Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

GDPR for Things - ThingsCon Amsterdam 2017


Published on

Understanding GDPR for things - A Presentation by Saskia Videler and Rob Heyman.

Published in: Data & Analytics
  • Be the first to comment

GDPR for Things - ThingsCon Amsterdam 2017

  1. 1. GDPR for Things
  2. 2. Hello! We’re Saskia Videler & Rob Heyman
  3. 3. What we’re going to talk about… GDPR essentials Data flow mapping Privacy policies Best practices
  4. 4. Disclaimer We’re no lawyers or legal professionals!
  5. 5. Disclaimer You could call us “GDPR enthusiasts”
  6. 6. Disclaimer Although that sounds a bit odd as well…
  7. 7. Disclaimer Anyway…
  8. 8. Primer Time
  9. 9. General Data Protection Regulation - from May 25, 2018 • Privacy protection for European citizens • No more boundless ‘harvesting’ of personal data • Only data they: • Need to operate their service for the customer • Obtained with full consent of the customer • Data must be stored in Europe and be removed after a few years • Data subject must be able to edit, delete or transfer their data
  10. 10. 6 principles of privacy • Lawfulness, fairness and transparency. • Purpose limitations. • Data minimisation. • Accuracy. • Storage limitations. • Integrity and confidentiality.
  11. 11. Rights of the data subject • Right to information and transparency. • Right of access and rectification. • Right to erasure or “right to be forgotten”. • Right to restriction. • Right to data portability.
  12. 12. Wait, what data? • Name, age/birthday, gender, address, etc. • Meta data: location, device(s), frequency, networks, connections, conversations, Mac-addresses, IP- addresses, etc
  13. 13. GDPR & Things They are in our homes. They listen.
  14. 14. GDPR & Things They are on our bodies.
 They track.
  15. 15. GDPR & Things They are in our bedrooms.
 They communicate.
  16. 16. GDPR for Things They know stuff about us. They know us. Their makers know us. They can be hacked.
  17. 17. Privacy by design
  18. 18. How’s our privacy literacy? And that of our partners and coworkers?
  19. 19. Privacy Literacy Survey • It is not just a survey
 It is also a FAQ applied to your area of work • It is a manual
 Through application to case, you understand what GDPR means • It should be a living document
 Like a FAQ, it should be updated with expert answers • Ideal for company or sector wide codes of conduct

  20. 20. What is personal information according to GDPR? • Voice recording • Mac address • IP-address • Number of visits • Age ranges • Professional email address • Unique identifier Summary Personal data is any data that are able to single a (natural) person out of a crowd or a set of data AND that allow someone to know who that person is. For example, MAC and IP-addresses are considered personal data because they are unique per connected device and an ISP can look up these addresses and attach a name or address to them.
  21. 21. What data are we collecting?
  22. 22. Think about • IP-addresses • MAC-addresses • Devices • Usage data • Name, address, age, gender, relationships, family situation, etc. • Recordings • Heatmaps • Etc.
  23. 23. What data do we absolutely need to operate our service?
  24. 24. How are you acquiring this data? ?
  25. 25. Consent Contract
  26. 26. Ask for personal data in context
  27. 27. Allow them to say NO
  28. 28. What happens with that data? Who touches, sees or processes it? 3rd parties? Are they GDPR compliant?
  29. 29. Think about • The services that you use for: • User research • Processing • Analysis • Delivery of physical products
  30. 30. What could go wrong? How can we prevent that from happening?
  31. 31. Think about • Creation and management Data Flow map • GDPR task force, feat. DPO • Government (roles, who’s responsible for what?) • Plan for problems, escalations, emergencies
  32. 32. How do we talk about personal data to our users?
  33. 33. Think about • Being clear about your goals • Being clear about data processing • Use plain, easy to understand, language
  34. 34. How can our users edit or delete their data?
  35. 35. Think about • Flow of this process, the usability • The UX • Actual editing / deletion of data everywhere in the chain • All data you’ve collected of your users! 
 That includes meta data, conversations, etc.
  36. 36. Ps: check out for a cool case about this!
  37. 37. How can our users transfer their data?
  38. 38. Think about • What does the data look like? • What format is it? • How are you going to deliver it to them? • What does the flow look like?
  39. 39. Data Flow Mapping
  40. 40. Goal and focus Focus Accessibility before accuracy Mapping instead of assessing Why? Best starting point for anything data related Negotiations on data ‘ownership’, thinking of alternatives Data protection impact assessment requires a mapping
  41. 41. Check list • Three big white papers or (flip-over) sheets +/- A3 size. • Two markers; one red, one green. • At least one regular blue pen. • Big post-its in a striking colour, e.g. yellow. • Smaller post-its, in two colours, e.g. orange and green. • An empty ‘Information Asset Inventory’ sheet. • Camera (phone camera will do).
  42. 42. Case 1: Alexa
  43. 43. Case 2: Tracking runners on a running track • Runners run over a track with three wifi access points that hash mac addresses • Unique hashes signify the number of runners • Returning hashes are used to measure average speeds
  44. 44. Step one: prepare your paper • Draw a horizontal axis representing time • Draw a vertical axis representing data subject visibility Datasubject Time
  45. 45. Step two: adding data points • Add data points: Data points are places where you can find personal data in your process • Name or label the different data points CV stack Rejected but interesting Closet at HR
  46. 46. Step three: connecting the dots As data moves through the data cycle, data points are connected by transmissions. Use a post-it in another colour (orange, for example) for each transmission. • Draw arrows with a marker between data points to represent the flow or exchange of data. These flows can be one-way or two-way. • Add a transmission post-it to each arrow or between two data points. Describe on it: • The medium type of the transmission, (e.g. browser; email; dropbox). • The encryption type of the transmission (e.g. none, end-to-end). • Whether the transmission concerns all or partial data. • Go through all data points and transmissions once more. Discuss if any are missing, and if necessary, use additional post-its to add to the data flow.
  47. 47. step three: connecting the dots CV stack Rejected but interesting Closet at HR Mail none all Folder none some Folder none some
  48. 48. Step four: Control and access • Draw circles with a green marker around (groupings of) data point(s), indicating the controlling organisation for one or more data points. Name these areas. • Check if a transmission or data point is part of a larger system or coupled with other systems. If so, write down the name of this system on a post-it in a new colour (e.g. green) and find out if other parties have access to the data. E.g. if Google Docs is used to store or move data, check if Google has access. • Which data points or transmissions are most likely to have an extra pair of eyes watching, and where is a download easily made? In case of a loose end, someone or something else has access. This can be within or outside of your organisation. If you recognize a loose end and a risk of data doubles, write a ‘!’ on the data point, transmission or coupled system note and add who and what could be copied outside your process.
  49. 49. step four: control and access CV folder on John’s pc Rejected but interesting Folder Closet at HR Email none all Shared Printer none some Folder none some Email provider Anyone at our company Anyone with a key ? who has a key?
  50. 50. Step five: Identify the gaps • Having a complete data flow is near impossible • Add names to missing information and contact these
  51. 51. Step six: fill in your data asset register • Aim: have a more detailed view of the data • Handy to discuss data minimalization, storage and deletion Data point name - number Category Data value in database Personal data category Intended recipients of data Retention period or expiery date? Who controls this data? Storage location Storage medium Security measures Purpose Initial source Consent or legal permission Secondary use: goal compatibility
  52. 52. CV folder on John’s pc Rejected but interesting Folder Closet at HR Email none all Shared Printer none some Folder none some Email provider Anyone at our company Anyone with a key ? who has a key?
  53. 53. Questions for after the mapping • Do I collect before or after asking consent • Is all data processed on EU soil? • Where do I need more access control? • What if someone asks for the right to access, deletion, rectification? • Is there data I do not need at a given point? • Are there people with access to data they don’t need?
  54. 54. Privacy Statements
  55. 55. How to fix your privacy policy
  56. 56. Communicating about privacy: account
  57. 57. Communicating about privacy: in a survey
  58. 58. Communicating about privacy: checkout & payment
  59. 59. Communicating about privacy: privacy statement
  60. 60. How to fix your privacy policy Clear, unambiguous language.
 No jargon or legalese. Example from
  61. 61. How to fix your privacy policy Use icons to communicate the privacy policy. Icon set from Aza Raskin at Mozilla
  62. 62. How to fix your privacy policy
  63. 63. What to needs to be in there? • Data protection officer contact details • Purposes • Legal grounds • Recipients • Data transfers outside EU • Storage times of data • Users have a right to: • access, port data, rectify, erase, object, withdraw consent • Complain at data protection authority • If there is automated decisions making • If data is needed for a contract, what happens if a user does not provide data
  64. 64. We are ___________. You can contact us here ________. We collect the following data from you _______,________,_______,_________. We use __________ for _________. 
 We use __________ for _________. 
 We use __________ for _________. This data is being collected by / through ______________________. Your data is automatically removed from all of our records after _______. Who has access to your data: (third parties) _______,________,_______,_________. How secure is your information? (encryption, SSL, disclaimers) ________________________________. If you want to view, edit or remove your data, you can go here and do so ________________ / contact us here __________________. How to fix your privacy policy
  65. 65. More info The official text of the regulation: The regulation explained by the European Commission: http:// The podcasts we’ve made about GDPR, UX and content: Privacy by Design guidelines: tab=publications Remember to check with privacy experts and legal professionals for your specific situation.
  66. 66. Do I know enough? Do they know enough? • RTFM! 99 Articles, 88 pages, not exactly a best seller
 If you have not read it, can you expect your partners/employees to do so? • Thinking you know something
 Is sometimes not good enough • Personal information, what is it?
 Forget mapping data flows if you are not sure • ‘Privacy literacy survey’ to the rescue
 Check your literacy level and see what’s needed • Click here for the current prototype
  67. 67. • Ask for consent and data in context. 
 Be clear, transparent and fair. • Handle personal data with care.
 Allow for viewing, editing and deleting by data subject. • Know your dataflows! 
 Risk assessments need to be done regularly. • Fix your privacy policy. 
 Make it easy to understand, no legalese allowed! • GDPR is actually good for UX 
 It will guide design and content towards transparent, clear communication and trust. 5 key takeaways
  68. 68. Efficiently Effective Podcast Thank you!