Finding suitable ways to handle personal data in conformance with the law is challenging. The European General Data Protection Regulation (GDPR), enforced since May 2018, makes it mandatory to citizens and companies to comply with the privacy requirements set in the regulation. For existing systems the challenge is to be able to show evidence that they are already complying with the GDPR, or otherwise to work towards compliance by modifying their systems and procedures, or alternatively reprogramming their systems in order to pass the eventual controls. For those starting new projects the advice is to take privacy into consideration since the very beginning, already at design time. This has been known as Privacy by Design (PbD). The main question is how much privacy can you effectively achieve by using PbD, and in particular whether it is possible to achieve Privacy by Construction. In this short non-technical talk I will give my personal opinion on issues related to the ambition of achieving Privacy by Construction.
Gerardo Schneider is a professor of Computer Science at the University of Gothenburg, Sweden. He had previously been at VERIMAG (Grenoble, France), Uppsala University (Sweden), Irisa/INRIA (Rennes, France), and the University of Oslo (Norway). He currently is the Head of the Formal Methods Unit at the Dept. of Computer Science and Engineering (since 2017). His research interests include formal verification (runtime verification, model checking, and verification of real-time and hybrid systems), the specification and analysis of normative documents, and privacy.