Pbd
Welcome Guest Login | RegisterAnn Cavoukian, Ph.D.
Information & Privacy Commissioner
Ontario, Canada
What people are saying
-
A privacy by design approach can be mandated (or otherwise encouraged)
... read more
- Dagstuhl Perspectives Workshop: Online Privacy: Towards Informational Self-Determination on the Internet, "Manifesto from Dagstuhl Perspectives Workshop," June 2011. Edited by Simone Fischer-Hübner, Chris Hoofnagle, Ioannis Krontiris, Kai Rannenberg, and Michael Waidner
-
The end structure of the new systems was very strongly informed by the PbD
... read more
- Robert Cook: Chief Information Officer, University of Toronto
-
As a PbD Ambassador, I’m a fervent supporter of its Principles and
... read more
- Claudiu Popa: Founder and Principal Risk Advisor, Informatica Corporation
-
Congratulations to you (on the PbD Resolution)! You are such a tremendous
... read more
- Dr. Ilse Treurnicht: CEO of the MaRS Discovery District
-
I want to congratulate you on the incredible achievement of what I would call
... read more
- Terry McQuay: President, Nymity Inc.
-
Privacy By Design is a set of seven high-level concepts, created by
... read more
- National Institute of Standards and Technology: The Smart Grid Interoperability Panel–Cyber Security Working Group, "Guidelines for Smart Grid Cyber Security: Vol. 2, Privacy and the Smart Grid," August 2010.
-
Intel views Privacy by Design as a necessary component of our accountability
... read more
- David A. Hoffman: Director of Security Policy and Global Privacy Officer, Intel Corporation.
-
A long-time advocate of privacy technologies, Ann coined the term Privacy by
... read more
- Dr. Stefan Brands: Principal Architect, Identity & Security Division, Microsoft Corporation.
-
Ann Cavoukian is a rare breed — a government official working with privacy
... read more
- Jared Kaprove:
-
“This is amazing. Every time I see something like this, it makes me sad that
... read more
- Christopher Soghoian: Berkman Centre for Internet & Society, Harvard University
Join Our Mailing List
RFID PIA
The EU RFID Privacy and Data Protection Impact Assessment (PIA) Framework is a landmark Privacy by Design document that proactively addresses concerns about ubiquitous embedded RFID tags in the emerging “Internet of Things” in a positive-sum, win-win manner. The Framework is notable for being one of the world’s first sectoral PIA guidance documents developed by industry and, upon implementation, will be recognized by EU regulatory authorities as evidence of compliance with EU privacy law, with global reach.
EU Press Release on occasion of signing ceremony with industry, civil society. Apr 6, 2011.
EABC Welcomes EU RFID PIA Framework
GS1 welcomes European Commission endorsement of new industry privacy framework
Statement of Gerald Santucci on RFID PIA and the Digital Agenda. Apr 8, 2011.
ARTICLE 29 DATA PROTECTION WORKING PARTY
00327/11/EN | WP 180
Opinion 9/2011 on the revised Industry Proposal for a Privacy and Data Protection Impact Assessment Framework for RFID Applications
Adopted on Feb 11, 2011
Specific Citation: Page 7 (of the pdf document)
3 Conclusion
The Working Party endorses the Revised Framework submitted on January 12, 2011. This framework shall take effect no later than 6 months after the publication of this opinion. A PIA is a tool designed to promote “privacy by design“, better information to individuals as well as transparency and dialogue with competent authorities. Consequently, since some RFID Applications will be implemented in several member states, it is important that PIA reports are translated and made available to competent authorities in their national language.
Jan 12, 2011
Privacy and Data Protection Impact Assessment Framework for RFID Applications
Specific citation (page 3 of pdf document): The benefits of conducting PIAs for RFID Applications are numerous. These include helping the RFID Application Operator:
• | to establish and maintain compliance with privacy and data protection laws and regulations; |
• | to manage risks to its organisation and to users of the RFID Application (both privacy and data protection compliance-related and from the standpoint of public perception and consumer confidence); and |
• | to provide public benefits of RFID Applications while evaluating the success of privacy by design efforts at the early stages of the specification or development process. |
Coverage:
EU Commission publishes voluntary guidelines on RFID and privacy
OUT-LAW News, Apr 7, 2011
http://out-law.com/page-11856
ARTICLE 29 DATA PROTECTION WORKING PARTY
00066/10/EN | WP 175
Opinion 5/2010 on the Industry Proposal for a Privacy and Data Protection Impact Assessment Framework for RFID Applications
Adopted on July 13, 2010
Specific Citation:
1.3 Objectives of the PIA framework
With the RFID Recommendation, the European Commission created a PIA process that aims to achieve
several benefits:
• | First, a PIA should favour “Privacy by Design” by helping data controllers to address privacy and data protection before a product or service is deployed. (p. 5) |
While the PIA Framework envisioned in the Recommendation is intended to promote “Security and privacy by design” by targeting RFID Applications before their deployment, there are already many existing deployed RFID Applications. (p. 6)
The Framework should also provide RFID operators with guidance regarding the most appropriate time and conditions to conduct a PIA in the development cycle of a RFID product, in order to truly encourage “security and privacy by design” as supported by the Recommendation. (p. 10)
COMMISSION OF THE EUROPEAN COMMUNITIES
Brussels, May 12, 2009 | C(2009) 3200 final
COMMISSION RECOMMENDATION of May 12, 2009 on the implementation of privacy and data protection principles in applications supported by radio-frequency identification
{SEC(2009) 585} {SEC(2009) 586}
Specific Citation:
(6) Because of its potential to be both ubiquitous and practically invisible, particular attention to privacy and data protection issues is required in the deployment of RFID. Consequently, privacy and information security features should be built into RFID applications before their widespread use (principle of ‘security and privacy-by-design’ ). (p. 4)
Research and Development 17. Member States should cooperate with industry, relevant civil society stakeholders and the Commission to stimulate and support the introduction of the ‘security and privacy by design’ principle at an early stage in the development of RFID applications. (p.9)
OPINION OF THE EUROPEAN DATA PROTECTION SUPERVISOR
Opinion of the European Data Protection Supervisor on the communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions on ‘Radio Frequency Identification (RFID) in Europe: steps towards a policy framework’ COM(2007) 96
(2008/C 101/01)
Specific Citation(s):
42. Furthermore, the guidelines should propose practical and efficient methods for developing techniques and standards which could contribute to the RFID systems‘ compliance with the data protection legal framework and which will entail the use of ‘privacy by design’ technology. (p. 6)
The need for ‘privacy by design’
54. Standards can also play a decisive role in the early adoption of the privacy-by-design principle. (p. 7)
55. Furthermore, the EDPS welcomes the position adopted by the Commission regarding research and development of RFID technologies and the need to mitigate privacy risks. Indeed, the privacy-by-design principle needs to be introduced at the earliest stage of the development of technologies which will better contribute to their compliance with the data protection legal framework. (p.8)
60. These provisions give the legislator — on the national and on the Community level — the power to prescribe that privacy and data protection safeguards must be included in the manufacturing of RFID systems, a concept that is known as ‘privacy by design‘ (p.8)
61. In order to make the use of the concept of ‘privacy by design’ compulsory, the EDPS recommends that the
Commission uses the mechanism of Article 3(3)(c) of Directive 1999/5/EC, in consultation with the RFID Expert Group. (p.8)
64. The Communication (4) emphasizes the importance of security and privacy-by-design. It also requires involvement of all stakeholders. (p.8)
76. Such measures should in any event:… ensure the mandatory deployment of RFID applications with the appropriate technical features or ‘privacy by design’. (p. 10)
88. The guidance setting out the principles that apply in respect of RFID usage should be sufficiently focused and adopt a sector specific approach. It should propose practical and efficient methods for developing techniques and standards which could contribute to the RFID systems’ compliance with the data protection legal framework and which will entail the use of ‘privacy by design’ technology. (p. 11)
89. The EDPS welcomes the approach in the Commission’ Communication to endorse the idea of the specification and adoption of early design criteria. (p. 11)
91. In order to make the use of the concept of ‘privacy by design’ compulsory, the EDPS recommends that the Commission uses the mechanism of Article 3(3)(c) of Directive 1999/5/EC, in consultation with the RFID Expert Group. (p. 11)
94. The intervention of the legislator could provide for a tailor made legal framework, which consists of a mix of regulatory tools which specify and complement the existing legal framework. Measures should in any event: … ensure the mandatory deployment of RFID applications with the appropriate technical features or ‘privacy by design’. (p. 12)
Done at Brussels, 20 December 2007.
-
User Login
-
PbD on Twitter
-
- August 2nd, 2012
- embedprivacy: In Commissioner's Corner @cavoukian explains the importance of encrypting data & putting privacy policies into practice http://t.co/Lq3cAgVd
-
- July 27th, 2012
- embedprivacy: Why should you care about your privacy? Find out the answer in @cavoukian's newest Commissioner's Corner. http://t.co/L8skqojc
-
- July 24th, 2012
- embedprivacy: Congratulations to the newly appointed Privacy by Design Ambassador Sharon Polsky from Amina Corp! http://t.co/krzyLg3y
-
- July 24th, 2012
- embedprivacy: Priv.ly creator, Sean McGregor, has been designated a #PrivacybyDesign (PbD) Ambassador - Check it out: http://t.co/dsGhuQVb
-
- July 24th, 2012
- embedprivacy: Congratulations to the newly appointed #PrivacybyDesign (PbD) Ambassador Chris Houston, Founder and CEO of SurfEasy! http://t.co/maA8QQAE
-
- July 23rd, 2012
- embedprivacy: RT @am740: GFB Podcast: @dalegoldhawk talks to Ann @cavoukian about the privacy breach at Elections Ontario. http://t.co/VP2NjWFa
-
- July 23rd, 2012
- embedprivacy: In this Commissioner's Corner, @Cavoukian talks about cybersecurity legislation in Canada, US & UK: http://t.co/BDQSKxIH #C30 #CISPA #CCDP
-
- July 23rd, 2012
- embedprivacy: In this episode of Commissioner's Corner, @cavoukian discusses the public's expectations of #privacy with cell phones http://t.co/MZweewaA
-
- July 20th, 2012
- embedprivacy: RT @am740: GFB Podcast: @dalegoldhawk speaks to Ann @cavoukian, about the growing implementation of "virtual wallets." http://t.co/qPC9qQSU
-
- July 17th, 2012
- embedprivacy: RT @globaltvnews: Info of 2.4 million voters may be compromised: Elections Ontario. #ontpoli http://t.co/FJh1Ln6a
-
Information & Privacy Commissioner, Ontario, Canada
© Copyright 2012 Information & Privacy Commissioner of Ontario. All Rights Reserved.