nach oben

Erschienen in:

2016 | OriginalPaper | Buchkapitel

Data Protection by Design and by Default à la European General Data Protection Regulation

verfasst von : Marit Hansen

Erschienen in: Privacy and Identity Management. Facing up to Next Steps

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

The European data protection reform has resulted in a new regulation that will be effective from May 2018. This so-called General Data Protection Regulation contains specific provisions on data protection by design and on data protection by default. After briefly discussing related approaches such as “privacy by design”, we will elaborate how these provisions can be interpreted and sketch the potential impact on data processing in Europe and possibly beyond.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Big Data Privacy and Anonymization

Nächstes Kapitel Evaluating Websites and Their Adherence to Data Protection Principles: Tools and Experiences

It has to be stressed that “privacy” and “data protection” denote different, but related concepts, and there is not one single definition each. Usually the meaning of “privacy” points to the rights of an individual and is associated with self-defence against intrusion. “Data protection”, as coined in European data protection law, addresses primarily organisations that have to make sure that the rights of the individuals are not infringed. Note that Article 8 of the European Convention on Human Rights and similarly Article 7 of the Charter of Fundamental Rights of the European Union provide a right to privacy: “Right to respect for private and family life”. In addition, Article 8 of the Charter focuses on data protection: “Protection of personal data”. For the purpose of this text it is not necessary to precisely define the boundaries because the exact privacy and/or data protection requirements to be built in would differ for various cases and cannot be elaborated in detail at this point.

32nd International Conference of Data Protection and Privacy Commissioners: Privacy by Design Resolution, Jerusalem, Israel, 27–29 October 2010. http://www.ipc.on.ca/site_documents/pbd-resolution.pdf

Roussopoulos, M., Beslay, L., Bowden, C., Finocchiaro, G., Hansen, M., Langheinrich, M., Le Grand, G., Tsakona, K.: Technology-induced challenges in privacy & data protection in Europe. Technical report. ENISA Ad Hoc Working Group on Privacy & Technology (2008). https://www.enisa.europa.eu/publications/technology-induced-challenges-in-privacy-data-protection-in-europe

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). OJ L 119, 04.05.2016, pp. 1–88 (2016)

Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. OJ L 281, 23.11.1995, pp. 0031–0050 (1995)

Roßnagel, A., Nebel, M.: Die neue Datenschutzgrundverordnung – Ist das Datenschutzrecht nun für heutige Herausforderungen gerüstet? Policy Paper, Privacy-Forum (Forum Privatheit und selbstbestimmtes Leben in der digitalen Welt) (2016). https://www.forum-privatheit.de/

Chaum, D.: Security without identification: transaction systems to make big brother obsolete. Commun. ACM 28(10), 1030–1044 (1985)CrossRef

Hes, R., Borking, J.J.: Privacy-enhancing technologies: the path to anonymity. Technical report. Registratiekamer (1995)

European Commission: Privacy Enhancing Technologies (PETs) – the existing legal framework. MEMO/07/159 (2007)

Cavoukian, A.: Privacy by Design, Take the Challenge. Information and Privacy Commissioner of Ontario, Toronto (2009)

10.

Cavoukian, A.: Privacy by Design: The 7 Foundational Principles (August 2009, revised January 2011)

11.

Gürses, S., Troncoso, C., Díaz, C.: Engineering privacy by design. In: Computers, Privacy & Data Protection (2011)

12.

Deng, M., Wuyts, K., Scandariato, R., Preneel, B., Joosen, W.: A privacy threat analysis framework: supporting the elicitation and fulfillment of privacy requirements. Requirements Eng. J. 16(1), 3–32 (2011)CrossRef

13.

Hoepman, J.-H.: Privacy design strategies (extended abstract). In: Proceedings of SEC 2014, ICT Systems Security and Privacy Protection, pp. 446–459 (2014)

14.

Hansen, M., Jensen, M., Rost, M.: Protection goals for privacy engineering. In: Proceedings of the 1st International Workshop on Privacy Engineering. IEEE (2015)

15.

Konferenz der unabhängigen Datenschutzbehörden des Bundes und der Länder: Das Standard-Datenschutzmodell – Eine Methode zur Datenschutzberatung und -prüfung auf der Basis einheitlicher Gewährleistungsziele (2016). https://datenschutzzentrum.de/uploads/SDM-Methode_V_1_0.pdf

16.

Danezis, G., Domingo-Ferrer, J., Hansen, M., Hoepman, J.-H., Le Métayer, D., Tirtea, R., Schiffner, S.: Privacy and Data Protection by Design – from policy to engineering. Technical report. ENISA (2015). https://www.enisa.europa.eu/activities/identity-and-trust/library/deliverables/privacy-and-data-protection-by-design

17.

Borking, J.J., Raab, C.D.: Laws, PETs and other technologies for privacy protection. J. Inf. Law Technol. (JILT) 1(1), 1–14 (2001)

18.

Bundesdatenschutzgesetz (BDSG). BGBl. I Nr. 3, 24.01.2003, Bonn, pp. 66–88 (2003)

19.

Hansen, M., Hoepman, J.-H., Jensen, M.: Readiness analysis for the adoption and evolution of privacy enhancing technologies – methodology, pilot assessment, and continuity plan. Technical report. ENISA (2015). https://www.enisa.europa.eu/activities/identity-and-trust/library/deliverables/pets

20.

European Data Protection Supervisor: Opinion of the European Data Protection Supervisor on the data protection reform package, 7 March 2012. http://www.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/Consultation/Opinions/2012/12-03-07_EDPS_Reform_package_EN.pdf

21.

Hansen, M.: Data protection by default in identity-related applications. In: Fischer-Hübner, S., Leeuw, E., Mitchell, C. (eds.) IDMAN 2013. IFIP AICT, vol. 396, pp. 4–17. Springer, Heidelberg (2013). doi:10.1007/978-3-642-37282-7_2 CrossRef

22.

Ravichandran, R., Benisch, M., Kelley, P.G., Sadeh, N.M.: Capturing social networking privacy preferences: can default policies help alleviate tradeoffs between expressiveness and user burden? In: Goldberg, I., Atallah, M.J. (eds.) PETS 2009. LNCS, vol. 5672, pp. 1–18. Springer, Heidelberg (2009). doi:10.1007/978-3-642-03168-7_1 CrossRef

23.

Angulo, J., Fischer-Hübner, S., Wästlund, E., Pulls, T.: Towards usable privacy policy display and management. Inf. Manag. Comput. Secur. 20(1), 4–17 (2012)CrossRef

24.

Harbach, M., Fahl, S., Rieger, M., Smith, M.: On the acceptance of privacy-preserving authentication technology: the curious case of national identity cards. In: Cristofaro, E., Wright, M. (eds.) PETS 2013. LNCS, vol. 7981, pp. 245–264. Springer, Heidelberg (2013). doi:10.1007/978-3-642-39077-7_13 CrossRef

25.

Tsormpatzoudi, P., Berendt, B., Coudert, F.: Privacy by design: from research and policy to practice – the challenge of multi-disciplinarity. In: Berendt, B., Engel, T., Ikonomou, D., Le Métayer, D., Schiffner, S. (eds.) APF 2015. LNCS, vol. 9484, pp. 199–212. Springer, Heidelberg (2016). doi:10.1007/978-3-319-31456-3_12 CrossRef

Titel: Data Protection by Design and by Default à la European General Data Protection Regulation
verfasst von: Marit Hansen
Verlag: Springer International Publishing
Buch: Privacy and Identity Management. Facing up to Next Steps
Print ISBN: 978-3-319-55782-3

Electronic ISBN: 978-3-319-55783-0

Copyright-Jahr: 2016
DOI: https://doi.org/10.1007/978-3-319-55783-0_3

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"