Abstract
Privacy by Design has emerged as a proactive approach for embedding privacy into the early stages of the design of information and communication technologies, but it is no ‘silver bullet’. Challenges involved in engineering Privacy by Design include a lack of holistic and systematic methodologies that address the complexity and variability of privacy issues and support the translation of its principles into engineering activities. A consequence is that its principles are given at a high level of abstraction without accompanying tools and guidelines to address these challenges. We analyse three privacy requirements engineering methods from which we derive a set of criteria that aid in identifying data-processing activities that may lead to privacy violations and harms and also aid in specifying appropriate design decisions. We also present principles for engineering Privacy by Design that can be developed upon these criteria. Based on these, we outline some preliminary thoughts on the form of a principled framework that addresses the plurality and contextuality of privacy issues and supports the translation of the principles of Privacy by Design into engineering activities.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Beckers, K.: Comparing privacy requirements engineering approaches. In: Proceedings of the 2012 Seventh International Conference on Availability, Reliability and Security (ARES 2012), pp. 574–581. IEEE (2012)
Bier, C., Birnstill, P., Krempel, E., Vagts, H., Beyerer, J.: Enhancing privacy by design from a developer’s perspective. In: Preneel, B., Ikonomou, D. (eds.) APF 2012. LNCS, vol. 8319, pp. 73–85. Springer, Heidelberg (2014). doi:10.1007/978-3-642-54069-1_5
Cavoukian, A.: Creation of a global privacy standard (2006). https://www.ipc.on.ca/images/Resources/gps.pdf
Cavoukian, A.: Privacy by design (2009). https://www.privacybydesign.ca/content/uploads/2009/01/privacybydesign.pdf
Cavoukian, A.: Privacy by design [leading edge]. IEEE Technol. Soc. Mag. 31(4), 18–19 (2012)
Cavoukian, A., Monica, M., Fariba, A., Dan, R., Jeff, K.: Privacy risk management: building privacy protection into a risk management framework to ensure that privacy risks are managed, by default (2010). https://www.ipc.on.ca/images/Resources/pbd-priv-risk-mgmt.pdf
Cavoukian, A., Shapiro, S., Cronk, R.J.: Privacy engineering: proactively embedding privacy, by design (2014). https://www.privacybydesign.ca/content/uploads/2014/01/pbd-priv-engineering.pdf
Cavoukian, A.: Privacy by design: the 7 foundational principles implementation and mapping of fair information practices (2010). https://www.ipc.on.ca/english/Resources/Discussion-Papers/Discussion-Papers-Summary/?id=953
Colesky, M., Hoepman, J.H., Hillen, C.: A critical analysis of privacy design strategies. In: Proceedings of the 2016 IEEE Security and Privacy Workshops (SPW), pp. 33–40. IEEE (2016)
Deng, M., Wuyts, K., Scandariato, R., Preneel, B., Joosen, W.: A privacy threat analysis framework: supporting the elicitation and fulfillment of privacy requirements. Requirements Eng. 16(1), 3–32 (2011)
Dennedy, M.F., Fox, J., Finneran, T.: The Privacy Engineer’s Manifesto: Getting from Policy to Code to QA to Value. Apress, New York (2014)
Gürses, S., del Alamo, J.: Privacy engineering: shaping an emerging field of research and practice. IEEE Secur. Priv. 14(2), 40–46 (2016)
Gürses, S., Troncoso, C., Diaz, C.: Engineering privacy by design. In: Proceedings of the 4th International Conference on Computers, Privacy & Data Protection (CPDP 2011), p. 25 (2011)
Hansen, M., Jensen, M., Rost, M.: Protection goals for privacy engineering. In: Proceedings of the 2015 IEEE Security and Privacy Workshops (SPW 2015), pp. 159–166. IEEE (2015)
Hoepman, J.-H.: Privacy design strategies. In: Cuppens-Boulahia, N., Cuppens, F., Jajodia, S., Abou El Kalam, A., Sans, T. (eds.) SEC 2014. IAICT, vol. 428, pp. 446–459. Springer, Heidelberg (2014). doi:10.1007/978-3-642-55415-5_38
Kalloniatis, C., Kavakli, E., Gritzalis, S.: Addressing privacy requirements in system design: the PriS method. Requirements Eng. 13(3), 241–255 (2008)
Kung, A.: PEARs: privacy enhancing architectures. In: Preneel, B., Ikonomou, D. (eds.) APF 2014. LNCS, vol. 8450, pp. 18–29. Springer, Cham (2014). doi:10.1007/978-3-319-06749-0_2
Nissenbaum, H.F.: Privacy in Context: Technology, Policy, and the Integrity of Social Life. Stanford University Press, New York (2009)
Notario, N., Crespo, A., MartÃn, Y.S., Del Alamo, J.M., Le Métayer, D., Antignac, T., Kung, A., Kroener, I., Wright, D.: PRIPARE: integrating privacy best practices into a privacy engineering methodology. In: Proceedings of the 2015 IEEE Security and Privacy Workshops (SPW 2015), pp. 151–158. IEEE (2015)
Shapiro, S.S.: Privacy by design: moving from art to practice. Commun. ACM 53(6), 27–29 (2010)
Solove, D.J.: A taxonomy of privacy. Univ. PA Law Rev. 154(3), 477–564 (2006)
Spiekermann, S.: The challenges of privacy by design. Commun. ACM 55(7), 38–40 (2012)
Spiekermann, S., Cranor, L.F.: Engineering privacy. IEEE Trans. Softw. Eng. 35(1), 67–82 (2009)
The Commission Nationale de lInformatique et des Libertés (CNIL): methodology for privacy risk management (2016). https://www.cnil.fr/sites/default/files/typo/document/CNIL-ManagingPrivacyRisks-Methodology.pdf
The European Union: Official Journal of the European Union: General Data Protection Regulation (2016). http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=OJ:L:2016:119:FULL&from=EN
United States Department of Health, Education, Welfare: Secretary’s Advisory Committee on Automated Personal Data Systems: Records, Computers and the Rights of Citizens: Report. [Cambridge? Mass.]: [MIT Press], Cambridge (1973)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Alshammari, M., Simpson, A. (2017). Towards a Principled Approach for Engineering Privacy by Design. In: Schweighofer, E., Leitold, H., Mitrakas, A., Rannenberg, K. (eds) Privacy Technologies and Policy. APF 2017. Lecture Notes in Computer Science(), vol 10518. Springer, Cham. https://doi.org/10.1007/978-3-319-67280-9_9
Download citation
DOI: https://doi.org/10.1007/978-3-319-67280-9_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-67279-3
Online ISBN: 978-3-319-67280-9
eBook Packages: Computer ScienceComputer Science (R0)