Privacy Protection Goals and Their Implications for eID Systems

Part 8: Privacy for eHealth and eID ApplicationsInternational audienceProtection goals such as confidentiality, integrity and availability have proved to be successful in evaluating information security risks and choosing appropriate safeguards. The recently developed privacy-specific protection goals unlinkability, transparency and intervenability complement these classic goals and thereby provide cornerstones to define requirements concerning information security as well as privacy and to assess solutions. This text focuses on the application of the three new protection goals to eID systems such as government-issued electronic identity cards in different settings

European Privacy by Design [védés előtt]

Three competing forces are shaping the concept of European Privacy by Design (PbD): laws and regulations, business goals and architecture designs. These forces carry their own influence in terms of ethics, economics, and technology. In this research we undertook the journey to understand the concept of European PbD. We examined its nature, application, and enforcement. We concluded that the European PbD is under-researched in two aspects: at organizational level (compared to the individual level); and mainly in the way it is enforced by authorities. We had high hopes especially with regards to the latter, and eager to bring significant scientific contribution on this field. We were interested to learn if data protection authorities are having such impacts looking at European PbD, that can pioneer new approaches to privacy preservation. This is why we elaborated on possible ways to measure their activity, in a manner that both legal and non-legal experts can understand our work. We promised a response to the research question can the enforcement of European PbD be measured and if yes, what are possible ways to do so? We conducted data analytics on quantitative and qualitative data to answer this question the best way possible. Our response is a moderate yes, the enforcement of PbD can be measured. Although, at this point, we need to settle with only good-enough ways of measure and not dwell into choosing the most optimal or best ways. One reason for this is that enforcement of PbD cases are highly customized and specific to their own circumstances. We have shown this while creating models to predict the amount of administrative fines for infringement of GDPR. Clustering these cases was a daunting task. Second reason for not delivering what could be the best way of measure is lack of data availability in Europe. This problem has its roots in the philosophical stance that the European legislator is taking on the topic of data collection within the EU. Lawmakers in Europe certainly dislike programs that collect gigantic amounts of personal data from EU citizens. Third reason is a causal link between the inconsistent approach between the data protection authorities’ practices. This is due to the different levels of competencies, reporting structures, personnel numbers, and experience in the work of data protection authorities. Looking beyond the above limitations, there are certainly ways to measure the enforcement of European PbD. Our measurements helped us formulate the following statements: a. The European PbD operates in ‘data saver’ mode: we argue that analogous to the data saving mode on mobile phones, where most applications and services get background data only via Wi-Fi connection, in Europe data collection and data processing is kept to minimal. Therefore, we argue that European PbD is in essence about data minimization. Our conviction that this concept is more oriented towards data security have been partially refuted. b. The European PbD is platform independent: we elaborated in the thesis on various infrastructures and convergent technologies that found compatibility with the PbD principles. We consider that the indeed the concept is evolutionary and technology –neutral. c. The European PbD is a tool obligation: we argue that the authorities are looking at PbD as a tool utilization obligation. In a simple language, companies should first perform a privacy impact assessment in order to find out which tools are supporting their data processing activities and then implement these, as mandated PbD. d. The European PbD is highly territorial: we reached the conclusion that enforcement of PbD is highly dependent on geographical indicators (i.e. countries and counties). The different level of privacy protection cultures are still present in Europe. On a particular level, what is commonly true across all countries is that European PbD mandates strong EU data sovereignty

Identity management policy and unlinkability: a comparative case study of the US and Germany

This study compares the privacy policies of Germany and the US in the field of identity management. It analyses the emergence of unlinkability within the countries’ electronic citizen identity initiatives. The study used qualitative research methods, including semi-structured interview and document analysis, to analyse the policy-making processes surrounding the issue of unlinkability. The study found that unlinkability is emerging in different ways in each country. Germany’s data protection and privacy regimes are more coherent than the US, and unlinkability was an incremental policy change. US unlinkability policies are a more significant departure from its data protection and policy regimes. New institutionalism is used to help explain the similarities and differences between the two countries’ policies. Scholars have long been calling for the use of privacy-enhancing technologies (PETs) in policy-making, and unlinkability falls into this category. By employing PETs in this way, German and US identity management policies are in the vanguard of their respective privacy regimes. Through these policies, the US comes closer to German and European data protection policies, doing so non-legislatively. The digital citizen identities appearing in both countries must be construed as commercial products inasmuch as official identities. Lack of attendance to the commercial properties of these identities frustrates policy goals. As national governments embark on further identity management initiatives, commercial and design imperatives, such as value to the citizen and usability, must be considered for policy to be successful

Identity management policy and unlinkability: a comparative case study of the US and Germany

This study compares the privacy policies of Germany and the US in the field of identity management. It analyses the emergence of unlinkability within the countries’ electronic citizen identity initiatives. The study used qualitative research methods, including semi-structured interview and document analysis, to analyse the policy-making processes surrounding the issue of unlinkability. The study found that unlinkability is emerging in different ways in each country. Germany’s data protection and privacy regimes are more coherent than the US, and unlinkability was an incremental policy change. US unlinkability policies are a more significant departure from its data protection and policy regimes. New institutionalism is used to help explain the similarities and differences between the two countries’ policies. Scholars have long been calling for the use of privacy-enhancing technologies (PETs) in policy-making, and unlinkability falls into this category. By employing PETs in this way, German and US identity management policies are in the vanguard of their respective privacy regimes. Through these policies, the US comes closer to German and European data protection policies, doing so non-legislatively. The digital citizen identities appearing in both countries must be construed as commercial products inasmuch as official identities. Lack of attendance to the commercial properties of these identities frustrates policy goals. As national governments embark on further identity management initiatives, commercial and design imperatives, such as value to the citizen and usability, must be considered for policy to be successful