Skip down to main content

Engineering Privacy by Design

Recorded:
23 Nov 2011

The design and implementation of privacy requirements in systems is a difficult problem and requires the translation of complex social, legal and ethical concerns into systems requirements. The concept of “privacy by design” has been proposed to serve as a guideline on how to address these concerns.

“Privacy by design” consists of a number of principles that can be applied from the onset of systems development to mitigate privacy concerns and achieve data protection compliance. However, these principles remain vague and leave many open questions about their application when engineering systems. In this talk we argue that starting from data minimization is a necessary and foundational first step to engineer systems in line with the principles of privacy by design.

We first discuss what data minimization can mean from a security engineering perspective. We then present a summary of two case studies in which privacy is achieved by minimizing different types of data, according to the purpose of each application. First, we present a privacy-preserving ePetition system, in which user’s privacy is guaranteed by hiding their identity from the provider while revealing their votes. Secondly, we study a road tolling system, in which users have to be identified for billing reasons and data minimization is applied to protect further sensitive information (in this case location information). The case studies make evident that the application of data minimization does not necessarily imply anonymity, but may also be achieved by means of concealing information related to identifiable individuals. In fact, different kinds of data minimization are possible, and each system requires careful crafting of data minimization best suited for its purpose.

Most importantly, the two case studies underline that the interpretation of privacy by design principles requires specific engineering expertise, contextual analysis, and a balancing of multilateral security and privacy interests. They show that privacy by design is a productive space in which there is no one way of solving the problems. Based on our analysis of the two case studies, we argue that engineering systems according to the privacy by design principles requires the development of generalizable methodologies that build upon the principle of data minimization. However, the complexity of this engineering task demands caution against reducing such methodologies to “privacy by design check lists” that can easily be ticked away for compliance reasons while not mitigating some of the risks that privacy by design is meant to address.

Privacy Overview
Oxford Internet Institute

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

Strictly Necessary Cookies
  • moove_gdrp_popup -  a cookie that saves your preferences for cookie settings. Without this cookie, the screen offering you cookie options will appear on every page you visit.

This cookie remains on your computer for 365 days, but you can adjust your preferences at any time by clicking on the "Cookie settings" link in the website footer.

Please note that if you visit the Oxford University website, any cookies you accept there will appear on our site here too, this being a subdomain. To control them, you must change your cookie preferences on the main University website.

Google Analytics

This website uses Google Tags and Google Analytics to collect anonymised information such as the number of visitors to the site, and the most popular pages. Keeping these cookies enabled helps the OII improve our website.

Enabling this option will allow cookies from:

  • Google Analytics - tracking visits to the ox.ac.uk and oii.ox.ac.uk domains

These cookies will remain on your website for 365 days, but you can edit your cookie preferences at any time via the "Cookie Settings" button in the website footer.