Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Transparent Personal Data Processing: The Road Ahead

440 views

Published on

Transparent Personal Data Processing: The Road Ahead

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Transparent Personal Data Processing: The Road Ahead

  1. 1. Transparent Personal Data Processing: The Road Ahead Piero Bonatti, Sabrina Kirrane, Axel Polleres, and Rigo Wenning TELERISE Workshop 12/09/2017
  2. 2. Companies whose business models rely on personal data Data subjects who would like to declare, monitor and optionally revoke their (often not explicit) preferences on data sharing Regulators who can leverage technical means to check compliance with the GDPR 2013 2014 2015 2016 2017 2018 Draft of the regulation 7/22/2012 Revisions in the draft 3/12/2013 Discussions in the EU Council 5/19/2014 EU Council finalises the chapters 8/6/2015 Trilogue starts 6/24/2015 Trilogue agrees 12/17/2015 Comes into force 5/15/2018 Scalable Policy-awarE Linked Data arChitecture for prIvacy, trAnsparency and compLiance (SPECIAL)
  3. 3. Data & Data Driven Services Regulators Companies/ Service Providers Customers/ Service Users Privacy Preferences Legal Policies Contracts/ Terms of use SPECIAL Overview Aims
  4. 4. • Policy management framework ❖Gives users control of their personal data ❖Represents access/usage policies and legislative requirements in a machine readable format • Transparency and compliance framework ❖Provides information on how data is processed and with whom it is shared ❖Allows data subjects to take corrective action • Scalable policy-aware Linked Data architecture ❖Build on top of the Big Data Europe (BDE) platform scalability and elasticity mechanisms ❖Extended BDE with robust policy, transparency and compliance protocols SPECIAL Overview Objectives
  5. 5. Transparency Requirements Ledger Functionality • Completeness: all data processing and sharing events should be recorded • Correctness: accurately reflect the processing and sharing events • Confidentiality: users should only be able to see the transactions that involve their own data • Immutability: it should not possible to go back and reinvent history • Integrity: log entries should be protected from accidental and/or malicious modification • Interoperability: the log should transcend company boundaries • Non-repudiation: it should not be possible to deny that the event took place • Rectification & Erasure: rectify errors in the stored personal data and/or delete data at the request of the data subject • Traceability: link events in a manner that supports traceability of processing
  6. 6. Transparency Requirements Ledger Robustness • Availability: optimal accessibility and usability of the ledger • Performance: various optimisations such as parallel processing and/or indexing could be used to improve processing efficiency • Scalability: it should be possible to handle increasing volumes of events and policies • Storage: only necessary information should be stored in the log
  7. 7. Candidate Transparency Ledgers Local Ledger Message Authentication Codes (MACs) together with a hashing algorithm used to generate chains of log records Message Authentication Codes (MACs) together with a hashing algorithm used to generate chains of log records
  8. 8. Candidate Transparency Ledgers Global Ledger and Trusted Third Party Key Management via key blinding. Events cannot be considered in isolation, thus need to store a trail of events.
  9. 9. Candidate Transparency Ledgers Global Ledger and Peer-to-Peer network Distributed accountability peers that communicate using existing web protocols. Blockchain technology and smart contracts.
  10. 10. Candidate Transparency Ledgers Local, Global & Distributed Ledgers Technically all three approaches could be used to realise the transparency requirements of the GDPPR
  11. 11. Candidate Transparency Ledgers What has been done to date? Gaps in terms of: Interoperability, Non-repudiation, Rectification & Erasure, and Traceability
  12. 12. Candidate Transparency Ledgers What has been done to date? The robustness of existing peer to peer approaches needs further investigation
  13. 13. Challenges and Opportunities What needs to be recorded in the ledger? Transparency Ledger Collected data How is data processed Where are collected data and profiles stored For how long are the data stored Purpose of data collection and processing Disclosure to third parties
  14. 14. Challenges and Opportunities How can we ensure Interoperability? • Globally Unique identifiers • A common protocol • Links between Documents URIs HTTP href Links between web pages • Globally Unique identifiers • A common protocol • Typed Links between Entities URIs HTTP RDF
  15. 15. Challenges and Opportunities How can we ensure Interoperability? www.sabrinakirrane.com#me foaf: workplaceHomepage https://www.wu.ac.at/en/Infobiz/ • Globally Unique identifiers • A common protocol • Links between Documents • Globally Unique identifiers • A common protocol • Typed Links between Entities URIs HTTP href URIs HTTP RDF
  16. 16. Challenges and Opportunities How can we ensure Interoperability? www.axelpolleres.com#me foaf: workplaceHomepage https://www.wu.ac.at/en/Infobiz/ www.sabrinakirrane.com#me foaf: workplaceHomepage https://www.wu.ac.at/en/Infobiz/ www.sabrinakirrane.com#me foaf: knows www.axelpolleres.com#me • Globally Unique identifiers • A common protocol • Links between Documents • Globally Unique identifiers • A common protocol • Typed Links between Entities URIs HTTP href URIs HTTP RDF
  17. 17. Challenges and Opportunities How can we ensure Interoperability? www.sabrinakirrane.com#me foaf: workplaceHomepage https://www.wu.ac.at/en/Infobiz/ www.axelpolleres.com#me • Globally Unique identifiers • A common protocol • Links between Documents • Globally Unique identifiers • A common protocol • Typed Links between Entities URIs HTTP href HTTP RDF URIs
  18. 18. Challenges and Opportunities What do we have in terms of standards? • Globally Unique identifiers • A common protocol • Links between Documents • Globally Unique identifiers • A common protocol • Typed Links between Entities URIs HTTP href URIs HTTP RDF • Common data model for encoding data (triples) • Common ways of serialising data (syntaxes) • Well-defined languages for saying what terms mean (semantics) • Common ways to query data (query languages) www.sabrinakirrane.com#me foaf: workplaceHomepage https://www.wu.ac.at/en/Infobiz/
  19. 19. Challenges and Opportunities What do we have in terms of vocabularies? • Globally Unique identifiers • A common protocol • Links between Documents • Globally Unique identifiers • A common protocol • Typed Links between Entities URIs HTTP href URIs HTTP RDF www.sabrinakirrane.com#me foaf: workplaceHomepage https://www.wu.ac.at/en/Infobiz/
  20. 20. Challenges and Opportunities How can we ensure Integrity & Reliability? Transparency Ledger
  21. 21. Challenges and Opportunities How do we handle Rectification & Erasure?
  22. 22. Future Work Transparency & Compliance • Transparency • Vocabularies for ledger interoperability and usage traceability across organisation borders • Investigate the use of Fair Exchange Protocols to improve event integrity and reliability • Reconcile the conflict between the log immutability requirement and the data subjects’ right to rectification and erasure • Compliance • Formally represent usage policies and privacy legislation • Demonstrate compliance both with the usage policies specified by the data subject and obligations set forth in the GDPR
  23. 23. Thank you / contact details Technical/Scientific contact Sabrina Kirrane Vienna University of Economics and Business sabrina.kirrane@wu.ac.at Administrative contact Philippe Rohou ERCIM W3C philippe.rohou@ercim.eu The project SPECIAL (Scalable Policy-awarE linked data arChitecture for prIvacy, trAnsparency and compLiance) has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 731601 as part of the ICT-18-2016 topic Big data PPP: privacy-preserving big data technologies. Interested in working with us. Check out our open PhD position: https://www.wu.ac.at/en/careers/careers-at- wu/current-job-openings/#c484507 or drop me an email sabrina.kirrane@wu.ac.at

×