Organisers

EC DG CONNECT

Latest news RSS Feed Atom Feed

Partners

Supported by

 

PROGRAMME

The Annual Privacy Forum 1st edition

Programme

Wednesday 10/10/2012

08:00 – 08:50

Registration

08:50 – 09:45

Opening notes & keynotes

Welcome note: Polys Michaelides, Commissioner for the Regulation of Electronic Communications and Postal Services of Cyprus

Chair & opening note from the local organiser: Marios Dikaiakos, General Co chair APF 2012, Professor University of Cyprus  

  • Udo Helmbrecht, Executive Director, European Network and Information Security Agency - ENISA PDF
  • Rosa Barcelo, Policy Coordinator Trust & Security Unit, European Comission - DG CONNECT
  • Stelios D. Himonas,  Permanent Secretary of the Cyprus Ministry of Justice and Public Order, representative of Cyprus Presidency of the Council of the EU

09:45 – 09:50

Break

09:50 – 11:15

Keynotes

Chair: Bart Preneel, PC chair APF 2012, professor KU Leuven  

  • Nicolas Dubois, Data Protection Unit, Directorate General Justice, European Commission
  • Marisa Jimenez, European Privacy Policy Senior Counsel, Google. ‘Embracing Privacy Reform for Economic Growth: The Role of the Internet’ PDF
  • Alessandro Acquisti, professor, Heinz College - Carnegie Mellon University.Would "Privacy in the Age of Augmented Reality" work?’ PDF

11:15 – 11:30

Coffee break

11:30 – 13:00

Session 1

Chair: Rodica Tirtea, PC member APF 2012,  expert ENISA

  • Integrating Anonymous Credentials with eIDs for Privacy-respecting Online Authentication’, Ronny Bjones, Ioannis Krontiris, Pascal Paillier and Kai Rannenberg  PDF
  • Privacy-preserving Identity Management in SEMIRAMIS’, Charles Bastos Rodriguez, Ruben Torres Dieguez, Silvio Soracce, Tiago Batista, Ricardo Azevedo, Juan Manuel Marin Perez, Jorge Bernal Bernabé, Gregorio Martinez and Dominik Lamp; Aljosa Pasic PDF
  • ‘A Method for Analysing Traceability between Privacy Policies and Privacy Controls of Online Social Networks’, Pauline Anthonysamy, Phil Greenwood and Awais Rashid PDF
  • Collection and storage of personal data: a critical view on current practices in the transportation sector’, Eleni Kosta, Hans Graux and Jos Dumortier PDF

NOTE: presenters name in bold.

13:00 – 14:00

Lunch

14:00 – 15:30

Session 2

Chair: Claire Vishik, Security, privacy standards and policy manager, Intel

  • Privacy-Preserving Computation (Position Paper)’, Florian Kerschbaum PDF
  • A Problem-based Approach for Computer Aided Privacy Threat Identification’, Kristian Beckers, Stephan Faßbender, Maritta Heisel and Rene Meis PDF
  • Privacy Concerns and Actions: Evidence from a Large-scale Hybrid Experiment’, Nicola Jentzsch
  • Electronic Footprints in the Sand: Technologies for Assisting Domestic Violence Survivors’, Martin Emms, Budi Arief and Aad Van Moorsel PDF

15:30 – 15:45

Coffee break

15:45 – 17:15

Panel Session 1 "The economic dimension of data protection"

Chair: Giorgos Rossides, Special Advisor - Data Protection Reform, Cyprus Presidency of the Council of the EU

  • Alessandro Acquisti, Associate Professor of Information Technology and Public Policy at the Heinz College at Carnegie Mellon University (CMU), co-director of CMU Center for Behavioral Decision Research (CBDR) PDF
  • Melina Violari, Policy and Privacy Manager,Facebook Europe
  • Andreas Krisch, president EDRi (European Digital Rights), VIBE!AT PDF

17:15 – 17:20

Break

17:20 – 18:20

Workshop organized by NESSoS (Network of Excellence on Engineering Secure Future Internet Software Services and Systems) – "Privacy By Design and Secure Software Engineering"

Chair: Aljosa Pasic, Chair of the Industrial advisory board of NESSoS

Workshop speakers: 

  • Jorge Cuellar, Siemens: The need to standardize location privacy protection policies --  A look at the IETF PDF
  • Claire Vishik, Intel : Principles of Privacy by Design in Smart metering: issues of importance to privacy engineers and technologists PDF
  • Slim Trabelsi, SAP : Use of USDL-SEC for privacy goals PDF
  • Aljosa Pasic, Atos : Model Driven Privacy: Does it exist? PDF
  • Nick Wainwright, HP Lab : Accountability for the Cloud. PDF

20:00

Conference Dinner

  • Sponsor's Brief note ‘‘Innovation Forecast: A Data Protection Framework for the Cloud’’, Thomas Boué, Director of Government Affairs, EMEA

 

Thursday 11/10/2012

08:30 – 10:00

Second day opening notes and keynotes

Chair and welcome note: Steve Purser, Head of Technical Department, ENISA 

  • Stephen Deadman, Privacy Officer,  Vodafone Group  PDF
  • Andreas Krisch, president EDRi (European Digital Rights), VIBE!AT,'Data Protection: the Enabler for Innovative Information Technologies' PDF

10:00 – 10:10

Coffee break

10:10 – 11:20

Session 3

Chair: Ioannis Krontiris, Senior Researcher, Mobile Business and Multilateral Security group at Johann Wolfgang Goethe University in Frankfurt

  • Conceptual Framework and Architecture for Privacy Audit’, Alan Hartman, Ksenya Kveler, Kirsten Bock, Pietro Colombo, Tamar Domany and Elena Ferrari PDF
  • A solution, but not a panacea for defending privacy: The challenges, criticism and limitations of Privacy by Design’, Demetrius Klitou PDF
  • Current Status and Prospect of Acts on Privacy in Korea’, Jae Suk Yun and Yong-Jun Jeong  PDF
  • ICT and Privacy: Barriers’, Antonio Kung PDF

11:20 – 11:30

Break

11:30 – 13:10 

Session 4 Short Talks

Chair: SÅ‚awomir Górniak, expert ENISA

  • ‘Privacy in ETSI Security Standardization', ETSI, Carmine Rizzo PDF
  • The role of standards in privacy protection’, Scott Cadzow PDF
  • Federated Identity as Capabilities’, Harry Halpin and Blaine Cook
  • FutureID- Shaping the Future of Electronic Identity’, Heiko Roßnagel, Jan Camenisch, Lothar Fritsch, Thomas Gross, Detlef Houdeau, Detlef Hühnlein, Anja Lehmann, Jon Shamah PDF
  • Designing Privacy by Design’, Jeroen van Rest, Daniel Boonstra, Maarten Everts, Martin van Rijn and Ron van Paassen, Sander van Oort  PDF
  • Enhancing Privacy by Design From a Developer’s Perspective’, Christoph Bier, Pascal Birnstill, Erik Krempel, Hauke Vagts and Jürgen Beyerer PDF
  • 'GINI Position Paper',Lefteris Leontaridis  PDF
  • Privacy preserving course evaluations in Greek higher education institutes: an e-Participation case study with the empowerment of Attribute Based Credentials’, Vasiliki Liagkou, George Metakides, Apostolis Pyrgelis, Christoforos Raptopoulos and Yannis Stamatiou PDF

13:10 – 14:30

Lunch

14:30 – 15:30

Panel Session 2 ”Research Challenges in Privacy”

Chair: Bart Preneel, PC chair APF 2012, professor KU Leuven

15:30 – 15:45

Coffee break

15:45 – 17:30

Panel Session 3 "European Policies and Technological Innovation in Privacy and Data Protection"

Chair: Rosa Barcelo, Policy Coordinator Trust & Security Unit, European Comission - DG CONNECT

  • Nicolas Dubois, Data Protection Unit, Directorate General Justice, European Commission
  • Michael Waidner, SIT Research Group, Chair Fraunhofer SIT, Director CASED and EC-SPRIDE PDF
  • Peter Schaar, the Federal Commissioner for Data Protection and Freedom of Information (BFDI)
  • Gwendal Le Grand, Commission Nationale de l'Informatique et des Libertés (CNIL), Head of IT experts group
  • Caspar Bowden, independent expert 
  • Giovanni Buttarelli,  Assistant Supervisor, European Data Protection Supervisor (EDPS)

17:30 – 17:40 

Closing remarks

Demosthenes Ikonomou, General Co chair APF 2012, Head of Secure Services & Project Support Activities Unit - ENISA

 

Panel 1: The economic dimension of data protection

Chair: Giorgos Rossides, Special Advisor - Data Protection Reform | Cyprus Presidency of the Council of the EU

This panel aims to examine the interaction of the fundamental right to the protection of personal data with the economic imperatives of the 21st century digital internal market. The innovative business models of this market have, in recent years, come to increasingly depend on the utilisation of personal data. While this fact may carry significant advantages in terms of the personalisation and customisation of web-based services, it also brings with it considerable risks for the protection of personal data and calls into question the regulatory regimes that are in place to ensure this protection.

Key questions to be explored:

  • What are the changes that have happened since the adoption of the EU data protection regulatory framework in 1995? How do these changes challenge our existing legal framework for the protection of personal data?
  • What are the economic trade-offs between the provision of ‘free’ digital services and the uptakes of these services by individuals? Is personal data the currency with which these services are paid for?
  • Have technological advances rendered privacy and data protection irrelevant? Do people care?
  • What would be the best solutions to ensuring the protection of personal data without stifling innovation and entrepreneurship on the internet?
  • Will the proposed EU data protection reform help foster the economic growth, innovation, job creation it envisages, particularly for micro and medium-sized enterprises, in the currently negative economic environment?

Panel Composition:

  • Melina Violari, Policy and Privacy Manager,Facebook Europe

 

Panel 2: Research Challenges in Privacy 

Chair: Bart Preneel, PC chair APF 2012, professor KU Leuven

The developments at EU level in the policy framework related to privacy represents one of the most interesting and fast evolving sectors in EU policy. At the same time, for a number of years the EU is making a significant investment in collaborative EU funded R&D in the areas of NIS and privacy.

The main purpose of ENISA is to enhance the capability of the Community, the Member States and, as consequence, the business community to prevent, address and respond to network and information security problems. To this end, ENISA has observed that many of the innovations occurring in the programs of EU funded R&D are not feeding to the relevant policy initiatives in the areas of NIS and privacy. In a similar way the strategic priorities of EU policy in the area of privacy are not feeding to research priorities.

The Agency is proposing a panel where experts working in the area of privacy will discuss and address these gaps. With this panel we will cover topics such as ‘privacy by design’ between objective and practice, technical implementation issues for the ‘right to be forgotten’, etc. Furthermore we will try to identify with key experts topics that should receive priorities for funding in the near future in order to address the policy agenda of the EU.

Panel Composition:

 

Panel 3: European Policies and Technological Innovation in Privacy and Data Protection

Chair: Rosa Barcelo, Policy Coordinator Trust & Security Unit, European Comission - DG CONNECT

Commission - DG CONNECT Privacy is a fundamental need and a basic right in Europe. New information and communication technologies have given it a completely new dimension, for instance in terms of accessibility of personal information online, transparency of the use of data and the availability of personal data in the future. The dynamic uptake of new communication devices and forums online often comes with new challenges and costs for preserving one's individual needs of privacy protection. European policies and research efforts address these challenges, most recently with this year's Commission proposal of a major reform on the protection of personal data. At the same time, R&D results from the scientific communities in Europe outline new approaches for privacy in the digital age.

This panel will discuss how Europe can deliver a regulatory environment for the privacy needs of its citizens that keeps pace with technological developments and stimulates growth and innovation. A question to be raised here would be how regulatory efforts and technological innovation for online privacy can complement each other to ensure the effective protection of citizens’ rights. Another point for discussion would be how policies and research can support a fundamental change from a reactive mode of adapting privacy rules to new online forms of communication to privacy rules applicable for any emerging online environment. European decision-makers of privacy policies will discuss with research and industry representatives as well as the participants of the Forum their views and approaches on these questions.

Panel Composition:

  • Nicolas Dubois, Data Protection Unit, Directorate General Justice, European Commission
  • Michael Waidner, SIT Research Group, Chair Fraunhofer SIT, Director CASED and EC-SPRIDE
  • Peter Schaar, the Federal Commissioner for Data Protection and Freedom of Information (BFDI)
  • Gwendal Le Grand, Commission Nationale de l'Informatique et des Libertés (CNIL), Head of IT experts group
  • Caspar Bowden, independent expert 
  • Giovanni Buttarelli,  Assistant Supervisor, European Data Protection Supervisor (EDPS)

 

 

Workshop organized by NESSoS - Privacy By Design and Secure Software Engineering

Chair: Aljosa Pasic, the Chair of Industrial advisory board of the Network of Excellence on Engineering Secure Future Internet Software Services and Systems (NESSoS)

 

Privacy by Design is a hot topic. Virtually al stakeholders agree that it is better to build in than to bolt it on later, but European security industry expressed concerns[1] about vagueness and ambiguity of this concept. In order to come with a structured process, industry might need to take a look at requirements engineering, formal languages, programming environments and the other areas of engineering secure software-based services. The engineering of secure software services is based on the principle of addressing security concerns from the very beginning in system analysis and design, thus contributing to reduce the amount of system and service vulnerabilities and enabling the systematic treatment of security needs through the engineering process.

This panel aims to examine the interaction of privacy by design and secure software and service engineering.  For example, most current requirements engineering approaches consider security only at the technological level, failing to capture the high-level requirements of trust or privacy. In parallel we are witnessing emergence of Future Internet services and applications. They are composed of several services (created and hosted by various organizations and providers), each with its own security and privacy characteristics. The service compositions are very dynamic in nature, and span multiple trust domains, resulting in a fragmentation of ownership of both services and content, and a complexity of implicit and explicit relations among the participants.

Key questions to be explored:

  • What are the best practices for Privacy by Design in practice?
  • What impact has service-orientation on privacy by design and on secure software and service engineering?
  • How do we combine software engineering and data management sides of (compositional) privacy by design principle?
  • What does location privacy means for secure software engineering?
  • What solutions or approaches will you foresee to solve the challenges and fill the gaps?

Workshop speakers :

  • Jorge Cuellar, Siemens : The need to standardize location privacy protection policies  --  A look at the IETF
  • Claire Vishik, Intel : Principles of Privacy by Design in Smartmetering: issues of importance to privacy engineers and technologists. 
  • Aljosa Pasic, Atos : Model Driven Privacy : does it exist?