The Value, Role and Challenges of Privacy by Design

  • Demetrius Klitou
Part of the Information Technology and Law Series book series (ITLS, volume 25)


This chapter briefly explains the concept of Privacy by Design (PBD); clarifies the difference between PBD and Privacy-Enhancing Technologies (PETs); provides an overview of the role of PBD for minimizing the threats to privacy posed by the deployment and use of Privacy-Invading Technologies (PITs); explains why the valuable role of PBD is now increasingly recognized; outlines some of the potential criticism of PBD; and sums up the practical challenges and difficulties of achieving, implementing and enforcing PBD legislation.


Privacy by design Code as law Privacy-enhancing technologies Privacy-invading technologies Legislation Privacy principles Data protection 


  1. Aarts E, de Ruyter B (2009) New research perspectives on ambient intelligence. J Ambient Int Smart Environ I:5–14Google Scholar
  2. Acquisti A (2004) Security of personal information and privacy: Technological solutions and economic incentives. In: Camp J, Lewis R (eds.) The economics of information security. Kluwer, Dordrecht, pp 165–178Google Scholar
  3. Agre PE, Rotenberg M (eds.) (1997) Technology and privacy: the new landscape. MIT Press, CambridgeGoogle Scholar
  4. Albrechtslund A (2007) Ethics and technology design. Ethics Inf Technol 9:63–72CrossRefGoogle Scholar
  5. Barbat B, Moiceanu A, Anghelescu H (2008) Enabling humans to control the ethical behaviour of persuasive agents. In: Loos E, Haddon L, Mante-Meijer E (eds) The social dynamics of information and communication technology. Ashgate, pp 191–222Google Scholar
  6. Berger W (2009) Glimmer: how design can transform your life and maybe even the world. Penguin Press, New YorkGoogle Scholar
  7. Booz and Company (2008) Digital Confidence—Searching the next wave of digital growth. Liberty Global Policy SeriesGoogle Scholar
  8. Borking J (2010) Assessing investments mitigating privacy risks. In: Mommers L, Franken H, van den Herik J, van der Klaauw F, Zwenne, G-J (eds.) Het binnenste buiten; Liber amicorum ter gelegenheid van het emeritaat van Prof.dr. Aernout H.J. Schmidt, Hoogleraar Recht en Informatica te Leiden. eLaw@Leiden, pp 255–273Google Scholar
  9. Brownsword R (2005) Code, control and choice: why East is East and West is West. Legal Stud 25(1):1–21CrossRefGoogle Scholar
  10. Cannataci JA (2008) Lex personalitatis: personality, law and technology in the 21st century. Acta Universitatis Lucian Blaga 219Google Scholar
  11. Cavoukian A (2009) Privacy by DesignGoogle Scholar
  12. Cavoukian A (2011) 7 Foundational principles of privacy by design. Originally published: August 2009, Revised: January 2011, available at: Accessed 17 February 2014
  13. DARPA (2003) Report to Congress regarding the Terrorism Information Awareness ProgramGoogle Scholar
  14. Duncan G (2007) Engineering: privacy by design. Science 317(5842):1178–1179CrossRefGoogle Scholar
  15. Flanagan M, Howe D, Nissenbaum H (2008) Embodying values in technology: theory and practice. In: van den Hoven J, Weckert J (eds.) Information technology and moral philosophy. Cambridge University Press, Cambridge, pp 322–353Google Scholar
  16. Friedman B, Kahn PH, Borning A (2002) Value sensitive design: theory and methods. Technical Report 02-12-01. University of WashingtonGoogle Scholar
  17. FTC Final Report (2012) Protecting Consumer Privacy in an Era of Rapid ChangeGoogle Scholar
  18. Alan Greenspan’s words at a Conference on Privacy in the Information Age (Salt Lake City, 7 April 1997), available at: Accessed 17 February 2014
  19. Grimmelmann J (2005) Regulation by software. Yale Law J 114:1719–1758Google Scholar
  20. Guarda P, Zannone N (2009) Towards the development of privacy-aware systems. Inf Softw Technol 51(2):337–350CrossRefGoogle Scholar
  21. Gutwirth S, De Hert P, De Sutter L (2008) The trouble with technology regulation from a legal perspective. Why Lessig’s ‘optimal mix’ will not work”. In: Brownsword R, Yeung K (eds.) Regulating technologies. Hart Publishers, Oxford, pp 193–218Google Scholar
  22. Hes R, Borking J (eds) (2000) Privacy-enhancing technologies: the path to anonymity. Registratiekamer, The HagueGoogle Scholar
  23. Hildebrandt M (2009) Technology and the end of law. In: Claes E, Devroe W, Keirsbilck B (eds.) Facing the limits of the law. Springer, New York, pp 443–464Google Scholar
  24. Hildebrandt M, Koops B-J (2010) The challenges of ambient law and legal protection in the profiling era. Mod Law Rev 73(3):428–460CrossRefGoogle Scholar
  25. Holmes A (2014) The Profits in Privacy (CIO Magazine, 15 March 2006) Accessed 17 February 2014
  26. Information Commissioner’s Office (2008) Privacy By Design Report. Available at: Accessed 30 July 2013
  27. Karat J, Karat C-M, Brodie C, Feng J (2005) Privacy in information technology: designing to enable privacy policy management in organizations. Int J Hum Comput Stud 63(1–2):153–174CrossRefGoogle Scholar
  28. Kenny S, Borking J (2002) The value of privacy engineering. J Inf Law Technol 1:1–14Google Scholar
  29. Koops B-J (2007) Criteria for normative technology: An essay on the acceptability of ‘Code as Law’ in light of democratic and constitutional values. Tilburg University Legal Studies, Working Paper No. 007/2007Google Scholar
  30. Leenes R, Koops BJ (2005) ‘Code’: privacy’s death or saviour? Int Rev Law Comput Technol 19(3):239–340CrossRefGoogle Scholar
  31. Lessig L (1999) Code and other laws of cyberspace. Basic Books, New YorkGoogle Scholar
  32. Lessig L (2006) Code and other laws of cyberspace, Version 2.0. Basic Books, New YorkGoogle Scholar
  33. Little L, Briggs P, Coventry L (2005) Public space systems: designing for privacy? Int J Hum Comput Stud 63(1–2):254–268CrossRefGoogle Scholar
  34. Masters A, Michael K (2007) Lend me your arms: The use and implications of humancentric RFID. Electron Commer Res Appl 6(1):29–39Google Scholar
  35. Pasic A (2011) Privacy by design: an industry perspective on the challenges and opportunities of privacyGoogle Scholar
  36. Patrick AS, Kenny S (2003) From privacy legislation to interface design: implementing information privacy in human-computer interfaces. Paper presented at the Privacy Enhancing Technologies Workshop (PET 2003), Dresden, GermanyGoogle Scholar
  37. Pearson H (2014) Privacy is good for business (CEOForumGroup) Accessed 17 February 2014
  38. Posner R (1981) The economics of privacy. Am Econ Rev 71(2):405–409Google Scholar
  39. Privacy By Design Report (2013) p 7 Accessed 30 July 2013
  40. Reidenberg J (1998) Lex informatica: the formulation of information policy rules through technology. Texas Law Rev 76(3):553–593Google Scholar
  41. Reidenberg J (2000) Privacy protection and the interdependence of law, technology and self-regulationGoogle Scholar
  42. RISEPTIS Advisory Board (2009) Trust in the information society: Research and innovation on security, privacy and trustworthiness in the information societyGoogle Scholar
  43. Royal Academy of Engineering, London (2007) Dilemmas of privacy and surveillance: challenges of technological changeGoogle Scholar
  44. Schmidt AHJ, Franken H (2003) Law as code, code as law—general remarks on legal requirements engineering. In: Snijders HJ, Weatherill S (eds.) E-commerce law, national and transnational topics and perspectives. Kluwer Law International, The Hague, pp 117–139Google Scholar
  45. Schwartz PM (2000) Beyond lessig’s code for internet privacy: cyberspace filters, privacy-control, and fair information practices. Wis Law Rev 2000(4):743–787Google Scholar
  46. Taylor CR (2002) Private demands and demands for privacy: Dynamic pricing and the market for customer information. Technical report, Department of Economics, Duke UniversityGoogle Scholar
  47. Tien L (2004) Architectural regulation and the evolution of social norms. Int J Commun Law Policy 9(1)Google Scholar
  48. van Blarkom GW, Borking JJ, Olk JGE (eds.) (2003) The handbook of privacy and privacy-enhancing technologies: the case of intelligent software agents. The HagueGoogle Scholar
  49. van den Hoven J (2007) ICT and value sensitive design. In: Goujon P, Lavelle S, Duquenoy P, Kimppa K, Laurent V (eds.) The information society: innovations, legitimacy, ethics and democracy. IFIP-international federation for information processing, vol. 233. Springer, pp 67–72Google Scholar
  50. Van Kranenburg R (2008) The internet of things: A critique of ambient technology and the all seeing network of RFID. Network Notebooks 02, Institute of Network CulturesGoogle Scholar
  51. Walden I (2002) Anonymising personal data. Int J Law Inf Technol 10(2):224–237CrossRefGoogle Scholar
  52. Weng Y-H, Chen C-H, Sun C-T (2008) Safety intelligence and legal machine language—do we need the three laws of robotics?. In: Takahashi Y (ed.) Service robot applications. InTech Education & Publishing.
  53. Williams M-A (2009) Privacy management, the law and global business strategies: a case for privacy driven design. Innovation and Enterprise Research Laboratory University of Technology, SydneyGoogle Scholar
  54. Yeung K, Dixon-Woods M (2010) Design-based regulation and patient safety: a regulatory studies perspective. Soc Sci Med 71(3):502–509CrossRefGoogle Scholar

Copyright information

© T.M.C. Asser Press and the author(s) 2014

Authors and Affiliations

  1. 1.Leiden UniversityLeidenThe Netherlands

Personalised recommendations