Managing Consent in Workflows under GDPR

Transcript

1. Managing Consent in Workflows under GDPR ‣Slides at https://irem.dev Saliha

   Irem BESIK [email protected] Supervisor: Prof. Johann-Christoph Freytag, Ph.D. @irembesik

2. G E N E R A L D ATA P

   R O T E C T I O N R E G U L AT I O N S.I. Besik, Managing Consent in Workflows under GDPR, February 20, ’20 / 21 2 ✦ data protection regulation for all individuals within European Union ✦ since 25 May 2018 ‣ Organizations processing personal data must comply with GDPR! ‣ Protection: Protect personal data Goals ‣ Control: Give data subjects control over personal data personal data: any information relating to an identifiable natural person (‘data subject’)

3. ‣ Processing of personal data must have lawful basis Consent

   GDPR Article 6 - Lawfulness of processing Vital Interest Contract Public Interest Legitimate Interest Legal obligation S.I. Besik, Managing Consent in Workflows under GDPR, February 20, ’20 / 21 3

4. ‣ Processing of personal data must have lawful basis Consent

   GDPR Article 6 - Lawfulness of processing Processing shall be lawful […] if data subject has given consent to the processing of his personal data for one or more specific purposes Contract purpose: the reason for which personal data is processed (e.g. marketing, treatment etc.) Legal obligation Vital Interest Public Interest Legitimate Interest S.I. Besik, Managing Consent in Workflows under GDPR, February 20, ’20 / 21 3

5. C O N S E N T & R E

   V O C AT I O N U N D E R G D P R ”any freely given, specific, informed and unambiguous […] clear affirmative action” by a data subject agrees to the processing of his / her personal data GDPR Article 4 §11 - Definitions S.I. Besik, Managing Consent in Workflows under GDPR, February 20, ’20 / 21 4 Valid Consent

6. C O N S E N T & R E

   V O C AT I O N U N D E R G D P R ”any freely given, specific, informed and unambiguous […] clear affirmative action” by a data subject agrees to the processing of his / her personal data GDPR Article 4 §11 - Definitions GDPR Article 7 § 3 - Conditions for consent The data subject have right to withdraw his / her consent at any time S.I. Besik, Managing Consent in Workflows under GDPR, February 20, ’20 / 21 4 Valid Consent Revocation

7. O U T L I N E Motivation: Privacy by

   Design via Workflows Research Problem Summary § Outlook Approach Foundation S.I. Besik, Managing Consent in Workflows under GDPR, February 20, ’20 / 21 5

8. O U T L I N E Research Problem Approach

   Summary § Outlook Foundation Motivation: Privacy by Design via Workflows S.I. Besik, Managing Consent in Workflows under GDPR, February 20, ’20 / 21 5

9. GDPR says: Consider privacy at design phase… Good News: Workflows

   might help! M O T I VAT I O N : P R I VA C Y B Y D E S I G N A Workflow includes a series of tasks to achieve a goal ‣ also how tasks are performed, in what order, and by whom S.I. Besik, Managing Consent in Workflows under GDPR, February 20, ’20 / 21 6

10. Workflow (Model) ≈ Business Process Modeling Notation (BPMN) Model P

    R I VA C Y B Y D E S I G N V I A W O R K F L O W S Da a S e Da a Objec Te A a P La e Ta S a E e E d E e E c e Ga e a I c e Ga e a Pa a e Ga e a Se e ce F Me a e F Da a A c a A c a BPMN Core Elements S.I. Besik, Managing Consent in Workflows under GDPR, February 20, ’20 / 21 7

11. R E S E A R C H P R

    O B L E M privacy-aware? handles consent & revocation? S.I. Besik, Managing Consent in Workflows under GDPR, February 20, ’20 / 21 8

12. R E S E A R C H P R

    O B L E M privacy-aware? How to handle revocation? How to handle consent? handles consent & revocation? S.I. Besik, Managing Consent in Workflows under GDPR, February 20, ’20 / 21 8

13. R E S E A R C H P R

    O B L E M privacy-aware? How to handle revocation? How to handle consent? handles consent & revocation? Approach: Design Patterns S.I. Besik, Managing Consent in Workflows under GDPR, February 20, ’20 / 21 8

14. O U T L I N E Motivation Research Problem

    Summary § Outlook Approach Foundation Data-Aware Workflow Consent Policy Consent Form S.I. Besik, Managing Consent in Workflows under GDPR, February 20, ’20 / 21 9

15. Which sources needed to handle consent ? F O U

    N D AT I O N S.I. Besik, Managing Consent in Workflows under GDPR, February 20, ’20 / 21 10

16. Which sources needed to handle consent ? 1- Data-Aware Workflow

    Which purposes require consent to be lawful 2- Consent Policy Which data attributes are (potentially) used for which purpose in the Workflow F O U N D AT I O N Which information should be given to data subject for a valid consent 3- Consent Form S.I. Besik, Managing Consent in Workflows under GDPR, February 20, ’20 / 21 10

17. BPMN Core Elements Da a S e Da a Objec

    Te A a P La e Ta S a E e E d E e E c e Ga e a I c e Ga e a Pa a e Ga e a Se e ce F Me a e F Da a A c a A c a Workflow S.I. Besik, Managing Consent in Workflows under GDPR, February 20, ’20 / 21 11

18. + Data-Aware Workflow BPMN Core Elements Da a S e

    Da a Objec Te A a P La e Ta S a E e E d E e E c e Ga e a I c e Ga e a Pa a e Ga e a Se e ce F Me a e F Da a A c a A c a Workflow S.I. Besik, Managing Consent in Workflows under GDPR, February 20, ’20 / 21 11

19. + Data-Aware Workflow BPMN Core Elements Da a S e

    Da a Objec Te A a P La e Ta S a E e E d E e E c e Ga e a I c e Ga e a Pa a e Ga e a Se e ce F Me a e F Da a A c a A c a Workflow * Different types of Data Handling in BPMN are stated in [1] [1] Besik, Saliha Irem, and Johann-Christoph Freytag. "Ontology-Based Privacy Compliance Checking for Clinical Workflows." Data Annotation S.I. Besik, Managing Consent in Workflows under GDPR, February 20, ’20 / 21 11

20. C O N S E N T P O L

    I C Y • the modality of data processing, obligatory or voluntary (requires consent) S.I. Besik, Managing Consent in Workflows under GDPR, February 20, ’20 / 21 12

21. pc = (purpose, requiresConsent) •purpose is the reason for which

    data is accessed; •requiresConsent ∈ {true, false} C O N S E N T P O L I C Y • the modality of data processing, obligatory or voluntary (requires consent) S.I. Besik, Managing Consent in Workflows under GDPR, February 20, ’20 / 21 12

22. pc = (purpose, requiresConsent) •purpose is the reason for which

    data is accessed; •requiresConsent ∈ {true, false} P1: An explicit consent is required for newborn hearing screening. Example: C O N S E N T P O L I C Y • the modality of data processing, obligatory or voluntary (requires consent) S.I. Besik, Managing Consent in Workflows under GDPR, February 20, ’20 / 21 12

23. pc = (purpose, requiresConsent) •purpose is the reason for which

    data is accessed; •requiresConsent ∈ {true, false} P1: An explicit consent is required for newborn hearing screening. Example: C O N S E N T P O L I C Y • the modality of data processing, obligatory or voluntary (requires consent) S.I. Besik, Managing Consent in Workflows under GDPR, February 20, ’20 / 21 12

24. pc = (purpose, requiresConsent) •purpose is the reason for which

    data is accessed; •requiresConsent ∈ {true, false} (newborn-hearing-screening, true) P1: An explicit consent is required for newborn hearing screening. Example: C O N S E N T P O L I C Y • the modality of data processing, obligatory or voluntary (requires consent) S.I. Besik, Managing Consent in Workflows under GDPR, February 20, ’20 / 21 12

25. C O N S E N T F O R

    M ”any freely given, specific, informed and unambiguous […] clear affirmative action” S.I. Besik, Managing Consent in Workflows under GDPR, February 20, ’20 / 21 13

26. C O N S E N T F O R

    M ”any freely given, specific, informed and unambiguous […] clear affirmative action” S.I. Besik, Managing Consent in Workflows under GDPR, February 20, ’20 / 21 13

27. C O N S E N T F O R

    M Valid consent ”any freely given, specific, informed and unambiguous […] clear affirmative action” S.I. Besik, Managing Consent in Workflows under GDPR, February 20, ’20 / 21 13 Data Controller: natural person who determines the purposes and means of the processing Data Controller Purpose

28. C O N S E N T F O R

    M Valid consent ”any freely given, specific, informed and unambiguous […] clear affirmative action” S.I. Besik, Managing Consent in Workflows under GDPR, February 20, ’20 / 21 13 We, as Hospital X, use your personal data for newborn hearing screening. Example: Data Controller: natural person who determines the purposes and means of the processing Data Controller Purpose

29. C O N S E N T F O R

    M Valid consent ”any freely given, specific, informed and unambiguous […] clear affirmative action” S.I. Besik, Managing Consent in Workflows under GDPR, February 20, ’20 / 21 13 We, as Hospital X, use your personal data for newborn hearing screening. Example: Data Controller: natural person who determines the purposes and means of the processing Hospital X newborn hearing screening Data Controller Purpose

30. C O N S E N T F O R

    M Valid consent When multiple purposes, consent should be given for all! ”any freely given, specific, informed and unambiguous […] clear affirmative action” S.I. Besik, Managing Consent in Workflows under GDPR, February 20, ’20 / 21 13 We, as Hospital X, use your personal data for newborn hearing screening. Example: Data Controller: natural person who determines the purposes and means of the processing Hospital X newborn hearing screening Data Controller Purpose Separate / Aggregated Consent Forms

31. O U T L I N E Motivation Research Problem

    Approach Consent Pattern Summary § Outlook Foundation Examples Revocation Pattern S.I. Besik, Managing Consent in Workflows under GDPR, February 20, ’20 / 21 14

32. How to handle consent? Policy: purpose requires consent Consent Pattern

    S.I. Besik, Managing Consent in Workflows under GDPR, February 20, ’20 / 21 15

33. How to handle consent? Policy: purpose requires consent Consent Pattern

    S.I. Besik, Managing Consent in Workflows under GDPR, February 20, ’20 / 21 15

34. How to handle consent? Policy: purpose requires consent Consent Form

    Data Controller Purpose Data Subject Consent Pattern requested S.I. Besik, Managing Consent in Workflows under GDPR, February 20, ’20 / 21 15

35. How to handle consent? Policy: purpose requires consent Consent Form

    Data Controller Purpose Data Subject Consent Pattern received S.I. Besik, Managing Consent in Workflows under GDPR, February 20, ’20 / 21 15

36. How to handle revocation? Revocation Pattern S.I. Besik, Managing Consent

    in Workflows under GDPR, February 20, ’20 / 21 16

37. How to handle revocation? Revocation Pattern S.I. Besik, Managing Consent

    in Workflows under GDPR, February 20, ’20 / 21 16

38. E X A M P L E # 1 -

    A G G R E G AT E D C O N S E N T Policy: purposeB & purposeC require consent S.I. Besik, Managing Consent in Workflows under GDPR, February 20, ’20 / 21 17

39. E X A M P L E # 1 -

    A G G R E G AT E D C O N S E N T “Potential” Issue: Consent is obtained yet never used Policy: purposeB & purposeC require consent S.I. Besik, Managing Consent in Workflows under GDPR, February 20, ’20 / 21 17 when to ask consent?

40. E X A M P L E # 1 -

    A G G R E G AT E D C O N S E N T Policy: purposeB & purposeC require consent S.I. Besik, Managing Consent in Workflows under GDPR, February 20, ’20 / 21 17 when to ask consent? Strategy: ask it just before data operation to minimize this risk

41. E X A M P L E # 1 -

    A G G R E G AT E D C O N S E N T Policy: purposeB & purposeC require consent S.I. Besik, Managing Consent in Workflows under GDPR, February 20, ’20 / 21 17

42. E X A M P L E # 1 -

    A G G R E G AT E D C O N S E N T Policy: purposeB & purposeC require consent Aggregated Consent Form Consent Form Data Controller Purpose: Data Subject purposeB purposeC S.I. Besik, Managing Consent in Workflows under GDPR, February 20, ’20 / 21 17

43. E X A M P L E # 2 -

    S E PA R AT E C O N S E N T Policy: pA & pB require consent S.I. Besik, Managing Consent in Workflows under GDPR, February 20, ’20 / 21 18 Aggregated vs Separate Consent Form?

44. E X A M P L E # 2 -

    S E PA R AT E C O N S E N T Policy: pA & pB require consent S.I. Besik, Managing Consent in Workflows under GDPR, February 20, ’20 / 21 18 Aggregated vs Separate Consent Form? “Potential” Issue: Consent is obtained yet never used

45. E X A M P L E # 2 -

    S E PA R AT E C O N S E N T Policy: pA & pB require consent S.I. Besik, Managing Consent in Workflows under GDPR, February 20, ’20 / 21 18

46. E X A M P L E # 2 -

    S E PA R AT E C O N S E N T Policy: pA & pB require consent S.I. Besik, Managing Consent in Workflows under GDPR, February 20, ’20 / 21 18 Consent Form Purpose pA

47. E X A M P L E # 2 -

    S E PA R AT E C O N S E N T Policy: pA & pB require consent S.I. Besik, Managing Consent in Workflows under GDPR, February 20, ’20 / 21 18 Consent Form Purpose pB

48. E X A M P L E # 3 -

    R E V O C AT I O N S.I. Besik, Managing Consent in Workflows under GDPR, February 20, ’20 / 21 19 Policy: pA & pB require consent

49. E X A M P L E # 3 -

    R E V O C AT I O N S.I. Besik, Managing Consent in Workflows under GDPR, February 20, ’20 / 21 19

50. E X A M P L E # 3 -

    R E V O C AT I O N Collapsed Sub-Process S.I. Besik, Managing Consent in Workflows under GDPR, February 20, ’20 / 21 19 increases readability

51. S U M M A RY ‣ Organizations processing personal

    data must consider consent & revocation ‣ Privacy-by-design via workflows privacy-aware? S.I. Besik, Managing Consent in Workflows under GDPR, February 20, ’20 / 21 20 ‣What are needed to handle consent in workflows? ‣Data-Aware Workflow Consent Policy Consent Form

52. O U T L O O K ๏ Analysis of

    the optimality of the design patterns ๏ Automatic transformation S.I. Besik, Managing Consent in Workflows under GDPR, February 20, ’20 / 21 21 ‣ Approach: Design Patterns ‣ Consent Pattern ‣ Revocation Pattern

53. O U T L O O K ๏ Analysis of

    the optimality of the design patterns ๏ Automatic transformation Thank you!!! S.I. Besik, Managing Consent in Workflows under GDPR, February 20, ’20 / 21 21 ‣ Approach: Design Patterns ‣ Consent Pattern ‣ Revocation Pattern