu www.noyb.eu SDK AND GDPR/EPRIVACY HOW ? Data minimisation • Only the data necessary for the purpose • Not more • Only to the extent necessary
  • 13. @NOYBeu www.noyb.eu SDK AND GDPR/EPRIVACY HOW ? Transfer out of the EU As a principe not allowed Need to rely on adequacy (US, Schrmes I, Schrems II) Or Standard Contractual clauses
  • 14. @NOYBeu www.noyb.eu SDK AND GDPR/EPRIVACY Action ? Collective redress in courts Complaints Cookies campagin: noyb intends to file 10 000 complaints SDK may be next
  • 15. @NOYBeu www.noyb.eu SDK AND GDPR/EPRIVACY Tools/resources Exodus privacy https://exodus-privacy.eu.org/en/ Norvegian council: « Out of control » report https://www.forbrukerradet.no/out-of-control/ Thank you ! Support us on www.noyb.eu