Professional Documents
Culture Documents
Technologies:
Overview
DT 306 Privacy in the Digital Age
T1 2023-24
T K Srikanth
Fair Information Principles (OECD Guidelines)
OECD Guidelines on the Protection of Privacy 2008, revised 2013
● Collection Limitation
● Data Quality
● Purpose Specification
● Use Limitation
● Security Safeguards
● Openness
● Individual Participation
● Accountability
2
Privacy by Design - Foundational Principles
1. Proactive not reactive; preventive not remedial
2. Privacy as the default
3. Privacy embedded into design
4. Full functionality – positive-sum, not zero-sum
5. End-to-end security – full lifecycle protection
6. Visibility and transparency – keep it open
7. Respect for user privacy – keep it user-centric
4
GDPR: Rights of individuals
● The right to be informed: about ● The right to data portability:
collection and use obtain and reuse personal data
● The right of access: for example,
across service providers
to check for accuracy
● The right to rectification: when ● The right to object: for use in
inaccurate or incomplete certain uses (such as direct
● The right to erasure: or the “right marketing)
to be forgotten” ● Rights in relation to automated
● The right to restrict processing:
decision making and profiling:
suppress or restrict use of data
request human intervention in
certain situations
5
Security and Privacy
● Information Security
○ Securing data at rest and data in transit
○ Securing computers, servers, networks …
○ Securing application components
○ Access control mechanisms
○ Authentication, Authorization, Auditing (AAA)
● Privacy requirements: Techniques to enable privacy
○ Anonymity
○ Unlinkability
○ Unobservability
○ Data Minimization
○ Consent-based
Privacy, Personalization, Data Utility
Would like to maximize “utility” of data while ensuring privacy.
Homomorphic Encryption
Transactional privacy not available, since data being added is available across
the network. Hence, often, encrypted data is stored