SlideShare a Scribd company logo

GDPR, User Data, Privacy, and Your Apps

Carl Brown
Carl Brown

The document discusses the General Data Protection Regulation (GDPR) which takes effect in May 2018 and imposes strict rules and heavy fines on companies regarding the collection and processing of users' personal data. It outlines several principles of GDPR including rights to access, correct and delete personal data. The document also provides strategies for app developers to comply with GDPR such as determining if all collected personal data is necessary, encrypting data, and informing users about data collection and sharing.

Technology
1 of 21
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
User Data, App Development, GDPR, Ethics and you CocoaCoders April 26th, 2018
Disclaimer • I am not a lawyer • Viewer discretion advised
Interactivity This is not supposed to be me lecturing Stop me and ask questions or interject
Disclaimer
What is GDPR? • European Union regulation on Privacy (more detail later) • Takes effect May 25th 2018 • Penalties: The greater of €10 million or 2% of global annual revenue
Does this matter here? Some people think so
Will (something like) this come to U.S.? What do you think?
What Data is Affected? • Basic identity information such as name, address and ID numbers • Web data such as location, IP address, cookie data and RFID tags • Health and genetic data • Biometric data • Racial or ethnic data • Political opinions • Sexual orientation https://www.csoonline.com/article/3202771/data-protection/general-data-protection-regulation-gdpr-requirements-deadlines-and-facts.html
GDPR Principles (1/4) • "Easier access to your own data: individuals will have more information on how their data is processed and this information should be available in a clear and understandable way."
GDPR Principles (2/4) • "A right to data portability: it will be easier to transfer your personal data between service providers."
GDPR Principles (3/4) • "A clarified 'right to be forgotten': when you no longer want your data to be processed, and provided that there are no legitimate grounds for retaining it, the data will be delete."
GDPR Principles (4/4) • "The right to know when your data has been hacked: For example, companies and organizations must notify the national supervisory authority of serious data breaches as soon as possible so that users can take appropriate measures.” • (“The 72-hour reporting window that the GDPR requires makes it especially important that vendors know how to properly report a breach.") https://www.csoonline.com/article/3202771/data-protection/general-data-protection-regulation-gdpr-requirements-deadlines-and-facts.html
New Apple APIs • Providing User Access to CloudKit Data • https://developer.apple.com/documentation/cloudkit/ providing_user_access_to_cloudkit_data/ • Responding to Requests to Delete Data • https://developer.apple.com/documentation/cloudkit/ responding_to_requests_to_delete_data/
GreyKey Cracks a phones passkey Provides complete Keychain contents…
Blue’s Suggestions •I recommend Apple's WWDC privacy sessions for Best Practices on obvious(?) concepts such as transparency, consent, and user control. The videos also cover ways to re-think data collection, trading firehoses for eye-droppers (and/or muddy water). For instance ... •"Privacy and Your Apps" (2017) https://developer.apple.com/videos/play/wwdc2017/702/ •"Engineering Privacy for Your Users" (2016) https://developer.apple.com/videos/play/ wwdc2016/709/ •The first video includes discussion (6:15) of how to back-away from raw data in order to get just the information you need. •The second video has a nice description (14:00) of Differential Privacy: adding noise to collected data.
Strategies • 1. Determine whether the app really needs all the requested personal data • 2. Encrypt all personal data and inform users about it • 3. Think OAUTH for data portability • 4. Enforce secure communications through HTTPS • 5. Inform users about and encrypt personal data from ‘contact us' forms https://techbeacon.com/15-steps-developing-eu-privacy-policy-compliant-apps
Strategies (cont) • 6. Make sure sessions and cookies expire and are destroyed after logout • 7. Do not track user activity for business intelligence  • 8. Tell users about logs that save location or IP addresses  • 9. Store logs in a safe place, preferably encrypted • 10. Security questions should not turn on users' personal data https://techbeacon.com/15-steps-developing-eu-privacy-policy-compliant-apps
Strategies (cont) • 11. Create clear terms and conditions and make sure users read them • 12. Inform users about any data sharing with third parties   • 13. Create clear policies for data breaches • 14. Delete data of users who cancel their service • 15. Patch web/dependency vulnerabilities  https://techbeacon.com/15-steps-developing-eu-privacy-policy-compliant-apps
Get Apple’s data on you • https://www.cnbc.com/2018/04/25/how-to-download-a-copy-of-apple- data-about-me.html
Since We’re on the Subject Big Data is Everywhere…
Further Reading • https://www.prnewswire.com/news-releases/lookout-report-84-of-it- executives-expect-data-accessed-on-mobile-to-cause-gdpr- violations-300555381.html • https://techbeacon.com/15-steps-developing-eu-privacy-policy-compliant- apps • http://europa.eu/rapid/press-release_IP-15-6321_en.htm • https://www.schneier.com/blog/archives/2018/03/greykey_iphone_.html • https://www.wsj.com/articles/how-europes-new-privacy-rules-favor-google- and-facebook-1524536324

More Related Content

What's hot (20)

PPT
Avoid Privacy by Disaster by Adopting Privacy by Design
bradley_g
 
PPTX
Privacy by design for peerlyst meetup
Ishay Tentser
 
PDF
Direct Edge and BATS Global Markets Trusts Intralinks Dealspace™
Intralinks
 
PPTX
Privacy by Design as a system design strategy - EIC 2019
Sagara Gunathunga
 
PDF
Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...
Trivadis
 
PPT
Enlightened Privacy – by Design for a Smarter Grid
bradley_g
 
PDF
Introduction to Ethics of Big Data
28 Burnside
 
PPTX
Privacy by Design - taking in account the state of the art
James Mulhern
 
PDF
Data Privacy
cliff_rudolph
 
PPT
Data Leakage Presentation
Mike Spaulding
 
PPTX
Ethics of Big Data
Matti Vesala
 
PDF
Data Analytics Governance and Ethics
HPCC Systems
 
PDF
BigID IAPP webinar on data-driven enterprise privacy management
BigID Inc
 
PDF
TBEX 2018 - Digital Security and GDPR Considerations for the Travel and Hospi...
Omo Osagiede
 
PDF
Internet of Things With Privacy in Mind
Gosia Fraser
 
PPTX
Big data security the perfect storm
Ulf Mattsson
 
PDF
Privacy and Security by Design
Unisys Corporation
 
PDF
How privacy by design can be the key of your success at the time of the digit...
Giulio Coraggio
 
PDF
Storgrid-Encryption-White-Paper
Toshio Spoor
 
PPTX
Privacy by design
blogzilla
 
Avoid Privacy by Disaster by Adopting Privacy by Design
bradley_g
 
Privacy by design for peerlyst meetup
Ishay Tentser
 
Direct Edge and BATS Global Markets Trusts Intralinks Dealspace™
Intralinks
 
Privacy by Design as a system design strategy - EIC 2019
Sagara Gunathunga
 
Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...
Trivadis
 
Enlightened Privacy – by Design for a Smarter Grid
bradley_g
 
Introduction to Ethics of Big Data
28 Burnside
 
Privacy by Design - taking in account the state of the art
James Mulhern
 
Data Privacy
cliff_rudolph
 
Data Leakage Presentation
Mike Spaulding
 
Ethics of Big Data
Matti Vesala
 
Data Analytics Governance and Ethics
HPCC Systems
 
BigID IAPP webinar on data-driven enterprise privacy management
BigID Inc
 
TBEX 2018 - Digital Security and GDPR Considerations for the Travel and Hospi...
Omo Osagiede
 
Internet of Things With Privacy in Mind
Gosia Fraser
 
Big data security the perfect storm
Ulf Mattsson
 
Privacy and Security by Design
Unisys Corporation
 
How privacy by design can be the key of your success at the time of the digit...
Giulio Coraggio
 
Storgrid-Encryption-White-Paper
Toshio Spoor
 
Privacy by design
blogzilla
 

Similar to GDPR, User Data, Privacy, and Your Apps (20)

PPTX
Privacy on Mobile Apps
Mays Mrayyan
 
PPTX
GDPR for developers
Bozhidar Bozhanov
 
PPTX
Helping Developers with Privacy
Jason Hong
 
PDF
Golden Gekko, 10 burning questions on privacy
DMI
 
PPTX
Designing for Privacy NY Studio—10/04/21
Robert Stribley
 
PPTX
Global Data Privacy Regulation
Jatin Kochhar
 
PPTX
Designing for Privacy in an Increasingly Public World
Robert Stribley
 
PDF
Polina Zvyagina - Airbnb - Privacy & GDPR Compliance - Stanford Engineering -...
Burton Lee
 
PDF
GDPR - Applift firstscreen june 2016
Saira Nayak, JD, CIPP/US/E
 
PPTX
Fostering an Ecosystem for Smartphone Privacy
Jason Hong
 
PPTX
My Privacy at Risk, is it Safe?
Andreas Drakos
 
PDF
GDPR for Things - ThingsCon Amsterdam 2017
Saskia Videler
 
PPTX
Why We Require GDPR?
Jatin Kochhar
 
PDF
apidays LIVE Paris 2021 - The GDPR Developer Guide by Jerome Gorin, CNIL
apidays
 
PDF
Toreon adding privacy by design in secure application development oss18 v20...
Sebastien Deleersnyder
 
PDF
Applying Innovative Tools for GDPR Success
ForgeRock
 
PPTX
Privacy Engineering: Enabling Mobility of Mental Health Services with Data Pr...
CREST
 
PPTX
Helping Developers with Privacy, Distinguished Lecture at University of Wisco...
Jason Hong
 
PPTX
Helping Developers with Privacy
Jason Hong
 
PDF
Over The Air 2010: Privacy for Mobile Developers
Ricardo Varela
 
Privacy on Mobile Apps
Mays Mrayyan
 
GDPR for developers
Bozhidar Bozhanov
 
Helping Developers with Privacy
Jason Hong
 
Golden Gekko, 10 burning questions on privacy
DMI
 
Designing for Privacy NY Studio—10/04/21
Robert Stribley
 
Global Data Privacy Regulation
Jatin Kochhar
 
Designing for Privacy in an Increasingly Public World
Robert Stribley
 
Polina Zvyagina - Airbnb - Privacy & GDPR Compliance - Stanford Engineering -...
Burton Lee
 
GDPR - Applift firstscreen june 2016
Saira Nayak, JD, CIPP/US/E
 
Fostering an Ecosystem for Smartphone Privacy
Jason Hong
 
My Privacy at Risk, is it Safe?
Andreas Drakos
 
GDPR for Things - ThingsCon Amsterdam 2017
Saskia Videler
 
Why We Require GDPR?
Jatin Kochhar
 
apidays LIVE Paris 2021 - The GDPR Developer Guide by Jerome Gorin, CNIL
apidays
 
Toreon adding privacy by design in secure application development oss18 v20...
Sebastien Deleersnyder
 
Applying Innovative Tools for GDPR Success
ForgeRock
 
Privacy Engineering: Enabling Mobility of Mental Health Services with Data Pr...
CREST
 
Helping Developers with Privacy, Distinguished Lecture at University of Wisco...
Jason Hong
 
Helping Developers with Privacy
Jason Hong
 
Over The Air 2010: Privacy for Mobile Developers
Ricardo Varela
 
Ad

More from Carl Brown (20)

PDF
New in iOS 11.3b4 and Xcode 9.3b4
Carl Brown
 
PDF
Managing Memory in Swift (Yes, that's a thing)
Carl Brown
 
PDF
Better Swift from the Foundation up #tryswiftnyc17 09-06
Carl Brown
 
PDF
Generics, the Swift ABI and you
Carl Brown
 
PDF
Swift GUI Development without Xcode
Carl Brown
 
PDF
what's new in iOS10 2016-06-23
Carl Brown
 
PDF
Open Source Swift: Up and Running
Carl Brown
 
PDF
Parse migration CocoaCoders April 28th, 2016
Carl Brown
 
PDF
Swift 2.2 Design Patterns CocoaConf Austin 2016
Carl Brown
 
PDF
Advanced, Composable Collection Views, From CocoaCoders meetup Austin Feb 12,...
Carl Brown
 
PDF
Gcd cc-150205
Carl Brown
 
PDF
Cocoa coders 141113-watch
Carl Brown
 
PDF
iOS8 and the new App Store
Carl Brown
 
PDF
Dark Art of Software Estimation 360iDev2014
Carl Brown
 
PDF
Intro to cloud kit Cocoader.org 24 July 2014
Carl Brown
 
PDF
Welcome to Swift (CocoaCoder 6/12/14)
Carl Brown
 
PDF
Writing Apps that Can See: Getting Data from CoreImage to Computer Vision - ...
Carl Brown
 
PPT
Introduction to Git Commands and Concepts
Carl Brown
 
PDF
REST/JSON/CoreData Example Code - A Tour
Carl Brown
 
KEY
360iDev iOS AntiPatterns
Carl Brown
 
New in iOS 11.3b4 and Xcode 9.3b4
Carl Brown
 
Managing Memory in Swift (Yes, that's a thing)
Carl Brown
 
Better Swift from the Foundation up #tryswiftnyc17 09-06
Carl Brown
 
Generics, the Swift ABI and you
Carl Brown
 
Swift GUI Development without Xcode
Carl Brown
 
what's new in iOS10 2016-06-23
Carl Brown
 
Open Source Swift: Up and Running
Carl Brown
 
Parse migration CocoaCoders April 28th, 2016
Carl Brown
 
Swift 2.2 Design Patterns CocoaConf Austin 2016
Carl Brown
 
Advanced, Composable Collection Views, From CocoaCoders meetup Austin Feb 12,...
Carl Brown
 
Gcd cc-150205
Carl Brown
 
Cocoa coders 141113-watch
Carl Brown
 
iOS8 and the new App Store
Carl Brown
 
Dark Art of Software Estimation 360iDev2014
Carl Brown
 
Intro to cloud kit Cocoader.org 24 July 2014
Carl Brown
 
Welcome to Swift (CocoaCoder 6/12/14)
Carl Brown
 
Writing Apps that Can See: Getting Data from CoreImage to Computer Vision - ...
Carl Brown
 
Introduction to Git Commands and Concepts
Carl Brown
 
REST/JSON/CoreData Example Code - A Tour
Carl Brown
 
360iDev iOS AntiPatterns
Carl Brown
 
Ad

Recently uploaded (20)

PDF
Smart Trailers 2025 Update with History and Overview
Paul Menig
 
PDF
CIFDAQ Market Insights for July 7th 2025
CIFDAQ
 
PPTX
From Sci-Fi to Reality: Exploring AI Evolution
Svetlana Meissner
 
PDF
The Builder’s Playbook - 2025 State of AI Report.pdf
jeroen339954
 
PDF
HubSpot Main Hub: A Unified Growth Platform
Jaswinder Singh
 
PPTX
"Autonomy of LLM Agents: Current State and Future Prospects", Oles` Petriv
Fwdays
 
PPTX
WooCommerce Workshop: Bring Your Laptop
Laura Hartwig
 
PPTX
AUTOMATION AND ROBOTICS IN PHARMA INDUSTRY.pptx
sameeraaabegumm
 
PDF
Chris Elwell Woburn, MA - Passionate About IT Innovation
Chris Elwell Woburn, MA
 
PDF
Fl Studio 24.2.2 Build 4597 Crack for Windows Free Download 2025
faizk77g
 
PDF
Agentic AI lifecycle for Enterprise Hyper-Automation
Debmalya Biswas
 
PDF
Python basic programing language for automation
DanialHabibi2
 
PPTX
UiPath Academic Alliance Educator Panels: Session 2 - Business Analyst Content
DianaGray10
 
PDF
LLMs.txt: Easily Control How AI Crawls Your Site
Keploy
 
PPTX
Q2 FY26 Tableau User Group Leader Quarterly Call
lward7
 
PDF
Newgen 2022-Forrester Newgen TEI_13 05 2022-The-Total-Economic-Impact-Newgen-...
darshakparmar
 
PPTX
OpenID AuthZEN - Analyst Briefing July 2025
David Brossard
 
PDF
Jak MŚP w Europie Środkowo-Wschodniej odnajdują się w świecie AI
dominikamizerska1
 
PDF
Timothy Rottach - Ramp up on AI Use Cases, from Vector Search to AI Agents wi...
AWS Chicago
 
PDF
From Code to Challenge: Crafting Skill-Based Games That Engage and Reward
aiyshauae
 
Smart Trailers 2025 Update with History and Overview
Paul Menig
 
CIFDAQ Market Insights for July 7th 2025
CIFDAQ
 
From Sci-Fi to Reality: Exploring AI Evolution
Svetlana Meissner
 
The Builder’s Playbook - 2025 State of AI Report.pdf
jeroen339954
 
HubSpot Main Hub: A Unified Growth Platform
Jaswinder Singh
 
"Autonomy of LLM Agents: Current State and Future Prospects", Oles` Petriv
Fwdays
 
WooCommerce Workshop: Bring Your Laptop
Laura Hartwig
 
AUTOMATION AND ROBOTICS IN PHARMA INDUSTRY.pptx
sameeraaabegumm
 
Chris Elwell Woburn, MA - Passionate About IT Innovation
Chris Elwell Woburn, MA
 
Fl Studio 24.2.2 Build 4597 Crack for Windows Free Download 2025
faizk77g
 
Agentic AI lifecycle for Enterprise Hyper-Automation
Debmalya Biswas
 
Python basic programing language for automation
DanialHabibi2
 
UiPath Academic Alliance Educator Panels: Session 2 - Business Analyst Content
DianaGray10
 
LLMs.txt: Easily Control How AI Crawls Your Site
Keploy
 
Q2 FY26 Tableau User Group Leader Quarterly Call
lward7
 
Newgen 2022-Forrester Newgen TEI_13 05 2022-The-Total-Economic-Impact-Newgen-...
darshakparmar
 
OpenID AuthZEN - Analyst Briefing July 2025
David Brossard
 
Jak MŚP w Europie Środkowo-Wschodniej odnajdują się w świecie AI
dominikamizerska1
 
Timothy Rottach - Ramp up on AI Use Cases, from Vector Search to AI Agents wi...
AWS Chicago
 
From Code to Challenge: Crafting Skill-Based Games That Engage and Reward
aiyshauae
 

GDPR, User Data, Privacy, and Your Apps

  • 1. User Data, App Development, GDPR, Ethics and you CocoaCoders April 26th, 2018
  • 2. Disclaimer • I am not a lawyer • Viewer discretion advised
  • 3. Interactivity This is not supposed to be me lecturing Stop me and ask questions or interject
  • 5. What is GDPR? • European Union regulation on Privacy (more detail later) • Takes effect May 25th 2018 • Penalties: The greater of €10 million or 2% of global annual revenue
  • 6. Does this matter here? Some people think so
  • 7. Will (something like) this come to U.S.? What do you think?
  • 8. What Data is Affected? • Basic identity information such as name, address and ID numbers • Web data such as location, IP address, cookie data and RFID tags • Health and genetic data • Biometric data • Racial or ethnic data • Political opinions • Sexual orientation https://www.csoonline.com/article/3202771/data-protection/general-data-protection-regulation-gdpr-requirements-deadlines-and-facts.html
  • 9. GDPR Principles (1/4) • "Easier access to your own data: individuals will have more information on how their data is processed and this information should be available in a clear and understandable way."
  • 10. GDPR Principles (2/4) • "A right to data portability: it will be easier to transfer your personal data between service providers."
  • 11. GDPR Principles (3/4) • "A clarified 'right to be forgotten': when you no longer want your data to be processed, and provided that there are no legitimate grounds for retaining it, the data will be delete."
  • 12. GDPR Principles (4/4) • "The right to know when your data has been hacked: For example, companies and organizations must notify the national supervisory authority of serious data breaches as soon as possible so that users can take appropriate measures.” • (“The 72-hour reporting window that the GDPR requires makes it especially important that vendors know how to properly report a breach.") https://www.csoonline.com/article/3202771/data-protection/general-data-protection-regulation-gdpr-requirements-deadlines-and-facts.html
  • 13. New Apple APIs • Providing User Access to CloudKit Data • https://developer.apple.com/documentation/cloudkit/ providing_user_access_to_cloudkit_data/ • Responding to Requests to Delete Data • https://developer.apple.com/documentation/cloudkit/ responding_to_requests_to_delete_data/
  • 14. GreyKey Cracks a phones passkey Provides complete Keychain contents…
  • 15. Blue’s Suggestions •I recommend Apple's WWDC privacy sessions for Best Practices on obvious(?) concepts such as transparency, consent, and user control. The videos also cover ways to re-think data collection, trading firehoses for eye-droppers (and/or muddy water). For instance ... •"Privacy and Your Apps" (2017) https://developer.apple.com/videos/play/wwdc2017/702/ •"Engineering Privacy for Your Users" (2016) https://developer.apple.com/videos/play/ wwdc2016/709/ •The first video includes discussion (6:15) of how to back-away from raw data in order to get just the information you need. •The second video has a nice description (14:00) of Differential Privacy: adding noise to collected data.
  • 16. Strategies • 1. Determine whether the app really needs all the requested personal data • 2. Encrypt all personal data and inform users about it • 3. Think OAUTH for data portability • 4. Enforce secure communications through HTTPS • 5. Inform users about and encrypt personal data from ‘contact us' forms https://techbeacon.com/15-steps-developing-eu-privacy-policy-compliant-apps
  • 17. Strategies (cont) • 6. Make sure sessions and cookies expire and are destroyed after logout • 7. Do not track user activity for business intelligence  • 8. Tell users about logs that save location or IP addresses  • 9. Store logs in a safe place, preferably encrypted • 10. Security questions should not turn on users' personal data https://techbeacon.com/15-steps-developing-eu-privacy-policy-compliant-apps
  • 18. Strategies (cont) • 11. Create clear terms and conditions and make sure users read them • 12. Inform users about any data sharing with third parties   • 13. Create clear policies for data breaches • 14. Delete data of users who cancel their service • 15. Patch web/dependency vulnerabilities  https://techbeacon.com/15-steps-developing-eu-privacy-policy-compliant-apps
  • 19. Get Apple’s data on you • https://www.cnbc.com/2018/04/25/how-to-download-a-copy-of-apple- data-about-me.html
  • 20. Since We’re on the Subject Big Data is Everywhere…
  • 21. Further Reading • https://www.prnewswire.com/news-releases/lookout-report-84-of-it- executives-expect-data-accessed-on-mobile-to-cause-gdpr- violations-300555381.html • https://techbeacon.com/15-steps-developing-eu-privacy-policy-compliant- apps • http://europa.eu/rapid/press-release_IP-15-6321_en.htm • https://www.schneier.com/blog/archives/2018/03/greykey_iphone_.html • https://www.wsj.com/articles/how-europes-new-privacy-rules-favor-google- and-facebook-1524536324