SlideShare a Scribd company logo
Methods and Tools for GDPR Compliance through
Privacy and Data
Protection 4 Engineering
Status of Privacy
Engineering Standardisation
Antonio Kung
Trialog, 25 rue du Général Foy 75008
Paris
antonio.kung@trialog.com
12 June 2019 Status of privacy engineering standardisation Slide 1
Outline
Speaker
Ecosystem viewpoint: big change in standardisation
Privacy engineering: new standards in the pipe
IPEN in the loop: recommendation for best practice sharing on
privacy engineering
12 June 2019 Status of privacy engineering standardisation Slide 2
Speaker
Engineering background
Coordinator PRIPARE (pripareproject.eu) 2013-2015
 Liaison with ISO/IEC JTC1/SC27/WG5
 Member of OASIS (Privacy Management Reference Model - PMRM)
Active participation in privacy standards
Privacy by design principles
 Privacy by design for consumer goods and services (ISO 31700)
Privacy engineering
 Privacy engineering (ISO/IEC 27550 – to be published)
 Big data – Security and privacy fabric (ISO/IEC 20547-4)
 Smart cities - Privacy guidelines for smart cities (ISO/IEC 27570)
 IoT - Security and privacy guidelines for IoT (ISO/IEC 27030 )
 Privacy preference management (ISO/IEC 27556)
 Privacy engineering models - study
12 June 2019 Status of privacy engineering standardisation Slide 3
Administrator of IPEN wiki
12 June 2019 Status of privacy engineering standardisation Slide 4
Methods and Tools for GDPR Compliance through
Privacy and Data
Protection 4 Engineering
The ecosystem viewpoint
12 June 2019 Status of privacy engineering standardisation Slide 5
The Ecosystem Viewpoint
Security
Privacy
Trust
SafetySmart
grid
Transport
Health
Smart
Cities
Big
data
IoT
Ecosystems
Domains ConcernsStakeholders
Citizens
Business
Policy
makers
Block
chain
Auto-
nomous
systems
AI
Technologies
12 June 2019 Status of privacy engineering standardisation Slide 6
An Integration Issue of Transversal Concern:
Example of Security and Privacy
27550 Privacy engineering
20889 Privacy enhancing data de-identification techniques
27001 Information security management systems — Requirements
27005 Information security risk management
27009 Sector-specific application of 27001 – Requirements
27552 Extension to 27001/27002 for privacy management – Requirements and guidelines
29151 Code of practice for personally identifiable information protection
29100 Privacy framework
29134 Privacy impact assessment - Guidelines
27002 Code of practice for information security controls
Lifecycle
engineering
Control design
Risk analysis
Requirement
Privacy
Security
Privacy
Security
Privacy
Security
Privacy
Security 27101 Guidelines for cybersecurity framework
12 June 2019 Status of privacy engineering standardisation Slide 7
31700 Privacy-by-design for consumer goods and services
Trends in Standards: Ecosystem
Guidance
12 June 2019 Status of privacy engineering standardisation Slide 8
ISO/IEC 30141 IoT
Reference Architecture
ISO/IEC 20547-3 Big data
Reference Architecture
ISO/IEC 17789 Cloud computing
Reference Architecture
ISO/IEC 23751 Data sharing
agreement
Cloud service
customer
Ecosystem
guidance
Cloud service
partner
Cloud service
provider
ISO/IEC 27030 Security and
privacy guidelines for IoT
Iot user
Ecosystem
guidance
IoT service
developer
IoT service
provider
ISO/IEC 20547-4 Big data security and
privacy
Big data service partner
Ecosystem
guidance
Big data application
provider
Big data provider
Big data consumer
Big data framework
provider
ISO/IEC 27570 Privacy guidelines for
smart cities
Five processes
Governance
Risk management
Data exchange
Engineering
Citizen engagement
Ecosystem
Governance body
Organisation 1 Organisation NOrganisation N
12 June 2019 Status of privacy engineering standardisation Slide 9
Example of 27556 Privacy Preference
management
12 June 2019 Status of privacy engineering standardisation Slide 10
Privacy
preference
manager
De-
identification
PII
handling
Data transfer
control
Data source
collection
Consent
Information
administration
Privacy
preference
administration
Control
Rule
generation
Transparency
administration
Privacy
Preference
Manager
What is next?
ISO/IEC JTC1 SG6 « Meta Reference Architecture »
Workshop Montreal 20-22 August
Will gather standard editors on important standards
Architecture (system, cloud, big data, IoT, smart city)
Cross cutting concern (security, privacy, safety, trust…)
Governance and continuous improvement
Objective
Reach common understanding
Define shape of convergent standards
Define roadmap
12 June 2019 Status of privacy engineering standardisation Slide 11
Methods and Tools for GDPR Compliance through
Privacy and Data
Protection 4 Engineering
Privacy engineering
standards
12 June 2019 Status of privacy engineering standardisation Slide 12
Current work
12 June 2019 Status of privacy engineering standardisation Slide 13
Principles
ISO 37100 Privacy-by-design for consumer goods and services Pending
ISO/IEC 29100 Privacy framework Published (free)
Mechanism
ISO/IEC 20889 Data de-identification terminology and classification of techniques Published
ISO/IEC 29184 Online privacy notices and consent Pending
Organisation
practice
ISO/IEC 27550 Privacy engineering for system life cycle processes 2019
ISO/IEC 27552 Privacy information management -- requirements and guidelines 2019
ISO/IEC 27555 Establishing a PII deletion concept in organisations Pending
ISO/IEC 27556 User-centric framework for privacy preference management Pending
ISO/IEC 29134 Privacy impact assessment guidelines Published
ISO/IEC 29151 Code of practice for PII protection Published
ISO/IEC 29190 Privacy capability assessment model Published
Ecosystem
practice
ISO/IEC 20547-4 Big data security and privacy Pending
ISO/IEC 27030 Security and privacy guidelines for IoT Pending
ISO/IEC 27570 Privacy guidelines for smart cities Pending
ISO/IEC 23751 Data sharing agreements Pending
Privacy Engineering: Integrating privacy
concerns
Privacy
Privacy
Privacy
Privacy Privacy
Privacy
Privacy!
12 June 2019 Status of privacy engineering standardisation Slide 14
Beyond CIA
Confidentiality
Integrity
Availability
Unlinkability
Intervenability
Transparency
12 June 2019 Status of privacy engineering standardisation Slide 15
From ULD: ieee-security.org/TC/SPW2015/IWPE/2.pdf
Privacy threats analysis: LINDDUN
https://distrinet.cs.kuleuven.be/software/linddun/catalog.php
12 June 2019
Property Threat
Hard privacy
Unlinkability Linkability
Anonymity Identifiability
Plausible deniability Non-repudiation
Undetectability and unobservability Detectability
Security Confidentiality Disclosure of information
Soft Privacy
Content awareness Unawareness
Policy and consent compliance Non compliance
Status of privacy engineering standardisation Slide 16
Design Strategy (J.H.Hoepman)
https://www.enisa.europa.eu/publications/privacy-and-data-protection-by-design/at_download/fullReport
Design strategy Description
Data
oriented
strategies
Minimize Limit as much as possible the processing of PII
Separate
Distribute or isolate personal data as much as possible, to prevent
correlation
Abstract
Limit as much as possible the detail in which personal data is processed,
while still being useful
Hide Prevent PII to become public or known.
Process
oriented
strategies
Inform Inform PII principals about the processing of PII
Control Provide PII principals control about the processing of their PII.
Enforce Commit to PII processing in a privacy friendly way, and enforce this
Demonstrate Demonstrate that PII is processed in a privacy friendly way.
12 June 2019 Status of privacy engineering standardisation Slide 17
What is next? New standards in the pipe
A possible scenario
12 June 2019 Status of privacy engineering standardisation Slide 18
ISO 31700
Privacy by design for consumer goods and services
principles
2019 2020 2021 2022
SC27/WG5 study
Privacy engineering
models
Privacy engineering
(IS)
27550 Edition 2
(from TR to IS)
Participation to Standardisation
Liaison category C with ISO/IEC JTC1/SC27/WG5
12 June 2019 Status of privacy engineering standardisation Slide 19
Methods and Tools for GDPR Compliance through
Privacy and Data
Protection 4 Engineering
IPEN in the Loop:
Recommendation for best
practice sharing on privacy
engineering
12 June 2019 Status of privacy engineering standardisation Slide 20
Creating a Virtuous Cycle
Best practice sharing on privacy
engineering will drive new standards
Conditions
Community participation
 e.g. H2020 cluster of GDPR projects
Repository operation
Content
 Textual information (use case like)
 Models
Management
 Editorial and acceptance process
12 June 2019 Status of privacy engineering standardisation Slide 21
Privacy
engineering
standards
Sharing
Privacy
engineering
Practice
Proposal for
new
standards
PDP4E Contribution to Best Practice
Sharing
Models for privacy
engineering
IPR free
Guidelines for use
Possible contributions
Use case for smart grid big
data
Use case connected vehicles
(C-ITS)
12 June 2019 Status of privacy engineering standardisation
PDP4E– Slide 22
Repository of models for privacy engineering
Models for
Lifecycle
processes?
IPEN community
Managed by
Models for
Risk
analysis?
Models for
Requirements
Engineering?
Models for
Privacy
Assurance?
Question?
antonio.kung@trialog.com
www.trialog.com
12 June 2019 Status of privacy engineering standardisation Slide 23

More Related Content

What's hot

Wp6 public
Wp6 publicWp6 public
Dpm presentation
Dpm presentationDpm presentation
Data Privacy and Security in Autonomous Vehicles
Data Privacy and Security in Autonomous VehiclesData Privacy and Security in Autonomous Vehicles
Data Privacy and Security in Autonomous Vehicles
sulaiman_karim
 
MECATECH, building the Future
MECATECH, building the FutureMECATECH, building the Future
MECATECH, building the Future
Agence du Numérique (AdN)
 
Lightkone project : Lightweight computation for networks at the edge
Lightkone project : Lightweight computation for networks at the edgeLightkone project : Lightweight computation for networks at the edge
Lightkone project : Lightweight computation for networks at the edge
Agence du Numérique (AdN)
 
Paris wp5 pd-pb_d
Paris wp5 pd-pb_dParis wp5 pd-pb_d
Towards Large-Scale, High-Density Indoor Ultra Wideband Geolocation Systems
Towards Large-Scale, High-Density Indoor Ultra Wideband Geolocation SystemsTowards Large-Scale, High-Density Indoor Ultra Wideband Geolocation Systems
Towards Large-Scale, High-Density Indoor Ultra Wideband Geolocation Systems
Agence du Numérique (AdN)
 
Wp4 tool demonstration_v1
Wp4 tool demonstration_v1Wp4 tool demonstration_v1
Wp4 tool demonstration_v1
Privacy Data Protection for Engineering
 
International Conference on Big Data, IoT and Machine Learning (BIOM 2021)
International Conference on Big Data, IoT and Machine Learning (BIOM 2021)International Conference on Big Data, IoT and Machine Learning (BIOM 2021)
International Conference on Big Data, IoT and Machine Learning (BIOM 2021)
ijwscjournal
 
International Conference on Big Data, IoT and Machine Learning (BIOM 2021)
International Conference on Big Data, IoT and Machine Learning (BIOM 2021)International Conference on Big Data, IoT and Machine Learning (BIOM 2021)
International Conference on Big Data, IoT and Machine Learning (BIOM 2021)
ijwscjournal
 
Multitel Cybersecurity Projects
Multitel Cybersecurity ProjectsMultitel Cybersecurity Projects
Multitel Cybersecurity Projects
Agence du Numérique (AdN)
 
Who will buy IOT products and why.
Who will buy IOT products and why.Who will buy IOT products and why.
Who will buy IOT products and why.
Atanu Roy Chowdhury
 
International Conference on Big Data, IoT and Machine Learning (BIOM 2021)
International Conference on Big Data, IoT and Machine Learning (BIOM 2021)International Conference on Big Data, IoT and Machine Learning (BIOM 2021)
International Conference on Big Data, IoT and Machine Learning (BIOM 2021)
ijwscjournal
 
Applying IoT to the Management of Natural Disasters Risk NIAGRISK - A digital...
Applying IoT to the Management of Natural Disasters Risk NIAGRISK - A digital...Applying IoT to the Management of Natural Disasters Risk NIAGRISK - A digital...
Applying IoT to the Management of Natural Disasters Risk NIAGRISK - A digital...
Agence du Numérique (AdN)
 
2 nd International Conference on Cloud, Big Data and IoT (CBIoT 2021)
2 nd International Conference on Cloud, Big Data and IoT (CBIoT 2021)2 nd International Conference on Cloud, Big Data and IoT (CBIoT 2021)
2 nd International Conference on Cloud, Big Data and IoT (CBIoT 2021)
ijwscjournal
 
2nd International Conference on Cloud, Big Data and IoT (CBIoT 2021)
2nd International Conference on Cloud, Big Data and IoT (CBIoT 2021)2nd International Conference on Cloud, Big Data and IoT (CBIoT 2021)
2nd International Conference on Cloud, Big Data and IoT (CBIoT 2021)
ijdms
 
Web Application Hacking - The Art of Exploiting Vulnerable Web Application
Web Application Hacking - The Art of Exploiting Vulnerable Web ApplicationWeb Application Hacking - The Art of Exploiting Vulnerable Web Application
Web Application Hacking - The Art of Exploiting Vulnerable Web Application
Eryk Budi Pratama
 
e-SIDES workshop at ICT 2018, Vienna 5/12/2018
e-SIDES workshop at ICT 2018, Vienna 5/12/2018e-SIDES workshop at ICT 2018, Vienna 5/12/2018
e-SIDES workshop at ICT 2018, Vienna 5/12/2018
e-SIDES.eu
 
2nd International Conference on Cloud, Big Data and IoT (CBIoT 2021)
2nd International Conference on Cloud, Big Data and IoT (CBIoT 2021)2nd International Conference on Cloud, Big Data and IoT (CBIoT 2021)
2nd International Conference on Cloud, Big Data and IoT (CBIoT 2021)
albert ca
 
2nd International Conference on Cloud, Big Data and IoT (CBIoT 2021)
2nd International Conference on Cloud, Big Data and IoT (CBIoT 2021)2nd International Conference on Cloud, Big Data and IoT (CBIoT 2021)
2nd International Conference on Cloud, Big Data and IoT (CBIoT 2021)
ijdms
 

What's hot (20)

Wp6 public
Wp6 publicWp6 public
Wp6 public
 
Dpm presentation
Dpm presentationDpm presentation
Dpm presentation
 
Data Privacy and Security in Autonomous Vehicles
Data Privacy and Security in Autonomous VehiclesData Privacy and Security in Autonomous Vehicles
Data Privacy and Security in Autonomous Vehicles
 
MECATECH, building the Future
MECATECH, building the FutureMECATECH, building the Future
MECATECH, building the Future
 
Lightkone project : Lightweight computation for networks at the edge
Lightkone project : Lightweight computation for networks at the edgeLightkone project : Lightweight computation for networks at the edge
Lightkone project : Lightweight computation for networks at the edge
 
Paris wp5 pd-pb_d
Paris wp5 pd-pb_dParis wp5 pd-pb_d
Paris wp5 pd-pb_d
 
Towards Large-Scale, High-Density Indoor Ultra Wideband Geolocation Systems
Towards Large-Scale, High-Density Indoor Ultra Wideband Geolocation SystemsTowards Large-Scale, High-Density Indoor Ultra Wideband Geolocation Systems
Towards Large-Scale, High-Density Indoor Ultra Wideband Geolocation Systems
 
Wp4 tool demonstration_v1
Wp4 tool demonstration_v1Wp4 tool demonstration_v1
Wp4 tool demonstration_v1
 
International Conference on Big Data, IoT and Machine Learning (BIOM 2021)
International Conference on Big Data, IoT and Machine Learning (BIOM 2021)International Conference on Big Data, IoT and Machine Learning (BIOM 2021)
International Conference on Big Data, IoT and Machine Learning (BIOM 2021)
 
International Conference on Big Data, IoT and Machine Learning (BIOM 2021)
International Conference on Big Data, IoT and Machine Learning (BIOM 2021)International Conference on Big Data, IoT and Machine Learning (BIOM 2021)
International Conference on Big Data, IoT and Machine Learning (BIOM 2021)
 
Multitel Cybersecurity Projects
Multitel Cybersecurity ProjectsMultitel Cybersecurity Projects
Multitel Cybersecurity Projects
 
Who will buy IOT products and why.
Who will buy IOT products and why.Who will buy IOT products and why.
Who will buy IOT products and why.
 
International Conference on Big Data, IoT and Machine Learning (BIOM 2021)
International Conference on Big Data, IoT and Machine Learning (BIOM 2021)International Conference on Big Data, IoT and Machine Learning (BIOM 2021)
International Conference on Big Data, IoT and Machine Learning (BIOM 2021)
 
Applying IoT to the Management of Natural Disasters Risk NIAGRISK - A digital...
Applying IoT to the Management of Natural Disasters Risk NIAGRISK - A digital...Applying IoT to the Management of Natural Disasters Risk NIAGRISK - A digital...
Applying IoT to the Management of Natural Disasters Risk NIAGRISK - A digital...
 
2 nd International Conference on Cloud, Big Data and IoT (CBIoT 2021)
2 nd International Conference on Cloud, Big Data and IoT (CBIoT 2021)2 nd International Conference on Cloud, Big Data and IoT (CBIoT 2021)
2 nd International Conference on Cloud, Big Data and IoT (CBIoT 2021)
 
2nd International Conference on Cloud, Big Data and IoT (CBIoT 2021)
2nd International Conference on Cloud, Big Data and IoT (CBIoT 2021)2nd International Conference on Cloud, Big Data and IoT (CBIoT 2021)
2nd International Conference on Cloud, Big Data and IoT (CBIoT 2021)
 
Web Application Hacking - The Art of Exploiting Vulnerable Web Application
Web Application Hacking - The Art of Exploiting Vulnerable Web ApplicationWeb Application Hacking - The Art of Exploiting Vulnerable Web Application
Web Application Hacking - The Art of Exploiting Vulnerable Web Application
 
e-SIDES workshop at ICT 2018, Vienna 5/12/2018
e-SIDES workshop at ICT 2018, Vienna 5/12/2018e-SIDES workshop at ICT 2018, Vienna 5/12/2018
e-SIDES workshop at ICT 2018, Vienna 5/12/2018
 
2nd International Conference on Cloud, Big Data and IoT (CBIoT 2021)
2nd International Conference on Cloud, Big Data and IoT (CBIoT 2021)2nd International Conference on Cloud, Big Data and IoT (CBIoT 2021)
2nd International Conference on Cloud, Big Data and IoT (CBIoT 2021)
 
2nd International Conference on Cloud, Big Data and IoT (CBIoT 2021)
2nd International Conference on Cloud, Big Data and IoT (CBIoT 2021)2nd International Conference on Cloud, Big Data and IoT (CBIoT 2021)
2nd International Conference on Cloud, Big Data and IoT (CBIoT 2021)
 

Similar to Ipen 2019 roma status of privacy engineering standardisation v2

Privacy Management for Smart Cities
Privacy Management for Smart CitiesPrivacy Management for Smart Cities
Privacy Management for Smart Cities
Open & Agile Smart Cities
 
UNINFO - BIG DATA & Information Security Standards - Guasconi
UNINFO - BIG DATA & Information Security Standards - GuasconiUNINFO - BIG DATA & Information Security Standards - Guasconi
UNINFO - BIG DATA & Information Security Standards - Guasconi
BL4CKSWAN Srl
 
List of ISO27000-Family International Standards organisation.pdf
List of ISO27000-Family International Standards organisation.pdfList of ISO27000-Family International Standards organisation.pdf
List of ISO27000-Family International Standards organisation.pdf
DavidMorris296217
 
Tư vấn và đào tạo ISO 27001:2022 phiên bản mới bởi HQC Consulting
Tư vấn và đào tạo ISO 27001:2022 phiên bản mới bởi HQC ConsultingTư vấn và đào tạo ISO 27001:2022 phiên bản mới bởi HQC Consulting
Tư vấn và đào tạo ISO 27001:2022 phiên bản mới bởi HQC Consulting
Nguyễn Đăng Quang
 
BSI British Standards Information Governance Workshop Presentation
BSI British Standards Information Governance Workshop Presentation BSI British Standards Information Governance Workshop Presentation
BSI British Standards Information Governance Workshop Presentation
BSI British Standards Institution
 
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
PECB
 
Cyber resolution ban-ana comparing to ana-nas.pdf
Cyber resolution ban-ana comparing to ana-nas.pdfCyber resolution ban-ana comparing to ana-nas.pdf
Cyber resolution ban-ana comparing to ana-nas.pdf
toncik
 
SC27 Privacy related projects update
SC27 Privacy related projects update SC27 Privacy related projects update
SC27 Privacy related projects update
Yoshihiro Satoh
 
Paris wp5 pd-pb_d_case_study
Paris wp5 pd-pb_d_case_studyParis wp5 pd-pb_d_case_study
Paris wp5 pd-pb_d_case_study
Privacy Data Protection for Engineering
 
ISO 27701 en GDPR - De perfecte combinatie
ISO 27701 en GDPR - De perfecte combinatie ISO 27701 en GDPR - De perfecte combinatie
ISO 27701 en GDPR - De perfecte combinatie
StefanMathuvis
 
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
PECB
 
Usulanuntukwg1danwg2dandata28 feb2017
Usulanuntukwg1danwg2dandata28 feb2017Usulanuntukwg1danwg2dandata28 feb2017
Usulanuntukwg1danwg2dandata28 feb2017
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
Coordination of Threat Analysis in ICT Ecosystems
Coordination of Threat Analysis in ICT EcosystemsCoordination of Threat Analysis in ICT Ecosystems
Coordination of Threat Analysis in ICT Ecosystems
ITU
 
20200206 privatum privacy after work - notes 3p
20200206 privatum   privacy after work - notes 3p20200206 privatum   privacy after work - notes 3p
20200206 privatum privacy after work - notes 3p
Peter GEELEN ✔
 
Legal and ethical issues (the LLM project)
Legal and ethical issues (the LLM project)Legal and ethical issues (the LLM project)
Legal and ethical issues (the LLM project)
long lasting memories
 
Talk1 esc3 muscl-standards and regulation_v1_1
Talk1 esc3 muscl-standards and regulation_v1_1Talk1 esc3 muscl-standards and regulation_v1_1
Talk1 esc3 muscl-standards and regulation_v1_1
Sylvain Martinez
 
Policy InformationPolicy Name __________________________ ID _.docx
Policy InformationPolicy Name __________________________  ID _.docxPolicy InformationPolicy Name __________________________  ID _.docx
Policy InformationPolicy Name __________________________ ID _.docx
stilliegeorgiana
 
2019 04-08 hopu-aj
2019 04-08 hopu-aj2019 04-08 hopu-aj
2019 04-08 hopu-aj
Open & Agile Smart Cities
 
Any Standard is Better Than None: GDPR and the ISO Standards
Any Standard is Better Than None: GDPR and the ISO StandardsAny Standard is Better Than None: GDPR and the ISO Standards
Any Standard is Better Than None: GDPR and the ISO Standards
PECB
 
ISO 27701:2022 Data Privacy New Version Presentation
ISO 27701:2022 Data Privacy New Version PresentationISO 27701:2022 Data Privacy New Version Presentation
ISO 27701:2022 Data Privacy New Version Presentation
yogaallworks
 

Similar to Ipen 2019 roma status of privacy engineering standardisation v2 (20)

Privacy Management for Smart Cities
Privacy Management for Smart CitiesPrivacy Management for Smart Cities
Privacy Management for Smart Cities
 
UNINFO - BIG DATA & Information Security Standards - Guasconi
UNINFO - BIG DATA & Information Security Standards - GuasconiUNINFO - BIG DATA & Information Security Standards - Guasconi
UNINFO - BIG DATA & Information Security Standards - Guasconi
 
List of ISO27000-Family International Standards organisation.pdf
List of ISO27000-Family International Standards organisation.pdfList of ISO27000-Family International Standards organisation.pdf
List of ISO27000-Family International Standards organisation.pdf
 
Tư vấn và đào tạo ISO 27001:2022 phiên bản mới bởi HQC Consulting
Tư vấn và đào tạo ISO 27001:2022 phiên bản mới bởi HQC ConsultingTư vấn và đào tạo ISO 27001:2022 phiên bản mới bởi HQC Consulting
Tư vấn và đào tạo ISO 27001:2022 phiên bản mới bởi HQC Consulting
 
BSI British Standards Information Governance Workshop Presentation
BSI British Standards Information Governance Workshop Presentation BSI British Standards Information Governance Workshop Presentation
BSI British Standards Information Governance Workshop Presentation
 
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
 
Cyber resolution ban-ana comparing to ana-nas.pdf
Cyber resolution ban-ana comparing to ana-nas.pdfCyber resolution ban-ana comparing to ana-nas.pdf
Cyber resolution ban-ana comparing to ana-nas.pdf
 
SC27 Privacy related projects update
SC27 Privacy related projects update SC27 Privacy related projects update
SC27 Privacy related projects update
 
Paris wp5 pd-pb_d_case_study
Paris wp5 pd-pb_d_case_studyParis wp5 pd-pb_d_case_study
Paris wp5 pd-pb_d_case_study
 
ISO 27701 en GDPR - De perfecte combinatie
ISO 27701 en GDPR - De perfecte combinatie ISO 27701 en GDPR - De perfecte combinatie
ISO 27701 en GDPR - De perfecte combinatie
 
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
 
Usulanuntukwg1danwg2dandata28 feb2017
Usulanuntukwg1danwg2dandata28 feb2017Usulanuntukwg1danwg2dandata28 feb2017
Usulanuntukwg1danwg2dandata28 feb2017
 
Coordination of Threat Analysis in ICT Ecosystems
Coordination of Threat Analysis in ICT EcosystemsCoordination of Threat Analysis in ICT Ecosystems
Coordination of Threat Analysis in ICT Ecosystems
 
20200206 privatum privacy after work - notes 3p
20200206 privatum   privacy after work - notes 3p20200206 privatum   privacy after work - notes 3p
20200206 privatum privacy after work - notes 3p
 
Legal and ethical issues (the LLM project)
Legal and ethical issues (the LLM project)Legal and ethical issues (the LLM project)
Legal and ethical issues (the LLM project)
 
Talk1 esc3 muscl-standards and regulation_v1_1
Talk1 esc3 muscl-standards and regulation_v1_1Talk1 esc3 muscl-standards and regulation_v1_1
Talk1 esc3 muscl-standards and regulation_v1_1
 
Policy InformationPolicy Name __________________________ ID _.docx
Policy InformationPolicy Name __________________________  ID _.docxPolicy InformationPolicy Name __________________________  ID _.docx
Policy InformationPolicy Name __________________________ ID _.docx
 
2019 04-08 hopu-aj
2019 04-08 hopu-aj2019 04-08 hopu-aj
2019 04-08 hopu-aj
 
Any Standard is Better Than None: GDPR and the ISO Standards
Any Standard is Better Than None: GDPR and the ISO StandardsAny Standard is Better Than None: GDPR and the ISO Standards
Any Standard is Better Than None: GDPR and the ISO Standards
 
ISO 27701:2022 Data Privacy New Version Presentation
ISO 27701:2022 Data Privacy New Version PresentationISO 27701:2022 Data Privacy New Version Presentation
ISO 27701:2022 Data Privacy New Version Presentation
 

More from Privacy Data Protection for Engineering

Wp4 overall approach_v1
Wp4 overall approach_v1Wp4 overall approach_v1
Wp5 overall approach_3-pd_pbdmodules_v4
Wp5 overall approach_3-pd_pbdmodules_v4Wp5 overall approach_3-pd_pbdmodules_v4
Wp5 overall approach_3-pd_pbdmodules_v4
Privacy Data Protection for Engineering
 
Wp6 workshop 10_march2020
Wp6 workshop 10_march2020Wp6 workshop 10_march2020
Wp6 workshop 10_march2020
Privacy Data Protection for Engineering
 
Pdp4 e forum
Pdp4 e forumPdp4 e forum
Wp4 ws cea2020
Wp4 ws cea2020Wp4 ws cea2020
Beawre pitch
Beawre pitchBeawre pitch
Pdp4e IPEN-2019
Pdp4e  IPEN-2019Pdp4e  IPEN-2019

More from Privacy Data Protection for Engineering (7)

Wp4 overall approach_v1
Wp4 overall approach_v1Wp4 overall approach_v1
Wp4 overall approach_v1
 
Wp5 overall approach_3-pd_pbdmodules_v4
Wp5 overall approach_3-pd_pbdmodules_v4Wp5 overall approach_3-pd_pbdmodules_v4
Wp5 overall approach_3-pd_pbdmodules_v4
 
Wp6 workshop 10_march2020
Wp6 workshop 10_march2020Wp6 workshop 10_march2020
Wp6 workshop 10_march2020
 
Pdp4 e forum
Pdp4 e forumPdp4 e forum
Pdp4 e forum
 
Wp4 ws cea2020
Wp4 ws cea2020Wp4 ws cea2020
Wp4 ws cea2020
 
Beawre pitch
Beawre pitchBeawre pitch
Beawre pitch
 
Pdp4e IPEN-2019
Pdp4e  IPEN-2019Pdp4e  IPEN-2019
Pdp4e IPEN-2019
 

Recently uploaded

Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |
AstuteBusiness
 
The Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptxThe Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptx
operationspcvita
 
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
Edge AI and Vision Alliance
 
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...
"$10 thousand per minute of downtime: architecture, queues, streaming and fin..."$10 thousand per minute of downtime: architecture, queues, streaming and fin...
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...
Fwdays
 
A Deep Dive into ScyllaDB's Architecture
A Deep Dive into ScyllaDB's ArchitectureA Deep Dive into ScyllaDB's Architecture
A Deep Dive into ScyllaDB's Architecture
ScyllaDB
 
Leveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and StandardsLeveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and Standards
Neo4j
 
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Pitangent Analytics & Technology Solutions Pvt. Ltd
 
inQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
inQuba Webinar Mastering Customer Journey Management with Dr Graham HillinQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
inQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
LizaNolte
 
Day 2 - Intro to UiPath Studio Fundamentals
Day 2 - Intro to UiPath Studio FundamentalsDay 2 - Intro to UiPath Studio Fundamentals
Day 2 - Intro to UiPath Studio Fundamentals
UiPathCommunity
 
Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving | Nameplate Manufacturing Process - 2024Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving
 
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptxPRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
christinelarrosa
 
Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
Harnessing the Power of NLP and Knowledge Graphs for Opioid ResearchHarnessing the Power of NLP and Knowledge Graphs for Opioid Research
Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
Neo4j
 
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
Jason Yip
 
High performance Serverless Java on AWS- GoTo Amsterdam 2024
High performance Serverless Java on AWS- GoTo Amsterdam 2024High performance Serverless Java on AWS- GoTo Amsterdam 2024
High performance Serverless Java on AWS- GoTo Amsterdam 2024
Vadym Kazulkin
 
GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)
Javier Junquera
 
What is an RPA CoE? Session 2 – CoE Roles
What is an RPA CoE?  Session 2 – CoE RolesWhat is an RPA CoE?  Session 2 – CoE Roles
What is an RPA CoE? Session 2 – CoE Roles
DianaGray10
 
AppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSFAppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSF
Ajin Abraham
 
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
DanBrown980551
 
Apps Break Data
Apps Break DataApps Break Data
Apps Break Data
Ivo Velitchkov
 
"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota
Fwdays
 

Recently uploaded (20)

Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |
 
The Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptxThe Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptx
 
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
 
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...
"$10 thousand per minute of downtime: architecture, queues, streaming and fin..."$10 thousand per minute of downtime: architecture, queues, streaming and fin...
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...
 
A Deep Dive into ScyllaDB's Architecture
A Deep Dive into ScyllaDB's ArchitectureA Deep Dive into ScyllaDB's Architecture
A Deep Dive into ScyllaDB's Architecture
 
Leveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and StandardsLeveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and Standards
 
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
 
inQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
inQuba Webinar Mastering Customer Journey Management with Dr Graham HillinQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
inQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
 
Day 2 - Intro to UiPath Studio Fundamentals
Day 2 - Intro to UiPath Studio FundamentalsDay 2 - Intro to UiPath Studio Fundamentals
Day 2 - Intro to UiPath Studio Fundamentals
 
Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving | Nameplate Manufacturing Process - 2024Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving | Nameplate Manufacturing Process - 2024
 
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptxPRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
 
Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
Harnessing the Power of NLP and Knowledge Graphs for Opioid ResearchHarnessing the Power of NLP and Knowledge Graphs for Opioid Research
Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
 
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
 
High performance Serverless Java on AWS- GoTo Amsterdam 2024
High performance Serverless Java on AWS- GoTo Amsterdam 2024High performance Serverless Java on AWS- GoTo Amsterdam 2024
High performance Serverless Java on AWS- GoTo Amsterdam 2024
 
GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)
 
What is an RPA CoE? Session 2 – CoE Roles
What is an RPA CoE?  Session 2 – CoE RolesWhat is an RPA CoE?  Session 2 – CoE Roles
What is an RPA CoE? Session 2 – CoE Roles
 
AppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSFAppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSF
 
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
 
Apps Break Data
Apps Break DataApps Break Data
Apps Break Data
 
"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota
 

Ipen 2019 roma status of privacy engineering standardisation v2

  • 1. Methods and Tools for GDPR Compliance through Privacy and Data Protection 4 Engineering Status of Privacy Engineering Standardisation Antonio Kung Trialog, 25 rue du Général Foy 75008 Paris antonio.kung@trialog.com 12 June 2019 Status of privacy engineering standardisation Slide 1
  • 2. Outline Speaker Ecosystem viewpoint: big change in standardisation Privacy engineering: new standards in the pipe IPEN in the loop: recommendation for best practice sharing on privacy engineering 12 June 2019 Status of privacy engineering standardisation Slide 2
  • 3. Speaker Engineering background Coordinator PRIPARE (pripareproject.eu) 2013-2015  Liaison with ISO/IEC JTC1/SC27/WG5  Member of OASIS (Privacy Management Reference Model - PMRM) Active participation in privacy standards Privacy by design principles  Privacy by design for consumer goods and services (ISO 31700) Privacy engineering  Privacy engineering (ISO/IEC 27550 – to be published)  Big data – Security and privacy fabric (ISO/IEC 20547-4)  Smart cities - Privacy guidelines for smart cities (ISO/IEC 27570)  IoT - Security and privacy guidelines for IoT (ISO/IEC 27030 )  Privacy preference management (ISO/IEC 27556)  Privacy engineering models - study 12 June 2019 Status of privacy engineering standardisation Slide 3
  • 4. Administrator of IPEN wiki 12 June 2019 Status of privacy engineering standardisation Slide 4
  • 5. Methods and Tools for GDPR Compliance through Privacy and Data Protection 4 Engineering The ecosystem viewpoint 12 June 2019 Status of privacy engineering standardisation Slide 5
  • 6. The Ecosystem Viewpoint Security Privacy Trust SafetySmart grid Transport Health Smart Cities Big data IoT Ecosystems Domains ConcernsStakeholders Citizens Business Policy makers Block chain Auto- nomous systems AI Technologies 12 June 2019 Status of privacy engineering standardisation Slide 6
  • 7. An Integration Issue of Transversal Concern: Example of Security and Privacy 27550 Privacy engineering 20889 Privacy enhancing data de-identification techniques 27001 Information security management systems — Requirements 27005 Information security risk management 27009 Sector-specific application of 27001 – Requirements 27552 Extension to 27001/27002 for privacy management – Requirements and guidelines 29151 Code of practice for personally identifiable information protection 29100 Privacy framework 29134 Privacy impact assessment - Guidelines 27002 Code of practice for information security controls Lifecycle engineering Control design Risk analysis Requirement Privacy Security Privacy Security Privacy Security Privacy Security 27101 Guidelines for cybersecurity framework 12 June 2019 Status of privacy engineering standardisation Slide 7 31700 Privacy-by-design for consumer goods and services
  • 8. Trends in Standards: Ecosystem Guidance 12 June 2019 Status of privacy engineering standardisation Slide 8 ISO/IEC 30141 IoT Reference Architecture ISO/IEC 20547-3 Big data Reference Architecture ISO/IEC 17789 Cloud computing Reference Architecture ISO/IEC 23751 Data sharing agreement Cloud service customer Ecosystem guidance Cloud service partner Cloud service provider ISO/IEC 27030 Security and privacy guidelines for IoT Iot user Ecosystem guidance IoT service developer IoT service provider ISO/IEC 20547-4 Big data security and privacy Big data service partner Ecosystem guidance Big data application provider Big data provider Big data consumer Big data framework provider
  • 9. ISO/IEC 27570 Privacy guidelines for smart cities Five processes Governance Risk management Data exchange Engineering Citizen engagement Ecosystem Governance body Organisation 1 Organisation NOrganisation N 12 June 2019 Status of privacy engineering standardisation Slide 9
  • 10. Example of 27556 Privacy Preference management 12 June 2019 Status of privacy engineering standardisation Slide 10 Privacy preference manager De- identification PII handling Data transfer control Data source collection Consent Information administration Privacy preference administration Control Rule generation Transparency administration Privacy Preference Manager
  • 11. What is next? ISO/IEC JTC1 SG6 « Meta Reference Architecture » Workshop Montreal 20-22 August Will gather standard editors on important standards Architecture (system, cloud, big data, IoT, smart city) Cross cutting concern (security, privacy, safety, trust…) Governance and continuous improvement Objective Reach common understanding Define shape of convergent standards Define roadmap 12 June 2019 Status of privacy engineering standardisation Slide 11
  • 12. Methods and Tools for GDPR Compliance through Privacy and Data Protection 4 Engineering Privacy engineering standards 12 June 2019 Status of privacy engineering standardisation Slide 12
  • 13. Current work 12 June 2019 Status of privacy engineering standardisation Slide 13 Principles ISO 37100 Privacy-by-design for consumer goods and services Pending ISO/IEC 29100 Privacy framework Published (free) Mechanism ISO/IEC 20889 Data de-identification terminology and classification of techniques Published ISO/IEC 29184 Online privacy notices and consent Pending Organisation practice ISO/IEC 27550 Privacy engineering for system life cycle processes 2019 ISO/IEC 27552 Privacy information management -- requirements and guidelines 2019 ISO/IEC 27555 Establishing a PII deletion concept in organisations Pending ISO/IEC 27556 User-centric framework for privacy preference management Pending ISO/IEC 29134 Privacy impact assessment guidelines Published ISO/IEC 29151 Code of practice for PII protection Published ISO/IEC 29190 Privacy capability assessment model Published Ecosystem practice ISO/IEC 20547-4 Big data security and privacy Pending ISO/IEC 27030 Security and privacy guidelines for IoT Pending ISO/IEC 27570 Privacy guidelines for smart cities Pending ISO/IEC 23751 Data sharing agreements Pending
  • 14. Privacy Engineering: Integrating privacy concerns Privacy Privacy Privacy Privacy Privacy Privacy Privacy! 12 June 2019 Status of privacy engineering standardisation Slide 14
  • 15. Beyond CIA Confidentiality Integrity Availability Unlinkability Intervenability Transparency 12 June 2019 Status of privacy engineering standardisation Slide 15 From ULD: ieee-security.org/TC/SPW2015/IWPE/2.pdf
  • 16. Privacy threats analysis: LINDDUN https://distrinet.cs.kuleuven.be/software/linddun/catalog.php 12 June 2019 Property Threat Hard privacy Unlinkability Linkability Anonymity Identifiability Plausible deniability Non-repudiation Undetectability and unobservability Detectability Security Confidentiality Disclosure of information Soft Privacy Content awareness Unawareness Policy and consent compliance Non compliance Status of privacy engineering standardisation Slide 16
  • 17. Design Strategy (J.H.Hoepman) https://www.enisa.europa.eu/publications/privacy-and-data-protection-by-design/at_download/fullReport Design strategy Description Data oriented strategies Minimize Limit as much as possible the processing of PII Separate Distribute or isolate personal data as much as possible, to prevent correlation Abstract Limit as much as possible the detail in which personal data is processed, while still being useful Hide Prevent PII to become public or known. Process oriented strategies Inform Inform PII principals about the processing of PII Control Provide PII principals control about the processing of their PII. Enforce Commit to PII processing in a privacy friendly way, and enforce this Demonstrate Demonstrate that PII is processed in a privacy friendly way. 12 June 2019 Status of privacy engineering standardisation Slide 17
  • 18. What is next? New standards in the pipe A possible scenario 12 June 2019 Status of privacy engineering standardisation Slide 18 ISO 31700 Privacy by design for consumer goods and services principles 2019 2020 2021 2022 SC27/WG5 study Privacy engineering models Privacy engineering (IS) 27550 Edition 2 (from TR to IS)
  • 19. Participation to Standardisation Liaison category C with ISO/IEC JTC1/SC27/WG5 12 June 2019 Status of privacy engineering standardisation Slide 19
  • 20. Methods and Tools for GDPR Compliance through Privacy and Data Protection 4 Engineering IPEN in the Loop: Recommendation for best practice sharing on privacy engineering 12 June 2019 Status of privacy engineering standardisation Slide 20
  • 21. Creating a Virtuous Cycle Best practice sharing on privacy engineering will drive new standards Conditions Community participation  e.g. H2020 cluster of GDPR projects Repository operation Content  Textual information (use case like)  Models Management  Editorial and acceptance process 12 June 2019 Status of privacy engineering standardisation Slide 21 Privacy engineering standards Sharing Privacy engineering Practice Proposal for new standards
  • 22. PDP4E Contribution to Best Practice Sharing Models for privacy engineering IPR free Guidelines for use Possible contributions Use case for smart grid big data Use case connected vehicles (C-ITS) 12 June 2019 Status of privacy engineering standardisation PDP4E– Slide 22 Repository of models for privacy engineering Models for Lifecycle processes? IPEN community Managed by Models for Risk analysis? Models for Requirements Engineering? Models for Privacy Assurance?
  • 23. Question? antonio.kung@trialog.com www.trialog.com 12 June 2019 Status of privacy engineering standardisation Slide 23

Editor's Notes

  1. 0.03 – 2.00 My name is Antonio Kung I am the CTO of Trialog a French software house which focuses on IoT – involved in energy, mobility, health and care My background is engineering so I am not afraid to go in the details of technology and engineering I am very much involved on standardisation of privacy I am the editor of privacy engineering, contributor to big data, rapporteur for privacy in smart cities and privacy guidelnies in the IoT I am the member of an informal community launched by EDPS (European Data Protection Supervisor). And I manage a web site on existing work on privacy standards. The URL is ipen.trialog.com I am the lead the support action PRIPARE which has published a methodology for privacy engineering
  2. 2.00 – 2.03 I will take a policy maker viewpoin
  3. 2.03 – 3.00 Smart cities deal with a complex ecosystem We talk today about Smart cities, Big Data, The Internet of things. They can all be considered as complex ecosystems They integrate business domains such as smart grid, health, transport They integrate concerns such as privacy, security or others, for instance safety
  4. 2.00 – 2.03 I will take a policy maker viewpoin
  5. 13.00 From an engineering viewpoint, the main objective is to integrate privacy concerns along the lifecycle process. This picture is taken from the PRIPARE handbook It shows First the various phases from the analysis, design, implementation, verification, release, maintenance et decommissioning And secondly a central item called environment and infrastructure which consists of company knowledge, best practice, assets, … Note that the institutionalisation of privacy management is reflected in this central item.
  6. 2.00 – 2.03 I will take a policy maker viewpoin