PRIVACY BY DESIGN - Swiss Re Group | Swiss Re1501cdb9-c65b-4641... · Potential Impact on Consumer...
Transcript of PRIVACY BY DESIGN - Swiss Re Group | Swiss Re1501cdb9-c65b-4641... · Potential Impact on Consumer...
© Copyright Allianz
PRIVACY BY DESIGN
How to promote trust
in innovative insurance products
Allianz SE
Group Privacy / Sarah Johanna Zech /
Rüschlikon/ 25 September 2018
© Copyright Allianz 25-Sep-18
Privacy by Design | Sarah Zech | Digital Compliance Counsel
2
SIMPLICITY VS. COMPLEXITY?
© Copyright Allianz
01 OVERVIEW
GDPR Framework 04 INNOVATIVE INSURANCE PRODUCTS
Use Examples
02 ORGANISATIONAL SETUP
Role of Digital Compliance Counsel 05 CUSTOMER TRUST
Transparency & Data Sovereignty
03 TOOLS & MEASURES
Privacy Impact Assessments, TOMs
CONTENT
25-Sep-18
Privacy by Design | Sarah Zech | Digital Compliance Counsel
3
© Copyright Allianz
01
OVERVIEW
• Background
• GDPR Framework
• Holistic Approach
25-Sep-18
Privacy by Design | Sarah Zech | Digital Compliance Counsel
4
© Copyright Allianz
1. Proactive not Reactive, Preventative not Remedial
2. Privacy as the Default Setting
3. Privacy Embedded into Design
4. Full Functionality – Positive-Sum, not Zero-Sum
5. End-to-End Security – Full Lifecycle Protection
6. Visibility and Transparency – Keep it Open
7. Respect for User Privacy – Keep it User-Centric
“7 foundational principles” by Ann Cavoukian
25-Sep-18
Privacy by Design | Sarah Zech | Digital Compliance Counsel
5
BACKGROUND (1)
Overview
© Copyright Allianz
Article 29 Data Protection Working Party, The Future of Privacy, WP 168, 2009, p. 13:
"Whereas the above provisions of the Directive [Rec. 46, Articles 6, 16, 17 Directive
95/46/EC] are helpful towards the promotion of privacy by design, in practice they have not
been sufficient in ensuring that privacy is embedded in ICT. […] It is for these reasons that
the new legal framework has to include a provision translating the currently punctual
requirements into a broader and consistent principle of privacy by design.“
25-Sep-18
Privacy by Design | Sarah Zech | Digital Compliance Counsel
6
BACKGROUND (2)
Overview
© Copyright Allianz
32nd International Conference of Data Protection and Privacy Commissioners,October 2010, Resolution on Privacy by Design
“Knowing that with technological advances come new challenges to privacy and to the ability of
individuals to exercise their information rights effectively […], understanding that a more robust
approach is required to address the evergrowing and systemic effects of Information and
Communication Technologies (ICT) […], the 32nd International Conference of Data Protection
and Privacy Commissioners gathered at Jerusalem therefore resolves to:
1. Recognize Privacy by Design as an essential component of fundamental privacy protection”
25-Sep-18
Privacy by Design | Sarah Zech | Digital Compliance Counsel
7
BACKGROUND (3)
Overview
© Copyright Allianz
GDPR FRAMEWORK
Overview
25-Sep-18
Privacy by Design | Sarah Zech | Digital Compliance Counsel
8
• Lawfulness, Fairness
• Purpose Limitation
• Data Minimisation
• Accuracy
• Storage Limitation
• Confidentiality
• Accountability Principle
• Transparency (in case of profiling:
information about the logic involved
and the consequences)
• Implementation of TOMs both at
the time of the determination of
the means for processing and at
the time of the processing itself
to address data protection
principles (e.g. data minimisation)
/ the GDPR requirements
taking into account the cost of
implementation, the nature,
scope, context, purposes of
processing; risk-based approach
• Implementation of appropriate
technical and organisational
measures (TOMs)
including security measures such
as pseudonymisation, encryption
of personal data
to ensure and demonstrate
GDPR compliance
GDPR Principles
(Art. 5)
Privacy by Design
(Art. 25)
TOMs, Security
(Art. 24, 32)
© Copyright Allianz 25-Sep-18
Privacy by Design | Sarah Zech | Digital Compliance Counsel
9
© Copyright Allianz
02
ORGANISATIONAL SETUP
• Role of Digital Compliance Counsel
• Allianz Group Digital Transformation
25-Sep-18
Privacy by Design | Sarah Zech | Digital Compliance Counsel
10
© Copyright Allianz 25-Sep-18
Privacy by Design | Sarah Zech | Digital Compliance Counsel
11
ROLE OF DIGITAL COMPLIANCE COUNSEL (1)
Organisational Setup
© Copyright Allianz 25-Sep-18
Privacy by Design | Sarah Zech | Digital Compliance Counsel
12
ROLE OF DIGITAL COMPLIANCE COUNSEL (2)
Organisational Setup
© Copyright Allianz 25-Sep-18
Privacy by Design | Sarah Zech | Digital Compliance Counsel
13
ALLIANZ GROUP DIGITAL TRANSFORMATION
Organisational Setup
© Copyright Allianz
03
TOOLS & MEASURES
• Privacy Impact Assessments, OneTrust Tool
• Technical & Organisational Measures
• Privacy by Design in Big Data
25-Sep-18
Privacy by Design | Sarah Zech | Digital Compliance Counsel
14
© Copyright Allianz
EDPS, Preliminary Opinion on privacy by design, 5/2018, p. 8; Article 29 Data Protection Working Party, Guidelines on DPIA, WP 248 rev.01, 2017, p. 14: A Data Protection Impact Assessment (DPIA) serves as a data protection by design safeguard, because it should be carried out prior to the processing of personal data Allianz Functional Rule For Privacy Impact Assessments (PIAs) with Records of Processing: “This functional rule sets out PIA requirements for OEs [Operative Entities] acting as Data Controllers and Data Processors. In some cases, OEs may not deal with Personal Data directly as a Data Controller or a Data Processor, but may be responsible for the design or development of solutions, products, services etc., that involve or impact the Processing of Personal Data. In such cases, it is recommended that the OE observes the principles of Privacy by Design & Default […] and follows the PIA process as appropriate, to ensure that privacy and data protection requirements are factored in at the earliest stage of the design and development of solutions. The decision whether to conduct the PIA shall be made by the DPO on a case by case basis.”
25-Sep-18
Privacy by Design | Sarah Zech | Digital Compliance Counsel
15
PRIVACY IMPACT ASSESSMENTS
Tools & Measures
© Copyright Allianz
Process Register – Documentation of details about processing activities involving personal data, including how personal data is collected and handled. Privacy Compliance Screening – Screening of the processing activity against legal, regulatory and internal policy requirements. Risk Management – Privacy risks must be identified while reviewing the Process Register and Privacy Compliance Screening. Actions to address or mitigate any privacy risks identified must be defined. The Privacy Compliance Screening must be conducted for all processes posing a high data privacy & protection risk (e.g. scoring of an individual, automated decision-making, processing on a large scale) . It should be completed for any existing or planned initiatives that include new or significant modifications to processes involving personal data. For low to medium risk processes, the DPP/DPO may determine, on a case-by-case basis, whether or not a Privacy Compliance Screening should be progressed. Any decision not to conduct a Privacy Compliance Screening must be documented accordingly.
25-Sep-18
Privacy by Design | Sarah Zech | Digital Compliance Counsel
16
PIA PROCESS – ALLIANZ APPROACH
Tools & Measures
© Copyright Allianz 25-Sep-18
Privacy by Design | Sarah Zech | Digital Compliance Counsel
17
ONE TRUST TOOL – PROCESS REGISTER
Tools & Measures
© Copyright Allianz 25-Sep-18
Privacy by Design | Sarah Zech | Digital Compliance Counsel
18
ONE TRUST TOOL – PRIVACY ASSESSMENT
Tools & Measures
© Copyright Allianz
Recital 78 GDPR:
In order to be able to demonstrate compliance with this Regulation, the controller should adopt internal policies
and implement measures which meet in particular the principles of data protection by design and data
protection by default.
Such measures could consist, inter alia, of minimising the processing of personal data, pseudonymising
personal data as soon as possible, transparency with regard to the functions and processing of personal
data, enabling the data subject to monitor the data processing, enabling the controller to create and improve
security features.
25-Sep-18
Privacy by Design | Sarah Zech | Digital Compliance Counsel
19
TECHNICAL AND ORGANISATIONAL MEASURES
Tools & Measures
Case-by-Case Assessment Principle of Proportionality
© Copyright Allianz 25-Sep-18
Privacy by Design | Sarah Zech | Digital Compliance Counsel
20
PRIVACY BY DESIGN IN BIG DATA
Tools & Measures
The challenges of technology
should be addressed
by the opportunities of technology.
© Copyright Allianz
04
INNOVATIVE INSURANCE
PRODUCTS
Use Examples
• Chatbots
• Robo Advice
25-Sep-18
Privacy by Design | Sarah Zech | Digital Compliance Counsel
21
© Copyright Allianz
05
CUSTOMER TRUST
• Transparency & Data Sovereignty
• Fair Treatment of Customers
• Privacy’s Blueprint?
25-Sep-18
Privacy by Design | Sarah Zech | Digital Compliance Counsel
22
© Copyright Allianz
TRANSPARENCY
Customer Trust
25-Sep-18
Privacy by Design | Sarah Zech | Digital Compliance Counsel
23
Automated decision-making
Art. 22 (1) GDPR Art. 22 (2) Art. 22 (3) Art. 13-15
• Suitable measures
to safeguard the
individual's rights
• at least: right to
obtain human
intervention
express one’s view
contest decision
• Right not to be
subject to a decision
based solely on
automated
processing/ profiling
which produces legal
effects concerning
him or her
• Transparency about
existence of
automated decision-
making
logic involved
envisaged
consequences for
the individual
Use Example
• Exemption (e.g.):
performance of a
contract
necessary for entering
into a contract
individual‘s consent
© Copyright Allianz
No black box excuses
Responsibility of supervised firms to guarantee the
explainability/traceability of BDAI-based decisions. Explainability describes the ability to determine the
main factors influencing a specific individual decision that has been reached by a system.
Ensure consumer sovereignty to build trust
Data sovereignty can be understood as the
individuals' capacity to maintain transparency and control over the possession, use and deletion of their personal data.
However, consumers can only make their own,
well-informed decisions if they have transparent, clear and easy-to-understand information on BDAI data usage.
25-Sep-18
Privacy by Design | Sarah Zech | Digital Compliance Counsel
24
TRANSPARENCY & DATA SOVEREIGNTY
Customer Trust
BaFin, Big data meets artificial intelligence, June 2018
© Copyright Allianz 25-Sep-18
Privacy by Design | Sarah Zech | Digital Compliance Counsel
25
FAIR TREATMENT OF CUSTOMERS
Customer Trust
IAIS, Increasing Use of Digital Technology in Insurance and its
Potential Impact on Consumer Outcomes, Consultation Draft, July 2018
“Digitalisation has an impact on consumer protection and the extent to which customers are treated
fairly; […] Digital innovations can potentially improve the customer experience and reduce insurers’
operating cost. However, in respect of product design, marketing and sales due attention needs to be
given to achieving fair customer outcomes in terms of suitability of products and soundness of IT
processes including design and use of algorithms and use of customer data.”
© Copyright Allianz
Privacy Values in Design
• Foundational privacy-related values
affected by design:
1. Trust
2. Obscurity
3. Autonomy
These values fill privacy law‘s design gap
and make it sustainable in a digital world.
Trust: making oneself vulnerable to others
Obscurity: value associated with
people/their data being hard to be found
Autonomy: freedom from external
interference
Enabling other values like dignity, identity,
free speech and self-fulfillment.
Boundaries for Design
• Lawmakers should set standards to
discourage three kinds of design:
1. Deceptive Design
2. Abusive Design
3. Dangerous Design
and borrow established concepts from
product safety + consumer protection law:
prevention/compensation for defective
design and defective warnings
deterring wrongful interference with
consumers‘ ability to make market
decisions; protecting vulnerabilities of
market participants
encouraging truthful communication
Tool Kit for Privacy Design
• There are many legal and policy tools to
proactively shape design:
1. Soft Responses
2. Moderate Responses
3. Robust Responses
Soft responses should be used early and
often; robust responses sparingly.
Soft: education, funding, technical standards
Moderate: mandatory disclosure (warnings to
generate skepticism, notice through design
via symbols, interface aesthetics, feedback
mechanisms), mandatory process (PbD, PIA)
Robust: liability for defective/dangerous
design, certification/ authorization schemes
25-Sep-18
Privacy by Design | Sarah Zech | Digital Compliance Counsel
26
PRIVACY’S BLUEPRINT ? (1)
Customer Trust
W. Hartzog:Privacy‘s Blueprint – The battle to control the design of new technologies, 2018
A NEW DESIGN AGENDA FOR PRIVACY
© Copyright Allianz
PRIVACY‘S BLUEPRINT ? (2)
Customer Trust
25-Sep-18 Privacy by Design | Sarah Zech | Digital Compliance Counsel
27
Product safety law
requires reasonable
warnings, not just
confusing boilerplate
tucked away where
no one will find it
Privacy’s Blueprint
should unburden
users from the tornado
of choices, which are
more about furnishing
the basis for mass
data processing
“Control” regimes too
often end up as less
meaningful “consent”
regimes
W. Hartzog:Privacy‘s Blueprint – The battle to control the design of new technologies, 2018
TRUST OVER CONTROL
When design
overleverages
control, it shifts the
risk of loss onto the
user of technology
Lawmakers should
focus on how the
signals generated
by design/ the user
interface help us
trust other people
© Copyright Allianz 25-Sep-18
Privacy by Design | Sarah Zech | Digital Compliance Counsel
28
THANK YOU!
Basic Copyright Notice & Disclaimer
©2018 This presentation is copyright protected. All rights reserved. You may download or print out a hard copy for your private or internal use. You are not permitted to create any modifications or derivatives of this presentation without the prior written permission of the copyright owner.
This presentation is for information purposes only and contains non-binding indications. Any opinions or views expressed are of the author and do not necessarily represent those of Swiss Re. Swiss Re makes no warranties or representations as to the accuracy, comprehensiveness, timeliness or suitability of this presentation for a particular purpose. Anyone shall at its own risk interpret and employ this presentation without relying on it in isolation. In no event will Swiss Re be liable for any loss or damages of any kind, including any direct, indirect or consequential damages, arising out of or in connection with the use of this presentation.