Pre-confrerence Workshop to the AoIR 2016
Building Standards of Privacy and Security-by-Design for the Internet of Things
05.10.2016 | 14.00 – 17.30 Uhr | HU Berlin, Dorotheenstr. 24, Berlin-Mitte
Der pre-conference Workshop ist Teil der AoIR conference und findet in englischer Sprache statt.
Using the example of wearables, this one-day workshop, facilitated by Max von Grafenstein, focuses on the question of how privacy- and security-by-design standards (be they de facto standards or those in the form of co-regulated codes of conduct or certificates) may constitute appropriate regulatory instruments that balance the societal need for data based-innovation and protection against its risks. To elaborate on this question, the workshop uses the format of a legal hackathon, which refers to the collaborative and interdisciplinary nature of software hackathons. Seeking to quickly transpose some initial ideas into working prototypes and/or clarify these ideas through prototyping, the legal hackathon format promises to provide the ideal conditions for a first proof of concept for privacy- and security-by-design standards for emergent innovations such as wearables and, more generally, the Internet of Things (IoT).
The idea of standards is promising since, in principle, they provide for appropriate instruments that create trust not only on the economic and social level but also with respect to the law. The General Data Protection Regulation (GDPR), which has recently passed the trilogue and consequently comes into force soon, requires data controllers who process personal data to “implement appropriate technical and organizational measures (…) which are designed to implement data protection principles”. However, legal uncertainty is high because there are several unanswered questions. For example, first, what do the data protection principles specifically mean?; second, what stakeholder(s) fulfill(s) the legal criteria of a “controller”?; and third, should the producer(s) of the infrastructure, for example, of the IoT device, be involved, if they are not a “controller”, in order to enable the actual controller to implement such privacy-by-design measures?
The legal hackathon addresses these questions by inviting startups that are developing wearables, security- and privacy-by-design experts and academics from the legal, social and economic sciences to elaborate on the concept, impact and functions of European data protection law. The hackathon seeks to elaborate, in particular, on the following aspects: First, whether or not it is technically, organizationally as well as legally possible to create a common privacy- and security-by-design standard for wearables; second, if so, what this standard should look like to ensure that the trust-enhancing advantages outweigh the technical and organizational efforts; and third, whether or not such a standard could fulfill the requirements provided for by the final draft of the GDPR with respect to the procedures for codes of conducts and/or certificates.
If the hackathon can generate constructive outcomes, this will serve as a first proof of concept for the general claim that privacy- and security-by-design standards are a serious issue for those seeking to find a balance between the societal need for data-based innovation and protection against its risks. The findings may be transposed, in subsequent hackathons, to further areas of the IoT such as Smart Homes or Smart Cars.
Organizer: Maximilian von Grafenstein
Nur als TeilnehmerIn der AoIR Konferenz ist eine Teilnahme am pre-conference Workshop möglich. Bei der Registrierung für die Konferenz ist eine Anmeldung für diesen Workshop möglich.