PRIVACY BY DESIGN AND BY DEFAULT


| Switzerland | Me Sébastien FANTI | [email protected]

• Preliminary remarks and definitions• The example of the Blackphone• The Swiss Privacy by Design and by Default

approach• Impact analysis about privacy - modelization of

risks – a practical approach• Future evolutions• Conclusions

Overview



Privacy by Design refers to the philosophy and approach of embedding privacy into the design specifications of various technologies. Ann Cavoukian

Privacy by Default has another dimension than Privacy by Design. Privacy by Default covers applying default settings in such a way that the best possible privacy is guaranteed. Privacy by Default reacts to the enormous growth of internet facilities and apps and must ensure that the low-threshold use leads too quickly to the unwanted showing and/or sharing of (too much) of personal data or compromising of security. Viviane Reding

Preliminary remarks and definitions



The 7 Foundational Principles of Privacy by Design:- Proactive not Reactive; Preventive not Remedial- Privacy as the Default Setting- Privacy Embedded into Design- Full Functionality – Positive-Sum, not Zero-Sum- End-to-End Security – Full Lifecycle Protection- Visibility and Transparency – Keep it Open- Respect for User Privacy – Keep it User-Centric

Operationalizing Privacy by Design: A Guide to Implementing Strong Privacy Practices, Ann Cavoukian, Ph.D., Information and Privacy Commissioner, Ontario, Canada, December 2012, p. 8

Preliminary remarks and definitions



The example of the Blackphone www.blackphone.ch



• Spider Oak: Online File Sharing & Secure Cloud Backup – strongly recommanded by Edward Snowden

• “Our smartphone won’t make you NSA-proof, but it’s a good start”

• Phil Zimmerman

The example of the Blackphone



Source: ars technica: http://arstechnica.com/gadgets/2014/02/everything-you-wanted-to-know-about-the-security-focused-blackphone/

The example of the BlackphoneFeature Android Default PrivateOS EnhancementSearch Trackable Anonymous

Bundled Apps Many, with privacy disabled by default

Few, and all privacy-enabled

Wi-Fi usage Always on for geolocalisation and user tracking

Smart disabling of all Wi-Fi except trusted hotspots

App permissions All-or-nothing Fine-grained control in a single interface

Communications tools Traceable dialer, SMS, MMS, browser. Vulnerable to spoofed

cell networks and wi-fi

Private calls, texting, video chat, file exchange up to 100 MB,

browsing, and conference calls

Updates Supplied infrequently after carrier blessing

Frequent secure updates from Blackphone directly

Remote Wipe & Anti Theft Requires use of centralized cloud account

Anonymous

Business Model Personal data mining for tracking and marketing

Delivering privacy as a premium, valued feature



I have read this article and I’m very surprised. I have bought this phone because it was a secured phone. If not, I think you should give the money back! I would be happy to have a feed-back quickly. August 12, 2014 / 08:00 PM

The example of the Blackphone: Nothing is perfect!



Thanks for contacting us and I understand your concern. I think the links in https://support.blackphone.ch/customer/portal/questions/8315538-blackphone-rooted-in-5mn will address your concerns.

Please let me know if you have any more questions.August 13, 2014 / 01:44 AM

Source: ars technica: http://arstechnica.com/security/2014/08/blackphone-goes-to-def-con-and-gets-hacked-sort-of/

The example of the Blackphone: Nothing is perfect!

https://support.blackphone.ch/customer/portal/questions/8315538-blackphone-rooted-in-5mn





No legal rule refers explicitly to these principles at the moment in the Federal Act on Data Protection of 19 June 1992. Federal Data Protection and Information Commissioner has taken part to the 32th international Conference of Data Protection and Privacy Commissioners in Jerusalem, where one resolution was adopted about the need to include the principle of Privacy by Design in the legislation.The need to revise our Federal Act on Data Protection is evaluated by a Commission of experts.

The Swiss Privacy by Design and by Default approach



Each Swiss Company who handles the data of European citizens or receives such data from one member of the UE should respect the legal rules of the UE and of all the Member States.

Art. 23 of the future European regulation:Data protection by design and by default




https://www.apps.edoeb.admin.ch/dsfa/fr/index.html

Privacy and data protection impact assessment : a practical approach !



• Switzerland can’t afford to stay out of significant legislative changes which will undoubtedly impact a lot a companies in our country

• Ordinarily, we adopt new UE legal rules with a slight delay• Even if the rules aren’t changed immediately in our country,

most international companies will have to adapt their legal approach and become early adopters

• The global market with a fierce competition is the best way to uphold these principles




Future evolutionsTwo postulates are now pending before our Parliament to introduce in our Federal Act on Data Protection of 19 June 1992 the principles of Privacy by Design and Privacy by Default (postulates Schwaab).

The Government agrees with both postulates.

Our law should normally change in some … years!



Swiss citizens really love Privacy !Our companies and schools are for some of them between the best in the world in their scale of competences (Logitech, Swisscom, EPFL, etc.).

The only solution is to apply immediately both principles and go further than what the law currently requires.

Conclusions

| G l o b a l n e t w o r k o f a tt o r n e y s s p e c i a l i z e d i n e m e r g i n g t e c h n o l o g y l a w

GermanyBernd ReinmüllerNeue Mainzer Strasse 2860311 Frankfurt Am MainT. 0049 69 971 09 71 00F. 0049 69 971 09 72 00

-

Tim Christopher CaesarAn der Hauptwache 7D-60313 Frankfurt am MainT. 0049 69 900 26 6F. 0049 69 900 26 [email protected]

BelgiumJean-François Henrotte & Alexandre [email protected] www.philippelaw.eu

LiègeBoulevard d’Avroy, 2804020 LiègeT. 0032 4 229 20 10F. 0032 78 15 56 56

BrusselsChaussée de la Hulpe, 1811170 BruxellesT. 0032 2 250 39 80F. 0032 78 15 56 56

CanadaJean-François De Ricojean-francois.derico@lkd.cawww.langloiskronstromdesjardins.com

Montreal1002, rue Sherbrooke Ouest, 28th FloorH3A3L6 MontréalT. 0015 148 42 95 12F. 0015 148 45 65 73

QuebecComplexe Jules-Dallaire, T32820, Laurier Bld, 13th FloorG1V 0C1 Québec City T. 0014 186 50 70 00F. 0014 186 50 70 75

SpainMarc GallardoRonda General Mitre, 16408006 BarceloneT. 0034 93 476 40 48 [email protected]

USAFrançoise Gilbert555 Bryant Street #603Palo Alto, CA 94301T. 0016 508 04 12 35F. 0016 507 35 18 [email protected]

FranceAlain Bensoussan, Isabelle Tellier& Frédéric Forsterwww.alain-bensoussan.com

Paris58, boulevard Gouvion-Saint-CyrF75017 Paris (Porte Maillot)T. 0033 141 33 35 35F. 0033 141 33 35 [email protected]

Grenoble7, place Firmin GautierF38000 GrenobleT. 0033 476 70 09 95F. 0033 476 70 09 [email protected]

IsraelRussell D. MayerJérusalem Technology Park, Building 9, 4th FloorP.O. Box 48193 Malcha91481 Jérusalem T. 0097 226 79 95 33F. 0097 226 79 95 [email protected]

ItalyRaffaele Zallone31 Via Dell’Annunciata20121 MilanoT. 0039 229 01 35 83F. 0039 229 01 03 [email protected]

LuxembourgMarc Gouden, François Cautaerts & Jean-François Henrotte41 avenue de la Liberté1931 LuxembourgT. 00352 266 886F. 00352 266 887 00 [email protected]

NorwayArve FøyenPostboks 7086 St. Olavs pl.0130 OsloT. 0047 21 93 10 00F. 0047 21 93 10 [email protected]

MexicoEnrique OchoaTorre Axis Santa FeProlongación Paseo de la Reforma # 61, PB-B1Col. Paseo de las Lomas01330 Mexico, D.F.T. 0052 55 25 91 10 70F. 0052 55 25 91 10 [email protected]

PortugalJoão P. Alves Pereira Avenida da Liberdade, 38, 3º 1250-145 LisboaT. 00351 213 700 190F. 00351 213 829 [email protected]

United KingdomDanny Preiskel5 Fleet PlaceLondon EC4M 7RDT. 0044 20 7332 5640 F. 0044 20 7332 [email protected]

SwitzerlandSébastien Fanti8B rue de Pré-Fleuri, CP 4971951 SionT. 0041 27 322 15 15F. 0041 27 322 15 [email protected]

South AfricaLance Michalson and John [email protected] www.michalsons.co.za

JohannesburgGround FloorTwickenham BuildingThe Campus, 57 Sloane & Cnr Main Road2021 BryanstonT. 0027 11 568 0331F. 0027 86 529 4276 Cape TownBoyes DriveSt James7945 Cape TowT. 0027 21 300 1070F. 0027 86 529 4276

TunisiaYassine Younsi4, Rue Petite Malte1001 TunisT. 00 216 71 346 564 [email protected]://younsiandyounsilawfirm.e-monsite.com

ArgentinaAntonio & Rosario MilléSuipacha 1111 - piso 11C1008AAW Buenos AiresT. 0054 11 5297 7000F. 0054 11 5297-7009 [email protected]

BrazilSilvia Regina Barbuy MelchiorRua do Rócio, 351 cj 102Vila Olímpia 04552-000São Paulo SPT./F. 0055 11 [email protected]

ChinaJade & FountainJun [email protected]

Shanghai 31/F Tower BFar East International Plaza317 Xian Xia Road,Zip code: 200051lT. 0086 21 62351488F. 0086 21 62351477

BeijingUnit 803, Floor 8, Tower E1Oriental Plaza,No.1 E.Chang An Avenue,Zip code: 100738 T. 0086 10 85183285F. 0086 10 85183217

ColombiaIvan Dario Marrugo Jimenez Cra. 52 No. 45-15 P. 1 - La EsmeraldaBogotáT. 0057 571 4760798 - 3158738 F. 0057 571 3244200 [email protected]

LebanonKouatly & Associés – AvocatsRayan Kouatly63, rue Amine Mneimné, BP 11 2242 Beyrouth T. +961 175 17 77 F. +961 175 17 [email protected]

GreeceGeorge A. Ballas10 Solonos Street, Kolonaki106 73 AthensT. 0030 210 36 25 943F. 0030 210 36 47 [email protected]. ballas-pelecanos.com

PRIVACY BY DESIGN AND BY DEFAULT

Documents

Transcript of PRIVACY BY DESIGN AND BY DEFAULT