Skip to main content
SpringerLink
Log in

Is Privacy by Construction Possible?

  • Conference paper
  • First Online:
Book cover Leveraging Applications of Formal Methods, Verification and Validation. Modeling (ISoLA 2018)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 11244))

Included in the following conference series:

Abstract

Finding suitable ways to handle personal data in conformance with the law is challenging. The European General Data Protection Regulation (GDPR), enforced since May 2018, makes it mandatory to citizens and companies to comply with the privacy requirements set in the regulation. For existing systems the challenge is to be able to show evidence that they are already complying with the GDPR, or otherwise to work towards compliance by modifying their systems and procedures, or alternatively reprogramming their systems in order to pass the eventual controls. For those starting new projects the advice is to take privacy into consideration since the very beginning, already at design time. This has been known as Privacy by Design (PbD). The main question is how much privacy can you effectively achieve by using PbD, and in particular whether it is possible to achieve Privacy by Construction. In this paper I give my personal opinion on issues related to the ambition of achieving Privacy by Construction.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Technically, the individual or companies we are taken data from/about are called data subjects, and those handling the data are the data controllers.

  2. 2.

    http://fmt.isti.cnr.it/~mtbeek/ISoLA18.html.

  3. 3.

    In the rest of the paper we will use the acronyms PbD for Privacy by Design.

  4. 4.

    Former Information & Privacy Commissioner of Ontario (Canada).

  5. 5.

    PET: Privacy-Enhancing Technologies.

  6. 6.

    The report is from 2014, but to the best of our knowledge the advances in the area have not yet produced mature tools as to be used by industry.

  7. 7.

    Some of the arguments of our paper are very much along the same line as the ones presented in [6]. In particular, the identification of the difficulty to represent purpose at the programming language level.

  8. 8.

    The report stresses a few times the privacy is much wider than technology (social, legal, political, etc.) but the focus on the discussion here is on the (software-based) technological side only.

  9. 9.

    The reader may want to see [36, 40] for a different perspective on challenges in PbD.

  10. 10.

    The GDPR [21] is very explicit on that consent should be given freely, in an informed and unambiguous way, and that it should cover all processing activities carried out for the same purpose. A separate consent should be given for each separate purpose.

  11. 11.

    An example of such a (limited) mechanism is given in [32] for photo sharing in social networks by using a combination of sticky policies with attribute-based encryption. The mechanism works by encrypting parts of the picture so only allowed users can see what they are supposed to, but if somebody has permission to download the picture to the local disk, there is no way to enforce the sticky policy after that. Since the enforcement mechanism (encryption/decryption, permission checking, etc.) is only done in a particular application platform (Diaspora [19]), the user could forward the decrypted picture to anyone else if she has permission to download it.

  12. 12.

    It is stipulated that non-compliance might imply fines up to €20 million or 4% of the annual turnover of the company.

References

  1. Antignac, T., Le Métayer, D.: Privacy by design: from technologies to architectures. In: Preneel, B., Ikonomou, D. (eds.) APF 2014. LNCS, vol. 8450, pp. 1–17. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-06749-0_1

    Chapter  Google Scholar 

  2. Antignac, T., Sands, D., Schneider, G.: Data minimisation: a language-based approach. In: De Capitani di Vimercati, S., Martinelli, F. (eds.) SEC 2017. IAICT, vol. 502, pp. 442–456. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-58469-0_30

    Chapter  Google Scholar 

  3. Antignac, T., Scandariato, R., Schneider, G.: A privacy-aware conceptual model for handling personal data. In: Margaria, T., Steffen, B. (eds.) ISoLA 2016. LNCS, vol. 9952, pp. 942–957. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-47166-2_65

    Chapter  Google Scholar 

  4. Antignac, T., Scandariato, R., Schneider, G.: Privacy compliance via model transformations. In: International Workshop on Privacy Engineering (IWPE 2018), IEEE EuroS&P Workshops, pp. 120–126. IEEE (2018)

    Google Scholar 

  5. Aziza, B.: Facebook privacy scandal hearings: What you missed. Appeared at Forbes online, April 2018. https://www.forbes.com/sites/ciocentral/2018/04/16/facebook-privacy-scandal-hearings-what-you-missed/#9a41af57ab9c. Accessed 16 May 2018

  6. Basin, D., Debois, S., Hildebrandt, T.: On purpose and by necessity: compliance under the GDPR. In: Twenty-Second International Conference on Financial Cryptography and Data Security (2018, to appear)

    Google Scholar 

  7. BBC News: Google loses ‘right to be forgotten’ case, April 2018. http://www.bbc.com/news/technology-43752344?SThisFB. Accessed 14 Apr 2018

  8. Bonakdarpour, B., Sanchez, C., Schneider, G.: Monitoring Hyperproperties by combining static analysis and runtime verification. In: Margaria, T., Steffen, B. (eds.) ISoLA 2018. LNCS, vol. 11244, pp. 8–27. Springer, Cham (2018)

    Google Scholar 

  9. Byun, J., Bertino, E., Li, N.: Purpose based access control of complex data for privacy protection. In: 10th ACM Symposium on Access Control Models and Technologies (SACMAT 2005), pp. 102–110. ACM (2005). https://doi.org/10.1145/1063979

  10. Cadwalladr, C., Graham-Harrison, E.: Revealed: 50 million facebook profiles harvested for cambridge analytica in major data breach. Appeared at The Guardian, March 2018. https://www.theguardian.com/news/2018/mar/17/cambridge-analytica-facebook-influence-us-election. Accessed 16 May 2018

  11. Castelluccia, C., Cunche, M., Le Métayer, D., Morel, V.: Enhancing transparency and consent in the IoT. In: EuroS&P Workshops 2018, pp. 116–119 (2018)

    Google Scholar 

  12. Cavoukian, A.: Privacy by design: The 7 foundational principles (2009)

    Google Scholar 

  13. Cavoukian, A.: Privacy by design: Origins, meaning, and prospects. Privacy Protection Measures and Technologies in Bus. Org.: Aspects and Standards 170 (2011)

    Google Scholar 

  14. Cheney, J., Chiticariu, L., Tan, W.C.: Provenance in databases: why, how, and where. Found. Trends Databases 1(4), 379–474 (2009)

    Article  Google Scholar 

  15. Chong, S., Myers, A.C.: Language-based information erasure. In: Proceedings of the 18th IEEE Workshop on Computer Security Foundations, CSFW 2005, pp. 241–254. IEEE Computer Society (2005)

    Google Scholar 

  16. Colesky, M., Hoepman, J., Hillen, C.: A critical analysis of privacy design strategies. In: IEEE Security and Privacy Workshops, pp. 33–40. IEEE Computer Society (2016). http://ieeexplore.ieee.org/xpl/mostRecentIssue.jsp?punumber=7517741

  17. Constine, J.: A flaw-by-flaw guide to facebook’s new GDPR privacy changes, April 2018. https://techcrunch.com/2018/04/17/facebook-gdpr-changes

  18. Danezis, G., et al.: Privacy and data protection by design. ENISA Report, January 2015

    Google Scholar 

  19. Diaspora: Diaspora (2016). https://joindiaspora.com

  20. European Commission: Proposal for a General Data Protection Regulation. Codecision legislative procedure for a regulation 2012/0011 (COD), European Commission, Brussels, Belgium, January 2012

    Google Scholar 

  21. European Commission: General Data Protection Regulation (GDPR). Regulation 2016/679, European Commission, Brussels, Belgium, April 2016

    Google Scholar 

  22. Ferrara, P., Spoto, F.: Static analysis for GDPR compliance. In: ITASEC 2018, CEUR Workshop Proceedings, vol. 2058. CEUR-WS.org (2018)

    Google Scholar 

  23. Gürses, S., Troncoso, C., Diaz, C.: Engineering privacy by design (2011)

    Google Scholar 

  24. Gürses, S., Troncoso, C., Diaz, C.: Engineering privacy by design reloaded (2015)

    Google Scholar 

  25. Hert, P.D., Papakonstantinou, V.: The new general data protection regulation: still a sound system for the protection of individuals? Comput. Law Secur. Rev. 32(2), 179–194 (2016)

    Article  Google Scholar 

  26. Hoepman, J.-H.: Privacy design strategies. In: Cuppens-Boulahia, N., Cuppens, F., Jajodia, S., Abou El Kalam, A., Sans, T. (eds.) SEC 2014. IAICT, vol. 428, pp. 446–459. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-55415-5_38

    Chapter  Google Scholar 

  27. Kiss, J.: Google admits collecting wi-fi data through street view cars. The Guardian, May 2010. https://www.theguardian.com/technology/2010/may/15/google-admits-storing-private-data

  28. Lazouski, A., Martinelli, F., Mori, P.: Usage control in computer security: a survey. Comput. Sci. Rev. 4(2), 81–99 (2010)

    Article  Google Scholar 

  29. Le Métayer, D.: Privacy by design: a formal framework for the analysis of architectural choices. In: CODASPY 2013, pp. 95–104. ACM (2013)

    Google Scholar 

  30. Notario, N., et al.: PRIPARE: a new vision on engineering privacy and security by design. In: Cleary, F., Felici, M. (eds.) CSP 2014. CCIS, vol. 470, pp. 65–76. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-12574-9_6

    Chapter  Google Scholar 

  31. Pearson, S., Mont, M.C.: Sticky policies: an approach for managing privacy across multiple parties. IEEE Comput. 44(9), 60–68 (2011)

    Article  Google Scholar 

  32. Picazo-Sanchez, P., Pardo, R., Schneider, G.: Secure photo sharing in social networks. In: De Capitani di Vimercati, S., Martinelli, F. (eds.) SEC 2017. IAICT, vol. 502, pp. 79–92. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-58469-0_6

    Chapter  Google Scholar 

  33. Pinisetty, S., Antignac, T., Sands, D., Schneider, G.: Monitoring data minimisation. Technical report (2018). http://arxiv.org/abs/1801.02484

  34. Pinisetty, S., Sands, D., Schneider, G.: Runtime verification of hyperproperties for deterministic programs. In: 6th Conference on Formal Methods in Software Engineering (FormaliSE@ICSE 2018), pp. 20–29. ACM (2018)

    Google Scholar 

  35. Schaefer, I., Runge, T., Knüppel, A., Cleophas, L., Kourie, D., Watson, B.W.: Towards confidentiality-by-construction. In: Margaria, T., Steffen, B. (eds.) ISoLA 2018. LNCS, vol. 11244, pp. 502–515. Springer, Cham (2018)

    Google Scholar 

  36. Spiekermann, S.: The challenges of privacy by design. Commun. ACM 55(7), 38–40 (2012). https://doi.org/10.1145/2209249.2209263

    Article  Google Scholar 

  37. Spiekermann, S., Cranor, L.F.: Engineering privacy. IEEE Trans. Softw. Eng. 35(1), 67–82 (2009)

    Article  Google Scholar 

  38. Del Tedesco, F., Hunt, S., Sands, D.: A semantic hierarchy for erasure policies. In: Jajodia, S., Mazumdar, C. (eds.) ICISS 2011. LNCS, vol. 7093, pp. 352–369. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-25560-1_24

    Chapter  Google Scholar 

  39. Del Tedesco, F., Russo, A., Sands, D.: Implementing erasure policies using taint analysis. In: Aura, T., Järvinen, K., Nyberg, K. (eds.) NordSec 2010. LNCS, vol. 7127, pp. 193–209. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-27937-9_14

    Chapter  Google Scholar 

  40. Tsormpatzoudi, P., Berendt, B., Coudert, F.: Privacy by design: from research and policy to practice – the challenge of multi-disciplinarity. In: Berendt, B., Engel, T., Ikonomou, D., Le Métayer, D., Schiffner, S. (eds.) APF 2015. LNCS, vol. 9484, pp. 199–212. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-31456-3_12

    Chapter  Google Scholar 

Download references

Acknowledgements

I would like to thank Daniel Le Métayer for his valuable comments on an early draft of this paper, and Thibaud Antignac for all the fruitful discussions we have had on privacy by design. This research has been partially supported by the Swedish Research Council (Vetenskapsrådet) under grant Nr. 2015-04154 (PolUser: Rich User-Controlled Privacy Policies).

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, University of Gothenburg, Gothenburg, Sweden

    Gerardo Schneider

Authors
  1. Gerardo Schneider
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Gerardo Schneider .

Editor information

Editors and Affiliations

  1. University of Limerick, Limerick, Ireland

    Tiziana Margaria

  2. TU Dortmund, Dortmund, Germany

    Bernhard Steffen

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Schneider, G. (2018). Is Privacy by Construction Possible?. In: Margaria, T., Steffen, B. (eds) Leveraging Applications of Formal Methods, Verification and Validation. Modeling. ISoLA 2018. Lecture Notes in Computer Science(), vol 11244. Springer, Cham. https://doi.org/10.1007/978-3-030-03418-4_28

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-03418-4_28

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-03417-7

  • Online ISBN: 978-3-030-03418-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation