Is Privacy by Construction Possible?

  • Gerardo SchneiderEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11244)


Finding suitable ways to handle personal data in conformance with the law is challenging. The European General Data Protection Regulation (GDPR), enforced since May 2018, makes it mandatory to citizens and companies to comply with the privacy requirements set in the regulation. For existing systems the challenge is to be able to show evidence that they are already complying with the GDPR, or otherwise to work towards compliance by modifying their systems and procedures, or alternatively reprogramming their systems in order to pass the eventual controls. For those starting new projects the advice is to take privacy into consideration since the very beginning, already at design time. This has been known as Privacy by Design (PbD). The main question is how much privacy can you effectively achieve by using PbD, and in particular whether it is possible to achieve Privacy by Construction. In this paper I give my personal opinion on issues related to the ambition of achieving Privacy by Construction.



I would like to thank Daniel Le Métayer for his valuable comments on an early draft of this paper, and Thibaud Antignac for all the fruitful discussions we have had on privacy by design. This research has been partially supported by the Swedish Research Council (Vetenskapsrådet) under grant Nr. 2015-04154 (PolUser: Rich User-Controlled Privacy Policies).


  1. 1.
    Antignac, T., Le Métayer, D.: Privacy by design: from technologies to architectures. In: Preneel, B., Ikonomou, D. (eds.) APF 2014. LNCS, vol. 8450, pp. 1–17. Springer, Cham (2014). Scholar
  2. 2.
    Antignac, T., Sands, D., Schneider, G.: Data minimisation: a language-based approach. In: De Capitani di Vimercati, S., Martinelli, F. (eds.) SEC 2017. IAICT, vol. 502, pp. 442–456. Springer, Cham (2017). Scholar
  3. 3.
    Antignac, T., Scandariato, R., Schneider, G.: A privacy-aware conceptual model for handling personal data. In: Margaria, T., Steffen, B. (eds.) ISoLA 2016. LNCS, vol. 9952, pp. 942–957. Springer, Cham (2016). Scholar
  4. 4.
    Antignac, T., Scandariato, R., Schneider, G.: Privacy compliance via model transformations. In: International Workshop on Privacy Engineering (IWPE 2018), IEEE EuroS&P Workshops, pp. 120–126. IEEE (2018)Google Scholar
  5. 5.
    Aziza, B.: Facebook privacy scandal hearings: What you missed. Appeared at Forbes online, April 2018. Accessed 16 May 2018
  6. 6.
    Basin, D., Debois, S., Hildebrandt, T.: On purpose and by necessity: compliance under the GDPR. In: Twenty-Second International Conference on Financial Cryptography and Data Security (2018, to appear)Google Scholar
  7. 7.
    BBC News: Google loses ‘right to be forgotten’ case, April 2018. Accessed 14 Apr 2018
  8. 8.
    Bonakdarpour, B., Sanchez, C., Schneider, G.: Monitoring Hyperproperties by combining static analysis and runtime verification. In: Margaria, T., Steffen, B. (eds.) ISoLA 2018. LNCS, vol. 11244, pp. 8–27. Springer, Cham (2018)Google Scholar
  9. 9.
    Byun, J., Bertino, E., Li, N.: Purpose based access control of complex data for privacy protection. In: 10th ACM Symposium on Access Control Models and Technologies (SACMAT 2005), pp. 102–110. ACM (2005).
  10. 10.
    Cadwalladr, C., Graham-Harrison, E.: Revealed: 50 million facebook profiles harvested for cambridge analytica in major data breach. Appeared at The Guardian, March 2018. Accessed 16 May 2018
  11. 11.
    Castelluccia, C., Cunche, M., Le Métayer, D., Morel, V.: Enhancing transparency and consent in the IoT. In: EuroS&P Workshops 2018, pp. 116–119 (2018)Google Scholar
  12. 12.
    Cavoukian, A.: Privacy by design: The 7 foundational principles (2009)Google Scholar
  13. 13.
    Cavoukian, A.: Privacy by design: Origins, meaning, and prospects. Privacy Protection Measures and Technologies in Bus. Org.: Aspects and Standards 170 (2011)Google Scholar
  14. 14.
    Cheney, J., Chiticariu, L., Tan, W.C.: Provenance in databases: why, how, and where. Found. Trends Databases 1(4), 379–474 (2009)CrossRefGoogle Scholar
  15. 15.
    Chong, S., Myers, A.C.: Language-based information erasure. In: Proceedings of the 18th IEEE Workshop on Computer Security Foundations, CSFW 2005, pp. 241–254. IEEE Computer Society (2005)Google Scholar
  16. 16.
    Colesky, M., Hoepman, J., Hillen, C.: A critical analysis of privacy design strategies. In: IEEE Security and Privacy Workshops, pp. 33–40. IEEE Computer Society (2016).
  17. 17.
    Constine, J.: A flaw-by-flaw guide to facebook’s new GDPR privacy changes, April 2018.
  18. 18.
    Danezis, G., et al.: Privacy and data protection by design. ENISA Report, January 2015Google Scholar
  19. 19.
    Diaspora: Diaspora (2016).
  20. 20.
    European Commission: Proposal for a General Data Protection Regulation. Codecision legislative procedure for a regulation 2012/0011 (COD), European Commission, Brussels, Belgium, January 2012Google Scholar
  21. 21.
    European Commission: General Data Protection Regulation (GDPR). Regulation 2016/679, European Commission, Brussels, Belgium, April 2016Google Scholar
  22. 22.
    Ferrara, P., Spoto, F.: Static analysis for GDPR compliance. In: ITASEC 2018, CEUR Workshop Proceedings, vol. 2058. (2018)Google Scholar
  23. 23.
    Gürses, S., Troncoso, C., Diaz, C.: Engineering privacy by design (2011)Google Scholar
  24. 24.
    Gürses, S., Troncoso, C., Diaz, C.: Engineering privacy by design reloaded (2015)Google Scholar
  25. 25.
    Hert, P.D., Papakonstantinou, V.: The new general data protection regulation: still a sound system for the protection of individuals? Comput. Law Secur. Rev. 32(2), 179–194 (2016)CrossRefGoogle Scholar
  26. 26.
    Hoepman, J.-H.: Privacy design strategies. In: Cuppens-Boulahia, N., Cuppens, F., Jajodia, S., Abou El Kalam, A., Sans, T. (eds.) SEC 2014. IAICT, vol. 428, pp. 446–459. Springer, Heidelberg (2014). Scholar
  27. 27.
    Kiss, J.: Google admits collecting wi-fi data through street view cars. The Guardian, May 2010.
  28. 28.
    Lazouski, A., Martinelli, F., Mori, P.: Usage control in computer security: a survey. Comput. Sci. Rev. 4(2), 81–99 (2010)CrossRefGoogle Scholar
  29. 29.
    Le Métayer, D.: Privacy by design: a formal framework for the analysis of architectural choices. In: CODASPY 2013, pp. 95–104. ACM (2013)Google Scholar
  30. 30.
    Notario, N., et al.: PRIPARE: a new vision on engineering privacy and security by design. In: Cleary, F., Felici, M. (eds.) CSP 2014. CCIS, vol. 470, pp. 65–76. Springer, Cham (2014). Scholar
  31. 31.
    Pearson, S., Mont, M.C.: Sticky policies: an approach for managing privacy across multiple parties. IEEE Comput. 44(9), 60–68 (2011)CrossRefGoogle Scholar
  32. 32.
    Picazo-Sanchez, P., Pardo, R., Schneider, G.: Secure photo sharing in social networks. In: De Capitani di Vimercati, S., Martinelli, F. (eds.) SEC 2017. IAICT, vol. 502, pp. 79–92. Springer, Cham (2017). Scholar
  33. 33.
    Pinisetty, S., Antignac, T., Sands, D., Schneider, G.: Monitoring data minimisation. Technical report (2018).
  34. 34.
    Pinisetty, S., Sands, D., Schneider, G.: Runtime verification of hyperproperties for deterministic programs. In: 6th Conference on Formal Methods in Software Engineering (FormaliSE@ICSE 2018), pp. 20–29. ACM (2018)Google Scholar
  35. 35.
    Schaefer, I., Runge, T., Knüppel, A., Cleophas, L., Kourie, D., Watson, B.W.: Towards confidentiality-by-construction. In: Margaria, T., Steffen, B. (eds.) ISoLA 2018. LNCS, vol. 11244, pp. 502–515. Springer, Cham (2018)Google Scholar
  36. 36.
    Spiekermann, S.: The challenges of privacy by design. Commun. ACM 55(7), 38–40 (2012). Scholar
  37. 37.
    Spiekermann, S., Cranor, L.F.: Engineering privacy. IEEE Trans. Softw. Eng. 35(1), 67–82 (2009)CrossRefGoogle Scholar
  38. 38.
    Del Tedesco, F., Hunt, S., Sands, D.: A semantic hierarchy for erasure policies. In: Jajodia, S., Mazumdar, C. (eds.) ICISS 2011. LNCS, vol. 7093, pp. 352–369. Springer, Heidelberg (2011). Scholar
  39. 39.
    Del Tedesco, F., Russo, A., Sands, D.: Implementing erasure policies using taint analysis. In: Aura, T., Järvinen, K., Nyberg, K. (eds.) NordSec 2010. LNCS, vol. 7127, pp. 193–209. Springer, Heidelberg (2012). Scholar
  40. 40.
    Tsormpatzoudi, P., Berendt, B., Coudert, F.: Privacy by design: from research and policy to practice – the challenge of multi-disciplinarity. In: Berendt, B., Engel, T., Ikonomou, D., Le Métayer, D., Schiffner, S. (eds.) APF 2015. LNCS, vol. 9484, pp. 199–212. Springer, Cham (2016). Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  1. 1.Department of Computer Science and EngineeringUniversity of GothenburgGothenburgSweden

Personalised recommendations