Designing Privacy-by-Design

  • Jeroen van Rest
  • Daniel Boonstra
  • Maarten Everts
  • Martin van Rijn
  • Ron van Paassen
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8319)


The proposal for a new privacy regulation d.d. January 25th 2012 introduces sanctions of up to 2% of the annual turnover of enterprises. This elevates the importance of mitigation of privacy risks. This paper makes Privacy by Design more concrete, and positions it as the mechanism to mitigate these privacy risks.

In this vision paper, we describe how design patterns may be used to make the principle of Privacy by Design specific for relevant application domains. We identify a number of privacy design patterns as examples and we argue that the art is in finding the right level of abstraction to describe a privacy design pattern: the level where the data holder, data subject and privacy risks are described.

We give an extended definition of Privacy by Design and, taking Solove’s model for privacy invasions as structuring principle, we describe a tool and method to use that tool to generate trust in systems by citizens.


privacy privacy design pattern privacy-by-design system engineering trust tooling 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    EC, Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (1995)Google Scholar
  2. 2.
    EC, COM(2012) 11 (final) Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) (January 25, 2012)Google Scholar
  3. 3.
    EC, COM(2010) 609 (final), A comprehensive approach on personal data protection in the European Union (November 4, 2010)Google Scholar
  4. 4.
    EC, COM(2010) 245 (final)/2, A Digital Agenda for Europe (August 26, 2010)Google Scholar
  5. 5.
    van Lieshout, M., Kool, L., van Schoonhoven, B., de Jonge, M.: Privacy by Design: an alternative to existing practice in safeguarding privacy. Info. 13(6), 55–68 (2011)CrossRefGoogle Scholar
  6. 6.
    European Forum for Urban Security, Charter for a Democratic Use of Video Surveillance (2011)Google Scholar
  7. 7.
    Hes, R., Borking, J.: Privacy Enhancing Technologies: the path to anonymity (Revised Edition) Registratiekamer, Achtergrondstudies en Verkenningen 11 (first edition 1995)Google Scholar
  8. 8.
    CFP2000, Conference on Computers, Freedom & Privacy (2000),
  9. 9.
    EC / TNO et al, FP5, PISA project (2003), (accessed June 2, 2012)
  10. 10.
    Cavoukian, Origins of Privacy by Design, (accessed August 3, 2011)
  11. 11.
    Cavoukian, Privacy by Design – The 7 foundational principles (August 2009) (revised January 2011)Google Scholar
  12. 12.
    Gürses, Troncose, Diaz: Engineering Privacy by Design. In: Conference on Computers, Privacy & Data protection, CPDP (2011)Google Scholar
  13. 13.
    Jean-Philippe Courtois, Privacy by Design at Microsoft (November 29, 2010) Google Scholar
  14. 14.
  15. 15.
    Cavoukian, Privacy by Design – The answer to overcoming negative externalities arising from poor management of personal data, Trust Economics Workshop (June 23, 2009)Google Scholar
  16. 16.
    Kranzberg, M.: Technology and History: Kranzberg’s Laws. Technology and Culture 27(3), 544–560 (1986)CrossRefGoogle Scholar
  17. 17.
    EuroPrise - the European Privacy Seal for IT Products and IT-Based Services (2007), (accessed June 2, 2012)
  18. 18.
    London Economics, Study on the economic benefits of privacy-enhancing technologies (PETs) (July 2010)Google Scholar
  19. 19.
    Borking, J.: Privacy law is code (2010)Google Scholar
  20. 20.
    Rogers, E.M.: Diffusion of Innovations (1962)Google Scholar
  21. 21.
    Warren and Brandeis, Harvard Law Review. The right to privacy, vol. IV(5) (December 15, 1890),
  22. 22.
    Agre & Rottenberg, Technology and privacy: the new landscape (1997)Google Scholar
  23. 23.
    Clarke, R.: Roger Clarke’s ‘What’s Privacy?, (accessed May 12, 2011)
  24. 24.
    Cambridge Essential English Dictionary, lemma Privacy (accessed August 6, 2011)Google Scholar
  25. 25.
    Westin, A.: Privacy and Freedom. Atheneum, New York (1967)Google Scholar
  26. 26.
    Burgoon, K., Parrott, R., Le Poire, B.A., Kelley, D.L., Walther, J.B., Perry, D.: Maintaining and Restoring Privacy through Communication in Different Types of Relationships. Journal of Social and Personal Relationships 6(2), 131–158 (1989)CrossRefGoogle Scholar
  27. 27.
    Langheinrich, M.: Privacy by design - principles of privacy-aware ubiquitous systems. In: Abowd, G.D., Brumitt, B., Shafer, S. (eds.) UbiComp 2001. LNCS, vol. 2201, pp. 273–291. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  28. 28.
    Solove, D.J.: A Taxonomy of Privacy. University of Pennsylvania Law Review 154(3), 477–564 (2006)CrossRefGoogle Scholar
  29. 29.
    UML 2.4.1 Specification, (accessed December 2011)
  30. 30.
    Harrison McKnight, D., Chervany, N.L.: The Meanings of Trust, University of Minnesota (1996),
  31. 31.
    BBC, Eric Schmidt, Google (April 13, 2013),
  32. 32.
    Ridings, C.M., Gefen, D., Arinze, B.: Some antecedents and effects of trust in virtual communities. The Journal of Strategic Information Systems 11(3-4), 271–295 (2002) ISSN 0963-8687, 10.1016/S0963-8687(02)00021-5Google Scholar
  33. 33.
    Article 8 of the European Convention on Human Rights (1950)Google Scholar
  34. 34.
    EC, undated, Status of implementation of Directive 95/46 on the Protection of Individuals with regard to the Processing of Personal Data (2011), (accessed August 3, 2011)
  35. 35.
    EC, COM/2012/010 final - 2012/0010 (COD), Proposal for a Directive of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data by competent authorities for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and the free movement of such data (January 2012)Google Scholar
  36. 36.
    EU KP7 SMART project, (accessed May 13, 2012)
  37. 37.
    Cambridge Essential English Dictionary, lemma Design (accessed August 28, 2011)Google Scholar
  38. 38.
    INCOSE, A Consensus of the INCOSE Fellows, (accessed June 2012)
  39. 39.
    Bahill, A.T., Gissing, B.: Re-evaluating systems engineering concepts using systems thinking. IEEE Transactions on Systems, Man, and Cybernetics, Part C: Applications and Reviews 28(4), 516–527 (1998)CrossRefGoogle Scholar
  40. 40.
    The Open Group, “The Open Group Architecture Framework, TOGAF”, (last accessed April 2, 2012)
  41. 41.
    Alexander, C.: A Pattern Language: Towns, Buildings, Construction (1977)Google Scholar
  42. 42.
    Buschmann, F., Meunier, R., Rohnert, H., Sommerlad, P.: Pattern-Oriented Software Architecture. A System of Patterns, vol. 1. John Wiley & Sons (1996)Google Scholar
  43. 43.
    Steinberg, A., Bowman, C.: Rethinking the JDL Data Fusion Levels, NSSDF JHAPL, June, 04 2. In: Bowman, C.L. (ed.) The Dual Node Network (DNN) Data Fusion & Resource Management (DF&RM) Architecture, AIAA Intelligent Systems Conference, Chicago, September 20-22 (2004)Google Scholar
  44. 44.
    Hafiz, M.: A collection of Privacy Design Patterns. In: Proceedings of the 13th Pattern Languages of Programs. Allerton, Illinois (2006)Google Scholar
  45. 45.
    Security Patterns – Integrating Security and Systems Engineering, Schumacher, Fernandez-Buglioni, Hybertson, Buschmann, Sommerlead. John Wiley & Sons (2006)Google Scholar
  46. 46.
    UC Berkeley School of Information (2013), (last visited May 2013)
  47. 47.
    Revocable Privacy, Jaap-Henk Hoepman. Privacy & Informatie 11(3), 114–118 (June 2008)Google Scholar
  48. 48.
    BSIA, Privacy Masking Guide (2011)Google Scholar
  49. 49.
    Roelofsen, Patent WO 03/010728/A1 Method and System and Data Source for Processing of Image Data (February 2003)Google Scholar
  50. 50.
    WeArePerspective (2007), (accessed December 2011)
  51. 51.
    Cvrček, D., Matyáš, V.: D13.1: Identity and impact of privacy enhancing technology. FIDIS (2007), (accessed February 16, 2011)

Copyright information

© Springer-Verlag Berlin Heidelberg 2014

Authors and Affiliations

  • Jeroen van Rest
    • 1
  • Daniel Boonstra
    • 1
  • Maarten Everts
    • 1
  • Martin van Rijn
    • 1
  • Ron van Paassen
    • 1
  1. 1.TNODelft / The HagueThe Netherlands

Personalised recommendations