Home Research Education Publications Activities Resources About Me

The Little Blue Book

Privacy is important. It protects us against intrusive companies and an omniscient government. The goal is to maintain a balance of power between the individual and society. In a democratic state this is not only of personal interest but also of interest to society at large. This is why privacy is a fundamental right. Strong European laws protect the privacy of all citizens on European soil.

Unfortunately, these laws are complex and vague. They offer little concrete guidance to designers and system developers. This is a problem if you want to design privacy-friendly systems. For example by applying the privacy by design philosophy, which demands that privacy requirements are taken into account right from the start and throughout the system development life cycle. This makes privacy, like security, a software quality attribute. Privacy by design is a legal requirement from 2018 onward. But you can also use it to go beyond the bare minimum required by law, and use it as an innovative force.

But how to make privacy by design concrete? And how to apply it in practice? Privacy design strategies aim to answer that question. They translate vague legal norms in concrete design requirements. They provide talking points to explore the design of the system. They guide the initial design sketches into a privacy-friendly direction, forcing one to make fundamental design choices early on.

This book targets all organisations (businesses or government) that process personal information. It is in particular intended to be used by designers and engineers who build systems processing personal information, and the people responsible for these systems.

This book describes eight privacy design strategies. Every strategy is briefly explained and illustrated through several practical examples. A few concrete technologies that can be used to implement each strategy are also mentioned.

Last Version - Tue Oct 26 10:24:11 2021 +0200 / e1e3326.
(Note: changeover from CVS to dotless svn version numbers on Jan 19, 2008, and changeover to GIT versioning on May 30, 2013.)
Maintained by Jaap-Henk Hoepman
Email: jhh@cs.ru.nl