Abstract
The new EU Data Protection Directive (DPD), approved by the EU Parliament acknowledges the need of Data Protection by Design and by Default in order to protect the rights and freedoms of data subjects with regard to the processing of personal data. PRIPARE confronts the lack of a truly engineering approach for these concepts by providing a methodology that merges state-of-the-art approaches (e.g. Privacy Impact Assessment and Risk management) and complements them with new processes that cover the whole lifecycle of both, personal data and development of ICT systems.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
- 2.
- 3.
“Protecting privacy by minimizing trust” is an on-going work from some of PRIPARE partners that will be published in the future.
- 4.
- 5.
References
United Nations General Assembly: The Universal Declaration of Human Rights, Paris (1948)
United Nations General Assembly: The right to privacy in the digital age. Resolution A/C.3/68/L.45/Rev.1
Cavoukian, A.: 7 Foundational Principles of Privacy by Design. Information & Privacy Commissioner, Ontario, Canada
European Data Protection Supervisor (EDPS): Opinion of the European Data Protection Supervisor on Promoting Trust in the Information Society by Fostering Data Protection and Privacy (2010)
Article 29 Data Protection Working Party: Opinion 01/2012 Opinion 01/2012 on the data protection reform proposals, March 2012
RFID Industry, Privacy and Data Protection Impact Assessment Framework for RFID Applications, January 2011
Camenisch, J., Leenes, R., Sommer, D.: Digital Privacy: PRIME-Privacy and Identity Management for Europe. Springer-Verlag New York Inc., New York (2011)
Privacy by Design: “PbD based RFID PIA”. http://www.privacybydesign.ca/index.php/pbd-based-rfid-pia/
Linden Consulting Inc.: Privacy Impact Assessments: International Study of their Application and Effects, Information Commissioner’s Office, UK (2007)
Wright, D.: The state of the art in privacy impact assessment. Comput. Law Secur. Rev. 28(1), 54–61 (2011)
Flaherty, D.: Privacy Impact Assessments: An Essential Tool for Data Protection, Canada (2000)
Cavoukian, A.: Privacy risk management: building privacy protection into a risk management framework to ensure that privacy risks are managed by default. In: Information and Privacy Commissioner, Ontario, Canada, p. 12 (2010)
European Commission, INOFFICIAL CONSOLIDATED VERSION AFTER LIBE COMMITTEE VOTE PROVIDED BY THE RAPPORTEUR Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation), Brussels, 22 October 2013
European Parliament and the Council, Directive 95/46/EC of 24.10.1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, OJ L 281, 23 November 1995
International Organization for Standardization (ISO): Information technology – Security techniques – Privacy framework, ISO/IEC 29100:2011, First edition, Geneva, 15 December 2011
International Organization for Standardization (ISO): Information technology – Security techniques – Evaluation criteria for IT security, ISO/IEC 15408-2, First edition, Geneva, 1 December 1999
Organization for the Advancement of Structured Information Standards (OASIS): Privacy Management Reference Model and Methodology (PMRM), Version 1.0. July 2013
European Data Protection Supervisor (EDPS): European Data Protection Supervisor Glossary. https://secure.edps.europa.eu/EDPSWEB/edps/EDPS/Dataprotection/Glossary
Article 29 Working Party. http://ec.europa.eu/justice/data-protection/article-29/
Finn, R., Wright, D., Friedewald, M.: Seven types of privacy. In: Gutwirth, S., Poullet, Y., et al. (eds.) European Data Protection: Coming of Age. Springer, Dordrecht (2013)
Rubinstein, I., Good, N.: Privacy by design: a counterfactual analysis of google and facebook privacy incidents. Berkeley Technol. Law J. 28(2), 1333–1414 (2011)
Wright, D.: Making privacy impact assessment more effective. Inf. Soc. Int. J. 29(5), 307–315 (2013)
European Commission - Directorate General Justice: Recommendations for a privacy impact assessment framework for the European Union, Brussels – London, November 2012
Spiekermann, S.: The challenges of privacy by design. Commun. ACM 55(7), 38–40 (2012)
Gürses, S.F., Troncoso, C., Diaz, C.: Engineering privacy by design. In: Computers, Privacy & Data Protection (2011)
Guagnin, D., Hempel, L., Ilten, C., Kroener, I., Neyland, D., Postigo, H. (eds.): Managing Privacy through Accountability. Palgrave Macmillan, Basingstoke (2012)
OECD, OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data
OWASP Application Security Principles. https://www.owasp.org/index.php/Category:Principle
Organization for the Advancement of Structured Information Standards (OASIS): Privacy by Design Documentation for Software Engineers
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Notario, N. et al. (2014). PRIPARE: A New Vision on Engineering Privacy and Security by Design. In: Cleary, F., Felici, M. (eds) Cyber Security and Privacy. CSP 2014. Communications in Computer and Information Science, vol 470. Springer, Cham. https://doi.org/10.1007/978-3-319-12574-9_6
Download citation
DOI: https://doi.org/10.1007/978-3-319-12574-9_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-12573-2
Online ISBN: 978-3-319-12574-9
eBook Packages: Computer ScienceComputer Science (R0)