1 / 22

RFID and privacy

RFID and privacy. RFID Security: theory and practice Lorentz Center, 26-28 March 2008. Introduction. College Bescherming Persoonsgegevens (the Dutch data protection authority) Rina Steenkamp (rst@cbpweb.nl). Understanding privacy implications of new technologies. A technical perspective (1).

base
Télécharger la présentation

RFID and privacy

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. RFID and privacy RFID Security: theory and practice Lorentz Center, 26-28 March 2008

  2. Introduction • College Bescherming Persoonsgegevens (the Dutch data protection authority) • Rina Steenkamp (rst@cbpweb.nl)

  3. Understanding privacy implications of new technologies

  4. A technical perspective (1) RFID technology Immediate response Tag interpretation

  5. A technical perspective (2) Database technology Delayed response Data accumulation Tag interpretation

  6. A technical perspective (3) Shared databases Data mining / data sharing Response may be out of context Data accumulation Tag interpretation

  7. A data protection perspective (1) Doesn’t necessarily involve personal data… … though it may trigger the creation of personal data… … and there might be other privacy implications as well. Tag interpretation

  8. A data protection perspective (2) Personal data Data accumulation Identifier Tag interpretation

  9. A privacy perspective (3) Data mining / data sharing Personal data Data accumulation Identifier Tag interpretation

  10. An ‘application’ perspective (1) Tag interpretation

  11. An ‘application’ perspective (2) Tag interpretation

  12. An ‘application’ perspective (3) Profiling based on combination of tags… … combination of tags may identify the individual… …’gold’ credit card… …expensive watch… … and some tags might say the darndest things. …works at animal testing lab… …card-carrying communist… Tag interpretation

  13. An ‘application’ perspective (4) Profiling based on combination of tags… …tiny tags that can be read at fairly long distances… …embedded in objects that people have on their person… …combination of tags may the individual… …’gold’ credit card… For this scenario to become a reality, we need… …with understandable tag content… …expensive watch… … and some tags might say the darndest things. …works at animal testing lab… …that is being read and interpreted. …card-carrying communist… Tag interpretation

  14. An ‘application’ perspective (5) Digital identity Data accumulation Identifier Tag interpretation

  15. An ‘application’ perspective (6) Unique product identifier Data accumulation Identifier Tag interpretation

  16. An ‘application’ perspective (7) Sense of urgency Expectation of profit Will Data mining / data sharing Legal obligation Funding Ability Standards Interoperability Data accumulation Tag interpretation

  17. Risks Unfair treatment Scope creep Data mining / data sharing Excessive collection and processing of personal data Data accumulation Hidden / unwanted tags Tag interpretation Hidden / unwanted reading

  18. Risk mitigation Show and tell Keep it in proportion – and beware of scope creep Data mining / data sharing Data accumulation Think before you tag Think before you link Tag interpretation Allow to delete, disable, destroy

  19. Legal safeguards (1) Show and tell Openness Keep it in proportion Use limitation Purpose specification Think before you tag Collection limitation Think before you link Individual participation Allow to delete, disable, destroy

  20. Openness Use limitation Purpose specification Collection limitation Individual participation Legal safeguards (2) Security Data quality Accountability

  21. http://www.rathenau.nl http://ec.europa.eu/information_society/policy/rfid/index_en.htm http://www.dutchdpa.nl/ http://www.cbpweb.nl/ http://www.ecp.nl http://www.nvvir.nl/ RFID and privacy on the WWW

  22. Questions? Concerns? Etc.

More Related