Abstract
Privacy by design is often praised by lawyers as an essential step towards better privacy protection: in a world where privacy is more and more jeopardized by new information and communication technologies (ICT), the growing view is that part of the remedy should come from the technologies themselves. On the technological front, privacy enhancing technologies (PETs) have been an active research topic in computer science during the last decades and a variety of techniques have been proposed (including anonymizers, identity management systems, privacy proxies, encryption mechanisms, filters, etc.). One must admit however that the take-up of most of these techniques by consumers is still rather limited. The goal of this chapter is to review this gap between a toolset of available technologies and the still unrealized promises of privacy by design.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
PRIME: Privacy and Identity Management for Europe.
- 2.
PRIAM: Privacy and ambient intelligence.
- 3.
Anonymizers, identity management systems, privacy proxies, filters, etc. The interested reader can find a list of privacy tools published by EPIC (Electronic Privacy Information Center) at http://epic.org/privacy/tools.html.
- 4.
Cryptographic tools, key management systems, erasers, etc.
- 5.
“An individual PET tends to have a narrow field of application (e.g., encryption of email or blocking of cookies) such that a consumer who is seriously interested in safeguarding his/her privacy interests across many contexts has to learn and acquire multiple PETs from multiple organizations.”
- 6.
Standard security policies do not include provisions for “importing” rules associated with data coming from outside the system.
- 7.
Typically by providing more personal information than strictly required for the service, or disclosing data without any simple way to exercise legal rights such as access or rectification.
- 8.
This option is also mentioned by the European Commission in its first report on the implementation of the Data Protection Directive 95/46/EC (European Commission 2003).
- 9.
http://www.commoncriteriaportal.org/.
- 10.
https://www.european-privacy-seal.eu/.
- 11.
A striking and worrying example is the dramatic increase of complaints received by data protection authorities concerning young job seekers suffering from discriminations linked to their past activities on social networks.
- 12.
A review of relevant opinion polls can be found on the EPIC web site at http://epic.org/privacy/survey/#polls.
- 13.
As shown in (Grossklags and Acquisti 2009), “privacy legislation and privacy self-regulation are not interchangeable means to balancing the informational needs and goals of different entities”.
References
Agrawal, R., J. Kiernan, R. Srikant, and Y. Xu. 2002. Hippocratic databases. In Proceedings of the 28th international conference on very large data bases (VLDB 2002), eds. P.A. Bernstein, Y.E. Ioannidis, R. Ramakrishnan, and D. Papadias, 143–154. Hong Kong: VLDB Endowment.
Anciaux, N., M. Benzine, L. Bouganim, K. Jacquemin, P. Pucheral, and S. Yin. 2008. Restoring the patient control over her medical history. In Proceedings of the 21st IEEE international symposium on computer-based medical systems, eds. N. Anciaux, M. Benzine, L. Bouganim, K. Jacquemin, P. Pucheral, and S. Yin, 132–137. Washington, DC: IEEE Computer Society.
Bock, K. 2008. An approach to strengthen user confidence through privacy certification. Datenschutz and Datensicherheit—DuD 32 (9): 610–614.
Bygrave, L.A. 2002. Privacy-enhancing technologies: Caught between a rock and the hard place. Privacy Law and Policy Reporter 9: 135–137.
Cavoukian, A. 2008. Privacy and radical pragmatism: Change the paradigm. White Paper. Information and Privacy Commissioner of Ontario, Canada.
CC. 2006. The common criteria for information technologies security evaluation, CC V3.1, Part 1: Introduction and general model. CCMB-2006-09-001.
Deswarte, Y., C. Aguilar Melchor. 2006. Current and future privacy enhancing technologies for the internet. Annales des télécommunications 61 (3–4): 399–417.
Directive 95/46/EC. 1995. Directive 95/46/EC of the European Parliament and of the Council of the 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. Official Journal L281(23/11/1995): 31–50.
Dommering, E., and L. Asscher, eds. 2006. Coding regulation: Essays on the normative role of information technology. The Hague: T.M.C. Asser Press.
European Commission. 2003. First report on the implementation of the Data Protection Directive 95/46/EC. COM (2003) 265, May 2003.
Goldberg, I. 2003. Privacy-enhancing technologies for the Internet, II: Five years later. In Proceedings of the workshop on privacy enhancing technologies. Lecture Notes in Computer Science (LNCS), vol. 2482. Heidelberg: Springer.
Grossklags, J., and A. Acquisti. 2009. When 25 cents is too much: An experiment on willingness-to-sell and willingness-to-protect personal information. Working paper.
Gürses, S. 2009. Circumscribing PETs. In Proceedings of the conference on privacy and data protection, (CPDP 2009). Heidelberg: Springer.
Hildebrandt, M., and S. Gutwirth. eds. 2008. Profiling the European citizen. Dordrecht: Springer.
ISTPA. 2002. Privacy framework, version 1.1. International Security, Trust and Privacy Alliance.
Jacobs, B. 2009. Architecture is politics: Security and privacy issues in transport and beyond. In Proceedings of the conference on privacy and data protection, (CPDP 2009). Heidelberg: Springer.
De Jonge, W., and B. Jacobs. 2008. Privacy-friendly electronic traffic pricing via commits. In Proceedings of the workshop of Formal Aspects of Securiy and Trust (FAST 2008). Lecture Notes in Computer Science (LNCS), vol. 5491. Heidelberg: Springer.
Kalloniatis, C., E. Kavakli, and S. Gritzalis. 2008. Addressing privacy requirements in system design: The PriS method. Requirements Engineering 13 (3): 241–255.
Karat, J., C. Karat, C. Brodie, and J. Feng. 2005. Designing natural language and structured entry methods for privacy policy authoring. In Proceedings of the 10th IFIP TC13 international conference of human-computer interaction. Berlin: Springer.
Kosta, E., J. Zibuschka, T. Scherner, and J. Dumortier. 2008. Legal considerations on privacy-enhancing location based services using PRIME technology. Computer Law and Security Report 24: 139–146.
Langheinrich, M. 2001. Privacy by design: Principles of privacy aware ubiquitous systems. In Proceedings of the Ubicomp conference, 273–291. Lecture Notes in Computer Science (LNCS), vol. 2201. London: Springer.
Le Métayer, D. 2009. A formal privacy management framework. Proceedings of the workshop of formal aspects of securiy and trust (FAST 2008), 162–176. Lecture Notes in Computer Science (LNCS), vol. 5491. Berlin: Springer.
Lessig, L. 1999. Code and other laws in cyberspace. New York: Basic Books.
OECD. 1980. OECD guidelines on the protection of privacy and transborder flows of personal data. Organization for Economic Co-operation and Development.
Poullet, Y. 2006. The Directive 95/46/EC: Ten years after. Computer Law and Security Report 22 (3): 206–217.
Poullet, Y. 2009. About the e-Privacy directive, towards a third generation of data protection legislations. In Proceedings of the conference on privacy and data protection, (CPDP 2009). Heidelberg: Springer.
Rezgui, A., A. Bouguettaya, and M.Y. Eltoweissy. 2003. Privacy on the web: Facts, challenges, and solutions. IEEE Security and Privacy 1 (6): 40–49.
Rouvroy, A. 2008. Privacy, data protection, and the unprecedented challenges of ambient intelligence. Studies in Law, Ethics and Technology 2 (1): 1–51.
Rouvroy, A., and Y. Poullet. 2009. The right to informational self-determination and the value of self-development. Reassessing the importance of privacy for democracy. In Proceedings of the conference reinventing data protection. Dordrecht: Springer.
Tynan, D. 2007. The privacy market has many sellers, but few buyers. Wired.com. http://www.wired.com/print/techbiz/startups/news/2007/09/privacy.
WP29. 2006. Article 29 Data Protection Working Party, 1611/06/EN, WP 126, Opinion 8/2006 on the review of the regulatory framework for Electronic Communications and Services, with focus on the e-Privacy Directive. Adopted on 26 September.
WP29. 2009. Article 29 Data Protection Working Party, 00350/09/EN, WP 159, Opinion 1/2009 on the proposals amending Directive 2002/58/EC on privacy and electronic communications (e-Privacy Directive). Adopted on 10 February.
Acknowledgements
This work has been partially funded by ANR (Agence Nationale de la Recherche) under the grant ANR-07-SESU-005 (project FLUOR).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer Science+Business Media B.V.
About this chapter
Cite this chapter
Le Métayer, D. (2010). Privacy by Design: A Matter of Choice. In: Gutwirth, S., Poullet, Y., De Hert, P. (eds) Data Protection in a Profiled World. Springer, Dordrecht. https://doi.org/10.1007/978-90-481-8865-9_20
Download citation
DOI: https://doi.org/10.1007/978-90-481-8865-9_20
Published:
Publisher Name: Springer, Dordrecht
Print ISBN: 978-90-481-8864-2
Online ISBN: 978-90-481-8865-9
eBook Packages: Humanities, Social Sciences and LawLaw and Criminology (R0)