You may have heard the phrase, “privacy engineering”, or “data protection engineering”. But what does it mean? Thankfully, the European Union Agency for Cybersecurity (ENISA) has recently released a document that provides clarification on the topic.
While the main goal of ENISA is to contribute to cyber policy of the European Union, the concepts discussed in the document pertaining to privacy engineering can be translated to the Canadian context. That is, while these concepts are entrenched in Articles 5, 25, and 35 of the General Data Protection Regulation (GDPR), we can appreciate a discussion of these topics when discussing privacy engineering in the Canadian context.
What is the issue?
There has been a rapid explosion of new technologies, and this has created a situation where progressive methods of sharing, processing, and storing data have introduced new threats and challenges. Some of these challenges may include a lack of control and transparency, incompatible reuse of data, data inference and re-identification, profiling, and automated decision making. What is more, these technologies have often emerged without any assessments of the impact on privacy and data protection.
It is therefore necessary to design with data protection principles in mind—and the challenge is to translate these principles into tangible requirements and specifications by selecting, implementing and configuring appropriate technical and organizational measures and techniques over the complete lifecycle of the data processing.
But it is not straightforward to implement data protection engineering strategies, since various factors need to be examined on a case-by-case-basis. In fact, it is important to use a multidisciplinary approach when considering a number of things, some of which include: the level of risk; the context of the processing operation; the purposes of processing (and the potential for reusability/purpose creep); the types, scope and volumes of personal data; the means and scale for processing; the state of the art; the cost; and the translation into actionable requirements. Consequently, it is necessary to integrate appropriate safeguards into the processing from the very early steps, using a data protection by design approach.
What is data protection by design?
Plainly put, data protection by design is the implementation of appropriate measures and necessary safeguards that provide effective implementation of the data protection principles and, consequentially data subjects’ rights and freedoms, by design and by default.
What is data protection engineering, and how does it relate to data protection by design?
Data protection engineering strives to support the selection, deployment and configuration of appropriate technical and organizational measures in order to satisfy data protection principles. This involves using techniques that support the fulfilment of the data protection principles and offer a level of protection adequate to the level of risk to which the personal data is exposed. How does this concept relate to data protection by design? Data protection engineering can be perceived as part of data protection by design and by default, in the sense that it aims to support the selection, deployment and configuration of appropriate technical and organizational measures in order to satisfy specific data protection principles.
How is privacy engineering related to data protection impact assessments?
The impact assessments are also part of privacy engineering and data protection by design, since the process entails a more detailed analysis, selection and operation of techniques able to ensure the required level of protection. In fact, these concepts are linked to the level of risk of personal data processing, acting as a threshold for the adoption of relevant measures.
What are privacy enhancing technologies?
Privacy Enhancing Technologies (PETs) include the broader range of technologies that are designed to support the implementation of data protection principles at a systemic and fundamental level. These measures aim to protect privacy by eliminating or reducing personal data or by preventing unnecessary and/or undesired processing of personal data without losing the functionality of the information system. To that end, PETs can be seen as building blocks towards meeting data protection principles and privacy by design goals. Essentially, they are the building blocks of data protection engineering.
PETs can be categorized based on the characteristics of the technology used in relation to the data being processed. There are several PETs in existence, but the challenge is that it is not clear which one is most appropriate for each processing operation and for each context. Likewise, it is not clear how each technique can be engineered seamlessly into the processing operation in order to truly maximize potential and achieve ultimate data protection.
Some of the main PETs discussed are as follows:
- Anonymization and Pseudonymization: anonymization, k-anonymity, differential privacy, and selecting the anonymization scheme
- Data Masking and Privacy-Preserving Computations: homomorphic encryption, secure multiparty computation, trusted execution environments, private informational retrieval, and synthetic data
- Access, Communication, and Storage: communication channels, privacy-preserving storage, privacy-enhancing access control, authorization, and authentication
- Transparency, Intervenability, and User Control Tools: privacy policies, privacy icons, sticky policies, privacy preference signals, privacy dashboards, consent management, consent gathering, consent management systems, exercising right of access, and exercising the right of erasure and right to rectification