Foundations

This is a stub.

Foundations

Terminology

TODO:

• Transparency: legal vs. IT

• Unlinkability vs. Purpose-binding: legal vs. academic definition

• Anonymity vs. Pseudonymity (often erroneously in privacy policies and public statements)

Privacy by Design and Default

• All data protection-relevant aspects related to the end user must be planned to be secure

• All options for ensuring data protective behavior have to be preconfigured in a way a user can not accidentally lose personal information

• Data access takes place in line with data economy principles

• Data not immediately used may not be collected

• Passing data to third parties requires an Opt-In from the user

  • Opt-In means that the user needs to explicitly confirm the data transfer beyond the scope of the application

Threats to Privacy

TODO: Entries marked with (CC) were taken from the Protection Profile for Mobile Device Fundamentals (PDF).

• Eavesdropping (CC)

• Network Attack (CC)

• Physical Access (CC)

• Malicious / Flawed Application (CC)

• Persistent Presence (CC)

• Insider Attacks

  • Rogue Employee

  • Accidental Misconfiguration

Risk Assessment

• ideally after each Development Phase you need to reassess the risks.

Data Protection Goals

Classic Perspective

Confidentiality

Integrity

Availability

Legal Perspective

TODO: Explain the differences between the classical and the legal perspectives on CIA again? They are explained in the SDM.

Data Minimization

Availability

Integrity

Confidentiality

Unlinkability

Transparency

M. Hansen, Top 10 Mistakes in System Design from a Privacy Perspective and Privacy Protection Goals in Privacy and Identity Management for Life