Entries submitted (as on 21.04.2017)

A1: Privacy Research Fund + Privacy Research Symposium (New Zealand)
A2: De-identification guidelines for structured data (OIPC Ontario, Canada)
A3: “Corpus luris” (INAI, Mexico)

A1: Privacy Research Fund + Privacy Research Symposium (New Zealand)

 

 

 

Entry by: Office of the Privacy Commissioner, New Zealand

Privacy Research Fund + Privacy Research Symposium: The Privacy Commissioner established a contestable fund of NZ$75,000 to support privacy research projects under which 4 projects were funded with the results presented publicly in a Privacy Research Symposium held as the centrepiece of a special Privacy Research Week. https://privacy.org.nz/further-resources/privacy-research/.

Why the initiative deserves to be recognised by an award?*
The Privacy Research Fund was a successful experiment for the office in using a modest sum of money to build capacity outside the Office of the Privacy Commissioner to better understand privacy and deliver solutions to privacy problems. It built on the assumption that the Office of the Privacy Commissioner does not have all the answers and other stakeholders in the research community have an important part to play in achieving our goals.

The Privacy Research Symposium was a successful event that achieved its goals. However, there were three special aspects setting it part from regular OPC events:

  • Bringing together the research community and creating new connections amongst that community
  • Branding a series of 4 events, only 2 of which were OPC organised, into a coherent Privacy Research Week: the strength of the branding apparent in attendees travelling from overseas to participate

* Non-competition entry: New Zealand has exempted itself from the competition as the ICDPPC Chair, who is judging the competition, is also the New Zealand Commissioner. This entry is for illustrative purposes only.

Complete entry available here.

A2: De-identification guidelines for structured data (OIPC Ontario, Canada)


 

 

 

 

 

 

 

Entry by: Office of the Information and Privacy Commissioner of Ontario, Canada (OIPC)

De-identification guidelines for structured data
The OIPC’s guidance document, De-identification Guidelines for Structured Data, introduces government institutions to the basic concepts and techniques of de-identification, and provides a step-by-step process for de-identifying data sets that contain personal information. It offers direction on a risk-based approach to de-identification and discusses key issues, including:

  • direct and indirect identifiers
  • public, non-public and semi-public release models
  • different re-identification attacks
  • measuring and calculating re-identification risks
  • common de-identification techniques
  • de-identification governance

Why the initiative deserves to be recognised by an award?
De-identification is a complex and technically challenging topic, with a vast body of literature on sophisticated techniques to remove personal information and advanced metrics to analyse and measure re-identification risk. What makes De-identification Guidelines for Structured Data deserving of recognition is that it distills a high level of operational detail and guidance materials into a straightforward process that can be understood and followed by someone with limited technical knowledge. The document does this by focusing only on the most relevant and commonly used techniques and metrics. For example, it only discusses the de-identification techniques of masking, generalization and suppression, and it only supports “prosecutor” risk where an adversary knows or can know whether a target individual is in the data set. The result is a document that may act as a baseline for discussions among experts and non-experts, alike. In no small measure, this is because our guidelines are the first of their kind in Canada to use plain language to explain sophisticated de-identification concepts and technical processes, with the benefit of being useful to a very wide audience.

Complete entry available here.

A3: “Corpus luris” (INAI, Mexico)


 

 

 

 

Entry by: INAI, Mexico

The “Corpus Iuris” on personal data protection is an electronic tool based on a search engine which allows the identification of:

  • International instruments on personal data protection, privacy, intimacy, and habeas data in the different human rights systems: American, European, African, the United Nations, as well as in specialized bodies, such as the Special Rapporteur on the right to Privacy of the UN.
  • Jurisprudential criteria that international jurisdictional bodies have issued regarding these rights.

Why the initiative deserves to be recognised by an award?
In the first place, it is useful to have a computer-based tool through which the jurisdictional and administrative authorities can have access to the criteria for the application of the legislation in this subject, allowing them to improve the argumentation in specific cases of application of the law. Also, in Ibero-American countries, this tool is particularly important to achieve an adequate level of conventionality through an exercise of legal interpretation in which the application of international human rights norms is privileged over domestic provisions, when the latter provide lower protection of human rights.

On the other hand, it is also useful to provide individuals and society in general with relevant and updated information related to the right of personal data protection, to the provided mechanisms for its exercise and defense, as well as to the different criteria issued in this subject by international organizations. This, to ensure that the data subject has the necessary information to fully exercise her/his rights to personal data protection, privacy, and informational self-determination.

Complete entry available here.