Save 37% off PRO during our Black Friday Sale! »

GDPR Lightning Talk for CloudCamp London

6fb292826ed5ca167629b80525873651?s=47 Adrian Colyer
February 23, 2017

GDPR Lightning Talk for CloudCamp London


Adrian Colyer

February 23, 2017


  1. General Data Protection Regulation “the law you’re probably not prepared

    for” @adriancolyer
  2. May 2018 Icon made by EpicCoders from Fines €20M

    or 4% of revenue, Whichever is the higher.
  3. Not just European companies. Anyone dealing with European Citizens, or

    person data collected in Europe. Think customers, employees. - Safe Harbor ✗ - Privacy Shield ? - BCRs ! Icon made by FreePik from
  4. You can’t pass the buck! You’re still liable for the

    actions of any 3rd party data processors selected. Tell me about all those SaaS services you use…?
  5. Spirit of the Law Make companies take protecting your personal

    data seriously End “Surveillance Capitalism” Icons made by FreePik from
  6. Personal Data cookies IP addresses Article 29 WG Sensitive Personal

    Data Identified or Identifiable
  7. Protection •“appropriate technical measures for data protection, taking into account

    the state-of-the-art.” •“secure against loss, misuse, unauthorized access, disclosure, alteration, or destruction” JURISDICTION ENCRYPTION PREVENTION ACCESS CONTROL Icon made by FreePik from
  8. Collection & Consent •Minimum data •For a Specific Purpose •With

    clear Explicit consent No dreaming up new uses outside of consent No Exploratory analysis? Consent metadata Provenance Joins & dataflows! Icons made by FreePik from
  9. Right to Access – you have one month Data Discovery

    • Your own data centers • Public cloud • Third-party services • End-user devices • GOODS, Ground! Right to portability Icons made by FreePik and MadebyOliver from
  10. Profiling – here be dragons “Analyzing or predicting anything relating

    to a person” • Explicit consent at point of data collection • Profiling logic explained • Envisaged consequences Use of sensitive data expressively forbidden. Icon made by FreePik from
  11. Right to an Explanation Easily understandable explanation of the result

    of (E.g.,) your classifier. • Model selection implications? Must be able to override decision Icon made by EpicCoders from
  12. Explanations require provenance • And that’s a research problem •

    Databases • Dataflows • Online models… Why should I trust you? Explaining the predictions of any classifier Explaining outputs in modern analytics
  13. Model behaviour not always intuitive

  14. Non-discrimination Icon made by OCHA from Harder than you

    think. Uncertainty bias, Latent variables European Union regulations on algorithmic decision making and a “right to explanation”
  15. Adversarial networks to the rescue???

  16. Right to be forgotten • Provenance requirements may favour event

    sourcing, but the right to be forgotten doesn’t!
  17. General Data Protection Regulation “the law you’re probably not prepared