A Strategy for Operationalizing Privacy by Design

Recent controversies surrounding privacy have sparked a move by regulators toward the idea of privacy by design (PbD), a concept pioneered by Ontario Information and Privacy Commissioner Ann Cavoukian. Industry has also started to recognize the importance of taking privacy seriously, with various PbD corporate initiatives currently underway. However, some commentators have criticized PbD for being too vague. Using three case studies and a range of best practice examples of PbD, privacy impact assessments (PIAs), and privacy-enhancing technologies (PETs), this article addresses the gap between the abstract principles of PbD and their operationalization into more concrete implementation guidelines for software engineers.

[1]  A. Cavoukian Operationalizing Privacy by Design: A Guide to Implementing Strong Privacy Practices , 2012 .

[2]  Charles D. Raab The Meaning of 'Accountability' in the Information Privacy Context , 2012, Managing Privacy through Accountability.

[3]  Peter Schaar,et al.  Privacy by Design , 2010 .

[4]  Richard A Spinello,et al.  The end of privacy. , 1997, America.

[5]  David Krebs 'Privacy by Design': Nice-to-Have or a Necessary Principle of Data Protection Law? , 2013 .

[6]  P. Hustinx Privacy by design: delivering the promises , 2010 .

[7]  陈珍成 ISO/IEC 27001:2005标准:最新全球信息安全武器 , 2006 .

[8]  Colin J. Bennett,et al.  Visions of Privacy: Policy Choices for the Digital Age , 1999 .

[9]  Jaap-Henk Hoepman,et al.  Open-source intelligence and privacy by design , 2013, Comput. Law Secur. Rev..

[10]  Colin J. Bennett The Accountability Approach to Privacy and Data Protection , 2012 .

[11]  国立大学法人お茶の水女子大学 Annual Report 2011 -個人別教育研究報告- , 2012 .

[12]  Ira S. Rubinstein,et al.  Privacy by Design: A Counterfactual Analysis of Google and Facebook Privacy Incidents , 2012 .

[13]  Dirk Van Rooy,et al.  Trust and privacy in the future internet—a research perspective , 2010 .

[14]  Ann Cavoukian,et al.  Privacy by design: the definitive workshop. A foreword by Ann Cavoukian, Ph.D , 2010 .

[15]  A. Cavoukian,et al.  Privacy by Design: essential for organizational accountability and strong business practices , 2010 .

[16]  Colin J. Bennett,et al.  The Governance of Privacy: Policy Instruments in Global Perspective , 2006 .

[17]  R. Mulgan 'Accountability': an ever-expanding concept? , 2000 .

[18]  Daniel Le Métayer Privacy by Design: A Matter of Choice , 2010, Data Protection in a Profiled World.

[19]  Daniel Neyland,et al.  Managing Privacy through Accountability , 2012 .

[20]  Sarah Spiekermann,et al.  The challenges of privacy by design , 2012, Commun. ACM.

[21]  Dear Mr Sotiropoulos ARTICLE 29 Data Protection Working Party , 2013 .

[22]  Michael Friedewald,et al.  Seven Types of Privacy , 2013, European Data Protection.

[23]  David Wright Making Privacy Impact Assessment More Effective , 2013, Inf. Soc..

[24]  Colin J. Bennett The Accountability Approach to Privacy and Data Protection: Assumptions and Caveats , 2012, Managing Privacy through Accountability.

[25]  Carmela Troncoso,et al.  Engineering Privacy by Design , 2011 .

[26]  William Bülow,et al.  Nothing to Hide : The False Tradeoff between Privacy and Security by Daniel J. Solove , 2012 .

[27]  David Wright,et al.  The state of the art in privacy impact assessment , 2012, Comput. Law Secur. Rev..