| Argen(na | Belgium | Brazil I Canada | China I Colombia I France | Germany | Greece | Israel | Italy | Lebanon I Luxembourg | Mexico | Norway

y | Portugal
| South Africa | Spain | Switzerland | Tunisia | United Kingdom | USA
PRIVACY BY DESIGN
AND BY DEFAULT
Sbas(en FANTI

AIorney at law and public Notary
Elected as Cantonal Data Privacy Ocer (Valais)

www.sebas(enfan(.ch
sebas(en.fan(@sebas(enfan(.ch





FLORENCE, NOVEMBER 1st, 2014
PRIVACY BY DESIGN AND BY DEFAULT
| Switzerland | Me Sbas(en FANTI | sebas(en.fan(@sebas(enfan(.ch

Page 2
Preliminary remarks and deni(ons
The example of the Blackphone
The Swiss Privacy by Design and by Default
approach
Impact analysis about privacy - modeliza(on of
risks a prac(cal approach
Future evolu(ons
Conclusions
Overview
PRIVACY BY DESIGN AND BY DEFAULT
| Switzerland | Me Sbas(en FANTI | sebas(en.fan(@sebas(enfan(.ch

Page 3
Privacy by Design refers to the philosophy and approach of
embedding privacy into the design specica(ons of various
technologies. Ann Cavoukian
Privacy by Default has another dimension than Privacy by
Design. Privacy by Default covers applying default se`ngs in
such a way that the best possible privacy is guaranteed.
Privacy by Default reacts to the enormous growth of internet
facili(es and apps and must ensure that the low-threshold use
leads too quickly to the unwanted showing and/or sharing of
(too much) of personal data or compromising of security.
Viviane Reding
Preliminary remarks and deni(ons
PRIVACY BY DESIGN AND BY DEFAULT
| Switzerland | Me Sbas(en FANTI | sebas(en.fan(@sebas(enfan(.ch

Page 4
The 7 Founda(onal Principles of Privacy by Design:
- Proac&ve not Reac(ve; Preven&ve not Remedial
- Privacy as the Default Se1ng
- Privacy Embedded into Design
- Full Func(onality Posi&ve-Sum, not Zero-Sum
- End-to-End Security Full Lifecycle Protec&on
- Visibility and Transparency Keep it Open
- Respect for User Privacy Keep it User-Centric

Opera(onalizing Privacy by Design: A Guide to Implemen(ng Strong Privacy Prac(ces, Ann Cavoukian, Ph.D., Informa(on
and Privacy Commissioner, Ontario, Canada, December 2012, p. 8
Preliminary remarks and deni(ons
PRIVACY BY DESIGN AND BY DEFAULT
| Switzerland | Me Sbas(en FANTI | sebas(en.fan(@sebas(enfan(.ch

Page 5
The example of the Blackphone www.blackphone.ch
PRIVACY BY DESIGN AND BY DEFAULT
| Switzerland | Me Sbas(en FANTI | sebas(en.fan(@sebas(enfan(.ch

Page 6

Spider Oak: Online File
Sharing & Secure Cloud
Backup strongly
recommanded by Edward
Snowden
Our smartphone wont
make you NSA-proof, but its
a good start
Phil Zimmerman
The example of the Blackphone
PRIVACY BY DESIGN AND BY DEFAULT
| Switzerland | Me Sbas(en FANTI | sebas(en.fan(@sebas(enfan(.ch

Page 7


Source: ars technica: hIp://arstechnica.com/gadgets/2014/02/everything-you-wanted-to-know-about-the-security-focused-
blackphone/
The example of the Blackphone
Feature Android Default PrivateOS Enhancement
Search
Trackable Anonymous
Bundled Apps
Many, with privacy disabled by
default
Few, and all privacy-enabled
Wi-Fi usage
Always on for geolocalisa(on and
user tracking
Smart disabling of all Wi-Fi except
trusted hotspots
App permissions
All-or-nothing Fine-grained control in a single
interface
Communica(ons tools
Traceable dialer, SMS, MMS,
browser. Vulnerable to spoofed
cell networks and wi-
Private calls, tex(ng, video chat,
le exchange up to 100 MB,
browsing, and conference calls
Updates
Supplied infrequently aker carrier
blessing
Frequent secure updates from
Blackphone directly
Remote Wipe & An( Thek
Requires use of centralized cloud
account
Anonymous
Business Model
Personal data mining for tracking
and marke(ng
Delivering privacy as a premium,
valued feature
PRIVACY BY DESIGN AND BY DEFAULT
| Switzerland | Me Sbas(en FANTI | sebas(en.fan(@sebas(enfan(.ch

Page 8


I have read this ar(cle and Im
very surprised. I have bought this
phone because it was a secured
phone. If not, I think you should
give the money back! I would be
happy to have a feed-back
quickly.
August 12, 2014 / 08:00 PM



The example of the Blackphone:
Nothing is perfect!
PRIVACY BY DESIGN AND BY DEFAULT
| Switzerland | Me Sbas(en FANTI | sebas(en.fan(@sebas(enfan(.ch

Page 9
Thanks for contac(ng us and I
understand your concern. I think
the links in
hIps://support.blackphone.ch/
customer/portal/ques(ons/
8315538-blackphone-rooted-
in-5mn will address your
concerns.

Please let me know if you have
any more ques(ons.
August 13, 2014 / 01:44 AM





The example of the Blackphone:
Nothing is perfect!
PRIVACY BY DESIGN AND BY DEFAULT
| Switzerland | Me Sbas(en FANTI | sebas(en.fan(@sebas(enfan(.ch

Page 10
No legal rule refers explicitly to these principles at the
moment in the Federal Act on Data Protec(on of 19 June
1992.
Federal Data Protec(on and Informa(on Commissioner has
taken part to the 32
th
interna(onal Conference of Data
Protec(on and Privacy Commissioners in Jerusalem, where
one resolu(on was adopted about the need to include the
principle of Privacy by Design in the legisla(on.
The need to revise our Federal Act on Data Protec(on is
evaluated by a Commission of experts.
The Swiss Privacy by Design and by Default
approach
PRIVACY BY DESIGN AND BY DEFAULT
| Switzerland | Me Sbas(en FANTI | sebas(en.fan(@sebas(enfan(.ch

Page 11
Each Swiss Company who handles the data of
European ci(zens or receives such data from one
member of the UE should respect the legal rules of
the UE and of all the Member States.

Art. 23 of the future European regula(on:
Data protec(on by design and by default

The Swiss Privacy by Design and by Default
approach
PRIVACY BY DESIGN AND BY DEFAULT
| Switzerland | Me Sbas(en FANTI | sebas(en.fan(@sebas(enfan(.ch

Page 12

















hIps://www.apps.edoeb.admin.ch/dsfa/fr/index.html

Privacy and data protec(on impact assessment : a prac(cal
approach !
PRIVACY BY DESIGN AND BY DEFAULT
| Switzerland | Me Sbas(en FANTI | sebas(en.fan(@sebas(enfan(.ch

Page 13
Switzerland cant aord to stay out of signicant legisla(ve
changes which will undoubtedly impact a lot a companies
in our country
Ordinarily, we adopt new UE legal rules with a slight delay
Even if the rules arent changed immediately in our
country, most interna(onal companies will have to adapt
their legal approach and become early adopters
The global market with a erce compe((on is the best way
to uphold these principles
The Swiss Privacy by Design and by Default
approach
PRIVACY BY DESIGN AND BY DEFAULT
| Switzerland | Me Sbas(en FANTI | sebas(en.fan(@sebas(enfan(.ch

Page 14


















Future evolu(ons
Two postulates are now pending before our Parliament to
introduce in our Federal Act on Data Protec(on of 19 June
1992 the principles of Privacy by Design and Privacy by
Default (postulates Schwaab).

The Government agrees with both postulates.

Our law should normally change in some years!


PRIVACY BY DESIGN AND BY DEFAULT
| Switzerland | Me Sbas(en FANTI | sebas(en.fan(@sebas(enfan(.ch

Page 15
Swiss ci(zens really love Privacy !
Our companies and schools are
for some of them between the
best in the world in their scale of
c o mp e t e n c e s ( L o g i t e c h ,
Swisscom, EPFL, etc.).

The only solu(on is to apply
immediately both principles and
go further than what the law
currently requires.






Conclusions
| Argen(na | Belgium | Brazil I Canada | China I Colombia I France | Germany | Greece | Israel | Italy | Lebanon I Luxembourg | Mexico | Norway | Portugal
| South Africa | Spain | Switzerland | Tunisia | United Kingdom | USA
Thank you for your aIen(on
Follow me on:
TwiIer : @sebas(enfan(
Facebook: hIps://www.facebook.com/sebas(en.fan(
Linkedin: hIp://ch.linkedin.com/in/sebas(enfan(/
| Global network of aIorneys specialized in emerging technology law
Germany
Bernd Reinmller
Neue Mainzer Strasse 28
60311 Frankfurt Am Main
T. 0049 69 971 09 71 00
F. 0049 69 971 09 72 00

-

Tim Christopher Caesar
An der Hauptwache 7
D-60313 Frankfurt am Main
T. 0049 69 900 26 6
F. 0049 69 900 26 999
Tim.Caesar@schulte-lawyers.com
www.schulte-lawyers.com
Belgium
Jean-Franois HenroIe &
Alexandre Cruquenaire
jvenroIe@philippelaw.eu
www.philippelaw.eu

Lige
Boulevard dAvroy, 280
4020 Lige
T. 0032 4 229 20 10
F. 0032 78 15 56 56

Brussels
Chausse de la Hulpe, 181
1170 Bruxelles
T. 0032 2 250 39 80
F. 0032 78 15 56 56
Canada
Jean-Franois De Rico
jean-francois.derico@lkd.ca
www.langloiskronstromdesjardins.com

Montreal
1002, rue Sherbrooke Ouest, 28th Floor
H3A3L6 Montral
T. 0015 148 42 95 12
F. 0015 148 45 65 73

Quebec
Complexe Jules-Dallaire, T3
2820, Laurier Bld, 13th Floor
G1V 0C1 Qubec City
T. 0014 186 50 70 00
F. 0014 186 50 70 75
Spain
Marc Gallardo
Ronda General Mitre, 164
08006 Barcelone
T. 0034 93 476 40 48
marc.gallardo@lexing.es
www.lexing.es
USA
Franoise Gilbert
555 Bryant Street #603
Palo Alto, CA 94301
T. 0016 508 04 12 35
F. 0016 507 35 18 01
fgilbert@itlawgroup.com
www.itlawgroup.com
France
Alain Bensoussan, Isabelle Tellier
& Frdric Forster
www.alain-bensoussan.com

Paris
58, boulevard Gouvion-Saint-Cyr
F75017 Paris (Porte Maillot)
T. 0033 141 33 35 35
F. 0033 141 33 35 36
paris@alain-bensoussan.com

Grenoble
7, place Firmin Gau(er
F38000 Grenoble
T. 0033 476 70 09 95
F. 0033 476 70 09 96
grenoble@alain-bensoussan.com
Israel
Russell D. Mayer
Jrusalem Technology Park,
Building 9, 4th Floor
P.O. Box 48193 Malcha
91481 Jrusalem
T. 0097 226 79 95 33
F. 0097 226 79 95 22
mayer@lmf.co.il
www.livmaylaw.co.il
Italy
Raaele Zallone
31 Via DellAnnunciata
20121 Milano
T. 0039 229 01 35 83
F. 0039 229 01 03 04
r.zallone@studiozallone.it
www.studiovallone.it
Luxembourg
Marc Gouden, Franois Cautaerts &
Jean-Franois HenroIe
41 avenue de la Libert
1931 Luxembourg
T. 00352 266 886
F. 00352 266 887 00
luxembourg@philippelaw.eu
www.philippelaw.eu
Norway
Arve Fyen
Postboks 7086 St. Olavs pl.
0130 Oslo
T. 0047 21 93 10 00
F. 0047 21 93 10 01
arve.foyen@foyen.no
www.foyen.no
Mexico
Enrique Ochoa
Torre Axis Santa Fe
Prolongacin Paseo de la
Reforma # 61, PB-B1
Col. Paseo de las Lomas
01330 Mexico, D.F.
T. 0052 55 25 91 10 70
F. 0052 55 25 91 10 40
eochoa@lclaw.com.mx
www.lclaw.com.mx
Portugal
Joo P. Alves Pereira
Avenida da Liberdade, 38, 3
1250-145 Lisboa
T. 00351 213 700 190
F. 00351 213 829 003
jpereira@alvespereira.com
www.alvespereira.com
United Kingdom
Danny Preiskel
5 Fleet Place
London EC4M 7RD
T. 0044 20 7332 5640
F. 0044 20 7332 5641
dpreiskel@preiskel.com
www.preiskel.com
Switzerland
Sbas(en Fan(
8B rue de Pr-Fleuri, CP 497
1951 Sion
T. 0041 27 322 15 15
F. 0041 27 322 15 70
sebas(en.fan(@sebas(enfan(.ch
www.sebas(enfan(.ch
South Africa
Lance Michalson and John Giles
lance@michalsons.co.za
www.michalsons.co.za

Johannesburg
Ground Floor
Twickenham Building
The Campus, 57 Sloane & Cnr Main Road
2021 Bryanston
T. 0027 11 568 0331
F. 0027 86 529 4276

Cape Town
Boyes Drive
St James
7945 Cape Tow
T. 0027 21 300 1070
F. 0027 86 529 4276
Tunisia
Yassine Younsi
4, Rue Pe(te Malte
1001 Tunis
T. 00 216 71 346 564
cabinetyounsi_younsi@yahoo.fr
hIp://
younsiandyounsilawrm.e-
monsite.com
ArgenTna
Antonio & Rosario Mill
Suipacha 1111 - piso 11
C1008AAW Buenos Aires
T. 0054 11 5297 7000
F. 0054 11 5297-7009
estudio@mille.com.ar
www.mille.com.ar
Brazil
Silvia Regina Barbuy Melchior
Rua do Rcio, 351 cj 102
Vila Olmpia 04552-000
So Paulo SP
T./F. 0055 11 3845-1511
melchior@mmalaw.com.br
www.mmalaw.com.br
China
Jade & Fountain
Jun Yang
jun.yang@jadefountain.com
www.jadefountain.com

Shanghai
31/F Tower B
Far East Interna(onal Plaza
317 Xian Xia Road,
Zip code: 200051l
T. 0086 21 62351488
F. 0086 21 62351477

Beijing
Unit 803, Floor 8, Tower E1
Oriental Plaza,
No.1 E.Chang An Avenue,
Zip code: 100738
T. 0086 10 85183285
F. 0086 10 85183217
Colombia
Ivan Dario Marrugo Jimenez
Cra. 52 No. 45-15 P. 1 - La
Esmeralda
Bogot
T. 0057 571 4760798 - 3158738
F. 0057 571 3244200
imarrugo@marrugorivera.com
www.marrugorivera.com
Lebanon
Kouatly & Associs Avocats
Rayan Kouatly
63, rue Amine Mneimn, BP 11 2242
Beyrouth
T. +961 175 17 77
F. +961 175 17 77
info@kouatlylaw.com
www.kouatlylaw.com
Greece
George A. Ballas
10 Solonos Street, Kolonaki
106 73 Athens
T. 0030 210 36 25 943
F. 0030 210 36 47 925
central@balpel.gr
www. ballas-pelecanos.com