We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

Privacy by design

00:00

Formal Metadata

Title
Privacy by design
Subtitle
how to code GDPR and e-privacy regulation safe
Title of Series
Number of Parts
94
Author
License
CC Attribution 4.0 International:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Identifiers
Publisher
Release Date
Language

Content Metadata

Subject Area
Genre
Abstract
The EU wants privacy by design and privacy by default. What does that mean for your software? What do you need to consider? Which documents do you need to provide? The lecture shows what software developers need to consider to be GDPR and e-privacy regulations conform. What has to be considered in software design.
Keywords
15
Thumbnail
1:16:56
20
Thumbnail
59:24
23
Thumbnail
10:02
48
Thumbnail
50:08
56
76
Thumbnail
12:05
Information privacyFreewareOpen sourceSlide ruleComputer-generated imageryInformation technology consultingRule of inferenceInformation privacyRule of inferenceInformation technology consultingStreaming mediaSlide ruleArithmetic meanXMLComputer animationLecture/Conference
Digital photographyComputer scienceDatabaseBit rateAverageSoftware developerInformation technology consultingProcess (computing)NeuroinformatikMeeting/Interview
FacebookTwitterInformation technology consultingInformation privacyBlogDefault (computer science)Information privacyInformation technology consultingFacebookBlogTwitterMikroblogMassChaos (cosmogony)Different (Kate Ryan album)Default (computer science)InternetworkingGoogolSoftwareSet (mathematics)RobotReliefEndliche ModelltheorieGraphical user interfaceWindowMoment (mathematics)JSONComputer animationXMLUML
Information privacyInformation privacyRegulator geneSoftwareDefault (computer science)View (database)Software developerDependent and independent variablesExecution unitAnalytic continuationAxiom of choiceProcess (computing)JSONUML
Group actionSingle-precision floating-point formatParallel portWebsiteHand fanWindowFitness functionYouTubeNatural numberInformationDependent and independent variablesDatabase1 (number)FacebookStaff (military)Execution unitSuite (music)Metropolitan area networkSoftwareInformation privacyAddress spaceLecture/Conference
InformationGrand Unified TheoryFitness functionFamilyBitJSONComputer animationLecture/Conference
InformationProcess (computing)Finitary relationSoftwareRule of inferenceLatent heatBit ratePlastikkarteBoss CorporationPerturbation theoryComputer animation
Physical lawInformationPoint (geometry)Limit (category theory)Software developerObject (grammar)State of matterTransportation theory (mathematics)Computer animationLecture/Conference
InformationFinitary relationCodeAddress spaceMusical ensembleFitness functionDesign by contractWordInformationSoftwarePhysical lawMaxima and minimaRight angleGraph coloringJSONComputer animationLecture/Conference
Process (computing)Theory of relativityYouTubeSoftwareRow (database)JSONComputer animation
Process (computing)Address spaceContent (media)Data storage deviceLimit (category theory)Physical lawLaptopJSONComputer animation
Data storage deviceKey (cryptography)File archiverPhysical lawNeuroinformatikArithmetic meanOffice suiteElectronic mailing listInformation privacyINTEGRALSoftwareProcess (computing)CASE <Informatik>Right angleDatabaseGroup actionMaxima and minimaPublic domainNominal numberEmailUniverse (mathematics)LaptopBlogField (computer science)Message passingGodWorkstation <Musikinstrument>Service (economics)Default (computer science)Data qualityComputer scienceHand fanGame controllerFitness functionPort scannerState of matterYouTubePerturbation theoryLecture/Conference
Information securityServer (computing)FamilyWeb 2.0Design by contractContext awarenessOffice suiteStructural loadRow (database)Length of staySystem administratorINTEGRALState of matterCASE <Informatik>Insertion lossMereologySoftwareComputer animation
Proof theoryBit rateInformationInformation privacyInstallation artData storage deviceGame controllerRight angleInformation securityPhysical lawSoftwareVideo gameBoss CorporationRule of inferenceVideoconferencingInformationSurvival analysisTheory of relativityDifferent (Kate Ryan album)Newsletter1 (number)Discounts and allowancesService (economics)Musical ensembleMoment (mathematics)Endliche ModelltheorieRAIDPresentation of a groupNatural numberOpen sourcePlastikkarteMereologyGodResultantCASE <Informatik>HTTP cookiePhysical systemFile formatJSONComputer animationLecture/Conference
Physical lawLevel (video gaming)Local ringRight angleRouter (computing)CASE <Informatik>MereologyElectronic mailing listTelecommunicationServer (computing)VirtualizationPrime idealLine (geometry)Electronic program guideGame theoryData centerJSONComputer animation
Interior (topology)Data storage deviceMeasurementInternetworkingNP-hardInheritance (object-oriented programming)Digital photographyPresentation of a groupTwitterMusical ensembleYouTubeValue-added networkMetropolitan area networkTransportation theory (mathematics)Electronic mailing listBounded variationSlide ruleDependent and independent variablesDirect numerical simulationInformation privacyFacebookPhysical lawLecture/Conference
Information privacySoftwareTraffic reportingMeasurementRight angleSign (mathematics)Server (computing)Different (Kate Ryan album)Matching (graph theory)Fitness functionSoftwareWindowData managementRootGame controllerJSONComputer animation
MeasurementWordMusical ensembleView (database)
Staff (military)Slide ruleInformation privacyData centerContext awarenessFacebookHeat transferMeasurementLocal ringOpen setSoftware testingUniverse (mathematics)Program flowchartJSONComputer animation
MeasurementInformation privacySoftwareTraffic reportingStaff (military)StatisticsData centerStaff (military)System administratorSet (mathematics)IP addressServer (computing)Key (cryptography)Computer networkSheaf (mathematics)Lecture/ConferenceJSONXMLUMLProgram flowchart
Right angleGroup actionForm (programming)Electronic mailing listInformationComputer fileMusical ensembleWordWebsiteSet (mathematics)Computer animationJSON
InformationFormal languageFacebookSoftware testingWater vaporDisk read-and-write headPortable communications deviceDatabaseObject (grammar)Confidence intervalLevel (video gaming)SoftwareNatural numberFile formatForm (programming)Right angleProbability density functionProcess (computing)NumberData structureJSONXMLUMLComputer animation
Process (computing)FacebookService (economics)Information privacyInformation securityRight angleNewsletterDigital photographyProcess (computing)InternetworkingSoftwarePlastikkartePoint (geometry)Software testingComa BerenicesNegative numberResultantFreewareJSONComputer animationUML
NewsletterNewsletterService (economics)Discounts and allowancesSoftware testingAssociative propertyCodecContent (media)Right angleMusical ensembleDisk read-and-write headJSONComputer animationLecture/Conference
Staff (military)RoboticsRight angleLoginGroup actionInformation securityGame controllerSingle-precision floating-point formatData loggerSource codeJSON
Game controllerAddress spaceMultiplication signJSONComputer animation
Open setFreewareSoftwareOpen sourceMereologyMoment (mathematics)Discounts and allowancesTrailService (economics)Server (computing)NewsletterInformationHTTP cookieContent (media)Condition numberCountingTerm (mathematics)Goodness of fitIP addressSoftwareNegative numberComputer animationLecture/Conference
FreewareOpen sourceXMLComputer animation
Transcript: English(auto-generated)
Welcome, Privacy by Design. As I said, we have to do it in English anyway because there could be people on the stream who are not understanding English and it's announced in English.
Please, if you have questions, I won't understand it. I am able to speak German and also just ask and I could translate it. So, let's start Privacy by Design. We have some rules for the beginning. I can't do individual consulting here in the talk.
I had some problems years ago with my slides where I got lots of trouble. My slides have no stand-alone meaning.
Only you have to hear what I say, otherwise it doesn't matter what's on the slides. It has no meaning at all. In the copyright. So, where am I? My name is Susanne Hölzkrefe. My name is Mira C.
I am a computer scientist. Most of you might know me from databases. I developed Postgres and I developed MySQL and MariaDB and so on. And I worked as a consultant and I had 40 long-distance flights a year and I said, okay, you have to do something else.
It's too much travelling. And so I made a second job and said I will go into this GDPR and working as GDPR consultant. So, I have more customers close my home and not always in other countries and other continents.
So, that's me. I'm doing it since 2012. Just for me. I am reachable, so I have lots of contacts. I am on Chaos Social, Masterdom. I am on Facebook. Yes, I am using Facebook. I am on Twitter.
I have lots of blogs. My private blog, you will mostly have cooking recipes. I'm from Northern Germany. Born in Northern Germany. I have two companies because of the tax reason. Because when I'm a
data privacy consultant in Germany, you have other taxes as when you are freelance. So, that's why I have two companies. Yeah. The first question always is what's the difference between privacy by design and privacy by default? Anybody here who knows it? You notice? No. It's very simple. So, both are given in the law, privacy by design and privacy by default.
Privacy by default is that the software will have that you are able in the software make settings that provide privacy.
The software must not shift with the settings, but you should be able to set it. That's why at the moment in the European Union, Microsoft Outlook, Microsoft Internet Explorer, Google Chrome and I think Windows 10 was it,
is not allowed because they have no possibility to make settings that provide privacy or that provide privacy by default for the user.
Privacy by design is that the software is designed privacy-friendly. So, that's the difference. We are talking here about privacy by design. That means when you design your software, you should think
about some privacy stuff so that your software is privacy-friendly and that you have no problems with it. So, I just explained why privacy by design because it's given in the laws, it's given in the GDPR, it's given in the privacy regulation from the European Union
and that's something the privacy regulation always is discussed, but it's not discussed on privacy by design and privacy by default. That's something all countries say that is something that is a must. So, privacy by design is not in discussion. Anyways, you have to do privacy by design. You should use software that has privacy
by design and you should not use any other software that's not designed privacy-friendly. So, yeah, what does it mean? That means you should, when you are the
developer, you should think about privacy and how to design my software privacy-friendly. Who is responsible? At the moment, responsible are the companies who are using your software. But in the future, there are politicians in the European Union and also in Germany who say it can't be, the producers should be responsible too.
So, in future, it could be that when you have a software product, you will be responsible if it's not designed privacy-friendly.
It's very important that the vendor is responsible too, should be responsible too.
And not just the users who are using it or the companies who are using Microsoft or Facebook or whatever else they want, they are also in duty to be responsible.
So, yeah. Personal data. So, we are always talking about personal data. Which data are personal? Do you have any ideas? First name address. First name address, yes. Yeah, every data that's identified. So, it doesn't matter if it's your name.
When I say in this group here, let me look, the man with the hat. We have a single man with a hat and everybody knows who it is.
So, I identified you. So, it's personal data because we could identify you. When I say the man with black t-shirt, nobody knows who I mean because it's more than a group of five.
It depends on justice if it's a group of three or a group of five, but when all information you have only match to a group of three or five persons, not less than three or five persons, then it's anonymous. Otherwise, when you have a single person, when you have all information, so we have, here we not just have the man with the
hat, we have HS4 as room, we have Frascon, we have the date of today, whatever else, and so lots of people can identify you. That's personal data. It's always a natural person, not a company, a natural person, a real person. It should not be dead.
So, privacy always just is on living people, not on dead people, not dead persons. So, it's
very important to, we have some topics where they discuss if it also will rule for dead persons. It's in the genealogy and, so when you have illnesses that the family could get to and so on, that's for dead
people, but usually it's for living persons as they have to live, they have to be a real person and not a company. It's when you have a doctor or you have a lawyer, you often see that people are
allowed to, that people will wait, the lawyer is good, the doctor is bad and so on. This is allowed because you don't make it for the person, you make it for the company, because the
lawyer is a freelancer, it's a company, and the doctor is the doctor company and not the person itself. So, that's the trick, how it's allowed. Also, a doctor of course has personal rights of privacy, but not when he works, when he works as company. It's a little bit tricky on freelancers.
Yes? Could I just interrupt you? Is this something that you are a trader, then all your data is considered private as well? No, it's not, it's EU-wide, yes. No, not all. The people are allowed to value, to
make rates on you, on the internet, to say this doctor is good, this doctor is bad. This is allowed and in this fact it's not the doctor, not the person, the doctor as a person, it's the doctor as a company.
It's not Germany specific, it's really EU specific because a doctor or lawyer always has both, or every freelancer has both, it's a company and it's a private person.
And so you have to decide and the European law, the European judge said for doctors and lawyers that this waiting doctors and lawyers is the company and not the person. There was a judge, a European judge, what's, I don't know the word. Court, European court, thanks.
So, a European court who said that's not, so on freelancers you always have to look when it's a private person and when it's not a private person, that's a little bit tricky.
But for your design and software it doesn't matter. There were some rules in the GDPR, some you need, or why GDPR? GDPR says all what you make should be lawfulness, fairness and transparency.
Yeah, what does it mean? It's are you allowed to collect this information? It means is there a law that you are allowed to collect this information? If there isn't a law, then you have to look if you need it, if you really need it, that's the next point.
Then when you collect this data, is it fair to the data subject? You have to look into it. And then, the third one is, did you make it transparent for the data subject?
Did you tell them why you did it, how long you will start, what you will do with it, and so on.
The other is purpose limitation. So you are allowed only to collect data you really need for whatever you want to do, for the purpose. You should only, data you are collecting for one purpose, you should not use for another purpose.
There is also, the European court also decided that when I buy something, then I give them my address for delivery. Then, of course it's a good purpose for when I buy it and I want that they want to deliver it as they need my address.
It's pretty logical. They are allowed to use it. It's very easy because of the contract. But it's not allowed and it's not given by the contract anymore that the company will use your delivery address for making any other marketing to you.
Sending you flyers or whatever else. So the European court said that's not a legal purpose for when you just have this I buy from you stuff. There was a question. Not? Okay.
Yeah, do I have a legal reason? So that's another, it could be that there is a law for which I need your data. For example, in Germany you need the birth date on hiring because there is
a law that you should collect it or the illness insurance or whatever else. So there are laws. So you can always say here there is a law I need it. I'm allowed to collect.
It's another purpose for what you need. And what you should look when you have, when you collect data, are they really mandatory? We have it in Germany. Lots of people collect data for invoices.
But the invoice law said private persons don't have a right to get personally invoices. So this is not a legal reason. And so you have to look, do I really need this data or can I do it otherwise?
What if I don't have this data? Can I work if I don't have this data? So it's a question you have to ask yourself when you think about creating a software. Do I really need this piece of data from the person? Do I really need the birthday?
Do I really need the address? Do I really need the hair color or whatever else? Or for what do I need? So, hmm? Yeah?
Is it required by law or is this a law? I don't know other European laws than in Germany. In Germany there is no law what you place in your CV.
The company wants from you a picture, maybe, because, but it's not given any way what you have to place in your CV. There is no law for it. So if you don't do it, but you guess that you won't get the job.
It's the same. The companies aren't allowed to get all your reputations.
Or in Germany you have the right to get how the employee was very good from the old employee. And the new employees, they want to see it. And of course you don't need to send it to them because it's yours. No reason why they need it, but they often want it.
But there is no law in Germany for this. I don't know how it is in other countries. I'm sure there is no law in Great Britain too because there were lots of how to write a CV information and they are very different.
So another stuff is data minimization. So you have as less data as possible. And then you have to think, are the data you are collecting and you are storing, are they adequate? Are they relevant? Where will they lead it?
And is it limited to what is necessary in relation to the purpose? It's something you always need to think about when you create your software. Then we have the accuracy. Oh, that's very funny.
Is it accurate? Is it up to date? You have always to make sure that the data you are storing are up to date. If they are not up to date, if they are invalid, then you should correct them or delete them. But you should make sure that the data are accurate and up to date.
And you have to find a process how to ensure that they are accurate. The other is the storage limitation or the deletion duty. So data you don't need anymore, you should delete, you have to delete.
So if you deliver the parcel and the bill, the invoice is paid and all the process is fully done, so you have to wait until the money, you have the money and nobody can claim in front of court anymore,
then you should delete the delivery address. If you don't have an okay from, content from the data subject that it's okay to store it further on, then you should, you have to delete it.
So you have a delete duty. As soon as the purpose is fulfilled, you have to delete the personal data from the data subject. As long as there isn't a law that, a national law, a European law, that you have to archive the data.
When you have an archiving law, of course, you have to archive then, but then usually you should anonymize them too when you are on archiving. So that's the next anonymization. So anonymization, when your purpose is fulfilled
and you want your data, or when you have to send your data, patient's data, for example, to universities for research, then you should anonymize them. I said a group of five, a minimum of three or five people.
The other is when you archive them because you have a law that you should archive the data, you should polynomialize the data. That means, I have another slide, what's polynomialization. So that means you have a key, you should encrypt the personal data with a key
and so if you need them again, just so that you encrypt them, but you should not archive data unphrasonimized.
Delete. Then you are not allowed to use the software anymore.
That's because that's privacy on default, then this software should be on the list of, you should not use that anymore from the European Union. Because you have no privacy by default, because that's the delete, it's the same with some CMS, it's made for your US law and you are not allowed to delete
and all the software is not allowed, you should not use anymore. When the data is anonymized, that's also,
yeah, when you really anonymize them, when you can't get it back, then yes. But delete means really delete. And also the data officers in Germany today,
they aren't lawyers anymore, they are computer scientists. They are able to code SQL and they say, okay, when you need to join SQL join, you have to delete all of it, cascade. So not just, okay, I can't see it anymore, but it always affects my database.
No, you have to make sure that all personal data are gone in the database. Or even anonymized when you make it, of course. Don't put possible data into the blockchain.
Yeah, and as I said, it's privacy by design, it's for designers here. And we are talking here about coding your software privacy by design. So you have to look for it, you have so much limitation. Duty is deletion duty.
There are, you should lock the data that's given to, that's when you, when the purpose is fulfilled, it's a usual use case when the purpose is fulfilled, but there is a claim in front of court or so, and you need the data. So you should lock them that not every employee and every whatever else,
so that not 100 persons can see this data anymore, just the three or five persons, you will see it. So it's a little bit, yeah. So usually you have to delete, and I always say, delete it when all this court stuff and so on is gone.
So, done. Then you have to delete, otherwise purpose isn't fulfilled. When you are in front of court with your customer, then the purpose isn't fulfilled.
As long as we turned and all this right to claim in front of court is over. So of course you need, and when you need it for court, of course you have to store it further on. Then the purpose isn't fulfilled, because there's already, there's still this claim in front of court,
then the purpose isn't fulfilled. Oh no, it's the same purpose. When I order something from you, and you deliver it, and I say, no, I didn't deliver it, or whatever else, so we have a fight, and it's in front of court, then it's still the same purpose.
For you it's still the same purpose, because I bought it from you or whatever else. So it's the whole process. The purpose of this has to be fulfilled at the end. And of course you need it, you need it to make sure that...
So the next five is integrity and confidentiality. Of course you may have to make sure that the data are confidential, that you treat the data confidential, and make sure of integrity. You should look, is it secure, how secure it is.
We are all, most of you, I guess most of you have IT knowledge. Here I have some customers. Then I ask, how do you take care of security of your server, maybe your web server? They are looking to me and say, what's a web server?
Because they are companies who not have administrators or so, because they are very small. So is it secure? It's a good question. Can it get accidentally lost or destructively damaged?
Something you need to think about. And then, how will you measure it? How will you measure that it could be accidentally get lost? Or how will you measure that it gets lost or not get lost? How will you get a war of it that gets lost? Also, yeah, aware of it.
My question about the data loss and breaches. So recently there was a news that let's prepare $1 billion because of the issue. And I think that if my data has been lost or is being breached, spread across the internet, am I entitled to claim some part of money,
like some money from the company and stuff? Because it was my data, like people like me who lost their data. I don't know. I get injury because of some car accident, because the car manufacturer has...
So when somebody is misusing your data, you should claim in front of the data officers, the commissioners. Then it's country depending. In Germany, you won't get money, the state will get money,
because there will be really high penalties. So it could be that the company who misused the data will get a million, two million, or whatever else, or even higher penalties, but nothing would you get.
But of course you can claim for a civil court and try it officially. But it's more when you make your software you have to look, how will I make sure that it won't get lost accidentally? It's not so easy.
I already had this case that former administration employees took the data, or whatever else. But on your software that's not the problem. You just have to make sure that they are safe in your software. Then you have the accountability,
how to prove this as a compliance before, how to prove without violation privacy. That's very, very important. How to prove without violating privacy. I often see companies who look that they make privacy for all their customer data.
A lot. But they violate their employee data. A lot. So you always have to think about employees have rights,
and you are not allowed to install cameras in front of toilets to look when the employee is going to the toilet. You are not allowed to control when the employee is entering the room
and they're not a single employee. I will have slides for it. So you have to make sure that when you prove this compliance and that you won't violate your employee privacy.
It happens very often in the companies. And then you have to look how to demonstrate the compliance before. Yes. It's given in the security law that privacy is higher,
and it's given in the GDPR. The GDPR is directly under the European human rights. So it's very high.
And for stolen stuff, there are usually the courts saying when you have cameras, you can have cameras when there is a body hurt or so,
when it's a risk for your life or for others' life. Then it's healthy life, then cameras usually. That's the reason why you are allowed to install cameras. For example, at banks where they give out money, they discuss with a risk of life.
And then you get a lowness to install the camera because then they say, okay, the risk of life of these employees is more important than the privacy of this employee. But the boss still isn't allowed to control this employee by his camera.
And there are some of these. Usually it's when it's your life or when there's life risk. Not when there's just the monetary risk, like some material lost, but life lost is a reason where you really say,
okay, then the control is okay, but not unsafe. The rules for video surveillance at work are different between open surveillance and covered surveillance. So it means the bank clerk can be
survived by video with his permission. But you cannot survive bank clerks with a hidden video camera. That's not legitimate. No, you can't get any legal permission from an employee.
That's another reason. You can't get a legal reason. You always can say, okay, the data subject needs to say it's okay. But the data subject needs to have the free will to do it. And the free will never is given when the person is employed.
The employer can't get an okay from his employees because of their relationship. So it's not a free will. The court says it's not a free will for an employee. So you can't get an okay from employees as long as they are employed.
You only will get it when you have a community then, of course, from the members. It's okay, but not from employees. It's also another thing. But anyway, we are here. We have privacy by design, not GDPR.
Forwarding data, so you could be forwarding. When you forward data, personal data, you have to look, you have to think about who is responsible for the data. Usually you stay responsible for the data,
not the other person. So you are responsible for the data. It doesn't matter who you forwarded. When you forward the data, you stay responsible. In most cases, so you have to look at it. Then you have to make sure that your contractors
to whom you forward the data won't abuse trusted information. So you need a contract, you need to control them, and so on. And how to control the contractors, that's also something you need to think about. Believe me, it's very funny.
I tried to control data. It was very funny. They didn't like it. But you have to think about how to control it. You have to control right, you have to control duty. And you have to think about when your software is for companies
who are in this contractor situation. Then you may have to think about how will I code my software that controllers from there, people can watch into it easily
and that I give the information out very easy. They need to control that my software is okay. That you have to think about. Then think storage. You don't want to store out of the European Union.
Switzerland and Norway is okay too. When you do it, you have to fill lots of paper and you have to look if the company is given something in the European list and so on. So believe me, you should make sure that your data stays in the European Union.
We have fun in the German tax law. It's given in the German tax law that German tax data has to be stored in Germany.
So you might have to look into local rights if there's something given in there. As I said, we have it in the German tax law. That's very funny. I didn't know it until a data commissioner told me and said what? Tax data, where is it? And I found it. Yeah, and you should make sure that your data won't leave the European Union.
Who made an N map on Amazon server that are in Frankfurt? Did you ever make a N map? I did it. It was very funny. On all Amazon server that officially was placed in Frankfurt,
my hops were to the Frankfurt telecom Frankfurt part router. Then it went to USA, Amazon USA, then back to the Frankfurt telecom router and then to the Frankfurt Amazon data center.
So I won't say that it's always at Amazon, but it was in all cases I made the N map. It was that way. So you should look. So you should make sure that it won't leave the European Union. And on transport, I'm pretty sure it will.
I have a slide for it too. On the transport you should make sure that your data were encrypted during the transport. It's very important stuff. Yeah?
That's why you should encrypt them on the transport. But it's funny that they went to the US and then back to Europe.
IP? Yeah, but I did IP and DNS and it was both via US. It was very funny that they rerouted them via us.
Yeah, you have to look if there is a list. There's another European privacy shield.
And you have to look this. There is a privacy shield list of companies and you have to look if the company is in there. It's a long list, but you can vary A, B, 2, C and so on. So there you have to look. If it's listed, then it's okay. If it's not listed, then it's not okay.
The company to use. And when you use Microsoft, you really have to look at the finest end. If it's okay or not. Yeah? Yeah, but if it would be so easy, then there were all Microsoft companies on it.
Not just very small and not all. And also there was another company, a big company. Just something like in Ireland, yes.
They are not. And so you really have to look differentially. But that's what's okay. So they accepted the privacy shield. You have to be law safe. That's another GDPR. It's a law. So it doesn't matter if it's hard people or not.
It's a law. As long as you are law safe. We can't say, we all know that data get lost. The transport in the US or whatever else. That there are spies and the data are not, and whatever else.
But we have to make sure that we do all what's given by law. So it's lost. It's like in kindergarten that parents aren't allowed to make photos. And send them to Facebook. So the kindergartens should do a sign, no photos.
So when a father or mother is doing a photo and place it on internet, of course it's hurting the child. But the kindergarden can say, okay, it's not our responsibility. We had made the sign, the father wasn't allowed to do it. So it's not the responsibility anymore for the kindergarden.
Otherwise, when they don't do the signs, the kindergartens will have the responsibility and will get the penalty. And when there's a sign and the father is doing it, then they are safe. So that's what you have here.
Does it mean that you state that you are compliant? That I don't have to take additional measurements? You should. When you are still responsible, you have to do those measurements, of course. You have to control it.
But when it happens anyway, you have more rights and you have better to get this in front of the court to get the other in front of the court. I would try not to send data out of the European Union.
I always recommend that you stay in the European Union. As long as you don't need it because you have U.S. business, that's different.
But usually the data subject knows it's true. When you have something to deliver from the U.S. then you can inform. But usually I would recommend don't use server in the U.S. Use server in Europe and make sure that it stays in Europe.
The European winners in U.S. company, a global company, they have to have a data commissioner, a person in the European Union who looks into the GDPR stuff.
What's given there, the European Union, the companies will get this from this. But they have to have a person in Europe, in the EU, who is looking into it. Hired person. No, it had to be a European person.
No, in any case, not because the person has to be close to the data subject. I don't know, it depends what they discuss with the European Union.
Yes, usually it is that way but it's what the Commission says. So they have to make goods. So global companies are international and they are third party. So that's something the European Commission has to make goods for them.
It could be very different. So they have to ask the European Commission and they have to have a person in Europe who is dealing with it. It doesn't matter, it's an international company.
But of course, when you have these international companies, of course you have to look, it's the same what Microsoft, Facebook, Google. Google is storing lots of in Germany, in Switzerland, not in the US.
Facebook, I think Facebook in Ireland. So look where they have their data center. Even big US companies often don't have those data centers in the US. They often have it in Great Britain, they often have it in Switzerland, they often have it in Germany. Often it has to do with costs.
So they often store data in the European Union anyway or somewhere in Europe or in China or whatever else. But that's something you have to deal with the European Commission.
From what you are saying, I cannot make business with a local US company You can make business, you are not allowed to transfer personal data from European persons.
You can buy in the US shop, but the company makes sure that it considers European law. No, when they offer in Germany, they have to make sure that they are allowed to offer in Germany.
I don't know. I would make the talk because I still have a lot of slides. Technical and organizational measurement. You have to describe it. What are you doing to keep the data safe?
Did you ensure that authorized persons have committed themselves to the confidentiality? That's very important, this confidential agreement. Did you ensure authorized persons regularly awareness raising and privacy data protection?
So that's also you need to train your employees. Are technical solutions documented? You need to recommend each staff, every staff, and also the organizational stuff you need to document. Then we have polynomization.
What does it mean? Polynomization means you have the server with the original data, staff team, and you have people who are able to read this data and work with this data, staff team, admin team, data center. IP addresses usually are personal data that's given by the card,
and so the data center always also has this. So you have the data sets here, the original data. Then you have a key for each data set. Oh, I have my blue boxes, okay. But this key server has to have another staff team, another admin team, and another data center.
And then you have this polynomized data, and there should be a third team. So that no administrator is able to have the key and to,
so here on this side, that the administrator here isn't able to have the key and get out the original data. And so that's why you, and also the staff should not be able to get the key and get the original data, only these people can get the key and get the original data.
And these people are just for the keys. That's how the best way is. So you have to make sure that this isn't allowed. These people are not able to decrypt the data.
That's how it should work. Encryption, transport, storage, global local, yeah. I think you all know what's transcription. Transparency. You should provide all information where personal data are collected.
That's given in article 13 and 14. GDPR, that's a list you just need to fill. It's a form you just need to, yeah, fill. Concease, transparent, intelligible, easily accessibility form.
Yeah, that's something you have to use. For the Germans, it's very, very important. You have to make it easy to read. I saw from a lawyer group an example.
They had a sentence that long, six layers. And I said, OK, I am academically, but I have to think about what those sentences mean. And you say it's easy to read.
And I said, OK, what do you expect from lawyers? So easy to read is very important. Today, the German commission is on the way to look into websites and if these data information are easy to read. And you will get penalty if they are not easy to read. Yeah.
And that's a very funny, and not really funny translation error in German GDPR. In the English GDPR, they are talking from a hemodesis. The data subject should get a hemodesis. Yeah, in this recital.
Also translated in German, that's OK. But there's also an article about the access right for the data subject. In German, it's translated with Auskunft. Now it's not the same, so it could be funny. So you have, if it's possible, give your data subject access
and then it could look into that data by their own. And here are the rights from the data subject. As I said, it has the right to access, right of rectification, right of evasion, right to be forgotten. Somebody told us data were in Germany already caught,
already gone, but the US still have had it. Right of restriction and processing. Usually when you delete them, that's for when you need it in front of court. Right of notification. So inform your data subject if you change something.
Right of portability. That's a very, very funny stuff. I don't know what you mean. You can't do anything else else. That means the idea is that you can use the data from one software into another software so that people will get it.
I'm waiting for some HR and some employees asking the old HR give me all my data right of portability that my new employer will fill it. So usually in my technical understanding today, it's made in, so either you give an XML or a CVS out,
a CSV out. But be careful. If you hand out an XML, make sure your database structure usually is under company secret.
So don't give off your database structure because it's confidential. I like it. I always say when I get this question, I always say give a CSV. Then you have lots of, okay, you might have the name and you have lots of numbers.
So we can use it anymore, but data portability. So, and you have to make sure that you won't have other rights here, especially in data portability. When you have Facebook, for example, should you want this data and you want all your friends
and put for another software. Yeah, of course, all your friends have rights too, so you won't get it. There was something the Hamburg Commission had this idea with Facebook and all the friends and we looked at him and said, no, that's against data.
So, stuff rights. It's very funny that very, very important stuff have rights. Don't abuse stuff rights. GPRR was also for stuff. Security and privacy protection are often not compatible here. GDPR should win. This was what you asked already.
Consents. Yeah, I told it, was it freely given? So I said employees never can give us consent because it's never freely. What happened when it's not given? So when you have, when you will collect data for which you need a consent,
then you should think about what happens when it's not given. So, if it's not given, the data subject should not get any negative follow-up point. So, either you give it or not.
So, okay, when you say give me your birthday data, your birthday, then you will get a birthday card. Of course, when you won't give me your birthday date, I can't send you a birthday card. Pretty clear. But when you say, for this free software, cost-free software,
give me all your data, will you give me all your data, and you give them, then I should get the software too when I won't give you all my data. Because it's cost-free, you don't need my data. So it should be possible that I can download this software.
And when I give you your data, okay, that's different. But when you get this newsletter, you will get the software. Now, when I won't give you the consent, send me the newsletter, I have the right to get the software too. So, no negative follows.
Is there a clear process on consent restore? So, when you have consent, you should, and the data subject is restoring it, you should immediately react and stop whatever it was.
So don't send a newsletter anymore, don't use the photo on the internet anymore, whatever else. So, immediately. Coupling bans, I just said, it's forbidden. You will get discount if you leave your data for marketing reasons,
that's forbidden. Your kid will get better medical supplies if you leave your data for marketing reasons. Also forbidden, you will get a present when you agree in getting our newsletter. It's stuff you will see a lot, but it's all forbidden. You only will get our service if you agree to give us your data for marketing reasons.
Sweepstakes for getting personal data for marketing reasons. So it's all forbidden. So, it's forbidden.
The data commissioners are on that topic already, so you can announce it to the data commissions and it's forbidden cobbling bans.
Pardon? Opt-out is forbidden anyway, it always has to be opt-in.
You are not allowed to make an opt-out because it's free will and you have to make sure that it opt-in, so it has to mark so that the will is given. Otherwise, it's also forgiven, forbidden.
That's in the GDPR. It's given in the GDPR. In German, it's coblungsverbut. No, it's given in the GDPR. It's in the paragraph GDPR that's on the content given.
The content has not been too free will and in this paragraph where the content is described. No, no, there is an article in the GDPR.
GDPR that have consent and all what's with it and that's one of the sub-paragraphs is this coupling ban. It's given in, I don't know the article, I think it's article 23, 24, or something like this.
So it's given in the GDPR that you aren't allowed to, seven, thank you, seven, is that right? So stuff assess, this is something about stuff rights. I tried to create a log file. You know, Frank is entering the room, Anna is entering the room, Frank is logged in,
Frank is changed, so you have this stuff control here. You can look at it, you shouldn't do it that way. I know, security people say, oh that's good, yeah do it that way. You should do it that way, HR is entering through, so you have groups of people, you
have roles, you don't have names, and on customers, okay, that's a little bit tricky because you sometimes need to know if the customer changed the data by its own, by his own, or if, I don't know, a supporter changed it.
So you can say customer changed it, and of course you can say customer from account stuff so that you don't have the names of the employees here, because when you have the names of the employees here, it's very funny, it's, think about what do you do, need you
to do when Frank is quit, is quit? You have to delete this from this log file, because it's naming it, and he's gone, so now you have to delete it, yeah, now you should not do it that way, you should be, make sure that stuff right will be given, it's enough for entering the room, and I
say there's something, there's a robot in the room, and it's enough when you say who has access to the room, and you have three or five people accessing the room, and the robot just can be one of these five people, for example, so it's enough to have these
groups and not a single person, because employees have rights. Yeah, access control, we are over time, access control is, yeah, we have an access control,
then we have customises, I already said, yeah, B2B or B2C, you have to look, we are always in B2C in data privacy, not B2B, B2B doesn't matter, will the delivery address be removed
and closing, and so on, so customises, documentation, you need to document every each stuff, and I have a summary, and I'm five minutes over time already, but we are the last talk, so
first time on first come that I have talk, I'm over time, usually I have, my talks are
too short, so anyway you can ask me some questions, as soon as I recover, so we can, is it still recording? Okay, then we need to do it in English.
I got a question, I don't know how it's mean in the European context, but in the DSG4O, there are some back doors, I think. No, that's also already in front of European port, we
have this for track, for track says no marketing, and the European court says no marketing, and in Germany, and also, usually it's the data subject has to be the most interest,
so the interest has to be on the data subject, so when I want to, when you want that I deliver a parcel to you, then it's in your interest that you give me your address, when you want, or when you want that I will transfer your money, or get your money from
your bank account, then it's in your interest that you get me a safer mandate, so you have to make sure, you always have, also you have to describe the interest for the data subject, so you can't say, oh, I will do marketing, personal marketing, because
of this interest, because of this interest, because you have to think, okay, will the CADATA subject really get my prospects, my flyers, and usually it's not, so that's not allowed, but it will be clear, in the moment it's in front of the European court,
but it's, as far as I understand, the German data commissioner is part of the complainers in front of court, with this bird, the bird, the interesting, yeah.
A question here, you said that personally identifiable information may not leave the
EU, how does that play with Brexit? Brexit is, when the Brexit will come, the Great Britain is a third party country, it depends, as I said, there are agreements with Switzerland, with Norway, and some others,
and if Great Britain makes an agreement with EU, then it's fine, if not, then not, so EU is, so Great Britain is, for Brexit is, at the moment is unclear, so, yeah, so
I can imagine that they will have this agreement, but when you look into this discussion, it means no DLD stuff, it could be that they won't get out with this deal, but it
will hurt UK, I know that lots of companies who have server in the UK already placed them in other European countries, already, now, especially phone companies, that they have already moved their servers, so, but yeah, Brexit UK, at the moment it's EU, so
yeah, yeah. So I really did not get, understand the coupling ban thing, you said that one cannot deny services if we don't provide them marketing data, right? Was it that?
No, when you have, when a company wants that you give your personal data for marketing, and then you will only get a discount when you leave your personal data, so you don't
need your personal data to leave your personal data, because whatever, it's a software you can download for free also, you don't need to leave your personal data because you just can download it, so, there's no reason why you need to leave your personal data, and the company says, okay, when you have, when you get us your personal data
so that, we can send you a newsletter or marketing stuff, you will get 10 euro from us, or if you buy something, you discount, that's not allowed. But often, I mean, website blogs, like if I don't agree with their terms of condition
or something, and if I don't agree with them, then they collect my IP address and things like that, they just don't... Yeah, IP address is a law. IP address needs to be stored 7 days, there's a law for it, but almost 95% of this cookie and stuff is illegal at the moment.
Portugal has already earned 400,000 euro for this illegal data information and cookie stuff. Germany, in some countries in Germany, the commissioners are on that topic and looking
especially, I think, is on that topic at the moment that the companies have cookie warnings, or not cookie warnings, that they get legal, so they are getting penalties out now in Germany too.
You can provide your, they say like, okay, if you leave your data with us, you have this discount and everything, but I think that's only at the end or at the beginning, but you can still opt out for some things.
Yeah, that's very often you can, Oracle for example, my SQL, you can download it without leaving your data, but it's a very small button in a corner. Maybe it's illegal the way they're phrasing, maybe they cannot alleviate the people, maybe they should just say like, do you mind leaving your data with us?
But you can still say no. Yeah, if you still can say no, then that's okay. What she wants to say is, it is illegal to offer a discount or something, that you won't get the information, otherwise you wouldn't.
Is that already decided? Yes. No, it's not. No, no, no, no, no. The definition is that you cannot deny the service, but the service is not, the service is not, no, that's not, then the question becomes whether that discount is a service. The service is selling you things, the service is not necessarily providing you a discount,
so you might not deny the actual service. If the data is not needed for the service, then you only get the discount? But the discount is not a service. No, no, but it's given in the GDPR on Mea, then one article is also given in the,
in the retainer. It's not needed, but the discount is selling you the same goods for a lesser price. Yes, it's a service. No, it's already decided that it's forbidden.
Oh, we have it in Germany since 2009, yeah. Yeah, but that doesn't count as a service. Yeah, but it's one, but there are also in this pre, there's also given this discount,
so it's in this article 7 and it's given in on other stuff in the GDPR too.
Yeah, but the content, the content has to be, you are not allowed to make any negative stuff for them, and so that's what I meant, what it meant.
Yeah, but when, when, when, then it's not a free given will anymore. When you get a discount, you have not a free will anymore. Yeah, because you are, you are forced to give your data to get the discount. That's not the free will anymore.
So, it's very tricky, but they will discuss it that way. So, the free will is very, very, very. Yeah, in article 7, there is that it has to be a free will. Ladies and gentlemen, before we stay here all night, I would like to make a proposal.
You should go outside and join the social event, and there you can discuss. Yeah.