Scribd Logo
Upload

Welcome to Scribd!

  • Privacy-Data Protection Enforcement

    Uploaded by

    Jeremie
    18 views10 pages
    The document describes the PRECIOSA project, which aimed to ensure cooperative systems meet privacy regulations by demonstrating suitable privacy protection technologies. The project took a system-oriented approach to privacy by design, focusing on enforcing privacy policies within a "privacy perimeter" using four key elements: data, policy, a mandatory privacy control, and a policy perimeter protection. It discussed how this concept of PRECIOSA differs from traditional privacy-enhancing technologies and shifts enforcement from organizational to technical measures.

    Original Description:

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document describes the PRECIOSA project, which aimed to ensure cooperative systems meet privacy regulations by demonstrating suitable privacy protection technologies. The project took a system-oriented approach to privacy by design, focusing on enforcing privacy policies within a "privacy perimeter" using four key elements: data, policy, a mandatory privacy control, and a policy perimeter protection. It discussed how this concept of PRECIOSA differs from traditional privacy-enhancing technologies and shifts enforcement from organizational to technical measures.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    18 views10 pages

    Privacy-Data Protection Enforcement

    Uploaded by

    Jeremie
    The document describes the PRECIOSA project, which aimed to ensure cooperative systems meet privacy regulations by demonstrating suitable privacy protection technologies. The project took a system-oriented approach to privacy by design, focusing on enforcing privacy policies within a "privacy perimeter" using four key elements: data, policy, a mandatory privacy control, and a policy perimeter protection. It discussed how this concept of PRECIOSA differs from traditional privacy-enhancing technologies and shifts enforcement from organizational to technical measures.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 10

    Contribution to Privacy

    Antonio Kung
    Trialog

    3 December 2009 Joint eSecurity - Article 29WG Slide 1


    PRECIOSA
     PRivacy Enabled Capability In co-Operative
    systems and Safety Applications
     FP7 STREP Project
     1/3/2008-31/8/2010
     www.preciosa-project.org

    3 December 2009 Joint eSecurity - Article 29WG Slide 2


    Goal and Objectives
     Goal
     Ensure that co-operative systems meet (future)
    privacy regulations
     Demonstrate an example application with suitable
    technology for privacy protection
     Objectives
     approach for privacy by design
     privacy verifiability
     privacy aware architecture
     guidelines for privacy by design
     specific research challenges

    3 December 2009 Joint eSecurity - Article 29WG Slide 3


    Technical Concept
     Privacy Perimeter
     Examples

    Control Vehicle
    centre Box

    Control Vehicle
    centre Box

    3 December 2009 Joint eSecurity - Article 29WG Slide 4


    Technical Concept
     Enforce privacy policy within perimeter
     Four elements
     Data
     Policy (allowed operations)
     Mandatory Privacy Control (enforces policy)
     Policy Perimeter Protection (ensures integrity)
    Describes allowed
    Protects policy Only allows operations on data
    perimeter policy compliant
    integrity operations on data

    PPP MPC Policy Data

    3 December 2009 Joint eSecurity - Article 29WG Slide 5


    PRECIOSA Concept vs PETs
     PETS are often described as a list of
    technologies:
     Encryption
     Anonymisation and pseudonymisation
     Securely management of logins
     …
     PRECIOSA Viewpoint
     System oriented new PET category
     Policy Enforcement PET

    3 December 2009 Joint eSecurity - Article 29WG Slide 6


    PRECIOSA Shift
     From organisational enforcement
    Data controller

    Sphere of Measures Organizational


    responsibility
    Policy Enforcement

     To technical enforcement
    Data controller

    Sphere of Measures Technical


    responsibility
    Policy Enforcement

    3 December 2009 Joint eSecurity - Article 29WG Slide 7


    Technologies (PETs)
     Storage Secure
    access through Application
    Metadata Query-based API
     Data and meta data
    MPC (Mandatory Privacy Control)
    bound together
    securely Data+Metadata manipulation
     MPC verifies policy Secure Secure
    stored in meta data Local Communi-
    Storage cation
     Access through a
    query-based API

    3 December 2009 Joint eSecurity - Article 29WG Slide 8


    Technologies (PETs)
     Communication
     Pseudonymisation Application
    (from Sevecom)
    Query-based API
     Trusted computing for
    remote attestation MPC (Mandatory Privacy Control)

    Data+Metadata manipulation
    Secure Secure
    Local Communi-
    Storage cation

    3 December 2009 Joint eSecurity - Article 29WG Slide 9


    Conclusion
     PRECIOSA promotes
     Privacy by design
     Privacy preservation (vs privacy enhancement)
     PRECIOSA PET
     Policy enforcement PET
     Notion of distributed perimeter could lead to notion
    of logical minimisation
     E.g. Lots of data collected, but very limited access

    3 December 2009 Joint eSecurity - Article 29WG Slide 10

    You might also like