Skip to content
This repository has been archived by the owner on Nov 14, 2023. It is now read-only.

Commit

Permalink
Merge pull request #1615 from ihanke/patch-21
Browse files Browse the repository at this point in the history
Update The-future-of-privacy.md
  • Loading branch information
fzipi authored Jul 24, 2017
2 parents 8cbf83e + f147a4d commit 929835f
Showing 1 changed file with 41 additions and 4 deletions.
45 changes: 41 additions & 4 deletions Outcomes/CISO/The-future-of-privacy.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,10 +3,47 @@ layout : blocks/outcome
title : The Future of Privacy
---

### Outcomes

- OWASP Privacy statements
- Concept of a campaign and compliance of OWASP community and foundation, road map
### Outcomes / Statements
1. Data minimazation is a best practice, but
> its difficult to control
> it's difficult to enforce, because there is no general exact
definition, what "minimization" means
> it can be bypassed using a broad formulated user consent
> we may loose this fight ...
2. Instead of enforce data minimazation we could invent a
misuse-based model:
> collecting and selling personal data is a successful business
model - therefore data minimazation is hard to enforce
> so: collecting data is NOT a misuse
> using data without a specific user-consent IS a misuse
> Correlation and / or merging of different data sources IS
a misuse
> future challenge: misuse cases of specific data may change
in future

3. data anonymization is a best practice, but
> big data analysis of combined data-sets may enable a
re-personalization of previously anonymized data
> in case of a secure, effective (randomized) data anonymization
there should be no restrictions for data collection

4. Enforcing a consent-by-usage / consent-by-purpose model may be a part
of a solution
> so: organizations are allowed to store the data, but they
HAVE TO aks for a usage consent for any type of content at any
time they want to use those data for a new purpose
> this consent has to have an defined expiration date
5. All data have to contain an individual time-of-expiration, were they
have to be deleted automatically (auto-destroy mechanism)
(except regulatory requirements force a later date of deletion)

6. How can we achieve that respecting privacy issues is seen as a business
advantage and not a penalty? Which respect-privacy-incentives
are possible?

7. People are adviced to use fake-identities where ever possible!

### Synopsis and Takeaways

Expand Down

0 comments on commit 929835f

Please sign in to comment.