Event Recording

Privacy By Design in Practice


Privacy has become a global concern, with regulations such as GDPR coming into effect. In this context, e-commerce businesses that operate globally cannot simply adopt data protection regulations of a single country/region. Supporting each and every regulation as they emerge is challenging and greatly increases the maintenance cost. Furthermore, these kinds of regular modifications can lead to poor customer experiences.
Leveraging well-known privacy by design principles into your system design strategy is a long-term and sustainable solution for most of these privacy challenges. Once these principles are adopted, it is possible to achieve each individual privacy regulation compliance easily with minimum time and effort. This talk introduces a number of well-known privacy by design principles and explores how they implemented in real-world scenarios. This talk also highlights the benefits of each of these principles with potential implications. 

I'm I have been working in w so two for more than seven years now. And in the w so two identity server, if I bit talk about w so two, we are an open source company. We were found in 2005, and we are one of the largest open source vendor in the market. We are focusing on integration, API management, identity and access management and the analytics. So we think these are the, the four areas that drive you through your digital transformation journey. So we have mainly four products. One is WSO two enterprise integrator, and then we have the w two API manager w so identity server and w two stream processor for, to in this each of fields. So I'm happy to say recently, w so two API manager named as a leader in this AP management platforms. So w so API manager provide this AP management capability and w so two identity server provide API security capabilities and especially about w so identity server.
So we have more than 400 customers, and 90% of our customers are using w so two identity server to build the customer face facing. I am solutions, and across the world, we are maintaining around 75 million users. So that's about w so two and w so two identity server. So let's get into the today's topic. So we are now in the digital era, and due to that digital era, the market has become one global market. So if you look at the, the, the organization or the business, like Facebook, Uber, Spotify, Rakuten, which is implemented vibe. So all these different companies are located in different regions, but they provide the business or the solutions across the world. So either any of this organization doing their business globally, or they are willing to do their business in the globally. So that's why I say now we are in a global market.
And in this global market, digital identities play a major role in the previously. It was the physical users who will go to the, the, the organization and get the products, buy the products. But when it comes to this digital era all happen through the digital identities. So they will come to your online services and buy the product. That's what happened. So how will you treat these identities? What is the digital experience you get in this digital experience will define how you proceed with your business. So that's the importance of this digital identities and, and further the, the users in the world now more think about their privacy and protect of your personal information. Due to that reason, the, the personal data protection, also a key role. So if you look at globally, there are different initiatives taken by different law makers or the governments in the world to make this personal data protection as a legal concern.
So there are more to, in this place, but you can see clearly that globally, this is something people care about and, you know, GDPR. So in, you are in the Europe. So you know about GDPR. So GDPR initial it within the EU region to harmonize this different data protection laws in EU region, and to protect your citizen's personal data. I consider GDPR is kind of a game changer in personal data protection, because a it's high fine. So no one can ignore this personal data protection. So if they are willing to do the business with the EU regions, they have to comply with the GDPR. So due to that reason, not only the, the organization in the European union, I think around 190 countries affected with this GDPR. So all the organization in this countries have to comply with the GDPR, if they want to do business with the EU region.
And again, the, the California consume privacy act is the next biggest consumer privacy regulation came after the GDPR. This also enforced the personal data protection. This mainly talk about three, the concerns. So you talk about taking the, the personal data control back to you and to take the ownership of personal data back to the, the users and to make the personal data security. And again, the Brazil also has come up with the new, personal data regulation. I think more of these regulations come after the GDPR, and most of them are influenced with the GDPR, but anyway, that's a good sign. So the next question, so we are develop the systems to use for the people. So as the developers, so we have to think, how do we going to comply with this regulation? So one way to do it now in 2018, we have to comply with the GDPR.
So, okay. We have our system, so we make it ready for the GDPR. Then again, in 2020, we have to comply with the, the California consumer privacy act. So we have time, again, we can comply to the California privacy act at that time, but you all know that won't happen. So, you know, if you are in a production system, even if you need to put a single fix to the system, we have to go multiple ration. So the cost related to that is very high. So we can't do that thing. So how are we going to proceed with that thing? The alternative way is to embed this privacy concept into our design in the initial time. So if you know the GDPR, it, it talk about the privacy by design or the privacy by default concepts. Actually, this were there for a long time ago.
This privacy by design concept initially came up in the, in the Canada. I think Dr. Ann initiated this thing. So these concepts were there, but no one wanted to implement those stuff. Because at that time, all of these privacy regulations were not that much tough. So people didn't want to implement those things. So in the privacy, by design concept, it emphasize to take the, the, the, these principles and identify the risk that come can come future and implement your system to cater that requirement before they can come. Okay. So these are the seventh principles that discuss under the privacy by design. So let's go through each of these principles for, in the first principle is to the system should be proactive, not reacting, which means when we design the system, we should anticipate the privacy risk that can come future. So we need to build the system to handle those situations if they okay, so we should not wait till those come into picture before they come in, we have to handle those stuff.
Then the second principle says privacy should be a default setting. So even if it, if the privacy is the default setting, if some user comes and he does nothing to make his personal data protected, since we are going with this default setting with privacy enabled, we can ensure even if he don't do anything, his data is protected within the system. So that's what the privacy by default principle talks about. And the third principle is embed privacy, interior design. So the privacy shouldn't be an afterthought. So when you build the system, when you design the system, you should think about the privacy. Then the privacy would be a major component or an essential component in your system. So if you think after then it would be kind of add onto the system. People may use it or not, but when, when you make it as essential component with the system, it would be there.
And the fourth principle, it says the, the retain full function lead. It means when you design the system, it should cater all of these enforcement behind each of these private regulation. We should implement all most possible implementation in our system. And the fifth principle, it says it should ensure end to end security. It means if we have embedded the privacy into our design, before we collect the, the personal information, we know we are going to handle that in securement. In other words, if we implement this privacy by design concept, we can make sure we collect the information securely. We process this information securely, and we process this. We delete this personal information securely. We can make sure that thing. And again, in the sixth principle, we need to main the visibility and the transparency. So the, all the stakeholders should comply with this privacy regulation.
So the data subject know that this organization, or this system going to collect my data and they will use this data securely. So they have that trust. If you build this principle in our system, and with the servant principle, it says the, the CU customer should have the control of his personal data. Even if we collect the personal information with our system, the consumer should be able to come and see those data, and they should be able to handle their data. This data should be there under their wounds. So these are the seventh principle that are discussed under privacy, by design principles. So we know the principle, so how we are going to implement our system with this principle. So in this presentation, I'll discuss how to get this privacy by design principles to our system. So I'll more discuss about the, the application level actions or the task we have to do. I don't go into the infrastructure level implementation we have to take in this presentation. So let's,
So the first thing is we have to separate the personal data from the other information we have gathered. So what are the personal information? The personal information would be anything we can use to identify a user individual. It can be either users attributes. It can be username, email, mobile, number, something like that, or it can be something related to the behavior, what he does, where he go, what are the books that he'll read? So any behavior related information, so anything that can be used to identify a user would be information, the personal related information. So if you see at the typical organization or the application in the most of the application, we keep some sort of personal data. So this personal data is scattered around the system. So due to that reason,
We have to protect each of these systems. And let's say, we need to do some modification in use attributes. Then we have to go to each of these applications and we have to change then and there. And during that reason, it increased the attacker surface. So if one application is vulnerable, then easily it'll bridge the use information. So that is not a good, so how do we going to handle that thing? The, the, the best fit handle that piece, you can introduce a central system. We can say the identity and access management solution, so that central solution will, can, can manage the, all of this Inver use information in a single place. So since other application need this data on demand, they can request for this information. For example, let's say you are logging to the payroll system via the identity management solution. So once you go back to the identity management solution, you can bring your users information with the authenticated token or some sort of map. Then only with given session, you can keep that information. After that moment, you can discuss, cut this personal information.
So introducing centralized authentication or access management solution, you can get these kind of benefits. So it reduced the cost and the time you have to spend on managing user information in different systems, and it, it reduced the complexity of your system as well. And especially it reduced the attacker surface, and this is not related to the, the personal data protection. And, but it helped to expand your system aspect. So it's easy to bring another system and plug it into the, your existing system. In the previous case, it, it was very hard. So what about the cloud application? So still this cloud application, it means all, most, all of these cloud application now help to connect with trusted identity providers. So if you have selected the identity provider, which can communicate with open standard, you can easily connect with these cloud applications. Okay? So it's clear now we have a central system.
So we have questions. So something, if something happened to this system easily, all of the personal information will be breached. So how do we prevent that? Actually, if you see this 2007 Verizon data breach investigation report, it says 81% of data breaches happen through stolen passwords or weaker password. So we should guarantee that only the legitimate users will access this system. So how we are going to ensure that thing one way to introduce a multifactor authentication. So maybe we are using, we are imposing only the, the password authentication, but with the multifactor authentication, we can evaluate several factors to verify that use. But there's another interesting story behind multifactor authentication. Google says 90% of their users are not using the second fact authentication authenticator. Even they have configured in it with the Google. It means still if we provide the multifactor authentication, theres case, it means there's usability and the convenience.
So people like to use the simple authentication and getting to the system in this battle that the simplicity wins and people still go with the, the simpler authentication man. One way to handle this is to introduce the adaptive authentication. So evaluating the, the risk factors, context information, you can decide whether to elevate the authentication mechanisms or so adaptive authentication will help to handle that situation. So when you select an IAM provider to your solution, it's key to check whether they support these kind of features and further, you can use analytics and security alerts and audit trails within your organization to see whether any data breaches happen. If something happen, you can easily fix it as soon as possible.
And another thing you can do is you can anonymize and pseudonymization your data in the system. So with that, it'll make it hard to backtrack the actual user with the subset of information you have. So when you design system, what you can do is let's say you have a, you onboard the user at that time. At that time, you can generate some kind of system ID. So you can use that system ID across the system. So in the, all the logs and all the other places you can use this system ID. So one advantage is if you delete that user from the system, you can break this connection between the actual user and the system ID, then all the data will become anonymized. So that's the one key advantage with this applying ization into your system.
And another consideration we can take is we can use the standard protocols and standard token. So all these open standard are more secure because it's widely discussed with the expert in the industry. So those are proven mechanisms to communicate with each other. So even if something happened in this standard protocols, it'll come out very soon. So we know what are the IEDs we need to take. We can immediately take the actions and fix those actions. And again, we need to use the standard tokens and standard algorithms used to encrypt or the hashing. So always when you build the system better to go with the standard. So it'll make sure that your system won't be at risk if you are going with the proprietary stops. So the next key thing is how to collect this personal information. What are the considerations we need to consider when collecting this information and how we are going to store this personal information? The personal information gathering should be transparent. The data subject should know why this organization collecting my information, how they are going to collect this information and where do they still and how they, they process this information. So this information should be clear to the, the users. So one way to implement that is there, there should be a clear privacy policy in the system. So users, the consumers know these are the ways this organization going to use this information. So they feel more comfortable with the work organization
And consent pair. Another major role in this personal data collection in the GDPR. Also it discuss all the data processing should be under a valid consent. So before you process the data, you should get the consent from the user. I think this is the main reason you recently got many mail from different organization. So if they want to use the existing personal data, you have to get the consent. It means all the personal data processing should be underactive, underactive consent. And again, this consent should be for a purpose. It should be active and it should be bound to a time. And again, the consumer should be able to see the given consents and they should be able to modify and delete the given consents. And another point is we should collect only the minimum set of information we need to handle in our system. So the customers know these information are required for this system. So they will give only the required set of information. So as a system, we are also not in a risk since we have keep the minimum set of information we need.
And another key point is we need to make sure the customer or the consumer is controlling his own information to do that thing. What we can do is we can provide a user Porwal, basically users can come and see all the information, the user attributes they have given to the organization so they can see. And if they want to modify, they can modify. If they want to delete this stuff, they can ask to delete. And again, this user Porwal can be used to let the users to manage their consents as well. So here they can see all the given consents and they can manage their consents there as well. So these are the some action items you can take when you need to embed the privacy by design principles into your application. If I conclude, I discuss about the requirement of the personal data protection, and I talk about the privacy by design principles and some of the, the actions you can take when you build privacy by design principles, into your applications. That's all. Thank you. So if you have any questions I can ask,
Thank you.

Video Links

Stay Connected

KuppingerCole on social media

How can we help you

Send an inquiry

Call Us +49 211 2370770

Mo – Fr 8:00 – 17:00