Prashant Agrawal,Anubhutie Singh,Malavika Raghavan,Subodh Sharma,Subhashis Banerjee

DOI: https://doi.org/10.48550/arXiv.2006.04654

2020-06-08

Abstract:Governments around the world are trying to build large data registries for effective delivery of a variety of public services. However, these efforts are often undermined due to serious concerns over privacy risks associated with collection and processing of personally identifiable information. While a rich set of special-purpose privacy-preserving techniques exist in computer science, they are unable to provide end-to-end protection in alignment with legal principles in the absence of an overarching operational architecture to ensure purpose limitation and protection against insider attacks. This either leads to weak privacy protection in large designs, or adoption of overly defensive strategies to protect privacy by compromising on utility. In this paper, we present an operational architecture for privacy-by-design based on independent regulatory oversight stipulated by most data protection regimes, regulated access control, purpose limitation and data minimisation. We briefly discuss the feasibility of implementing our architecture based on existing techniques. We also present some sample case studies of privacy-preserving design sketches of challenging public service applications.

Cryptography and Security,Computers and Society

Julien Bringer,Herve Chabanne,Daniel Le Metayer,Roch Lescuyer

DOI: https://doi.org/10.48550/arXiv.1702.08301

2017-03-02

Abstract:This work aims to show the applicability, and how, of privacy by design approach to biometric systems and the benefit of using formal methods to this end. Starting from a general framework that has been introduced at STM in 2014, that enables to define privacy architectures and to formally reason about their properties, we explain how it can be adapted to biometrics. The choice of particular techniques and the role of the components (central server, secure module, biometric terminal, smart card, etc.) in the architecture have a strong impact on the privacy guarantees provided by a biometric system. In the literature, some architectures have already been analysed in some way. However, the existing proposals were made on a case by case basis, which makes it difficult to compare them and to provide a rationale for the choice of specific options. In this paper, we describe, on different architectures with various levels of protection, how a general framework for the definition of privacy architectures can be used to specify the design options of a biometric systems and to reason about them in a formal way.

Cryptography and Security,Logic in Computer Science

Thibaud Antignac,David Sands,Gerardo Schneider

DOI: https://doi.org/10.48550/arXiv.1611.05642

2016-11-17

Abstract:Data minimisation is a privacy-enhancing principle considered as one of the pillars of personal data regulations. This principle dictates that personal data collected should be no more than necessary for the specific purpose consented by the user. In this paper we study data minimisation from a programming language perspective. We assume that a given program embodies the purpose of data collection, and define a data minimiser as a pre-processor for the input which reduces the amount of information available to the program without compromising its functionality. In this context we study formal definitions of data minimisation, present different mechanisms and architectures to ensure data minimisation, and provide a procedure to synthesise a correct data minimiser for a given program.

Cryptography and Security

George Danezis,Josep Domingo-Ferrer,Marit Hansen,Jaap-Henk Hoepman,Daniel Le Metayer,Rodica Tirtea,Stefan Schiffner

DOI: https://doi.org/10.2824/38623

2015-04-11

Abstract:Privacy and data protection constitute core values of individuals and of democratic societies. There have been decades of debate on how those values -and legal obligations- can be embedded into systems, preferably from the very beginning of the design process. One important element in this endeavour are technical mechanisms, known as privacy-enhancing technologies (PETs). Their effectiveness has been demonstrated by researchers and in pilot implementations. However, apart from a few exceptions, e.g., encryption became widely used, PETs have not become a standard and widely used component in system design. Furthermore, for unfolding their full benefit for privacy and data protection, PETs need to be rooted in a data governance strategy to be applied in practice. This report contributes to bridging the gap between the legal framework and the available technological implementation measures by providing an inventory of existing approaches, privacy design strategies, and technical building blocks of various degrees of maturity from research and development. Starting from the privacy principles of the legislation, important elements are presented as a first step towards a design process for privacy-friendly systems and services. The report sketches a method to map legal obligations to design strategies, which allow the system designer to select appropriate techniques for implementing the identified privacy requirements. Furthermore, the report reflects limitations of the approach. It concludes with recommendations on how to overcome and mitigate these limits.

Cryptography and Security

Martin J Kraemer,William Seymour,Reuben Binns,Max Van Kleek,Ivan Flechais

DOI: https://doi.org/10.48550/arXiv.1910.01973

IF: 6.4588

2019-06-17

Human-Computer Interaction

Abstract:Recent changes to data protection regulation, particularly in Europe, are changing the design landscape for smart devices, requiring new design techniques to ensure that devices are able to adequately protect users' data. A particularly interesting space in which to explore and address these challenges is the smart home, which presents a multitude of difficult social and technical problems in an intimate and highly private context. This position paper outlines the motivation and research approach of a new project aiming to inform the future of data protection by design and by default in smart homes through a combination of ethnography and speculative design.

Adán F. Guzmán-Castillo,Gabriela Suntaxi,Bryan N. Flores-Sarango,Denys A. Flores

DOI: https://doi.org/10.58346/jisis.2024.i1.005

2024-03-02

Abstract:Recent threat reports have warned researchers and security professionals about a shortage of cybersecurity skills to face devastating personal data breaches. As a response, governments have taken on the challenge of proposing specific legislation to protect citizens' privacy while holding information-processing companies accountable for any misuse. However, unauthorized access to such information, or possible negligent destruction of personal records are some issues that cannot be dealt with privacy laws alone. In this research, we introduce the functional requirements to deploy PriVARq, a novel privacy-oriented architecture to proactively manage any consensual submission of personal identifiable information (PII); i.e. during its collection, processing, verification and transference. PriVARq’s main contribution is the balance between legal frameworks and industry-leading security standards to mitigate the former’s shortage of practical solutions to tackle some privacy and security issues when dealing with PII. Consequently, for defining PriVARq’s functional requirements, a privacy-by-design approach is employed which not only considers legislation proposed in Europe and Latin America but also analyzes technical aspects outlined in international security standards. We aim to provide a proactive approach to reduce the shortage of skills and solutions to tackle privacy leakages in public repositories and devise future research venues to implement PriVARq in public and private organizations.

Amen Faridoon,M. Tahar Kechadi

DOI: https://doi.org/10.48550/arXiv.2307.06779

2023-07-13

Abstract:In today's highly connected society, we are constantly asked to provide personal information to retailers, voter surveys, medical professionals, and other data collection efforts. The collected data is stored in large data warehouses. Organisations and statistical agencies share and use this data to facilitate research in public health, economics, sociology, etc. However, this data contains sensitive information about individuals, which can result in identity theft, financial loss, stress and depression, embarrassment, abuse, etc. Therefore, one must ensure rigorous management of individuals' privacy. We propose, an advanced data privacy management architecture composed of three layers. The data management layer consists of de-identification and anonymisation, the access management layer for re-enforcing data access based on the concepts of Role-Based Access Control and the Chinese Wall Security Policy, and the roles layer for regulating different users. The proposed system architecture is validated on healthcare datasets.

Cryptography and Security

Asia J. Biega,Michèle Finck

DOI: https://doi.org/10.48550/arXiv.2101.06203

2021-01-15

Computers and Society

Abstract:This paper determines whether the two core data protection principles of data minimisation and purpose limitation can be meaningfully implemented in data-driven systems. While contemporary data processing practices appear to stand at odds with these principles, we demonstrate that systems could technically use much less data than they currently do. This observation is a starting point for our detailed techno-legal analysis uncovering obstacles that stand in the way of meaningful implementation and compliance as well as exemplifying unexpected trade-offs which emerge where data protection law is applied in practice. Our analysis seeks to inform debates about the impact of data protection on the development of artificial intelligence in the European Union, offering practical action points for data controllers, regulators, and researchers.

Jennifer Betts,Sakir Sezer

DOI: https://doi.org/10.1109/ethics.2014.6893417

2014-05-01

Abstract:Protection of critical infrastructures has a growing role in national security issues. These include power and water supplies, traffic management systems, financial services and communication networks. Attacks on any of these can damage economies, cause disasters and may lead to loss of life. Dependence on critical infrastructures in modern societies makes them targets for organized crime and terrorism. Their protection is vital to national security and public safety. This paper highlights the importance of ethical principles in the design of critical infrastructure network protection systems, focusing on privacy and data protection. It introduces our research addressing privacy in the design of one such system funded by the European Commission's FP7 Programme. Debates surrounding national security and privacy involve policy makers, regulators, academics, security engineers and the public. A proposal from the designer of the Privacy by Design framework is discussed and the paper concludes by challenging policy makers, researchers and the technology industry to review and develop such proposals and enable the protection of national security and privacy.

Giuseppe D'Acquisto,Josep Domingo-Ferrer,Panayiotis Kikiras,Vicenç Torra,Yves-Alexandre de Montjoye,Athena Bourka

DOI: https://doi.org/10.48550/arXiv.1512.06000

2015-12-18

Cryptography and Security

Abstract:The extensive collection and processing of personal information in big data analytics has given rise to serious privacy concerns, related to wide scale electronic surveillance, profiling, and disclosure of private data. To reap the benefits of analytics without invading the individuals' private sphere, it is essential to draw the limits of big data processing and integrate data protection safeguards in the analytics value chain. ENISA, with the current report, supports this approach and the position that the challenges of technology (for big data) should be addressed by the opportunities of technology (for privacy). We first explain the need to shift from "big data versus privacy" to "big data with privacy". In this respect, the concept of privacy by design is key to identify the privacy requirements early in the big data analytics value chain and in subsequently implementing the necessary technical and organizational measures. After an analysis of the proposed privacy by design strategies in the different phases of the big data value chain, we review privacy enhancing technologies of special interest for the current and future big data landscape. In particular, we discuss anonymization, the "traditional" analytics technique, the emerging area of encrypted search and privacy preserving computations, granular access control mechanisms, policy enforcement and accountability, as well as data provenance issues. Moreover, new transparency and access tools in big data are explored, together with techniques for user empowerment and control. Achieving "big data with privacy" is no easy task and a lot of research and implementation is still needed. Yet, it remains a possible task, as long as all the involved stakeholders take the necessary steps to integrate privacy and data protection safeguards in the heart of big data, by design and by default.

Sebastian Rehms,Stefan Köpsell,Verena Klös,Florian Tschorsch

2024-05-14

Abstract:This paper proposes a reasoning framework for privacy properties of systems and their environments that can capture any knowledge leaks on different logical levels of the system to answer the question: which entity can learn what? With the term knowledge we refer to any kind of data, meta-data or interpretation of those that might be relevant. To achieve this, we present a modeling framework that forces the developers to explicitly describe which knowledge is available at which entity, which knowledge flows between entities and which knowledge can be inferred from other knowledge. In addition, privacy requirements are specified as rules describing forbidden knowledge for entities. Our modeling approach is incremental, starting from an abstract view of the system and adding details through well-defined transformations. This work is intended to complement existing approaches and introduces steps towards more formal foundations for privacy oriented analyses while keeping them as accessible as possible. It is designed to be extensible through schemata and vocabulary to enable compatibility with external requirements and standards.

Cryptography and Security

C Parretti,E Pourabbas,F Rolli,F Pecoraro,P Citti

DOI: https://doi.org/10.1088/1757-899X/1174/1/012015

2021-09-10

IOP Conference Series: Materials Science and Engineering

Abstract:Recent developments in Information and Communication Technology have paved the foundations for new forms of collaboration between health systems in different countries. These collaborations allow, on the one hand, to monitor recurrent health emergencies on territories, and on the other hand, they allow national health systems to share information about foreign citizens in transit on their territory. European legislation regarding the processing of personal data places strict constraints on the cross-border transfer of personal data. In this case, companies or organizations, operating on information interchange, must adopt robust mechanisms to verify the adequacy requirements, in order to allow monitoring of security levels, identification of possible intervention actions and preparation of updated security plans for inspection visits required by European standards. In this context, Axiomatic Design allows not only to design medical systems and equipment in compliance with current regulations, but also to provide representations of the design artifact already prepared to implant privacy risk assessment mechanisms. This makes it possible to identify the activities/components to be assessed up to a level of elementary granularity such as to allow risk assessment for the single module. At the same time, the axiomatic approach enables the overall recomposition of privacy violation risks on the basis of a modular representation of the whole system according to the well-known V model scheme. This recomposition allows to build the so-called risk privacy coverage matrix, in order to trace the risk level of the elementary modules, associating them with more and more complex components. In this way, the foundations to build a dynamic monitoring system of the privacy risk level of the system can be defined.

Subhashis Banerjee

DOI: https://doi.org/10.48550/arXiv.1801.05313

2018-01-16

Computers and Society

Abstract:Privacy protection in digital databases does not demand that data should not be collected, stored or used, but that there should be guarantees that the data can only be used for pre-approved and legitimate purposes. We argue that a data protection law based on traditional understanding of privacy protection and detection of privacy infringements is unlikely to be successful, and that what is required is a law based on an understanding of the architectural requirements of authorisation, audit and access control in real-time. Despite the protection principles being sound, privacy protection in digital databases has been less than effective, anywhere, mainly because of weak enforcement methods.

Andrea Carboni,Dario Russo,Davide Moroni,Paolo Barsocchi

DOI: https://doi.org/10.3389/fdgth.2022.934609

2023-02-13

Abstract:Privacy by design within a system for assisted living, personalised care, and wellbeing is crucial to protect users from misuse of the data collected about their health. Especially if the information is collected through audio-video devices, the question is even more delicate due to the nature of these data. In addition to guaranteeing a high level of privacy, it is necessary to reassure end users about the correct use of these streams. The evolution of data analysis techniques began to take on an important role and increasingly defined characteristics in recent years. The purpose of this paper is twofold: on the one hand, it presents a state of the art about privacy in European Active Healthy Ageing/Active Healthy Ageing projects, with a focus on those related to audio and video processing. On the other hand, it proposes a methodology, developed in the context of the European project PlatfromUptake.eu, to identify clusters of stakeholders and application dimensions (technical, contextual, and business), define their characteristics, and show how privacy constraints affect them. From this study, we then generated a Strengths, Weaknesses, Opportunities, and Threats analysis in which we aim to identify the critical features connected to the selection and involvement of relevant stakeholders for the success of a project. Applying this type of methodology to the initial stages of a project allows understanding of which privacy issues could be related to the various stakeholder groups and which problems can then affect the correct development of the project. The idea is, therefore, to suggest a privacy-by-design approach according to the categories of stakeholders and project dimensions. The analysis will cover technical aspects, legislative and policies-related aspects also regarding the point of view of the municipalities, and aspects related to the acceptance and, therefore, to the perception of the safety of these technologies by the final end users.

Raphaël Gellert,Serge Gutwirth

DOI: https://doi.org/10.1016/j.clsr.2013.07.005

2013-10-01

Abstract:In this contribution, the authors explore the differences and interplays between the rights to privacy and data protection. They describe the two rights and come to the conclusion that they differ both formally and substantially, though overlaps are not to be excluded. Given these different yet not mutually exclusive scopes they then apply the rights to three case-studies (body-scanners, human enhancement technologies, genome sequencing), highlighting in each case potential legal differences concerning the scope of the rights, the role of consent, and the meaning of the proportionality test. Finally, and on the basis of these cases, the authors propose paths for articulating the two rights using the qualitative and quantitative thresholds of the two rights, which leads them to rethink the relationship between privacy and data protection, and ultimately, the status of data protection as a fundamental right.

law

James Taylor,Jane Henriksen-Bulmer,Cagatay Yucel

DOI: https://doi.org/10.3390/electronics13122263

IF: 2.9

2024-06-10

Electronics

Abstract:Following a series of legislative changes around privacy over the past 25 years, this study highlights data protection regulations and the complexities of applying these frameworks. To address this, we created a privacy framework to guide organisations in what steps they need to undertake to achieve compliance with the UK GDPR, highlighting the existing privacy frameworks for best practice and the requirements from the Information Commissioners Office. We applied our framework to a UK charity sector; to account for the specific nuances that working in a charity brings, we worked closely with local charities to understand their requirements, and interviewed privacy experts to develop a framework that is readily accessible and provides genuine value. Feeding the results into our privacy framework, a decision tree artefact has been developed for compliance. The artefact has been tested against black-box tests, System Usability Tests and UX Honeycomb tests. Results show that Privacy Essentials! provides the foundation of a data protection management framework and offers organisations the catalyst to start, enhance, or even validate a solid and effective data privacy programme.

engineering, electrical & electronic,computer science, information systems,physics, applied

Atheer Aljeraisy,Masoud Barati,Omer Rana,Charith Perera

DOI: https://doi.org/10.48550/arXiv.2210.03520

2022-10-06

Cryptography and Security

Abstract:Internet of Things (IoT) applications have the potential to derive sensitive information about individuals. Therefore, developers must exercise due diligence to make sure that data are managed according to the privacy regulations and data protection laws. However, doing so can be a difficult and challenging task. Recent research has revealed that developers typically face difficulties when complying with regulations. One key reason is that, at times, regulations are vague, and could be challenging to extract and enact such legal requirements. In our research paper, we have conducted a systematic analysis of the data protection laws that are used across different continents, namely: (i) General Data Protection Regulations (GDPR), (ii) the Personal Information Protection and Electronic Documents Act (PIPEDA), (iii) the California Consumer Privacy Act (CCPA), (iv) Australian Privacy Principles (APPs), and (v) New Zealand's Privacy Act 1993. In this technical report, we presented the detailed results of the conducted framework analysis method to attain a comprehensive view of different data protection laws and highlighted the disparities, in order to assist developers in adhering to the regulations across different regions, along with creating a Combined Privacy Law Framework (CPLF). After that, we gave an overview of various Privacy by Design (PbD) schemes developed previously by different researchers. Then, the key principles and individuals' rights of the CPLF were mapped with the privacy principles, strategies, guidelines, and patterns of the Privacy by Design (PbD) schemes in order to investigate the gaps in existing schemes.

Pankaj Prasad Dwivedi,Dilip Kumar Sharma

DOI: https://doi.org/10.1002/cpe.8030

2024-01-23

Concurrency and Computation Practice and Experience

Abstract:Summary The right to privacy refers to an individual's decision about how personal information can be gathered, utilized, and disseminated. Individual consent and openness are the most important foundations for gaining consumers' confidence, and this pushes businesses to use privacy‐enhancing techniques while developing systems. The purpose of a privacy‐aware design is to safeguard data in such a manner that it does not expand an adversary's current understanding of an individual beyond what would be permitted. When these data pieces are coupled with the plethora of source data accessible outside the system to identify a user, this becomes crucial. Individual privacy is protected by privacy rules all around the globe, but they are often complicated and ambiguous, making their translation into practical and technologically privacy‐friendly structures difficult. The main contribution of this article is that we use Shannon's entropy (SE) to construct an objective measure that may guide our major technical design choices. And for privacy‐aware architecture, simplifying the state‐of‐the‐art security approaches given in the literature.

computer science, theory & methods, software engineering

Said Daoudagh,Eda Marchetti,Vincenzo Savarino,Jorge Bernal Bernabe,Jesús García-Rodríguez,Rafael Torres Moreno,Juan Antonio Martinez,Antonio F Skarmeta

DOI: https://doi.org/10.3390/s21217154

2021-10-28

Abstract:The growing availability of mobile devices has lead to an arising development of smart cities services that share a huge amount of (personal) information and data. Without accurate and verified management, they could become severe back-doors for security and privacy. In this paper, we propose a smart city infrastructure able to integrate a distributed privacy-preserving identity management solution based on attribute-based credentials (p-ABC), a user-centric Consent Manager, and a GDPR-based Access Control mechanism so as to guarantee the enforcement of the GDPR's provisions. Thus, the infrastructure supports the definition of specific purpose, collection of data, regulation of access to personal data, and users' consents, while ensuring selective and minimal disclosure of personal information as well as user's unlinkability across service and identity providers. The proposal has been implemented, integrated, and evaluated in a fully-fledged environment consisting of MiMurcia, the Smart City project for the city of Murcia, CaPe, an industrial consent management system, and GENERAL_D, an academic GDPR-based access control system, showing the feasibility.

Xiang Su,Jarkko Hyysalo,Mika Rautiainen,Jukka Riekki,Jaakko Sauvola,Altti Ilari Maarala,Harri Honko

DOI: https://doi.org/10.48550/arXiv.1605.00833

2016-05-03

Abstract:Privacy is a key challenge for continued digitalization of health. The forthcoming European General Data Protection Regulation (GDPR) is transforming this challenge into regulatory directives. User consent provisioning and coordinating across data services will be the keys in addressing this challenge. We suggest a privacy-driven architecture that provides tools for providing user consent as a service. This enables managing and reusing private health information between a large amount of data sources, individuals and services, even when they are not known beforehand. The proposed architecture integrates data security and semantic descriptions into a trust query framework to provide the required interoperability and co-operation support for future health services. This approach provides benefits for all stakeholders through safer data management, cost and process savings, multi-provider services, and services based on emerging new business models.

Computers and Society,Cryptography and Security