eprintid: 1463998
rev_number: 24
eprint_status: archive
userid: 608
dir: disk0/01/46/39/98
datestamp: 2015-03-20 20:10:59
lastmod: 2020-02-12 17:25:12
status_changed: 2015-11-04 16:51:50
type: report
metadata_visibility: show
item_issues_count: 0
creators_name: Danezis, G
creators_name: Domingo-Ferrer, J
creators_name: Hansen, M
creators_name: Hoepman, JH
creators_name: Metayer, DL
creators_name: Tirtea, R
creators_name: Schiffner, S
title: Privacy and Data Protection by Design - from policy to engineering
ispublished: pub
divisions: UCL
divisions: A01
divisions: B04
divisions: C05
divisions: F48
keywords: personal data, data processing, protection of privacy, digital technology, data protection, risk prevention, European Network and Information Security Agency, product design, artistic creation, technological process
note: © European Union Agency for Network and Information Security (ENISA), 2014.

Reproduction is authorised provided the source is acknowledged.
abstract: Privacy and data protection constitute core values of individuals and of democratic societies. There have been decades of debate on how those values -and legal obligations- can be embedded into systems, preferably from the very beginning of the design process. One important element in this endeavour are technical mechanisms, known as privacy-enhancing technologies (PETs). Their effectiveness has been demonstrated by researchers and in pilot implementations. However, apart from a few exceptions, e.g., encryption became widely used, PETs have not become a standard and widely used component in system design. Furthermore, for unfolding their full benefit for privacy and data protection, PETs need to be rooted in a data governance strategy to be applied in practice. This report contributes to bridging the gap between the legal framework and the available technological implementation measures by providing an inventory of existing approaches, privacy design strategies, and technical building blocks of various degrees of maturity from research and development. Starting from the privacy principles of the legislation, important elements are presented as a first step towards a design process for privacy-friendly systems and services. The report sketches a method to map legal obligations to design strategies, which allow the system designer to select appropriate techniques for implementing the identified privacy requirements. Furthermore, the report reflects limitations of the approach. It concludes with recommendations on how to overcome and mitigate these limits.
date: 2014-12
publisher: European Union Agency for Network and Information Security (ENISA)
official_url: http://dx.doi.org/10.2824/38623
vfaculties: VENG
oa_status: green
full_text_type: pub
language: eng
primo: open
primo_central: open_green
verified: verified_manual
elements_source: arXiv
elements_id: 1010339
doi: 10.2824/38623
isbn_13: 9789292041083
lyricists_name: Danezis, Georges
lyricists_id: GDANE23
full_text_status: public
place_of_pub: Heraklion, Greece
pages: 72
citation:        Danezis, G;  Domingo-Ferrer, J;  Hansen, M;  Hoepman, JH;  Metayer, DL;  Tirtea, R;  Schiffner, S;         (2014)    Privacy and Data Protection by Design - from policy to engineering.                    European Union Agency for Network and Information Security (ENISA): Heraklion, Greece.       Green open access   
 
document_url: https://discovery.ucl.ac.uk/id/eprint/1463998/1/Danezis_1501.03726v2.pdf