ULD SH: Länderübergreifende Datenschutz-Prüfung von Medien-Webseiten: Nachbesserungen nötig


Coordinated cookie practice review by German DPAs.

Observations on

  • Wrong order – loading cookies/trackers prior to consent
  • Wrong information – Insufficient or wrong information on user tracking on first level of the consent banner
  • Wrong consent – Insufficient scope of consent. Many cookies/trackers remain active even if users deny consent on first level of banner to “All”
  • No easy consent denial/revocation – Often no easy way to deny consent on first level of consent banner, or to close banner without a decision.
  • Manipulation of users – dark design patterns, nudging..

Article: Johner Institut on meeting German DIGA requirements


includes overview on regulatory requirements:

  • MDR
  • DVG
  • BSI 200-1 BSI-Standard 200-1, Managementsysteme für die Informationssicherheit
  • BSI 200-2 BSI-Standard 200-2, IT-Grundschutz-Methodik
  • BSI TR03161 Sicherheitsanforderungen an digitale Gesundheitsanwendungen
  • ISO 27001:2017
  • ISO/IEC 82304-1 Gesundheitssoftware – Teil 1: Allgemeine Anforderungen für die Produktsicherheit
  • ISO/IEC 82304-2 Health Software – Part 2: Health and wellness apps – Quality and reliability [future – includes a “seal”]
  • IEC 8001-5-1 Safety, security and effectiveness in the implementation and use of connected medical devices or connected health software – Part 5-1: Security – Activities in the product lifecycle

BSI TR-03161 Sicherheitsanforderungen an digitale Gesundheitsanwendungen

Germany: BSI – Security requriements for digital health applications

English version: https://www.bsi.bund.de/EN/Publications/TechnicalGuidelines/TR03161/TechnicalGuidelines_03161_node.html
with direct link: https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/TechGuidelines/TR03161/TR-03161.pdf?__blob=publicationFile&v=2

Bavaria: Data Protection Checklists (incl. Guidance on TOMs)

The DPA of Bavaria has published the following checklists (in German)
at https://www.lda.bayern.de/de/checklisten.html:

Paper: Bitkom: Anonymisierung und Pseudonymisierung von Daten für Projekte des maschinellen Lernens

Anonymization and Pseudonymization of data used in Machine Learning Projects


Examples given:

  • Processing of geolocation profiles (movements)
  • Google’s COVID-19 Community Mobility Reports
  • De-coupled pseudonyms, e.g. for manufacurers remote monitoring machine performance at customers
  • Speech recognition as example of federated learning
  • Anonmyization and pseudonymization of medical text data using Natural Language Processing
  • Use of sematic anonymization of sensitive data with inference-based AI and active ontolgies in the financial industry

Key words:

    • Anonymization of structured data
        • Approaches
        • Aggregation approach
          • Generalization, Microaggregation
          • k-anonymity, l-diversity, t-closeness
          • Mondrian algorithm, MDAV method (Maximum Distance to Average Vector)
        • Randomization approach
          • Adding noise
        • Synthetic approach
          • (Creating a synthetic model based on original data to generate “matching” synthetic data)
      • Attacks
        • Was personal data of a known person used to genrate the anonymous data?
        • Which data in the anonymous data relates to personal data of a known person?
        • Predicting attributes of a known person
      • Static anonymization, Dynamic anonymization, Interactive anonymization
      • Pseudonymization
        • Format preserving encryption, Tokenization, Trusted third party, Pseudonymous Authentication (PAUTH), Oblivious transfer
      • Anonymization of texts
        • Ensure that free text inlcudes no identifying terms (e.g. via organizational measures)
        • Masking of identifying terms as part of post-processing
        • Structuring via Natural Language Processing
        • Caveat: Author might be identifiable based on writing style
      • Anonymization of multimedia data
      • Privacy via on-prem analysis and decentralization (see also: federated learning)
        • Homomorphic encryption: fully homomorphic, partially homomorphic, somewhat homomorphic
        • Secure multi-party computation
        • Garbled circuits
      • Privacy risks related to machine learning and controls
        • Identification of persons
        • Deanonmymization of data (e.g. of blurred images)
        • Memmbership inference
        • Model inversion
        • Defeating noise, others..
    • Federated learning
      • (Moving algorithms to the local data – instead of moving data to central algorithm)
      • (Local data doesn’t leave device)
      • AI models as personal data
      • Legal advantages of federated learning
    • Attacks and controls
      • Model inversion
        • Querying the trained AI model to reconstruct its training data
      • Membership inference
        • Was a given data point used to train the model?
      • Model extraction
        • “Stealing” the trained model – by cloning the behaviour and predictive capabilities of a given AI model
      • Adversial examples (creating inputs that trigger unintended responses)
      • Countermeasures
        • Restriction son outputs
        • Adversarial Regularization
        • Distillation
        • Differential Privacy
        • Cryptography
        • Secure multi-party computation (MPC)
        • Federated machine learning
        • Differential Private Data Synthesis (DIPS) (e.g. via Copula functions, Generative Adversarial Networks)