|
 |
Privacy by Design:
The Definitive Workshop |
| HOSTS: |
Dr. Ann Cavoukian
Information and Privacy Commissioner of Ontario, Canada
Yoram Hacohen
Head of Israeli Law, Information and Technology Authority
|
| LOCATION: |
Melia Castilla Hotel, Madrid |
| DATE: |
Monday, November 2, 2009 |
AGENDA
|
| 9:00 am - 10:00 am |
Registration
|
| 10:00 am - 11:00 am |
Introductions |
| |
Ken Anderson
Assistant Commissioner
Office of the Information and Privacy Commissioner,
Ontario, Canada
|
| |
Welcome/Opening Remarks |
| |
Dr. Ann Cavoukian
Information and Privacy Commissioner,
Ontario, Canada
Yoram Hacohen
Head of the Israeli Law, Information and Technology Authority (ILITA)
|
| |
Privacy by Design – Delivering the Promises |
| |
This presentation will look back at the origins of Privacy by Design, notably the publication of the first report on “Privacy Enhancing Technologies” by a joint team of the Information and Privacy Commissioner of Ontario, Canada, and the Dutch Data Protection Authority in 1995. It will also attempt to look ahead and address the question how the promises of these concepts could be delivered in practice.
Peter Hustinx
European Data Protection Supervisor
|
| |
Remote Health Management and Privacy |
| |
Remote health care technologies designed for in-home use are poised to become a vital part of the overall health care environment, allowing many seniors and chronic care patients to live longer in their own homes — with their privacy fully protected. This talk will cover an understanding of how Privacy by Design can be implemented in a technology company’s development processes, and will provide specific examples of the real benefits to individuals from use of Privacy by Design on specific health care technologies.
David Hoffman
Intel Corporation - Director of Security Policy &
Global Privacy Officer
|
| 11:00 am - 11:15 am |
Break
|
| 11:15 am - 12:15 pm |
Built-in Privacy: No panacea, but a Necessary Element of
Privacy Protection |
| |
Built-in privacy seems to be the magic technical fix for most current privacy problems. Obviously one should not get carried away since there is no “privacy button” on the next generation computers. But, for too long, Privacy Commissioners have tried to tackle privacy issues in a reactive manner. Their efforts lead to nowhere if manufacturers simply do not deliver the right, i.e. privacy-friendly goods. How can they be made to deliver?
Dr. Alexander Dix
Commissioner for Data Protection & Freedom of Information,
Berlin, Germany
|
| |
Trust & Privacy in the Future Internet: A research perspective |
| |
The transformations brought on society by the evolution of the Internet over the last decade raise many societal challenges in relation to the handling of identity, trust and privacy. Technology research programmes must prioritise work that take these challenges into account at all phases of development, from conceptual design to implementation.
Dr. Jacques Bus
Head of Unit - Trust and Security in ICT Research,
European Commission
|
| |
Privacy and the SmartGrid: Risks and opportunities |
| |
Upgrading our power system by introducing two-way data flows could lead to a cleaner environment, reduced power costs, and more reliable utility service. At the same time, this new information-dependent system could collect personal and intimate data and could create grave risks of intrusion into the home domain. Understanding the data pathways of the smart grid and pressing for early attention to Privacy by Design could ensure a future of smart power and smart privacy.
Jules Polonetsky
Co-chair & Director,
The Future of Privacy Forum
|
| |
Google’s PowerMeter: An Example of Privacy by Design |
| |
A demonstration of Google PowerMeter, a software application developed by the Google’s philanthropic arm, Google.org, to help consumers track their home electricity usage. From the start, privacy was part of the design of PowerMeter.
Jane Horvath
Global Privacy Counsel, Google
|
| 12:15 pm - 2:00 pm |
Lunch
|
| |
Luncheon Keynote Adresses
Baking in Privacy: Consumers as the Most Important Ingredient! |
Increasingly, consumers are demanding greater control over their online experience. While recent studies demonstrate that consumers are often uninformed about the level of privacy protections offered by a given good or service, they establish that consumers genuinely care about privacy. If privacy is truly good business, why don’t we see more companies competing on privacy? The recent furor over the privacy dimensions of the Google Books settlement is a prime example of a developing product that has garnered vocal criticism for the level of privacy protections baked into the good. I view the creation of products like Google Books, electronic health records, and cloud computing applications as prime tests of user-centered design. My remarks will share some thoughts about the importance of Privacy by Design and the fundamental role of transparency to consumers.
The Honorable Pamela Jones Harbour
Commissioner, U.S. Federal Trade Commission
|
| Privacy by Design: German Experiences |
For years, data reduction and data minimisation have been enshrined in the German Federal Data Protection Act. To that aim, pseudonymisation and anonymisation should be possibly used, however only to the extent that any related efforts are adequate in relation to the aspired purpose of data protection. In practice, however, when it comes to the conception of IT systems, the implementation of these provisions often proves difficult.
Peter Schaar
Federal Commissioner for Data Protection and Freedom of Information,
Republic of Germany |
|
| 2:00 pm - 2:30 pm |
Privacy Designed as a Competitive Advantage —
the Case of Social Networks |
| |
The Honorable Mozelle W. Thompson
CEO, Thompson Strategic Consulting and former FTC Commissioner
|
| |
Accountability Panel
Privacy by Design: HP’s Accountability Model Tool |
Scott Taylor will be sharing a newly deployed program at HP that guides employees to integrate privacy into products, services, programs and processes that collect, use or store personal information. It is an example of Privacy by Design and meant to improve responsible decision-making and accountability at all levels within the enterprise.
Scott Taylor
Chief Privacy Officer, Hewlett-Packard Company
|
| The Essential Elements of Accountability Require Privacy by Design |
A group of international privacy experts met in Ireland this year as the Galway Project to draft the essential elements of privacy accountability. Martin Abrams, who co-ordinated that process will show how Privacy by Design is necessary for an organization to be accountable.
Martin Abrams
Executive Director, Centre for Information Policy Leadership |
|
| 2:30 pm- 3:15 pm |
Asia Pacific Panel
Privacy by Design & ID Management South of the Equator |
A number of recent initiatives in identity management in Australia and New Zealand have included Privacy by Design as part of more comprehensive strategies to respect privacy. These include the health identifier soon to be issued for all Australians, eGov in New Zealand and other initiatives in the private sector. Malcolm Crompton will give his perspective on these developments.
Malcolm Crompton
Managing Director, Information Integrity Solutions P/L
|
| Data Privacy — Asian Cultural Perspectives |
This presentation looks at personal data privacy from the Asian historical and contemporary cultural perspectives, focusing on China and Chinese as a dominant reference, and how Privacy by Design can help in battling data privacy issues.
Stephen Lau
Adviser, HP-EDS Hong Kong and former Privacy Commissioner for Personal Data
|
| Carrot Not Stick: Leading the Way to a Privacy Culture |
New Zealand’s approach to designing for good privacy protection has spanned both industry and government. Agencies are encouraged to pursue good practices, for example: encryption for government data matching; protocols around PSD use; industry involvement in the development of guidelines for CCTV; or codes of practice for health, telecommunications and credit reporting. Privacy Commissioner Marie Shroff will also briefly outline the active privacy law reform work in the Asia-Pacific region at present.
Marie Shroff
New Zealand Privacy Commissioner |
|
| 3:15 pm - 3:30 pm |
Break
|
| 3:30 pm - 4:15 pm |
Biometrics & National Identification Documents Panel
The Need for PbD in Biometrics: Biometric Encryption |
More and more countries are implementing the use of biometric solutions for the purpose of authentication. In the case of travel documents, although the photo or facial image may be considered the global biometric standard, many countries are choosing multimodal approaches, with fingerprints being the most common secondary biometric over the iris. The primary issue here is the retention of these templates, usually maintained in a central database. But there is an ideal solution: Biometric Encryption (BE) offers an alternative positive-sum solution that achieves authentication AND privacy — additionally, with BE there is no need to retain the biometric data.
Dr. Ann Cavoukian
Information and Privacy Commissioner,
Ontario, Canada
|
| Biometrics for Public Administrations |
The new generation of passport biometrics have entered the domain of public administration. The step to store the biometric data into a central database (next to the passport chip) seems to be small and very tempting, as being proven in the Netherlands by the recently adapted new Passport Act. Requirements for identity fraud and law enforcement are being mixed into one scheme. What guidelines do we need to protect misuse and function creep? How do we conduct a cost/benefit analysis and a proportionality check? How do we involve the citizens? How can we assess such schemes against Art.8 of the Human Rights Convention and to what extent can we take guidance from the “Marper Case”?
Max Snijder
Managing Director, European Biometric Group
|
| Israel’s Biometric Database Legislation: Risks and Opportunities |
The Israeli government is promoting legislation which would introduce biometric features into national identity cards and retain them in a centralized database. Which legal and technological safeguards are put in place to avert data breaches and function creep? Is there a right way to manage a national biometric database?
Dr. Omer Tene
Associate Professor, College of Management School of Law |
|
| 4:15 pm - 5:00 pm |
Academic / Outreach & Knowledge Transfer Panel
Privacy Protected Video Surveillance: Security and Privacy by Design |
Video surveillance has become ubiquitous, but the public does not have to accept the invasion into their privacy. I will present a new technology, called Secure Visual Object-Based Coding, that uses encryption to protect the face and body images of people, but does not hinder security enforcement. This work has come out of the research lab and is now being developed into a commercial product.
Dr. Karl Martin
University of Toronto
|
| Layering Privacy Platforms by Design |
Pervasive, easy-to-use privacy services are keys to enabling users to maintain control of their private data in the online environment. We examine a privacy life cycle from a user perspective, a layered platform design solution for online privacy, and a strategy to use platform network effects for increasing wide-scale user adoption of privacy platform services.
Dr. Dawn Jutla
Professor, Saint Mary’s University
|
| The First-Ever Privacy by Design Research Lab |
This session presents a model of Privacy by Design Value Chain. This model exposes the PbD issues and opportunities both within an organization and in federated environments, identifying structural impediments with the goal of developing mechanisms to overcome them. Research questions are proposed that can assist researchers interested in studying PbD in more realistic, complex institutional settings with multiple stakeholders and incentives.
Dr. Marilyn Prosch
Professor, Arizona State University
|
| Privacy Risk Optimization - Privacy by Design for Business Practices |
This session introduces Nymity’s Privacy Risk Optimization Process, a process that enables the implementation of privacy into operational policies and procedures, which results in Privacy by Design for business practices
Terry McQuay
President, Nymity |
|
| |
Closing Remarks |
| |
Dr. Ann Cavoukian
Information and Privacy Commissioner,
Ontario, Canada
Yoram Hacohen
Head of the Israeli Law, Information and Technology Authority (ILITA)
|
| 5:00 pm - 6:00 pm |
Reception |
|
| |
|
|
|
|
|
"… A long-time advocate of privacy technologies, Ann coined the term "Privacy by Design" in the mid-nineties and subsequently wrote two books relating to the subject. Since then, she has worked relentlessly to put privacy technologies front and centre on the agenda of government and industry stakeholders involved in rolling out IT systems with a society-wide impact. …"
Dr. Stefan Brands
Principal Architect, Identity & Security Division, Microsoft Corporation.
"This is amazing. Every time I see something like this, it makes me sad that the US doesn't have anything like your office. The Commissioner has yet again shown bold leadership in the privacy space. I can only hope that the major Web 2.0 companies listen to her, and embrace the philosophy of Privacy By Design. Pat yourselves on the back for doing a great job."
Christopher Soghoian
Berkman Centre for Internet & Society,
Harvard University |
|
|
|
|
