Skip to main content
Book cover

Annual Privacy Forum

APF 2012: Privacy Technologies and Policy pp 55–72Cite as

Designing Privacy-by-Design

  • Conference paper

Part of the Lecture Notes in Computer Science book series (LNSC,volume 8319)

Abstract

The proposal for a new privacy regulation d.d. January 25th 2012 introduces sanctions of up to 2% of the annual turnover of enterprises. This elevates the importance of mitigation of privacy risks. This paper makes Privacy by Design more concrete, and positions it as the mechanism to mitigate these privacy risks.

In this vision paper, we describe how design patterns may be used to make the principle of Privacy by Design specific for relevant application domains. We identify a number of privacy design patterns as examples and we argue that the art is in finding the right level of abstraction to describe a privacy design pattern: the level where the data holder, data subject and privacy risks are described.

We give an extended definition of Privacy by Design and, taking Solove’s model for privacy invasions as structuring principle, we describe a tool and method to use that tool to generate trust in systems by citizens.

Keywords

  • privacy
  • privacy design pattern
  • privacy-by-design
  • system engineering
  • trust
  • tooling

This is a preview of subscription content, access via your institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-3-642-54069-1_4
  • Chapter length: 18 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
eBook
USD   39.99
Price excludes VAT (USA)
  • ISBN: 978-3-642-54069-1
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   54.99
Price excludes VAT (USA)
Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. EC, Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (1995)

    Google Scholar 

  2. EC, COM(2012) 11 (final) Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) (January 25, 2012)

    Google Scholar 

  3. EC, COM(2010) 609 (final), A comprehensive approach on personal data protection in the European Union (November 4, 2010)

    Google Scholar 

  4. EC, COM(2010) 245 (final)/2, A Digital Agenda for Europe (August 26, 2010)

    Google Scholar 

  5. van Lieshout, M., Kool, L., van Schoonhoven, B., de Jonge, M.: Privacy by Design: an alternative to existing practice in safeguarding privacy. Info. 13(6), 55–68 (2011)

    CrossRef  Google Scholar 

  6. European Forum for Urban Security, Charter for a Democratic Use of Video Surveillance (2011)

    Google Scholar 

  7. Hes, R., Borking, J.: Privacy Enhancing Technologies: the path to anonymity (Revised Edition) Registratiekamer, Achtergrondstudies en Verkenningen 11 (first edition 1995)

    Google Scholar 

  8. CFP2000, Conference on Computers, Freedom & Privacy (2000), http://www.cfp2000.org/

  9. EC / TNO et al, FP5, PISA project (2003), http://cordis.europa.eu/projects/rcn/53640_en.html (accessed June 2, 2012)

  10. Cavoukian, Origins of Privacy by Design, http://privacybydesign.ca/publications/pbd-origin-and-evolution/ (accessed August 3, 2011)

  11. Cavoukian, Privacy by Design – The 7 foundational principles (August 2009) (revised January 2011)

    Google Scholar 

  12. Gürses, Troncose, Diaz: Engineering Privacy by Design. In: Conference on Computers, Privacy & Data protection, CPDP (2011)

    Google Scholar 

  13. Jean-Philippe Courtois, Privacy by Design at Microsoft (November 29, 2010)

    Google Scholar 

  14. Winterfield, K. (2009), http://ibmresearchnews.blogspot.com/2009/10/inventors-corner-innovations-enable.html

  15. Cavoukian, Privacy by Design – The answer to overcoming negative externalities arising from poor management of personal data, Trust Economics Workshop (June 23, 2009)

    Google Scholar 

  16. Kranzberg, M.: Technology and History: Kranzberg’s Laws. Technology and Culture 27(3), 544–560 (1986)

    CrossRef  Google Scholar 

  17. EuroPrise - the European Privacy Seal for IT Products and IT-Based Services (2007), https://www.european-privacy-seal.eu/ (accessed June 2, 2012)

  18. London Economics, Study on the economic benefits of privacy-enhancing technologies (PETs) (July 2010)

    Google Scholar 

  19. Borking, J.: Privacy law is code (2010)

    Google Scholar 

  20. Rogers, E.M.: Diffusion of Innovations (1962)

    Google Scholar 

  21. Warren and Brandeis, Harvard Law Review. The right to privacy, vol. IV(5) (December 15, 1890), http://groups.csail.mit.edu/mac/classes/6.805/articles/privacy/Privacy_brand_warr2.html

  22. Agre & Rottenberg, Technology and privacy: the new landscape (1997)

    Google Scholar 

  23. Clarke, R.: Roger Clarke’s ‘What’s Privacy?, http://www.rogerclarke.com/DV/Privacy.html (accessed May 12, 2011)

  24. Cambridge Essential English Dictionary, lemma Privacy (accessed August 6, 2011)

    Google Scholar 

  25. Westin, A.: Privacy and Freedom. Atheneum, New York (1967)

    Google Scholar 

  26. Burgoon, K., Parrott, R., Le Poire, B.A., Kelley, D.L., Walther, J.B., Perry, D.: Maintaining and Restoring Privacy through Communication in Different Types of Relationships. Journal of Social and Personal Relationships 6(2), 131–158 (1989)

    CrossRef  Google Scholar 

  27. Langheinrich, M.: Privacy by design - principles of privacy-aware ubiquitous systems. In: Abowd, G.D., Brumitt, B., Shafer, S. (eds.) UbiComp 2001. LNCS, vol. 2201, pp. 273–291. Springer, Heidelberg (2001)

    CrossRef  Google Scholar 

  28. Solove, D.J.: A Taxonomy of Privacy. University of Pennsylvania Law Review 154(3), 477–564 (2006)

    CrossRef  Google Scholar 

  29. UML 2.4.1 Specification, http://www.omg.org/spec/UML/2.4.1/ (accessed December 2011)

  30. Harrison McKnight, D., Chervany, N.L.: The Meanings of Trust, University of Minnesota (1996), http://www.misrc.umn.edu/wpaper/wp96-04.htm

  31. BBC, Eric Schmidt, Google (April 13, 2013), http://www.bbc.co.uk/news/technology-22134898

  32. Ridings, C.M., Gefen, D., Arinze, B.: Some antecedents and effects of trust in virtual communities. The Journal of Strategic Information Systems 11(3-4), 271–295 (2002) ISSN 0963-8687, 10.1016/S0963-8687(02)00021-5

    Google Scholar 

  33. Article 8 of the European Convention on Human Rights (1950)

    Google Scholar 

  34. EC, undated, Status of implementation of Directive 95/46 on the Protection of Individuals with regard to the Processing of Personal Data (2011), http://ec.europa.eu/justice/policies/privacy/law/implementation_en.htm (accessed August 3, 2011)

  35. EC, COM/2012/010 final - 2012/0010 (COD), Proposal for a Directive of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data by competent authorities for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and the free movement of such data (January 2012)

    Google Scholar 

  36. EU KP7 SMART project, http://www.smartsurveillance.eu/ (accessed May 13, 2012)

  37. Cambridge Essential English Dictionary, lemma Design (accessed August 28, 2011)

    Google Scholar 

  38. INCOSE, A Consensus of the INCOSE Fellows, http://www.incose.org/practice/fellowsconsensus.aspx (accessed June 2012)

  39. Bahill, A.T., Gissing, B.: Re-evaluating systems engineering concepts using systems thinking. IEEE Transactions on Systems, Man, and Cybernetics, Part C: Applications and Reviews 28(4), 516–527 (1998)

    CrossRef  Google Scholar 

  40. The Open Group, “The Open Group Architecture Framework, TOGAF”, http://www.opengroup.org/togaf/ (last accessed April 2, 2012)

  41. Alexander, C.: A Pattern Language: Towns, Buildings, Construction (1977)

    Google Scholar 

  42. Buschmann, F., Meunier, R., Rohnert, H., Sommerlad, P.: Pattern-Oriented Software Architecture. A System of Patterns, vol. 1. John Wiley & Sons (1996)

    Google Scholar 

  43. Steinberg, A., Bowman, C.: Rethinking the JDL Data Fusion Levels, NSSDF JHAPL, June, 04 2. In: Bowman, C.L. (ed.) The Dual Node Network (DNN) Data Fusion & Resource Management (DF&RM) Architecture, AIAA Intelligent Systems Conference, Chicago, September 20-22 (2004)

    Google Scholar 

  44. Hafiz, M.: A collection of Privacy Design Patterns. In: Proceedings of the 13th Pattern Languages of Programs. Allerton, Illinois (2006)

    Google Scholar 

  45. Security Patterns – Integrating Security and Systems Engineering, Schumacher, Fernandez-Buglioni, Hybertson, Buschmann, Sommerlead. John Wiley & Sons (2006)

    Google Scholar 

  46. UC Berkeley School of Information (2013), http://privacypatterns.org/ (last visited May 2013)

  47. Revocable Privacy, Jaap-Henk Hoepman. Privacy & Informatie 11(3), 114–118 (June 2008)

    Google Scholar 

  48. BSIA, Privacy Masking Guide (2011)

    Google Scholar 

  49. Roelofsen, Patent WO 03/010728/A1 Method and System and Data Source for Processing of Image Data (February 2003)

    Google Scholar 

  50. WeArePerspective (2007), http://www.weareperspective.com/project/ns-camera (accessed December 2011)

  51. Cvrček, D., Matyáš, V.: D13.1: Identity and impact of privacy enhancing technology. FIDIS (2007), http://fidis-wp13-del13.1.final.pdf (accessed February 16, 2011)

Download references

Author information

Authors and Affiliations

  1. TNO, Delft / The Hague, The Netherlands

    Jeroen van Rest, Daniel Boonstra, Maarten Everts, Martin van Rijn & Ron van Paassen

Authors
  1. Jeroen van Rest
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Daniel Boonstra
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Maarten Everts
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Martin van Rijn
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Ron van Paassen
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Dept. of Electrical Engineering-ESAT, KU Leuven and iMinds, Kasteelpark Arenberg 10 Bus 2452, 3001, Leuven-Heverlee, Belgium

    Bart Preneel

  2. Information Security & Data Protection Unit, ENISA, 1 Vasilissis Sofias, Marousi, 15124, Athens, Greece

    Demosthenes Ikonomou

Rights and permissions

Reprints and Permissions

Copyright information

© 2014 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

van Rest, J., Boonstra, D., Everts, M., van Rijn, M., van Paassen, R. (2014). Designing Privacy-by-Design. In: Preneel, B., Ikonomou, D. (eds) Privacy Technologies and Policy. APF 2012. Lecture Notes in Computer Science, vol 8319. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-54069-1_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-54069-1_4

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-54068-4

  • Online ISBN: 978-3-642-54069-1

  • eBook Packages: Computer ScienceComputer Science (R0)