Post on 25-Mar-2020
Mai 2018 : de nouvelles exigences
Ethiques pour les Data
Management Platform (DMP)
Mr David ROBERT
12 Octobre 2016
General data
Protection
Regulation
The New European General Data
Protection Regulation (GDPR) which
aim to give citizens back control of their
personal data and create a high,
uniform level of data protection across
the EU fit for the digital era was given
their final approval by European
Parliament on the 14th April 2016.
The reform also sets minimum
standards on use of data for policing
and judicial purposes.
2 2
3 3
The
Specification Matrix
The GDPR requirements
StakeHolders GDPR Requirements
Citizens Digital Identity
Citizens Private data Ownership and linkability
Citizens + Enterprise & Institutions Citizens + Enterprise & Institutions
Data Portability / Data transfer Binding Corporate Rules (BCRs) Right to Forget / to Erasure
Citizens + Enterprise & Institutions Informed consent Minor Child Protection
Citizens + Enterprise & Institutions Data breach
Enterprise & Institutions Responsability & Accountability Privacy By default, Privacy by Design
Data Protection Agencies European Data Protection Board
Tools for Data Protection Officers One stop shop for complaints & Enforcement Sanctions Management
4 4
What the main digital services required by the
GDPR ?
ENTERPRISE’S DATA LAKEENTERPRISE’S DATA LAKE
Enterprise A
Data logistic Watermarking &tracking
SMART
CONSENT
1. Self-Sovereign Digital Identities
for all Citizens
FR1ROBERTDAVID3103197085100336460840850104200099999999
3. Data Ownership and Access
control managed by clear
Informed consent (Opt In / Opt
Out)
FR1ROBERTDAVID3103197085100336460840850104200099999999
4. Data Portability and traceability
with/without Erasure Enterprise B
BLOCKCHAIN PASSPORT - PROOF OF EXISTENCE & WORLD CITIZENSHIP
8 1 8 1 3 2 6 8 1 5 9 E5 1 D1
GIVEN NAME
SATOSHI
KYC with Zero Knowledge Proof
5. Dispute resolution
management and
Automated Audit by the
Data Protection
Agencies
2. Linking Self-
Sovereign Digital
Identities with
Enterprise DataLakes
(Compatible with “Zero
Knowledge Proof”)
5 5
The
benefits
What are the benefits for the Citizens?
Reconnecting Citizens with the Ownership of
their Information galaxie.
6 6
The
benefits
But There are Benefits for the all
stakeholders !
The Private & Public sector will be permissioned to deliver
trusted advanced data Services to their Consumer and Fellow
Citizens SINGLE DIGITAL MARKET !!!
CEN Workshop 84
Self-Sovereign Identifier(s) for
Personal Data Ownership and
Access Control
How to make the General
Data Protection Regulation
ACTIONABLE for all
Stakeholders ?
8 8
The
DNS
where is
www.domain.org?
Ask
them
Ask
them
Ask
them
Don’t know Don’t knowwww.domain.org
is at 192.0.2.0!
DNS query
What happens when you type
« www.europa.eu » in your browser?
Your browser will ask different
servers until one of them
finds your answer
9 9
My
data
What if we could have the same
service for our personnal data?
Where are my data? Who is using it?
Who DNS DataCenter Country
Identity Level Last Usage Consentment (OptIn/ OptOut)
AOK AOK.de Munich eIDAS 2 12 April 2016 FULL
Paypal Paypal.com Luxembourg eIDAS 2 01 April 2016 TACIT
BNP Paribas Bnpparibas.com Paris eIDAS 3 – Basel 3
12 April 2016 FULL
Neckerman neckermann.de Hamburg Partial 01 April 2016 PARTIAL
TESCO Tesco.co.uk Manchester Partial 01 January 2016
REVOKED
…..
10 10
My
data
What if we could have the same
service for our personnal data?
Where are my data? Who is using it?
Who DNS DataCenter Country
Identity Level Last Usage Consentment (OptIn/ OptOut)
AOK AOK.de Munich eIDAS 2 12 April 2016 FULL
Paypal Paypal.com Luxembourg eIDAS 2 01 April 2016 TACIT
BNP Paribas Bnpparibas.com Paris eIDAS 3 – Basel 3
12 April 2016 FULL
Neckerman neckermann.de Hamburg Partial 01 April 2016 PARTIAL
TESCO Tesco.co.uk Manchester Partial 01 January 2016
REVOKED
…..
GDPSGlobal Data Positioning System
Promoting
the first “Smart Data
& Privacy” Standard
Paving the road to the “Global Data
Positioning System” on the
Blockchain
THE BLOCKCHAIN MAIN COMPONENTS
11 11 Designed to serve GDPR’s
principles
Individual perSonal data Auditable addrEss Number
The standardization
bodies and the
promoters
12 12
Joint the
Standarization
Group
Contact point
robert.david@aeternam.eu
+33 (0)6 46 08 40 85 13 13
http://www.cen.eu/work/areas/ICT/Pages/WS-IS%C3%86N.aspx
clement.chevauche@afnor.org
+33 (0)1 41 62 82 79
Big Data & Privacy
The EU Passenger
Named record
15 15
True Story
Zero Security in a Thalys
Trip from Paris – Brussels –
Brussels to Eindhoven
• When a non dematerialized ticket is lost, the train manager has zero knowledge about who was traveling on seat 32- Coach 16 on Train number : THA 9993.
• Anyone can travel with the paper based ticket with fake identity.
Any test Pilot ?
16 16
EU Passenger Name Record (PNR)
BLOCKCHAIN PASSPORT - PROOF OF EXISTENCE & WORLD CITIZENSHIP
8 1 8 1 3 2 6 8 1 5 9 E5 1 D1
GIVEN NAME
SATOSHI
EURONET Consumer Database
1. Generate Identities 2. Know You Customer Federation of Digital ID providers but also capture of passport, ID Via scanner or mobile App
3. Certified Blockchain Personal Address 4. Blockchain Notarisation of
Information Federation of Digital ID providers but also capture of passport, ID Via scanner or mobile App
5. ANY Dematerialized Smart documents Contracts Tickets, Invoices, certificate of Payment, proof of travel, Insurance, refund forms….
17 17
Authentication 1 Blockchain
Access to the ÆVATAR is strictly controlled to enforce your privacy. Authentication can be performed using multiple mechanisms…
18 18
QR Code Blockchain
The Address Hash is stored on user device as QR Code
This QR code can be scanned by merchants or other providers to initiate requests for personal data :
Blockchain ÆVATAR
Registration without transmitting clear text attributes
Address QR Code
• agh2e2tt2eet22eee2ty5ee4r54te54te454te
19 19
Travel Search Blockchain
Direct Dialog with Zero Private information
exchange
20 20
Travel Basket Blockchain
Blockchain
Purchase & Payment
• THALYS 9993 Seat 45 – Coach 9 • 7Th October 2016 • Blockchain address :
agh2e2tt2eet22eee2ty5ee4r54te54te454te • This is the correct purchased Geoloc • The traveller is European and over 18 yrs
21 21
Scan your Seat
Self-Checking Blockchain
ÆVATAR CARRIER Blockchain
• Self checking on THALYS 9993 Seat 45 – Coach 9 • 7Th October 2016 • Authenticated Blockchain address used:
agh2e2tt2eet22eee2ty5ee4r54te54te454te • This is the correct purchased Geoloc • The traveller is European and over 18 yrs • Police forces time-limited controlled (not readable after 6 months)
22 22
Integrated control
by Travel
Assistant
Blockchain
CARRIER CONTROL SYSTEM
Blockchain Scan QR
• Self checking on THALYS 9993 Seat 45 – Coach 9 • 7Th October 2016 • Authenticated Blockchain address used :
agh2e2tt2eet22eee2ty5ee4r54te54te454te • This is the correct purchased Geoloc • The traveller is European and over 18 yrs • Police forces time-limited controlled (not readable after 6 months)