Privacy by Design for research data was the theme of a seminar organized on 12 November 2015 by the
Research Data Office
of the University of Groningen and het Privacy Paleis (a Groningen-based platform that aims to raise social awareness of privacy issues). Privacy by Design has two objectives: ensuring privacy and gaining personal control over one’s information and, for organizations, gaining a sustainable competitive advantage.
The first speaker, Marie José Bonthuis , explained that Privacy by Design (PbD) is an approach that goes beyond mere technical solutions and to address organizational procedures and business models as well. The PbD approach does not regard merely complying with legislation and regulatory frameworks as sufficient to assure the future of privacy and data protection. Rather, it argues that privacy assurance should become an organization’s default mode of operation. Technical mechanisms, like encryption, need to be rooted in a data governance strategy to be applied in practice. For research projects a design approach will promote compliance from the start of a research project. For instance a Privacy Impact Assessment fits well in a data management plan at the start of the data life cycle. Marie José Bonthuis argued that with the present challenges of Big Data research with personal data needs such a dynamic approach towards privacy.
Erik van der Velde, Program Manager of Data Governance at the University Medical Center Groningen (UMCG), gave a presentation on data governance policy and strategy at the UMCG. Data-powered tools are changing the way that healthcare facilities respond to patient needs and provide care. It has become crucial for healthcare providers to embrace data, but without data governance it becomes impossible to use that data. Data governance thus opens critical data integrity information up to the UMCG. The UMCG aims to achieve data governance through the application of a nationally developed reference model. This useful reference model for healthcare is a logical business data model for setting up a data governance organization. This organization then plays a major part in developing a data lifecycle and migration strategy. By applying this data governance policy and strategy, the UMCG has shown that its approach is based on PbD: data protection is built in upfront – right into the architecture of IT systems and processes. A lively discussion followed, debating whether such a model could also be useful for research data.
In a technically advanced data-rich environment, how can a database holder, such as the
initiative with sensitive smart-meter data, share person-specific records in such a way that the information released remains practically useful for research without compromising individual privacy? The third presentation was given by Michiel van der Ree, a Data Scientist at Target Holding. He gave a presentation on k-anonymity. A set of data is said to adhere to k-anonymity if each released record is indistinguishable from at least k-1 other records. All k-records form an equivalence class. K-anonymity therefore provides privacy and data protection by guaranteeing that no one can make high-probability associations between records and the corresponding entities. K-anonymity as a concept secures privacy protection by embedding it into the design and architecture. The presentation showed an example of a technical means of privacy assurance. It also made clear that using this kind of technology should also involve organizational measures to help researchers understand these tools.
The last presentation was given by Gerd Weitkamp, Assistant Professor of Geography, Liveability and GIS at the University of Groningen. He sets his students an assignment on re-identification by asking them to use publicly available information on the web to analyse tracking data. Students are able to identify the very specific behaviour of individuals when combining this information, thus raising their awareness of privacy. The audience concluded that a further step towards a PbD approach for the University should also involve students as stakeholders.
All presentations demonstrated the value of PbD, which protects privacy by building it into the design, operation and management of systems. Furthermore, the holistic approach allowed privacy experts – with and without a technical or legal background – and research staff to develop a shared perspective on solving privacy issues relating to research data.
PbD as has two objectives: ensuring privacy and gaining personal control over one’s information and, for organizations, gaining a sustainable competitive advantage. These objectives may be accomplished by applying the following foundational principles
Proactive not reactive; Preventative not Remedial
PbD is characterized by a proactive approach rather than reactive measures. Privacy-invasive events are anticipated and prevented before they actually happen. Data privacy should be considered at the beginning of the data security planning process and not after an actual breach.
Privacy as the Default Setting
PbD seeks to ensure the maximum degree of privacy by ensuring that personal data are automatically protected in IT systems and business practices. This would mean that consumers are supposed to have maximum privacy protection as a baseline: for example, through explicit opt-in, safeguards to protect personal data and restricted sharing. PbD would therefore lower the risk that is often associated with data security, because the less data you have, the less damaging a potential breach will be.
Privacy Embedded into Design
PbD is determined to embed privacy into the design and architecture of IT systems and business practices. A systematic program is designed to ensure the thorough integration of privacy.
Full Functionality – Positive Sum, not Zero-Sum
PbD demonstrates that it is possible to have privacy and security, demonstrating that trade-offs are unnecessary. It is therefore not necessary to, for example, compromise business goals. This principle has proven to be helpful in implementing a PbD culture in organizations.
End-to-End Security – Full Lifecyle Protection
PbD aims to ensure that privacy protections follow the data; from conception to death, so to speak. PbD principles apply when the data is first created, shared with others, and then finally archived. Here encryption and authentication can play an important role in protecting the data till the last day it gets deleted.
Visibility and Transparency – Keep it Open
All stakeholders must be assured that the involved business practice or technology is in fact operating according to the stated promises and objectives, subject to independent verification. All component parts and operations remain transparent to all parties.
Respect for User Privacy – Keep it User-Centric
Consumers own the data. Architects and operators are therefore required to keep the interests of the individual uppermost by offering measures to ensure user-friendly privacy protection options. ]
Melika Nariman, lawyer, Erasmus University Rotterdam
Esther Hoorn, lawyer, University of Groningen
Ann Cavoukian. Privacy by design: The 7 foundational principles. Information and Privacy Commissioner of Ontario, Canada, 2009.
Many major Dutch companies publish extensive information about climate impact in their annual reports. However, very few companies provide concrete, detailed information about their own CO2 emissions, the impact of climate change on their business...
The University of Groningen (UG) has permanently closed the project aimed at creating a branch campus in Yantai. Discussions were held with China Agricultural University, the city of Yantai and the Province of Shandong.
Offers of cheap single train tickets through retailers such as Kruidvat or Etos have a positive impact on the number of kilometres travelled by rail. This impact is much bigger than that of more general TV, newspaper or magazine advertising. However,...