Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Webmardi - GDPR

Webmardi - GDPR

GDPR is everyone's responsibility

Jérémie Fontana

May 01, 2018
Tweet

More Decks by Jérémie Fontana

Other Decks in Design

Transcript

  1. GDPR is everyone's responsibility Jérémie Fontana | Designer & Privacy

    Advocate @ Liip 2018-05-01//19:00 Webmardi — @skynebula
  2. Webmardi : GDPR — 2018-05-01//19:00 @ Liip — Jérémie Fontana

    — @skynebula — Good evening y’all!!
  3. Webmardi : GDPR — 2018-05-01//19:00 @ Liip — Jérémie Fontana

    — @skynebula Jérémie Fontana Designer
 & Privacy Advocate — —
  4. Webmardi : GDPR — 2018-05-01//19:00 @ Liip — Jérémie Fontana

    — @skynebula Jérémie Fontana Designer
 & Privacy Advocate — — liip.ch Work
  5. Webmardi : GDPR — 2018-05-01//19:00 @ Liip — Jérémie Fontana

    — @skynebula Jérémie Fontana Designer
 & Privacy Advocate — — hackstock.net Podcast
  6. Webmardi : GDPR — 2018-05-01//19:00 @ Liip — Jérémie Fontana

    — @skynebula Jérémie Fontana Designer
 & Privacy Advocate — — Support jfontana.fr/activism
  7. Webmardi : GDPR — 2018-05-01//19:00 @ Liip — Jérémie Fontana

    — @skynebula — Digital marketer I am not a
  8. Webmardi : GDPR — 2018-05-01//19:00 @ Liip — Jérémie Fontana

    — @skynebula — Mark Zuckerberg I am not
  9. Webmardi : GDPR — 2018-05-01//19:00 @ Liip — Jérémie Fontana

    — @skynebula That’s why this talk won’t be about… • How to bypass GDPR (sorry, not sorry) • How to setup your SAP • How to configure Google Analytics • How to protect your backups • How to try to look like a real human
  10. Webmardi : GDPR — 2018-05-01//19:00 @ Liip — Jérémie Fontana

    — @skynebula — Ask! whenever you want
  11. Webmardi : GDPR — 2018-05-01//19:00 @ Liip — Jérémie Fontana

    — @skynebula Agenda • What is GDPR? • Risks • Benefits • Bad & good practices • Privacy by Design • One more thing…
  12. Webmardi : GDPR — 2018-05-01//19:00 @ Liip — Jérémie Fontana

    — @skynebula “ I got 99 problems but your data ain’t one.
  13. Webmardi : GDPR — 2018-05-01//19:00 @ Liip — Jérémie Fontana

    — @skynebula 99 articles 88 pages 24 languages
  14. Webmardi : GDPR — 2018-05-01//19:00 @ Liip — Jérémie Fontana

    — @skynebula Voted April 27, 2016 #2016/679
  15. Webmardi : GDPR — 2018-05-01//19:00 @ Liip — Jérémie Fontana

    — @skynebula Purpose More control over our own personal data
  16. Webmardi : GDPR — 2018-05-01//19:00 @ Liip — Jérémie Fontana

    — @skynebula Purpose More responsibility 
 on enterprises
  17. Webmardi : GDPR — 2018-05-01//19:00 @ Liip — Jérémie Fontana

    — @skynebula Purpose Human rights “The processing of personal data should be designed to serve mankind.” — Introduction
  18. Webmardi : GDPR — 2018-05-01//19:00 @ Liip — Jérémie Fontana

    — @skynebula Privacy is a fundamental Human Right “No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honor and reputation. Everyone has the right to the protection of the law against such interference or attacks.” — Article 12 of the 1948 Universal Declaration of Human Rights
  19. Webmardi : GDPR — 2018-05-01//19:00 @ Liip — Jérémie Fontana

    — @skynebula Scope All personal data “The processing of personal data wholly or partly by automated means and to the processing other than by automated means of personal data which form part of a filing system or are intended to form part of a filing system.” — Article 2
  20. Webmardi : GDPR — 2018-05-01//19:00 @ Liip — Jérémie Fontana

    — @skynebula What is Personal data? • Name • Email address • Home address
 • Phone number • Location data • Username • Password • IP address • Browsing habits • Device identifiers
  21. Webmardi : GDPR — 2018-05-01//19:00 @ Liip — Jérémie Fontana

    — @skynebula What is Sensitive data? • Racial or ethnic origin • Religion • Union membership • Political preferences • Health data • Genetics • Biometrics…
  22. Webmardi : GDPR — 2018-05-01//19:00 @ Liip — Jérémie Fontana

    — @skynebula Who are the Data subjects?
  23. Webmardi : GDPR — 2018-05-01//19:00 @ Liip — Jérémie Fontana

    — @skynebula Data subjects are People on EU soil
  24. Webmardi : GDPR — 2018-05-01//19:00 @ Liip — Jérémie Fontana

    — @skynebula Who is the Data controller? • Entity established in EU • Entity outside of EU but selling goods/services to people in EU • Entity outside of EU but tracking people in EU
  25. Webmardi : GDPR — 2018-05-01//19:00 @ Liip — Jérémie Fontana

    — @skynebula Who is the Data processor? • Entity tracking / processing / storing personal data 
 for the data controller, inside or outside the EU
  26. Webmardi : GDPR — 2018-05-01//19:00 @ Liip — Jérémie Fontana

    — @skynebula Rights Information — Articles 13 & 14
  27. Webmardi : GDPR — 2018-05-01//19:00 @ Liip — Jérémie Fontana

    — @skynebula Rights Access — Article 15
  28. Webmardi : GDPR — 2018-05-01//19:00 @ Liip — Jérémie Fontana

    — @skynebula Rights Rectification — Article 16
  29. Webmardi : GDPR — 2018-05-01//19:00 @ Liip — Jérémie Fontana

    — @skynebula Rights Restriction of processing 
 — Article 18
  30. Webmardi : GDPR — 2018-05-01//19:00 @ Liip — Jérémie Fontana

    — @skynebula Rights Objection — Article 21
  31. Webmardi : GDPR — 2018-05-01//19:00 @ Liip — Jérémie Fontana

    — @skynebula Rights Automated decision-making 
 — Article 22
  32. Webmardi : GDPR — 2018-05-01//19:00 @ Liip — Jérémie Fontana

    — @skynebula Rights Erasure — Article 17
  33. Webmardi : GDPR — 2018-05-01//19:00 @ Liip — Jérémie Fontana

    — @skynebula Rights Data portability — Article 20
  34. Webmardi : GDPR — 2018-05-01//19:00 @ Liip — Jérémie Fontana

    — @skynebula — Obligations 
 of enterprises
  35. Webmardi : GDPR — 2018-05-01//19:00 @ Liip — Jérémie Fontana

    — @skynebula Obligations Principle of accountability — Article 5
  36. Webmardi : GDPR — 2018-05-01//19:00 @ Liip — Jérémie Fontana

    — @skynebula Accountability Reverse onus — Article 5
  37. Webmardi : GDPR — 2018-05-01//19:00 @ Liip — Jérémie Fontana

    — @skynebula Obligations Notification — Article 19
  38. Webmardi : GDPR — 2018-05-01//19:00 @ Liip — Jérémie Fontana

    — @skynebula Obligations Communication 
 of a data breach — Article 34
  39. Webmardi : GDPR — 2018-05-01//19:00 @ Liip — Jérémie Fontana

    — @skynebula Obligations Data minimization — Article 5
  40. Webmardi : GDPR — 2018-05-01//19:00 @ Liip — Jérémie Fontana

    — @skynebula Obligations Pseudonymization — Article 6
  41. Webmardi : GDPR — 2018-05-01//19:00 @ Liip — Jérémie Fontana

    — @skynebula — Minimization > Pseudonymization
  42. Webmardi : GDPR — 2018-05-01//19:00 @ Liip — Jérémie Fontana

    — @skynebula — Minimization > Anonymization
  43. Webmardi : GDPR — 2018-05-01//19:00 @ Liip — Jérémie Fontana

    — @skynebula Obligations Encryption — Article 32
  44. Webmardi : GDPR — 2018-05-01//19:00 @ Liip — Jérémie Fontana

    — @skynebula Obligations Consent “Consent should be given by a clear affirmative act establishing a freely given, specific, informed and unambiguous indication of the data subject's agreement to the processing of personal data.” — Introduction
  45. Webmardi : GDPR — 2018-05-01//19:00 @ Liip — Jérémie Fontana

    — @skynebula Obligations Consent “Silence, pre-ticked boxes or inactivity should not therefore constitute consent.” — Introduction
  46. Webmardi : GDPR — 2018-05-01//19:00 @ Liip — Jérémie Fontana

    — @skynebula Obligations Consent “When the processing has multiple purposes, consent should be given for all of them.” — Introduction
  47. Webmardi : GDPR — 2018-05-01//19:00 @ Liip — Jérémie Fontana

    — @skynebula Obligations Consent “If the data subject's consent is to be given following a request by electronic means, the request must be clear, concise and not unnecessarily disruptive to the use of the service for which it is provided.” — Introduction
  48. Webmardi : GDPR — 2018-05-01//19:00 @ Liip — Jérémie Fontana

    — @skynebula Obligations Consent — Article 7 • Clearly distinguishable from the other matters • In an intelligible and easily accessible form • Using clear and plain language
  49. Webmardi : GDPR — 2018-05-01//19:00 @ Liip — Jérémie Fontana

    — @skynebula Obligations Data Protection Officer — Article 30
  50. Webmardi : GDPR — 2018-05-01//19:00 @ Liip — Jérémie Fontana

    — @skynebula Obligations Data processing registry — Article 30
  51. Webmardi : GDPR — 2018-05-01//19:00 @ Liip — Jérémie Fontana

    — @skynebula Obligations Privacy Impact Assessment — Article 35
  52. Webmardi : GDPR — 2018-05-01//19:00 @ Liip — Jérémie Fontana

    — @skynebula — And what about Switzerland?
  53. Webmardi : GDPR — 2018-05-01//19:00 @ Liip — Jérémie Fontana

    — @skynebula Yes… GDPR applies to Swiss companies
  54. Webmardi : GDPR — 2018-05-01//19:00 @ Liip — Jérémie Fontana

    — @skynebula GDPR vs Swiss companies Swiss co. having 
 a branch in EU — Article 3
  55. Webmardi : GDPR — 2018-05-01//19:00 @ Liip — Jérémie Fontana

    — @skynebula GDPR vs Swiss companies Swiss co. acting 
 as processor 
 for a EU co. — Article 3
  56. Webmardi : GDPR — 2018-05-01//19:00 @ Liip — Jérémie Fontana

    — @skynebula GDPR vs Swiss companies Swiss co. selling goods & services to people in EU — Article 3
  57. Webmardi : GDPR — 2018-05-01//19:00 @ Liip — Jérémie Fontana

    — @skynebula GDPR vs Swiss companies Swiss co. tracking behaviors of people in EU — Article 3
  58. Webmardi : GDPR — 2018-05-01//19:00 @ Liip — Jérémie Fontana

    — @skynebula — Be there or be square!
  59. Webmardi : GDPR — 2018-05-01//19:00 @ Liip — Jérémie Fontana

    — @skynebula GDPR principles are coming to Switzerland Swiss privacy law 
 is being revised 
 to match GDPR
  60. Webmardi : GDPR — 2018-05-01//19:00 @ Liip — Jérémie Fontana

    — @skynebula Human risk The psychiatrist 
 & Facebook
  61. Webmardi : GDPR — 2018-05-01//19:00 @ Liip — Jérémie Fontana

    — @skynebula Human risk The online platform 
 for children
  62. Webmardi : GDPR — 2018-05-01//19:00 @ Liip — Jérémie Fontana

    — @skynebula Business loss Startup at EPFL
  63. Webmardi : GDPR — 2018-05-01//19:00 @ Liip — Jérémie Fontana

    — @skynebula Reputation Facebook & 
 Cambridge Analytica
  64. Webmardi : GDPR — 2018-05-01//19:00 @ Liip — Jérémie Fontana

    — @skynebula Fines Up to € 20 million…
  65. Webmardi : GDPR — 2018-05-01//19:00 @ Liip — Jérémie Fontana

    — @skynebula Fines or 4% 
 of worldwide annual turnover…
  66. Webmardi : GDPR — 2018-05-01//19:00 @ Liip — Jérémie Fontana

    — @skynebula Fines Whichever 
 is higher!
  67. Webmardi : GDPR — 2018-05-01//19:00 @ Liip — Jérémie Fontana

    — @skynebula Human rights Signal • End-to-end encrypted messaging app • Censorship circumvention • No logs
  68. Webmardi : GDPR — 2018-05-01//19:00 @ Liip — Jérémie Fontana

    — @skynebula Benefits Competitive advantage
  69. Webmardi : GDPR — 2018-05-01//19:00 @ Liip — Jérémie Fontana

    — @skynebula Competitive advantage ProtonMail • Encrypted email service
  70. Webmardi : GDPR — 2018-05-01//19:00 @ Liip — Jérémie Fontana

    — @skynebula Competitive advantage Cozy • Secure personal hub
  71. Webmardi : GDPR — 2018-05-01//19:00 @ Liip — Jérémie Fontana

    — @skynebula Competitive advantage Nord VPN • “No logs” Virtual Private Network
  72. Webmardi : GDPR — 2018-05-01//19:00 @ Liip — Jérémie Fontana

    — @skynebula Competitive advantage Wire • End-to-end encrypted messaging app
  73. Webmardi : GDPR — 2018-05-01//19:00 @ Liip — Jérémie Fontana

    — @skynebula Competitive advantage Apple • Sensitive data computed and stored only on the device
  74. Webmardi : GDPR — 2018-05-01//19:00 @ Liip — Jérémie Fontana

    — @skynebula Lawyers and yield-maximizers can find ways to use fine print and digital maneuvers to get the same sort of low-grade tolerance and low-impact marketing they've always gotten. “ — Seth Godin
  75. Webmardi : GDPR — 2018-05-01//19:00 @ Liip — Jérémie Fontana

    — @skynebula Realize that the GDPR is a net positive for people with something to say, something to sell or something to change. Because the noise will go down and trust will go up. “ — Seth Godin
  76. Webmardi : GDPR — 2018-05-01//19:00 @ Liip — Jérémie Fontana

    — @skynebula Talk to people who want to be talked to. Market to people who want to be marketed to. In two simple words: 
 Ask First. “ — Seth Godin
  77. Webmardi : GDPR — 2018-05-01//19:00 @ Liip — Jérémie Fontana

    — @skynebula Privacy knows no borders: we have to protect privacy globally or we protect it nowhere! “ — Ann Cavoukian, Ph.D
  78. Webmardi : GDPR — 2018-05-01//19:00 @ Liip — Jérémie Fontana

    — @skynebula — 7 principles of Privacy by Design
  79. Webmardi : GDPR — 2018-05-01//19:00 @ Liip — Jérémie Fontana

    — @skynebula Privacy by Design, principle #1 Proactive 
 not reactive Preventative not remedial
  80. Webmardi : GDPR — 2018-05-01//19:00 @ Liip — Jérémie Fontana

    — @skynebula Privacy by Design, principle #2 Privacy as 
 the default setting Privacy by Default
  81. Webmardi : GDPR — 2018-05-01//19:00 @ Liip — Jérémie Fontana

    — @skynebula Privacy by Design, principle #3 Privacy embedded into design
  82. Webmardi : GDPR — 2018-05-01//19:00 @ Liip — Jérémie Fontana

    — @skynebula Privacy by Design, principle #4 Full functionality Positive-sum, not zero-sum
  83. Webmardi : GDPR — 2018-05-01//19:00 @ Liip — Jérémie Fontana

    — @skynebula Privacy by Design, principle #5 End-to-end security Full lifecycle protection
  84. Webmardi : GDPR — 2018-05-01//19:00 @ Liip — Jérémie Fontana

    — @skynebula Privacy by Design, principle #6 Visibility 
 and transparency Keep it open
  85. Webmardi : GDPR — 2018-05-01//19:00 @ Liip — Jérémie Fontana

    — @skynebula Privacy by Design, principle #7 Respect 
 for user privacy Keep it user-centric
  86. Webmardi : GDPR — 2018-05-01//19:00 @ Liip — Jérémie Fontana

    — @skynebula Newsletter OK Don Required First name Draper Required Last name [email protected] Required Email address
  87. Webmardi : GDPR — 2018-05-01//19:00 @ Liip — Jérémie Fontana

    — @skynebula Newsletter SUBSCRIBE TO THE NEWSLETTER I agree to subscribe Optional First name Optional Last name [email protected] Required Email address
  88. Webmardi : GDPR — 2018-05-01//19:00 @ Liip — Jérémie Fontana

    — @skynebula Example #2 Personal details
  89. Webmardi : GDPR — 2018-05-01//19:00 @ Liip — Jérémie Fontana

    — @skynebula [email protected] Required Email address Don Required First name Draper Required Last name Select Required Gender Select Male Female Personal details
  90. Webmardi : GDPR — 2018-05-01//19:00 @ Liip — Jérémie Fontana

    — @skynebula Don Required First name Draper Required Last name Select Optional Gender [email protected] Required Email address Personal details
  91. Webmardi : GDPR — 2018-05-01//19:00 @ Liip — Jérémie Fontana

    — @skynebula [email protected] Required Email address Don Required First name Draper Required Last name Select Optional Gender Select Female Non binary Male Other Personal details
  92. Webmardi : GDPR — 2018-05-01//19:00 @ Liip — Jérémie Fontana

    — @skynebula Example #3 Public profile
  93. Webmardi : GDPR — 2018-05-01//19:00 @ Liip — Jérémie Fontana

    — @skynebula I don’t wanna share my profile publicly I wanna share my name I wanna share my email I wanna share my phone number Public profile
  94. Webmardi : GDPR — 2018-05-01//19:00 @ Liip — Jérémie Fontana

    — @skynebula I wanna share my profile publicly I wanna share my name I wanna share my email I wanna share my phone number Public profile
  95. Webmardi : GDPR — 2018-05-01//19:00 @ Liip — Jérémie Fontana

    — @skynebula I wanna share my profile publicly I wanna share my name I wanna share my email I wanna share my phone number Public profile
  96. Webmardi : GDPR — 2018-05-01//19:00 @ Liip — Jérémie Fontana

    — @skynebula I wanna share my profile publicly I wanna share my name I wanna share my email I wanna share my phone number Public profile
  97. Webmardi : GDPR — 2018-05-01//19:00 @ Liip — Jérémie Fontana

    — @skynebula ↳ IP address ↳ Country ↳ Region / City ↳ Precise location ↳ Browser ↳ Operating System ↳ Device ↳ Battery level ↳ Browsing history ↳ Social media profiles Log file / database Tracking
  98. Webmardi : GDPR — 2018-05-01//19:00 @ Liip — Jérémie Fontana

    — @skynebula ↳ IP address ↳ Country ↳ Region / City ↳ Precise location ↳ Browser ↳ Operating System ↳ Device ↳ Battery level ↳ Browsing history ↳ Social media profiles Log file / database Tracking
  99. Webmardi : GDPR — 2018-05-01//19:00 @ Liip — Jérémie Fontana

    — @skynebula A good designer finds an elegant way to put everything you need on a page. 
 A great designer convinces you half that shit is unnecessary. “ — Mike Monteiro
  100. Webmardi : GDPR — 2018-05-01//19:00 @ Liip — Jérémie Fontana

    — @skynebula The only important thing about design is how it relates to people. “ — Victor Papanek
  101. Webmardi : GDPR — 2018-05-01//19:00 @ Liip — Jérémie Fontana

    — @skynebula — Thank you! ↳ jfontana.fr ↳ @skynebula ↳ liip.ch — Jérémie Fontana Slides: ↳ liip.to/webmardigdpr — —
  102. Webmardi : GDPR — 2018-05-01//19:00 @ Liip — Jérémie Fontana

    — @skynebula Credits Font Icons Neue Haas Grotesk Streamline by Christian Schwartz by Webalys Ethical Design Manifesto Ind.ie by Laura Kalbag & Aral Balkan