July 2, 2021 • 17 mins
In this episode, we again invite students from the University of Klagenfurt to host their own show to examine some of the data privacy issues in post COVID world. Sabrina Strauß and Thomas Marquet speak with cryptographer and cryptanalyst Bart Preneel of KU Leuven in Belgium. He was involved in the early stages of the Green Passport.
See omnystudio.com/listener for privacy information.
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Intro (00:01):
This is a Technikon podcast.
Technikon (00:10):
Hello and welcome. The Digital Green Certificate is an initiative
which was undertaken during the COVID pandemic as a way
to facilitate free movement in the EU. Basically, the certificate
is a uniform way for all member states to recognize
that a citizen or qualified person has been vaccinated, tested
(00:31):
or recovered from COVID. These certificates can be issued and
used in all EU member states to facilitate individual mobility.
A project of this scale and with such severe time
constraints must be subject to certain risks. At the top
of the list are data privacy for citizens, the slippery
slope towards mass surveillance and the nuances that come with
(00:54):
private technologies performing government functions. In this podcast episode, we
partner with the Alpen Adria University of Klagenfurt here in
Austria to look at the green passport from the viewpoint
of two students from the Artificial Intelligence and Cyber Security Program.
Our student hosts Sabrina Strauß and Thomas Marquet speak with Bart Preneel,
(01:17):
professor at the Catholic University of Leuven in Belgium, who
was involved early on with the green passport. Let's have
a listen.
Thomas Marquet (01:31):
Hello, everyone. My name is Thomas.
Sabrina Strauß (01:33):
And my name is Sabrina.
Thomas Marquet (01:35):
We are on two students from the Alpen Adria University
in Klagenfurt, Austria. Sabrina is doing a master's degree in A.I.
and cybersecurity. And I'm a PhD student in cybersecurity. And our
subject for today is the vaccination passport.
Sabrina Strauß (01:55):
As we all know, the Covid pandemic has put down
both the global economy and our minds on a scale
never seen in modern times. For more than a year now,
we have suffered from heavy restrictions, sometimes contradicting themselves. Trapped
in our homes, social lives suddenly became digital or potentially deadly.
(02:17):
But even seeing the friendliest face on a screen is
not the same. We miss the little things that make
life brighter. Nearly all of us have an itchy feet
and wait to see the world again. In order to
reopen our economy and to get some of our best
social lives back, the idea of a green passport has emerged.
(02:40):
This green passport might be one of the key to
safely reclaiming our world again, giving freedom back to those
who are considered safe. Yet, many problems arrive with this strategy.
After all, what happens to those who are not considered safe?
Is our data safe? Today we're discussing the vaccination passport
(03:03):
to get some more insights on how it should work
and what happens regarding our privacy rights.
Thomas Marquet (03:10):
The vaccination passport is already implemented in some countries or
is going to be implemented shortly. Yet we are still
a bit left in the blue. So what is the
idea of the European Union really? Well, it's a certificate
that has the main goal of informing about your COVID situation in
order to lift some restriction. It will possess three main pieces
(03:35):
of information. If you have been vaccinated, if you have
been infected and recovered from the virus, or if you
have been tested recently. This will define your degree of
safety and also all those people that do not wish
to be vaccinated, to still possess a COVID passport. In order
to protect the information contained in the certificate during your control,
(04:00):
the information shown will be only if your certificate is
valid on it. As of the data of the passport
will remain private and never leave the state issuing the certificate.
The passport will also contain your name and date of
birth in order to identify you and the QR code
(04:21):
to prove the authenticity of your certificate. The passport will
be available in digital and paper version in order to be
easily accessible for the most people. To clarify some of
these questions and have a better idea of the implementation
of the vaccination passport, we have a guest today, he is
(04:42):
a Belgian cryptologist and a professor at the Catholic University
of Leuven. He is the president of the International Association for
Cryptologic Research. And since 2013, he's part of the European
Academy of Science. Hello Bart Preneel , thank you for being here today.
Bart Preneel (05:01):
Hello.
Sabrina Strauß (05:02):
Hello, Bart. Nice to have you here today.
Bart Preneel (05:05):
A pleasure to be here too.
Sabrina Strauß (05:06):
Can you tell us from your point of view what
were the guiding principles when designing the digital vaccination passport?
Bart Preneel (05:14):
Well, when we introduced something like this European-wide certificate, I think
it's very important that we first have a broad conversation
with all stakeholders about what the goals should be and
what the constraints should be. That actually is a societal consensus about this.
And I think in this case here, I was not
very happy with the way it went because it was
(05:36):
all done under very high pressure. I was involved in
some of the initial discussions in December. I didn't continue
until the very end because it was clear that there
was not really technical challenges, was mostly administrative issues were beeing discussed. And also
it was very difficult to change the scope or to
look at the bigger picture. So I think in general,
(05:57):
it's very important to get all the stakeholders around the
table and have everybody give their point of view. That means,
of course, governments, but also health care providers, consumers, privacy experts, lawyers,
also people of course, who have to use this technology.
But in this case, it was a very strong drive,
in particular, I believe, from countries with high importance for tourism,
(06:20):
that they insisted that after the chaos of 2020, they
wanted tourism to restart as quickly as possible and so
the goal was as fast as possible, design a system
that could be used very quickly to screen people at
the borders that would be easier to allow tourism and
get the industry back on their feet. Of course, it's
(06:40):
on the one hand, the good thing that they want
to standardize things. I heard a story from last week
that somebody with the Belgium test certificate showed up in
Athens and was sent back because it was in French and
they couldn't understand it. I mean, there is a good
intention to avoid these kind of problems, to have efficiency.
But on the other hand, I think there is more
(07:01):
than that. To start with, you also need to think about
the broader role. And before we have consensus about this,
we shouldnt start the design. And here was a very
high time pressure. There was no time to consult all
the stakeholders and the goal was very quickly to come
to an agreement to achieve this one main goal, which
was travel. I guess the other goal that is being
considered is if you... citizen from country A, you move
(07:23):
to Country B, that you can actually continue the vaccination
program in country B in an organized way. I think that's
easier to achieve. But that was the second. And of course,
hidden between the lines was also the fact that they
want to have an addition. They want to actually to
avoid fraud, because it's clear that in particular with documents,
paper documents and there is some level of fraud. But
(07:45):
this was actually never explicitly stated as one of the
design criteria and this was implicitly into the evident that
paper would not be good enough, although we've actually been
going through history for decades with vaccination booklets that are
based on paper, probably not very secure, but they were
good enough. It's kind of strange that suddenly they're not
good enough anymore today, that we actually need a digital solution.
(08:07):
So I think in general we should look very carefully
at all the stakeholders and all the goals and try
to make a careful assessment. And I think in this case,
the goal was very clearly to achieve one goal, namely
fast travel and seamless travel to other nations and everything
else had to go for this. So the broader implications,
(08:28):
in my view, not carefully considered.
Thomas Marquet (08:30):
Maybe this rush to achieve results at the end, I estimate some problems.
Do you have some concerns about potential misuse of the certificate?
Bart Preneel (08:41):
Of course there is concerns because it is now being
built, it has to be built quickly. So it will depend
in part on private sector. It will be running on
apps which are in the mobile ecosystem that's not controlled
by the governments. Of course, Apple and Google are subject
to regulation, but still there is some limited control. Also,
because of the high pressure, private players have been involved
(09:02):
in developing the apps. So I think that's already one risk,
that private sector is involved in something which is a
public functionality. A second concern is that it's not clear
where it will be used. I don't know what the
discussions were in other countries, but of course, in Belgium,
people organizing large concerts, large events, a lot of sports events,
(09:23):
they're very keen to also use this application. And it's
not clear at all that this is actually acceptable because
definitely this has a risk of bringing discrimination for those
people who are vaccinated and those who are not and
of course, the answer is, well, we have the option
to also get a test, but then the question is,
do I get access to the tests? And there is
(09:43):
already concern in Belgium because the holiday period tends to
start 1st of July or 5th of July, because the test is
only valid for 72 hours. It will be an enormous
bottleneck of hundred thousands of people who all want to be
tested exactly one day before they leave on holidays so that
their test is still valid when they arrive in their
destination country. But that's a concern for the bottleneck of
(10:06):
the testing system, but also the fact that this system
may be used in other venues also nationally was not
but wanted to be rolled out. It's kind of
difficult to prevent people from using it and maybe for
some events or some restaurant or whatever, they will require
it anyway. To say, given that you have one certificate
(10:28):
because you go on vacation, why don't you actually show
us that you are vaccinated, then we can safely let into, for example,
visit our company or visit our restaurant or whatever. So
there is this kind of policing service that could be
rolled out or abused by policing abuses that could be
done inadvertently or even without the government knowing, of course,
(10:49):
also at the border. This is another document to ask. And,
of course, it can be used to stop certain people
from traveling. It could also be used in principle against
migrants who, of course, will not satisfy the rules because
they are not documented. They may not have the right documentation.
If you only require a paper document that you have
a PCR test, that's OK. If you need an official certificate,
(11:10):
suddenly it turns out that you have to register with
the government in some central system. And so I think
that's another potential abuse that it may make border policing
more strict. And then, of course, it's unclear to which
extent the certificate will be verified online if you check
it only offline. The risks, I would say, are limited.
(11:31):
But if you check it online, that means that the
central system knows exactly where the certificate is checked and
where this person is. So it actually can check who
consults certificates so it knows where you are traveling. So
this becomes information that's highly valuable to police agencies, intelligence
agencies to track people. And again, this is a general
principle of mass surveillance. You can have a debate or
(11:55):
whether or not, for example, somebody, a wanted criminal should
be flagged when he or she tries to cross the
border or try to get a certificate. But what people
will do in this case or what the risk is
in any case is that they will keep a register
of everybody and all the time a database of who
was checked where and then keep searching this data afterwards
(12:16):
in case there was an incident. And this is exactly
what the European Court of Justice has said we should not do,
which is collect all information about everybody just in case
somebody starts misbehaving.
Sabrina Strauß (12:26):
You mentioned a lot of examples of misuses, that's why
it is so important to consider that the new invention
is responsible engineered. This means that societal actors work together
during the whole research and innovation process in order to
better align both the process and its outcomes with the values,
(12:48):
needs and expectations of a European society. Responsibility includes, among others,
that the data is handled correctly to cover the legal
aspect of a responsible invention, it is helpful to follow
the rules settled in a GDPR. The GDPR general data
protection regulation ensures that the data is protected in the
(13:12):
European Union and also enables free data traffic. The most
important article of the GDPR are article five, six and nine.
They include rules how to process personal data. Personal data
should be processed lawfully, fairly and in a transparent manner. Moreover,
the data should be limited in purpose to which time and amount.
(13:37):
Because the vaccination status is health data, it is necessary
that the patient gives his consent actively and sign a contract.
It also means that the passport holder must be informed of
the use of his data and who can assess it.
Regarding the European Digital COVID certificate, is it sufficient if
(13:59):
it conforms to the general data protection regulation framework?
Bart Preneel (14:04):
GDPR is a general framework and that protects privacy of citizens, so,
of course, it's important that everything you roll out, including
a certificate, complies with GDPR. But of course, that's only
one step. And GDPR gives you many legal basis to
process information. People mostly mentioned consents or the kind of
(14:26):
the assumption is that the citizen would have to give
informed consent to process the data and to make them
available for this specific purpose. You can ask many questions
about this, but I believe that in this setting, the
government will not use... or most governments will not use
this basis. There is other legal basis in GDPR would
say that if it's necessary for public health and I
(14:50):
think pandemics are mentioned or epidemics are mentioned in GDPR
as an exception, then governments can decide this legal basis
is that they have to process information to control the
epidemic or a pandemic. That could be enough as a
legal basis. So in that sense, I think it's not
so difficult to make sure that everything that's being done
(15:11):
complies with GDPR. Because GDPR is a legal framework, which has many options,
and so the health care exception, the pandemic exception, was
foreseen in the process data. I think the broader question is,
of course, is all data processing ethical and that GDPR prevent abuse?
And it's not clear at all that everything is covered
(15:32):
by GDPR, as an example of potential abuse of by
intelligence services. Well, it turns out that intelligence services are
outside the scope of GDPR and how they process data
is not covered by GDPR.
Sabrina Strauß (15:45):
Oh, yes. The ethical aspect is an interesting point to mention.
The GDPR covers the legal basis of an invention, but
not ethics, for example, GDPR offers privacy by design. This
means that the digital green passport should only leak minimal information,
by only showing a proof of the signature, not the
(16:06):
signature itself. In theory, this should be enough. But in practice,
with good legal arguments, it is possible to justify a
less privacy friendly system. Therefore, it is also important to
take ethical and social aspects into account to get a
truly responsible engineered result. Thank you, Bart, for your time
(16:29):
and for answering our questions.
Bart Preneel (16:32):
My pleasure.
Sabrina Strauß (16:33):
Thank you for listening to our podcast, and we hope
that we gave you some new insight in this very actual topic.
Stay healthy and have a nice day.
Technikon (16:45):
Thank you, Thomas and Sabrina, and special thanks to the
Alpen Adria University. See you next time.
Outro (16:55):
This podcast has been brought to you by Technikon.
This is a Technikon podcast.
Technikon (00:10):
Hello and welcome. The Digital Green Certificate is an initiative
which was undertaken during the COVID pandemic as a way
to facilitate free movement in the EU. Basically, the certificate
is a uniform way for all member states to recognize
that a citizen or qualified person has been vaccinated, tested
(00:31):
or recovered from COVID. These certificates can be issued and
used in all EU member states to facilitate individual mobility.
A project of this scale and with such severe time
constraints must be subject to certain risks. At the top
of the list are data privacy for citizens, the slippery
slope towards mass surveillance and the nuances that come with
(00:54):
private technologies performing government functions. In this podcast episode, we
partner with the Alpen Adria University of Klagenfurt here in
Austria to look at the green passport from the viewpoint
of two students from the Artificial Intelligence and Cyber Security Program.
Our student hosts Sabrina Strauß and Thomas Marquet speak with Bart Preneel,
(01:17):
professor at the Catholic University of Leuven in Belgium, who
was involved early on with the green passport. Let's have
a listen.
Thomas Marquet (01:31):
Hello, everyone. My name is Thomas.
Sabrina Strauß (01:33):
And my name is Sabrina.
Thomas Marquet (01:35):
We are on two students from the Alpen Adria University
in Klagenfurt, Austria. Sabrina is doing a master's degree in A.I.
and cybersecurity. And I'm a PhD student in cybersecurity. And our
subject for today is the vaccination passport.
Sabrina Strauß (01:55):
As we all know, the Covid pandemic has put down
both the global economy and our minds on a scale
never seen in modern times. For more than a year now,
we have suffered from heavy restrictions, sometimes contradicting themselves. Trapped
in our homes, social lives suddenly became digital or potentially deadly.
(02:17):
But even seeing the friendliest face on a screen is
not the same. We miss the little things that make
life brighter. Nearly all of us have an itchy feet
and wait to see the world again. In order to
reopen our economy and to get some of our best
social lives back, the idea of a green passport has emerged.
(02:40):
This green passport might be one of the key to
safely reclaiming our world again, giving freedom back to those
who are considered safe. Yet, many problems arrive with this strategy.
After all, what happens to those who are not considered safe?
Is our data safe? Today we're discussing the vaccination passport
(03:03):
to get some more insights on how it should work
and what happens regarding our privacy rights.
Thomas Marquet (03:10):
The vaccination passport is already implemented in some countries or
is going to be implemented shortly. Yet we are still
a bit left in the blue. So what is the
idea of the European Union really? Well, it's a certificate
that has the main goal of informing about your COVID situation in
order to lift some restriction. It will possess three main pieces
(03:35):
of information. If you have been vaccinated, if you have
been infected and recovered from the virus, or if you
have been tested recently. This will define your degree of
safety and also all those people that do not wish
to be vaccinated, to still possess a COVID passport. In order
to protect the information contained in the certificate during your control,
(04:00):
the information shown will be only if your certificate is
valid on it. As of the data of the passport
will remain private and never leave the state issuing the certificate.
The passport will also contain your name and date of
birth in order to identify you and the QR code
(04:21):
to prove the authenticity of your certificate. The passport will
be available in digital and paper version in order to be
easily accessible for the most people. To clarify some of
these questions and have a better idea of the implementation
of the vaccination passport, we have a guest today, he is
(04:42):
a Belgian cryptologist and a professor at the Catholic University
of Leuven. He is the president of the International Association for
Cryptologic Research. And since 2013, he's part of the European
Academy of Science. Hello Bart Preneel , thank you for being here today.
Bart Preneel (05:01):
Hello.
Sabrina Strauß (05:02):
Hello, Bart. Nice to have you here today.
Bart Preneel (05:05):
A pleasure to be here too.
Sabrina Strauß (05:06):
Can you tell us from your point of view what
were the guiding principles when designing the digital vaccination passport?
Bart Preneel (05:14):
Well, when we introduced something like this European-wide certificate, I think
it's very important that we first have a broad conversation
with all stakeholders about what the goals should be and
what the constraints should be. That actually is a societal consensus about this.
And I think in this case here, I was not
very happy with the way it went because it was
(05:36):
all done under very high pressure. I was involved in
some of the initial discussions in December. I didn't continue
until the very end because it was clear that there
was not really technical challenges, was mostly administrative issues were beeing discussed. And also
it was very difficult to change the scope or to
look at the bigger picture. So I think in general,
(05:57):
it's very important to get all the stakeholders around the
table and have everybody give their point of view. That means,
of course, governments, but also health care providers, consumers, privacy experts, lawyers,
also people of course, who have to use this technology.
But in this case, it was a very strong drive,
in particular, I believe, from countries with high importance for tourism,
(06:20):
that they insisted that after the chaos of 2020, they
wanted tourism to restart as quickly as possible and so
the goal was as fast as possible, design a system
that could be used very quickly to screen people at
the borders that would be easier to allow tourism and
get the industry back on their feet. Of course, it's
(06:40):
on the one hand, the good thing that they want
to standardize things. I heard a story from last week
that somebody with the Belgium test certificate showed up in
Athens and was sent back because it was in French and
they couldn't understand it. I mean, there is a good
intention to avoid these kind of problems, to have efficiency.
But on the other hand, I think there is more
(07:01):
than that. To start with, you also need to think about
the broader role. And before we have consensus about this,
we shouldnt start the design. And here was a very
high time pressure. There was no time to consult all
the stakeholders and the goal was very quickly to come
to an agreement to achieve this one main goal, which
was travel. I guess the other goal that is being
considered is if you... citizen from country A, you move
(07:23):
to Country B, that you can actually continue the vaccination
program in country B in an organized way. I think that's
easier to achieve. But that was the second. And of course,
hidden between the lines was also the fact that they
want to have an addition. They want to actually to
avoid fraud, because it's clear that in particular with documents,
paper documents and there is some level of fraud. But
(07:45):
this was actually never explicitly stated as one of the
design criteria and this was implicitly into the evident that
paper would not be good enough, although we've actually been
going through history for decades with vaccination booklets that are
based on paper, probably not very secure, but they were
good enough. It's kind of strange that suddenly they're not
good enough anymore today, that we actually need a digital solution.
(08:07):
So I think in general we should look very carefully
at all the stakeholders and all the goals and try
to make a careful assessment. And I think in this case,
the goal was very clearly to achieve one goal, namely
fast travel and seamless travel to other nations and everything
else had to go for this. So the broader implications,
(08:28):
in my view, not carefully considered.
Thomas Marquet (08:30):
Maybe this rush to achieve results at the end, I estimate some problems.
Do you have some concerns about potential misuse of the certificate?
Bart Preneel (08:41):
Of course there is concerns because it is now being
built, it has to be built quickly. So it will depend
in part on private sector. It will be running on
apps which are in the mobile ecosystem that's not controlled
by the governments. Of course, Apple and Google are subject
to regulation, but still there is some limited control. Also,
because of the high pressure, private players have been involved
(09:02):
in developing the apps. So I think that's already one risk,
that private sector is involved in something which is a
public functionality. A second concern is that it's not clear
where it will be used. I don't know what the
discussions were in other countries, but of course, in Belgium,
people organizing large concerts, large events, a lot of sports events,
(09:23):
they're very keen to also use this application. And it's
not clear at all that this is actually acceptable because
definitely this has a risk of bringing discrimination for those
people who are vaccinated and those who are not and
of course, the answer is, well, we have the option
to also get a test, but then the question is,
do I get access to the tests? And there is
(09:43):
already concern in Belgium because the holiday period tends to
start 1st of July or 5th of July, because the test is
only valid for 72 hours. It will be an enormous
bottleneck of hundred thousands of people who all want to be
tested exactly one day before they leave on holidays so that
their test is still valid when they arrive in their
destination country. But that's a concern for the bottleneck of
(10:06):
the testing system, but also the fact that this system
may be used in other venues also nationally was not
difficult to prevent people from using it and maybe for
some events or some restaurant or whatever, they will require
it anyway. To say, given that you have one certificate
(10:28):
because you go on vacation, why don't you actually show
us that you are vaccinated, then we can safely let into, for example,
visit our company or visit our restaurant or whatever. So
there is this kind of policing service that could be
rolled out or abused by policing abuses that could be
done inadvertently or even without the government knowing, of course,
(10:49):
also at the border. This is another document to ask. And,
of course, it can be used to stop certain people
from traveling. It could also be used in principle against
migrants who, of course, will not satisfy the rules because
they are not documented. They may not have the right documentation.
If you only require a paper document that you have
a PCR test, that's OK. If you need an official certificate,
(11:10):
suddenly it turns out that you have to register with
the government in some central system. And so I think
that's another potential abuse that it may make border policing
more strict. And then, of course, it's unclear to which
extent the certificate will be verified online if you check
it only offline. The risks, I would say, are limited.
(11:31):
But if you check it online, that means that the
central system knows exactly where the certificate is checked and
where this person is. So it actually can check who
consults certificates so it knows where you are traveling. So
this becomes information that's highly valuable to police agencies, intelligence
agencies to track people. And again, this is a general
principle of mass surveillance. You can have a debate or
(11:55):
whether or not, for example, somebody, a wanted criminal should
be flagged when he or she tries to cross the
border or try to get a certificate. But what people
will do in this case or what the risk is
in any case is that they will keep a register
of everybody and all the time a database of who
was checked where and then keep searching this data afterwards
(12:16):
in case there was an incident. And this is exactly
what the European Court of Justice has said we should not do,
which is collect all information about everybody just in case
somebody starts misbehaving.
Sabrina Strauß (12:26):
You mentioned a lot of examples of misuses, that's why
it is so important to consider that the new invention
is responsible engineered. This means that societal actors work together
during the whole research and innovation process in order to
better align both the process and its outcomes with the values,
(12:48):
needs and expectations of a European society. Responsibility includes, among others,
that the data is handled correctly to cover the legal
aspect of a responsible invention, it is helpful to follow
the rules settled in a GDPR. The GDPR general data
protection regulation ensures that the data is protected in the
(13:12):
European Union and also enables free data traffic. The most
important article of the GDPR are article five, six and nine.
They include rules how to process personal data. Personal data
should be processed lawfully, fairly and in a transparent manner. Moreover,
the data should be limited in purpose to which time and amount.
(13:37):
Because the vaccination status is health data, it is necessary
that the patient gives his consent actively and sign a contract.
It also means that the passport holder must be informed of
the use of his data and who can assess it.
Regarding the European Digital COVID certificate, is it sufficient if
(13:59):
it conforms to the general data protection regulation framework?
Bart Preneel (14:04):
GDPR is a general framework and that protects privacy of citizens, so,
of course, it's important that everything you roll out, including
a certificate, complies with GDPR. But of course, that's only
one step. And GDPR gives you many legal basis to
process information. People mostly mentioned consents or the kind of
(14:26):
the assumption is that the citizen would have to give
informed consent to process the data and to make them
available for this specific purpose. You can ask many questions
about this, but I believe that in this setting, the
government will not use... or most governments will not use
this basis. There is other legal basis in GDPR would
say that if it's necessary for public health and I
(14:50):
think pandemics are mentioned or epidemics are mentioned in GDPR
as an exception, then governments can decide this legal basis
is that they have to process information to control the
epidemic or a pandemic. That could be enough as a
legal basis. So in that sense, I think it's not
so difficult to make sure that everything that's being done
(15:11):
complies with GDPR. Because GDPR is a legal framework, which has many options,
and so the health care exception, the pandemic exception, was
foreseen in the process data. I think the broader question is,
of course, is all data processing ethical and that GDPR prevent abuse?
And it's not clear at all that everything is covered
(15:32):
by GDPR, as an example of potential abuse of by
intelligence services. Well, it turns out that intelligence services are
outside the scope of GDPR and how they process data
is not covered by GDPR.
Sabrina Strauß (15:45):
Oh, yes. The ethical aspect is an interesting point to mention.
The GDPR covers the legal basis of an invention, but
not ethics, for example, GDPR offers privacy by design. This
means that the digital green passport should only leak minimal information,
by only showing a proof of the signature, not the
(16:06):
signature itself. In theory, this should be enough. But in practice,
with good legal arguments, it is possible to justify a
less privacy friendly system. Therefore, it is also important to
take ethical and social aspects into account to get a
truly responsible engineered result. Thank you, Bart, for your time
(16:29):
and for answering our questions.
Bart Preneel (16:32):
My pleasure.
Sabrina Strauß (16:33):
Thank you for listening to our podcast, and we hope
that we gave you some new insight in this very actual topic.
Stay healthy and have a nice day.
Technikon (16:45):
Thank you, Thomas and Sabrina, and special thanks to the
Alpen Adria University. See you next time.
Outro (16:55):
This podcast has been brought to you by Technikon.
Popular Podcasts
On Purpose with Jay Shetty
I’m Jay Shetty host of On Purpose the worlds #1 Mental Health podcast and I’m so grateful you found us. I started this podcast 5 years ago to invite you into conversations and workshops that are designed to help make you happier, healthier and more healed. I believe that when you (yes you) feel seen, heard and understood you’re able to deal with relationship struggles, work challenges and life’s ups and downs with more ease and grace. I interview experts, celebrities, thought leaders and athletes so that we can grow our mindset, build better habits and uncover a side of them we’ve never seen before. New episodes every Monday and Friday. Your support means the world to me and I don’t take it for granted — click the follow button and leave a review to help us spread the love with On Purpose. I can’t wait for you to listen to your first or 500th episode!
Crime Junkie
Does hearing about a true crime case always leave you scouring the internet for the truth behind the story? Dive into your next mystery with Crime Junkie. Every Monday, join your host Ashley Flowers as she unravels all the details of infamous and underreported true crime cases with her best friend Brit Prawat. From cold cases to missing persons and heroes in our community who seek justice, Crime Junkie is your destination for theories and stories you won’t hear anywhere else. Whether you're a seasoned true crime enthusiast or new to the genre, you'll find yourself on the edge of your seat awaiting a new episode every Monday. If you can never get enough true crime... Congratulations, you’ve found your people. Follow to join a community of Crime Junkies! Crime Junkie is presented by audiochuck Media Company.
Ridiculous History
History is beautiful, brutal and, often, ridiculous. Join Ben Bowlin and Noel Brown as they dive into some of the weirdest stories from across the span of human civilization in Ridiculous History, a podcast by iHeartRadio.