Speaker: Sarah Spiekermann, Vienna University of Economics and Business
In May 2009 the EU Commission published its 'Recommendation on the implementation of privacy and data protection principles in applications supported by RFID’. In this document, the EU legislator recommends that all companies using RFID technology will need to run through a Privacy Impact Assessments (PIA) and determine whether their RFID infrastructures (as well as backend systems) imply privacy threats and risks. The identification and reporting of such risks, accompanied by mitigation and control mechanisms is supposed to ensure RFID operators' privacy sensitivity and to lead to more 'privacy by design' in the early development stages of RFID deployments.
The talk will report on the development of the PIA framework and how privacy assessments can and will be made in Europe in the future when it comes to RFID and IOT at large. The talk will also cover the political process that has lead to the PIA Framework as it stands and what challenges had to be overcome to make it happen. Finally, the talk will expand on how engineers and IS professionals can think about ‘Privacy by Design’ and build infrastructures to minimize privacy risks.