How can Cloud Users be Supported in Deciding on, Tracking and Controlling How their Data are Used?

Part 1: Invited PapersInternational audienceTransparency is a basic privacy principle and factor of social trust. However, the processing of personal data along a cloud chain is often rather intransparent to the data subjects concerned. Transparency Enhancing Tools (TETs) can help users in deciding on, tracking and controlling their data in the cloud. However, TETs for enhancing privacy also have to be designed to be both privacy-preserving and usable. In this paper, we provide requirements for usable TETs for the cloud. The requirements presented in this paper were derived in two ways; at a stakeholder workshop and through a legal analysis. Here we discuss design principles for usable privacy policies and give examples of TETs which enable end users to track their personal data. We are developing them using both privacy and usability as design criteria

IoT and Its Implications for Informed Consent

This report is based on a three-hour long workshop between representatives of the PETRAS IoT Hub, Pinsent Masons, and the HMG Department for Transport. The workshop is part of an ongoing investigation that explores the connections between some of the different dimensions likely to shape conceptions and applications of consent in the emerging Internet of Things (IoT). The impetus for the workshop was the recognition that two significant developments will challenge conventional approaches to online consent. From a technical perspective, the IoT will significantly increase personal data collection, use and re-use. From a regulatory perspective, the General Data Protection Regulation (GDPR) which comes into force in May 2018, will make much higher demands on practices of giving and obtaining consent. Combined, these two factors suggest that consent will be a major issue for all actors in the next five years and it requires some careful analysis now in order to adequately prepare for these developments

Privacy Risk Analysis to Enable Informed Privacy Settings

International audienceThe work described in this paper is a contribution to enhancing individual control over personal data which is promoted, inter alia, by the new EU General Data Protection Regulation. We propose a method to enable better informed choices of privacy settings. The method relies on a privacy risk analysis parameterized by privacy settings. The user can express his choices, visualize their impact on the privacy risks through a user-friendly interface and, if needed, decide to revise them to reduce risks to an acceptable level

Analyse de risques pour guider les choix de paramêtres de protection de vie privée

The work described in this paper is a contribution to enhancing individual control overpersonal data which is promoted, inter alia, by the new EU General Data Protection Regulation.We propose a method to enable better informed choices of privacy preferences or privacy settings.The method relies on a privacy risk analysis framework parameterized with privacy settings. Theuser can express his choices, visualize their impact on the privacy risks through a user-friendlyinterface, and decide to revise them as necessary to reduce risks to an acceptable level.L'objectif du travail décrit dans cet article est de renforcer le contrôle des individussur leurs données personnelles. Nous proposons une méthode permettant d'effectuer des choix de paramétrage de politiques de protection de vie privée informés par le résultat d'une analyse de risques. L'utilisateur peut exprimer ses choix et visualiser leurs conséquences en termes de risques, puis les réviser si nécessaire dans un processus itératif, jusqu'à obtention d'un niveau de risque acceptable

Umsetzung des datenschutzrechtlichen Auskunftsanspruchs auf Grundlage von Usage-Control und Data-Provenance-Technologien

Die Komplexität moderner Informationssysteme erschwert die Nachvollziehbarkeit der Verarbeitung personenbezogener Daten. Der einzelne Bürger ist den Systemen quasi ausgeliefert. Das Datenschutzrecht versucht dem entgegenzuwirken. Ein Werkzeug des Datenschutzes zur Herstellung von Transparenz ist der Auskunftsanspruch. Diese Arbeit unterzieht das Recht auf Auskunft einer kritischen Würdigung und schafft umfassende technische Voraussetzungen für dessen Wahrnehmung