Upgrade to Pro — share decks privately, control downloads, hide ads and more …

GDPR Lightning Talk for CloudCamp London

Adrian Colyer
February 23, 2017

GDPR Lightning Talk for CloudCamp London

Adrian Colyer

February 23, 2017

More Decks by Adrian Colyer

Other Decks in Technology


  1. May 2018 Icon made by EpicCoders from www.flaticon.com Fines €20M

    or 4% of revenue, Whichever is the higher.
  2. Not just European companies. Anyone dealing with European Citizens, or

    person data collected in Europe. Think customers, employees. - Safe Harbor ✗ - Privacy Shield ? - BCRs ! Icon made by FreePik from www.flaticon.com
  3. You can’t pass the buck! You’re still liable for the

    actions of any 3rd party data processors selected. Tell me about all those SaaS services you use…?
  4. Spirit of the Law Make companies take protecting your personal

    data seriously End “Surveillance Capitalism” Icons made by FreePik from www.flaticon.com
  5. Protection •“appropriate technical measures for data protection, taking into account

    the state-of-the-art.” •“secure against loss, misuse, unauthorized access, disclosure, alteration, or destruction” JURISDICTION ENCRYPTION PREVENTION ACCESS CONTROL Icon made by FreePik from www.flaticon.com
  6. Collection & Consent •Minimum data •For a Specific Purpose •With

    clear Explicit consent No dreaming up new uses outside of consent No Exploratory analysis? Consent metadata Provenance Joins & dataflows! Icons made by FreePik from www.flaticon.com
  7. Right to Access – you have one month Data Discovery

    • Your own data centers • Public cloud • Third-party services • End-user devices • GOODS, Ground! Right to portability Icons made by FreePik and MadebyOliver from www.flaticon.com
  8. Profiling – here be dragons “Analyzing or predicting anything relating

    to a person” • Explicit consent at point of data collection • Profiling logic explained • Envisaged consequences Use of sensitive data expressively forbidden. Icon made by FreePik from www.flaticon.com
  9. Right to an Explanation Easily understandable explanation of the result

    of (E.g.,) your classifier. • Model selection implications? Must be able to override decision Icon made by EpicCoders from www.flaticon.com
  10. Explanations require provenance • And that’s a research problem •

    Databases • Dataflows • Online models… Why should I trust you? Explaining the predictions of any classifier Explaining outputs in modern analytics
  11. Non-discrimination Icon made by OCHA from www.flaticon.com Harder than you

    think. Uncertainty bias, Latent variables European Union regulations on algorithmic decision making and a “right to explanation”
  12. Right to be forgotten • Provenance requirements may favour event

    sourcing, but the right to be forgotten doesn’t!