Minimum Harm by Design: Reworking Privacy by Design to Mitigate the Risks of Surveillance

Part of the Law, Governance and Technology Series book series (LGTS, volume 36)


Particular applications of Privacy by Design (PbD) have proven to be valuable tools to protect privacy in many technological applications. However, PbD is not as promising when applied to technologies used for surveillance. After specifying how surveillance and privacy are understood in this paper, I will highlight the shortcomings of PbD when applied to surveillance, using a web-scanning system for counter-terrorism purposes as an example. I then suggest reworking PbD into a different approach: the Minimum Harm by Design (MHbD) model. MHbD differs from PbD principally in that it acknowledges that the potential harms of surveillance bear not only upon privacy but also values that define the very constitution of a society and its political character. MHbD aims to identify and systematise the different categories of such harms and links them to current theories on surveillance on the one hand and on possible design measures on the other.


Chilling effect Contextual integrity Data mining Discrimination Minimum harm by design Privacy Privacy by design Social sorting Surveillance 



I am grateful to two anonymous reviewers and to Claudia Diaz and Maria Grazia Porcedda for their comments on earlier drafts of this article. I also gratefully acknowledge the comments made by the participants in the Third Dutch/German Workshop in Philosophy of Technology (Technische Universität Darmstadt, June 2014), the Delft Philosophy Colloquium (Technische Universitait Delft, March 2015), the State of the Union Conference 2015 (European University Institute, Florence) and the CPDP (Computers, Privacy & Data Protection) Conference 2016 (Brussels). Part of the research presented in this chapter was funded by the European Union’s Seventh Framework Programme for research, technological development and demonstration under grant agreement no. 284725 as part of the SURVEILLE (Surveillance: Ethical Issues, Legal Limitations, and Efficiency) Project.


  1. Agamben, Giorgio. Homo Sacer: Sovereign Power and Bare Life. Stanford: Stanford Univ. Press, 1998.Google Scholar
  2. Albrechtslund, Anders. ‘Online Social Networking as Participatory Surveillance’. First Monday 13, no. 3 (2008).
  3. Balasch, Josep, Alfredo Rial, Carmela Troncoso, Christophe Geuens, Bart Preneel, and Ingrid Verbauwhede. ‘PrETP: Privacy-Preserving Electronic Toll Pricing’, In 19TH USENIX SECURITY SYMPOSIUM, 63–78. USENIX Association, 2010.Google Scholar
  4. Barocas, Solon, and Andrew D. Selbst, ‘Big Data’s Disparate Impact’. California Law Review 104 (August 14, 2015), Accessed March 24, 2016.
  5. Bennett, Colin J. ‘Review of Nissenbaum’s Privacy in Context’. Surveillance & Society 8, no. 4 (April 28, 2011): 541–43.Google Scholar
  6. Bier, Christoph, Pascal Birnstill, Erik Krempel, Hauke Vagts, and Jürgen Beyerer. ‘Enhancing Privacy by Design from a Developer’s Perspective’. In Privacy Technologies and Policy, edited by Bart Preneel and Demosthenes Ikonomou, 73–85. Lecture Notes in Computer Science 8319. Berlin Heidelberg: Springer, 2014.Google Scholar
  7. Bigo, Didier. ‘Globalized (In)Security: The Field and the Ban-Opticon’. In Terror, Insecurity and Liberty. Illeberal Practices of Liberal Regimes after 9/11, edited by Didier Bigo and Anastassia Tsoukala, 10–48. London and New York: Routledge, 2008.Google Scholar
  8. Cavoukian, Ann. ‘Privacy by Design’. 2009. Accessed March 24, 2016.Google Scholar
  9. ———. ‘Privacy by Design: Origins, Meaning, and Prospects for Assuring Privacy and Trust in the Information Era’. In Privacy Protection Measures and Technologies in Business Organizations: Aspects and Standards, edited by George O.M. Yee, 170–207. Hershey: Information Science Reference, 2012.Google Scholar
  10. Cavoukian, Ann, and Khaled El Emam. ‘Introducing Privacy-Protective Surveillance: Achieving Privacy and Effective Counter-Terrorism’, September 2013. Accessed March 24, 2016.
  11. Cavoukian, Ann, and Jeff Jonas. ‘Privacy by Design in the Age of Big Data’, June 2012. Accessed March 24, 2016.
  12. Cavoukian, Ann, and Marilyn Prosch. ‘The Roadmap for Privacy by Design in Mobile Communications: A Practical Tool for Developers, Service Providers, and Users’, December 2010. Accessed March 24, 2016.
  13. Clarke, Roger. ‘Introduction to Dataveillance and Information Privacy, and Definitions of Terms’, 1997. Scholar
  14. Coudert, Fanny. ‘Accountable Surveillance Practices: Is the EU Moving in the Right Direction?’ In Privacy Technologies and Policy, 70–85. Proceedings of the Second Annual Privacy Forum, APF 2014. Cham: Springer, 2014.Google Scholar
  15. Custers, Bart, Toon Calders, Bart Schermer, and Tal Zarsky, eds. Discrimination and Privacy in the Information Society: Data Mining and Profiling Large Databases. Berlin, Heidelberg: Springer, 2013.Google Scholar
  16. Dandeker, Christopher. Surveillance, Power and Modernity: Bureaucracy and Discipline from 1700 to the Present Day. Cambridge: Polity Press, 1990.Google Scholar
  17. Danezis, George, Josep Domingo-Ferrer, Marit Hansen, Jaap-Henk Hoepman, Daniel Le Métayer, Rodica Tirtea, and Stefan Schiffner. ‘Privacy and Data Protection by Design—from Policy to Engineering’. Report/Study. ENISA, December 2014.
  18. De Hert, Paul, and David Wright. ‘Introduction to Privacy Impact Assessment’. In Privacy Impact Assessment, edited by David Wright and Paul De Hert, 3–32. Dordrecht; Heidelberg: Springer, 2012.Google Scholar
  19. Deleuze, Gilles. Foucault. Frankfurt am Main: Suhrkamp, 2001.Google Scholar
  20. ———. ‘Post-scriptum sur l es sociétés de contrôle’. L’autre Journal 1 (1990).Google Scholar
  21. Deleuze, Gilles, and Félix Guattari. A Thousand Plateaus: Capitalism and Schizophrenia. London: Bloomsbury, 2013.Google Scholar
  22. Finn, Rachel L., David Wright, and Michael Friedewald. ‘Seven Types of Privacy’. In European Data Protection: Coming of Age, edited by Serge Gutwirth, Ronald Leenes, Paul De Hert, and Yves Poullet, 3–32. Dordrecht: Springer, 2013.Google Scholar
  23. Foucault, Michel. Discipline and Punish: The Birth of the Prison. New York: Vintage Books, Alexander Street Press, 1979.Google Scholar
  24. Fried, Charles. ‘Privacy. [A Moral Analysis]’. In Philosophical Dimensions of Privacy: An Anthology, edited by Ferdinand David Schoeman, 203–22. Cambridge: Cambridge University Press, 1984.Google Scholar
  25. Galič, Maša, Tjerk Timan, and Bert-Jaap Koops. ‘Bentham, Deleuze and Beyond: An Overview of Surveillance Theories from the Panopticon to Participation’. Philosophy & Technology, May 13, 2016, 1–29. doi: 10.1007/s13347-016-0219-1.
  26. Gandy, Oscar H. Coming to Terms with Chance: Engaging Rational Discrimination and Cumulative Disadvantage. Farnham: Ashgate, 2009.Google Scholar
  27. ———. ‘Data Mining, Surveillance, and Discrimination in the Post-9/11 Environment’. In The New Politics of Surveillance and Visibility, edited by Kevin D. Haggerty and Richard V. Ericson, 363–84. Toronto: University of Toronto Press, 2007.Google Scholar
  28. ———. The Panoptic Sort: A Political Economy of Personal Information. Boulder: Westview Press, 1993.Google Scholar
  29. Gürses, Seda, Carmela Troncoso, and Claudia Diaz. ‘Engineering Privacy by Design’, paper presented at the Conference on Computers, Privacy, and Data Protection (CPDP), 2011. Accessed March 24, 2016.Google Scholar
  30. Haggerty, K. D., and R. V. Ericson. ‘The Surveillant Assemblage’. The British Journal of Sociology 51 (2000): 605–22.CrossRefGoogle Scholar
  31. Haggerty, Kevin D. ‘Tear down the Walls: On Demolishing the Panopticon’. In Theorizing Surveillance : The Panopticon and beyond, edited by David Lyon, 23–45. Cullompton: Willan, 2009.Google Scholar
  32. Haggerty, Kevin D., and Richard V. Ericson. ‘The New Politics of Surveillance and Visibility’. In The New Politics of Surveillance and Visibility, edited by Kevin D. Haggerty and Richard V. Ericson, 3–25. Toronto: University of Toronto Press, 2007.Google Scholar
  33. Hustinx, Peter. ‘Privacy by Design: Delivering the Promises.’ Identity in the Information Society 3, no. 2 (2010): 253–55.CrossRefGoogle Scholar
  34. Kamiran, Faisal, Toon Calders, and Mykola Pechenizkiy. ‘Techniques for Discrimination-Free Predictive Models’. In Discrimination and Privacy in the Information Society: Data Mining and Profiling Large Databases, edited by Bart Custers, Toon Calders, Bart Schermer, and Tal Zarsky, 223–41. Berlin, Heidelberg: Springer, 2013.Google Scholar
  35. Kenner, Alison Marie. ‘Securing the Elderly Body: Dementia, Surveillance, and the Politics of “Aging in Place”’. Surveillance & Society 5, no. 3 (September 1, 2002): 252–69.Google Scholar
  36. Latour, Bruno. ‘On Recalling ANT’. The Sociological Review 47, no. S1 (May 1, 1999): 15–25. doi: 10.1111/j.1467-954X.1999.tb03480.x.CrossRefGoogle Scholar
  37. Los, Maria. ‘Looking into the Future: Surveillance, Globalization and the Totalitarian Potential’. In Theorizing Surveillance: The Panopticon and beyond, edited by David Lyon, 69–94. Cullompton: Willan, 2009.Google Scholar
  38. Lyon, David, ed. Surveillance as Social Sorting: Privacy, Risk, and Digital Discrimination. London: Routledge, 2003.Google Scholar
  39. ———. Surveillance Studies: An Overview. Cambridge: Polity Press, 2009.Google Scholar
  40. Ma, Zhendong, Denis Butin, Francisco Jaime, Fanny Coudert, Antonio Kung, Claire Gayrel, Antonio Mana, et al. ‘Towards a Multidisciplinary Framework to Include Privacy in the Design of Video Surveillance Systems’. In Privacy Technologies and Policy, 101–16. Proceedings of the Second Annual Privacy Forum, APF 2014. Cham: Springer, 2014.Google Scholar
  41. Mann, Steve, Jason Nolan, and Barry Wellman. ‘Sousveillance: Inventing and Using Wearable Computing Devices for Data Collection in Surveillance Environments.’ Surveillance & Society 1, no. 3 (September 1, 2002): 331–55.Google Scholar
  42. Marthews, Alex and Catherine E. Tucker. ‘Government Surveillance and Internet Search Behavior’, SSRN Scholarly Paper (Rochester, NY: Social Science Research Network, 29 April 2015),
  43. Nissenbaum, Helen Fay. Privacy in Context: Technology, Policy, and the Integrity of Social Life. Stanford: Stanford Law Books, 2010.Google Scholar
  44. Orrù, Elisa. ‘Effects and Effectiveness of Surveillance Technologies: Mapping Perceptions, Reducing Harm’, European University Institute Working Papers, (2015),
  45. Panichas, George E. ‘An Intrusion Theory of Privacy’. Res Publica 20, no. 2 (May 1, 2014): 145–61.Google Scholar
  46. Penney, Jon. ‘Chilling Effects: Online Surveillance and Wikipedia Use’, Berkeley Technology Law Journal 31, no. 1 (2016): 117–82.Google Scholar
  47. Porcedda, Maria Grazia. ‘Public-Private Partnerships: A “Soft” Approach to Cybersecurity? Views from the European Union’. In Security in Cyberspace: Targeting Nations, Infrastructures, Individuals, edited by Giampiero Giacomello, 183–211. New York: Bloomsbury, 2014.Google Scholar
  48. Raab, Charles D. ‘Privacy, Social Values and the Public Interest’. Edited by Andreas Busch and Jeannette Hofmann. Politik und die Regulierung von Information’ [‘Politics and the Regulation of Information’], Politische Vierteljahresschrift, 46 (2012): 129–51.Google Scholar
  49. Raab, Charles D. ‘The Future of Privacy Protection’. In Trust and Crime in Information Societies, edited by Robin Mansell and Brian Collins, 282–318. Cheltenham: Edward Elgar, 2005.Google Scholar
  50. Raab, Charles D., and David Wright. ‘Privacy Principles, Risks and Harms’. International Review of Law, Computers & Technology 28, no. 3 (2014): 277–98.CrossRefGoogle Scholar
  51. ———. ‘Surveillance: Extending the Limits of Privacy Impact Assessment’, in In Privacy Impact Assessment, edited by David Wright and Paul De Hert, 363–83. Dordrecht; Heidelberg: Springer, 2012.Google Scholar
  52. Regan, Priscilla M. Legislating Privacy. London: University of North Carolina Press, 1995.Google Scholar
  53. Rössler, Beate. ‘New Ways of Thinking about Privacy’. In The Oxford Handbook of Political Theory, edited by John S. Dryzek, 694–712. Oxford: Oxford University Press, 2006.Google Scholar
  54. Rubel, Alan. ‘The Particularized Judgment Account of Privacy’. Res Publica 17 (2011): 275–90.CrossRefGoogle Scholar
  55. Solove, Daniel J. ‘A Taxonomy of Privacy’. University of Pennsylvania Law Review 154 (2006): 477–564. doi: 10.2307/40041279. Accessed March 24, 2016.CrossRefGoogle Scholar
  56. ———. ‘Conceptualizing Privacy’. California Law Review 90 (2002): 1087–1155. doi: 10.2307/3481326. Accessed March 24, 2016.
  57. Stalder, Felix. ‘Privacy Is Not the Antidote to Surveillance.’ Surveillance & Society 1 (2009): 120–24.Google Scholar
  58. Thomson, Judith Jarvis. ‘The Right to Privacy’. Philosophy & Public Affairs 4 (1975): 295–314.Google Scholar
  59. Walsh, James P. ‘From Border Control to Border Care: The Political and Ethical Potential of Surveillance.’ Surveillance & Society 8, no. 2 (December 18, 2010): 113–30.Google Scholar
  60. Zarsky, Tal. ‘Transparency in Data Mining: From Theory to Practice’. In Discrimination and Privacy in the Information Society: Data Mining and Profiling Large Databases, edited by Bart Custers, Toon Calders, Bart Schermer, and Tal Zarsky, 301–24. Berlin, Heidelberg: Springer, 2013.Google Scholar
  61. Zuboff, Shoshana. ‘Big Other: Surveillance Capitalism and the Prospects of an Information Civilization’, Journal of Information Technology 30: 75–89, April 4, 2015.

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  1. 1.Centre for Security and SocietyAlbert-Ludwigss-Universität FreiburgFreiburg im BreisgauGermany

Personalised recommendations