GDPR Lightning Talk for CloudCamp London

Transcript

1. General Data Protection Regulation “the law you’re probably not prepared

   for” @adriancolyer

2. May 2018 Icon made by EpicCoders from www.flaticon.com Fines €20M

   or 4% of revenue, Whichever is the higher.

3. Not just European companies. Anyone dealing with European Citizens, or

   person data collected in Europe. Think customers, employees. - Safe Harbor ✗ - Privacy Shield ? - BCRs ! Icon made by FreePik from www.flaticon.com

4. You can’t pass the buck! You’re still liable for the

   actions of any 3rd party data processors selected. Tell me about all those SaaS services you use…?

5. Spirit of the Law Make companies take protecting your personal

   data seriously End “Surveillance Capitalism” Icons made by FreePik from www.flaticon.com

6. Personal Data cookies IP addresses Article 29 WG Sensitive Personal

   Data Identified or Identifiable

7. Protection •“appropriate technical measures for data protection, taking into account

   the state-of-the-art.” •“secure against loss, misuse, unauthorized access, disclosure, alteration, or destruction” JURISDICTION ENCRYPTION PREVENTION ACCESS CONTROL Icon made by FreePik from www.flaticon.com

8. Collection & Consent •Minimum data •For a Specific Purpose •With

   clear Explicit consent No dreaming up new uses outside of consent No Exploratory analysis? Consent metadata Provenance Joins & dataflows! Icons made by FreePik from www.flaticon.com

9. Right to Access – you have one month Data Discovery

   • Your own data centers • Public cloud • Third-party services • End-user devices • GOODS, Ground! Right to portability Icons made by FreePik and MadebyOliver from www.flaticon.com

10. Profiling – here be dragons “Analyzing or predicting anything relating

    to a person” • Explicit consent at point of data collection • Profiling logic explained • Envisaged consequences Use of sensitive data expressively forbidden. Icon made by FreePik from www.flaticon.com

11. Right to an Explanation Easily understandable explanation of the result

    of (E.g.,) your classifier. • Model selection implications? Must be able to override decision Icon made by EpicCoders from www.flaticon.com

12. Explanations require provenance • And that’s a research problem •

    Databases • Dataflows • Online models… Why should I trust you? Explaining the predictions of any classifier Explaining outputs in modern analytics

13. Model behaviour not always intuitive

14. Non-discrimination Icon made by OCHA from www.flaticon.com Harder than you

    think. Uncertainty bias, Latent variables European Union regulations on algorithmic decision making and a “right to explanation”

15. Adversarial networks to the rescue???

16. Right to be forgotten • Provenance requirements may favour event

    sourcing, but the right to be forgotten doesn’t!

17. General Data Protection Regulation “the law you’re probably not prepared

    for”