Skip to main content

Strong Accountability: Beyond Vague Promises


The principle of accountability has been enjoying growing popularity over the last few years as a way to mitigate the loss of control by individuals over their personal data. It is however unclear whether accountability can be characterised precisely enough to yield effective protection and whether it bears the capacity for innovative solutions. Reasons to support accountability and criticism raised against it are discussed. Analysing accountability critically requires distinguishing between its application levels: we focus on the requirement for data controllers to provide a statement relating their actual data handling operations with their obligations, and put forward a combination of precise legal requirements and effective tools to support strong accountability. After presenting such an approach, called accountability by design, we explore the integration of this framework with legal and economic settings and discuss its complementarity with other instruments for privacy.


  • Accounting Data
  • Personal Information Protection And Electronic Documents Act (PIPEDA)
  • Privacy Impact Assessment (PIA)
  • Draft General Data Protection Regulation
  • Privacy Seals

These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

This work has been partially funded by the European FI-WARE project/ FP7-2012-ICT-FI. See

This is a preview of subscription content, access via your institution.

Buying options

USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-94-007-7540-4_16
  • Chapter length: 27 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
USD   189.00
Price excludes VAT (USA)
  • ISBN: 978-94-007-7540-4
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Hardcover Book
USD   249.99
Price excludes VAT (USA)


  1. 1.

    We refer the reader to Charles Raab (Raab 2012), Colin Bennett (Bennett 2012) and Daniel Guagnin et al. (2012) for a more complete review.

  2. 2.

    Note however that the FIPPs have been used as a basis for the US Privacy Act of 1974.

  3. 3.

    The fifth principle, Enforcement/Redress, states that “ (…) the core principles of privacy protection can only be effective if there is a mechanism in place to enforce them”.

  4. 4.

    Notably the fact that PIPEDA “used the OECD Guidelines as a starting point” while “moving the Accountability Principle to the beginning”.

  5. 5.

    Role of accountability, p. 52.

  6. 6.

    In addition, provincial private sector privacy laws exist in Alberta, British Columbia and Quebec. The principle of accountability also appears in those provincial regulations, although in an implicit form.

  7. 7.

    Generally speaking, as pointed out by Colin Bennett (2012), a number of countries engaging in APEC have no national data protection regulation, which makes the existence of this framework all the more important.

  8. 8.

    Article 20.

  9. 9.

    They however emphasise that too strict regulations would be a burden and an unacceptable cost for budding companies.

  10. 10.

    See the project website:

  11. 11.

    Those characteristics are defined as follows: completeness means that all agreement violations lead to reports and supporting evidence; accuracy signifies that no violation reports are created if nothing went wrong; and verifiability means that evidence is checkable independently.

  12. 12.

    Definitions of the roles of all stakeholders, their respective commitments, the accounts, the audit procedures, sanctions, etc.

  13. 13.

    As stated in the Article 29 Data Protection Working Party Opinion 3/2010 on the principle of accountability (Article 29 Working Party 2010): “Firstly, we are witnessing a so-called ’data deluge’ effect, where the amount of personal data that exists, is processed and is further transferred continues to grow. Both technological developments, i.e. the growth of information and communication systems, and the increasing capability for individuals to use and interact with technologies favour this phenomenon. As more data is available and travels across the globe, the risks of data breaches also increase.”

  14. 14.

    In the survey Privacy Notices Research by the Privacy Leadership Initiative, only 3 % of respondents declared to “carefully read” privacy notices “most of the time”.

  15. 15.

    The sheer length of this type of document and their convoluted language often prevents users from finding straightforward answers to simple questions such as a promise not to share personal data with third parties or, in case of share, the precise list of third parties which can receive the data.

  16. 16.


  17. 17.

    Even though this suggestion is not exactly the definition adopted by the Working Party 29 in the rest of the document.

  18. 18.

    § 1. The controller shall adopt policies and implement appropriate measures to ensure and be able to demonstrate that the processing of personal data is performed in compliance with this Regulation. § 2. The measures provided for in paragraph 1 shall in particular include: (a) keeping the documentation pursuant to Article 28; (b) implementing the data security requirements laid down in Article 30; (c) performing a data protection impact assessment pursuant to Article 33; (d) complying with the requirements for prior authorisation or prior consultation of the supervisory authority pursuant to Article 34(1) and (2); (e) designating a data protection officer pursuant to Article 35(1). § 3. The controller shall implement mechanisms to ensure the verification of the effectiveness of the measures referred to in paragraphs 1 and 2. If proportionate, this verification shall be carried out by independent internal or external auditors.

  19. 19.

    Article 35 § 1: The controller and the processor shall designate a data protection officer in any case where: (a) the processing is carried out by a public authority or body; or (b) the processing is carried out by an enterprise employing 250 persons or more; or (c) the core activities of the controller or the processor consist of processing operations which, by virtue of their nature, their scope and/or their purposes, require regular and systematic monitoring of data subjects.

  20. 20.

    Article 28. § 2 : The documentation shall contain at least the following information: (a) the name and contact details of the controller, or any joint controller or processor, and of the representative, if any; (b) the name and contact details of the data protection officer, if any; (c) the purposes of the processing, including the legitimate interests pursued by the controller where the processing is based on point (f) of Article 6(1); (d) a description of categories of data subjects and of the categories of personal data relating to them; (e) the recipients or categories of recipients of the personal data, including the controllers to whom personal data are disclosed for the legitimate interest pursued by them; (f) where applicable, transfers of data to a third country or an international organisation, including the identification of that third country or international organisation and, in case of transfers referred to in point (h) of Article 44(1), the documentation of appropriate safeguards; (g) a general indication of the time limits for erasure of the different categories of data; (h) the description of the mechanisms referred to in Article 22(3).

  21. 21.

    XACML deals with access control.

  22. 22.

    PPL (PrimeLife Policy Language), based on XACML for its access control aspect, also includes many usage control features. It was developed by SAP (Trabelsi et al. 2011) as part of PrimeLife, a 36 month long European project with the goal of investigating “…how to protect privacy in emerging Internet applications such as collaborative scenarios and virtual communities”.

  23. 23.

    For example if its source code is available or can be checked by an independent third party.

  24. 24.

    The a posteriori compliance checking approach is not tied to any particular privacy policy language, but we present the specific example of PPL to give a clearer idea of how the strategy can look like concretely.

  25. 25.

    Sticky policies have also been used in the field of digital rights management; however, they play a very different role in our context because here they are checked a posteriori (rather than on the fly) and the process is audited by third parties.

  26. 26.

    Such as the use of personal data for a specific purpose, its forwarding to a third party, its access by the subject, etc.

  27. 27.

    Anonymisation is technically realized through cryptography.

  28. 28.

    Referring to the breaking of glass to trigger an alarm.

  29. 29.

    Common examples include the exceptional access to medical records in life-threatening situations, credit card fraud scenarios and military information classification systems (Feigenbaum et al. 2011).

  30. 30.

    “Privacy audits have been around for a long time, but there is little evidence that market pressure alone will push this kind of external conformity assessment around the international economy”.

  31. 31.

    “Technology neutrality has long been held up as a guiding principle for the proper regulation of technology, particularly the information and communications technologies” (Reed 2007).

  32. 32.

    To this respect, it would be advisable to introduce accountability as a new requirement of Information Security Management Systems (ISMS).

  33. 33.

  34. 34.

    Article 26 (2).

  35. 35.

    See for example EuroPriSe, the European privacy seal:


  • Alhadeff, Joseph, Brendan Van Alsenoy, and Jos Dumortier. 2011. The accountability principle in data protection regulation: Origin, development and future directions. Paper presented at privacy and accountability, Berlin, Germany, April 5--6, 2011.

    Google Scholar 

  • Article 29 Data Protection Working Party. 2003. Working document on transfers of personal data to third countries: Applying article 26 (2) of the EU Data Protection Directive to Binding Corporate Rules for International Data Transfers. Accessed 28 Feb 2013.

  • Article 29 Data Protection Working Party. 2010. Opinion 3/2010 on the principle of accountability. Accessed 28 Feb 2013.

  • Asia-Pacific Economic Cooperation, Electronic Commerce Steering Group (ECSG). 2004. APEC Privacy Framework. Accessed 28 Feb 2013.

  • Asia-Pacific Economic Cooperation, Electronic Commerce Steering Group (ECSG). 2009. APEC data privacy pathfinder projects implementation work plan—revised. Accessed 28 Feb 2013.

  • Bella, Giampaolo, and Lawrence C. Paulson. 2006. Accountability protocols: Formalized and verified. ACM Transactions on Information and System Security 9:138–161.

    CrossRef  Google Scholar 

  • Bellare, Mihir, and Bennet Yee. 1997. Forward integrity for secure audit logs. Technical Report CS98-580, Department of Computer Science and Engineering, University of California at San Diego.

    Google Scholar 

  • Bennett, Colin. 2012. The accountability approach to privacy and data protection: Assumptions and caveats. In Managing privacy through accountability, ed. Daniel Guagnin et al., 33–48. Basingstoke: Palgrave Macmillan.

    Google Scholar 

  • Butin, Denis, Marcos Chicote, and Daniel Le Métayer. 2013. Log design for accountability. Proceedings of the 4th international workshop on data usage management. Washington, D.C.: IEEE Computer Society.

    Google Scholar 

  • Canadian Standards Association. 1996. Model code for the protection of personal information (Q830-96). Mississauga: CSA.

    Google Scholar 

  • Cavoukian, Ann. 2012. Privacy by design [Leading edge]. IEEE Technology and Society Magazine 31:18–19.

    CrossRef  Google Scholar 

  • Cederquist, JG, Ricardo Corin, M. A. C. Dekker, Sandro Etalle, and J. I. den Hartog. 2005. An audit logic for accountability. Proceedings of the 6th international workshop on policies for distributed systems and networks. Washington, D.C.: IEEE Computer Society.

    Google Scholar 

  • Centre for Information Policy Leadership. 2009a. Global discussion on the commonly-accepted elements of privacy accountability. Accessed 28 Feb 2013.

  • Centre for Information Policy Leadership. 2009b. Data protection accountability: The essential elements. . Accessed 28 Feb 2013.

  • Centre for Information Policy Leadership. 2010. Demonstrating and measuring accountability: A discussion document. . Accessed 28 Feb 2013.

  • Commission Nationale Informatique et Libertés (CNIL), Label CNIL procédures d’audit de traitements. 2011. Accessed 28 Feb 2013.

  • Common Criteria for Information Technology Security Evaluation. 2013. Accessed 28 Feb 2013.

  • De Hert, Paul. 2012. Accountability and system responsibility: New concepts in data protection law and human rights law. In Managing privacy through accountability, ed. Daniel Guagnin et al., 193–232. Basingstoke: Palgrave Macmillan.

    Google Scholar 

  • Ernst & Young. 2012. Privacy trends 2012. The case for growing accountability.

    Google Scholar 

  • European Commission. 2012. Proposal for a regulation of the European parliament and of the council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (general data protection regulation). Brussels: European Commission.

    Google Scholar 

  • European Parliament and the Council of the European Union. 1995. Directive 95/46/EC of the European parliament and of the council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. Brussels: European Parliament.

    Google Scholar 

  • Feigenbaum, Joan, James Hendler, Aaron Jaggard, Daniel Weitzner, and Rebecca Wright. 2011. Accountability and deterrence in online life. Paper presented at ACM Web Science Conference 2011, Koblenz, Germany, June 14--17, 2011.

    Google Scholar 

  • Guagnin, Daniel et al., ed. 2012. Managing privacy through accountability. Basingstoke: Palgrave Macmillan.

    CrossRef  Google Scholar 

  • Haeberlen, Andreas. 2009. A case for the accountable cloud. Proceedings of the 3rd ACM SIGOPS international workshop on large-scale distributed systems and middleware. New York: ACM.

    Google Scholar 

  • IBM. 2003. The enterprise privacy authorization language (EPAL). Accessed 28 Feb 2013.

  • Jagadeesan, Radha, Alan Jeffrey, Corin Pitcher, and James Riely. 2009. Towards a theory of accountability and audit. Proceedings of the 14th European conference on Research in computer security. Berlin: Springer.

    Google Scholar 

  • Joint NEMA/COCIR/JIRA Security and Privacy Committee (SPC). 2004. Break-glass: An approach to granting emergency access to healthcare systems.

    Google Scholar 

  • Karjoth, Günter, Matthias Schunter, and Michael Waidner. 2002. Platform for enterprise privacy practices: Privacy-enabled management of customer data. Proceedings of the 2nd workshop on privacy enhancing technologies. Berlin: Springer.

    Google Scholar 

  • Lazouski, Aliaksandr, Fabio Martinelli, and Paolo Mori. 2010. Usage control in computer security: A survey. Computer Science Review 4:81–99.

    CrossRef  Google Scholar 

  • Le Métayer, Daniel. 2009. A formal privacy management framework. Proceedings of formal aspects in security and trust. Berlin: Springer.

    Google Scholar 

  • Marx, Gary. 2012. Privacy is not quite like the weather. In privacy impact assessment, ed. David Wright and Paul De Hert. Berlin: Springer.

    Google Scholar 

  • Organisation for Economic Cooperation and Development. 1980. Guidelines on the protection of privacy and transborder flows of personal data.

    Google Scholar 

  • Organisation for Economic Cooperation and Development. 2011. Thirty years after the OECD privacy guidelines. Accessed 28 Feb 2013.

  • Organization for the Advancement of Structured Information Standards (OASIS). 2013. eXtensible Access Control Markup Language (XACML) version 3.0 OASIS standard. Accessed 28 Feb 2013.

  • Park, Jaehong, and Ravi S. Sandhu. 2002. Towards usage control models: Beyond traditional access control. Proceedings of ACM symposium on access control models and technologies. New York: ACM.

    Google Scholar 

  • Parliament of Canada. 2000. Personal information protection and electronic documents act.

    Google Scholar 

  • Poullet, Yves. 2001. How to regulate Internet: new paradigms for Internet governance Self-regulation: value and limits. In Variations sur le droit de la soci ét é de l ’information, ed. Claire Monville, Cahiers du Centre de Recherches Informatique et Droit. 79–114. Bruxelles: Bruylant.

    Google Scholar 

  • Raab, Charles. 2012. The meaning of ’accountability’ in the information privacy context.” In Managing privacy through accountability, ed. Daniel Guagnin et al., 15–32. Basingstoke: Palgrave Macmillan.

    Google Scholar 

  • Reed, Chris. 2007. Taking sides on technology neutrality. SCRIPTed 263:263–284.

    CrossRef  Google Scholar 

  • Schneider, Fred. 2009. Accountability for perfection. IEEE Security and Privacy Magazine 7:3–4.

    Google Scholar 

  • Schneier, Bruce, and John Kelsey. 1999. Secure audit logs to support computer forensics. ACM Transactions on Information and System Security 2:159–176.

    CrossRef  Google Scholar 

  • Title 12 of the United States Code. 1978. Right to Financial Privacy Act.

    Google Scholar 

  • Trabelsi, Slim, Gregory Neven, and Dave Raggett. 2011. PrimeLife Deliverable D5.3.4: Report on design and implementation.

    Google Scholar 

  • US Federal Trade Commission. 1973. Fair Information Practice Principles.

    Google Scholar 

  • W3C. 2006. The platform for privacy preferences 1.1 (P3P1.1) specification. Accessed 28 Feb 2013.

  • Waters, Brent, Dirk Balfanz, Glenn Durfee, and Diana Smetters. 2004. Building an encrypted and searchable audit log. Proceedings of the network and distributed system security symposium. Reston: The Internet Society.

    Google Scholar 

  • Wright, David, and Paul De Hert, ed. 2012. Privacy impact assessment. Berlin: Springer.

    CrossRef  Google Scholar 

  • Wright, David, Raphaël Gellert, Serge Gutwirth, and Michael Friedewald. 2011. Minimizing technology risks with PIAs, precaution, and participation. IEEE Technology and Society Magazine 30:47–54.

    CrossRef  Google Scholar 

Download references

Author information

Authors and Affiliations


Corresponding author

Correspondence to Denis Butin .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2014 Springer Science+Business Media Dordrecht

About this chapter

Cite this chapter

Butin, D., Chicote, M., Le Métayer, D. (2014). Strong Accountability: Beyond Vague Promises. In: Gutwirth, S., Leenes, R., De Hert, P. (eds) Reloading Data Protection. Springer, Dordrecht.

Download citation