Nominees Dutch Privacy Awards 2021 announced!
On 28 January next (the European Privacy Day), during the National Privacy Conference From ECP and Privacy First the annual Dutch Privacy Awards presented. These Awards provide a podium for companies and governments that see privacy as an opportunity to distinguish themselves positively and make privacy-friendly business and innovation the norm.
This year again, a large number of entrants (including several government organisations) applied to participate in the Dutch Privacy Awards. After an initial selection and several interviews, the independent expert jury determined the following nominees, in no particular order:
NLdigital (formerly Netherlands ICT) is an industry association in the digital sector. It represents 600 members from start-up to multinational. Many of these members belong to SMEs and are processors. NLdigital has been looking for a way to support their members in implementing the AVG in a way that goes beyond just offering a 10-step plan.
By making available a model processor agreement tailored to the industry, the Data Pro Code and the Data Pro Statement, NLdigital has given concrete substance to the AVG for processors in the digital sector. The Data Pro Code is also transparent with public certification, is open to non-members and will be reviewable by an independent supervisory body yet to be established. The Data Pro Code has also been approved by the Personal Data Authority. With this, NLdigital as an industry organisation has found an innovative working method for supporting members in implementing the AVG.
Simple Analytics has a simple analysis tool developed to measure visits to websites. With this paid service, they respect users' "do-not-track" settings by not storing anything from them. No cookies and advertisements are placed while visiting a website.
With its service for companies and organisations, Simple Analytics breaks the trend of global providers offering an analysis tool for free where, among other things, track data is resold in the form of advertisements. Within two years, more than 500 organisations are already using this service that consciously choose not to collect personal data from visitors, but only use aggregated data to make analyses.
Analysing visit data in this way maximises the privacy of citizens using the internet as a source of information. This revenue model has proven to be viable.
FCInet & Ministry of Justice and Security
FCInet Secretariat is part of an international cooperation aimed at fighting economic crimes such as tax fraud, corruption and money laundering. As a starting point Connect, don't collect. To this end Ma³tch developed.
Using a mathematical formalism (hashing), organisation A encrypts (bundles of) personal data in such a way that a receiving party B has the possibility to check whether a person known to organisation B is also known to organisation A. The check takes place in a secure decentralised environment, so organisation A does not know whether there is a hit or not. Only if it appears that there is a match does the next step take place where organisation B actually requests information about the person concerned from organisation A.
Together with the Ministry of Justice and Security, FCInet succeeded in making a Privacy by Design application concretely applicable in an international cooperation. Only necessary data is exchanged. Making the technique applicable in an existing data exchange process required a lot of persuasion within traditionally structured (international) government organisations. The perseverance and the potential of the technique used justify a nomination for this initiative.
Schluss offers a data safe to manage personal data. The data safe that Schluss is developing gives individuals far-reaching possibilities to manage their data and make it available on their own terms.
Besides the technical provision of a secure data safe, Schluss also wants to support stakeholders in how to handle their data. To this end, Schluss is studying the advantages of a cooperative in managing data, and what ground rules on making data available should be used.
In this way, Schluss is betting not only on technical innovation but also on an organisationally innovative way to better protect individuals' privacy.
Nkey is an inspiring Privacy by Design solution, serving as a plug-in for website and app builders can easily set up a part of privacy sufficiently secure.
The builder of your website, for example an online shop, takes out a subscription and 'plugs your site into it', you pay per month and your customers can see and track the availability of their data themselves.
Nkey shows that there are good ways to keep maximum control over your personal data and have it used only with your consent.
Ministry of Health, Welfare and Sport
The CoronaMelder app has already been downloaded by more than 4.3 million people in the Netherlands. The app alerts you the moment you have been near someone with corona. The app uses Bluetooth Low Energy technology. Through this signal, it can measure whether you have been near someone who later tested positive. By collaborating with corona apps from other EU countries, you will also be notified if you have been in contact with a person using a corona app from another EU country.
Users of the app will receive a notification after they:
1. have been close to someone for at least 15 minutes who is later found to have corona;
2. this person also uses the app; and
3. this person indicates via CoronaMelder together with the GGD that they have the coronavirus.
The app complements the source and contact investigation carried out by the GGD. The app itself only stores static data, so-called mathematical codes that are deleted every 14 days and cannot be traced back to a person. Should it turn out that the app user has corona, they can choose to store the mathematically generated code on a server so that other users who may have been nearby can be informed. The notification only contains information about having been near an infected person and not who it was or where it was.
STER handles all advertising for public service broadcasters. For its online ads, STER has radically broken with the usual approach of using ´cookies´ to tailor ads as much as possible to the characteristics collected about a person.
Instead, STER switched to a system that uses only information about the product being viewed. This contextual approach to ad serving proves in practice to be just as effective as the usual way of ad selection and also offers a number of additional benefits, including for advertisers.
STER took this step because it was clear that the use of personal characteristics to serve ads was irritating to many people. The General Data Protection Regulation gave the final push to switch.
The new approach removes parties from the chain that mainly served to collect and process person characteristics for advertisers. More money is left for advertisers. STER manages the entire advertising campaign in-house. An approach developed by STER automatically adds keywords to digital content. STER reports to advertisers what the effectiveness of their campaigns has been. With this approach, STER has developed a technical and organisational model that better meets the privacy needs of data subjects, is at least as effective as the old system and is less costly. The model is transferable to other domains outside public broadcasting.'
4LifeSupport from 4MedBox puts the relationship between source and data subject in a different light. The individual, the person, is considered the source and determinant, who determines which parties or professionals access the data. Through the self-determination principle incorporated in the platform, it allows individuals to then share or sell that data as they see fit, for example, to parties they select. It may require some from people in terms of dexterity, understanding and insight, but can then also offer a lot in terms of self-direction. Which certainly has to do with privacy, but then also works more broadly.
4LifeSupport is still at the beginning of a longer process and still requires elaboration in a number of areas, but the jury assesses its approach and progress as sufficient to nominate it.
Roseman Labs was founded by three academics with the aim of developing modern privacy technologies such as secure multiparty computing (MPC) wide and easily applicable.
Multiparty computation allows multiple parties to perform computations on their common dataset, without having to share this data among themselves; only the result of the computation becomes known.
MPC is particularly relevant to sectors where both data privacy and multi-stakeholder collaboration are crucial, such as finance, health, geo-information services, energy companies, e-commerce and cyber-resilience.
Roseman Labs has developed Cranmera, an MPC software engine that allows domain-specific applications based on MPC to be built in a short time. Examples of such applications include a survey system where respondents' answers are encrypted based on MPC, and a pseudonymisation solution with strong privacy guarantees for interbank transaction monitoring.
Jury Dutch Privacy Awards
The jury consists of independent privacy experts from various sectors:
- Wilmar Hendriks, founder Control Privacy and member Advisory Board Privacy First (jury chairman)
- Ancilla van de Leest, chairman Privacy First
- Paul Korremans, data protection & security professional, Comfort Information Architects, also board member Privacy First
- Marc van Lieshout, managing director iHub, Radboud University Nijmegen
- Alex Commandeur, senior advisor BMC Advies
- Melanie Rieback, CEO and co-founder Radically Open Security
- Nico Mookhoek, privacy lawyer and founder DePrivacyGuru
- Rion Rijker, privacy and information security expert and IT lawyer, partner Fresa Consulting.
During the National Privacy Conference on 28 January next, all nominated projects will be presented to the public by the entrants. The Dutch Privacy Awards will then be presented in four categories: 1) Consumer Solutions, 2) Business Solutions, 3) Government Services and 4) Incentive Award.
Privacy First organises the Dutch Privacy Awards with support from Democracy & Media Foundation and The Privacy Factory, in cooperation with ECP. Would you also like to become a (media) partner or sponsor of the Dutch Privacy Awards? Then please contact on with Privacy First!