Abstract
Finding suitable ways to handle personal data in conformance with the law is challenging. The European General Data Protection Regulation (GDPR), enforced since May 2018, makes it mandatory to citizens and companies to comply with the privacy requirements set in the regulation. For existing systems the challenge is to be able to show evidence that they are already complying with the GDPR, or otherwise to work towards compliance by modifying their systems and procedures, or alternatively reprogramming their systems in order to pass the eventual controls. For those starting new projects the advice is to take privacy into consideration since the very beginning, already at design time. This has been known as Privacy by Design (PbD). The main question is how much privacy can you effectively achieve by using PbD, and in particular whether it is possible to achieve Privacy by Construction. In this paper I give my personal opinion on issues related to the ambition of achieving Privacy by Construction.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Technically, the individual or companies we are taken data from/about are called data subjects, and those handling the data are the data controllers.
- 2.
- 3.
In the rest of the paper we will use the acronyms PbD for Privacy by Design.
- 4.
Former Information & Privacy Commissioner of Ontario (Canada).
- 5.
PET: Privacy-Enhancing Technologies.
- 6.
The report is from 2014, but to the best of our knowledge the advances in the area have not yet produced mature tools as to be used by industry.
- 7.
Some of the arguments of our paper are very much along the same line as the ones presented in [6]. In particular, the identification of the difficulty to represent purpose at the programming language level.
- 8.
The report stresses a few times the privacy is much wider than technology (social, legal, political, etc.) but the focus on the discussion here is on the (software-based) technological side only.
- 9.
- 10.
The GDPR [21] is very explicit on that consent should be given freely, in an informed and unambiguous way, and that it should cover all processing activities carried out for the same purpose. A separate consent should be given for each separate purpose.
- 11.
An example of such a (limited) mechanism is given in [32] for photo sharing in social networks by using a combination of sticky policies with attribute-based encryption. The mechanism works by encrypting parts of the picture so only allowed users can see what they are supposed to, but if somebody has permission to download the picture to the local disk, there is no way to enforce the sticky policy after that. Since the enforcement mechanism (encryption/decryption, permission checking, etc.) is only done in a particular application platform (Diaspora [19]), the user could forward the decrypted picture to anyone else if she has permission to download it.
- 12.
It is stipulated that non-compliance might imply fines up to €20 million or 4% of the annual turnover of the company.
References
Antignac, T., Le Métayer, D.: Privacy by design: from technologies to architectures. In: Preneel, B., Ikonomou, D. (eds.) APF 2014. LNCS, vol. 8450, pp. 1–17. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-06749-0_1
Antignac, T., Sands, D., Schneider, G.: Data minimisation: a language-based approach. In: De Capitani di Vimercati, S., Martinelli, F. (eds.) SEC 2017. IAICT, vol. 502, pp. 442–456. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-58469-0_30
Antignac, T., Scandariato, R., Schneider, G.: A privacy-aware conceptual model for handling personal data. In: Margaria, T., Steffen, B. (eds.) ISoLA 2016. LNCS, vol. 9952, pp. 942–957. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-47166-2_65
Antignac, T., Scandariato, R., Schneider, G.: Privacy compliance via model transformations. In: International Workshop on Privacy Engineering (IWPE 2018), IEEE EuroS&P Workshops, pp. 120–126. IEEE (2018)
Aziza, B.: Facebook privacy scandal hearings: What you missed. Appeared at Forbes online, April 2018. https://www.forbes.com/sites/ciocentral/2018/04/16/facebook-privacy-scandal-hearings-what-you-missed/#9a41af57ab9c. Accessed 16 May 2018
Basin, D., Debois, S., Hildebrandt, T.: On purpose and by necessity: compliance under the GDPR. In: Twenty-Second International Conference on Financial Cryptography and Data Security (2018, to appear)
BBC News: Google loses ‘right to be forgotten’ case, April 2018. http://www.bbc.com/news/technology-43752344?SThisFB. Accessed 14 Apr 2018
Bonakdarpour, B., Sanchez, C., Schneider, G.: Monitoring Hyperproperties by combining static analysis and runtime verification. In: Margaria, T., Steffen, B. (eds.) ISoLA 2018. LNCS, vol. 11244, pp. 8–27. Springer, Cham (2018)
Byun, J., Bertino, E., Li, N.: Purpose based access control of complex data for privacy protection. In: 10th ACM Symposium on Access Control Models and Technologies (SACMAT 2005), pp. 102–110. ACM (2005). https://doi.org/10.1145/1063979
Cadwalladr, C., Graham-Harrison, E.: Revealed: 50 million facebook profiles harvested for cambridge analytica in major data breach. Appeared at The Guardian, March 2018. https://www.theguardian.com/news/2018/mar/17/cambridge-analytica-facebook-influence-us-election. Accessed 16 May 2018
Castelluccia, C., Cunche, M., Le Métayer, D., Morel, V.: Enhancing transparency and consent in the IoT. In: EuroS&P Workshops 2018, pp. 116–119 (2018)
Cavoukian, A.: Privacy by design: The 7 foundational principles (2009)
Cavoukian, A.: Privacy by design: Origins, meaning, and prospects. Privacy Protection Measures and Technologies in Bus. Org.: Aspects and Standards 170 (2011)
Cheney, J., Chiticariu, L., Tan, W.C.: Provenance in databases: why, how, and where. Found. Trends Databases 1(4), 379–474 (2009)
Chong, S., Myers, A.C.: Language-based information erasure. In: Proceedings of the 18th IEEE Workshop on Computer Security Foundations, CSFW 2005, pp. 241–254. IEEE Computer Society (2005)
Colesky, M., Hoepman, J., Hillen, C.: A critical analysis of privacy design strategies. In: IEEE Security and Privacy Workshops, pp. 33–40. IEEE Computer Society (2016). http://ieeexplore.ieee.org/xpl/mostRecentIssue.jsp?punumber=7517741
Constine, J.: A flaw-by-flaw guide to facebook’s new GDPR privacy changes, April 2018. https://techcrunch.com/2018/04/17/facebook-gdpr-changes
Danezis, G., et al.: Privacy and data protection by design. ENISA Report, January 2015
Diaspora: Diaspora (2016). https://joindiaspora.com
European Commission: Proposal for a General Data Protection Regulation. Codecision legislative procedure for a regulation 2012/0011 (COD), European Commission, Brussels, Belgium, January 2012
European Commission: General Data Protection Regulation (GDPR). Regulation 2016/679, European Commission, Brussels, Belgium, April 2016
Ferrara, P., Spoto, F.: Static analysis for GDPR compliance. In: ITASEC 2018, CEUR Workshop Proceedings, vol. 2058. CEUR-WS.org (2018)
Gürses, S., Troncoso, C., Diaz, C.: Engineering privacy by design (2011)
Gürses, S., Troncoso, C., Diaz, C.: Engineering privacy by design reloaded (2015)
Hert, P.D., Papakonstantinou, V.: The new general data protection regulation: still a sound system for the protection of individuals? Comput. Law Secur. Rev. 32(2), 179–194 (2016)
Hoepman, J.-H.: Privacy design strategies. In: Cuppens-Boulahia, N., Cuppens, F., Jajodia, S., Abou El Kalam, A., Sans, T. (eds.) SEC 2014. IAICT, vol. 428, pp. 446–459. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-55415-5_38
Kiss, J.: Google admits collecting wi-fi data through street view cars. The Guardian, May 2010. https://www.theguardian.com/technology/2010/may/15/google-admits-storing-private-data
Lazouski, A., Martinelli, F., Mori, P.: Usage control in computer security: a survey. Comput. Sci. Rev. 4(2), 81–99 (2010)
Le Métayer, D.: Privacy by design: a formal framework for the analysis of architectural choices. In: CODASPY 2013, pp. 95–104. ACM (2013)
Notario, N., et al.: PRIPARE: a new vision on engineering privacy and security by design. In: Cleary, F., Felici, M. (eds.) CSP 2014. CCIS, vol. 470, pp. 65–76. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-12574-9_6
Pearson, S., Mont, M.C.: Sticky policies: an approach for managing privacy across multiple parties. IEEE Comput. 44(9), 60–68 (2011)
Picazo-Sanchez, P., Pardo, R., Schneider, G.: Secure photo sharing in social networks. In: De Capitani di Vimercati, S., Martinelli, F. (eds.) SEC 2017. IAICT, vol. 502, pp. 79–92. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-58469-0_6
Pinisetty, S., Antignac, T., Sands, D., Schneider, G.: Monitoring data minimisation. Technical report (2018). http://arxiv.org/abs/1801.02484
Pinisetty, S., Sands, D., Schneider, G.: Runtime verification of hyperproperties for deterministic programs. In: 6th Conference on Formal Methods in Software Engineering (FormaliSE@ICSE 2018), pp. 20–29. ACM (2018)
Schaefer, I., Runge, T., Knüppel, A., Cleophas, L., Kourie, D., Watson, B.W.: Towards confidentiality-by-construction. In: Margaria, T., Steffen, B. (eds.) ISoLA 2018. LNCS, vol. 11244, pp. 502–515. Springer, Cham (2018)
Spiekermann, S.: The challenges of privacy by design. Commun. ACM 55(7), 38–40 (2012). https://doi.org/10.1145/2209249.2209263
Spiekermann, S., Cranor, L.F.: Engineering privacy. IEEE Trans. Softw. Eng. 35(1), 67–82 (2009)
Del Tedesco, F., Hunt, S., Sands, D.: A semantic hierarchy for erasure policies. In: Jajodia, S., Mazumdar, C. (eds.) ICISS 2011. LNCS, vol. 7093, pp. 352–369. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-25560-1_24
Del Tedesco, F., Russo, A., Sands, D.: Implementing erasure policies using taint analysis. In: Aura, T., Järvinen, K., Nyberg, K. (eds.) NordSec 2010. LNCS, vol. 7127, pp. 193–209. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-27937-9_14
Tsormpatzoudi, P., Berendt, B., Coudert, F.: Privacy by design: from research and policy to practice – the challenge of multi-disciplinarity. In: Berendt, B., Engel, T., Ikonomou, D., Le Métayer, D., Schiffner, S. (eds.) APF 2015. LNCS, vol. 9484, pp. 199–212. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-31456-3_12
Acknowledgements
I would like to thank Daniel Le Métayer for his valuable comments on an early draft of this paper, and Thibaud Antignac for all the fruitful discussions we have had on privacy by design. This research has been partially supported by the Swedish Research Council (Vetenskapsrådet) under grant Nr. 2015-04154 (PolUser: Rich User-Controlled Privacy Policies).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Schneider, G. (2018). Is Privacy by Construction Possible?. In: Margaria, T., Steffen, B. (eds) Leveraging Applications of Formal Methods, Verification and Validation. Modeling. ISoLA 2018. Lecture Notes in Computer Science(), vol 11244. Springer, Cham. https://doi.org/10.1007/978-3-030-03418-4_28
Download citation
DOI: https://doi.org/10.1007/978-3-030-03418-4_28
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-03417-7
Online ISBN: 978-3-030-03418-4
eBook Packages: Computer ScienceComputer Science (R0)