Privacy by Design for research data was the theme of a seminar organized on 12 November 2015 by the
Research Data Office
of the University of Groningen and het Privacy Paleis (a Groningen-based platform that aims to raise social awareness of privacy issues). Privacy by Design has two objectives: ensuring privacy and gaining personal control over one’s information and, for organizations, gaining a sustainable competitive advantage.
The first speaker, Marie José Bonthuis , explained that Privacy by Design (PbD) is an approach that goes beyond mere technical solutions and to address organizational procedures and business models as well. The PbD approach does not regard merely complying with legislation and regulatory frameworks as sufficient to assure the future of privacy and data protection. Rather, it argues that privacy assurance should become an organization’s default mode of operation. Technical mechanisms, like encryption, need to be rooted in a data governance strategy to be applied in practice. For research projects a design approach will promote compliance from the start of a research project. For instance a Privacy Impact Assessment fits well in a data management plan at the start of the data life cycle. Marie José Bonthuis argued that with the present challenges of Big Data research with personal data needs such a dynamic approach towards privacy.
Erik van der Velde, Program Manager of Data Governance at the University Medical Center Groningen (UMCG), gave a presentation on data governance policy and strategy at the UMCG. Data-powered tools are changing the way that healthcare facilities respond to patient needs and provide care. It has become crucial for healthcare providers to embrace data, but without data governance it becomes impossible to use that data. Data governance thus opens critical data integrity information up to the UMCG. The UMCG aims to achieve data governance through the application of a nationally developed reference model. This useful reference model for healthcare is a logical business data model for setting up a data governance organization. This organization then plays a major part in developing a data lifecycle and migration strategy. By applying this data governance policy and strategy, the UMCG has shown that its approach is based on PbD: data protection is built in upfront – right into the architecture of IT systems and processes. A lively discussion followed, debating whether such a model could also be useful for research data.
In a technically advanced data-rich environment, how can a database holder, such as the
initiative with sensitive smart-meter data, share person-specific records in such a way that the information released remains practically useful for research without compromising individual privacy? The third presentation was given by Michiel van der Ree, a Data Scientist at Target Holding. He gave a presentation on k-anonymity. A set of data is said to adhere to k-anonymity if each released record is indistinguishable from at least k-1 other records. All k-records form an equivalence class. K-anonymity therefore provides privacy and data protection by guaranteeing that no one can make high-probability associations between records and the corresponding entities. K-anonymity as a concept secures privacy protection by embedding it into the design and architecture. The presentation showed an example of a technical means of privacy assurance. It also made clear that using this kind of technology should also involve organizational measures to help researchers understand these tools.
The last presentation was given by Gerd Weitkamp, Assistant Professor of Geography, Liveability and GIS at the University of Groningen. He sets his students an assignment on re-identification by asking them to use publicly available information on the web to analyse tracking data. Students are able to identify the very specific behaviour of individuals when combining this information, thus raising their awareness of privacy. The audience concluded that a further step towards a PbD approach for the University should also involve students as stakeholders.
All presentations demonstrated the value of PbD, which protects privacy by building it into the design, operation and management of systems. Furthermore, the holistic approach allowed privacy experts – with and without a technical or legal background – and research staff to develop a shared perspective on solving privacy issues relating to research data.
PbD as has two objectives: ensuring privacy and gaining personal control over one’s information and, for organizations, gaining a sustainable competitive advantage. These objectives may be accomplished by applying the following foundational principles
Proactive not reactive; Preventative not Remedial
PbD is characterized by a proactive approach rather than reactive measures. Privacy-invasive events are anticipated and prevented before they actually happen. Data privacy should be considered at the beginning of the data security planning process and not after an actual breach.
Privacy as the Default Setting
PbD seeks to ensure the maximum degree of privacy by ensuring that personal data are automatically protected in IT systems and business practices. This would mean that consumers are supposed to have maximum privacy protection as a baseline: for example, through explicit opt-in, safeguards to protect personal data and restricted sharing. PbD would therefore lower the risk that is often associated with data security, because the less data you have, the less damaging a potential breach will be.
Privacy Embedded into Design
PbD is determined to embed privacy into the design and architecture of IT systems and business practices. A systematic program is designed to ensure the thorough integration of privacy.
Full Functionality – Positive Sum, not Zero-Sum
PbD demonstrates that it is possible to have privacy and security, demonstrating that trade-offs are unnecessary. It is therefore not necessary to, for example, compromise business goals. This principle has proven to be helpful in implementing a PbD culture in organizations.
End-to-End Security – Full Lifecyle Protection
PbD aims to ensure that privacy protections follow the data; from conception to death, so to speak. PbD principles apply when the data is first created, shared with others, and then finally archived. Here encryption and authentication can play an important role in protecting the data till the last day it gets deleted.
Visibility and Transparency – Keep it Open
All stakeholders must be assured that the involved business practice or technology is in fact operating according to the stated promises and objectives, subject to independent verification. All component parts and operations remain transparent to all parties.
Respect for User Privacy – Keep it User-Centric
Consumers own the data. Architects and operators are therefore required to keep the interests of the individual uppermost by offering measures to ensure user-friendly privacy protection options. ]
Melika Nariman, lawyer, Erasmus University Rotterdam
Esther Hoorn, lawyer, University of Groningen
Ann Cavoukian. Privacy by design: The 7 foundational principles. Information and Privacy Commissioner of Ontario, Canada, 2009.
Jorrig Vogels has always been fascinated by language. As a child, he even compared the different words for ingredients on any packaging he came across. Last summer, the language researcher managed to secure a much-coveted Veni grant. ‘There’s something...
On Thursday evening, after intensive and constructive discussions with the protesting students from student parties DAG and ROOD (youth organization of the Dutch Socialist Party), consensus was reached on four points, which focus specifically on the...
As a boy from the province he would occasionally visit the city of Groningen and didn’t care much for all those old buildings. His interest in historical buildings did not emerge until much later, during his Architecture studies. Today, architect René...