Abstract
Informational privacy (self-determination) faces continuous and evolving threats as a consequence of technological, legal, and cultural factors. Approaches to preserving and promoting informational privacy must also evolve with changing contexts and threats.Privacy by Design Foundational Principles are a response to this evolving need. They build upon, and extend, universal Fair Information Practice principles by emphasizing proactive leadership, systemic and verifiable methods, and demonstrable, practical results. Whether applied to information technologies, organizational processes, or networked system architectures,Privacy by Design Foundational Principles serve as a framework for developing specific engineering controls and best practices.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
International Conference of Data Protection and Privacy Commissioners (2010). Privacy by Design Resolution, adopted at Jerusalem, Israel, October 27–29, 2010.
- 2.
See “EU Commission proposes a comprehensive reform of the data protection rules” (January 25, 2012) athttp://ec.europa.eu/justice/newsroom/data-protection/news/120125_en.htm and “FTC Issues Final Commission Report on Protecting Consumer Privacy”, Press Release, 26 March2012 atwww.ftc.gov/opa/2012/03/privacyframework.shtm
- 3.
I acknowledge that the terms “privacy” and “data protection” refer to differing but closely related concepts. I recognize that privacy is a much broader concept than data protection, with the latter term typically referring to an individual’s information rights, along with the legal structures that enable them and impose obligations on organizations that process personal data.Privacy by Design principles seek the highest possible global standard of privacy, but are agnostic with respect to specific legal privacy rights and obligations that may exist in any given jurisdiction. For some thoughtful discussions about privacy and data protection, and the distinctions between them, see Viktor Mayer-Schönberger (1997), Omer Tene (2010), Colette Cuijpers (2007), and András Jóri (2007).
- 4.
For an extended treatment ofPbD origins, see Ann Cavoukian (2012), “Privacy by Design: Origins, Meaning, and Prospects for Assuring Privacy and Trust in the Information Era,” inPrivacy Protection Measures and Technologies in Business Organizations: Aspects and Standards, ed. George O.M. Yee, 178–208 (Ottawa, Canada: Aptus Research Solutions Inc. and Carleton University).
- 5.
For a discussion, see Ann Cavoukian,Privacy in the Clouds,2008a.
- 6.
See Ann Cavoukian,Transformative Technologies Deliver Both Security and Privacy: Think Positive-Sum not Zero-Sum,2009b. (Accessed at:www.ipc.on.ca/images/Resources/trans-tech.pdf), andMoving Forward from PETs to PETs Plus: The Time for Change is Now,2009a (Accessed at:www.ipc.on.ca/images/Resources/petsplus_3.pdf).
- 7.
Ann Cavoukian (2002).
- 8.
Colin Bennett (2009).
- 9.
Tapscott and Cavoukian (2006).
- 10.
See Simone Fischer-Hübner et al., Online Privacy: Towards Informational Self-Determination on the Internet (“Dagstuhl Manifesto”),2011.
- 11.
- 12.
- 13.
- 14.
Examples include: AICPA/CICAPrivacy Maturity Model; ISO/IEC 29100:2011Information technology – Security techniques – Privacy framework (2010a).
- 15.
See Linden Consulting, Inc., Privacy Impact Assessments: International Study of their Application and Effects, prepared for Information Commissioner’s Office United Kingdom (2007).
- 16.
- 17.
- 18.
See International Security, Trust and Privacy Alliance (ISTPA)Privacy Framework v1.1 (2002); OASISPrivacy Management Reference Model 2.0 (2009); NIST 800-53Security and Privacy Controls for federal information systems and Organizations, Appendix J (Privacy Controls, Enhancements, and Supplemental Guidance) (2012).
- 19.
- 20.
See Ann Cavoukian and Tom Marinelli (2010) Privacy-Protective Facial Recognition: Biometric Encryption Proof of Concept.
- 21.
See IWGDPT (2011) Privacy by Design and Smart Metering: Minimize Personal Information to Maintain Privacy, Working Paper 675.43.18 and (2009) Report and Guidance on Road Pricing – “Sofia Memorandum” 675.38.12. and Carmel Troncoso et al. (2011) “PriPAYD: Friendly Pay-As-You-Drive Insurance”, inIEEE Transactions on Dependable and Secure Computing.
- 22.
- 23.
EuroPriSe European Privacy Seal awards atwww.european-privacy-seal.eu/awarded-seals.
- 24.
For example, Japan’sPrivacyMark, AICPA/CICA’sWebTrust, andEBTrust in Norway.
- 25.
See list of European Commission-funded projects, ICT Research in FP7, Research activities in trust, privacy and identity in the digital economy at:http://cordis.europa.eu/fp7/ict/security/projects_en.html.
- 26.
- 27.
- 28.
See PIA resources in Bibliography.
- 29.
Seewww.privacybydesign.ca for extensivePbD resources and case studies.
- 30.
- 31.
- 32.
International Working Group on Data Protection in Telecommunications [IWGDPT] (2008).
- 33.
Cavoukian (2008a).
- 34.
- 35.
NEC (2010).
- 36.
References
American Institute of Certified Public Accountants (AICPA) and Canadian Institute of Chartered Accountants (CICA). 2010a.Generally Accepted Privacy Principles (GAPP) and Criteria and the AICPA/CICA PRIVACY MATURITY MODEL Based On Generally Accepted Privacy Principles.http://bit.ly/ePrxwg andhttp://bit.ly/fQVes1, respectively. Accessed 13 Jan 2012.
American Institute of Certified Public Accountants (AICPA) and Canadian Institute of Chartered Accountants (CICA). 2010b.AICPA CICA Privacy Assessment Tool Version 2.0. http://tinyurl.com/cap7fsp. Accessed 12 Mar 2012.
Bennett, Colin J. 2009. International privacy standards: A continuing convergence.http://bit.ly/hBk3oX. Accessed 13 Jan 2012.
Cameron, Kim. 2005. The laws of identity, identity blog.http://bit.ly/eAHmWu. Accessed 13 Jan 2012.
Cameron, Kim, Posch Reinhard, and Rannenberg Kai. 2008. Proposal for a common identity framework: A user-centric identity metasystem.http://bit.ly/i6lAfE. Accessed 13 Jan 2012.
Canadian Internet Policy and Public Interest Clinic (CIPPIC). 2007. Approaches to security breach notification: A white paper.http://bit.ly/fqzEQ6. Accessed 13 Jan 2012.
Cavoukian, Ann, Information and Privacy Commissioner of Ontario, Canada
Cavoukian, Ann. 2002. Security technologies enabling privacy (STEPs): Time for a paradigm shift. Office of the Information and Privacy Commissioner of Ontario, Canada.http://bit.ly/fjpfrt. Accessed 13 Jan 2012.
Cavoukian, Ann. 2008a. Privacy in the Clouds,Identity in the Information Society, 1: 89–108. 2008. And Privacy in the clouds: Privacy and digital identity: Implications for the Internet. Office of the Information and Privacy Commissioner of Ontario, Canada.http://bit.ly/gWH3cu andhttp://bit.ly/gWuD7V, respectively. Accessed 13 Jan 2012.
Cavoukian, Ann. 2008b. Privacy & radical pragmatism: Change the paradigm. Office of the Information and Privacy Commissioner of Ontario, Canada.http://bit.ly/h1MT9W. Accessed 13 Jan 2012.
Cavoukian, Ann. 2008c. RFID and privacy: Guidance for health-care providers. Office of the Information and Privacy Commissioner of Ontario, Canada.http://bit.ly/Oj6CDn. Accessed 13 Jan 2012.
Cavoukian, Ann. 2009a. Moving forward from PETs to PETs plus: The time for change is now. Office of the Information and Privacy Commissioner of Ontario, Canada.http://bit.ly/fkeHt8. Accessed 13 Jan 2012.
Cavoukian, Ann. 2009b. Transformative technologies deliver both security and privacy: Think positive-sum not zero-sum. Office of the Information and Privacy Commissioner of Ontario, Canada.http://bit.ly/dTi0jh. Accessed 13 Jan 2012.
Cavoukian, Ann. 2009c. Privacy and government 2.0: The implications of an open world. Office of the Information and Privacy Commissioner of Ontario, Canada.http://bit.ly/f7kHAn. Accessed 13 Jan 2012.
Cavoukian, Ann. 2009d. A discussion paper on privacy externalities, security breach notification and the role of independent oversight. Office of the Information and Privacy Commissioner of Ontario, Canada.http://bit.ly/gdtufG. Accessed 13 Jan 2012.
Cavoukian, Ann. 2009e.Adding an on/off device to activate the RFID in enhanced driver’s licences: Pioneering a made-in-Ontario Transformative Technology that delivers both privacy and security. Canada: Office of the Information and Privacy Commissioner of Ontario.http://bit.ly/fbSbpl. Accessed 13 Aug 2012.
Cavoukian, Ann. 2009, rev. 2011.Privacy by Design: The 7 foundational principles. Office of the Information and Privacy Commissioner of Ontario, Canada.http://bit.ly/gwzJgw. Accessed 13 Jan 2012.
Cavoukian, Ann. 2012.Privacy by Design: Origins, meaning, and prospects for assuring privacy and trust in the information era. InPrivacy protection measures and technologies in business organizations: Aspects and standards, George O.M. Yee, ed. Ottawa: Aptus Research Solutions Inc. and Carleton University. doi:10.4018/978-1-61350-501-4, ISBN13: 9781613505014, ISBN10: 1613505019, EISBN13: 9781613505021.
Cavoukian, Ann. (Joint Publications)
Cavoukian, Ann, and Tapscott, Don. 2006. Privacy and the open-networked enterprise. Office of the Information and Privacy Commissioner of Ontario, Canada.http://bit.ly/eTdiya. Accessed 13 Jan 2012.
Cavoukian, Ann, and McQuay, Terry. 2010. A pragmatic approach to privacy risk optimization:Privacy by Design for business practices.Identity in the Information Society 3: 405–413.http://bit.ly/hC7hED. Accessed 13 Jan 2012.
Cavoukian, Ann, Abrams Marty, and Taylor Scott. 2010.Privacy by Design: Essential for organizational accountability and strong business practices.Identity in the Information Society 3: 405–413.http://bit.ly/dOJYOc. Accessed 13 Jan 2012.
Cavoukian, Ann, and Marinelli Tom. 2010 Privacy-protective facial recognition: Biometric encryption proof of concept.http://tinyurl.com/dxhh5x6. Accessed 14 Mar 2012.
Centre for Information Policy Leadership (CIPL) as Secretariat to the “Galway” and “Paris” Projects
CIPL. 2009. Data protection accountability: The essential elements: A document for discussion.http://1.usa.gov/hvlZcD. Accessed 13 Jan 2012.
CIPL. 2010. Demonstrating and measuring accountability a discussion document accountability Phase II – The Paris Project.http://bit.ly/gRFrob. Accessed 13 Jan 2012.
Cuijpers, Colette. 2007. A private law approach to privacy; Mandatory Law, 4:4 SCRIPTed 318.www.law.ed.ac.uk/ahrc/script-ed/vol4-4/cuijpers.asp. Accessed 14 Mar 2012.
European Commission (EC)
EC. 2009. The future of privacy: Joint contribution to the Consultation of the European Commission on the legal framework for the fundamental right to protection of personal data, Article 29 Data Protection Working Party, WP 168.http://bit.ly/gWJ56l. Accessed 13 Jan 2012.
EC. 2010a. Communication from the commission to the European parliament, the council, the economic and social committee and the committee of the regions: A comprehensive approach on personal data protection in the European Union. Technical report.http://bit.ly/grpr4w. Accessed 13 Jan 2012.
EC. 2010b. Study on the economic benefits of privacy-enhancing technologies, Final Report to The European Commission, DG Justice, Freedom and Security.http://bit.ly/heQNQT. Accessed 13 Jan 2012.
EC. 2010c. Opinion 3/2010 on the principle of accountability, Article 29 Data Protection Working Party, WP 173.http://bit.ly/eEFeaq. Accessed 13 Jan 2012.
EC. 2012. EU Commission proposes a comprehensive reform of the data protection rules, Press Release, DG Justice.http://tinyurl.com/7bylsks. Accessed 26 Mar 2012.
European Network and Information Security Agency (ENISA). 2009. Privacy and e-ID: Press release and position paper.http://bit.ly/dNNRD6. Accessed 13 Jan 2012.
Fischer-Hübner, Simone, Hoofnagle Chris, Rannenberg Kai, Waidner Michael, Krontiris Ioannis, and Marhöfer Michael. 2011. Online privacy: Towards informational self-determination on the Internet. Dagstuhl Perspectives Workshop 11061. doi:10.4230/DagRep.1.2.1.http://drops.dagstuhl.de/opus/volltexte/2011/3151/. Accessed 17 Jun 2011.
Ford, R. 2004. Beware rise of Big Brother state, warns data watchdog.The Times 16 August 2004.http://thetim.es/hw1abr. Accessed 12 Dec 2012.
International Conference of Privacy and Data Protection Commissioners (ICPDPC)
ICPDPC. 2010.Privacy by Design resolution, adopted at Jerusalem, Israel, October 27–29, 2010.http://bit.ly/fffv0l. Accessed 13 Jan 2012.
International Working Group on Data Protection in Telecommunications (IWGDPT)
András Jóri. 2007. Data protection law – An introduction.www.dataprotection.eu/pmwiki/pmwiki.php?n=Main.Privacy. Accessed on 14 Mar 2012.
IWGDPT. 2008. Report and guidance on privacy in social network services – Rome Memorandum, 675.36.5.http://bit.ly/er5SjW. Accessed 13 Jan 2012.
IWGDPT. 2009. Report and guidance on road pricing – Sofia Memorandum, 675.38.12.http://www.datenschutz-berlin.de/attachments/647/WP_Road_Pricing_Final_675.38.12.pdf. Accessed 14 Mar 2012.
IWGDPT. 2011.Privacy by Design and smart metering: Minimize personal information to maintain privacy. Working Paper 675.43.18.www.datenschutz-berlin.de/attachments/842/675.43.18_WP_Privacy_and_Smart_Metering.pdf. Accessed 14 Mar 2012.
Mayer-Schönberger, Viktor. 1997. Generational development of data protection in Europe. InTechnology and privacy: The new landscape, ed. Philip Agre and Marc Rotenberg, 219–41. Cambridge, MA: MIT Press.
Office of the Information and Privacy Commissioner of Ontario, Canada. (Joint Publications)
Office of the Information and Privacy Commissioner of Ontario, Canada, NEC Computing. 2010. Modelling cloud computing architecture without compromising privacy: APrivacy by Design approach. Office of the Information and Privacy Commissioner of Ontario, Canada.http://bit.ly/fqnA8v. Accessed 13 Jan 2012.
Office of the Information and Privacy Commissioner of Ontario, Canada, and Nymity. 2010. A pragmatic approach to privacy risk optimization:Privacy by Design for business practices. Office of the Privacy Commissioner of Ontario, Canada.http://bit.ly/hl0ws8. Accessed 13 Jan 2012.
Office of the Information and Privacy Commissioner of Ontario, Canada, Guardent and PricewaterhouseCoopers. 2001. Privacy diagnostic tool workbook and FAQ. Office of the Information and Privacy Commissioner of Ontario, Canada.http://bit.ly/gAhbsN andhttp://bit.ly/eaHrMv, respectively. Accessed 13 Jan 2012.
Office of the Information and Privacy Commissioner of Ontario, Canada, Ontario Lottery and Gaming Corporation & YMCA Canada. 2009a. Privacy risk management: Building privacy protection into a risk management framework to ensure that privacy risks are managed, by default. Office of the Information and Privacy Commissioner of Ontario, Canada.http://bit.ly/gGMA4r. Accessed 13 Jan 2012.
Office of the Information and Privacy Commissioner of Ontario,Canada and Liberty Alliance. 2009.The New Federated Privacy Impact Assessment(F-PIA) bulding privacy and trust- enabled federation. Canada: Office of the Informationa and Privacy Commissioner of Ontario.http://bit.ly/f89UMs. Accessed 13 Aug 2012.
Office of the Privacy Commissioner of Australia (OPCA). 2010. Privacy Impact Assessments (PIA) guide.http://bit.ly/hRQu0a. Accessed 13 Jan 2012.
Office of the Privacy Commissioner of Canada (OPCC)
OPCC. 2004. A guide for businesses and organizations: Your privacy responsibilities. Office of the Privacy Commissioner of Canada.http://bit.ly/fRKncL. Accessed 13 Jan 2012.
OPCC. 2007. Fact sheet on PIAs. Office of the Privacy Commissioner of Canada.http://bit.ly/dTZ8Aj. Accessed 13 Jan 2012.
Ponemon Institute, The:
Ponemon Institute. 2010. 2009 annual study: Cost of a privacy breach sponsored by PGP Corp.http://bit.ly/eRxyMK. Accessed 13 Jan 2012.
Ponemon Institute. 2011. The true costs of compliance: A benchmark study of multinational organizations, independent research report.http://bit.ly/e13LZT. Accessed 13 Jan 2012.
Privacy International. 1998–2003. Privacy and human rights, annual reports.http://bit.ly/hjKLSe. Accessed 13 Jan 2012.
Privacy International and the Electronic Privacy Information Center (EPIC). 2007. Privacy and human rights 2006: An international survey of privacy laws and developments. http://bit.ly/g9wOAh. Accessed 13 Jan 2012.
Privacy International, the Electronic Privacy Information Center (EPIC) and the Center for Media and Communications Studies (CMCS). 2011. European privacy and human rights 2010. http://bit.ly/gnFZoC. Accessed 13 Jan 2012.
Romanosky, Sasha, Rahul Telang, and Alessandro Acquisti. 2011. Do data breach disclosure laws reduse identity theft?Journal of Policy Analysis and Management 30(2): 256–286. Available at SSRN:http://ssrn.com/abstract=1268926
Schwartz, Paul M., and Janger Edward J. 2007. Notification of data security breaches.Michigan Law Review 105: 913. Brooklyn Law School, Legal Studies Paper No. 58.http://bit.ly/hQjHT0. Accessed 13 Jan 2012.
Troncoso, Carmela, Danezis George, Kosta Eleni, Balasch Joseph, and Preneel Bart. 2011. PriPAYD: Friendly pay-as-you-drive insurance.IEEE Transactions on Dependable and Secure Computing 8(5): 742–755. Accessible at:www.cosic.esat.kuleuven.be/publications/article-2013.pdf.
U.K. Information Commissioner’s Office (ICO)
U.K. Information Commissioner’s Office (ICO). 2007. An international study of PIA law, policies and practices, ICO.http://bit.ly/hB381i. Accessed 13 Jan 2012.
U.K. Information Commissioner’s Office (ICO). 2009a. Protecting people: A data protection strategy for the Information Commissioner’s Office. ICO.http://bit.ly/gi5vW1. Accessed 13 Jan 2012.
U.K. Information Commissioner’s Office (ICO). 2009b. PIA Handbook, ICO.http://bit.ly/eEKU06. Accessed 13 Jan 2012.
U.S. Federal Trade Commission (FTC). 2010. Protecting consumer privacy in an era of rapid change: A proposed framework for businesses and policymakers. Staff technical report.http://1.usa.gov/eupYzF. Accessed 13 Jan 2012.
U.S. White House. 2010. Draft national strategy for trusted identities in cyberspace: Creating options for enhanced online security and privacy.http://1.usa.gov/hNs1jw. Accessed 13 Jan 2012.
Additional Readings
Borking, J.J. 2005. Privacy standards for trust. Presentation to the London conference of Data Protection Authorities.http://bit.ly/gTjOVq. Accessed 13 Jan 2012.
Borking, J.J., and Raab, C. 2001. Laws, PETS and other technologies for privacy protection.Journal of Information, Law and Technology 1, pp. 1–14.http://bit.ly/PkslMr.
Cavoukian, A, Information and Privacy Commissioner, Ontario, Canada
Cavoukian, A. May 2011.Privacy by ReDesign: Building a better legacy. Available at:www.privacybydesign.ca
Cavoukian, A. Aug 2011.Privacy by Design in law, policy and practice: A white paper for regulators, decision-makers and policy-makers.
Cavoukian, A. Sept 2011.Privacy by Design: From policy to practice.
Cavoukian, A. Nov 2011.Privacy by ReDesign: A practical framework for implementation.
Center for Democracy and Technology (CDT)
CDT. 2009a. Perspective on PbD.http://bit.ly/fuxn0t. Accessed 13 Jan 2012.
CDT. 2009b. The role of Privacy by Design in protecting consumer privacy. Comments submitted to the FTC Consumer Privacy Roundtable.http://1.usa.gov/eMH4jv. Accessed 13 Jan, 2012.
Computers, Privacy and Freedom (CFP). 2000, April.Privacy by Design workshop proceedings. Toronto, Ontario, Canada.http://bit.ly/e5UegE. Accessed 13 Jan 2012.
Dutch Data Protection Agency. 2004. Privacy-enhancing technologies. White paper for decision-makers.http://bit.ly/dFRV8q. Accessed 13 Jan 2012.
European Commission (EC)
EC. 2007a. European Commission supports PETs: Promoting data protection by Privacy Enhancing Technologies, Press Release.http://bit.ly/epnO5w. Accessed 13 Jan 2012.
EC. 2007b. Communication from the commission to the European parliament and the council on promoting data protection by privacy enhancing technologies (PETs), COM(2007) 228 final. Brussels, 2.5.2007 and Background Memo.http://bit.ly/hRdu8n andhttp://bit.ly/gF8BhA, respectively. Accessed 13 Jan 2012.
EC. 2009. The future of privacy: Joint contribution to the Consultation of the European Commission on the legal framework for the fundamental right to protection of personal data, Article 29 Data Protection Working Party, WP 168.http://bit.ly/gWJ56l. Accessed 13 Jan 2012.
EC. 2010a. Opinion 5/2010 on the Industry Proposal for a Privacy and Data Protection Impact Assessment Framework for RFID Applications, Article 29 Data Protection Working Party, WP175.http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2010/wp175_en.pdf.
EC. 2010b. Communication from the commission to the European parliament, the council, the economic and social committee and the committee of the regions: A comprehensive approach on personal data protection in the European Union. Technical report.http://bit.ly/grpr4w. Accessed 13 Jan 2012.
EC. 2010c. Study on the economic benefits of privacy-enhancing technologies, Final Report to The European Commission, DG Justice, Freedom and Security.http://bit.ly/heQNQT. Accessed 13 Jan 2012.
EC. 2010d. Opinion 3/2010 on the principle of accountability, Article 29 Data Protection Working Party, WP 173.http://bit.ly/eEFeaq. Accessed 13 Jan 2012.
EC. 2011a. Opinion 9/2011 on the revised Industry Proposal for a Privacy and Data Protection Impact Assessment Framework for RFID Applications, Article 29 Data Protection Working Party, WP180.http://cordis.europa.eu/fp7/ict/enet/documents/rfid-pia-framework-a29wp-opinion-11-02-2011_en.pdf.
EC. 2011b. Privacy and data protection impact assessment framework for RFID applications.http://ec.europa.eu/information_society/policy/rfid/documents/infso-2011-00068.pdf.
European Council. Feb 2011. Council conclusions on the Communication from the Commission to the European Parliament and the Council – A comprehensive approach on personal data protection in the European Union, 3071st JUSTICE and HOME AFFAIRS Council meeting, Brussels.http://bit.ly/gx4wS0. Accessed 13 Jan 2012.
European Commission-funded initiatives
European Commission-funded initiatives: FIDIS Project. 2007. Identity and impact of privacy enhancing technologies.http://bit.ly/e8A0aG. Accessed 13 Jan 2012.
European Commission-funded initiatives: PISA Project. 2003. Handbook of privacy-enhancing technologies – The case of intelligent software agents. The Hague.http://bit.ly/f32fns. Accessed 13 Jan 2012.
European Commission-funded initiatives: PRIME Project. 2007. PRIME White paper v2.http://bit.ly/hry9Og. Accessed 13 Jan 2012.
EU Privacy Impact Assessment Observatory:http://www.piawatch.eu/
EU Privacy Impact Framework project:www.piafproject.eu
European Network and Information Security Agency (ENISA). 31 Mar 2010. Opinion on the industry proposal for a privacy and data protection impact assessment framework for RFID applications.http://www.enisa.europa.eu/media/news-items/enisa-opinion-on-pia.
Gürses, S., C. Troncoso, and C. Diaz. 2011.Engineering Privacy by Design.https://www.cosic.esat.kuleuven.be/publications/article-1542.pdf. Accessed 14 Feb 2012.)
Hustinx, P., European Data Protection Supervisor (EDPS)
Hustinx, P., and EDPS. 2008, April. EDPS issues policy paper on his role in EU research and technological development, Press Release.http://bit.ly/hKCs5x. Accessed 13 Jan 2012.
Hustinx, P., and EDPS. 2010a, March. Opinion of the European Data Protection Supervisor on Promoting Trust in the Information Society by Fostering Data Protection and Privacy, EDPS.http://bit.ly/h9qzmP. Accessed 13 Jan 2012.
Hustinx, P., and EDPS. 2010b, March. Press Release, EDPS opinion on privacy in the digital age: “Privacy by Design” as a key tool to ensure citizens’ trust in ICTs, EDPS/10/6.http://bit.ly/hNJDZy. Accessed 13 Jan 2012.
Initiative for Privacy Standardization in Europe (IPSE), European Committee for Standardization (CEN). 2002. Final Report of the EU CEN/ISSS Initiative on Privacy Standardization in Europe.http://bit.ly/hZX7io. Accessed 13 Jan 2012.
International Working Group on Data Protection in Telecommunications (IWGDPT). 2011. Privacy by Design and smart metering: Minimize personal information to maintain privacy, 675.43.18.http://goo.gl/2zld1. Accessed 14 Feb 2012.
International Security, Trust and Privacy Alliance (ISTPA)
ISTPA. 2007. Analysis of privacy principles: Making privacy operational.http://bit.ly/gZu2pm. Accessed 13 Jan 2012.
ISTPA. 2009. Privacy management reference model 2.0 v.2.0: A framework for resolving privacy policy requirements into operational privacy services and functions.http://bit.ly/dUMaiD. Accessed 13 Jan 2012.
Kenny, S., and Borking, J. 2002. ‘The Value of Privacy Engineering’, Refereed Article,The Journal of Information, Law and Technology (JILT) 2002 (1).http://bit.ly/gk9P3E. Accessed 13 Jan 2012.
London Economics. 2010. Study on the economic benefits of privacy-enhancing technologies, Final Report to The European Commission, DG Justice, Freedom and Security.http://bit.ly/heQNQT. Accessed 13 Jan 2012.
Microsoft Corp. 2006. Privacy guidelines for developing software products and services.http://bit.ly/ijIMVk. Accessed 13 Jan 2012.
Organisation for Economic Co-operation and Development (OECD)
OECD. 2003. Directorate for Science, Technology and Industry, Committee for Information, Computer and Communications Policy, Inventory of privacy-enhancing technologies (PETs).http://bit.ly/hrFQIs. Accessed 8 Apr 2011.
OECD. 2008. At a Crossroads: “Personhood” and the digital identity in the information society. STI Working Paper 2007/7.http://bit.ly/gFBhlQ. Accessed 8 Apr 2011.
OECD. 2011a. Directorate for Science, Technology and Industry, Committee for Information, Computer and Communications Policy, The evolving privacy landscape: 30 years after the OECD privacy guideline.www.oecd.org/dataoecd/22/25/47683378.pdf. Accessed 16 Feb 2012.
OECD. 2011b. The 30th anniversary of the OECD privacy guidelines (web page) atwww.oecd.org/sti/privacyanniversary
Rost, Martin, and Bock Kirsten. 2011. Privacy by Design and the new protection goalswww.maroki.de/pub/privacy/BockRost_PbD_DPG_en_v1f.pdf. Accessed 14 Feb 2012.
Rubinstein, Ira S. 2011. Regulating Privacy by Design.http://goo.gl/WRCv5. Accessed 14 Feb 2012.
Spiekermann, Sarah, and Cranor, Lorrie Faith. 2009. Engineering privacy.IEEE Transactions on Software Engineering 35(1): 67–82. doi:10.1109/TSE.2008.88 .
Springer Publications. 2010. Special Privacy by Design issue of Identity in the Information Society 3(2).http://bit.ly/fo6l1q. Accessed 13 Jan 2012.
Tene, Omer. 2011. Privacy: The new generations.International Data Privacy Law 1(1): 15–27. doi:10.1093/idpl/ipq003. First published online: 5 Oct 2010.
U.K. Royal Academy of Engineering Society. 2007. Report: Dilemmas of privacy and surveillance: Challenges of technological change.http://bit.ly/gJUmJm – Press release:http://bit.ly/hSo1O0. Accessed 13 Jan 2012.
Wright, David
Wright, David. 2011a. Should privacy impact assessments be mandatory?.Communications of the ACM 54(8).http://cacm.acm.org/magazines/2011/8. Accessed Aug 2011.
Wright, David. 2011b. A framework for the ethical impact assessment of information technology.Ethics and Information Technology 13(3): 199–226.www.springerlink.com/content/nw5v71087x60/. Accessed Sept 2011.
Wright, David. 2012. The state of the art in privacy impact assessment.Computer Law & Security Review 28(1): 54–61.www.sciencedirect.com/science/journal/02673649. Accessed Feb 2012.
Wright, David, and Paul De Hert. 2012.Privacy impact assessment. Springer Law, Governance and Technology Series, Vol. 6.www.springer.com/law/international/book/978-94-007-2542-3.
Wright, David, Paul De Hert and Serge Gutwirth. 2011a. Are the OECD guidelines at 30 showing their age?.Communications of the ACM 54(2): 119–127.http://cacm.acm.org/magazines/2011/2. Accessed Feb 2011.
Wright, David, Gellert Raphaël, Gutwirth Serge and Friedewald Michael. 2011b. Minimizing technology risks with PIAs, precaution and participation.IEEE Technology & Society, 30(4):47–54, Winter 2011.
Acknowledgement
I gratefully acknowledge the work of Fred Carter, Senior Policy & Technology Advisor, Office of the Information and Privacy Commissioner of Ontario, Canada, in the preparation of this paper.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer Science+Business Media Dordrecht
About this chapter
Cite this chapter
Cavoukian, A. (2013). Privacy by Design: Leadership, Methods, and Results. In: Gutwirth, S., Leenes, R., de Hert, P., Poullet, Y. (eds) European Data Protection: Coming of Age. Springer, Dordrecht. https://doi.org/10.1007/978-94-007-5170-5_8
Download citation
DOI: https://doi.org/10.1007/978-94-007-5170-5_8
Published:
Publisher Name: Springer, Dordrecht
Print ISBN: 978-94-007-5184-2
Online ISBN: 978-94-007-5170-5
eBook Packages: Humanities, Social Sciences and LawLaw and Criminology (R0)