Professional Documents
Culture Documents
Standardtppresentationwesternbalkans2023 09-19-230921090147 c3c61414
Standardtppresentationwesternbalkans2023 09-19-230921090147 c3c61414
EUROPEAN
DATA
PROTECTION Massimo ATTORESI
SUPERVISOR Deputy Head of T&P unit
The EU’s independent data
protection authority 19 September 2023
A bit about the TP unit: our story
Technology
Technology sector unit grows
becomes Technology to 15 people
Technology Sector and Privacy unit
created 8 people
2 people
Our Composition and Expertise –Multidisciplinary staff with focus on technological and
scientific research
2
Technology & Privacy Unit
The Supervisor
EDPB
Cabinet Secretariat
Secretary/General
Governance
Supervision & Policy & Technology HR, Budget & Information &
& Internal
Enforcement Consultation & Privacy Administration Communication
Compliance
3
What T&P Unit does?
Technology monitoring & foresight
Techsonar, TechDispatch, IPEN organisation, preparation guidelines specific topics, training
in PETS, collaboration with other organisations in technology matters ( in the EU, such as
ENISA, international, such as IWGDPT/Berlin Group), support Supervisor & Sec Gen
IT Audits
Mainly in the context of Large Scale IT Systems and Coordinated Supervision.
Data Breach Notification Handling
Direct Attributions
IT function
EDPS own IT needs as an institution: IT Strategy, IT Governance, Local IT support. Own
systems, NextCloud, EuVideo-Voice, PKI infrastructure. Auditing tolos such as WEC,
mobile apps lab.
4
How are we organised?
Management
Luis Velasco (HoU)
Massimo Attoresi (DHoU)
Digital Transformation System Oversight and Technology Audits Technology Monitoring and Foresight Sector
• IRM – IT Governance • IT audits on Large Scale IT systems • Technological expertise including support
• ICDT • Other IT audits outside ASFJ area the other two sectors and to PC and SE in
• IT Strategy, IT Feasibility Study • Data breach notifications, DBN the rest of topics, Digital Euro, Cloud, AI,
• SLA EP Guidelines and DBN system Blockchain, Surveillance, Finance, Health,
• Local IT function • Expertise in AFSJ including support eGovernment, Data Spaces....
• Innovation Projects the other two sectors and to P&C, • Guidelines on technology topics
S&E and EDPB • Foresight activities. TechSonar &
• DPO meetings TechDispatch
• Contributions to EDPB in topics above
• IPEN Organisation
• Berlin Group, GPA....
6
Personal Data Breaches
7
Personal Data Breaches
Root causes of
personal data breaches
2019-2022
8
Our topics of interest
9
Technology Monitoring & Foresight
10
Technology Monitoring: TechSonar
(Foresight dimension)
11
Technology Monitoring: TechDispatch
12
Technology Monitoring: IPEN network
13
Technology & Privacy – EDPS Guidelines
14
The Web is watching you:
Watch back with the “WEC”
15
Various Compliance Tools for Website
Controllers
Cloud Solutions On-Premise Solutions
• Qualys SSL Labs (HTTPS check) • OpenWPM by Mozilla
• Cookiebot (Cookie check) • WebXray
• PrivacyScore, Webbkoll • Developer Toolbar
(Cookies, HTTPS, etc.) (Firefox and Chrome)
• OneTrust (Cookie check) • Website Evidence Collector
by the EDPS
Problems
• no scans in intranets
• confidentiality or compliance issues
• transparency, reproducibility of the cloud solution
• Website Evidence Collector
by the EDPS
16
Website Evidence Collector (WEC)
from the EDPS
Features
• automated, reproducible evidence collection
• records screenshots, cookies, traffic,
potential web beacons, HTTPS security
• no legal judgements: data protection law agnostic
Output
• machine- and human-readable output
• with many details to identify tracking issues
17
Digital Sovereignty – EDPS Fediverse
pilots
18
Legislative proposals followed by T&P
19
Collaboration with EDPB and EDPB
secretariat
• Interface with the European Parliament for the provision of general basic services
to all the EDPS units including the EDPB Secretariat
• Collaboration with EDPB Secretariat in the organisation of the Website Audit
BootCamp
• Participation in the EDPB “ChatGPT taskforce”
• Management of projects using EDPB Expert pool of experts in the field of
Artificial Intelligence.
• Collaboration in TECH subgroup within the EDPB. Co-rapporteurs in multiple
documents such pseudo-anonymisation, blockchain, ....
• Supervision of Large Scale IT Systems and contribution to the Coordianted
Supervision Committee
20
Artificial Intelligence & AI Act
21
EUROPEAN
DATA
PROTECTION
SUPERVISOR
The EU’s independent data
protection authority
@EU_EDPS