We do Privacy by Design
This is a modal window.
Das Video konnte nicht geladen werden, da entweder ein Server- oder Netzwerkfehler auftrat oder das Format nicht unterstützt wird.
Formale Metadaten
| Titel |
| |
| Untertitel |
| |
| Serientitel | ||
| Anzahl der Teile | 94 | |
| Autor | ||
| Lizenz | CC-Namensnennung 4.0 International: Sie dürfen das Werk bzw. den Inhalt zu jedem legalen Zweck nutzen, verändern und in unveränderter oder veränderter Form vervielfältigen, verbreiten und öffentlich zugänglich machen, sofern Sie den Namen des Autors/Rechteinhabers in der von ihm festgelegten Weise nennen. | |
| Identifikatoren | 10.5446/45867 (DOI) | |
| Herausgeber | ||
| Erscheinungsjahr | ||
| Sprache |
Inhaltliche Metadaten
| Fachgebiet | ||
| Genre | ||
| Abstract |
|
00:00
DatenmissbrauchFreewareOpen SourceGüte der AnpassungInformationOpen SourceSichtenkonzeptDatenverwaltungProjektive EbeneFächer <Mathematik>DatenmissbrauchXMLUMLJSONComputeranimationVorlesung/Konferenz
01:01
SoftwareentwicklerDigitalfilterSchreib-Lese-KopfStabOffice-PaketOffene MengeOpen SourceMereologieFokalpunktProjektive EbeneDeterminanteOrtsoperatorGrenzschichtablösungComputeranimation
01:43
Open SourceFreewareSoftwareDatenmissbrauchDatenmissbrauchRegulator <Mathematik>Open SourceMereologieSoundverarbeitungSoftwareVorlesung/KonferenzBesprechung/InterviewComputeranimation
02:16
DatenmissbrauchProdukt <Mathematik>SoftwareentwicklerMereologieWasserdampftafelProjektive EbeneSchnittmengeDefaultZweiComputersicherheitSoftwareVorlesung/KonferenzJSONXML
03:08
DefaultDatenmissbrauchSoftwareDefaultKonfigurationsraumDatenmissbrauchProdukt <Mathematik>PhasenumwandlungEinsGruppenoperationAggregatzustandSchreib-Lese-KopfGemeinsamer SpeicherWeb SiteFormation <Mathematik>JSONXMLComputeranimationVorlesung/Konferenz
03:57
DatenmissbrauchProdukt <Mathematik>DatenmissbrauchSoftwareFunktionalSpeicherabzugComputersicherheitOffice-PaketArithmetisches MittelEinsJSONXMLComputeranimationVorlesung/Konferenz
04:38
Funktion <Mathematik>ComputerspielHauptidealInhalt <Mathematik>FunktionalGruppenoperationCASE <Informatik>ComputersicherheitMultiplikationsoperatorServerDatenmissbrauchService providerGüte der AnpassungDichotomieJSONComputeranimationVorlesung/Konferenz
05:31
ComputersicherheitComputersicherheitSoftwareGenerator <Informatik>DatenmissbrauchProdukt <Mathematik>JSONXMLVorlesung/KonferenzBesprechung/Interview
06:13
SchnelltasteInformationsspeicherungRegulator <Mathematik>Prozess <Informatik>TelekommunikationJSONXMLVorlesung/KonferenzBesprechung/Interview
06:54
DatenmissbrauchDatenmissbrauchDienst <Informatik>Twitter <Softwareplattform>JSONXMLVorlesung/KonferenzBesprechung/Interview
07:36
ComputersicherheitDatenmissbrauchDigitalsignalProdukt <Mathematik>ComputersicherheitProdukt <Mathematik>SoftwarePerspektiveOpen SourceDatenmissbrauchFreewareTwitter <Softwareplattform>MAPComputeranimationVorlesung/KonferenzBesprechung/Interview
08:13
ComputersicherheitDatenmissbrauchProdukt <Mathematik>SoftwareentwicklerSoftwareSoftwareProdukt <Mathematik>Open SourceSoftwareentwicklerComputersicherheitBenutzerbeteiligungDatenmissbrauchSoftwareindustrieComputeranimationVorlesung/Konferenz
08:50
DatenmissbrauchDatenmissbrauchMereologieSystemplattformOpen SourceSoftwareMinkowski-MetrikComputeranimationXMLVorlesung/Konferenz
09:27
Inhalt <Mathematik>TabelleVolltextDefaultCoprozessorGamecontrollerMarketinginformationssystemZählenElektronischer DatenaustauschTermMereologieRechter WinkelSoftwareDatenmissbrauchHyperbelverfahrenMultiplikationsoperatorService providerBasis <Mathematik>Mailing-ListeInklusion <Mathematik>RelativitätstheorieProjektive EbeneWasserdampftafelMaschinenschreibenVorlesung/Konferenz
10:59
MarketinginformationssystemInhalt <Mathematik>TabelleGamecontrollerVolltextDefaultMIDI <Musikelektronik>GruppenoperationOpen SourceRegulator <Mathematik>SoftwareOpen SourceDatenverarbeitungFamilie <Mathematik>Dienst <Informatik>FreewareDatensichtgerätVorlesung/KonferenzComputeranimation
11:39
Prozess <Informatik>RückkopplungRechenwerkOnlinecommunityKomponente <Software>Projektive EbeneBridge <Kommunikationstechnik>Open SourceSoftwareentwicklerBenutzerfreundlichkeitSoftwareTelekommunikationStabBeweistheorieGüte der AnpassungComputersicherheitRamsey-TheorieMechanismus-Design-TheorieOrtsoperatorTermMultiplikationsoperatorChiffrierungMereologieEinfache GenauigkeitBitProzess <Informatik>EntscheidungstheorieRegulator <Mathematik>GrenzschichtablösungWeb SiteElektronisches ForumForcingVorlesung/Konferenz
14:38
Dienst <Informatik>VerkehrsinformationProdukt <Mathematik>PortscannerOpen SourceSoftwareProdukt <Mathematik>PunktMaschinenschreibenSoftwareentwicklerURLDienst <Informatik>MereologieXMLUMLVorlesung/KonferenzBesprechung/Interview
15:16
GruppenkeimElektronisches ForumWechselsprungSommerzeitIndexberechnungCookie <Internet>WhiteboardWeb-SeiteROM <Informatik>Open SourcePunktMaschinenschreibenElektronisches ForumInformationDatenmissbrauchWeg <Topologie>ComputeranimationVorlesung/Konferenz
16:00
Basis <Mathematik>Prozess <Informatik>Web logElektronisches ForumRegistrierung <Bildverarbeitung>BenutzerprofilIntegritätsbereichE-MailAdressraumPasswortServerChiffrierungDefaultDatenmissbrauchElektronische PublikationAbfrageOpen SourceAdressraumTermDatenmissbrauchInformationProgrammfehlerComputeranimationXML
16:42
PERM <Computer>Vorzeichen <Mathematik>Einfache GenauigkeitOffice-PaketMagnettrommelspeicherMulti-Tier-ArchitekturURNProgrammfehlerOffice-PaketOffene MengeDatenmissbrauchProjektive EbeneRegistrierung <Bildverarbeitung>WärmeübergangOpen SourceWeb SiteProzess <Informatik>E-MailRechter WinkelValiditätVorlesung/KonferenzXML
17:46
MenütechnikOpen SourceWeb SiteGebäude <Mathematik>AuswahlaxiomInformationMechanismus-Design-TheorieKontrollstrukturObjektverfolgungGoogolGoogle AnalyticsMaßerweiterungTransaktionBrowserPerfekte GruppeDatenmissbrauchE-MailProzess <Informatik>MinimumRegistrierung <Bildverarbeitung>EntscheidungsmodellVollständigkeitPasswortFunktion <Mathematik>Cookie <Internet>MereologieDatenmissbrauchWeb SiteOnlinecommunityInformationAnalytische MengePerfekte GruppeVideokonferenzWeg <Topologie>XMLUMLComputeranimationVorlesung/Konferenz
18:36
SoftwaretestDatenbankServerCookie <Internet>ObjektverfolgungWeb SiteCodeMailing-ListeNewsletterElektronisches ForumSoziale SoftwareCodeGamecontrollerBildverstehenSystemplattformRegelkreisOpen SourceLucas-ZahlenreiheMailing-ListeKondition <Mathematik>EnergiedichteValiditätMaschinenschreibenSuite <Programmpaket>Kollaboration <Informatik>E-MailProzess <Informatik>Workstation <Musikinstrument>NewsletterTelekommunikationIntegralSoftwaretestMultiplikationsoperatorKontinuierliche IntegrationUmsetzung <Informatik>ComputeranimationVorlesung/Konferenz
19:49
DatenmissbrauchOpen SourceBrowserMaßerweiterungMobiles InternetProdukt <Mathematik>Generator <Informatik>BitProdukt <Mathematik>Open SourceDigitale PhotographieBrowserMaßerweiterungArithmetisches MittelMobiles InternetApp <Programm>ComputeranimationVorlesung/Konferenz
20:31
BrowserMaßerweiterungMobiles Internetp-BlockDatenmissbrauchSoftwareDatenmissbrauchVersionsverwaltungMereologieComputeranimationVorlesung/KonferenzXML
21:06
DatenmissbrauchEinfache GenauigkeitDatenmissbrauchMereologieOpen SourceProjektive EbeneSoftwareentwicklerFormation <Mathematik>Vorlesung/Konferenz
21:56
Virtuelle MaschineDatenmissbrauchProjektive EbeneZweiRegulator <Mathematik>BitOpen SourceDefaultDokumentenserverSoftwareentwicklerProzess <Informatik>MultiplikationsoperatorComputeranimation
23:14
Web SiteObjektverfolgungDatenmissbrauchBillard <Mathematik>DefaultLokales MinimumBenutzerbeteiligungTUNIS <Programm>Inklusion <Mathematik>BildschirmsymbolWeb SiteOffene MengeDienst <Informatik>ResultanteDatenmissbrauchWeg <Topologie>URLPlug inPhysikalisches SystemMobiles InternetProjektive EbeneProzess <Informatik>SoftwareCookie <Internet>Open SourceUmsetzung <Informatik>SoftwaretestSoftwareentwicklerMaßerweiterungBeobachtungsstudieBenutzerfreundlichkeitBitrateProdukt <Mathematik>GruppenoperationSystemzusammenbruchFunktionalFormale GrammatikBitVerkehrsinformationp-BlockExpertensystemSchnittmengeDefaultXMLVorlesung/Konferenz
25:49
BrowserTermInstallation <Informatik>W3C-StandardTeilmengeWeb SiteDefaultOpen SourceYouTubeCookie <Internet>VideokonferenzDatenmissbrauchSchreib-Lese-KopfPunktMaschinenschreibenDienst <Informatik>GoogolComputeranimationVorlesung/KonferenzBesprechung/Interview
26:33
Hypermediap-BlockTeilmengeInhalt <Mathematik>ObjektverfolgungDatenmissbrauchComputersicherheitMultiplikationsoperatorGüte der AnpassungMixed RealitySpeicherabzugDatenmissbrauchWeg <Topologie>Web logKonfiguration <Informatik>BildschirmsymbolDatenerfassungp-BlockCASE <Informatik>Komplex <Algebra>HypermediaMailing-ListeBenutzerbeteiligungAutomatische DifferentiationAdditionTeilmengeComputeranimationVorlesung/Konferenz
28:27
ObjektverfolgungCookie <Internet>AnalysisElektronischer FingerabdruckSkriptspracheWeb SiteDatenmissbrauchSystemidentifikationFunktion <Mathematik>FunktionalCookie <Internet>DatenmissbrauchComputeranimationVorlesung/KonferenzXML
29:04
Innerer PunktFunktion <Mathematik>Produkt <Mathematik>FunktionalMultiplikationsoperatorVirtuelle MaschineE-MailAutomatische DifferentiationIdentifizierbarkeitHilfesystemKonfiguration <Informatik>Vorlesung/Konferenz
29:57
SystemidentifikationFunktion <Mathematik>Virtuelle MaschineDatenmissbrauchInformationProdukt <Mathematik>QuadratzahlKonfiguration <Informatik>VerkehrsinformationCASE <Informatik>FunktionalWeb SiteGrundraumVerknüpfungsgliedSystemplattformWhiteboardXMLVorlesung/Konferenz
31:11
Prozess <Informatik>AggregatzustandEbenePERM <Computer>Konvexe HüllePackprogrammGenerator <Informatik>DatenmissbrauchYouTubeAblaufverfolgungMultiplikationsoperatorData MiningArithmetisches MittelCASE <Informatik>Rechter WinkelXMLVorlesung/Konferenz
32:18
MaßerweiterungPay-TVTeilmengeAnalytische MengeAdressraumCodeUmwandlungsenthalpieMaßerweiterungPay-TVNetzadresseElektronische PublikationMultiplikationsoperatorVerkehrsinformationPerspektiveSystemplattformDADSMAPSoftwareentwicklerProdukt <Mathematik>DatenmissbrauchMereologieXMLComputeranimationVorlesung/Konferenz
33:35
TelekommunikationMonster-GruppeBitMaßerweiterungResultanteSoftwareentwicklerDatenmissbrauchWeg <Topologie>App <Programm>CodeQuellcodeTermOpen SourceProdukt <Mathematik>Projektive EbeneKategorie <Mathematik>Computeranimation
35:08
Service providerOpen SourceDivergente ReiheKlasse <Mathematik>Prozess <Informatik>DatenmissbrauchProdukt <Mathematik>Gemeinsamer SpeicherComputeranimationVorlesung/Konferenz
36:16
DatenmissbrauchOpen SourceCASE <Informatik>Formation <Mathematik>BildschirmmaskeWhiteboardElektronisches ForumSoftwareProjektive EbeneDateiformatGefrierenComputerspielViewerGemeinsamer SpeicherWellenpaketMomentenproblemSchlussregelGesetz <Physik>Regulator <Mathematik>BenutzerbeteiligungFunktionalComputeranimationVorlesung/Konferenz
42:34
FreewareOpen SourceComputeranimation
Transkript: Englisch(automatisch erzeugt)
00:07
So then let's get this started. Good morning everybody. I'm glad to see so many faces in here this early Sunday morning. Glad that you made it. So to energize you a little
00:20
bit, let's see a show of hands. Who of you is working actively in one open source community? Okay. And from these who were just showing up, which of your projects are actively processing user data? And do you think that you are doing this GDPRR compliant?
00:49
Okay. So it's great to have you in here, everybody. This talk is about privacy by design. And some small infos about myself. Yeah. Been there, done that in open source for now
01:06
for about 20 years. Have been with several open source projects. Now I'm working at IO, which is a company behind Adblock Plus. And I'm glad to be in the lucky position to even get paid for working in open source project. So what I want to walk you through today
01:29
is focusing on privacy by design. So it will not be a talk focused primarily on GDPR. But we will go past this a bit as well. I want to focus on this one concept that is
01:43
part of the new regulation. But goes beyond this. And also has been there for a much longer time. So we will start with looking at the principles of privacy by design. Then why does it matter? And how does it affect free and open source software? And then because
02:02
it is a concept that is easy to grasp but hard to do, I will provide you with some examples from our Adblock Plus experience. So about the concept. First, the background of this is that privacy by design was already devised in the 90s. It is coming
02:21
from Canada. There was this privacy commissioner named Ann Kabukian. And she devised seven principles of privacy by design. And I will now introduce you to these seven criteria. Welcome. So the first of the seven criteria is called proactive not reactive. What does
02:46
this mean? It means that privacy should be part of your product development from day one. So you do not plug the security holds or privacy issues as an afterthought. They get anticipated and they get prevented from the beginning. Second criteria, privacy as
03:08
the default setting. So this means that by default, your software is configured in a way to protect the user's privacy best. And that it collects the least possible amount
03:21
of data. So this means that the user does not need to do anything in the first place to protect their data. And if they would like to, they can decide which data to share. And the users will only do so if they understand the benefits of sharing that data. And if
03:42
they know what is getting done with the data and if they know how to decline the consent whenever they would like to. The third criteria is called privacy embedded into design. This means design is the conceptualization phase. It's the product's
04:02
roadmap where you think about how you want to develop the software in the future. And if you're doing this more specifically in a company environment, privacy aspects get sacrificed quite quickly, unfortunately, because always developing
04:22
core features functionality is always more important. So this principle means that you need to define privacy and security as the core features of your product and that you need to prioritize them accordingly. The third criterion is called full functionality.
04:43
This is, I think, the trickiest of the seven. And in the end, it's about innovation and having really great ideas, because it is key to come up with smart solutions that both protect privacy and at the same time do not limit the business case or the
05:02
functional scope for the user. And this can be really tricky, because for several functionalities, you need at least some data from the user. So this means that it's about coming up with good ideas to avoid these dichotomies and provide
05:21
good solutions for the users that they get the most of the functionality with giving the least of their data. The fifth principle is called end-to-end security full lifecycle protection. This means that when you are developing software and you are processing user data, you need to have in mind the full lifecycle
05:45
of the user's data, which means it starts from data generation to how you are using the data. Probably also you are handing data over to third parties. Then sometime probably you are archiving the data and sometime you are deleting the data and all of
06:03
this product data lifecycle, you have to keep in mind to secure the privacy of your users. The sixth criterion is called visibility and transparency, keep it open. This means that you can only then build good relationships with your users when you can communicate
06:26
as transparent as possible what the user's data is used for, which is also very important for the regulation that now came into place. This information, what you're using the data for, can always be verified anytime by an independent third party so that it is possible
06:44
to have your processes and your data storage and everything related to user's data audited by a third party anytime. The seventh and I think the most important of these seven principles is respect for the use of privacy, keep it user-centric.
07:02
It means there is a sovereign user that is in the center of all privacy efforts. This means that the users own their data. It is not you owning the user's data. The ownership always keeps with the user. This means that the user grants and denies
07:20
the access to the data. It means that always they have the full visibility on who has access to their data and they can change the data and they can also trigger its deletion. So this is for a first overview and I'd like to wrap up these seven principles a bit from different perspectives. The first one is from the product or free and open source
07:44
software perspective. This software has to prevent privacy and security issues from the very beginning. It always has to request a permission first, which means you have to
08:00
work with opt-ins instead of opt-outs, for example. The software needs to put the user in charge of deciding on their level of privacy. When you are thinking about your product or open source software roadmap, you have to give security and privacy issues top
08:21
priority so that they are not deferred to feature development and you need to innovate on how to provide the best features without sacrificing privacy. And as a software company or as a first community, you have to provide transparency to your users on the purpose for
08:42
which the data is used. And you need to consider privacy in the full product lifecycle. So, why does this matter now? There is a general approach to this, like the saying goes, privacy is like oxygen. You only notice when it's gone. So in my perspective, privacy is like a
09:06
human right, and you as a software developer, as part of an open source community, you should provide your users with the tools that protect their breathing space. But apart from this
09:22
overall general ethics, now there are real regulations, and I think everybody of you nowadays has heard about GDPR. It came into place in May, so I won't give you a full background in GDPR. There are many other talks about this, and many people who can
09:43
do this much better than me. But some things that I want to highlight to you is that the first one is that the aim of this General Data Protection Regulation is to protect the personal data of individuals in the European Union in an increasingly data-driven world.
10:05
Its most basic requirements are first, transparency. What is being done with the data that is collected? Accessibility, that is about this user sovereignty, that the user can access their data, and consumer rights in terms of deleting the data and changing the data at any
10:25
time. And the third and foremost principle is privacy by design. So now we are having this concept that comes from the 90s embedded in one EU-wide regulation, which as EU users are
10:41
taking part in also software that is provided by international companies, also needs to be complied by these international companies. So here in the Article 25 that I got on the slide, it says very explicit that privacy by design now is a requirement and not a suggestion.
11:05
And that there are really very large fines if a company or somebody providing a software is not complying with these new regulations. But how does this now affect open source software?
11:25
The most important thing is that this regulation not only applies to companies, it applies to every data processing apart from, and there is a clause, apart from personal or family-related use. So the regulator took something apart like
11:46
some stuff that is done as a hobby or that is really personal, that is really family-related. But still, apart from this, it applies to really any entity, not only companies, that processes
12:00
European user data anywhere in the world. So what this means, if you are a single, free and open source developer scratching your own itch like the saying goes, is this a hobby? Is this a personal use? Is it probably family-related? There is no formal decision yet. So this is something that I assume will be part of several discussions and probably also
12:26
decisions in the upcoming months and years because there is no formal regulation on this up to now. But if you are a single force developer who is providing tools to your community,
12:42
like a forum or a website or an issue tracker or whatever, then you are actively processing user data apart from personal or family use. And as soon as you are doing that, GDPR is definitely part of your concerns. And where it also fully applies, if you are part of a company that either
13:07
produces or uses free and open source software, then as well, this is nothing about personal use. This is something where GDPR applies, and in this regard, you really need to be concerned about
13:20
properly implementing privacy by design. So the bright side is that open source projects most of the time are mostly in a good position for these compliances, because in general, they already are transparent. They have flexible processes. They have good feedback mechanisms. So one part of the principles is already in place. Also, in most of the projects, security and
13:51
encryption mechanisms, for example, they already have an importance and are implemented. And the third thing is that GDPR is also about transparency in early breach notifications.
14:05
So in terms of having a software that is already open source and where all of the communications are transparent, this leads into an easier way of doing this. So probably not that many
14:22
things to be that much concerned, but still having these principles in mind will definitely help you improve on your software, even completely apart from GDPR, but just because you are respecting your users. So let's look into this a bit in more detail,
14:41
and I will provide some examples. So there are so many touch points when you are doing open source software development where you are interacting with your users' data. So this is for sure you are doing this in several of the products. So these are examples from Ubuntu, and in Ubuntu, you have the feature of problem reporting, and you have location
15:03
services, and you have the opportunity to give your consent whether you want to do this or whether you don't want to do this. These are just small features that you need to care about to implement these in your products. But a part of your product, as I said, there are so many other touch points that you have with your community, and you need to care
15:22
about them now as well. So one thing that most of the open source communities have is a forum. So now this here is the Adblock Plus forum, and because people register to get into the discussions, Adblock Plus, as the owner of this forum, is collecting personal data,
15:42
and this means that there needs to be a privacy policy explaining what has been done with the data, whether it is handed over to another third party, whether there is tracking in place when the data is deleted, and so on. So this is an example for the privacy policy for this specific forum, and it first tells what is collected in terms of personal data,
16:10
and that it is not required to participate, that you can delete your account, and later on in the privacy policy there is also an address where people can turn to if they want to have
16:22
anything changed or deleted about that data, or if they just want to get some more information about that. Another example is that most of the open source communities will run in a public bug tracker, also a tool that is collecting personal data from the users.
16:42
So again, the same thing, this is the bug tracker of the open office project, and they are providing a privacy policy here, and here in their privacy policy, they again tell that there is
17:02
personal data collected in registration, that there is no transfer of the data to third parties, and that is the email address, and what is necessary, and all of the rest is voluntary, and later on more data that is collected, what is collected for, and when it will be deleted.
17:25
If you need to collect personal data, like you need in a registration process like here, there is the need for explaining very detailed how you're processing the data and how the user can decline the rights to access the data again. Same thing about the websites that
17:45
the open source communities are running, the Drupal website. Again, same story, privacy policy here. So an interesting thing about the Drupal website is that they are handing over information to third parties. This is Google Analytics, and this is called Perfect Audience,
18:07
and here they provide the opportunity to opt out. So they say we are tracking this by default, but if you don't want to be tracked, go here, and then you are not tracked. It would be better
18:22
the other way around, but still they are providing the information and give the user the opportunity to get their data handled in a way they want to have it. What else is there to consider? Probably you're providing your community with other tools, like you're doing code hosting,
18:45
probably on your own vision control system, you have your Git set up somewhere, for example, or you're using GitHub or GitLab. If you provide your users with access to these platforms,
19:01
you are collecting their personal data, and, again, you need to get into this conversation. Same for automation tools, for continuous integration and testing, for example. Same for other kinds of communications that we didn't touch up until now, for example, like mailing lists or newsletters, or collaborative editing. So there are people,
19:25
if you just look for these topics on the web, there are people who are having very detailed concepts now, how to do collaborative editing, like on Etherpad, for example, in a GDPR compliant way. So if there is a need in your open source community for that,
19:44
check these out, they are good ideas about this, how to set up these processes. So these were very general ideas, because at Blockplus we are very privacy friendly and very much concerned with this topic. I chose this open source product as an example where I can
20:07
show a bit more of a detail towards all of the stuff that was discussed before to just make it more tangible. So talking about at Blockplus, there's not only one product that probably most of you know which is the browser extension, there are dozens. So we have the
20:25
desktop browser extensions, we are having mobile partnerships, and we are having mobile browsers, meaning apps. And all of these are free software, and then they are licensed on GPL version 3. And in each of them, we really care about privacy by design.
20:44
And I want to show you some more examples about this. So the first and I think most important thing, and in fact this is also the reason why I chose to work for IO, the company behind at Blockplus is that privacy is really part of the company's DNA. So this is how we put it in our
21:06
privacy policy that it is really part of our values that we collect as little data as possible. And if it is in any means possible to don't collect anything that we can provide anonymous
21:21
or at least pseudonymous use, we will do this. And this is something that really comes from the past where this open source project was started by one single open source developer, Vladimir Palant, and he was deeply concerned about privacy. And this is something that
21:41
for a company that now grew to 130 employees is still a part of our DNA and is still looked into in everything that we are doing. We are discussing a lot about this, and I will show you more details about that. So coming back to the seven principles that I provided,
22:01
the first I said is proactive, not reactive, and here meets Judith. Judith is our data protection officer, she is a doctor of law, and she is really involved in any of the feature developments that we are doing at Blockplus. So this is our GitLab repository
22:21
with our GitLab issue tracker. This is all open as we are an open source company and community. All of our discussions are transparent and accessible by the public. So as you see here, this is something about a new feature that we wanted to support in our issue reporter, and it would mean that we would collect one bit of user data.
22:45
And because of this here, Judith, our DPO, is integrated in the whole process from the start, and I think this is a very important thing. Not every open source community will have a dedicated data protection officer, but see that you have one person who knows about the regulations but also
23:05
lives for the user's privacy by heart and involve these persons from the beginning in your feature development. The second principle, privacy as the default setting. This is very easy
23:21
for us because we try to just not collect any user's data. So what you see here, privacy score is an open scanner where you just enter a website, and this is the result for our website, and you see that we are just not tracking anything. There are no cookies. There are no
23:45
social plugins. There just isn't anything, and the same goes for our tools. So there is no telemetry. There is no location-based tracking on the mobile devices. We do not send crash reports. All of these things we just don't do, so having privacy as a default setting is
24:05
very easy for us, but it is not easy for product development. So we just don't know who our users are. We don't know about their issues. Where is our product working for them? Where, when they visit our website, do they probably get stuck? So we want to improve
24:26
the functionality for the users, but we don't know about them. So there are lots of discussions raging at Block Plus, if we should have tracking, if we should have telemetry. At the moment, what we are doing is that we are focusing on user support, so to get into
24:43
a conversation with our users, we have a feature which is called the issue reporter, which I will come to a bit later, where people can report if anything is not working with the extension, to tell us about stuff that people don't understand or they don't like, and we
25:01
are doing user tests, and I think this is a very important feature and something that I can recommend for any open source community. Go and talk to your users in any way that you are able to, and formal usability tests are a great way to do this. So if you want to learn more about
25:20
that, come and visit us at our booth. We are doing usability tests the whole day. We have our UX experts there, and they will walk you through our new features and see how you like them, if you understand them, if there are ideas on improving them, and also about what is already there. So get into this conversation with the user. It means that formal tracking things
25:44
in the software are probably not that important anymore for your product development. Another example regarding privacy by design is how we are doing it on our website. So we are showing an explanatory video, which is also quite useful for the users, and videos that are
26:03
coming from YouTube always place the YouTube cookie on the user's devices, and also if you're using the no cookie tag, it just doesn't work. There is still data sent to Google. So what we are using here is YouTube no cookies.com, which is a service that strips this and does not
26:25
affect our users with Google cookies anymore. So we really try to look into this in every touch point that we are having with the user. Another example for the criteria, which is called privacy embedded into design, which means define privacy and security as the core features
26:45
and prioritise them accordingly. This is also something that is where I think Adblock Plus is a very good example because one of the features that we are providing is Adblock Plus as a privacy tool. So Adblock Plus is not only blocking ads. Besides ads, which are really annoying
27:06
in your web browsing experience, the even more freaking thing is that you are getting tracked everywhere. So what we are providing are the privacy and security options here, which allow the user to get in more filter lists, mainly easy privacy in this case,
27:28
which blocks additional tracking and also blocks social media icon tracking. And another thing that is specific to Adblock Plus, not to most of the other ad blockers, is that we have this thing called acceptable ads, which means that we show ads that are not annoying or
27:46
not that much annoying, at least they comply with the acceptable ads criteria, but these would track the user. So what we provide as well is another feature where we say only allow ads
28:01
without third-party tracking. So the user has a very fine granular options in how much privacy they want to have, and if they want to have full privacy, they only allow the acceptable ads without third-party tracking and activate the easy privacy list and the social icons tracking
28:23
list so that all of this gets blocked. So when you are using easy privacy, and this goes for Adblock Plus as well as any other ad blocker that provides you with access to this filter list, you are pretty safe against most of these tracking strategies, like cookies,
28:48
fingerprinting, session replays, and so on. Third, the next criterion where I wanted to provide an example is about full functionality, so coming up with smart solutions that both protect
29:04
the privacy and at the same time do not limit the functionality to the users. So as I said before, we are providing this issue reporter, which means when the user is using our product and they are seeing ads, for example, still, they have the possibility to report this to us.
29:25
And they can provide an email address, but they always have the option to submit this anonymously, and we explain that in here that if you enter an email address, we can get back into contact with you, but if you don't care about that, then don't provide the email address,
29:43
do this anonymously, and it's also totally okay for us. The next thing where also we are having an opt-in, this is a feature that is not live yet, but what we are thinking about is that people allow us to use the screenshots to help identify ads through machine learning,
30:02
which also could break the user's privacy, so this is something that is opt-in, and also only users that would like to support us with this endeavor, they opt into this. Another thing that is very important about this issue reporter functionality is that it allows the user to screenshot of the website where they were seeing ads, and if you're taking screenshots,
30:27
there might be the case that some personal data is shown, like you were logged into a website or to a platform, and you don't want to send this information, this personal
30:41
information to us, but you want to send us the information about the ad, so what the issue reporter is also providing as a feature is the option to clear out, like to put a black square about the stuff that you don't want us to see, so even more opportunity for really
31:06
only sending the stuff that you want the product to know about. Then the next criteria, as I said, is about full lifecycle protection, which means that the privacy
31:21
is respected from the data generation to its usage, probably handing over to third party, archiving and deletion, so as I said, we are really much into data avoidance and data minimisation, so there's really not that much for us to do in this case, because no data, no
31:40
lifecycle. Our general privacy policy is just to avoid collecting data, and if it is collected, it is anonymised, and if possible, it is deleted as soon as it is no longer needed, so this is where we explain in detail to the user what their rights are and what is done with the
32:07
data, like that the data is deleted, for example, if the users withdraw that content or if we just no longer need the data, and here is one specific example, is that there is data
32:23
that we are capturing, but only for 30 days, and this is about subscription downloads. This means that an IP address has downloaded this filter list. This is something that, via the extension, gets sent to us, and same for extension update checks. There's a feature called emergency
32:42
notifications, and this issue reports the data that I just mentioned before, and these are data that we are not collecting actively, but which is just part of our logs, apart from the issue reporter that we are collecting actively after the opt-in of the user, but all of this data is
33:00
removed after 30 days, which is not a very long time span, and, again, something where, from a product development perspective, and also from a quality perspective, you probably would like to look into the issue reporter data that is some years ago and see how things change, but we just can't, because we value privacy on that high level. We give it that much
33:26
prioritisation that we say we do this only for the 30 days, and then it's gone. The last thing that I want to talk about a bit more in detail is about this principle
33:40
about visibility and transparency, to communicate as transparent as possible about the users' data is used for. As I said, AdProplus is an open source community, and I think this goes for everybody else here who is involved with an open source community. You just communicate very
34:02
transparently, and so, in our example, you can check out all of our source code and, as well, all of our feature development in terms of issue tracking. We are doing this mostly in GitLab. This is our code review tool where all of our code reviews are public, and this is our
34:24
issue tracker that will soon be most probably replaced by GitLab, but at the moment, you can monitor both. This is a track, and, as I said, both are public, and you can check out what we are doing, why we are doing it, and what the results are, and also what comes into the next
34:45
release, and all of the products that I mentioned before from the extension to the app. If you want to get involved in the discussion, we are having our public chat on the Mozilla IRC. It is just called AdProplus, so, yes, join the discussion. We are really trying to be as
35:05
open as possible about all of this. So, wrapping this up, as I said, privacy is like oxygen, so just provide it to users. Keep this in mind that this is, even apart from any regulations,
35:21
it is so important for the users and for building trust with your users. Privacy by design as a concept just helps you to focus on the main topics, to see that you don't forget anything because there are so many things about this. GDPR in itself, it does apply to open source development, and it enforces privacy by design,
35:46
so even more important it is now to understand these principles and to act by them. And as I said, privacy by design is easy to grasp, but it is hard to do. So, like I did now about Adblock Plus, please share your best approaches with your and other
36:03
open source communities so that we can learn from each other and see where you came up with great processes, product features that really respect your users' privacy. So, thanks all for listening in, and I'm happy to hear about your questions and also probably
36:21
step into a discussion how you provide privacy by design to your users. Thanks. Any questions? The question was, how should a community deal with the case when the user
37:03
is providing personal data in a forum comment that was neither required nor that you want to have them shared? It is a very hard thing because you can't prevent them from up front. You just can educate them and make sure that you have moderators caring about this.
37:24
So, just anecdotal, I was involved in a project where we provided a community for kids at the German TV channel Kika, so this kinder canal, and there they had the same issue. It was a public forum, and they really not wanted the kids to share their names where they were living
37:44
and so on. So what they did, they really had 12 people there from morning to evening, and everything that the kids were sharing in this forum was read by these moderators before it went live. So they really employed people to read everything, and in the evening they closed
38:06
down the forum to keep up with German working laws so that people don't need to work the whole night shift. This is not something that any open source community can provide, so that you will have this data probably in the forums, and as I said, you can only try to educate and afterwards
38:27
delete if there is something that should not have been shared. Any other questions? Or is there probably, so some people showed up in the beginning, anything that you do in your
38:44
open source projects to provide your users privacy? Anything interesting to share? Yes?
39:58
So the question was,
40:05
there is so much software functionality already that is not respecting privacy by design, and what will happen about this, and how will the courts rule about that? For sure I can't look into the future, and I don't really know what I, but I think that
40:24
it really depends on whether people will take this to court, whether there is a strong movement. I think this also should be driven by the open source community, and by everybody who is interested in web politics, and providing privacy to everything that is connected to the digital world,
40:48
to really take companies to court if they don't comply with features that are already there, or features that are new into development. What I see at the moment is that there really are things changing. Companies are starting to care more about these features. They really
41:06
hate it, and they complain, but they really do. It is also changing things that are moving in the ad industry, which is something that we from AdMob Plus are monitoring quite closely. So these are great things to see. I'm very happy about that. But also I think that there
41:24
are lots of things where people just try to say, okay, I provide this opt-out somewhere hidden, or I provide this clause in my privacy policy, and then everything is fine. There it really depends on who is taking this to court, and how the courts will be ruling about this,
41:44
because I agree there is room for compromise, and we just need to see how this evolves in the future. Yes? Yeah. So IO is preparing for the LDI certification, which is the
42:06
Ländestadt and Schutzpauftragte No. 3. We are a Cologne-based company, so this is where our regulation is living, and yes, we are currently preparing for that. No questions, please. Okay, then thanks everybody, and have a nice day.