Abstract
The term “Big Data” is used to describe a universe of very large datasets that hold a variety of data types. This has spawned a new generation of information architectures and applications to facilitate the fast processing speeds and the visualization needed to analyze and extract value from these extremely large sets of data, using distributed platforms. While not all data in Big Data applications will be personally identifiable, when this is the case, privacy interests arise. To be clear, privacy requirements are not obstacles to innovation or to realizing societal benefits from Big Data analytics—in fact, they can actually foster innovation and doubly-enabling, win–win outcomes. This is achieved by taking a Privacy by Design approach to Big Data applications. This chapter begins by defining information privacy, then it will provide an overview of the privacy risks associated with Big Data applications. Finally, the authors will discuss Privacy by Design as an international framework for privacy, then provide guidance on using the Privacy by Design Framework and the 7 Foundational Principles, to achieve both innovation and privacy—not one at the expense of the other.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
NIST (2015) defines ‘pseudonymization’ as a specific kind of transformation in which the names and other information that directly identifies an individual are replaced with pseudonyms. Pseudonymization allows linking information belonging to an individual across multiple data records or information systems, provided that all direct identifiers are systematically pseudonymized. Pseudonymization can be readily reversed if the entity that performed the pseudonymization retains a table linking the original identities to the pseudonyms, or if the substitution is performed using an algorithm for which the parameters are known or can be discovered.
- 2.
There are many government Open Data initiatives such as U.S. Government’s Open Data at www.data.gov; Canadian Government’s Open Data at http://open.canada.ca/en/open-data; UN Data at http://data.un.org/; EU Open Data Portal at https://data.europa.eu/euodp/en/data/. This is just a sample of the many Open Data sources around the world.
- 3.
In news media an echo chamber is a metaphorical description of a situation in which information, ideas, or beliefs are amplified or reinforced by transmission and repetition inside an “enclosed” system, where different or competing views are censored, disallowed, or otherwise underrepresented. The term is by analogy with an acoustic echo chamber, where sounds reverberate.
References
Article 29 Data protection working party (2013). Opinion 03/2013 on purpose limitation. http://ec.europa.eu/justice/data-protection/index_en.htm. Accessed 2 August 2016.
Blum, A., Ligett, K., Roth, A. (2008). A learning theory approach to non-interactive database privacy. In Proceedings of the 40th ACM SIGACT Symposium on Theory of Computing (pp. 609–618).
Cameron, K. (2013). Afterword. In M. Hildebrandt et al. (Eds.), Digital Enlightenment Yearbook 2013. Amsterdam: IOS Press.
Cavoukian, A. (2009). Privacy and government 2.0: the implications of an open world. http://www.ontla.on.ca/library/repository/mon/23006/293152.pdf. Accessed 22 November 2016.
Cavoukian, A. (2011). Privacy by Design: The 7 Foundational Principles. Ontario: IPC.
Cavoukian, A. (2013a). A Primer on Metadata: Separating Fact from Fiction. Ontario: IPC. http://www.ipc.on.ca/images/Resources/metadata.pdf.
Cavoukian, A. (2013b). Privacy by design: leadership, methods, and results. In S. Gutwirth, R. Leenes, P. de Hert, & Y. Poullet (Eds.), Chapter in European Data Protection: Coming of Age (pp. 175–202). Dordrecht: Springer Science & Business Media Dordrecht.
Cavoukian, A., & Cameron, K. (2011). Wi-Fi Positioning Systems: Beware of Unintended Cosnequences: Issues Involving Unforeseen Uses of Pre-Existing Architecture. Ontario: IPC.
Cavoukian, A., & El Emam. (2014). De-identification Protocols: Essential for Protecting Privacy, Ontario: IPC.
Cavoukian, A., & Jonas, J. (2012). Privacy by Design in the Age of Big Data. Ontario: IPC.
Cavoukian, A., & Weiss, J.B. (2012). Privacy by Design and User Interfaces: Emerging Design Criteria—Keep it User-Centric. Ontario: IPC.
Cavoukian, A., Bansal, N., & Koudas, N. (2014a). Building Privacy into Mobile Location Analytics (MLA) through Privacy by Design. Ontario: IPC.
Cavoukian, A., Dix, A., & El Emam, K. (2014b). The Unintended Consequences of Privacy Paternalism. Ontario: IPC.
Clarke, R. (2000). Beyond OECD guidelines; privacy protection for the 21st century. Xamax Consultancy Pty Ltd. http://www.rogerclarke.com/DV/PP21C.html. Accessed 22 November 2016.
CNW (2010). Landmark resolution passed to preserve the future of privacy. Press Release. Toronto, ON, Canada. http://www.newswire.ca/news-releases/landmark-resolution-passed-to-preserve-the-future-of-privacy-546018632.html. Accessed 22 November 2016.
Cukier, K., & Mayer-Schonberger, V. (2013). The dictatorship of data. MIT Technology Review. https://www.technologyreview.com/s/514591/the-dictatorship-of-data/. Accessed 22 November 2016.
Damiani, M. L. (2013). Privacy enhancing techniques for the protection of mobility patterns in LBS: research issues and trends. In S. Gutwirth, R. Leenes, P. de Hert, & Y. Poullet (Eds.), Chapter in european data protection: coming of age (pp. 223–238). Dordrecht: Springer Science & Business Media Dordrecht.
Department of Commerce (US DOC) (2016). EU-U.S. privacy shield fact sheet. Office of public affairs, US department of commerce. https://www.commerce.gov/news/fact-sheets/2016/02/eu-us-privacy-shield. Accessed 22 November 2016.
Dwork, C. (2006). Differential privacy. In Proceedings of the 33rd International Colloquium on Automata, Languages and Programming (ICALP) (Vol. 2, pp. 1–12).
Dwork, C. (2014). Differential privacy: a cryptographic approach to private data analysis. In J. Lane, V. Stodden, S. Bender, & H. Nissenbaum (Eds.), Privacy, big data, and the public good: Frameworks for engagement. New York: Cambridge University Press.
El Emam, K. (2013a). Benefiting from big data while protecting privacy. In K. El Emam (Ed.), Chapter in risky business: sharing health data while protecting privacy. Bloomington, IN: Trafford Publishing.
El Emam, K. (2013b). In K. El Emam (Ed.), Who’s afraid of big data? chapter in risky business: Sharing health data while protecting privacy. Bloomington, IN, USA: Trafford Publishing.
El Emam, K., Buckeridge, D., Tamblyn, R., Neisa, A., Jonker, E., & Verma, A. (2011). The re-identification risk of Canadians from longitudinal demographics. BMC Medical Informatics and Decision Making, 11:46. http://bmcmedinformdecismak.biomedcentral.com/articles/10.1186/1472-6947-11-46. Accessed 22 November 2016.
ENISA. (2015). Privacy by design in big data: An overview of privacy enhancing technologies in the era of big data analytics. www.enisa.europa.eu. Accessed 22 November 2016.
EPIC (n.d.). Website: https://epic.org/privacy/consumer/code_fair_info.html. Accessed 22 November 2016.
EU Commission (2012). Fact sheet on the right to be forgotten. http://ec.europa.eu/justice/data-protection/files/factsheets/factsheet_data_protection_en.pdf. Accessed 22 November 2016.
EU Commission (2015). Fact sheet—questions and answers—data protection reform. Brussels. http://europa.eu/rapid/press-release_MEMO-15-6385_en.htm. Accessed 4 November 2016.
EU Commission (2016). The EU data protection reform and big data factsheet. http://ec.europa.eu/justice/data-protection/files/data-protection-big-data_factsheet_web_en.pdf. Accessed 22 November 2016.
EU Commission (2016b). EU-U.S. Privacy Shield Fact Sheet. Department of Justice. July 2016. http://ec.europa.eu/justice/data-protection/files/factsheets/factsheet_eu-us_privacy_shield_en.pdf. Accessed 22 November 2016.
Fogarty, D., & Bell, P. C. (2014). Should you outsource analytics? MIT Sloan Management Review, 55(2), Winter.
FTC (2012). Protecting consumer privacy in an era of rapid change: Recommendations for businesses and policymakers. https://www.ftc.gov/sites/default/files/documents/reports/federal-trade-commission-report-protecting-consumer-privacy-era-rapid-change-recommendations/120326privacyreport.pdf Accessed August 2016.
FTC (2016). Big data: A tool for inclusion or exclusion? Understanding the Issues. https://www.ftc.gov/system/files/documents/reports/big-data-tool-inclusion-or-exclusion-understanding-issues/160106big-data-rpt.pdf. Accessed 23 November 2016.
Gürses, S.F. Troncoso, C., & Diaz, C. (2011). Engineering privacy by design, Computers, Privacy & Data Protection. http://www.cosic.esat.kuleuven.be/publications/article-1542.pdf. Accessed 19 November 2016.
Harris, M. (2015). Recap of covington’s privacy by design workshop. inside privacy: updates on developments in data privacy and cybsersecurity. Covington & Burlington LLP, U.S. https://www.insideprivacy.com/united-states/recap-of-covingtons-privacy-by-design-workshop/. Accessed 19 November 2016.
HHS (2012). Guidance regarding methods for de-identification of protected health information in accordance with the health insurance portability and accountability act (HIPPA) privacy rule. http://www.hhs.gov/hipaa/for-professionals/privacy/special-topics/de-identification/index.html. Accessed 2 August 2016.
Information Commissioner’s Office (ICO) (2013). Privacy in Mobile Apps: Guide for app developers. https://ico.org.uk/media/for-organisations/documents/1596/privacy-in-mobile-apps-dp-guidance.pdf Accessed 22 November 2016.
Innes, J. (2013). Realizing the promise of open data: an example of the canadian discharge abstract database. In K. El Emam (Ed.), Chapter in Risky Business: Sharing Health Data While Protecting Privacy. Bloomington, IN, USA: Trafford Publishing.
International Working Group on Data Protection in Telecommunications (IWGDPT) (2004) Common position on privacy and location information in mobile communications services. https://datenschutz-berlin.de/content/europa-international/international-working-group-on-data-protection-in-telecommunications-iwgdpt/working-papers-and-common-positions-adopted-by-the-working-group. Accessed 22 November 2016.
International Working Group on Data Protection in Telecommunications (IWGDPT) (2014). Working Paper on Big Data and Privacy: Privacy principles under pressure in the age of Big Data analytics. 55th Meeting. https://datenschutz-berlin.de/content/europa-international/international-working-group-on-data-protection-in-telecommunications-iwgdpt/working-papers-and-common-positions-adopted-by-the-working-group. Accessed 22 November 2016.
Lane, J., et al. (2014). Privacy, big data and the public good: frameworks for engagement. Cambridge: Cambridge University Press.
Lindell, Y., & Pinkas, B. (2002). Privacy preserving data mining. Journal of Cryptology, 15, 177–206. International Association for Cryptologic Research.
Lomas, N. (2015). Europe’s top court strikes down safe Harbor data-transfer agreement with U.S. Techcrunch. https://techcrunch.com/2015/10/06/europes-top-court-strikes-down-safe-harbor-data-transfer-agreement-with-u-s/. Accessed 22 November 2016.
Mayer, J., Mutchler, P., & Mitchell, J. C. (2016). Evaluating the privacy properties of telephone metadata. Proceedings of the National Academies of Science, U S A, 113(20), 5536–5541.
Monreale, A., Rinzivillo, S., Pratesi, F., Giannotti, F., & Pedreschi, D. (2014). Privacy-by-design in big data analytics and social mining. EPJ Data Science, 3(1), 1–26. 10.1140/epjds/s13688-014-0010-4. Accessed 22 November 2016.
NIST. (2010). Guide to protecting the confidentiality of personally identifiable information (PII). NIST special publication 800–122. Gaithersburg, MD: Computer Science Division.
NIST (2015). De-identification of Personal Information. NISTR 8053. This publication is available free of charge from: 10.6028/NIST.IR.8053. Accessed 19 November 2016.
Official Journal of the European Union (2016). Regulation (EU) 2016/679 Of The European Parliament and of the Council. http://ec.europa.eu/justice/data-protection/reform/files/regulation_oj_en.pdf. Accessed 19 November 2016.
Quattrociocchi, W. Scala, A., & Sunstein, C.R. (2016) Echo Chambers on Facebook. Preliminary draft, not yet published. Available at: http://ssrn.com/abstract=2795110. Accessed 19 November 2016.
Richards, N. M., & King, J. H. (2013). Big data Ethics. Wake Forest Law Review, 49, 393–433.
Ritter, D. (2014). When to Act on a correlation, and when Not To. Harvard Business Review. https://hbr.org/2014/03/when-to-act-on-a-correlation-and-when-not-to. Accessed 19 November 2016.
Singer, N. (2011). The trouble with the echo chamber online. New York Times online. http://www.nytimes.com/2011/05/29/technology/29stream.html?_r=0. Accessed 19 November 2016.
Solove, D. J. (2007). I’ve got nothing to hide’ and other misunderstandings of privacy. San Diego Law Review, 44, 745.
Solove, D. (2014). Why did in bloom die? A hard lesson about education privacy. Privacy + Security Blog. TeachPrivacy. Accessed 4 Aug 2016. https://www.teachprivacy.com/inbloom-die-hard-lesson-education-privacy/
Sweeney, L. (2013) Discrimination in online ad delivery. http://dataprivacylab.org/projects/onlineads/1071-1.pdf. Accessed 22 November 2016.
Tene, O., & Polonetsky, J. (2013). Big data for all: Privacy and user control in the age of analytics. New Journal of Technology and Intellectual Property, 11(5), 239–272.
Thaler, J., Ullman, J., & Vadhan, S. (2010). PCPs and the hardness of generating synthetic data. Electronic Colloquium on Computational Complexity, Technical Report, TR10–TR07.
TRUSTe/NCSA (2016). Consumer privacy infographic—US Edition. https://www.truste.com/resources/privacy-research/ncsa-consumer-privacy-index-us/. Accessed 4 November 2016.
Turow, J., Feldman, L, & Meltzer, K. (2015). Open to exploitation: american shoppers online and offline. A report from the Annenberg Public Policy Center of the University of Pennsylvania. http://www.annenbergpublicpolicycenter.org/open-to-exploitation-american-shoppers-online-and-offline/. Accessed 22 November 2016.
United Nations General Assembly (2016). Resolution adopted by the General Assembly. The right to privacy in the digital age (68/167). http://www.un.org/ga/search/view_doc.asp?symbol=A/RES/68/167. Accessed 4 November 2016.
Zhang, Y., Chen, Q., & Zhong, S. (2016). Privacy-preserving data aggregation in mobile phone sensing. Information Forensics and Security IEEE Transactions on, 11, 980–992.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG
About this chapter
Cite this chapter
Cavoukian, A., Chibba, M. (2018). Start with Privacy by Design in All Big Data Applications. In: Srinivasan, S. (eds) Guide to Big Data Applications. Studies in Big Data, vol 26. Springer, Cham. https://doi.org/10.1007/978-3-319-53817-4_2
Download citation
DOI: https://doi.org/10.1007/978-3-319-53817-4_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-53816-7
Online ISBN: 978-3-319-53817-4
eBook Packages: EngineeringEngineering (R0)