32

ICPP ICPP = Independent Centre for Privacy Protection Schleswig-HolsteinICPP = Independent Centre for Privacy Protection Schleswig-Holstein Service

Embed Size (px)

Citation preview

Page 1: ICPP ICPP = Independent Centre for Privacy Protection Schleswig-HolsteinICPP = Independent Centre for Privacy Protection Schleswig-Holstein Service
Page 2: ICPP ICPP = Independent Centre for Privacy Protection Schleswig-HolsteinICPP = Independent Centre for Privacy Protection Schleswig-Holstein Service

ICPPICPP

• ICPP = Independent Centre for ICPP = Independent Centre for Privacy Protection Schleswig-HolsteinPrivacy Protection Schleswig-Holstein

• Service provider for the citizens of Service provider for the citizens of Schleswig-Holstein instituted by the Schleswig-Holstein instituted by the Land GovernmentLand Government

• Independent supervisory authority Independent supervisory authority (as defined under the EU Data (as defined under the EU Data Protection Directive)Protection Directive)

Page 3: ICPP ICPP = Independent Centre for Privacy Protection Schleswig-HolsteinICPP = Independent Centre for Privacy Protection Schleswig-Holstein Service
Page 4: ICPP ICPP = Independent Centre for Privacy Protection Schleswig-HolsteinICPP = Independent Centre for Privacy Protection Schleswig-Holstein Service

OverviewOverview

1. Who needs a Privacy Seal?1. Who needs a Privacy Seal?

2. How does the Privacy Seal work?2. How does the Privacy Seal work?

3. Does the Privacy Seal work?3. Does the Privacy Seal work?

4. Where does the Privacy Seal fit into the 4. Where does the Privacy Seal fit into the e-region project?e-region project?

5. What do Privacy Seals have to do with the 5. What do Privacy Seals have to do with the EU?EU?

6. Who is interested in a Privacy Seal from 6. Who is interested in a Privacy Seal from Schleswig-Holstein?Schleswig-Holstein?

7. Does the Privacy Seal end with the e-region 7. Does the Privacy Seal end with the e-region project?project?

Page 5: ICPP ICPP = Independent Centre for Privacy Protection Schleswig-HolsteinICPP = Independent Centre for Privacy Protection Schleswig-Holstein Service

Who needs a Privacy Seal?Who needs a Privacy Seal?

• Everybody Everybody

• Developers, manufacturers and providersDevelopers, manufacturers and providersof IT productsof IT products

• Users and customersUsers and customers

• All the innovators in the world All the innovators in the world of privacy protectionof privacy protection

• Data Protection AuthoritiesData Protection Authorities

Page 6: ICPP ICPP = Independent Centre for Privacy Protection Schleswig-HolsteinICPP = Independent Centre for Privacy Protection Schleswig-Holstein Service

OverviewOverview

1. Who needs a Privacy Seal?1. Who needs a Privacy Seal?

2. How does the Privacy Seal work?2. How does the Privacy Seal work?

3. Does the Privacy Seal work?3. Does the Privacy Seal work?

4. Where does the Privacy Seal fit into the 4. Where does the Privacy Seal fit into the e-region project?e-region project?

5. What do Privacy Seals have to do with the 5. What do Privacy Seals have to do with the EU?EU?

6. Who is interested in a Privacy Seal from 6. Who is interested in a Privacy Seal from Schleswig-Holstein?Schleswig-Holstein?

7. Does the Privacy Seal end with the e-region 7. Does the Privacy Seal end with the e-region project?project?

Page 7: ICPP ICPP = Independent Centre for Privacy Protection Schleswig-HolsteinICPP = Independent Centre for Privacy Protection Schleswig-Holstein Service

Legal Basis of the Privacy SealLegal Basis of the Privacy Seal

Page 8: ICPP ICPP = Independent Centre for Privacy Protection Schleswig-HolsteinICPP = Independent Centre for Privacy Protection Schleswig-Holstein Service

IT Product

Process of the Privacy SealProcess of the Privacy Seal

Page 9: ICPP ICPP = Independent Centre for Privacy Protection Schleswig-HolsteinICPP = Independent Centre for Privacy Protection Schleswig-Holstein Service

IT Product

IndependentExpert examines

IT Product…

Process of the Privacy SealProcess of the Privacy Seal

Page 10: ICPP ICPP = Independent Centre for Privacy Protection Schleswig-HolsteinICPP = Independent Centre for Privacy Protection Schleswig-Holstein Service

IT Product

IndependentExpert examines

IT Product…

IT Product is legally and technically

privacy-compliant

Process of the Privacy SealProcess of the Privacy Seal

Page 11: ICPP ICPP = Independent Centre for Privacy Protection Schleswig-HolsteinICPP = Independent Centre for Privacy Protection Schleswig-Holstein Service

IT Product

IndependentExpert examines

IT Product…

ICPP grantsPrivacy Seal for

2 Years

IT Product is legally and technically

privacy-compliant

Process of the Privacy SealProcess of the Privacy Seal

Page 12: ICPP ICPP = Independent Centre for Privacy Protection Schleswig-HolsteinICPP = Independent Centre for Privacy Protection Schleswig-Holstein Service

IT Product

IndependentExpert examines

IT Product…

ICPP grantsPrivacy Seal for

2 YearsCertified IT

Product

IT Product is legally and technically

privacy-compliant

Process of the Privacy SealProcess of the Privacy Seal

Page 13: ICPP ICPP = Independent Centre for Privacy Protection Schleswig-HolsteinICPP = Independent Centre for Privacy Protection Schleswig-Holstein Service

IT Product

IndependentExpert examines

IT Product…

ICPP grantsPrivacy Seal for

2 YearsCertified IT

Product

Privacy Protectionas Competition

Advantage

Private CustomersIT Product is legally and technically

privacy-compliant

Process of the Privacy SealProcess of the Privacy Seal

Page 14: ICPP ICPP = Independent Centre for Privacy Protection Schleswig-HolsteinICPP = Independent Centre for Privacy Protection Schleswig-Holstein Service

IT Product

IndependentExpert examines

IT Product…

ICPP grantsPrivacy Seal for

2 YearsCertified IT

Product

Privacy Protectionas Competition

Advantage

Public Authorities

Certified Productsare deployed

preferably

IT Product is legally and technically

privacy-compliant

Private Customers

Process of the Privacy SealProcess of the Privacy Seal

Page 15: ICPP ICPP = Independent Centre for Privacy Protection Schleswig-HolsteinICPP = Independent Centre for Privacy Protection Schleswig-Holstein Service

OverviewOverview

1. Who needs a Privacy Seal?1. Who needs a Privacy Seal?

2. How does the Privacy Seal work?2. How does the Privacy Seal work?

3. Does the Privacy Seal work?3. Does the Privacy Seal work?

4. Where does the Privacy Seal fit into the 4. Where does the Privacy Seal fit into the e-region project?e-region project?

5. What do Privacy Seals have to do with the 5. What do Privacy Seals have to do with the EU?EU?

6. Who is interested in a Privacy Seal from 6. Who is interested in a Privacy Seal from Schleswig-Holstein?Schleswig-Holstein?

7. Does the Privacy Seal end with the e-region 7. Does the Privacy Seal end with the e-region project?project?

Page 16: ICPP ICPP = Independent Centre for Privacy Protection Schleswig-HolsteinICPP = Independent Centre for Privacy Protection Schleswig-Holstein Service

Companies with Privacy Seal 2002-Companies with Privacy Seal 2002-20032003

Page 17: ICPP ICPP = Independent Centre for Privacy Protection Schleswig-HolsteinICPP = Independent Centre for Privacy Protection Schleswig-Holstein Service
Page 18: ICPP ICPP = Independent Centre for Privacy Protection Schleswig-HolsteinICPP = Independent Centre for Privacy Protection Schleswig-Holstein Service

OverviewOverview

1. Who needs a Privacy Seal?1. Who needs a Privacy Seal?

2. How does the Privacy Seal work?2. How does the Privacy Seal work?

3. Does the Privacy Seal work?3. Does the Privacy Seal work?

4. Where does the Privacy Seal fit into the 4. Where does the Privacy Seal fit into the e-region project?e-region project?

5. What do Privacy Seals have to do with the 5. What do Privacy Seals have to do with the EU?EU?

6. Who is interested in a Privacy Seal from 6. Who is interested in a Privacy Seal from Schleswig-Holstein?Schleswig-Holstein?

7. Does the Privacy Seal end with the e-region 7. Does the Privacy Seal end with the e-region project?project?

Page 19: ICPP ICPP = Independent Centre for Privacy Protection Schleswig-HolsteinICPP = Independent Centre for Privacy Protection Schleswig-Holstein Service

Regional Identity and Regional Identity and Nationwide RadiationNationwide Radiation

• Standard: Schleswig-Standard: Schleswig-Holstein Land Data Holstein Land Data Protection Act (LDSG)Protection Act (LDSG)

• Privacy by technology Privacy by technology within the productwithin the product

• Pull effect on Pull effect on competing supplierscompeting suppliers

• Nationwide offering Nationwide offering of certified products, of certified products, if need be EUif need be EU

• Users benefit from Users benefit from higher privacy higher privacy protection level protection level nationwidenationwide

• Product privacy Product privacy protection level protection level improves nationwideimproves nationwide

Page 20: ICPP ICPP = Independent Centre for Privacy Protection Schleswig-HolsteinICPP = Independent Centre for Privacy Protection Schleswig-Holstein Service
Page 21: ICPP ICPP = Independent Centre for Privacy Protection Schleswig-HolsteinICPP = Independent Centre for Privacy Protection Schleswig-Holstein Service

OverviewOverview

1. Who needs a Privacy Seal?1. Who needs a Privacy Seal?

2. How does the Privacy Seal work?2. How does the Privacy Seal work?

3. Does the Privacy Seal work?3. Does the Privacy Seal work?

4. Where does the Privacy Seal fit into the 4. Where does the Privacy Seal fit into the e-region project?e-region project?

5. What do Privacy Seals have to do with the 5. What do Privacy Seals have to do with the EU?EU?

6. Who is interested in a Privacy Seal from 6. Who is interested in a Privacy Seal from Schleswig-Holstein?Schleswig-Holstein?

7. Does the Privacy Seal end with the e-region 7. Does the Privacy Seal end with the e-region project?project?

Page 22: ICPP ICPP = Independent Centre for Privacy Protection Schleswig-HolsteinICPP = Independent Centre for Privacy Protection Schleswig-Holstein Service

Privacy Seal and EUPrivacy Seal and EU

““Privacy by Technology”Privacy by Technology”

1970„Privacy by Technology“

1981Privacy Technology(D. Chaum et al.)

1995Privacy Enhancing Technologies - PETs

(J. Borking et al.)

2002Privacy SealSchleswig-Holstein

Idea: High level impacts of privacy Idea: High level impacts of privacy standards implemented in IT productsstandards implemented in IT products

Page 23: ICPP ICPP = Independent Centre for Privacy Protection Schleswig-HolsteinICPP = Independent Centre for Privacy Protection Schleswig-Holstein Service

European Commission: European Commission: Promotion of PETsPromotion of PETs

• Conferences and Workshops on PETsConferences and Workshops on PETs

• Promotion of PETs in EU Programmes:Promotion of PETs in EU Programmes:– Research: IST (Information Society Research: IST (Information Society

Technologies) ProgrammeTechnologies) Programme– Privacy StrategyPrivacy Strategy

• From the Report on the Implementation From the Report on the Implementation of the Data Protection Directive of the Data Protection Directive (95/46/EC) of the Commission (15 May (95/46/EC) of the Commission (15 May 2003):2003):

Page 24: ICPP ICPP = Independent Centre for Privacy Protection Schleswig-HolsteinICPP = Independent Centre for Privacy Protection Schleswig-Holstein Service

First Report on the Implementation of the Data Protection Directive (95/46/EC), 15 May 2003:

The key-issue is not only how to create technologies that are really privacy enhancing, but how to make sure that these technologies are properly identified and recognised as such by the users.

Certification schemes play a crucial role and the Commission will continue to follow developments in this area.

The Commission believes that such schemes should indeed be encouraged and further developed.

The objective is not just better privacy practices, but also to increase transparency and therefore the trust of usersand to give those investing in compliance and even enhanced protection an opportunity to demonstrate their performance in this respect and exploit this to their competitive advantage.

Page 25: ICPP ICPP = Independent Centre for Privacy Protection Schleswig-HolsteinICPP = Independent Centre for Privacy Protection Schleswig-Holstein Service

Privacy Seal internationally Privacy Seal internationally presented (2002-2003):presented (2002-2003):

March 2002&2003, Hanover

18-19 March 2002, Danzig

23 May 2002, The Hague

21 October 2002, Vilnius

30-31 October 2002, Zurich

11 November 2002, Vienna

26 November 2002, Berlin

5-6 December 2002, Rome

9-11 April 2003, Almaden (USA)

13-15 May 2003, Bad Godesberg

21-22 May 2003, Vienna

15 October 2003, Brussels

6-7 November2003, Toronto

Page 26: ICPP ICPP = Independent Centre for Privacy Protection Schleswig-HolsteinICPP = Independent Centre for Privacy Protection Schleswig-Holstein Service

OverviewOverview

1. Who needs a Privacy Seal?1. Who needs a Privacy Seal?

2. How does the Privacy Seal work?2. How does the Privacy Seal work?

3. Does the Privacy Seal work?3. Does the Privacy Seal work?

4. Where does the Privacy Seal fit into the 4. Where does the Privacy Seal fit into the e-region project?e-region project?

5. What do Privacy Seals have to do with the 5. What do Privacy Seals have to do with the EU?EU?

6. Who is interested in a Privacy Seal from 6. Who is interested in a Privacy Seal from Schleswig-Holstein?Schleswig-Holstein?

7. Does the Privacy Seal end with the e-region 7. Does the Privacy Seal end with the e-region project?project?

Page 27: ICPP ICPP = Independent Centre for Privacy Protection Schleswig-HolsteinICPP = Independent Centre for Privacy Protection Schleswig-Holstein Service

Who is interested in a Privacy Who is interested in a Privacy Seal from Schleswig-Holstein?Seal from Schleswig-Holstein?

• Important: international standardisationImportant: international standardisation

• Contacts to other seal and audit Contacts to other seal and audit initiatives (Privacy & Security)initiatives (Privacy & Security)

• PETTEP - Privacy Enhancing Technologies PETTEP - Privacy Enhancing Technologies Testing and Evaluation ProjectTesting and Evaluation Project– Initiated by the IPC Ontario, CanadaInitiated by the IPC Ontario, Canada– Aim: Criteria for PETsAim: Criteria for PETs– Team from administration, business, scienceTeam from administration, business, science

Page 28: ICPP ICPP = Independent Centre for Privacy Protection Schleswig-HolsteinICPP = Independent Centre for Privacy Protection Schleswig-Holstein Service
Page 29: ICPP ICPP = Independent Centre for Privacy Protection Schleswig-HolsteinICPP = Independent Centre for Privacy Protection Schleswig-Holstein Service

The internationally renownedThe internationally renowned Cryptologist David Chaum, Cryptologist David Chaum,

L.A.:L.A.:

““The Privacy Seal and the The Privacy Seal and the data protection audit are data protection audit are extremely innovative and extremely innovative and have enormous potential.have enormous potential.

Privacy protection experts in Privacy protection experts in Kiel are worldwide leading.Kiel are worldwide leading.

I hope that the German I hope that the German Federal Government takes Federal Government takes this into consideration when this into consideration when making future laws and does making future laws and does not hamper this trend.”not hamper this trend.”

(25 August 2003, Kiel)(25 August 2003, Kiel)

Page 30: ICPP ICPP = Independent Centre for Privacy Protection Schleswig-HolsteinICPP = Independent Centre for Privacy Protection Schleswig-Holstein Service

OverviewOverview

1. Who needs a Privacy Seal?1. Who needs a Privacy Seal?

2. How does the Privacy Seal work?2. How does the Privacy Seal work?

3. Does the Privacy Seal work?3. Does the Privacy Seal work?

4. Where does the Privacy Seal fit into the 4. Where does the Privacy Seal fit into the e-region project?e-region project?

5. What do Privacy Seals have to do with the 5. What do Privacy Seals have to do with the EU?EU?

6. Who is interested in a Privacy Seal from 6. Who is interested in a Privacy Seal from Schleswig-Holstein?Schleswig-Holstein?

7. Does the Privacy Seal end with the e-region 7. Does the Privacy Seal end with the e-region project?project?

Page 31: ICPP ICPP = Independent Centre for Privacy Protection Schleswig-HolsteinICPP = Independent Centre for Privacy Protection Schleswig-Holstein Service

SustainabilitySustainability

• Certification application continued Certification application continued after the project endedafter the project ended

• Recommendation by other Recommendation by other Data Protection CommissionersData Protection Commissioners

• Plans for a federal law for data Plans for a federal law for data protection audits by the German protection audits by the German Federal GovernmentFederal Government

Page 32: ICPP ICPP = Independent Centre for Privacy Protection Schleswig-HolsteinICPP = Independent Centre for Privacy Protection Schleswig-Holstein Service

Heide Simonis, Minister-Heide Simonis, Minister-president of Land Schleswig-president of Land Schleswig-

Holstein:Holstein:

““Schleswig-Holstein has Schleswig-Holstein has reacted reacted to the opportunities and rapid to the opportunities and rapid progress in global progress in global communication and communication and information through its data information through its data protection policy with protection policy with convincing, citizen-friendly, convincing, citizen-friendly, efficient and innovative laws. efficient and innovative laws.

We are the leading German We are the leading German Land in this respect. Land in this respect.

Data protection has become Data protection has become a local advantage a local advantage for Schleswig-Holstein.”for Schleswig-Holstein.” (2003)(2003)