A Refinement Approach for the Reuse of Privacy Risk Analysis Results

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10518)


The objective of this paper is to improve the cost effectiveness of privacy impact assessments through (1) a more systematic approach, (2) a better integration with privacy by design and (3) enhanced reusability. We present a three-tier process including a generic privacy risk analysis depending on the specifications of the system and two refinements based on the architecture and the deployment context respectively. We illustrate our approach with the design of a biometric access control system.



This work has been partially funded by the French ANR-12-INSE-0013 project BIOPRIV and Inria Project Lab CAPPRIS.

Supplementary material


  1. 1.
    Article 29 Data Protection Working Party: Guidelines on Data Protection Impact Assessment (DPIA) and determining whether processing is “likely to result in a high risk” for the purposes of Regulation 2016/679 (2017)Google Scholar
  2. 2.
    BBC Technology: Millions of Fingerprints Stolen in US Government Hack (2015)Google Scholar
  3. 3.
    Bringer, J., Chabanne, H., Métayer, D., Lescuyer, R.: Privacy by design in practice: reasoning about privacy properties of biometric system architectures. In: Bjørner, N., de Boer, F. (eds.) FM 2015. LNCS, vol. 9109, pp. 90–107. Springer, Cham (2015). doi: 10.1007/978-3-319-19249-9_7 CrossRefGoogle Scholar
  4. 4.
    Cavoukian, A.: Privacy by Design: The 7 Foundational Principles Implementation and Mapping of Fair Information Practices. Office of the Information and Privacy Commissioner, Ontario, Canada Standards (2010)Google Scholar
  5. 5.
    Cavoukian, A., Chibba, M., Stoianov, A.: Advances in biometric encryption: taking privacy by design from academic research to deployment. Rev. Policy Res. 29(1), 37–61 (2012)CrossRefGoogle Scholar
  6. 6.
    Cavoukian, A., Stoianov, A.: Privacy by Design Solutions for Biometric One-to-Many Identification Systems (2014)Google Scholar
  7. 7.
    Colesky, M., Hoepman, J., Hillen, C.: A critical analysis of privacy design strategies. In: 2016 IEEE Security and Privacy Workshops, SP Workshops 2016, San Jose, CA, USA, 22–26 May 2016, pp. 33–40 (2016)Google Scholar
  8. 8.
    Commission Nationale de l’Informatique et des Libertes (CNIL): Methodology for Privacy Risk Management - How to Implement the Data Protection Act (2012)Google Scholar
  9. 9.
    Commission Nationale de l’Informatique et des Libertes (CNIL): Privacy Impact Assessment (PIA) Methodology (How to Carry Out a PIA) (2015)Google Scholar
  10. 10.
    Commission Nationale de l’Informatique et des Libertes (CNIL): Privacy Impact Assessment (PIA) Tools (templates and knowledge bases) (2015)Google Scholar
  11. 11.
    Dantcheva, A., Elia, P., Ross, A.: What Else Does Your Biometric Data Reveal? A Survey on Soft Biometrics (2015)Google Scholar
  12. 12.
    De, S.J., Métayer, D.: PRIAM: a privacy risk analysis methodology. In: Livraga, G., Torra, V., Aldini, A., Martinelli, F., Suri, N. (eds.) DPM/QASA -2016. LNCS, vol. 9963, pp. 221–229. Springer, Cham (2016). doi: 10.1007/978-3-319-47072-6_15 CrossRefGoogle Scholar
  13. 13.
    De, S.J., Le Métayer, D.: Privacy harm analysis: a case study on smart grids. In: International Workshop on Privacy Engineering (IWPE). IEEE (2016)Google Scholar
  14. 14.
    De, S.J., Le Métayer, D.: Privacy risk analysis. In: Synthesis Series. Morgan & Claypool Publishers (2016)Google Scholar
  15. 15.
    De, S.J., Le Métayer, D.: A Risk-based Approach to Privacy by Design (Extended Version). No. RR-9001, December 2016Google Scholar
  16. 16.
    De, S.J., Le Métayer, D.: PRIAM: A Privacy Risk Analysis Methodology. INRIA Research Report (RR-8876), July 2016Google Scholar
  17. 17.
    Deng, M., Wuyts, K., Scandariato, R., Preneel, B., Joosen, W.: A privacy threat analysis framework: supporting the elicitation and fulfilment of privacy requirements. Requirements Eng. 16(1), 3–32 (2011)CrossRefGoogle Scholar
  18. 18.
    European Commission: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), April 2016Google Scholar
  19. 19.
    Expert Group. 2 of Smart Grid Task Force: Data Protection Impact Assessment Template for Smart Grid and Smart Metering Systems (2014)Google Scholar
  20. 20.
    Frakes, W.B., Kang, K.: Software reuse research: status and future. IEEE Trans. Softw. Eng. 31(7), 529–536 (2005)CrossRefGoogle Scholar
  21. 21.
    Friginal, J., Guiochet, J., Killijian, M.O.: A privacy risk assessment methodology for location-based systems. Accessed 13 July 2016
  22. 22.
    Garcia, M., Lefkovitz, N., Lightman, S.: Privacy Risk Management for Federal Information Systems (NISTIR 8062 (Draft)). National Institute of Standards and Technology (2015)Google Scholar
  23. 23.
    Gartland, C.: Biometrics Are a Grave Threat to Privacy (2016). The New York TimesGoogle Scholar
  24. 24.
    Gürses, S., Troncoso, C., Diaz, C.: Engineering privacy by design. Comput. Priv. Data Prot. 14(3) (2011)Google Scholar
  25. 25.
    Gürses, S., Troncoso, C., Diaz, C.: Engineering Privacy by Design Reloaded. Amsterdam Privacy Conference (2015)Google Scholar
  26. 26.
    Hoepman, J.-H.: Privacy design strategies. In: Cuppens-Boulahia, N., Cuppens, F., Jajodia, S., Abou El Kalam, A., Sans, T. (eds.) SEC 2014. IFIP AICT, vol. 428, pp. 446–459. Springer, Heidelberg (2014). doi: 10.1007/978-3-642-55415-5_38 CrossRefGoogle Scholar
  27. 27.
    Kobie, N.: Surveillance State: Fingerprinting Pupils Raises Safety and Privacy Concerns (2016). The GuardianGoogle Scholar
  28. 28.
    Mcilroy, M.: Mass produced software components (1969)Google Scholar
  29. 29.
    Miglani, S., Kumar, M.: India’s Billion-member Biometric Database Raises Privacy Fears (2016). ReutersGoogle Scholar
  30. 30.
    Mili, A., Chmiel, S.F., Gottumukkala, R., Zhang, L.: An integrated cost model for software reuse. In: Proceedings of the 2000 International Conference on Software Engineering, pp. 157–166. IEEE (2000)Google Scholar
  31. 31.
    Oetzel, M.C., Spiekermann, S.: A systematic methodology for privacy impact assessments: a design science approach. Eur. J. Inform. Syst. 23(2), 126–150 (2014)CrossRefGoogle Scholar
  32. 32.
    Oetzel, M.C., Spiekermann, S., Grüning, I., Kelter, H., Mull, S.: Privacy Impact Assessment Guideline for RFID Applications (2011)Google Scholar
  33. 33.
    Oppenheim, C.: Big Brother Spying is Reaching Scary Levels (2013).
  34. 34.
    Pearson, S., Benameur, A.: A decision support system for design for privacy. In: Fischer-Hübner, S., Duquenoy, P., Hansen, M., Leenes, R., Zhang, G. (eds.) Privacy and Identity 2010. IFIP AICT, vol. 352, pp. 283–296. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-20769-3_23 CrossRefGoogle Scholar
  35. 35.
    Prabhakar, S., Pankanti, S., Jain, A.K.: Biometric recognition: security and privacy concerns. IEEE Secur. Priv. 1(2), 33–42 (2003)CrossRefGoogle Scholar
  36. 36.
    del Prado, N., Cortez, M., Friginal, J.: Geo-location inference attacks: from modelling to privacy risk assessment. In: Tenth European Dependable Computing Conference (EDCC), pp. 222–225. IEEE (2014)Google Scholar
  37. 37.
    Prieto-Díaz, R.: Status report: software reusability. IEEE Softw. 10(3), 61–66 (1993)CrossRefGoogle Scholar
  38. 38.
    Spiekermann, S., Cranor, L.F.: Engineering privacy. IEEE Trans. Softw. Eng. 35(1), 67–82 (2009)CrossRefGoogle Scholar
  39. 39.
    Standish, T.A.: An essay on software reuse. IEEE Trans. Softw. Eng. 10(5), 494–497 (1984)CrossRefGoogle Scholar
  40. 40.
    Tillman, G.: Opinion: Stolen Fingers: The Case Against Biometric Identity Theft Protection (2009). Computer WorldGoogle Scholar
  41. 41.
    Woodward, J.D.: Biometrics: privacy’s foe or privacy’s friend? Proc. IEEE 85(9), 1480–1492 (1997)CrossRefGoogle Scholar
  42. 42.
    Wright, D., De Hert, P.: Privacy Impact Assessment. Springer, Netherlands (2012)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  1. 1.Inria, Université de LyonLyonFrance

Personalised recommendations