Brussels data science - Privacy Engineering for Big Data & Data Science
1 like573 views
The document discusses the importance of privacy engineering in the context of big data, highlighting that personal information should be treated with respect and care due to its intrinsic connection to individuals. It outlines the challenges of evolving privacy legislation and emphasizes the corporate responsibility to minimize risks and protect data. The paper also features ethical guidelines for data analysts regarding the handling of personal data, stressing the necessity of consent and transparency.
Brussels data science - Privacy Engineering for Big Data & Data Science
- 1. INTELLIGENT MARKETING HUB Privacy Engineering for Big Data & Data Science Brussels, October 11th 2016 European Data Innovation Hub @ AXA
- 2. @aureliepols Data Governance & Privacy Advocate Data is the New Oil – Privacy is the New Green – Trust is the New Currency AURELIE POLS, KRUX PRIVACY ADVOCATE • Data Governance & Privacy Advocate – Krux Digital • Ethics Advisory Group – European Data Protection Supervisor (EDPS) • Chief Visionary Officer – Mind Your Privacy • Training Advisory Board – International Association of Privacy Professionals (IAPP) • Professor of Ethics & Privacy, Big Data & Analytics Master – Instituto de Empresa (IE) OX2 Co-founder Webanalytics.be
- 3. @aureliepols ”My” in “my information” is not the same as “my” in “my car” but rather the same as “my” in “my body” or “my feelings”; it expresses a sense of constitutive belonging, not external ownership, a sense in which my body, my feelings, and my information are part of me but are not my (legal) possessions - Luciano Floridi, The Ontological Interpretation of Informational Privacy, Ethics and Information Technology, 7(4): 185-2005
- 4. @aureliepols I’m not here to define Privacy Analytics Privacy (& Data Protection)
- 5. @aureliepols Consider before crucifying the Rule of law 1. The specifics of data as an Economic Asset: ² Data in infinitely transferable without decay 2. Often forgotten Legislative Challenges ² Defining and recognizing Data Harms 3. Related to evolving Privacy Legislation ² Compliance is a Risk Exercise 4. Minimizing Privacy related Risks ² YOUR liability within the Data Ecosystem
- 6. @aureliepols Privacy Engineering VALUE / ETHICS Corporate social responsibility Respect individuals RISK Standard operating procedure Do not harm COMPLIANCE LegislationDon’t hit people! 6
- 7. Parties Involved in Data Privacy PEOPLE Have People Data GOVERNMENTS Laws to protect People Data COMPANIES Collect, use & protect People Data INDUSTRY ORGANIZATIONS Guidelines to protect People Data Data Quality Ad Blocking Class Actions ComplianceSelf-Regulation
- 8. Privacy professionals? 8 Source: IAPP-EY Annual Privacy Governance Report 2016 https://iapp.org/media/pdf/resource_center/IAPP%202016 %20GOVERNANCE%20SURVEY-FINAL3.pdf
- 9. @aureliepols Who owns the cookies? The jar is breaking
- 11. @aureliepols Erosion of human dignity through Article 1 EU Charter of Fundamental Rights • Discrimination => pothole app eg. => representativity of population? • Loss of choices => credit scoring => transparency & recourse • Loss of serendipity: tunneled vision • Loss of life? 11
- 12. @aureliepols Privacy Risk: it depends? Risk Ontology 12 Experiences in the Development and Usage of a Privacy Requirements Framework by Ian Oliver, Security Research Group, Bell Labs, Nokia
- 13. @aureliepols Ethics of the Data Analyst I shall remember data are not only numbers but actual people, that could be harmed by my work; I shall treat data that might identify individuals with the utmost care, which includes respect for their dignity, avoiding discrimination, as well as security best practices; I will not do to personal data what I wouldn’t find acceptable for data related to my family, friends, loved ones or myself; I understand personal data, PII &/or sensitive data is context based and often difficult to identify. In case of doubt, I will ask for help or escalate in order to take the appropriate measures; I understand data about individuals needs to travel with initial purpose of the data – the reason why it exists - & their respective consent mechanisms; a) I will never use data without knowing where it comes from, it’s purpose and consent mechanisms (see Quién es la Última Principle); b) I will never sell non consented data about individuals; c) If I sell consented data, it will be accompanied by purpose. Up to the buyer to define whether subsequent data uses are aligned. I understand consent might be revoked and a Right to be Forgotten – i.e. deletion – could be requested, that might need to be applied; I shall align security protocols with how personal &/or sensitive the data is; I will keep trace and document the data used in order to minimize risk related to data uses. 13 GOVERNANCE
- 14. V I S I T K R U X . C O M F O L L O W @ K R U X D I G I TA L Thank you. Aurélie Pols / apols@krux.com