1 / 78

SmartM2M; Teaching material; Part 2: IoT Privacy

SmartM2M; Teaching material; Part 2: IoT Privacy. 05.03.2019. STF 547 Task 3.2. V0.1.7. Content. Learning Objectives Part 1: What is Privacy? Part 2: Privacy in the context of IoT Part 3: What are the risks associated to privacy? Part 4: How to Protect from Privacy Risks? Conclusion.

octavius
Download Presentation

SmartM2M; Teaching material; Part 2: IoT Privacy

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. SmartM2M;Teaching material; Part 2: IoT Privacy • 05.03.2019 • STF 547 Task 3.2 • V0.1.7

  2. Content • Learning Objectives • Part 1: What is Privacy? • Part 2: Privacy in the context of IoT • Part 3: What are the risks associated to privacy? • Part 4: How to Protect from Privacy Risks? • Conclusion

  3. Learning objectives

  4. Target audience of this teaching material • The main target reader has no knowledge on the issue of privacy • This teaching material addresses key aspects of privacy by raising a set of relevant questions • Accordingly, this teaching material • provides learners with the necessary information, • so as to gain basic knowledge on the concept of privacy, • allowing them to make decisions and act in relation to the IoT environment. • Target group of learners • holds functions both upstream and downstream of the IoT supply chain, thus, mirroring the entire spectrum of the IoT stakeholders • Upstream e.g. Device Manufacturers • Midstream e.g. Professionals designing IoT products; 3rd party using and designing products; IoT platform manufacturers • Downstream e.g. subscribers, users, non-users, Authorities

  5. Part 1: What is Privacy?

  6. 1. What is Privacy?Contents • Introduction • The General Data Protection Regulation (GDPR) • What is the link between privacy and security?

  7. 1.1 Introduction to Privacy • Privacy is the ability of an individual to be left alone, out of public view, and in control of information about oneself. • One can distinguish the ability to prevent intrusion in one's physical space ("physical privacy", for example with regard to the protection of the private home) and the ability to control the collection and sharing of information about oneself ("informational privacy"). • The right to privacy is enshrined in the Universal Declaration of Human Rights (Article 12) as well as in the European Convention of Human Rights (Article 8).

  8. 1.1 Introduction to PrivacyPersonal Data • The concept of privacy overlaps, but does not coincide, with the concept of data protection. The right to privacy is enshrined in the Universal Declaration of Human Rights (Article 12) as well as in the European Convention of Human Rights (Article 8). • Personal Data: any information relating to an identified or identifiable natural person ('data subject'); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity of that natural person; Note that the GDPR provides separately for special categories of data, namely, genetic data, biometric data and data concerning health.

  9. 1.1 Introduction to PrivacyPersonal Data categorization Special Categories Personal Non-Personal Non-identifiable data, which has never been labelled with individual identifiers , to which no specific individual can be identified Any information relating to an identified or identifiable individual Any information relating to an identified or identifiable individual that is sensitive in nature • Examples • Racial or ethnic origin • Data concerning health • Sexual orientation • Religion • Political beliefs • Biometric/genetic data • Examples • Individual’s name • Date of Birth • Postal Code • Online identifier • Examples • Hours worked • Weather • Number of Employees • Anonymised data

  10. 1.2 The General Data Protection Regulation (GDPR)Overview • Protects personal data (not all data), due largely to the increase in technology and free flow of information. • Also referred to as Regulation (EU) 2016/679. • Created by the European Parliament and Council to strengthen and unify data privacy for EU individuals as well as regulate the international transfer of their data. • Became applicable on 25th May 2018 as a Regulation • Examples of Privacy scandals: • Facebook’s launch of Portal has been stymied by trust issues: “The company’s privacy scandals have made us wary of its connected devices” • Amazon confirms Alexa recorded and shared a family's conversation

  11. 1.2 The General Data Protection Regulation (GDPR)Territorial Scope of GDPR • GPDR intends to extend the reach of EU Data Protection Law. As well as protecting personal data that is held within the EU, even if no EU presence exists in an organisation, if personal data of a person who is in the EU is processed by this organisation in connection with goods or services provided, GDPR will still apply. • NON-EU organization will be subject to GDPR if they: • Offer goods or services to EU residents • Monitoring the behavior of EU residents

  12. 1.2 The General Data Protection Regulation (GDPR)What is Personal Data Processing? • Following are some examples of processing

  13. 1.2 The General Data Protection Regulation (GDPR)Processing of Data • Processing in GDPR means any operations which is performed on personal data or sets of data whether or not it is automated. • collection, recording, organizing, structuring, storage, adaption, alteration, retrieval, transmission, erasure or destruction • Profiling of data and Automated decision • automated processing of personal data to evaluate certain personal aspects relating to a natural person, in order to predict aspects concerning that natural person. • Requirement for profiling: Data has to be personal, automated and some form of evaluation must take place

  14. 1.2 The General Data Protection Regulation (GDPR)Roles within GDPR • Data subject: an identified or identifiable natural person • Data controller: person, public authority, agency, organization, alone or jointly which determines the purpose and means of the processing of personal data • Data Protection Officer (DPO): person who ensures that the organization is aware of and complies with its data protection responsibilities and obligations according to GDPR and Member state • Data processor: natural or legal person, public authority, agency or any other body which processes personal data on behalf of the data controller

  15. 1.2 The General Data Protection Regulation (GDPR)Roles within GDPR • Third Party: natural or legal person, public authority, agency or body which is authorized to process personal data under the direct authority of the data controller or processor • Supervisory Authorities: monitor and enforce the application of GDPR with the aim to protect the fundamental rights and freedom of natural persons in relation to processing and to facilitate the free flow or personal data within the European Union

  16. 1.2 The General Data Protection Regulation (GDPR)Data Protection Principles • There are six principles that define the conditions under which data should be processed they define the (“HOW”) • Breaking this principles make the processing unlawful. • These principles are as follows: • Lawfulness, Fairness and transparency • Purpose Limitation • Data minimization • Accuracy • Storage Limitation • Integrity and Confidentiality

  17. 1.2 The General Data Protection Regulation (GDPR)Reasons to process data • There are six reasons under which data should be processed and they answer the “WHY” for processing • These reasons must also be lawful. • These six reasons are: • Consent • Contract • Compliance • Vital interest • Public interest • Legitimate interest

  18. 1.2 The General Data Protection Regulation (GDPR)Rights of Individual • The GDPR provides the following rights for individuals: • Right to be informed: transparency about use of data collected, aim of collection and retention period • Right of access: right to have access to data either asking verbally or in writing • Right to rectification: right to request data to be corrected or complete if incomplete either verbally or in writing • Right to erasure: right to have their data erased (right to be forgotten) • Right to restrict processing: right to request the restriction or suppression of their personal data (applies only in certain circumstances)

  19. 1.2 The General Data Protection Regulation (GDPR)Rights of Individual (cont.) • The GDPR provides the following rights for individuals (cont.): • Right to data portability: right to ask their data to be copied or transferred easily from one IT environment to another in a safe and secure way, without affecting their usability • Right to object: right to stop their data being used for direct marketing. • Rights in relation to automated decision making and profiling: give individuals information about the processing; introduce simple ways for them to request human intervention or challenge a decision; carry out regular checks to make sure that systems are working as intended

  20. 1.2 The General Data Protection Regulation (GDPR)Novelties of the GDPR • Privacy by Design • Accountability • Consent management • Data Protection Impact Assessment (DPIA) • Data breach notification

  21. 1.2 The General Data Protection Regulation (GDPR)Breaches - Introduction • Personal data breach: this is a breach of security leading to accidental or unlawful destruction. Loss, alteration, unauthorised disclosure, access to personal data transmitted stored or processed. • The GDPR provides for the mandatory notification of a data breaches provided that certain requirements are met. The breaches need to be notified to the data protection authorities and, in certain cases, to the individuals/data subjects affected by the data breach. • Ensure there is a record of any personal data breaches, regardless of whether notification is required, maintaining such a record would be in line with accountability principle. • The notification of a data breach is relevant for all actors in the supply chain that they have to provide for it in accordance with their role.

  22. 1.2 The General Data Protection Regulation (GDPR)Procedures to follow: Who to Notify • Data protection authorities • The GDPR introduces a duty on all organizations to report certain types of personal data breach to the relevant supervisory authority. You must do this within 72 hours of becoming aware of the breach, where feasible. • Data Protection Authorities and Affected Individuals • If the breach is likely to result in a high risk of adversely affecting individuals’ rights and freedoms, you must also inform those individuals without undue delay. Ensure there are robust breach detection, investigation and internal reporting procedures in place. This will facilitate decision-making about whether or not the relevant supervisory authority and the affected individuals are notified. • Note that it relevant, also, for end users of IoT devices given that in certain cases they are themselves the affected individuals so they will be directly notified.

  23. 1.2 The General Data Protection Regulation (GDPR)Procedures to follow: What to Notify • According to article 33(5), when reporting a breach, the GDPR says you must provide: • a description of the nature of the personal data breach including, where possible: • the categories and approximate number of individuals concerned; and • the categories and approximate number of personal data records concerned; • the name and contact details of the data protection officer (if the organization has one) or other contact point where more information can be obtained; • a description of the likely consequences of the personal data breach • a description of the measures taken, or proposed to be taken, to deal with the personal data breach, including, where appropriate, the measures taken to mitigate any possible adverse effects.

  24. 1.3 Link between privacy and securityPrivacy and Security • Privacy and security are separate concepts in the sense, for example, that privacy can be perceived independently of security • But they are complementary, given that in reality security is an enabler of privacy. • It can be stressed that security is a basic requirement for the effective protection of privacy.

  25. Part 2: Privacy in the context of IoT

  26. 2. Privacy in the context of IoTContents • Global Approach of IoT Systems • Challenge of Privacy in IoT • Use case examples • Data processing within the IoT ecosystem

  27. 2.1 Global Approach of IoT SystemsPrivacy in the context of IoT • This teaching material proposes an approach that suggests reinforcing the role of human users with privacy concerns at the heart of IoT and as the users and beneficiaries of IoT

  28. 2.1 Global Approach of IoT SystemsMain differences and characteristics of IoT systems • Stakeholders: large variety of potential stakeholders with a wide range of roles that shape the way; each of them can be considered in the IoT system. Moreover, none of them can be ignored. • Privacy. In the case of IoT systems that deal with critical data in critical applications (e.g., e-Health, Intelligent Transport, Food, Industrial systems), privacy becomes a make or break property. • Interoperability. There are very strong interoperability requirements because of the need to provide seamless interoperability across many different systems, sub-systems, devices, etc. • Security. As an essential enabling property for trust, security is a key feature of all IoT systems and needs to be dealt with in a global manner. One key challenge is that it is involving a variety of users in a variety of use cases.

  29. 2.1 Global Approach of IoT SystemsMain differences and characteristics of IoT systems • Technologies. By nature, all IoT systems have to integrate potentially very diverse technologies, very often for the same purpose (with a risk of overlap). The balance between proprietary and standardized solutions has to be carefully managed, with a lot of potential implications on the choice of the supporting platforms. • Deployment. A key aspect of IoT systems is that they emerge at the very same time where Cloud Computing and Edge Computing have become mainstream technologies. All IoT systems have to deal with the need to support both Cloud-based and Edge-based deployments with the associated challenges of management of data, etc. • Legacy. Many IoT systems have to deal with legacy (e.g., existing connectivity, back-end ERP systems). The challenge is to deal with these requirements without compromising the “IoT centric” approach.

  30. 2.1 Global Approach of IoT SystemsNeed for an "IoT-centric" view • Examples of roles to be characterized and analyzed: • System Designer • System Developer • System Deployer • End-user • Device Manufacturer • Reference Architecture(s) • Many elements (e.g., vocabularies, definitions, models) have to be defined, agreed and shared by the IoT stakeholders. • Existence of a great variety of IoT systems architectures, it is also necessary to adopt Reference Architectures, in particular Functional Architectures • Very large span of requirements, use cases and roles within an IoT system make it difficult to provide prototypical solutions applicable to all of the various issues addressed

  31. 2.2 Challenge of Privacy in IoT • IoT forms a clear example of hyper connectivity and distributed control • Appropriate safeguards are needed to ensure that individuals’ right to privacy is effectively protected • The following are some of the challenges in identifying: • the stakeholders that are impacted by Privacy • the personal data and who owns the data • privacy in various domains in IoT • how stakeholders need to think of Privacy as part of design not an afterthought • the implication of non-compliance with Regulation not just standards.

  32. 2.3 Use case examplesAmbient assisted living in smart homes, older people - illustration

  33. 2.3 Use case examplesAmbient assisted living in smart homes, older people - stakeholders • Main actors • Beneficiary: elderly person (Angela, 84 years-old) with raised cardiovascular risk • Family caregiver: the relatives (Alba) or family caregiver with interest and with permission to check the status of the beneficiary • Formal caregiver: in this case, the Spanish Red Cross that provides the 24/7 telecare and assistance service • Data Subject • Angela • Data Controller • CCTV camera manufacturer • Blood pressure device manufacturer

  34. 2.3 Use case examplesAmbient assisted living in smart homes, older people - stakeholders • Data Processor • Location service provider (provides Angela’s location service to Alba) • Caregiver -Spanish Red cross company (provides staff that reviews Angela medical record) • Relative • Blood Pressure device manufacturer

  35. 2.3 Use case examplesAmbient assisted living in smart homes, older people - challenges • The CCTV camera and the blood pressure tracker will be monitoring and maintaining a record Angela’s location, blood pressure, body temperature and other forms of health data • These data will be accessible to the camera manufacturer, blood pressure device manufacturer, Spanish Red Cross and the like. • Concerns such as • how these data will be stored and used by the respective parties, • for how long • whether sufficient safeguards have been implemented to protect the data from being accessed by an unauthorised party.

  36. 2.3 Use case examplesSmart home solutions - illustration • Movie night scenario: with a press of a button Erik’s flat door is locked, lights are off all over the house but in the living room where a dimmed discrete illumination is still present and the temperature in the living room is set a bit warmer than usual. • Security at night scenario: Daniel is in his bedroom. From his mobile phone, he can • look at the video streams coming from the video cameras installed outside home. • checks the motion detectors around the home • also checks the contact sensors installed on the windows to see if any of them is forgotten open. • Power saving scenario: Olaf lives in a remote cottage in the mountains. From his mobile phone, he can • set the preferred room temperatures, the priority of the rooms and the consumption limits • keep his instant power consumption within the required limits at all time

  37. 2.3 Use case examplesSmart home solutions - stakeholders • Main actors • home residents • housekeeper (with a passive role in the solution) • technician • Data Subject • Depending on the scenario: Erik, Daniel or Olaf • Data Controller • Smart home application developer • Data Processor • Video camera manufacturer • Technician

  38. 2.3 Use case examplesSmart home solutions - challenges • Smart homes require several sensors and actuators to be installed that allow it to be aware of the home parameters and events in every moment and take appropriate actions when needed. • These new technologies bring with them specific threats: • network security, hacking, • people’s privacy, • complexity of the installation • maintenance of the devices which needs to be accounted for when these devices are being manufactured

  39. 2.3 Use case examplesLogistics and workplace – story line • The port of Rotterdam is a multipurpose port with numerous terminals. • The type and quantity of data related to transiting goods are processed through a sophisticated equipment and IT systems, which are coordinated by employees from IT Department and protected under the supervision of the Department for port’s security. The overall system is constantly checked through a sophisticated internal system, which allows the interchange of data with external entities and logistic actors. • Peter is an employee who coordinates the incoming and outgoing shipments, ensures that the traffic is managed in an effective manner • Peter is equipped with a smart watch that he is required to wear during office hours. • The equipment allows the respective managers to keep track of the time and duration for which the warehouse was accessed by their delivery representatives. • Additionally, , a secure system allows the deliver representatives only to pick up the cargo after clearance is given by their managers along with a 4-digit OTP (One Time Password) which would be sent to their smart watches. • Access to the information on the watch is only provided to shipment owners when the cargo is arriving or at the premises of the port

  40. 2.3 Use case examplesLogistics and workplace - stakeholders • Main actors • Peter • The employer (Sky Shipping & Logistics Company Ltd) • The cargo shipment owner (Glitterati and Co) • Watch Company • Location service provider • Data Subject • Peter (Personal data: location, email address, phone number ; health data: hearth rate, body temperature) • Data Controller • The employer • Data Processor • The employer (Sky Shipping & Logistics Company Ltd) • The cargo shipment owner (Glitterati and Co)

  41. 2.3 Use case examplesLogistics and workplace - challenges • The smart watch can track and store different types of data with respect to Peter including his location, email address, heart rate and body temperature • Thus it is essential that his employer ensures that effective measures are put in place to ensure that • only the relevant personnel have access to such data • such data is tracked during office hours only when it is required for an assignment. • Further, the smart watch manufacturers must implement sufficient security mechanisms to prevent it from getting hacked by third parties

  42. Part 3: What are the risks associated to Privacy?

  43. 3. What are the risks associated to Privacy?Contents • The GDPR is a risk-based regulation requiring organizations to take appropriate technical and organizational measures on the basis of the risks identified. • When identifying risk organisation have to take into account several parameters such as the specific types of data to be processed and the scale of processing itself. • The risks pertaining to personal data protection relate to each individual separately, but since the harm can proliferate in the IoT environment they are relevant for society at large.

  44. 3.1 What are the risks associated to Privacy?Contents -Categories • In order to be able to capture and explain risk across the relevant areas in an IoT ecosystem, it is worth categorising risk as it relates to relevant stakeholders as follows: • Upstream: Parties that are directly involved in the creation of the IoT device i.e. device manufacturers • Midstream: Third parties that assist the device manufacturers in the creation of the IoT device i.e. product designers, platform manufacturers and the like. • Downstream: The final users of the IoT device.

  45. 3.1 What are the risks associated to Privacy?Contents -Upstream • Upstream parties e.g. IoT device manufacturers play a fundamental role as far as data privacy is concerned and their actions or inactions can expose IoT users to significant risks. • Some examples of possible risk are: • Device manufacturers may not make the necessary investments in the cybersecurity element of the IoT device in order to stay ahead of competitors while also providing an attractive price. Hence this may jeopardize the safety of consumers data. • Device manufacturers may now run the risk of losing their goodwill in the market and the confidence of customers mainly because they may now be made financially liable for failure to ensure implementation of required safeguards according to GDPR.

  46. 3.1 What are the risks associated to Privacy?Contents -Midstream • The risks at the midstream level caused by parties like product designers, platform developers etc. are, to an extent, similar to those relating to the device manufacturers. • With the IoT, the internet is everywhere, in every nook and cranny of private spaces which could potentially mean the generation of more data. Such data is used not only by the device manufacturer but is shared with its relevant third parties to allow the overall functioning of the IoT devices. • It is for this reason that the GDPR also makes such related (/connected) parties liable to the extent that the breach is caused their negligence or failure. • In addition to violating the law, the product designers or platform developers may also be found in breach of contract that it would have with the device manufacturer.

  47. 3.1 What are the risks associated to Privacy?Contents -Downstream • From the perspective of IoT devices users, data loses, unauthorized access to personal data, unlawful surveillance, intrusive use of wearable devices are some of the risks that they may be exposed to. • More specifically, lack of control and information asymmetry is another major risk that IoT users may be faced with. This is because an IoT ecosystem in a home will typically consist of several interconnected devices, with some devices that are designed to operate in the background as a result of which individuals may not be aware of their presence. • In such a situation, individuals may be oblivious to (/uninformed of) the information relating to them that is being collected, stored and used by such devices. An additional challenge that might be faced with IoT devices is that data that is being collected may not be used for the purpose for which it was originally collected.

  48. 3.2 What are the risks associated to Privacy?Data Protection Impact Assessment 1/2 • Data Protection Impact Assessment – DPIA (an art of privacy assessment) is a tool to help you identify and minimize the data protection risks of new projects. They are part of your accountability obligations under the GDPR, and an integral part of the ‘data protection by default and by design’ approach • DPIA can address a single processing operation or a set of similar processing operations. • DPIA should be carried out prior to the processing, as early as practical in the design of the processing operation. • DPIA should be continuously updated.

  49. 3.3 What are the risks associated to Privacy?Data Protection Impact Assessment 2/2 • The five key stages of DPIA may be summarized as follows: • Identify the need for DPIA (e.g. processing special categories of data) • Describe the information flow • Identify data protection related risks • Identify and evaluate privacy solutions • Sign-off and record the outcome

  50. 3.3 What are the risks associated to Privacy?Data Protection Impact Assessment-Example of ICO Template Identify and Assess Risk Template Example Identify the need for DPIA Template Example

More Related