Part 5: Panel Session – Risk Management of Identity Management ; International audience ; This position paper introduces the approach of privacy protection goals for risk analysis in identity management. It pleads for taking into account external factors such as the data collection via other applications or upcoming legal legislation.
Part 8: Privacy for eHealth and eID Applications ; International audience ; Protection goals such as confidentiality, integrity and availability have proved to be successful in evaluating information security risks and choosing appropriate safeguards. The recently developed privacy-specific protection goals unlinkability, transparency and intervenability complement these classic goals and thereby provide cornerstones to define requirements concerning information security as well as privacy and to assess solutions. This text focuses on the application of the three new protection goals to eID systems such as government-issued electronic identity cards in different settings.
In diesem Open-Access-Sammelband werden die aktuelle Herausforderungen für Privatheit und Datenschutz aufgezeigt, die durch die zunehmende Digitalisierung entstehen. Die Beitragsautoren analysieren, wie diese durch Governancemechanismen adressiert werden können. Als Alternative zu einem rein profitorientierten Digitalkapitalismus bzw. Digitalautoritarismus wird für einen eigenständigen europäischen Weg beim Datenschutz argumentiert, der auf eine gemeinwohlorientierte Technikentwicklung abzielt. Insbesondere befassen sich die Beiträge mit den Möglichkeiten für die Stärkung der Selbstbestimmung in der Datenökonomie und mit algorithmischen Entscheidungssystemen.
Part 5: Safeguarding Personal Data and Mitigating Risks ; International audience ; This workshop introduced participants to the process of Data Protection Impact Assessment. This new tool of the GDPR is highly relevant for any processing of personal data, as it helps to structure the process, be aware of data protection issues and the relevant legislation and implement proper safeguards to protect data subjects. For processing operations posing a high risk for data subjects, a DPIA is mandatory from May 2018. The interactive workshop provided a framework for DPIA and guidance on specific questions such as when a high risk is likely to occur or how specific risks can be evaluated, which was assessed by participants in an interactive session with two different scenarios.
The concept of consent is a central pillar of data protection. It features prominently in research, regulation, and public debates on the subject, in spite of the wide-ranging criticisms that have been levelled against it. In this paper, I refer to this as the consent paradox. I argue that consent continues to play a central role not despite but because the criticisms of it. I analyze the debate on consent in the scholarly literature in general, and among German data protection professionals in particular, showing that it is a focus on the informed individual that keeps the concept of consent in place. Critiques of consent based on the notion of "informedness" reinforce the centrality of consent rather than calling it into question. They allude to a market view that foregrounds individual choice. Yet, the idea of a data market obscures more fundamental objections to consent, namely the individual's dependency on data controllers' services that renders the assumption of free choice a fiction.