Presentation of the 2017 Data Protection by Design Award

Ms. Maria Àngels Barbarà and M.H.Ms. Carme Forcadell, Speaker of the Parliament of Catalunya

Ms. Maria Àngels Barbarà, Director of the Catalan Data Protection Authority and M.H.Ms. Carme Forcadell, Speaker of the Parliament of Catalunya

Premi 2017

2017 Data Protection by Design Award: University College London, for the project Privacy-Preserving Analytics via Scalable and Private Data Collection. Collecting the Award: Emiliano de Cristofaro, Senior Lecturer at University College London from M. H. Sra. Carme Forcadell, Speaker of the Parliament of Catalunya

Accèssit 2017

Honourable Mention to the company Neptune Communication Solutions SL, for their instant messaging App Nepcom. Collecting the award: Mr. Joan López de la Franca, Cofounder and Technology Director of Neptune Communication Solutions SL, from M. H. Ms. Carme Forcadell, Speaker of the Parliament of Catalunya.

The Catalan Data Protection Authority has been organising the Data Protection by Design Award for the last five years. It thus anticipated the obligations in terms of data protection by design and data protection by default that have been included in the General Data Protection Regulation, approved by the European Union and mandatory as from May 2018. The aim of the Award is to acknowledge technological solutions in the area of protecting data of a personal nature, enhance the implementation of security measures, facilitate compliance with legal obligations, strengthen people’s control over their own information and, in general, assist the progress of privacy management.  

In this Edition, the jury has decided that the 2017 Data Protection by Design Award should go to University College London, for the project entitled Privacy-Preserving Analytics via Scalable and Private Data Collection, and the honourable mention to the Catalan company Neptune Communication Solutions SL, for their instant messaging app Nepcom.

The award-winning project is a platform that enables personal data protection to be guaranteed in big-data projects. It is an open-source software addressed to application developers to optimise the processing of huge quantities of information in a way which is respectful with the right to protection of personal data. Obviously, the direct use of user data would not allow for respect of the right to privacy; consequently, it is necessary to employ a set of techniques to gather statistics from massive volumes of data and, at the same time, safeguard privacy, all within a reasonable computational cost.

Furthermore, the platform also includes differential privacy techniques to ensure the privacy of output data. These techniques seek to find a point of balance between privacy and accuracy of the data.

The jury also recognised with an honourable mention the Nepcom instant messaging application, presented by the Catalan company Neptune Communication Solutions SL. This is a messaging app for business use which incorporates a confidential mode and information encryption, which avoids server access to the message content.      

The awards were presented by Ms. Carme Forcadell, Speaker of the Parliament of Catalunya

During the symposium, the Catalan Data Protection Authority (APDCAT) presented the first version of the Guide to execution of data protection impact assessments in businesses, public administrations and institutions. The document is a practical tool to facilitate the process of adaptation by organisations to the new European data protection legislation.  

The event was presented by the APDCAT Director, Maria Àngels Barbarà, who stressed the challenge represented by entry into force of the Regulation, and the importance of promoting initiatives and documents to assist in the adaptation process, such as this guide to execution of a data protection impact assessment.

In the presentation, the director shared her vision of this topic with the Commissioner of the Norwegian Data Protection Authority, Bjørn Erik Thon. This European authority has shown great interest in the award of Data Protection by Design prizes, since it will soon adopt a similar model with the aim of improving the safeguarding of people’s fundamental rights and freedoms.  

The APDCAT director underlined the Authority’s intention to provide every support possible to organisations in their task of adapting to the new regulation. She also insisted in the need to create suitably practical tools that organisations will find truly useful in complying with their new responsibilities and which foster one of the Regulation’s innovations: Data Protection by Design.

Ramon Miralles, the APDCAT coordinator of Auditing and Security of Information, emphasised that “We must consider this to be a first version of the guide, which includes the latest directives of the Article 29 Working Party”. Miralles assured attendees that implantation of the new regulation together with the new resources that will be regularly published in relation to impact assessments will mean that the guide will be revised and updated whenever necessary.     

In this regard, the working method proposed in the guide is designed to be applicable to all types of data processing and processors. It therefore presents a flexible method of carrying out the assessments, so that it can be adapted to the specific circumstances of the processing operations that organisations encounter in their day-to-day business.