Upgrade to Pro — share decks privately, control downloads, hide ads and more …

GDPR Lightning Talk for CloudCamp London

Adrian Colyer
February 23, 2017

GDPR Lightning Talk for CloudCamp London

Adrian Colyer

February 23, 2017
Tweet

More Decks by Adrian Colyer

Other Decks in Technology

Transcript

  1. General Data Protection
    Regulation
    “the law you’re probably not prepared for”
    @adriancolyer

    View full-size slide

  2. May 2018
    Icon made by EpicCoders from www.flaticon.com
    Fines €20M or 4% of revenue,
    Whichever is the higher.

    View full-size slide

  3. Not just European companies.
    Anyone dealing with European Citizens, or
    person data collected in Europe.
    Think customers, employees.
    - Safe Harbor ✗
    - Privacy Shield ?
    - BCRs !
    Icon made by FreePik from www.flaticon.com

    View full-size slide

  4. You can’t pass the buck!
    You’re still liable for the actions of any 3rd party data
    processors selected.
    Tell me about all those SaaS services you use…?

    View full-size slide

  5. Spirit of the Law
    Make companies take protecting your
    personal data seriously
    End “Surveillance Capitalism”
    Icons made by FreePik from www.flaticon.com

    View full-size slide

  6. Personal Data
    cookies
    IP
    addresses
    Article 29 WG
    Sensitive Personal
    Data
    Identified or Identifiable

    View full-size slide

  7. Protection
    •“appropriate technical measures for data protection,
    taking into account the state-of-the-art.”
    •“secure against loss, misuse, unauthorized access,
    disclosure, alteration, or destruction”
    JURISDICTION ENCRYPTION PREVENTION ACCESS CONTROL
    Icon made by FreePik from www.flaticon.com

    View full-size slide

  8. Collection & Consent
    •Minimum data
    •For a Specific Purpose
    •With clear Explicit consent
    No dreaming up new uses
    outside of consent
    No Exploratory analysis?
    Consent metadata
    Provenance
    Joins & dataflows!
    Icons made by FreePik from www.flaticon.com

    View full-size slide

  9. Right to Access – you have one month
    Data Discovery
    • Your own data centers
    • Public cloud
    • Third-party services
    • End-user devices
    • GOODS, Ground!
    Right to
    portability
    Icons made by FreePik and MadebyOliver from www.flaticon.com

    View full-size slide

  10. Profiling – here be dragons
    “Analyzing or predicting anything relating to a
    person”
    • Explicit consent at point of data collection
    • Profiling logic explained
    • Envisaged consequences
    Use of sensitive data expressively forbidden.
    Icon made by FreePik from www.flaticon.com

    View full-size slide

  11. Right to an Explanation
    Easily understandable explanation of the
    result of (E.g.,) your classifier.
    • Model selection implications?
    Must be able to override decision
    Icon made by EpicCoders from www.flaticon.com

    View full-size slide

  12. Explanations require provenance
    • And that’s a research problem
    • Databases
    • Dataflows
    • Online models…
    Why should I trust you? Explaining
    the predictions of any classifier
    Explaining outputs in modern analytics

    View full-size slide

  13. Model behaviour not always intuitive

    View full-size slide

  14. Non-discrimination
    Icon made by OCHA from www.flaticon.com
    Harder than you think.
    Uncertainty bias,
    Latent variables
    European Union regulations on algorithmic decision making
    and a “right to explanation”

    View full-size slide

  15. Adversarial networks to the rescue???

    View full-size slide

  16. Right to be forgotten
    • Provenance requirements may favour event sourcing, but the right to
    be forgotten doesn’t!

    View full-size slide

  17. General Data Protection
    Regulation
    “the law you’re probably not prepared for”

    View full-size slide