In this paper we define the notion of a privacy design strategy. These strategies help IT architects to support privacy by design early in the software development life cycle, during concept development and analysis. Using current data protection legislation as point of departure we derive the following eight privacy design strategies: minimise, hide, separate, aggregate, inform, control, enforce, and demonstrate. The strategies also provide a useful classification of privacy design patterns and the underlying privacy enhancing technologies. We therefore believe that these privacy design strategies are not only useful when designing privacy friendly systems, but also helpful when evaluating the privacy impact of existing IT systems.


Personal Data Data Protection Design Pattern Privacy Protection Data Subject 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Borking, J.: Der identity-protector. Datenschutz und Datensicherheit 20(11), 654–658 (1996)Google Scholar
  2. 2.
    Brands, S.: Rethinking Public Key Infrastructures and Digital Certificates; Building in Privacy, 1st edn. MIT Press (2000) ISBN 0-262-02491-8Google Scholar
  3. 3.
    Buschmann, F., Meunier, R., Rohnert, H., Sommerlad, P.: Pattern-Oriented Software Architecture, A System of Patterns, vol. 1. John Wiley & Sons (1996)Google Scholar
  4. 4.
    Camenisch, J.L., Lysyanskaya, A.: An efficient system for non-transferable anonymous credentials with optional anonymity revocation. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 93–118. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  5. 5.
    A. Cavoukian.: Privacy by design – the 7 foundational principles. Technical report, Information and Privacy Commissioner of Ontario (January 2011) (revised version)Google Scholar
  6. 6.
    Chaum, D.: Untraceable electronic mail, return addresses, and digital pseudonyms. Commun. ACM 24(2), 84–88 (1981)CrossRefGoogle Scholar
  7. 7.
    Chaum, D., Fiat, A., Naor, M.: Untraceable electronic cash. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 319–327. Springer, Heidelberg (1990)CrossRefGoogle Scholar
  8. 8.
    Communication COM (2007)228 from the Commission to the European Parliament and the Council. On Promoting Data Protection by Privacy Enhancing Technologies (PETs) (Not published in the OJC) (2007)Google Scholar
  9. 9.
    Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995. On the protection of individuals with regard to the processing of personal data and on the free movement of such data. OJ CL 281, 0031–0050 (1995)Google Scholar
  10. 10.
    Proposal for a Regulation of the European Parliament and of the Council. On the protection of individuals with regard to the processing of personal data and on the free movement of such data. OJ C 102, 24 (2012)Google Scholar
  11. 11.
    Gamma, E., Helm, R., Johnson, R., Vlissides, J.: Design Patterns: Elements of Reusable Object-Oriented Software. Addison-Wesley (1994)Google Scholar
  12. 12.
    Graf, C., Wolkerstorfer, P., Geven, A., Tscheligi, M.: A pattern collection for privacy enhancing technology. In: The 2nd Int. Conf. on Pervasive Patterns and Applications (PATTERNS 2010), Lisbon, Portugal, November 21–26 (2010)Google Scholar
  13. 13.
    Grses, S., Troncoso, C., Diaz, C.: Engineering privacy by design. In: Conference on Computers, Privacy & Data Protection, CPDP 2011 (2011)Google Scholar
  14. 14.
    Hafiz, M.: A collection of privacy design patterns. In: Proceedings of the 2006 Conference on Pattern languages of Programs, PLoP 2006 pp. 7:1–7:13. ACM, New York (2006)Google Scholar
  15. 15.
    Hafiz, M.: A pattern language for developing privacy enhancing technologies. In: Softw. Pract. Exper. (2011), doi:10.1002/spe.1131.Google Scholar
  16. 16.
    J.-H. Hoepman.: Privacy design strategies, eprint arXiv:1210.6621 (October 2012), A preliminary version was presented at the Amsterdam Privacy Conference (APC 2012) and the Privacy Law Scholars Conference (PLSC 2013)Google Scholar
  17. 17.
    ISO/IEC 29100. Information technology – Security techniques – Privacy framework. Technical report, ISO JTC 1/SC 27Google Scholar
  18. 18.
    Jacobs, B.: Select before you collect. Ars Aequi 54, 1006–1009 (2005)Google Scholar
  19. 19.
    Kruchten, P.: An ontology of architectural design decisions. In: Bosch., J. (ed.) Proc. of the 2nd Groningen Workshop on Software Variability Management, Groningen, The Netherlands (2004)Google Scholar
  20. 20.
    Casassa Mont, M., Pearson, S.: An adaptive privacy management system for data repositories. In: Katsikas, S., López, J., Pernul, G. (eds.) TrustBus 2005. LNCS, vol. 3592, pp. 236–245. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  21. 21.
    Organisation of Economic Co-Operation and Development. OECD guidelines on the protection of privacy and transborder flows of personal data (1980)Google Scholar
  22. 22.
    Pearson, S., Benameur, A.: Decision support for design for privacy: A system focused on privacy by policy. In: PrimeLife/IFIP Summer School 2010: Privacy and Identity Management for Life, Helsingborg, Sweden (August 2010) (to appear)Google Scholar
  23. 23.
    Pearson, S., Shen, Y.: Context-aware privacy design pattern selection. In: Katsikas, S., Lopez, J., Soriano, M. (eds.) TrustBus 2010. LNCS, vol. 6264, pp. 69–80. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  24. 24.
    A. Pfitzmann, M. Hansen.: Anonymity, unlinkability, undetectability, unobservability, pseudonymity, and identity management – a consolidated proposal for terminology (version v0.34 August 10, 2010),
  25. 25.
    Solove, D.J.: A taxonomy of privacy. University of Pennsylvania Law Review 154(3), 477–564 (2006)CrossRefGoogle Scholar
  26. 26.
    Spiekermann, S., Cranor, L.F.: Engineering privacy. IEEE Trans. Software Eng. 35(1), 67–82 (2009)CrossRefGoogle Scholar
  27. 27.
    Sweeney, L.: k-anonymity: A model for protecting privacy. International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems 10(5), 557–570 (2002)CrossRefzbMATHMathSciNetGoogle Scholar
  28. 28.
    US Federal Trade Commission. Privacy online: Fair information practices in the electronic marketplace, a report to congress (2000)Google Scholar
  29. 29.
    van Blarkom, G.W., Borking, J.J., Verhaar, P.: PET. In: van Blarkom, G.W., Borking, J.J., Olk, J.G.E. (eds.) Handbook of Privacy and Privacy-Enhancing Technologies - The Case of Intelligent Software Agnets, ch. 3, pp. 33–54. College Bescherming Persoonsgegevens, The Hague (2003)Google Scholar
  30. 30.
    van Rest, J., Boonstra, D., Everts, M., van Rijn, M., van Paassen, R.: Designing privacy-by-design. Presented at the Annual Privacy Forum 2012, Limmasol, Cyprus (2012)Google Scholar
  31. 31.
    Westin, A.: Privacy and Freedom. Atheneum, New York (1976)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2014

Authors and Affiliations

  • Jaap-Henk Hoepman
    • 1
  1. 1.Radboud University NijmegenNijmegenThe Netherlands

Personalised recommendations