Head Belly Root
Notes Privacy Is Hard Creative Commons License
Chapter 8

Privacy Is Hard

  1. The following sections are based on earlier material: J.-H. Hoepman, "Privacy Design Strategies," in IFIP TC11 International Information Security Conference 2014, ed. N. Cuppens-Boulahia et al. (Berlin: Springer, 2014. A preliminary version was presented at the Amsterdam Privacy Conference (APC 2012) and the Privacy Law Scholars Conference (PLSC 2013); M. Colesky, J.-H. Hoepman, and C. Hillen, "A Critical Analysis of Privacy Design Strategies," in 2016 International Workshop on Privacy Engineering— IWPE'16 (IEEE Computer Society, 2016), 33–40; J.-H. Hoepman, Privacy Design Strategies: The Little Blue Book (May 2018).
  2. Cavoukian, Privacy by Design.
  3. Federal Trade Commission, Privacy Online: Fair Information Practices in the Electronic Marketplace: A Report to Congress (Washington, DC: FTC, May 2000); Organisation of Economic Co-Operation and Development, OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data (OECD, 1980).
  4. In all fairness, many systems are developed in a rather ad hoc manner wherein there is no clear separation among these different phases. Moreover, certain phases may be skipped altogether or actually be performed in a seemingly random order. This is the case in agile development approaches in particular, in which the system is built incrementally.
  5. See https://privacypatterns.org and https://privacypatterns.cs.ru.nl.
  6. Hoepman, "Privacy Design Strategies"; Colesky, Hoepman, and Hillen, "A Critical Analysis of Privacy Design Strategies"; Hoepman, Privacy Design Strategies: The Little Blue Book.
  7. Regulation (EU) 2016/679 (GDPR).
  8. A more thorough discussion can be found in Hoepman, Privacy Design Strategies: The Little Blue Book.
  9. B. Kramer, "Waarom de Belastingdienst jouw Spotify-playlist wil hebben," Vice, April 3, 2017.
  10. L. Taylor, L. Floridi, and B. van der Sloot, eds., Group Privacy: New Challenges of Data Technologies (Cham: Springer, 2017).
  11. M. Gruteser and D. Grunwald, "Anonymous Usage of Location-Based Services through Spatial and Temporal Cloaking," in Proceedings of the First International Con- ference on Mobile Systems, Applications, and Services (MobiSys 2003) (USENIX, 2003).
  12. We distinguish between the (external) privacy statement and the (internal) privacy policy (see the enforce strategy).
  13. J.-H. Hoepman, "Using Icons to Summarise Privacy Policies: An Analysis and a Proposal," XOT (blog), September 21, 2016.
  14. See https://myaccount.google.com/ .
  15. See TrustArc and European Privacy Seal .