On the Principle of Privacy by Design and its Limits: Technology, Ethics and the Rule of Law

  • Ugo Pagallo


Over the last years lawmakers, privacy commissioners and scholars have discussed the idea of embedding data protection safeguards in ICT and other types of technology, by means of value-sensitive design, AI and legal ontologies, PeCAM platforms, and more. Whereas this kind of effort is offering fruitful solutions for operating systems, health care technologies, social networks and smart environments, the paper stresses some critical aspects of the principle by examining technological limits, ethical constraints and legal conditions of privacy by design, so as to prevent some misapprehensions of the current debate. The idea should be to decrease the entropy of the system via ‘digital air-bags’ and to strengthen people’s rights by widening the range of their choices, rather than preventing harm generating behaviour from occurring through the use of self-enforcement technologies.


Aritificial intelligence and law Data protection Ethics of design Information ethics Legal ontologies Rule of law Security measures Privacy by design Self-enforcement technology 


  1. Abou-Tair, D. el Diehn I., and Stefan Berlik. 2006. An ontology-based approach for managing and maintaining privacy in information systems. Lectures notes in computer science, 4275: 983–994 (Berlin-Heidelberg: Springer).CrossRefGoogle Scholar
  2. Agre, Philip E. 1997. Introduction. In Technology and privacy: The new landscape, eds. Philip E. Agre and Mark Rotenberg, 1–28. Cambridge: The MIT Press.Google Scholar
  3. von Ahn, Luis, Maurer, Benjamin, McMillen, Colin, Abraham, David, and Manuel Blum. 2008. reCAPTCHA: Human-based character recognition via web security measures. Science 321 (5895): 1465–1468.CrossRefGoogle Scholar
  4. Borning, Alan, Friedman, Batya, and Peter H. Kahn. 2004. Designing for human values in an urban simulation system: Value sensitive design and participatory design. Proceedings of eighth biennial participatory design conference, 64–67. Toronto: ACM Press. Accessed 23 Dec 2010
  5. Breuker, Joost, Casanovas, Pompeu, Klein, Michel C.A., and Enrico Francesconi (eds.). 2009. Law, ontologies and the semantic web. Amsterdam: IOS Press.Google Scholar
  6. Brownsword, Roger. 2005. Code, control, and choice: Why east is east and west is west. Legal Studies 25 (1): 1–21.CrossRefGoogle Scholar
  7. Casanovas, Pompeu, Pagallo, Ugo, Sartor, Giovanni, and Gianmaria Ajani (eds.). 2010. AI approaches to the complexity of legal systems. Complex systems, the semantic web, ontologies, argumentation, and dialogue. Berlin: Springer.Google Scholar
  8. Casellas, Nuria, Torralba, Sergi, Nieto, Juan-Emilio, Meroño, Albert, Roig, Antoni, Reyes, Mario, and Pompeu Casanovas. 2010. The Neurona ontology: A data protection compliance ontology. Paper presented at the intelligent privacy management symposium, Stanford University, CA., USA. 22–24 March 2010.Google Scholar
  9. Cavoukian, Ann. 2009. Privacy by design. Ottawa: IPC.Google Scholar
  10. Cavoukian, Ann. 2010. Privacy by design: The definitive workshop. Identity in the Information Society 3 (2): 247–251.CrossRefGoogle Scholar
  11. Clarke, Steve. 2005. Future technologies, dystopic futures and the precautionary principle. Ethics and Information Technology 7 (4): 121–126.CrossRefGoogle Scholar
  12. Cranor, Lorrie F., Egelman, Serge, Sheng, Steve, McDonald, Aleecia M., and Abdur Chowdhury. 2008. P3P deployment on websites. Electronic Commerce Research and Applications 7 (3): 274–293.CrossRefGoogle Scholar
  13. Flanagan, Mary, Howe, Daniel C., and Helen Nissenbaum. 2008. Embodying values in technology: Theory and practice. In Information technology and moral philosophy, eds. Jeroen van den Hoven and John Weckert, 322–353. New York: Cambridge University Press.Google Scholar
  14. Floridi, Luciano. 2005. Information ethics, its nature and scope. Computers and Society 36 (3): 21–36.CrossRefGoogle Scholar
  15. Floridi, Luciano. 2006. Four challenges for a theory of informational privacy. Ethics and Information Technology 8 (3): 109–119.CrossRefGoogle Scholar
  16. Friedman, Batya. 1986. Value-sensitive design. Interactions 3 (6): 17–23.Google Scholar
  17. Friedman, Batya, Howe, Daniel C., and Edward Felten. 2002. Informed consent in the mozilla browser: Implementing value-sensitive design. Proceedings of 35th annual hawaii international conference on system sciences 247. IEEE Computer Society.Google Scholar
  18. Friedman, Batya, and Peter H. Kahn Jr. 2003. Human values, ethics, and design. In: The human-computer interaction handbook, eds. Julie A. Jacko and Andrew Sear, 1177–1201. Mahwah: Lawrence Erlbaum Associates.Google Scholar
  19. Friedman, Batya, Kahn, Peter H. Jr., and Alan Borning. 2006. Value sensitive design and information systems. In Human-computer interaction in management information systems: Foundations, eds. Ping Zhang and Dennis Galletta, 348–372. New York: Armonk.Google Scholar
  20. Garfinkel, Simson, and Eugene Spafford. 1997. Web security and commerce. Sebastopol: O’Reilly.Google Scholar
  21. Glorioso, Andrea, Pagallo, Ugo, and Giancarlo Ruffo. 2010. The social impact of P2P systems. In Handbook of peer-to-peer networking, eds. Xuemin Shen, Heather Yu, John Buford and Mursalin Akon, 47–70. Heidelberg: Springer.CrossRefGoogle Scholar
  22. Grodzinsky, Frances S. and Herman T. Tavani. 2008. Online file sharing: Resolving the tensions between privacy and property interest. In Proceedings of ETHICOMP2008 “Living, Working and Learning Beyond Technology”, eds. Terry W. Bynum, Maria Calzarossa, Ivo De Lotto and Simon Rogerson, 373–383. Mantova: Tipografia Commerciale.Google Scholar
  23. Hustinx, Peter. 2007. Opinion of the European data protection supervisor on the communication from the commission to the European parliament and the council on the follow-up of the work program for better implementation of the data protection directive. Official Journal of the European Union 27 Oct. 2007, C 255: 1–12.Google Scholar
  24. Jobs, Steve. 2007. Thoughts on music. Accessed 20 April 2009.Google Scholar
  25. Jutla, Dawn N., and Liming Xu. 2004. Privacy agents and ontology for the semantic web. Americas conference on information systems. New York City: CUSP.Google Scholar
  26. Jutla, Dawn N., and Yanjun Zhang. 2005. Maturing E-privacy with P3P and context agents. In Proceedings of IEEE international conference on E-Technology, E-Commerce and E-Service, 536–541. Hong Kong.Google Scholar
  27. Jutla, Dawn N., Bodorik, Peter, and Yanjun Zhan. 2006. PeCAN: An architecture for user privacy and profiles in electronic commerce contexts on the semantic web. Information Systems 31 (4–5): 295–320.CrossRefGoogle Scholar
  28. Jutla, Dawn N. 2010. Layering privacy on operating systems, social networks, and other platforms by design. Identity in the Information Society 3 (2): 319–341.CrossRefGoogle Scholar
  29. Kant, Immanuel. 1891. Kant’s principles of politics, including his essay on perpetual peace. A contribution to political science (1795), (trans: Hastie W.). Edinburgh: Clark.Google Scholar
  30. Katyal, Neal. 2002. Architecture as crime control. Yale Law Journal 111 (5): 1039–1139.CrossRefGoogle Scholar
  31. Katyal, Neal. 2003. Digital architecture as crime control. Yale Law Journal 112 (6): 101–129.CrossRefGoogle Scholar
  32. Kim, Anya, Hoffman, Lance J., and C. Dianne Martin. 2002. Building privacy into the semantic web: Ontology needed now. Semantic web workshop 2002. Honolulu, Hawaii. Accessed on 23 Dec 2011.
  33. Kesan, Jay P. and Rajiv C. Shah. 2006. Setting software defaults: Perspectives from law, computer science and behavioural economics. Notre Dame Law Review 82:583–634.Google Scholar
  34. Kuner, Christopher. 2003. European data privacy law and online business. Oxford: Oxford University Press.Google Scholar
  35. Lessig, Lawrence. 1999. Code and other laws of cyberspace. New York: Basic Books.Google Scholar
  36. Lessig, Lawrence. 2004. Free culture: The nature and future of creativity. New York: Penguin Press.Google Scholar
  37. Lioudakis, Georgios, Koutsoloukasa, Eleftherios, Tselikasa, Nikolaos, Kapellakia, Sofia, Prezerakosa, Georg, Kaklamani, Dimitra and Iakovos Venieris. 2007. A middleware architecture for privacy protection. The International Journal of Computer and Telecommunications Networking 51 (16): 4679–4696.Google Scholar
  38. McLaren, Bruce. 2006. Computational models of ethical reasoning: Challenges, initial steps, and future directions. IEEE intelligent systems 2006 (July/August): 29–37.Google Scholar
  39. Mills, Elinor. 2008. To be anonymous or not to be, that is the privacy question: interview to jeffrey rosen. News blog. Accessed 15 Oct 2010.Google Scholar
  40. Mitcham, Carl. 1995. Ethics into design. In Discovering design, eds. Richard Buchanan and Victor Margolin, 173–179. Chicago: University of Chicago Press.Google Scholar
  41. Mitre, Hugo, González-Tablas, Ana Isabel, Ramos, Benjamin, and Arturo Ribagorda. 2006. A legal ontology to support privacy preservation in location-based services. Lectures notes in computer science, 4278: 1755–1764 (Berlin-Heidelberg: Springer).CrossRefGoogle Scholar
  42. Moor, James. 2006. The nature, importance, and difficulty of machine ethics. IEEE intelligent systems 21(4): 18–21.Google Scholar
  43. Nissenbaum, Helen. 1998. Protecting privacy in an information age: The problem of privacy in public. Law and Philosophy 17 (5–6): 559–596.Google Scholar
  44. Nissenbaum, Helen. 2004. Privacy as contextual integrity. Washington Law Review 79 (1): 119–158.Google Scholar
  45. Pagallo, Ugo. 2007. Small world-paradigm and empirical research in legal ontologies: A topological approach. In The multilanguage complexity of European law: Methodologies in comparison, eds. Gianmaria Ajani, Ginevra Peruginelli, Giovanni Sartor and Daniela Tiscornia, 195–210. Florence: European Press Academic.Google Scholar
  46. Pagallo, Ugo. 2008. La tutela della privacy negli stati uniti d’america e in europa: Modelli giuridici a confronto. Milano: Giuffrè.Google Scholar
  47. Pagallo, Ugo. 2009. Privacy e design. Informatica e diritto 1:123–134.Google Scholar
  48. Pagallo, Ugo. 2011a. Designing data protection safeguards ethically. Information 2 (2): 247–265.CrossRefGoogle Scholar
  49. Pagallo, Ugo. 2011b. The trouble with digital copies: A short km phenomenology. In Ethical issues and social dilemmas in knowledge management organizational innovation, eds. Gonçalo J. Morais da Costa, 97–122. Hershey: IGI Global.Google Scholar
  50. Peerenboom, Randy. 2009. The future of rule of law: The challenges and prospects for the field. Hague Journal on the Rule of Law 1 (1): 5–14.CrossRefGoogle Scholar
  51. Post, David G. 2002. Against “Against Cyberspace”. Berkeley Technology Law Journal 17 (4): 1365–1383.Google Scholar
  52. Potter, Norman. 2002. What is a designer. London: Hyphen Press.Google Scholar
  53. Reay, Ian, Dick, Scott, and James Miller. 2009. A large-scale empirical study on P3P privacy policies: Stated actions vs. legal obligations. ACM transactions on the web 3(2): 1–34.Google Scholar
  54. Rodotà, Stefano. 2006. The retention of electronic communication traffic data. Revista d’Internet, dret i política 3:53–60.Google Scholar
  55. Shneiderman, Ben. 2000. Universal usability. Communications of the ACM 43 (3): 84–91.CrossRefGoogle Scholar
  56. Simon, Herbert A. 1996. The sciences of the artificial. Cambridge: The MIT Press.Google Scholar
  57. Spinello, Richard A. 2003. The future of intellectual property. Ethics and Information Technology 5 (1): 1–16.CrossRefGoogle Scholar
  58. Summers, Robert S. 1993. A formal theory of rule of law. Ratio Iuris 6 (2): 127–142.CrossRefGoogle Scholar
  59. Tavani, Herman T. 2007. Philosophical theories of privacy: Implications for an adequate online privacy policy. Metaphilosophy 38 (1): 1–22.CrossRefGoogle Scholar
  60. Volkman, Richard. 2003. Privacy as life, liberty, property. Ethics and Information Technology 5 (4): 199–210.CrossRefGoogle Scholar
  61. Weckert, John and James Moor. 2004. Using the precautionary principle in nanotechnology policy making. Asia Pacific Nanotechnology Forum News Journal 3 (4): 12–14.Google Scholar
  62. Whitbeck, Caroline. 1996. Ethics as design: Doing justice to moral problems. Hastings Center Report 26 (3): 9–16.CrossRefGoogle Scholar
  63. Working Party (WP) Article 29 D-95/46/EC. 2009. The future of privacy. 02356/09/EN–WP 168.Google Scholar
  64. Yeung, Karen. 2007. Towards an understanding of regulation by design. In Regulating technologies: Legal futures, regulatory frames and technological fixes, eds. Roger Brownsword and Karen Yeung, 79–108. London: Hart Publishing.Google Scholar
  65. Zittrain, Jonathan. 2007. Perfect enforcement on tomorrow’s internet. In Regulating technologies: Legal futures, regulatory frames and technological fixes, eds. Roger Brownsword and Karen Yeung, 125–156. London: Hart Publishing.Google Scholar

Copyright information

© Springer Science+Business Media B.V. 2012

Authors and Affiliations

  1. 1.Law SchoolUniversity of TorinoTorinoItaly

Personalised recommendations