PRIVACY BY DESIGN - Swiss Re Group | Swiss Re1501cdb9-c65b-4641... · Potential Impact on Consumer...

© Copyright Allianz

PRIVACY BY DESIGN

How to promote trust

in innovative insurance products

Allianz SE

Group Privacy / Sarah Johanna Zech /

Rüschlikon/ 25 September 2018

© Copyright Allianz 25-Sep-18

Privacy by Design | Sarah Zech | Digital Compliance Counsel

2

SIMPLICITY VS. COMPLEXITY?


01 OVERVIEW

GDPR Framework 04 INNOVATIVE INSURANCE PRODUCTS

Use Examples

02 ORGANISATIONAL SETUP

Role of Digital Compliance Counsel 05 CUSTOMER TRUST

Transparency & Data Sovereignty

03 TOOLS & MEASURES

Privacy Impact Assessments, TOMs

CONTENT

25-Sep-18


3


01

OVERVIEW

• Background

• GDPR Framework

• Holistic Approach

25-Sep-18


4


1. Proactive not Reactive, Preventative not Remedial

2. Privacy as the Default Setting

3. Privacy Embedded into Design

4. Full Functionality – Positive-Sum, not Zero-Sum

5. End-to-End Security – Full Lifecycle Protection

6. Visibility and Transparency – Keep it Open

7. Respect for User Privacy – Keep it User-Centric

“7 foundational principles” by Ann Cavoukian

25-Sep-18


5

BACKGROUND (1)

Overview


Article 29 Data Protection Working Party, The Future of Privacy, WP 168, 2009, p. 13:

"Whereas the above provisions of the Directive [Rec. 46, Articles 6, 16, 17 Directive

95/46/EC] are helpful towards the promotion of privacy by design, in practice they have not

been sufficient in ensuring that privacy is embedded in ICT. […] It is for these reasons that

the new legal framework has to include a provision translating the currently punctual

requirements into a broader and consistent principle of privacy by design.“

25-Sep-18


6

BACKGROUND (2)

Overview


32nd International Conference of Data Protection and Privacy Commissioners,October 2010, Resolution on Privacy by Design

“Knowing that with technological advances come new challenges to privacy and to the ability of

individuals to exercise their information rights effectively […], understanding that a more robust

approach is required to address the evergrowing and systemic effects of Information and

Communication Technologies (ICT) […], the 32nd International Conference of Data Protection

and Privacy Commissioners gathered at Jerusalem therefore resolves to:

1. Recognize Privacy by Design as an essential component of fundamental privacy protection”

25-Sep-18


7

BACKGROUND (3)

Overview


GDPR FRAMEWORK

Overview

25-Sep-18


8

• Lawfulness, Fairness

• Purpose Limitation

• Data Minimisation

• Accuracy

• Storage Limitation

• Confidentiality

• Accountability Principle

• Transparency (in case of profiling:

information about the logic involved

and the consequences)

• Implementation of TOMs both at

the time of the determination of

the means for processing and at

the time of the processing itself

to address data protection

principles (e.g. data minimisation)

/ the GDPR requirements

taking into account the cost of

implementation, the nature,

scope, context, purposes of

processing; risk-based approach

• Implementation of appropriate

technical and organisational

measures (TOMs)

including security measures such

as pseudonymisation, encryption

of personal data

to ensure and demonstrate

GDPR compliance

GDPR Principles

(Art. 5)

Privacy by Design

(Art. 25)

TOMs, Security

(Art. 24, 32)



9


02

ORGANISATIONAL SETUP

• Role of Digital Compliance Counsel

• Allianz Group Digital Transformation

25-Sep-18


10



11

ROLE OF DIGITAL COMPLIANCE COUNSEL (1)

Organisational Setup



12

ROLE OF DIGITAL COMPLIANCE COUNSEL (2)




13

ALLIANZ GROUP DIGITAL TRANSFORMATION



03

TOOLS & MEASURES

• Privacy Impact Assessments, OneTrust Tool

• Technical & Organisational Measures

• Privacy by Design in Big Data

25-Sep-18


14


EDPS, Preliminary Opinion on privacy by design, 5/2018, p. 8; Article 29 Data Protection Working Party, Guidelines on DPIA, WP 248 rev.01, 2017, p. 14: A Data Protection Impact Assessment (DPIA) serves as a data protection by design safeguard, because it should be carried out prior to the processing of personal data Allianz Functional Rule For Privacy Impact Assessments (PIAs) with Records of Processing: “This functional rule sets out PIA requirements for OEs [Operative Entities] acting as Data Controllers and Data Processors. In some cases, OEs may not deal with Personal Data directly as a Data Controller or a Data Processor, but may be responsible for the design or development of solutions, products, services etc., that involve or impact the Processing of Personal Data. In such cases, it is recommended that the OE observes the principles of Privacy by Design & Default […] and follows the PIA process as appropriate, to ensure that privacy and data protection requirements are factored in at the earliest stage of the design and development of solutions. The decision whether to conduct the PIA shall be made by the DPO on a case by case basis.”

25-Sep-18


15

PRIVACY IMPACT ASSESSMENTS

Tools & Measures


Process Register – Documentation of details about processing activities involving personal data, including how personal data is collected and handled. Privacy Compliance Screening – Screening of the processing activity against legal, regulatory and internal policy requirements. Risk Management – Privacy risks must be identified while reviewing the Process Register and Privacy Compliance Screening. Actions to address or mitigate any privacy risks identified must be defined. The Privacy Compliance Screening must be conducted for all processes posing a high data privacy & protection risk (e.g. scoring of an individual, automated decision-making, processing on a large scale) . It should be completed for any existing or planned initiatives that include new or significant modifications to processes involving personal data. For low to medium risk processes, the DPP/DPO may determine, on a case-by-case basis, whether or not a Privacy Compliance Screening should be progressed. Any decision not to conduct a Privacy Compliance Screening must be documented accordingly.

25-Sep-18


16

PIA PROCESS – ALLIANZ APPROACH

Tools & Measures



17

ONE TRUST TOOL – PROCESS REGISTER

Tools & Measures



18

ONE TRUST TOOL – PRIVACY ASSESSMENT

Tools & Measures


Recital 78 GDPR:

In order to be able to demonstrate compliance with this Regulation, the controller should adopt internal policies

and implement measures which meet in particular the principles of data protection by design and data

protection by default.

Such measures could consist, inter alia, of minimising the processing of personal data, pseudonymising

personal data as soon as possible, transparency with regard to the functions and processing of personal

data, enabling the data subject to monitor the data processing, enabling the controller to create and improve

security features.

25-Sep-18


19

TECHNICAL AND ORGANISATIONAL MEASURES

Tools & Measures

Case-by-Case Assessment Principle of Proportionality



20

PRIVACY BY DESIGN IN BIG DATA

Tools & Measures

The challenges of technology

should be addressed

by the opportunities of technology.


04

INNOVATIVE INSURANCE

PRODUCTS

Use Examples

• Chatbots

• Robo Advice

25-Sep-18


21


05

CUSTOMER TRUST

• Transparency & Data Sovereignty

• Fair Treatment of Customers

• Privacy’s Blueprint?

25-Sep-18


22


TRANSPARENCY

Customer Trust

25-Sep-18


23

Automated decision-making

Art. 22 (1) GDPR Art. 22 (2) Art. 22 (3) Art. 13-15

• Suitable measures

to safeguard the

individual's rights

• at least: right to

obtain human

intervention

express one’s view

contest decision

• Right not to be

subject to a decision

based solely on

automated

processing/ profiling

which produces legal

effects concerning

him or her

• Transparency about

existence of

automated decision-

making

logic involved

envisaged

consequences for

the individual

Use Example

• Exemption (e.g.):

performance of a

contract

necessary for entering

into a contract

individual‘s consent


No black box excuses

Responsibility of supervised firms to guarantee the

explainability/traceability of BDAI-based decisions. Explainability describes the ability to determine the

main factors influencing a specific individual decision that has been reached by a system.

Ensure consumer sovereignty to build trust

Data sovereignty can be understood as the

individuals' capacity to maintain transparency and control over the possession, use and deletion of their personal data.

However, consumers can only make their own,

well-informed decisions if they have transparent, clear and easy-to-understand information on BDAI data usage.

25-Sep-18


24

TRANSPARENCY & DATA SOVEREIGNTY

Customer Trust

BaFin, Big data meets artificial intelligence, June 2018



25

FAIR TREATMENT OF CUSTOMERS

Customer Trust

IAIS, Increasing Use of Digital Technology in Insurance and its

Potential Impact on Consumer Outcomes, Consultation Draft, July 2018

“Digitalisation has an impact on consumer protection and the extent to which customers are treated

fairly; […] Digital innovations can potentially improve the customer experience and reduce insurers’

operating cost. However, in respect of product design, marketing and sales due attention needs to be

given to achieving fair customer outcomes in terms of suitability of products and soundness of IT

processes including design and use of algorithms and use of customer data.”


Privacy Values in Design

• Foundational privacy-related values

affected by design:

1. Trust

2. Obscurity

3. Autonomy

These values fill privacy law‘s design gap

and make it sustainable in a digital world.

Trust: making oneself vulnerable to others

Obscurity: value associated with

people/their data being hard to be found

Autonomy: freedom from external

interference

Enabling other values like dignity, identity,

free speech and self-fulfillment.

Boundaries for Design

• Lawmakers should set standards to

discourage three kinds of design:

1. Deceptive Design

2. Abusive Design

3. Dangerous Design

and borrow established concepts from

product safety + consumer protection law:

prevention/compensation for defective

design and defective warnings

deterring wrongful interference with

consumers‘ ability to make market

decisions; protecting vulnerabilities of

market participants

encouraging truthful communication

Tool Kit for Privacy Design

• There are many legal and policy tools to

proactively shape design:

1. Soft Responses

2. Moderate Responses

3. Robust Responses

Soft responses should be used early and

often; robust responses sparingly.

Soft: education, funding, technical standards

Moderate: mandatory disclosure (warnings to

generate skepticism, notice through design

via symbols, interface aesthetics, feedback

mechanisms), mandatory process (PbD, PIA)

Robust: liability for defective/dangerous

design, certification/ authorization schemes

25-Sep-18


26

PRIVACY’S BLUEPRINT ? (1)

Customer Trust

W. Hartzog:Privacy‘s Blueprint – The battle to control the design of new technologies, 2018

A NEW DESIGN AGENDA FOR PRIVACY


PRIVACY‘S BLUEPRINT ? (2)

Customer Trust

25-Sep-18 Privacy by Design | Sarah Zech | Digital Compliance Counsel

27

Product safety law

requires reasonable

warnings, not just

confusing boilerplate

tucked away where

no one will find it

Privacy’s Blueprint

should unburden

users from the tornado

of choices, which are

more about furnishing

the basis for mass

data processing

“Control” regimes too

often end up as less

meaningful “consent”

regimes

W. Hartzog:Privacy‘s Blueprint – The battle to control the design of new technologies, 2018

TRUST OVER CONTROL

When design

overleverages

control, it shifts the

risk of loss onto the

user of technology

Lawmakers should

focus on how the

signals generated

by design/ the user

interface help us

trust other people



28

THANK YOU!

Basic Copyright Notice & Disclaimer

©2018 This presentation is copyright protected. All rights reserved. You may download or print out a hard copy for your private or internal use. You are not permitted to create any modifications or derivatives of this presentation without the prior written permission of the copyright owner.

This presentation is for information purposes only and contains non-binding indications. Any opinions or views expressed are of the author and do not necessarily represent those of Swiss Re. Swiss Re makes no warranties or representations as to the accuracy, comprehensiveness, timeliness or suitability of this presentation for a particular purpose. Anyone shall at its own risk interpret and employ this presentation without relying on it in isolation. In no event will Swiss Re be liable for any loss or damages of any kind, including any direct, indirect or consequential damages, arising out of or in connection with the use of this presentation.

PRIVACY BY DESIGN - Swiss Re Group | Swiss Re1501cdb9-c65b-4641... · Potential Impact on Consumer...

Documents

Transcript of PRIVACY BY DESIGN - Swiss Re Group | Swiss Re1501cdb9-c65b-4641... · Potential Impact on Consumer...