PRIPARE: A New Vision on Engineering Privacy and Security by Design

Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 470)


The new EU Data Protection Directive (DPD), approved by the EU Parliament acknowledges the need of Data Protection by Design and by Default in order to protect the rights and freedoms of data subjects with regard to the processing of personal data. PRIPARE confronts the lack of a truly engineering approach for these concepts by providing a methodology that merges state-of-the-art approaches (e.g. Privacy Impact Assessment and Risk management) and complements them with new processes that cover the whole lifecycle of both, personal data and development of ICT systems.


Privacy by design Security by design Methodology Privacy 


  1. 1.
    United Nations General Assembly: The Universal Declaration of Human Rights, Paris (1948)Google Scholar
  2. 2.
    United Nations General Assembly: The right to privacy in the digital age. Resolution A/C.3/68/L.45/Rev.1Google Scholar
  3. 3.
    Cavoukian, A.: 7 Foundational Principles of Privacy by Design. Information & Privacy Commissioner, Ontario, CanadaGoogle Scholar
  4. 4.
    European Data Protection Supervisor (EDPS): Opinion of the European Data Protection Supervisor on Promoting Trust in the Information Society by Fostering Data Protection and Privacy (2010)Google Scholar
  5. 5.
    Article 29 Data Protection Working Party: Opinion 01/2012 Opinion 01/2012 on the data protection reform proposals, March 2012Google Scholar
  6. 6.
    RFID Industry, Privacy and Data Protection Impact Assessment Framework for RFID Applications, January 2011Google Scholar
  7. 7.
    Camenisch, J., Leenes, R., Sommer, D.: Digital Privacy: PRIME-Privacy and Identity Management for Europe. Springer-Verlag New York Inc., New York (2011)CrossRefGoogle Scholar
  8. 8.
    Privacy by Design: “PbD based RFID PIA”.
  9. 9.
    Linden Consulting Inc.: Privacy Impact Assessments: International Study of their Application and Effects, Information Commissioner’s Office, UK (2007)Google Scholar
  10. 10.
    Wright, D.: The state of the art in privacy impact assessment. Comput. Law Secur. Rev. 28(1), 54–61 (2011)CrossRefGoogle Scholar
  11. 11.
    Flaherty, D.: Privacy Impact Assessments: An Essential Tool for Data Protection, Canada (2000)Google Scholar
  12. 12.
    Cavoukian, A.: Privacy risk management: building privacy protection into a risk management framework to ensure that privacy risks are managed by default. In: Information and Privacy Commissioner, Ontario, Canada, p. 12 (2010)Google Scholar
  13. 13.
    European Commission, INOFFICIAL CONSOLIDATED VERSION AFTER LIBE COMMITTEE VOTE PROVIDED BY THE RAPPORTEUR Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation), Brussels, 22 October 2013Google Scholar
  14. 14.
    European Parliament and the Council, Directive 95/46/EC of 24.10.1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, OJ L 281, 23 November 1995Google Scholar
  15. 15.
    International Organization for Standardization (ISO): Information technology – Security techniques – Privacy framework, ISO/IEC 29100:2011, First edition, Geneva, 15 December 2011Google Scholar
  16. 16.
    International Organization for Standardization (ISO): Information technology – Security techniques – Evaluation criteria for IT security, ISO/IEC 15408-2, First edition, Geneva, 1 December 1999Google Scholar
  17. 17.
    Organization for the Advancement of Structured Information Standards (OASIS): Privacy Management Reference Model and Methodology (PMRM), Version 1.0. July 2013Google Scholar
  18. 18.
    European Data Protection Supervisor (EDPS): European Data Protection Supervisor Glossary.
  19. 19.
  20. 20.
    Finn, R., Wright, D., Friedewald, M.: Seven types of privacy. In: Gutwirth, S., Poullet, Y., et al. (eds.) European Data Protection: Coming of Age. Springer, Dordrecht (2013)Google Scholar
  21. 21.
    Rubinstein, I., Good, N.: Privacy by design: a counterfactual analysis of google and facebook privacy incidents. Berkeley Technol. Law J. 28(2), 1333–1414 (2011)Google Scholar
  22. 22.
    Wright, D.: Making privacy impact assessment more effective. Inf. Soc. Int. J. 29(5), 307–315 (2013)CrossRefGoogle Scholar
  23. 23.
    European Commission - Directorate General Justice: Recommendations for a privacy impact assessment framework for the European Union, Brussels – London, November 2012Google Scholar
  24. 24.
    Spiekermann, S.: The challenges of privacy by design. Commun. ACM 55(7), 38–40 (2012)CrossRefGoogle Scholar
  25. 25.
    Gürses, S.F., Troncoso, C., Diaz, C.: Engineering privacy by design. In: Computers, Privacy & Data Protection (2011)Google Scholar
  26. 26.
    Guagnin, D., Hempel, L., Ilten, C., Kroener, I., Neyland, D., Postigo, H. (eds.): Managing Privacy through Accountability. Palgrave Macmillan, Basingstoke (2012)Google Scholar
  27. 27.
    OECD, OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal DataGoogle Scholar
  28. 28.
    OWASP Application Security Principles.
  29. 29.
    Organization for the Advancement of Structured Information Standards (OASIS): Privacy by Design Documentation for Software EngineersGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  1. 1.Atos Spain S.A.MadridSpain
  2. 2.TrialogParisFrance
  3. 3.TrilateralLondonUK
  4. 4.InriaLyonFrance
  5. 5.GradiantVigo, PontevedraSpain
  6. 6.Universidad Politécnica de Madrid (UPM)MadridSpain

Personalised recommendations