Abstract
The concept of Privacy by Design (PbD) is a vision for creating data-processing environments in a way that respects privacy and data protection in the design of products and processes from the start. PbD has been inspired by and elaborated in different disciplines (especially law and computer science). Developments have taken place in research and policy, with the General Data Protection Regulation to be adopted by the European Parliament in 2016 and to enter into force in 2018. It is now time to use the results for practical guidance on how to achieve the goals defined by the legislation. In this paper, we summarise lessons learned from the special session on Multidisciplinary Aspects of PbD organised at the Annual Privacy Forum 2015. In particular, we identify important current and future implementation challenges of PbD. These are: terminology, legal compliance, different disciplines’ understandings, the role of the data protection officer, the involvement of all stakeholders, and education. We conclude by emphasising the importance of approaching PbD in an interdisciplinary way.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
The principle of data quality (Article 6 Directive 95/46/EC) includes the principles of fairness (data must be processed fairly), lawfulness (data must be processed according to a legitimate legal ground), purpose limitation, data minimisation, and accuracy. PETs are able to ensure confidentiality of personal data as an attribute of information security.
References
Article 29 Data Protection Working Party: The future of privacy. Joint contribution to the consultation of the European commission on the legal framework for the fundamental right to protection of personal data (WP168, 2009) (2009) http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2009/wp168_en.pdf
Bcheri, S., Goetze, N., Liagkou, V., Pyrgelis, A., Raptopoulos, C., Stamatiou, G., Storf, K., Waengmark, P., Zwingelberg, H.: D5.1 scenario definition for both pilots. ABC4Trust Deliverable (2012)
Berendt, B., Coudert, F.: Privatsphäre und Datenschutz lehren - Ein interdisziplinärer Ansatz. Konzept, Umsetzung, Schlussfolgerungen und Perspektiven. [Teaching privacy and data protection - an interdisciplinary approach. Concept, implementation, conclusions and perspectives.] In: Neues Handbuch Hochschullehre. [New Handbook of Teaching in Higher Education] (EG 71, 2015, E1.9), pp. 7–40. Raabe Verlag, Berlin (2015)
Cavoukian, A.: Privacy by design: the 7 foundational principles. Information and Privacy Commissioner of Ontario, Toronto, Ontario, Canada (2011). Revised version, originally published 2009. https://www.ipc.on.ca/images/resources/7foundationalprinciples.pdf
Coudert, F., Berendt, B.: Guidelines for initial privacy impact assessment and related design advice (2014). http://people.cs.kuleuven.be/~bettina.berendt/teaching/kaw/guidelines.pdf
Council of the European Union: Proposal for a regulation of the European parliament and the council on the protection of individuals with regard to the processing of personal data and on the free movement of such data - Analysis of the final compromise text with a view to agreement. Presidency to Permanent Representatives Committee, 15 December 2015. http://www.statewatch.org/news/2015/dec/eu-council-dp-reg-draft-final-compromise-15039-15.pdf
Danezis, G., Domingo-Ferrer, J., Hansen, M., Hoepman, J.-H., Le Métayer, D., Tirtea, R., Schiffner, S.: Privacy and data protection by design – from policy to engineering. ENISA report (2014). https://www.enisa.europa.eu/activities/identity-and-trust/library/deliverables/privacy-and-data-protection-by-design
Danish Ministry of Science Technology and Innovation: Privacy enhancing technologies, META group report v1.1 (2005). https://danskprivacynet.files.wordpress.com/2008/07/rapportvedrprivacyenhancingtechlologies.pdf
Diaz, C., Gürses, S.: Understanding the landscape of privacy technologies. Extended abstract of invited talk in Proceedings of the Information Security Summit, pp. 58–63 (2012). https://www.cosic.esat.kuleuven.be/publications/article-2215.pdf
European Commission: Communication from the commission to the European parliament and the council on promoting data protection by privacy enhancing technologies (PETs) COM/2007/0228 final (2007). http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:52007DC0228
European Commission: Communication from the commission to the European parliament, the council, the economic and social committee and the committee of the regions: a comprehensive approach on personal data protection in the European union COM(2010) 609 final (2010). http://ec.europa.eu/justice/news/consulting_public/0006/com_2010_609_en.pdf
European Commission: Communication from the commission to the European parliament, the council and the european economic and social committee: security industrial policy action plan for an innovative and competitive security industry brussels. COM(2012) 417 final (2012). http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.C_.2013.076.01.0037.01.ENG
European Commission: Implementing decision of 20.1.2015 on a standardisation request to the European standardisation organisations as regards European standards and European standardisation deliverables for privacy and personal data protection management pursuant to article 10(1) of regulation (EU) No 1025/2012 of the European parliament and of the council in support of directive 95/46/EC of the European parliament and of the council and in support of union’s security industrial policy, M530 102 final (2015). http://ec.europa.eu/growth/tools-databases/mandates/index.cfm?fuseaction=search.detail&id=548
Gürses, F.S.: Multilateral privacy requirements analysis in online social network services. KU Leuven, Department of Computer Science: Ph.D. Dissertation (2010). https://www.cosic.esat.kuleuven.be/publications/thesis-177.pdf
Gürses, S., Berendt, B.: PETs in the surveillance society: a critical review of the potentials and limitations of the privacy as confidentiality paradigm. In: Gutwirth, S., Poullet, De Hert, P. (eds.) Data Protection in a Profiled World. Dordrecht etc., S. 301–321 (2010)
Gürses, S., Troncoso, C., Diaz, C.: Engineering privacy by design. In: Conference on Computers, Privacy and Data Protection (CPDP 2011) (2011)
Hansen, M.: Verabschiedung von Dr. Thilo Weichert und Amtsantritt von Marit Hansen als Landesbeauftragte für Datenschutz Schleswig-Holstein. [Presentation on the occasion of Dr. Thilo Weichert taking leave and Marit Hansen taking office as the Data Protection Commissioner of the German Land Schleswig-Holstein] (2015). https://www.datenschutzzentrum.de/uploads/uld/verabschiedung-weichert/20150903_Hansen_Uebergang-LD_Langtag-Kiel.pdf
Jameson, A., Berendt, B., Gabrielli, S., Cena, F., Gena, C., Vernero, F., Reinecke, K.: Choice architecture for human-computer interaction. Found. Trends Hum.-Comput. Interact. 7(1–2), 1–235 (2014)
Koorn, R., van Gils, H., ter Hart, J., Overbook, P., Tellegen, R., Borking, J.: Privacy enhancing technologies: white paper for decision-makers. Ministry of Interior and Kingdom Relations, Directorate of Public Sector Innovation and Information Policy (2004). https://is.muni.cz/el/1433/podzim2005/PV080/um/PrivacyEnhancingTechnologies_KPMGstudy.pdf
Monreale, A., Rinzivillo, S., Pratesi, F., Giannotti, F., Pedreschi, D.: Privacy-by-design in big data analytics and social mining. EPJ Data Sci. 3, 10 (2014)
Phillips, D.J.: Privacy policy and PETs. New Media Soc. 6(6), 691–706 (2004)
Schaar, P.: Privacy by design. Identity Inf. Soc. 3(2), 267–274 (2010)
Tsormpatzoudi P., Coudert, F.: Chapter 3: legal perspective on privacy by design. In: Troncoso, C. (ed.) Pripare Deliverable D.5.1 State-of-Play: Current Practices and Solutions, pp. 22–27 (2014). http://pripareproject.eu/wp-content/uploads/2013/11/D5.1.pdf
Tsormpatzoudi, P., Coudert, F.: Chapter 3: gaps in the legal frameworks and lack of awareness. In: Le Métayer, D. (ed.) Pripare Deliverable D.5.2 Multilateral Gap Analysis: Identification of Research Gaps, pp. 23–36 (2015a)
Tsormpatzoudi, P., Coudert, F.: Technology providers‘responsibility in protection privacy…dropped from the sky? Paper presented at the Amsterdam Privacy Conference, Amsterdam, October 2015b
ULD: Sommerakademie Datenschutz durch Technik – Technik im Dienste der Grundrechte. [Summer Academy Data Protection by Technology – Technology at the Service of Fundamental Rights.] (1996). https://www.datenschutzzentrum.de/sommerakademie/1996/sa96prog.htm. Summarised in a report https://www.bfdi.bund.de/SharedDocs/Publikationen/Entschliessungssammlung/DSBundLaender/52DSK-KurzberichtZum_DatenschutzDurchTechnik_.pdf?__blob=publicationFile
van Rossem, H., Gardeniers, H., Borking, J., Cavoukian, A., Brans, J., Muttupulle, N., Magistrale, N.: Privacy-enhancing technologies, the path to anonymity. Volumes I and II. Registratiekamer, The Netherlands and Information and Privacy Commissioner, Ontario, Canada (1995). https://www.ipc.on.ca/english/Resources/Discussion-Papers/Discussion-Papers-Summary/?id=329 and https://www.ipc.on.ca/images/Resources/anoni-v2.pdf
Wuyts, K.: Privacy threats in software architectures. KU Leuven, Department of Computer Science: Ph.D. Dissertation (2015). https://lirias.kuleuven.be/bitstream/123456789/472921/1/wuyts2014_thesis_online.pdf
Acknowledgements
This paper was made possible by the funding of the PARIS project (PrivAcy pReserving Infrastructure for Surveillance), EU FP7, under Grant Agreement No: 312504, andof ENISA. We thank Marit Hansen, Dan Bogdanov, Matthias Pocs, David Stevens and Antonio Kung for their inspiring keynote, panel contributions, and discussions during the planning of the session, and the APF 2015 participants for their valuable arguments during the session.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Tsormpatzoudi, P., Berendt, B., Coudert, F. (2016). Privacy by Design: From Research and Policy to Practice – the Challenge of Multi-disciplinarity. In: Berendt, B., Engel, T., Ikonomou, D., Le Métayer, D., Schiffner, S. (eds) Privacy Technologies and Policy. APF 2015. Lecture Notes in Computer Science(), vol 9484. Springer, Cham. https://doi.org/10.1007/978-3-319-31456-3_12
Download citation
DOI: https://doi.org/10.1007/978-3-319-31456-3_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-31455-6
Online ISBN: 978-3-319-31456-3
eBook Packages: Computer ScienceComputer Science (R0)