Jaap-Henk Hoepman, Privacy Design Strategies
PLSC 2013
Workshop draft abstract:
Privacy by design is the philosophy of protecting privacy throughout the process of technological development, that is from the conception of a new technology up to its realisation. The idea is that when privacy is a integral part of the technological development process, the final product protects privacy throughout its entire life cycle.
In the context of developing IT systems, this implies that privacy protection is a system requirement that must be treated like any other (non-) functional requirement. In particular, privacy protection (together with all other requirements) will determine the design and implementation of the system. To support privacy by design, we therefore need guiding principles to support the inclusion of privacy requirements throughout the system development life cycle, in particular during the concept development, analysis, design and implementation phases. Unfortunately there is so far little experience in applying privacy by design in engineering. This work aims to contribute to closing this gap.
An important methodology during the design phase is the application of so called software design patterns. These design patterns refine the system architecture to achieve certain functional requirements within a given set of constraints. However, such design patterns do not necessarily play a role in the earlier, concept development and analysis, phases of the software development cycle. The main reason is that such design patterns are already quite detailed in nature, and more geared towards solving an implementation problem. To guide the development team in the earlier stages, privacy design strategies at a higher level of abstraction are needed.
In this work we define the notion of a privacy design strategy, and derive the following eight privacy design strategies: minimise, hide, separate, aggregate, inform, control, enforce and demonstrate based on both the legal and the technical perspective on privacy protection. We validate our approach by showing how these strategies apply to both an information storage and an information flow type of system, and by comparing our classification to existing privacy frameworks. We believe these strategies help to support privacy by design throughout the full software development life cycle, even before the design phase. It makes explicit which high level strategies can be applied to protect privacy when drafting the first concepts from which a new information system will be derived.