Skip to main content
SpringerLink
Log in

Towards a Principled Approach for Engineering Privacy by Design

  • Conference paper
  • First Online:
Privacy Technologies and Policy (APF 2017)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10518))

Included in the following conference series:

Abstract

Privacy by Design has emerged as a proactive approach for embedding privacy into the early stages of the design of information and communication technologies, but it is no ‘silver bullet’. Challenges involved in engineering Privacy by Design include a lack of holistic and systematic methodologies that address the complexity and variability of privacy issues and support the translation of its principles into engineering activities. A consequence is that its principles are given at a high level of abstraction without accompanying tools and guidelines to address these challenges. We analyse three privacy requirements engineering methods from which we derive a set of criteria that aid in identifying data-processing activities that may lead to privacy violations and harms and also aid in specifying appropriate design decisions. We also present principles for engineering Privacy by Design that can be developed upon these criteria. Based on these, we outline some preliminary thoughts on the form of a principled framework that addresses the plurality and contextuality of privacy issues and supports the translation of the principles of Privacy by Design into engineering activities.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Beckers, K.: Comparing privacy requirements engineering approaches. In: Proceedings of the 2012 Seventh International Conference on Availability, Reliability and Security (ARES 2012), pp. 574–581. IEEE (2012)

    Google Scholar 

  2. Bier, C., Birnstill, P., Krempel, E., Vagts, H., Beyerer, J.: Enhancing privacy by design from a developer’s perspective. In: Preneel, B., Ikonomou, D. (eds.) APF 2012. LNCS, vol. 8319, pp. 73–85. Springer, Heidelberg (2014). doi:10.1007/978-3-642-54069-1_5

    Chapter  Google Scholar 

  3. Cavoukian, A.: Creation of a global privacy standard (2006). https://www.ipc.on.ca/images/Resources/gps.pdf

  4. Cavoukian, A.: Privacy by design (2009). https://www.privacybydesign.ca/content/uploads/2009/01/privacybydesign.pdf

  5. Cavoukian, A.: Privacy by design [leading edge]. IEEE Technol. Soc. Mag. 31(4), 18–19 (2012)

    Article  Google Scholar 

  6. Cavoukian, A., Monica, M., Fariba, A., Dan, R., Jeff, K.: Privacy risk management: building privacy protection into a risk management framework to ensure that privacy risks are managed, by default (2010). https://www.ipc.on.ca/images/Resources/pbd-priv-risk-mgmt.pdf

  7. Cavoukian, A., Shapiro, S., Cronk, R.J.: Privacy engineering: proactively embedding privacy, by design (2014). https://www.privacybydesign.ca/content/uploads/2014/01/pbd-priv-engineering.pdf

  8. Cavoukian, A.: Privacy by design: the 7 foundational principles implementation and mapping of fair information practices (2010). https://www.ipc.on.ca/english/Resources/Discussion-Papers/Discussion-Papers-Summary/?id=953

  9. Colesky, M., Hoepman, J.H., Hillen, C.: A critical analysis of privacy design strategies. In: Proceedings of the 2016 IEEE Security and Privacy Workshops (SPW), pp. 33–40. IEEE (2016)

    Google Scholar 

  10. Deng, M., Wuyts, K., Scandariato, R., Preneel, B., Joosen, W.: A privacy threat analysis framework: supporting the elicitation and fulfillment of privacy requirements. Requirements Eng. 16(1), 3–32 (2011)

    Article  Google Scholar 

  11. Dennedy, M.F., Fox, J., Finneran, T.: The Privacy Engineer’s Manifesto: Getting from Policy to Code to QA to Value. Apress, New York (2014)

    Book  Google Scholar 

  12. Gürses, S., del Alamo, J.: Privacy engineering: shaping an emerging field of research and practice. IEEE Secur. Priv. 14(2), 40–46 (2016)

    Article  Google Scholar 

  13. Gürses, S., Troncoso, C., Diaz, C.: Engineering privacy by design. In: Proceedings of the 4th International Conference on Computers, Privacy & Data Protection (CPDP 2011), p. 25 (2011)

    Google Scholar 

  14. Hansen, M., Jensen, M., Rost, M.: Protection goals for privacy engineering. In: Proceedings of the 2015 IEEE Security and Privacy Workshops (SPW 2015), pp. 159–166. IEEE (2015)

    Google Scholar 

  15. Hoepman, J.-H.: Privacy design strategies. In: Cuppens-Boulahia, N., Cuppens, F., Jajodia, S., Abou El Kalam, A., Sans, T. (eds.) SEC 2014. IAICT, vol. 428, pp. 446–459. Springer, Heidelberg (2014). doi:10.1007/978-3-642-55415-5_38

    Chapter  Google Scholar 

  16. Kalloniatis, C., Kavakli, E., Gritzalis, S.: Addressing privacy requirements in system design: the PriS method. Requirements Eng. 13(3), 241–255 (2008)

    Article  Google Scholar 

  17. Kung, A.: PEARs: privacy enhancing architectures. In: Preneel, B., Ikonomou, D. (eds.) APF 2014. LNCS, vol. 8450, pp. 18–29. Springer, Cham (2014). doi:10.1007/978-3-319-06749-0_2

    Google Scholar 

  18. Nissenbaum, H.F.: Privacy in Context: Technology, Policy, and the Integrity of Social Life. Stanford University Press, New York (2009)

    Google Scholar 

  19. Notario, N., Crespo, A., Martín, Y.S., Del Alamo, J.M., Le Métayer, D., Antignac, T., Kung, A., Kroener, I., Wright, D.: PRIPARE: integrating privacy best practices into a privacy engineering methodology. In: Proceedings of the 2015 IEEE Security and Privacy Workshops (SPW 2015), pp. 151–158. IEEE (2015)

    Google Scholar 

  20. Shapiro, S.S.: Privacy by design: moving from art to practice. Commun. ACM 53(6), 27–29 (2010)

    Article  Google Scholar 

  21. Solove, D.J.: A taxonomy of privacy. Univ. PA Law Rev. 154(3), 477–564 (2006)

    Article  Google Scholar 

  22. Spiekermann, S.: The challenges of privacy by design. Commun. ACM 55(7), 38–40 (2012)

    Article  Google Scholar 

  23. Spiekermann, S., Cranor, L.F.: Engineering privacy. IEEE Trans. Softw. Eng. 35(1), 67–82 (2009)

    Article  Google Scholar 

  24. The Commission Nationale de lInformatique et des Libertés (CNIL): methodology for privacy risk management (2016). https://www.cnil.fr/sites/default/files/typo/document/CNIL-ManagingPrivacyRisks-Methodology.pdf

  25. The European Union: Official Journal of the European Union: General Data Protection Regulation (2016). http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=OJ:L:2016:119:FULL&from=EN

  26. United States Department of Health, Education, Welfare: Secretary’s Advisory Committee on Automated Personal Data Systems: Records, Computers and the Rights of Citizens: Report. [Cambridge? Mass.]: [MIT Press], Cambridge (1973)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, University of Oxford, Wolfson Building, Parks Road, Oxford, OX1 3QD, UK

    Majed Alshammari & Andrew Simpson

Authors
  1. Majed Alshammari
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Andrew Simpson
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Majed Alshammari .

Editor information

Editors and Affiliations

  1. Centre for Legal Informatics, University of Vienna, Vienna, Austria

    Erich Schweighofer

  2. A-SIT, Graz, Austria

    Herbert Leitold

  3. European Union Agency for Network and Information Security, Heraklion, Greece

    Andreas Mitrakas

  4. Goethe University Frankfurt, Frankfurt, Hessen, Germany

    Kai Rannenberg

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Alshammari, M., Simpson, A. (2017). Towards a Principled Approach for Engineering Privacy by Design. In: Schweighofer, E., Leitold, H., Mitrakas, A., Rannenberg, K. (eds) Privacy Technologies and Policy. APF 2017. Lecture Notes in Computer Science(), vol 10518. Springer, Cham. https://doi.org/10.1007/978-3-319-67280-9_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-67280-9_9

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-67279-3

  • Online ISBN: 978-3-319-67280-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation