Author: Editor

Secure Software Development and OWASP

By Peter van Schelven   For years now, IT practice has shown us that so many contracts on the development of software have been troublesome on one main subject: the specifications of what has to be developed, delivered and implemented. These specifications often turn out to be vague, incomplete, inconsistent or incomprehensible. As a result, the features and capabilities of software can be disappointing and parties can easily argue about what has actually been agreed to. We see this problem even more regularly with regard to the security of software. A lot of software development contracts are rather silent on security-related specifications and security-specific terms and conditions.   When developing and implementing websites and web applications, software developers sometimes ignore the Open Web Application Security Project (OWASP). That is remarkable. After all, OWASP is a security platform on which software professionals, companies and other organizations share useful information and techniques about the security of web-applications....

Continue Reading

Six Questions on Data and Privacy to… VNO-NCW / MKB-Nederland

By Irvette Tempelman - VNO-NCW / MKB-Nederland   We spoke with Irvette Tempelman – Secretary of Policy who deals with privacy, consumer policy and the regulation of artificial intelligence.   Question 1) The VNO-NCW / MKB-Nederland is an association of entrepreneurs, with branch organisations and companies as members. You represent companies of all sectors and sizes and cooperate with several governments. What are currently the main policy topics regarding the protection of personal data? One of the main topics is the fact that the GDPR is still the number 1 regulatory burden for companies, especially for SMEs. The GDPR is a complex piece of legislation. Companies in general are more than willing to implement the GDPR but remain to have many unsolved questions as how to do it. Another important topic is the necessity of a more balanced interpretation of the GDPR. The Dutch DPA is known to interpret the GDPR more restrictively compared to other...

Continue Reading

Trainhacking

By Roel van Rijsewijk   Inspiring conversations with Daniël Wunderink - (CISO) GVB in Amsterdam   This time my guest at my kitchen table has a name I love but I seem to pronounce it wrong: in German, like ‘wunderkind’. “A common mistake”, Daniël Wunderink says with a smile, with the ‘u’ of ugly, Chief Information Security Officer (CISO) of GVB in Amsterdam. It breaks the ice. And while my wife pops her head around the corner to say bye, we start this cyber conversation to the cadence of the dishwasher running in the background. A sound that actually reminds me of a moving train on the track. This already provides us our first analogy.   Born to hack But before I talk to Daniël about his work as Security Officer for one of the Netherlands’ largest public transport companies, I want to talk about Daniël as a person. I have heard that he is rooted in the...

Continue Reading

The vaccine inoculation passport, ticket to..?

By Rob van den Hoven van Genderen   On the initiative of Greece European, countries are discussing the enactment of a ‘vaccination passport for Covid-19’, in the first place to allow vaccinated person to visit the starving European tourist destinations. Will this be the start of a societal partition within Europe and the Netherlands between ‘free traveling’ vaccinated people and locked down ‘non vaccsers’?   The new chapter in the fight against Covid-19 has started, the vaccination, hopefully the beginning of the end, although there are not enough vaccines delivered by the producers because we wanted to have a bargain and are one of the last to be delivered to. The over-organized Netherlands is the last in Europe to begin with vaccination anyway. The Netherlands is so well organized that decision-making is stranded by the segmented organization. Who determines the policy: the Minister, the security region, the laboratories, the State Health institution (RIVM,) OMT or...

Continue Reading

The Dutch DPA on data brokering

Interview with Cecile Schut – Dutch DPA   “To hold grip on your personal data and knowing what others know about you is crucial” - Aleid Wolfsen   The Dutch DPA is the independent supervisor in the Netherlands that guards our constitutionally enshrined protection of personal data. One of the organisation’s main tasks is to monitor companies and governments to determine whether they are complying with the applicable privacy legislation, by means of investigations. In addition to conducting supervision, the Dutch DPA advises on new laws and regulations and provides information. We spoke with Cecile Schut, Director of System Supervision, Security and Technology about the meaning of data brokering, the DPA’s perspective on this subject, how to tackle illegal data trafficking, and more.   1. We’re going to talk specifically about data brokering/trafficking, but first of all, I’m curious about your position within the Dutch DPA. You have been appointed Director of System Supervision, Security and...

Continue Reading

The Socratic approach to technology adoption

By Roel van Rijsewijk   Inspiring conversations with Ton Wagemans- Considerati   My previous kitchen table discussion ended with Christiaan Alberdingk Thijm’s call to empower citizens to regulate technological developments. As a society, we struggle to set the boundaries within we can make optimal use of technology. How do we balance regulation and innovation? Today I’m going to talk about this with Ton Wagemans, a lawyer, tech policy expert, professional balancer and a freethinker. He helps organisations to increase adoption of new technology with dialogue and experiments.   I meet Ton at my kitchen table in Landsmeer, where one of my children occasionally rushes by as Chase of Paw Patrol. He is the first guest to sit down at this table after I moved from Amsterdam. Originally a lawyer, but an entrepreneur at heart. Ton, founder and partner at Considerati, wants to make technology work for everyone and get the most value out of it. With his...

Continue Reading

On the misleading metaphors of the information age

By Hans Schnitzler   Perhaps the most apt definition of privacy comes from the Dutch artist and Internet critic Tijmen Schep: “privacy is the right to be imperfect,” he argues. This view of privacy is at odds with an ideology also known as computationalism. This is a philosophy of life that reduces the human mind to an information-generating machine, that sees a data problem in every social problem and that has replaced the belief in higher values with a belief in mathematical values.   With this bits and bytes approach to reality, one chases absolute control and predictability of everyday existence. In his book New Dark Age, James Bridle, a computer scientist, characterizes computationalism as a ‘cognitive hack’: decision-making processes and responsibility are transferred to machines, automated thinking - i.e., computation - replaces conscious thought, with the ultimate result that we increasingly act like ‘perfect’ machines. At least, that is the suggestion.   According to Bridle, computational...

Continue Reading

To tell the story of the people

By Roel van Rijsewijk   Inspiring conversations with Christiaan Alberdingk Thijm   I am actually an internet hippie, a ‘new age digital anarchist’. The internet also started out as an open space where all people could connect, create and share. But that anarchism, combined with the network-effect, has led to the emergence of a number of dominant platforms who program their rules and collect all the data.   I am going to talk about this with lawyer Christiaan Alberdingk Thijm, a wordsmith and I think also a bit of a hippie. In the summons he tells the story of how all Dutch internet users are harmed by the data management platforms of Oracle and Salesforce and he is taking them to court on behalf of the foundation The Privacy Collective to claim mass damage in a collective action.   This time I will not meet Christiaan at my kitchen table, which has recently moved from Amsterdam to Landsmeer. Christiaan...

Continue Reading

Six questions on Data and Privacy to… Unilever

By Simone Pelkmans and Iris Tasevski   We spoke with Simone Pelkmans - General Counsel of Unilever Benelux, and Iris Tasevski – Unilever’s Data Protection Advisor.   Question 1) Unilever is a global corporation in fast moving consumer goods, can you describe to me how a company like Unilever interacts with personal data and privacy? As a fast moving consumer goods company, Unilever group companies collect and use personal data to enable them to provide goods and services to consumers, customers and other stakeholders and collaborate with third parties. Furthermore, Unilever holds personal data of thousands of employees. Although Unilever does not (yet) interact with consumers on a large scale, we do interact with them, mainly for marketing purposes.     At Unilever, we respect the privacy of all individuals (consumers, employees, customers, suppliers). As such, our aim is to collect, use and protect personal data not only in accordance with applicable laws but in line with our own...

Continue Reading

Privacy management at Royal Schiphol Group: Mind your step!

By Robyn Post and Danaï Giannouli   A different perspective When thinking of Royal Schiphol Group (hereafter: Schiphol), this image of an impressive innovative international hub comes to mind where (up to the moment the Covid pandemic started) millions of passengers start, continue or end their journey. A company with the mission “connecting your world” and therefore a strong focus on establishing a secure, safe, efficient, sustainable, high quality and enjoyable environment for travellers and employees. Safety and security are subjects that are integrally part of the Schiphol DNA, not only from an operational perspective – but also from a privacy and data protection perspective.    A common misunderstanding is that Schiphol has the same insights about a passenger departing from, transferring via or arriving at the airport. However, Schiphol does not collect the same personal data about a passenger as for example the Royal Netherlands Marechaussee, Dutch Customs, airlines and the operators of retail units...

Continue Reading