Skip to main content
SpringerLink
Log in

Minimum Harm by Design: Reworking Privacy by Design to Mitigate the Risks of Surveillance

  • Chapter
Data Protection and Privacy: (In)visibilities and Infrastructures

Part of the book series: Law, Governance and Technology Series ((ISDP,volume 36))

Abstract

Particular applications of Privacy by Design (PbD) have proven to be valuable tools to protect privacy in many technological applications. However, PbD is not as promising when applied to technologies used for surveillance. After specifying how surveillance and privacy are understood in this paper, I will highlight the shortcomings of PbD when applied to surveillance, using a web-scanning system for counter-terrorism purposes as an example. I then suggest reworking PbD into a different approach: the Minimum Harm by Design (MHbD) model. MHbD differs from PbD principally in that it acknowledges that the potential harms of surveillance bear not only upon privacy but also values that define the very constitution of a society and its political character. MHbD aims to identify and systematise the different categories of such harms and links them to current theories on surveillance on the one hand and on possible design measures on the other.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 149.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Hardcover Book
USD 199.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Ann Cavoukian, ‘Privacy by Design: Origins, Meaning, and Prospects for Assuring Privacy and Trust in the Information Era’, in Privacy Protection Measures and Technologies in Business Organizations: Aspects and Standards, ed. George O.M. Yee (Hershey: Information Science Reference, 2012), 170–207.

  2. 2.

    There is an ambiguity regarding the way the win-win principle is understood in the PbD approach. To explain this principle, Cavoukian refers both to the win-win and to the positive-sum paradigm. However, these are two different concepts. We have a win-win situation when, compared to a previous state of affairs, both values (in our case, privacy and security) increase. We have a positive-sum situation when, compared to a previous situation, the sum of two values (in our case, the ones assigned to privacy and security) increases. But, unlike the first case, this might also imply that one of the two values decreases, when the other increases enough to maintain the sum of the two values as positive. In other words, we can have a positive-sum scenario also when privacy is sacrificed to a given extent, provided that security increases enough to compensate for this loss. See Christoph Bier et al., ‘Enhancing Privacy by Design from a Developer’s Perspective’, in Privacy Technologies and Policy, ed. Bart Preneel and Demosthenes Ikonomou, Lecture Notes in Computer Science 8319 (Berlin Heidelberg: Springer, 2014), 73–85.

  3. 3.

    On the origins of PbD see Peter Hustinx, ‘Privacy by Design: Delivering the Promises.’, Identity in the Information Society 3, no. 2 (2010): 253–55.

  4. 4.

    Ann Cavoukian, ‘Privacy by Design’, 2009, 2, <https://www.privacybydesign.ca/content/uploads/2009/01/privacybydesign.pdf>.; Ann Cavoukian and Marilyn Prosch, ‘The Roadmap for Privacy by Design in Mobile Communications: A Practical Tool for Developers, Service Providers, and Users’, December 2010, <https://www.ipc.on.ca/images/Resources/pbd-asu-mobile.pdf>.; Ann Cavoukian and Jeff Jonas, ‘Privacy by Design in the Age of Big Data’, June 2012, <https://privacybydesign.ca/content/uploads/2012/06/pbd-big_data.pdf>.

  5. 5.

    Seda Gürses, Carmela Troncoso, and Claudia Diaz, ‘Engineering Privacy by Design’, in Conference on Computers, Privacy, and Data Protection (CPDP), 2011, https://www.cosic.esat.kuleuven.be/publications/article-1542.pdf; Josep Balasch et al., ‘PrETP: Privacy-Preserving Electronic Toll Pricing’, in 19TH USENIX SECURITY SYMPOSIUM (USENIX Association, 2010), 63–78.

  6. 6.

    Section 3 below clarifies how expressions such as ‘technology system with a surveillance functionality’ are understood in this paper.

  7. 7.

    Cavoukian, ‘Privacy by Design’.

  8. 8.

    Ann Cavoukian and Khaled El Emam, ‘Introducing Privacy-Protective Surveillance: Achieving Privacy and Effective Counter-Terrorism’, September 2013, https://www.ipc.on.ca/images/Resources/pps.pdf.

  9. 9.

    Proposal for a Regulation of the European Parliament and of the Council on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of Such Data (General Data Protection Regulation), COM(2012) 11 Final.

  10. 10.

    Although the EU recognises privacy and data protection as two separate rights (s. arts 7 and 8 of the Charter of the Fundamental Rights of the EU), the proposal uses the terms ‘privacy by design’ and ‘data protection by design’ as synonyms, s. George Danezis et al., ‘Privacy and Data Protection by Design – from Policy to Engineering’, Report/Study (ENISA, December 2014), https://www.enisa.europa.eu/publications/privacy-and-data-protection-by-design. For how the two terms are understood in this paper see section 4 below.

  11. 11.

    Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), art. 25.

  12. 12.

    Commission Implementing Decision of 20.1.2015 on a Standardisation Request to the European Standardisation Organisations as Regards European Standards and European Standardisation Deliverables for Privacy and Personal Data Protection Management pursuant to Article 10(1) of Regulation (EU) No 1025/2012 of the European Parliament and of the Council, M530, C(2015) 102 Final and Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions. The European Agenda on Security, COM(2015) 185 Final.

  13. 13.

    Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework Decision 2008/977/JHA.

  14. 14.

    See arts. 10, 11, 12, 21 and 23 of the Charter of Fundamental Rights of the EU. The list of values is not meant to be exhaustive.

  15. 15.

    For an overview of the negative effects of surveillance see also Elisa Orrù, ‘Effects and Effectiveness of Surveillance Technologies: Mapping Perceptions, Reducing Harm’, European University Institute Working Papers, (2015), http://cadmus.eui.eu//handle/1814/37340.

  16. 16.

    On the difficulty of defining privacy and surveillance see, for instance, Daniel J. Solove, ‘A Taxonomy of Privacy’, University of Pennsylvania Law Review 154, no. 3 (January 1, 2006): 477–564, doi:10.2307/40,041,279 and Kevin D. Haggerty and Richard V. Ericson, ‘The New Politics of Surveillance and Visibility’, in The New Politics of Surveillance and Visibility, ed. Kevin D. Haggerty and Richard V. Ericson (Toronto: University of Toronto Press, 2007), 3–25.

  17. 17.

    Kevin D. Haggerty and Richard V. Ericson, ‘The New Politics of Surveillance and Visibility’, in The New Politics of Surveillance and Visibility, ed. Kevin D. Haggerty and Richard V. Ericson (Toronto: University of Toronto Press, 2007), 22.

  18. 18.

    For a recent attempt to map surveillance theories comprehensively, see Maša Galič, Tjerk Timan, and Bert-Jaap Koops, ‘Bentham, Deleuze and Beyond: An Overview of Surveillance Theories from the Panopticon to Participation’, Philosophy & Technology, 13 May 2016, 1–29, doi:10.1007/s13347–016–0219-1.

  19. 19.

    Steve Mann, Jason Nolan and Barry Wellman, ‘Sousveillance: Inventing and Using Wearable Computing Devices for Data Collection in Surveillance Environments.’, Surveillance & Society 1, no. 3 (1 September 2002): 331–55.

  20. 20.

    James P. Walsh, ‘From Border Control to Border Care: The Political and Ethical Potential of Surveillance’, Surveillance & Society 8, no. 2 (18 December 2010): 113–30; Alison Marie Kenner, ‘Securing the Elderly Body: Dementia, Surveillance, and the Politics of “Aging in Place”’, Surveillance & Society 5, no. 3 (1 September 2002): 252–69.

  21. 21.

    Anders Albrechtslund, ‘Online Social Networking as Participatory Surveillance’, First Monday 13, no. 3 (2008), http://firstmonday.org/ojs/index.php/fm/article/view/2142.

  22. 22.

    Gilles Deleuze, ‘Post-Scriptum Sur Les Sociétés de Contrôle’, Lʼautre Journal 1 (1990); Bruno Latour, ‘On Recalling ANT’, The Sociological Review 47, no. S1 (1 May 1999): 15–25, doi:10.1111/j.1467-954X.1999.tb03480.x; Shoshana Zuboff, ‘Big Other: Surveillance Capitalism and the Prospects of an Information Civilization’, Journal of Information Technology 30: 75–89, 4 April 2015, http://papers.ssrn.com/abstract=2594754.

  23. 23.

    Michel Foucault, Discipline and Punish: The Birth of the Prison (New York: Vintage Books, 1979), 201.

  24. 24.

    See Deleuze, ‘Post-Scriptum Sur Les Sociétés de Contrôle’ and Kevin D. Haggerty, ‘Tear down the Walls: On Demolishing the Panopticon’, in Theorizing Surveillance: The Panopticon and beyond, ed. David Lyon (Cullompton: Willan, 2009), 23–45.

  25. 25.

    David Lyon, Surveillance Studies: An Overview (Cambridge: Polity Press, 2009), 14.

  26. 26.

    Haggerty and Ericson, ‘The New Politics of Surveillance and Visibility’, 3.

  27. 27.

    Christopher Dandeker, Surveillance, Power and Modernity: Bureaucracy and Discipline from 1700 to the Present Day (Cambridge: Polity Press, 1990).

  28. 28.

    On public-private partnerships see also Maria Grazia Porcedda, ‘Public-Private Partnerships: A “Soft” Approach to Cybersecurity? Views from the European Union’, in Security in Cyberspace: Targeting Nations, Infrastructures, Individuals, ed. Giampiero Giacomello (New York: Bloomsbury, 2014), 183–211.

  29. 29.

    Gilles Deleuze, ‘Post-scriptum sur les sociétés de contrôle’; Gilles Deleuze, Foucault (Frankfurt am Main: Suhrkamp, 2001); Gilles Deleuze and Félix Guattari, A Thousand Plateaus: Capitalism and Schizophrenia (London: Bloomsbury, 2013).

  30. 30.

    K. D. Haggerty and R. V. Ericson, ‘The Surveillant Assemblage’, The British Journal of Sociology 51, no. 4 (2000): 605–22.

  31. 31.

    Ibid., 613.

  32. 32.

    Oscar H. Gandy, ‘Data Mining, Surveillance, and Discrimination in the Post-9/11 Environment’, in The New Politics of Surveillance and Visibility, ed. Kevin D. Haggerty and Richard V. Ericson (Toronto: University of Toronto Press, 2007), 363–84.

  33. 33.

    Solon Barocas and Andrew D. Selbst, ‘Big Data’s Disparate Impact’, California Law Review 104 (14 August 2015), http://papers.ssrn.com/abstract=2477899.

  34. 34.

    Giorgio Agamben, Homo Sacer: Sovereign Power and Bare Life, Meridian, Crossing Aesthetics (Stanford: Stanford University Press, 1998).

  35. 35.

    Didier Bigo, ‘Globalized (In)Security: The Field and the Ban-Opticon’, in Terror, Insecurity and Liberty. Illeberal Practices of Liberal Regimes after 9/11, ed. Didier Bigo and Anastassia Tsoukala (London: Routledge, 2008), 40.

  36. 36.

    Balasch et al., ‘PrETP’.

  37. 37.

    Alan Rubel, ‘The Particularized Judgment Account of Privacy’, Res Publica 17 (2011): 275–90.

  38. 38.

    W. A. Parent, ‘Privacy, Morality, and the Law’, Philosophy and Public Affairs 12 (1983): 269.

  39. 39.

    Charles Fried, ‘Privacy. [A Moral Analysis]’, in Philosophical Dimensions of Privacy: An Anthology, ed. Ferdinand David Schoeman (Cambridge: Cambridge University Press, 1984), 209.

  40. 40.

    Felix Stalder, ‘Privacy Is Not the Antidote to Surveillance’, Surveillance & Society 1 (2009): 120–24.

  41. 41.

    Daniel J. Solove, ‘Conceptualizing Privacy’, California Law Review 90 (2002): 1087–1155, doi:10.2307/3,481,326.

  42. 42.

    Daniel J. Solove, ‘A Taxonomy of Privacy’, University of Pennsylvania Law Review 154 (2006): 564, doi:10.2307/40,041,279.

  43. 43.

    Stalder, ‘Privacy Is Not the Antidote to Surveillance.’

  44. 44.

    Priscilla M. Regan, Legislating Privacy (London: University of North Carolina Press, 1995).

  45. 45.

    Rachel L. Finn, David Wright and Michael Friedewald, ‘Seven Types of Privacy’, in European Data Protection: Coming of Age, ed. Serge Gutwirth et al. (Dordrecht: Springer, 2013), 3–32; Charles D. Raab and David Wright, ‘Privacy Principles, Risks and Harms’, International Review of Law, Computers & Technology 28, no. 3 (2014): 277–98. For an overview of positions stressing the social importance of privacy see Charles D. Raab, ‘Privacy, Social Values and the Public Interest’, ed. Andreas Busch and Jeannette Hofmann, Politik und die Regulierung von Information’ [‘Politics and the Regulation of Information’], Politische Vierteljahresschrift, 46 (2012): 129–51.

  46. 46.

    Solove, ‘A Taxonomy of Privacy’, 477.

  47. 47.

    As a further example of recent papers presenting a new conceptualisation of privacy (and one that is different from the recent ones mentioned above), see George E. Panichas, ‘An Intrusion Theory of Privacy’, Res Publica 20, no. 2 (1 May 2014): 145–61.

  48. 48.

    Solove, ‘Conceptualizing Privacy’.

  49. 49.

    Solove, ‘A Taxonomy of Privacy’.

  50. 50.

    Helen Fay Nissenbaum, Privacy in Context: Technology, Policy, and the Integrity of Social Life (Stanford, 2010).

  51. 51.

    Ibid., 141.

  52. 52.

    Ibid., 3.

  53. 53.

    On the distinction between privacy and data protection and between the different meanings of privacy, see the Charter of Fundamental Rights of the European Union, 2010/C 83/02 (Arts. 7 and 8), Beate Rössler, ‘New Ways of Thinking about Privacy’, in The Oxford Handbook of Political Theory, ed. John S. Dryzek, 1. publ., The Oxford Handbooks of Political Science (Oxford: Oxford Univ. Press, 2006), 694–712 and Finn, Wright, and Friedewald, ‘Seven Types of Privacy’.

  54. 54.

    A further limitation of Nissenbaum’s approach is the lack of clarity on what characterises a context as such, i.e. on how to distinguish one context from another. This limitation, acknowledged by Nissenbaum, is relevant for the present paper as well, since the MHbD approach relies on Nissenbaum’s definition to identify privacy violations. However, I consider this limitation to indicate that Nissenbaum’s approach deserves to be further developed and specified (a task that is out of the scope of this paper, but from which the MHbD approach would benefit as well) rather than invalidate the whole framework of privacy as contextual integrity. See Colin J. Bennett, ‘Review of Nissenbaum’s Privacy in Context’, Surveillance & Society 8, no. 4 (28 April 2011): 541–43.

  55. 55.

    Cavoukian and El Emam, ‘Introducing Privacy-Protective Surveillance: Achieving Privacy and Effective Counter-Terrorism’.

  56. 56.

    Cavoukian and El Emam do not specify what kind of agencies would run the system, i.e. intelligence services or the police.

  57. 57.

    Ibid., 9.

  58. 58.

    Cavoukian and El Emam define privacy as ‘the ability of individuals to control the collection, use, and disclosure of information about themselves’, Ibid., 3.

  59. 59.

    For two recent studies confirming these effects see Jon Penney, ‘Chilling Effects: Online Surveillance and Wikipedia Use’, Berkeley Technology Law Journal 31, no. 1 (2016): 117–82 and Alex Marthews and Catherine E. Tucker, ‘Government Surveillance and Internet Search Behavior’, SSRN Scholarly Paper (Rochester, NY: Social Science Research Network, 29 April 2015), https://papers.ssrn.com/abstract=2412564.

  60. 60.

    Patrick Toomey and Brett Max Kaufman, ‘How Did We Let the NSA Spying Get This Bad?’, The Guardian, 20 November 2013, http://www.theguardian.com/commentisfree/2013/nov/20/how-nsa-spying-got-this-bad-fisa-secret-court; ‘US Foreign Intelligence Court Did Not Deny Any Surveillance Requests Last Year’, The Guardian, 30 April 2016, http://www.theguardian.com/law/2016/apr/30/fisa-court-foreign-intelligence-surveillance-fbi-nsa-applications.

  61. 61.

    This approach has led some authors to assert that PbD, far from offering concrete ways to overcome the trade-off between privacy and security, just reframes the problem in order to make it more suitable for current policy needs. See Matthias Leese, ‘Privacy and Security - On the Evolution of a European Conflict’, in Reforming European Data Protection Law, ed. Serge Gutwirth, Ronald Leenes, and Paul De Hert, Law, Governance and Technology Series (Dordrecht; Heidelberg: Springer, 2015), 271–89.

  62. 62.

    Charles D. Raab, ‘The Future of Privacy Protection’, in Trust and Crime in Information Societies, ed. Robin Mansell and Brian Collins (Cheltenham: Edward Elgar, 2005), 282–318, as referred in Raab and Wright, ‘Privacy Principles, Risks and Harms’, 16.

  63. 63.

    Charles D. Raab and David Wright, ‘Surveillance: Extending the Limits of Privacy Impact Assessment’, in Privacy Impact Assessment, ed. David Wright and Paul De Hert (Dordrecht: Springer, 2012), 363–83.

  64. 64.

    Raab and Wright, ‘Privacy Principles, Risks and Harms’, 2.

  65. 65.

    Roger Clarke, ‘Introduction to Dataveillance and Information Privacy, and Definitions of Terms’, 1997, http://www.rogerclarke.com/DV/Intro.html. See also Finn, Wright, and Friedewald, ‘Seven Types of Privacy’.

  66. 66.

    Raab and Wright, ‘Privacy Principles, Risks and Harms’, 8.

  67. 67.

    Ibid. Given this connection, the paper also does not consider rights-based and harms-based approaches to regulatory policies as being opposed to each other. For a view contrasting the two approaches see Finn, Wright, and Friedewald, ‘Seven Types of Privacy’ and Raab and Wright, ‘Privacy Principles, Risks and Harms’.

  68. 68.

    Paul De Hert and David Wright, ‘Introduction to Privacy Impact Assessment’, in Privacy Impact Assessment, ed. David Wright and Paul De Hert (Dordrecht; Heidelberg: Springer, 2012), 5.

  69. 69.

    For an early criticism in this direction see Judith Jarvis Thomson, ‘The Right to Privacy’, Philosophy & Public Affairs 4 (1975): 295–314.

  70. 70.

    Solove, ‘A Taxonomy of Privacy’, 479.

  71. 71.

    I am aware that a specification of which aspects exactly I consider belong to privacy would be advantageous here. This is, however, a task for another day, since to discuss it in this paper would bring us too far from its focus.

  72. 72.

    See for instance Solove, ‘A Taxonomy of Privacy’ and Balasch et al., ‘PrETP’.

  73. 73.

    David Lyon, ed., Surveillance as Social Sorting: Privacy, Risk, and Digital Discrimination (London: Routledge, 2003).

  74. 74.

    Oscar H. Gandy, The Panoptic Sort: A Political Economy of Personal Information (Boulder, Colo: Westview Press, 1993); Oscar H. Gandy, Coming to Terms with Chance: Engaging Rational Discrimination and Cumulative Disadvantage (Farnham: Ashgate, 2009).

  75. 75.

    Gandy, ‘Data Mining, Surveillance, and Discrimination in the Post-9/11 Environment’, 370.

  76. 76.

    Barocas and Selbst, ‘Big Data’s Disparate Impact’.

  77. 77.

    Faisal Kamiran, Toon Calders, and Mykola Pechenizkiy, ‘Techniques for Discrimination-Free Predictive Models’, in Discrimination and Privacy in the Information Society: Data Mining and Profiling Large Databases, ed. Bart Custers et al. (Berlin, Heidelberg: Springer, 2013), 223–41.

  78. 78.

    Ibid.

  79. 79.

    For more details on these techniques see Ibid. and the further contributions on the topic in Bart Custers et al., eds., Discrimination and Privacy in the Information Society: Data Mining and Profiling Large Databases (Berlin, Heidelberg: Springer, 2013).

  80. 80.

    Maria Los, ‘Looking into the Future: Surveillance, Globalization and the Totalitarian Potential’, in Theorizing Surveillance: The Panopticon and beyond, ed. David Lyon (Cullompton: Willan, 2009), 69–94.

  81. 81.

    ‘Opinion of Advocate General Cruz Villalón, Case C-293/12, Digital Rights Ireland, 12.12.2013’, §52.

  82. 82.

    Part of these measures would overlap with ones increasing transparency. On the challenges to enhance transparency through design measures see Tal Zarsky, ‘Transparency in Data Mining: From Theory to Practice’, in Discrimination and Privacy in the Information Society: Data Mining and Profiling Large Databases, ed. Bart Custers et al. (Berlin, Heidelberg: Springer, 2013), 301–24.

  83. 83.

    Discussing accountability and oversight mechanisms for surveillance technologies is out of the scope of this paper. For recent developments in the EU legal framework and an account of existing frameworks see, respectively, Fanny Coudert, ‘Accountable Surveillance Practices: Is the EU Moving in the Right Direction?’, in Privacy Technologies and Policy, Proceedings of the Second Annual Privacy Forum, APF 2014 (Cham: Springer, 2014), 70–85 and Zhendong Ma et al., ‘Towards a Multidisciplinary Framework to Include Privacy in the Design of Video Surveillance Systems’, in Privacy Technologies and Policy, Proceedings of the Second Annual Privacy Forum, APF 2014 (Cham: Springer, 2014), 101–16.

Bibliography

  • Agamben, Giorgio. Homo Sacer: Sovereign Power and Bare Life. Stanford: Stanford Univ. Press, 1998.

    Google Scholar 

  • Albrechtslund, Anders. ‘Online Social Networking as Participatory Surveillance’. First Monday 13, no. 3 (2008). http://firstmonday.org/ojs/index.php/fm/article/view/2142.

  • Balasch, Josep, Alfredo Rial, Carmela Troncoso, Christophe Geuens, Bart Preneel, and Ingrid Verbauwhede. ‘PrETP: Privacy-Preserving Electronic Toll Pricing’, In 19TH USENIX SECURITY SYMPOSIUM, 63–78. USENIX Association, 2010.

    Google Scholar 

  • Barocas, Solon, and Andrew D. Selbst, ‘Big Data’s Disparate Impact’. California Law Review 104 (August 14, 2015), http://papers.ssrn.com/abstract=2477899. Accessed March 24, 2016.

  • Bennett, Colin J. ‘Review of Nissenbaum’s Privacy in Context’. Surveillance & Society 8, no. 4 (April 28, 2011): 541–43.

    Google Scholar 

  • Bier, Christoph, Pascal Birnstill, Erik Krempel, Hauke Vagts, and Jürgen Beyerer. ‘Enhancing Privacy by Design from a Developer’s Perspective’. In Privacy Technologies and Policy, edited by Bart Preneel and Demosthenes Ikonomou, 73–85. Lecture Notes in Computer Science 8319. Berlin Heidelberg: Springer, 2014.

    Google Scholar 

  • Bigo, Didier. ‘Globalized (In)Security: The Field and the Ban-Opticon’. In Terror, Insecurity and Liberty. Illeberal Practices of Liberal Regimes after 9/11, edited by Didier Bigo and Anastassia Tsoukala, 10–48. London and New York: Routledge, 2008.

    Google Scholar 

  • Cavoukian, Ann. ‘Privacy by Design’. 2009. https://www.privacybydesign.ca/content/uploads/2009/01/privacybydesign.pdf. Accessed March 24, 2016.

    Google Scholar 

  • ———. ‘Privacy by Design: Origins, Meaning, and Prospects for Assuring Privacy and Trust in the Information Era’. In Privacy Protection Measures and Technologies in Business Organizations: Aspects and Standards, edited by George O.M. Yee, 170–207. Hershey: Information Science Reference, 2012.

    Google Scholar 

  • Cavoukian, Ann, and Khaled El Emam. ‘Introducing Privacy-Protective Surveillance: Achieving Privacy and Effective Counter-Terrorism’, September 2013. https://www.ipc.on.ca/images/Resources/pps.pdf. Accessed March 24, 2016.

  • Cavoukian, Ann, and Jeff Jonas. ‘Privacy by Design in the Age of Big Data’, June 2012. https://privacybydesign.ca/content/uploads/2012/06/pbd-big_data.pdf. Accessed March 24, 2016.

  • Cavoukian, Ann, and Marilyn Prosch. ‘The Roadmap for Privacy by Design in Mobile Communications: A Practical Tool for Developers, Service Providers, and Users’, December 2010. https://www.ipc.on.ca/images/Resources/pbd-asu-mobile.pdf. Accessed March 24, 2016.

  • Clarke, Roger. ‘Introduction to Dataveillance and Information Privacy, and Definitions of Terms’, 1997. http://www.rogerclarke.com/DV/Intro.html.

    Google Scholar 

  • Coudert, Fanny. ‘Accountable Surveillance Practices: Is the EU Moving in the Right Direction?’ In Privacy Technologies and Policy, 70–85. Proceedings of the Second Annual Privacy Forum, APF 2014. Cham: Springer, 2014.

    Google Scholar 

  • Custers, Bart, Toon Calders, Bart Schermer, and Tal Zarsky, eds. Discrimination and Privacy in the Information Society: Data Mining and Profiling Large Databases. Berlin, Heidelberg: Springer, 2013.

    Google Scholar 

  • Dandeker, Christopher. Surveillance, Power and Modernity: Bureaucracy and Discipline from 1700 to the Present Day. Cambridge: Polity Press, 1990.

    Google Scholar 

  • Danezis, George, Josep Domingo-Ferrer, Marit Hansen, Jaap-Henk Hoepman, Daniel Le Métayer, Rodica Tirtea, and Stefan Schiffner. ‘Privacy and Data Protection by Design—from Policy to Engineering’. Report/Study. ENISA, December 2014. https://www.enisa.europa.eu/publications/privacy-and-data-protection-by-design.

  • De Hert, Paul, and David Wright. ‘Introduction to Privacy Impact Assessment’. In Privacy Impact Assessment, edited by David Wright and Paul De Hert, 3–32. Dordrecht; Heidelberg: Springer, 2012.

    Google Scholar 

  • Deleuze, Gilles. Foucault. Frankfurt am Main: Suhrkamp, 2001.

    Google Scholar 

  • ———. ‘Post-scriptum sur l es sociétés de contrôle’. L’autre Journal 1 (1990).

    Google Scholar 

  • Deleuze, Gilles, and Félix Guattari. A Thousand Plateaus: Capitalism and Schizophrenia. London: Bloomsbury, 2013.

    Google Scholar 

  • Finn, Rachel L., David Wright, and Michael Friedewald. ‘Seven Types of Privacy’. In European Data Protection: Coming of Age, edited by Serge Gutwirth, Ronald Leenes, Paul De Hert, and Yves Poullet, 3–32. Dordrecht: Springer, 2013.

    Google Scholar 

  • Foucault, Michel. Discipline and Punish: The Birth of the Prison. New York: Vintage Books, Alexander Street Press, 1979.

    Google Scholar 

  • Fried, Charles. ‘Privacy. [A Moral Analysis]’. In Philosophical Dimensions of Privacy: An Anthology, edited by Ferdinand David Schoeman, 203–22. Cambridge: Cambridge University Press, 1984.

    Google Scholar 

  • Galič, Maša, Tjerk Timan, and Bert-Jaap Koops. ‘Bentham, Deleuze and Beyond: An Overview of Surveillance Theories from the Panopticon to Participation’. Philosophy & Technology, May 13, 2016, 1–29. doi:10.1007/s13347-016-0219-1.

  • Gandy, Oscar H. Coming to Terms with Chance: Engaging Rational Discrimination and Cumulative Disadvantage. Farnham: Ashgate, 2009.

    Google Scholar 

  • ———. ‘Data Mining, Surveillance, and Discrimination in the Post-9/11 Environment’. In The New Politics of Surveillance and Visibility, edited by Kevin D. Haggerty and Richard V. Ericson, 363–84. Toronto: University of Toronto Press, 2007.

    Google Scholar 

  • ———. The Panoptic Sort: A Political Economy of Personal Information. Boulder: Westview Press, 1993.

    Google Scholar 

  • Gürses, Seda, Carmela Troncoso, and Claudia Diaz. ‘Engineering Privacy by Design’, paper presented at the Conference on Computers, Privacy, and Data Protection (CPDP), 2011. https://www.cosic.esat.kuleuven.be/publications/article-1542.pdf. Accessed March 24, 2016.

    Google Scholar 

  • Haggerty, K. D., and R. V. Ericson. ‘The Surveillant Assemblage’. The British Journal of Sociology 51 (2000): 605–22.

    Article  Google Scholar 

  • Haggerty, Kevin D. ‘Tear down the Walls: On Demolishing the Panopticon’. In Theorizing Surveillance : The Panopticon and beyond, edited by David Lyon, 23–45. Cullompton: Willan, 2009.

    Google Scholar 

  • Haggerty, Kevin D., and Richard V. Ericson. ‘The New Politics of Surveillance and Visibility’. In The New Politics of Surveillance and Visibility, edited by Kevin D. Haggerty and Richard V. Ericson, 3–25. Toronto: University of Toronto Press, 2007.

    Google Scholar 

  • Hustinx, Peter. ‘Privacy by Design: Delivering the Promises.’ Identity in the Information Society 3, no. 2 (2010): 253–55.

    Article  Google Scholar 

  • Kamiran, Faisal, Toon Calders, and Mykola Pechenizkiy. ‘Techniques for Discrimination-Free Predictive Models’. In Discrimination and Privacy in the Information Society: Data Mining and Profiling Large Databases, edited by Bart Custers, Toon Calders, Bart Schermer, and Tal Zarsky, 223–41. Berlin, Heidelberg: Springer, 2013.

    Google Scholar 

  • Kenner, Alison Marie. ‘Securing the Elderly Body: Dementia, Surveillance, and the Politics of “Aging in Place”’. Surveillance & Society 5, no. 3 (September 1, 2002): 252–69.

    Google Scholar 

  • Latour, Bruno. ‘On Recalling ANT’. The Sociological Review 47, no. S1 (May 1, 1999): 15–25. doi:10.1111/j.1467-954X.1999.tb03480.x.

    Article  Google Scholar 

  • Los, Maria. ‘Looking into the Future: Surveillance, Globalization and the Totalitarian Potential’. In Theorizing Surveillance: The Panopticon and beyond, edited by David Lyon, 69–94. Cullompton: Willan, 2009.

    Google Scholar 

  • Lyon, David, ed. Surveillance as Social Sorting: Privacy, Risk, and Digital Discrimination. London: Routledge, 2003.

    Google Scholar 

  • ———. Surveillance Studies: An Overview. Cambridge: Polity Press, 2009.

    Google Scholar 

  • Ma, Zhendong, Denis Butin, Francisco Jaime, Fanny Coudert, Antonio Kung, Claire Gayrel, Antonio Mana, et al. ‘Towards a Multidisciplinary Framework to Include Privacy in the Design of Video Surveillance Systems’. In Privacy Technologies and Policy, 101–16. Proceedings of the Second Annual Privacy Forum, APF 2014. Cham: Springer, 2014.

    Google Scholar 

  • Mann, Steve, Jason Nolan, and Barry Wellman. ‘Sousveillance: Inventing and Using Wearable Computing Devices for Data Collection in Surveillance Environments.’ Surveillance & Society 1, no. 3 (September 1, 2002): 331–55.

    Google Scholar 

  • Marthews, Alex and Catherine E. Tucker. ‘Government Surveillance and Internet Search Behavior’, SSRN Scholarly Paper (Rochester, NY: Social Science Research Network, 29 April 2015), https://papers.ssrn.com/abstract=2412564.

  • Nissenbaum, Helen Fay. Privacy in Context: Technology, Policy, and the Integrity of Social Life. Stanford: Stanford Law Books, 2010.

    Google Scholar 

  • Orrù, Elisa. ‘Effects and Effectiveness of Surveillance Technologies: Mapping Perceptions, Reducing Harm’, European University Institute Working Papers, (2015), http://cadmus.eui.eu//handle/1814/37340.

  • Panichas, George E. ‘An Intrusion Theory of Privacy’. Res Publica 20, no. 2 (May 1, 2014): 145–61.

    Google Scholar 

  • Penney, Jon. ‘Chilling Effects: Online Surveillance and Wikipedia Use’, Berkeley Technology Law Journal 31, no. 1 (2016): 117–82.

    Google Scholar 

  • Porcedda, Maria Grazia. ‘Public-Private Partnerships: A “Soft” Approach to Cybersecurity? Views from the European Union’. In Security in Cyberspace: Targeting Nations, Infrastructures, Individuals, edited by Giampiero Giacomello, 183–211. New York: Bloomsbury, 2014.

    Google Scholar 

  • Raab, Charles D. ‘Privacy, Social Values and the Public Interest’. Edited by Andreas Busch and Jeannette Hofmann. Politik und die Regulierung von Information’ [‘Politics and the Regulation of Information’], Politische Vierteljahresschrift, 46 (2012): 129–51.

    Google Scholar 

  • Raab, Charles D. ‘The Future of Privacy Protection’. In Trust and Crime in Information Societies, edited by Robin Mansell and Brian Collins, 282–318. Cheltenham: Edward Elgar, 2005.

    Google Scholar 

  • Raab, Charles D., and David Wright. ‘Privacy Principles, Risks and Harms’. International Review of Law, Computers & Technology 28, no. 3 (2014): 277–98.

    Article  Google Scholar 

  • ———. ‘Surveillance: Extending the Limits of Privacy Impact Assessment’, in In Privacy Impact Assessment, edited by David Wright and Paul De Hert, 363–83. Dordrecht; Heidelberg: Springer, 2012.

    Google Scholar 

  • Regan, Priscilla M. Legislating Privacy. London: University of North Carolina Press, 1995.

    Google Scholar 

  • Rössler, Beate. ‘New Ways of Thinking about Privacy’. In The Oxford Handbook of Political Theory, edited by John S. Dryzek, 694–712. Oxford: Oxford University Press, 2006.

    Google Scholar 

  • Rubel, Alan. ‘The Particularized Judgment Account of Privacy’. Res Publica 17 (2011): 275–90.

    Article  Google Scholar 

  • Solove, Daniel J. ‘A Taxonomy of Privacy’. University of Pennsylvania Law Review 154 (2006): 477–564. doi:10.2307/40041279. Accessed March 24, 2016.

    Article  Google Scholar 

  • ———. ‘Conceptualizing Privacy’. California Law Review 90 (2002): 1087–1155. doi:10.2307/3481326. Accessed March 24, 2016.

  • Stalder, Felix. ‘Privacy Is Not the Antidote to Surveillance.’ Surveillance & Society 1 (2009): 120–24.

    Google Scholar 

  • Thomson, Judith Jarvis. ‘The Right to Privacy’. Philosophy & Public Affairs 4 (1975): 295–314.

    Google Scholar 

  • Walsh, James P. ‘From Border Control to Border Care: The Political and Ethical Potential of Surveillance.’ Surveillance & Society 8, no. 2 (December 18, 2010): 113–30.

    Google Scholar 

  • Zarsky, Tal. ‘Transparency in Data Mining: From Theory to Practice’. In Discrimination and Privacy in the Information Society: Data Mining and Profiling Large Databases, edited by Bart Custers, Toon Calders, Bart Schermer, and Tal Zarsky, 301–24. Berlin, Heidelberg: Springer, 2013.

    Google Scholar 

  • Zuboff, Shoshana. ‘Big Other: Surveillance Capitalism and the Prospects of an Information Civilization’, Journal of Information Technology 30: 75–89, April 4, 2015. http://papers.ssrn.com/abstract=2594754.

Download references

Acknowledgments

I am grateful to two anonymous reviewers and to Claudia Diaz and Maria Grazia Porcedda for their comments on earlier drafts of this article. I also gratefully acknowledge the comments made by the participants in the Third Dutch/German Workshop in Philosophy of Technology (Technische Universität Darmstadt, June 2014), the Delft Philosophy Colloquium (Technische Universitait Delft, March 2015), the State of the Union Conference 2015 (European University Institute, Florence) and the CPDP (Computers, Privacy & Data Protection) Conference 2016 (Brussels). Part of the research presented in this chapter was funded by the European Union’s Seventh Framework Programme for research, technological development and demonstration under grant agreement no. 284725 as part of the SURVEILLE (Surveillance: Ethical Issues, Legal Limitations, and Efficiency) Project.

Author information

Authors and Affiliations

  1. Centre for Security and Society, Albert-Ludwigss-Universität Freiburg, Oberrieder Straße 29, Freiburg im Breisgau, 79117, Germany

    Elisa Orrù

Authors
  1. Elisa Orrù
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Elisa Orrù .

Editor information

Editors and Affiliations

  1. Tilburg Institute for Law, Technology, & Society, Tilburg University, Tilburg, The Netherlands

    Ronald Leenes

  2. Law, Science, Technology, & Society (LSTS), Vrije Universiteit Brussel (VUB), Brussels, Belgium

    Rosamunde van Brakel , Serge Gutwirth  & Paul De Hert ,  & 

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this chapter

Cite this chapter

Orrù, E. (2017). Minimum Harm by Design: Reworking Privacy by Design to Mitigate the Risks of Surveillance. In: Leenes, R., van Brakel, R., Gutwirth, S., De Hert, P. (eds) Data Protection and Privacy: (In)visibilities and Infrastructures. Law, Governance and Technology Series(), vol 36. Springer, Cham. https://doi.org/10.1007/978-3-319-50796-5_5

Download citation

Publish with us

Policies and ethics

Search

Navigation