Archives for posts with tag: data protection

While discussing my privacy design strategies paper at PLSC 2013, an interesting issue came up. The question was whether privacy by design can be used to enforce proportionality. That question was asked to me before, and my standard response was that it only partially can. You can use strategies like minimisation and, to a lesser extent, aggregation to ensure that the system only processes the personal data that it needs. However, whether that need itself is proportional, or even legitimate, is not something the design itself can guarantee.

Read the rest of this entry »

Europe is currently discussing an update of its data protection regime. The Albrecht Report suggests several amendments to the Commission’s proposal for a new regulation. One of the proposals is to limit the protection for pseudonymous data. I think this a dangerous idea.

Read the rest of this entry »

Last week I attended the For Your Eyes Only conference held in Brussels on November 29 and November 30. These are my, personal, main findings.

Read the rest of this entry »

Summary of presentations and discussions of day two of the For Your Eyes Only conference held in Brussels on November 29 and November 30. My main findings can be found here.
Read the rest of this entry »

Summary of presentations and discussions of day one of the For Your Eyes Only conference held in Brussels on November 29 and November 30. My main findings can be found here.

Read the rest of this entry »

Anonymous credentials are a privacy enhancing technology that allow you to prove certain properties about yourself, without revealing your full identity. Examples are showing your age, your gender, whether you are a member of a certain group, or your nationality, among others. Privacy advocates are advocating the widespread use of such technology. However, if a worldwide infrastructure for anonymous credentials would exist, this would actually create a funny privacy problem.
Read the rest of this entry »

In a very instructive description of the difference between the US and the EU in the legal protection of on-line privacy, I read something very surprising. It said that in a recent meeting commissioner Reding introduced “privacy-by-default” as a new concept and as one of the pillars on which the revision of the EU data protection laws will be based. The idea is that privacy settings are designed to be easily found and manipulated by the user, so that “you don’t have to be an engineer to set your privacy settings.” Surprisingly though, privacy-by-default does not mean that your privacy should be protected by default, and does not imply an opt-in requirement to privacy invasions.

Surely, this must be a mistake. If not, the term “privacy-by-default” is a nasty form of EU newspeak.