Best Practices – Privacy Design®

Coordinated cookie practice review by German DPAs.

Observations on

Wrong order – loading cookies/trackers prior to consent
Wrong information – Insufficient or wrong information on user tracking on first level of the consent banner
Wrong consent – Insufficient scope of consent. Many cookies/trackers remain active even if users deny consent on first level of banner to “All”
No easy consent denial/revocation – Often no easy way to deny consent on first level of consent banner, or to close banner without a decision.
Manipulation of users – dark design patterns, nudging..

April 20, 2021April 20, 2021

Fraunhofer: Die Datenschutz-Folgenabschätzung nach Art. 35 DSGVO – Ein Handbuch für die Praxis

http://publica.fraunhofer.de/starweb/servlet.starweb?path=urn.web&search=urn:nbn:de:0011-n-586394-15

Volltext (Online):
http://publica.fraunhofer.de/eprints/urn_nbn_de_0011-n-586394-15.pdf

January 4, 2021January 4, 2021

Switzerland: Minimal security standards and assesment tool

from 2018… (modelled on NIST cybser security framework with some modifications)

hhttps://www.bwl.admin.ch/bwl/en/home/themen/ikt/ikt_minimalstandard.html

November 30, 2020November 30, 2020

Article: Johner Institut on meeting German DIGA requirements

https://www.johner-institut.de/blog/regulatory-affairs/datensicherheit-und-datenschutz-fuer-diga/

includes overview on regulatory requirements:

MDR
DVG
DIGAV
BSI 200-1 BSI-Standard 200-1, Managementsysteme für die Informationssicherheit
BSI 200-2 BSI-Standard 200-2, IT-Grundschutz-Methodik
BSI TR03161 Sicherheitsanforderungen an digitale Gesundheitsanwendungen
ISO 27001:2017
ISO/IEC 82304-1 Gesundheitssoftware – Teil 1: Allgemeine Anforderungen für die Produktsicherheit
ISO/IEC 82304-2 Health Software – Part 2: Health and wellness apps – Quality and reliability [future – includes a “seal”]
IEC 8001-5-1 Safety, security and effectiveness in the implementation and use of connected medical devices or connected health software – Part 5-1: Security – Activities in the product lifecycle

November 30, 2020November 30, 2020

Germany: DPAs (DSK) Paper on Microsoft Windows 10 Telemetry Functions (with BSI input)

Telemetriefunktionen und Datenschutz beim Einsatz von Windows 10 Enterprise

https://www.datenschutzkonferenz-online.de/media/dskb/TOP_30_Beschluss_Windows_10_mit_Anlagen.pdf

November 17, 2020November 17, 2020

UKANON: second edition of the Anonymisation Decision-making Framework

The Framework has been given a significant overhaul and for the first time there is a systematic method for evaluating your data environment.

https://ukanon.net/framework/

November 11, 2020October 28, 2021

BSI TR-03161 Sicherheitsanforderungen an digitale Gesundheitsanwendungen

Germany: BSI – Security requriements for digital health applications
https://www.bsi.bund.de/DE/Themen/Unternehmen-und-Organisationen/Standards-und-Zertifizierung/Technische-Richtlinien/TR-nach-Thema-sortiert/tr03161/tr-03161.html

English version: https://www.bsi.bund.de/EN/Publications/TechnicalGuidelines/TR03161/TechnicalGuidelines_03161_node.html
with direct link: https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/TechGuidelines/TR03161/TR-03161.pdf?__blob=publicationFile&v=2

October 23, 2020October 23, 2020

AEPD: verification list for Privacy By Design audits

The AEPD gives a non-comprehensive verification list for PrivacybyDesign audits in chapter VIII of its guidance (in English!)

https://www.aepd.es/sites/default/files/2020-10/guia-proteccion-datos-por-defecto-en.pdf

October 14, 2020October 14, 2020

Bavaria: Data Protection Checklists (incl. Guidance on TOMs)

The DPA of Bavaria has published the following checklists (in German)
at https://www.lda.bayern.de/de/checklisten.html:

Nr. 1: Homeoffice (PDF)
https://www.lda.bayern.de/media/checkliste/baylda_checkliste_homeoffice.pdf
Nr. 2: Cybersicherheit für medizinische Einrichtungen (PDF)
https://www.lda.bayern.de/media/checkliste/baylda_checkliste_medizin.pdf
Interesting: “9 Externe Abrufmöglichkeit für Laborergebnisse” and “10 Fernwartung”
Nr. 3: Patch Management (PDF)
https://www.lda.bayern.de/media/checkliste/baylda_checkliste_patch_mgmt.pdf
Nr. 4: Good Practice bei technischen und organisatorischen Maßnahmen nach Art. 32 DS-GVO (PDF)
https://www.lda.bayern.de/media/checkliste/baylda_checkliste_tom.pdf

October 9, 2020October 11, 2020

Paper: Bitkom: Anonymisierung und Pseudonymisierung von Daten für Projekte des maschinellen Lernens

Anonymization and Pseudonymization of data used in Machine Learning Projects

https://www.bitkom.org/sites/default/files/2020-10/201002_lf_anonymisierung-und-pseudonymisierung-von-daten.pdf

Examples given:

Processing of geolocation profiles (movements)
Google’s COVID-19 Community Mobility Reports
De-coupled pseudonyms, e.g. for manufacurers remote monitoring machine performance at customers
Speech recognition as example of federated learning
Anonmyization and pseudonymization of medical text data using Natural Language Processing
Use of sematic anonymization of sensitive data with inference-based AI and active ontolgies in the financial industry

Key words:

Anonymization of structured data
- Attacks
  - Was personal data of a known person used to genrate the anonymous data?
  - Which data in the anonymous data relates to personal data of a known person?
  - Predicting attributes of a known person
- Static anonymization, Dynamic anonymization, Interactive anonymization
- Pseudonymization
  - Format preserving encryption, Tokenization, Trusted third party, Pseudonymous Authentication (PAUTH), Oblivious transfer
- Anonymization of texts
  - Ensure that free text inlcudes no identifying terms (e.g. via organizational measures)
  - Masking of identifying terms as part of post-processing
  - Structuring via Natural Language Processing
  - Caveat: Author might be identifiable based on writing style
- Anonymization of multimedia data
- Privacy via on-prem analysis and decentralization (see also: federated learning)
  - Homomorphic encryption: fully homomorphic, partially homomorphic, somewhat homomorphic
  - Secure multi-party computation
  - Garbled circuits
- Privacy risks related to machine learning and controls
  - Identification of persons
  - Deanonmymization of data (e.g. of blurred images)
  - Memmbership inference
  - Model inversion
  - Defeating noise, others..
Federated learning
- (Moving algorithms to the local data – instead of moving data to central algorithm)
- (Local data doesn’t leave device)
- AI models as personal data
- Legal advantages of federated learning
Attacks and controls
- Model inversion
  - Querying the trained AI model to reconstruct its training data
- Membership inference
  - Was a given data point used to train the model?
- Model extraction
  - “Stealing” the trained model – by cloning the behaviour and predictive capabilities of a given AI model
- Adversial examples (creating inputs that trigger unintended responses)
- Countermeasures
  - Restriction son outputs
  - Adversarial Regularization
  - Distillation
  - Differential Privacy
  - Cryptography
  - Secure multi-party computation (MPC)
  - Federated machine learning
  - Differential Private Data Synthesis (DIPS) (e.g. via Copula functions, Generative Adversarial Networks)

Category: Best Practices

ULD SH: Länderübergreifende Datenschutz-Prüfung von Medien-Webseiten: Nachbesserungen nötig