Skip to main content
SpringerLink
Log in

Privacy by Design: Leadership, Methods, and Results

  • Chapter
  • First Online:
European Data Protection: Coming of Age

Abstract

Informational privacy (self-determination) faces continuous and evolving threats as a consequence of technological, legal, and cultural factors. Approaches to preserving and promoting informational privacy must also evolve with changing contexts and threats.Privacy by Design Foundational Principles are a response to this evolving need. They build upon, and extend, universal Fair Information Practice principles by emphasizing proactive leadership, systemic and verifiable methods, and demonstrable, practical results. Whether applied to information technologies, organizational processes, or networked system architectures,Privacy by Design Foundational Principles serve as a framework for developing specific engineering controls and best practices.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 169.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    International Conference of Data Protection and Privacy Commissioners (2010). Privacy by Design Resolution, adopted at Jerusalem, Israel, October 27–29, 2010.

  2. 2.

    See “EU Commission proposes a comprehensive reform of the data protection rules” (January 25, 2012) athttp://ec.europa.eu/justice/newsroom/data-protection/news/120125_en.htm and “FTC Issues Final Commission Report on Protecting Consumer Privacy”, Press Release, 26 March2012 atwww.ftc.gov/opa/2012/03/privacyframework.shtm

  3. 3.

    I acknowledge that the terms “privacy” and “data protection” refer to differing but closely related concepts. I recognize that privacy is a much broader concept than data protection, with the latter term typically referring to an individual’s information rights, along with the legal structures that enable them and impose obligations on organizations that process personal data.Privacy by Design principles seek the highest possible global standard of privacy, but are agnostic with respect to specific legal privacy rights and obligations that may exist in any given jurisdiction. For some thoughtful discussions about privacy and data protection, and the distinctions between them, see Viktor Mayer-Schönberger (1997), Omer Tene (2010), Colette Cuijpers (2007), and András Jóri (2007).

  4. 4.

    For an extended treatment ofPbD origins, see Ann Cavoukian (2012), “Privacy by Design: Origins, Meaning, and Prospects for Assuring Privacy and Trust in the Information Era,” inPrivacy Protection Measures and Technologies in Business Organizations: Aspects and Standards, ed. George O.M. Yee, 178–208 (Ottawa, Canada: Aptus Research Solutions Inc. and Carleton University).

  5. 5.

    For a discussion, see Ann Cavoukian,Privacy in the Clouds,2008a.

  6. 6.

    See Ann Cavoukian,Transformative Technologies Deliver Both Security and Privacy: Think Positive-Sum not Zero-Sum,2009b. (Accessed at:www.ipc.on.ca/images/Resources/trans-tech.pdf), andMoving Forward from PETs to PETs Plus: The Time for Change is Now,2009a (Accessed at:www.ipc.on.ca/images/Resources/petsplus_3.pdf).

  7. 7.

    Ann Cavoukian (2002).

  8. 8.

    Colin Bennett (2009).

  9. 9.

    Tapscott and Cavoukian (2006).

  10. 10.

    See Simone Fischer-Hübner et al., Online Privacy: Towards Informational Self-Determination on the Internet (“Dagstuhl Manifesto”),2011.

  11. 11.

    See Privacy International et al. (1998,2003,2007,2011), Ford (2004).

  12. 12.

    See Ponemon20102011.

  13. 13.

    Examples include: IPC, Guardent & PricewaterhouseCoopers,Privacy Diagnostic Tool (2001); Office of the Privacy Commissioner of Canada [OPCC],2004; American Institute of Certified Public Accountants/Canadian Institute of Chartered Accountants [AICPA/CICA],Privacy Assessment Tool Version 2.0 (2010b).

  14. 14.

    Examples include: AICPA/CICAPrivacy Maturity Model; ISO/IEC 29100:2011Information technology – Security techniques – Privacy framework (2010a).

  15. 15.

    See Linden Consulting, Inc., Privacy Impact Assessments: International Study of their Application and Effects, prepared for Information Commissioner’s Office United Kingdom (2007).

  16. 16.

    Office of the Privacy Commissioner of Canada [OPCC] (2007), ICO (2007,2009a,b), Office of the Privacy Commissioner of Australia [OPCA] (2010).

  17. 17.

    See IPC, Ontario Lottery and Gaming Corporation and YMCA Canada (2009). Privacy Risk Management: Building privacy protection into a Risk Management Framework to ensure that privacy risks are managed, by default. See also Cavoukian and McQuay (2010).

  18. 18.

    See International Security, Trust and Privacy Alliance (ISTPA)Privacy Framework v1.1 (2002); OASISPrivacy Management Reference Model 2.0 (2009); NIST 800-53Security and Privacy Controls for federal information systems and Organizations, Appendix J (Privacy Controls, Enhancements, and Supplemental Guidance) (2012).

  19. 19.

    See Abrams and Taylor (2010), Centre for Information Policy Leadership [CIPL] (2009,2010), European Commission [EC] (2010 c).

  20. 20.

    See Ann Cavoukian and Tom Marinelli (2010) Privacy-Protective Facial Recognition: Biometric Encryption Proof of Concept.

  21. 21.

    See IWGDPT (2011) Privacy by Design and Smart Metering: Minimize Personal Information to Maintain Privacy, Working Paper 675.43.18 and (2009) Report and Guidance on Road Pricing – “Sofia Memorandum” 675.38.12. and Carmel Troncoso et al. (2011) “PriPAYD: Friendly Pay-As-You-Drive Insurance”, inIEEE Transactions on Dependable and Secure Computing.

  22. 22.

    See Ann Cavoukian (2009 e).

  23. 23.

    EuroPriSe European Privacy Seal awards atwww.european-privacy-seal.eu/awarded-seals.

  24. 24.

    For example, Japan’sPrivacyMark, AICPA/CICA’sWebTrust, andEBTrust in Norway.

  25. 25.

    See list of European Commission-funded projects, ICT Research in FP7, Research activities in trust, privacy and identity in the digital economy at:http://cordis.europa.eu/fp7/ict/security/projects_en.html.

  26. 26.

    European Commission (2007, 2009,2010a,b,c, 2011).

  27. 27.

    Galway Project (2009), “Paris” Project (2010).

  28. 28.

    See PIA resources in Bibliography.

  29. 29.

    Seewww.privacybydesign.ca for extensivePbD resources and case studies.

  30. 30.

    FTC (2010), EC (2010a,b,c,2011a,b,2012).

  31. 31.

    Cameron (2005), Cavoukian and Tapscott (2006, Cavoukian2009 b), Cameron et al. (2008), European Network and Information Security Agency [ENISA] (2009), U.S. White House (2010).

  32. 32.

    International Working Group on Data Protection in Telecommunications [IWGDPT] (2008).

  33. 33.

    Cavoukian (2008a).

  34. 34.

    Cavoukian (2009a,b,c,d,e).

  35. 35.

    NEC (2010).

  36. 36.

    Cavoukian (2009a,b,c,d,e), Schwartz et al. (2007), CIPPIC (2007), Romanosky et al. (2011).

References

  • American Institute of Certified Public Accountants (AICPA) and Canadian Institute of Chartered Accountants (CICA). 2010a.Generally Accepted Privacy Principles (GAPP) and Criteria and the AICPA/CICA PRIVACY MATURITY MODEL Based On Generally Accepted Privacy Principles.http://bit.ly/ePrxwg andhttp://bit.ly/fQVes1, respectively. Accessed 13 Jan 2012.

  • American Institute of Certified Public Accountants (AICPA) and Canadian Institute of Chartered Accountants (CICA). 2010b.AICPA CICA Privacy Assessment Tool Version 2.0. http://tinyurl.com/cap7fsp. Accessed 12 Mar 2012.

  • Bennett, Colin J. 2009. International privacy standards: A continuing convergence.http://bit.ly/hBk3oX. Accessed 13 Jan 2012.

  • Cameron, Kim. 2005. The laws of identity, identity blog.http://bit.ly/eAHmWu. Accessed 13 Jan 2012.

  • Cameron, Kim, Posch Reinhard, and Rannenberg Kai. 2008. Proposal for a common identity framework: A user-centric identity metasystem.http://bit.ly/i6lAfE. Accessed 13 Jan 2012.

  • Canadian Internet Policy and Public Interest Clinic (CIPPIC). 2007. Approaches to security breach notification: A white paper.http://bit.ly/fqzEQ6. Accessed 13 Jan 2012.

Cavoukian, Ann, Information and Privacy Commissioner of Ontario, Canada

  • Cavoukian, Ann. 2002. Security technologies enabling privacy (STEPs): Time for a paradigm shift. Office of the Information and Privacy Commissioner of Ontario, Canada.http://bit.ly/fjpfrt. Accessed 13 Jan 2012.

  • Cavoukian, Ann. 2008a. Privacy in the Clouds,Identity in the Information Society, 1: 89–108. 2008. And Privacy in the clouds: Privacy and digital identity: Implications for the Internet. Office of the Information and Privacy Commissioner of Ontario, Canada.http://bit.ly/gWH3cu andhttp://bit.ly/gWuD7V, respectively. Accessed 13 Jan 2012.

  • Cavoukian, Ann. 2008b. Privacy & radical pragmatism: Change the paradigm. Office of the Information and Privacy Commissioner of Ontario, Canada.http://bit.ly/h1MT9W. Accessed 13 Jan 2012.

  • Cavoukian, Ann. 2008c. RFID and privacy: Guidance for health-care providers. Office of the Information and Privacy Commissioner of Ontario, Canada.http://bit.ly/Oj6CDn. Accessed 13 Jan 2012.

  • Cavoukian, Ann. 2009a. Moving forward from PETs to PETs plus: The time for change is now. Office of the Information and Privacy Commissioner of Ontario, Canada.http://bit.ly/fkeHt8. Accessed 13 Jan 2012.

  • Cavoukian, Ann. 2009b. Transformative technologies deliver both security and privacy: Think positive-sum not zero-sum. Office of the Information and Privacy Commissioner of Ontario, Canada.http://bit.ly/dTi0jh. Accessed 13 Jan 2012.

  • Cavoukian, Ann. 2009c. Privacy and government 2.0: The implications of an open world. Office of the Information and Privacy Commissioner of Ontario, Canada.http://bit.ly/f7kHAn. Accessed 13 Jan 2012.

  • Cavoukian, Ann. 2009d. A discussion paper on privacy externalities, security breach notification and the role of independent oversight. Office of the Information and Privacy Commissioner of Ontario, Canada.http://bit.ly/gdtufG. Accessed 13 Jan 2012.

  • Cavoukian, Ann. 2009e.Adding an on/off device to activate the RFID in enhanced driver’s licences: Pioneering a made-in-Ontario Transformative Technology that delivers both privacy and security. Canada: Office of the Information and Privacy Commissioner of Ontario.http://bit.ly/fbSbpl. Accessed 13 Aug 2012.

  • Cavoukian, Ann. 2009, rev. 2011.Privacy by Design: The 7 foundational principles. Office of the Information and Privacy Commissioner of Ontario, Canada.http://bit.ly/gwzJgw. Accessed 13 Jan 2012.

  • Cavoukian, Ann. 2012.Privacy by Design: Origins, meaning, and prospects for assuring privacy and trust in the information era. InPrivacy protection measures and technologies in business organizations: Aspects and standards, George O.M. Yee, ed. Ottawa: Aptus Research Solutions Inc. and Carleton University. doi:10.4018/978-1-61350-501-4, ISBN13: 9781613505014, ISBN10: 1613505019, EISBN13: 9781613505021.

Cavoukian, Ann. (Joint Publications)

  • Cavoukian, Ann, and Tapscott, Don. 2006. Privacy and the open-networked enterprise. Office of the Information and Privacy Commissioner of Ontario, Canada.http://bit.ly/eTdiya. Accessed 13 Jan 2012.

  • Cavoukian, Ann, and McQuay, Terry. 2010. A pragmatic approach to privacy risk optimization:Privacy by Design for business practices.Identity in the Information Society 3: 405–413.http://bit.ly/hC7hED. Accessed 13 Jan 2012.

  • Cavoukian, Ann, Abrams Marty, and Taylor Scott. 2010.Privacy by Design: Essential for organizational accountability and strong business practices.Identity in the Information Society 3: 405–413.http://bit.ly/dOJYOc. Accessed 13 Jan 2012.

  • Cavoukian, Ann, and Marinelli Tom. 2010 Privacy-protective facial recognition: Biometric encryption proof of concept.http://tinyurl.com/dxhh5x6. Accessed 14 Mar 2012.

Centre for Information Policy Leadership (CIPL) as Secretariat to the “Galway” and “Paris” Projects

  • CIPL. 2009. Data protection accountability: The essential elements: A document for discussion.http://1.usa.gov/hvlZcD. Accessed 13 Jan 2012.

  • CIPL. 2010. Demonstrating and measuring accountability a discussion document accountability Phase II – The Paris Project.http://bit.ly/gRFrob. Accessed 13 Jan 2012.

  • Cuijpers, Colette. 2007. A private law approach to privacy; Mandatory Law, 4:4 SCRIPTed 318.www.law.ed.ac.uk/ahrc/script-ed/vol4-4/cuijpers.asp. Accessed 14 Mar 2012.

European Commission (EC)

  • EC. 2009. The future of privacy: Joint contribution to the Consultation of the European Commission on the legal framework for the fundamental right to protection of personal data, Article 29 Data Protection Working Party, WP 168.http://bit.ly/gWJ56l. Accessed 13 Jan 2012.

  • EC. 2010a. Communication from the commission to the European parliament, the council, the economic and social committee and the committee of the regions: A comprehensive approach on personal data protection in the European Union. Technical report.http://bit.ly/grpr4w. Accessed 13 Jan 2012.

  • EC. 2010b. Study on the economic benefits of privacy-enhancing technologies, Final Report to The European Commission, DG Justice, Freedom and Security.http://bit.ly/heQNQT. Accessed 13 Jan 2012.

  • EC. 2010c. Opinion 3/2010 on the principle of accountability, Article 29 Data Protection Working Party, WP 173.http://bit.ly/eEFeaq. Accessed 13 Jan 2012.

  • EC. 2012. EU Commission proposes a comprehensive reform of the data protection rules, Press Release, DG Justice.http://tinyurl.com/7bylsks. Accessed 26 Mar 2012.

  • European Network and Information Security Agency (ENISA). 2009. Privacy and e-ID: Press release and position paper.http://bit.ly/dNNRD6. Accessed 13 Jan 2012.

  • Fischer-Hübner, Simone, Hoofnagle Chris, Rannenberg Kai, Waidner Michael, Krontiris Ioannis, and Marhöfer Michael. 2011. Online privacy: Towards informational self-determination on the Internet. Dagstuhl Perspectives Workshop 11061. doi:10.4230/DagRep.1.2.1.http://drops.dagstuhl.de/opus/volltexte/2011/3151/. Accessed 17 Jun 2011.

  • Ford, R. 2004. Beware rise of Big Brother state, warns data watchdog.The Times 16 August 2004.http://thetim.es/hw1abr. Accessed 12 Dec 2012.

International Conference of Privacy and Data Protection Commissioners (ICPDPC)

  • ICPDPC. 2010.Privacy by Design resolution, adopted at Jerusalem, Israel, October 27–29, 2010.http://bit.ly/fffv0l. Accessed 13 Jan 2012.

International Working Group on Data Protection in Telecommunications (IWGDPT)

Office of the Information and Privacy Commissioner of Ontario, Canada. (Joint Publications)

  • Office of the Information and Privacy Commissioner of Ontario, Canada, NEC Computing. 2010. Modelling cloud computing architecture without compromising privacy: APrivacy by Design approach. Office of the Information and Privacy Commissioner of Ontario, Canada.http://bit.ly/fqnA8v. Accessed 13 Jan 2012.

  • Office of the Information and Privacy Commissioner of Ontario, Canada, and Nymity. 2010. A pragmatic approach to privacy risk optimization:Privacy by Design for business practices. Office of the Privacy Commissioner of Ontario, Canada.http://bit.ly/hl0ws8. Accessed 13 Jan 2012.

  • Office of the Information and Privacy Commissioner of Ontario, Canada, Guardent and PricewaterhouseCoopers. 2001. Privacy diagnostic tool workbook and FAQ. Office of the Information and Privacy Commissioner of Ontario, Canada.http://bit.ly/gAhbsN andhttp://bit.ly/eaHrMv, respectively. Accessed 13 Jan 2012.

  • Office of the Information and Privacy Commissioner of Ontario, Canada, Ontario Lottery and Gaming Corporation & YMCA Canada. 2009a. Privacy risk management: Building privacy protection into a risk management framework to ensure that privacy risks are managed, by default. Office of the Information and Privacy Commissioner of Ontario, Canada.http://bit.ly/gGMA4r. Accessed 13 Jan 2012.

  • Office of the Information and Privacy Commissioner of Ontario,Canada and Liberty Alliance. 2009.The New Federated Privacy Impact Assessment(F-PIA) bulding privacy and trust- enabled federation. Canada: Office of the Informationa and Privacy Commissioner of Ontario.http://bit.ly/f89UMs. Accessed 13 Aug 2012.

  • Office of the Privacy Commissioner of Australia (OPCA). 2010. Privacy Impact Assessments (PIA) guide.http://bit.ly/hRQu0a. Accessed 13 Jan 2012.

Office of the Privacy Commissioner of Canada (OPCC)

  • OPCC. 2004. A guide for businesses and organizations: Your privacy responsibilities. Office of the Privacy Commissioner of Canada.http://bit.ly/fRKncL. Accessed 13 Jan 2012.

  • OPCC. 2007. Fact sheet on PIAs. Office of the Privacy Commissioner of Canada.http://bit.ly/dTZ8Aj. Accessed 13 Jan 2012.

Ponemon Institute, The:

  • Ponemon Institute. 2010. 2009 annual study: Cost of a privacy breach sponsored by PGP Corp.http://bit.ly/eRxyMK. Accessed 13 Jan 2012.

  • Ponemon Institute. 2011. The true costs of compliance: A benchmark study of multinational organizations, independent research report.http://bit.ly/e13LZT. Accessed 13 Jan 2012.

  • Privacy International. 1998–2003. Privacy and human rights, annual reports.http://bit.ly/hjKLSe. Accessed 13 Jan 2012.

  • Privacy International and the Electronic Privacy Information Center (EPIC). 2007. Privacy and human rights 2006: An international survey of privacy laws and developments. http://bit.ly/g9wOAh. Accessed 13 Jan 2012.

  • Privacy International, the Electronic Privacy Information Center (EPIC) and the Center for Media and Communications Studies (CMCS). 2011. European privacy and human rights 2010. http://bit.ly/gnFZoC. Accessed 13 Jan 2012.

  • Romanosky, Sasha, Rahul Telang, and Alessandro Acquisti. 2011. Do data breach disclosure laws reduse identity theft?Journal of Policy Analysis and Management 30(2): 256–286. Available at SSRN:http://ssrn.com/abstract=1268926

    Google Scholar 

  • Schwartz, Paul M., and Janger Edward J. 2007. Notification of data security breaches.Michigan Law Review 105: 913. Brooklyn Law School, Legal Studies Paper No. 58.http://bit.ly/hQjHT0. Accessed 13 Jan 2012.

  • Troncoso, Carmela, Danezis George, Kosta Eleni, Balasch Joseph, and Preneel Bart. 2011. PriPAYD: Friendly pay-as-you-drive insurance.IEEE Transactions on Dependable and Secure Computing 8(5): 742–755. Accessible at:www.cosic.esat.kuleuven.be/publications/article-2013.pdf.

    Google Scholar 

U.K. Information Commissioner’s Office (ICO)

  • U.K. Information Commissioner’s Office (ICO). 2007. An international study of PIA law, policies and practices, ICO.http://bit.ly/hB381i. Accessed 13 Jan 2012.

  • U.K. Information Commissioner’s Office (ICO). 2009a. Protecting people: A data protection strategy for the Information Commissioner’s Office. ICO.http://bit.ly/gi5vW1. Accessed 13 Jan 2012.

  • U.K. Information Commissioner’s Office (ICO). 2009b. PIA Handbook, ICO.http://bit.ly/eEKU06. Accessed 13 Jan 2012.

  • U.S. Federal Trade Commission (FTC). 2010. Protecting consumer privacy in an era of rapid change: A proposed framework for businesses and policymakers. Staff technical report.http://1.usa.gov/eupYzF. Accessed 13 Jan 2012.

  • U.S. White House. 2010. Draft national strategy for trusted identities in cyberspace: Creating options for enhanced online security and privacy.http://1.usa.gov/hNs1jw. Accessed 13 Jan 2012.

Additional Readings

  • Borking, J.J. 2005. Privacy standards for trust. Presentation to the London conference of Data Protection Authorities.http://bit.ly/gTjOVq. Accessed 13 Jan 2012.

  • Borking, J.J., and Raab, C. 2001. Laws, PETS and other technologies for privacy protection.Journal of Information, Law and Technology 1, pp. 1–14.http://bit.ly/PkslMr.

Cavoukian, A, Information and Privacy Commissioner, Ontario, Canada

  • Cavoukian, A. May 2011.Privacy by ReDesign: Building a better legacy. Available at:www.privacybydesign.ca

  • Cavoukian, A. Aug 2011.Privacy by Design in law, policy and practice: A white paper for regulators, decision-makers and policy-makers.

    Google Scholar 

  • Cavoukian, A. Sept 2011.Privacy by Design: From policy to practice.

    Google Scholar 

  • Cavoukian, A. Nov 2011.Privacy by ReDesign: A practical framework for implementation.

    Google Scholar 

Center for Democracy and Technology (CDT)

  • CDT. 2009a. Perspective on PbD.http://bit.ly/fuxn0t. Accessed 13 Jan 2012.

  • CDT. 2009b. The role of Privacy by Design in protecting consumer privacy. Comments submitted to the FTC Consumer Privacy Roundtable.http://1.usa.gov/eMH4jv. Accessed 13 Jan, 2012.

  • Computers, Privacy and Freedom (CFP). 2000, April.Privacy by Design workshop proceedings. Toronto, Ontario, Canada.http://bit.ly/e5UegE. Accessed 13 Jan 2012.

  • Dutch Data Protection Agency. 2004. Privacy-enhancing technologies. White paper for decision-makers.http://bit.ly/dFRV8q. Accessed 13 Jan 2012.

European Commission (EC)

  • EC. 2007a. European Commission supports PETs: Promoting data protection by Privacy Enhancing Technologies, Press Release.http://bit.ly/epnO5w. Accessed 13 Jan 2012.

  • EC. 2007b. Communication from the commission to the European parliament and the council on promoting data protection by privacy enhancing technologies (PETs), COM(2007) 228 final. Brussels, 2.5.2007 and Background Memo.http://bit.ly/hRdu8n andhttp://bit.ly/gF8BhA, respectively. Accessed 13 Jan 2012.

  • EC. 2009. The future of privacy: Joint contribution to the Consultation of the European Commission on the legal framework for the fundamental right to protection of personal data, Article 29 Data Protection Working Party, WP 168.http://bit.ly/gWJ56l. Accessed 13 Jan 2012.

  • EC. 2010a. Opinion 5/2010 on the Industry Proposal for a Privacy and Data Protection Impact Assessment Framework for RFID Applications, Article 29 Data Protection Working Party, WP175.http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2010/wp175_en.pdf.

  • EC. 2010b. Communication from the commission to the European parliament, the council, the economic and social committee and the committee of the regions: A comprehensive approach on personal data protection in the European Union. Technical report.http://bit.ly/grpr4w. Accessed 13 Jan 2012.

  • EC. 2010c. Study on the economic benefits of privacy-enhancing technologies, Final Report to The European Commission, DG Justice, Freedom and Security.http://bit.ly/heQNQT. Accessed 13 Jan 2012.

  • EC. 2010d. Opinion 3/2010 on the principle of accountability, Article 29 Data Protection Working Party, WP 173.http://bit.ly/eEFeaq. Accessed 13 Jan 2012.

  • EC. 2011a. Opinion 9/2011 on the revised Industry Proposal for a Privacy and Data Protection Impact Assessment Framework for RFID Applications, Article 29 Data Protection Working Party, WP180.http://cordis.europa.eu/fp7/ict/enet/documents/rfid-pia-framework-a29wp-opinion-11-02-2011_en.pdf.

  • EC. 2011b. Privacy and data protection impact assessment framework for RFID applications.http://ec.europa.eu/information_society/policy/rfid/documents/infso-2011-00068.pdf.

  • European Council. Feb 2011. Council conclusions on the Communication from the Commission to the European Parliament and the Council – A comprehensive approach on personal data protection in the European Union, 3071st JUSTICE and HOME AFFAIRS Council meeting, Brussels.http://bit.ly/gx4wS0. Accessed 13 Jan 2012.

European Commission-funded initiatives

Hustinx, P., European Data Protection Supervisor (EDPS)

  • Hustinx, P., and EDPS. 2008, April. EDPS issues policy paper on his role in EU research and technological development, Press Release.http://bit.ly/hKCs5x. Accessed 13 Jan 2012.

  • Hustinx, P., and EDPS. 2010a, March. Opinion of the European Data Protection Supervisor on Promoting Trust in the Information Society by Fostering Data Protection and Privacy, EDPS.http://bit.ly/h9qzmP. Accessed 13 Jan 2012.

  • Hustinx, P., and EDPS. 2010b, March. Press Release, EDPS opinion on privacy in the digital age: “Privacy by Design” as a key tool to ensure citizens’ trust in ICTs, EDPS/10/6.http://bit.ly/hNJDZy. Accessed 13 Jan 2012.

  • Initiative for Privacy Standardization in Europe (IPSE), European Committee for Standardization (CEN). 2002. Final Report of the EU CEN/ISSS Initiative on Privacy Standardization in Europe.http://bit.ly/hZX7io. Accessed 13 Jan 2012.

  • International Working Group on Data Protection in Telecommunications (IWGDPT). 2011. Privacy by Design and smart metering: Minimize personal information to maintain privacy, 675.43.18.http://goo.gl/2zld1. Accessed 14 Feb 2012.

International Security, Trust and Privacy Alliance (ISTPA)

  • ISTPA. 2007. Analysis of privacy principles: Making privacy operational.http://bit.ly/gZu2pm. Accessed 13 Jan 2012.

  • ISTPA. 2009. Privacy management reference model 2.0 v.2.0: A framework for resolving privacy policy requirements into operational privacy services and functions.http://bit.ly/dUMaiD. Accessed 13 Jan 2012.

  • Kenny, S., and Borking, J. 2002. ‘The Value of Privacy Engineering’, Refereed Article,The Journal of Information, Law and Technology (JILT) 2002 (1).http://bit.ly/gk9P3E. Accessed 13 Jan 2012.

  • London Economics. 2010. Study on the economic benefits of privacy-enhancing technologies, Final Report to The European Commission, DG Justice, Freedom and Security.http://bit.ly/heQNQT. Accessed 13 Jan 2012.

  • Microsoft Corp. 2006. Privacy guidelines for developing software products and services.http://bit.ly/ijIMVk. Accessed 13 Jan 2012.

Organisation for Economic Co-operation and Development (OECD)

  • OECD. 2003. Directorate for Science, Technology and Industry, Committee for Information, Computer and Communications Policy, Inventory of privacy-enhancing technologies (PETs).http://bit.ly/hrFQIs. Accessed 8 Apr 2011.

  • OECD. 2008. At a Crossroads: “Personhood” and the digital identity in the information society. STI Working Paper 2007/7.http://bit.ly/gFBhlQ. Accessed 8 Apr 2011.

  • OECD. 2011a. Directorate for Science, Technology and Industry, Committee for Information, Computer and Communications Policy, The evolving privacy landscape: 30 years after the OECD privacy guideline.www.oecd.org/dataoecd/22/25/47683378.pdf. Accessed 16 Feb 2012.

  • OECD. 2011b. The 30th anniversary of the OECD privacy guidelines (web page) atwww.oecd.org/sti/privacyanniversary

  • Rost, Martin, and Bock Kirsten. 2011. Privacy by Design and the new protection goalswww.maroki.de/pub/privacy/BockRost_PbD_DPG_en_v1f.pdf. Accessed 14 Feb 2012.

  • Rubinstein, Ira S. 2011. Regulating Privacy by Design.http://goo.gl/WRCv5. Accessed 14 Feb 2012.

  • Spiekermann, Sarah, and Cranor, Lorrie Faith. 2009. Engineering privacy.IEEE Transactions on Software Engineering 35(1): 67–82. doi:10.1109/TSE.2008.88 .

  • Springer Publications. 2010. Special Privacy by Design issue of Identity in the Information Society 3(2).http://bit.ly/fo6l1q. Accessed 13 Jan 2012.

  • Tene, Omer. 2011. Privacy: The new generations.International Data Privacy Law 1(1): 15–27. doi:10.1093/idpl/ipq003. First published online: 5 Oct 2010.

    Article  Google Scholar 

  • U.K. Royal Academy of Engineering Society. 2007. Report: Dilemmas of privacy and surveillance: Challenges of technological change.http://bit.ly/gJUmJm – Press release:http://bit.ly/hSo1O0. Accessed 13 Jan 2012.

Wright, David

Download references

Acknowledgement

I gratefully acknowledge the work of Fred Carter, Senior Policy & Technology Advisor, Office of the Information and Privacy Commissioner of Ontario, Canada, in the preparation of this paper.

Author information

Authors and Affiliations

  1. Information and Privacy Commissioner, 2 Bloor Street East, 14th Floor, Toronto, ON, Canada, M4W 1A8

    Ann Cavoukian Ph.D.

Authors
  1. Ann Cavoukian Ph.D.
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ann Cavoukian Ph.D. .

Editor information

Editors and Affiliations

  1. Pleinlaan 2, Brussel, 1050, Belgium

    Serge Gutwirth

  2. , TILT, Tilburg University, Warandelaan 2, Tilburg, 5037 AB, Netherlands

    Ronald Leenes

  3. , LSTS, Vrije Universiteit Brussel, Avenue de la Plaine 2, Brussels, 1050, Belgium

    Paul de Hert

  4. Research Centre for Information, Technology & Law, University of Namur, Rempart de la Vierge 5, Namur, 5000, Belgium

    Yves Poullet

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer Science+Business Media Dordrecht

About this chapter

Cite this chapter

Cavoukian, A. (2013). Privacy by Design: Leadership, Methods, and Results. In: Gutwirth, S., Leenes, R., de Hert, P., Poullet, Y. (eds) European Data Protection: Coming of Age. Springer, Dordrecht. https://doi.org/10.1007/978-94-007-5170-5_8

Download citation

Publish with us

Policies and ethics

Search

Navigation