Journal ArticleDOI
Engineering Privacy
TLDR
The paper uses a three-layer model of user privacy concerns to relate them to system operations and examine their effects on user behavior, and develops guidelines for building privacy-friendly systems.Abstract:
In this paper we integrate insights from diverse islands of research on electronic privacy to offer a holistic view of privacy engineering and a systematic structure for the discipline's topics. First we discuss privacy requirements grounded in both historic and contemporary perspectives on privacy. We use a three-layer model of user privacy concerns to relate them to system operations (data transfer, storage and processing) and examine their effects on user behavior. In the second part of the paper we develop guidelines for building privacy-friendly systems. We distinguish two approaches: "privacy-by-policy" and "privacy-by-architecture." The privacy-by-policy approach focuses on the implementation of the notice and choice principles of fair information practices (FIPs), while the privacy-by-architecture approach minimizes the collection of identifiable personal data and emphasizes anonymization and client-side data storage and processing. We discuss both approaches with a view to their technical overlaps and boundaries as well as to economic feasibility. The paper aims to introduce engineers and computer scientists to the privacy research domain and provide concrete guidance on how to design privacy-friendly systems.read more
Citations
More filters
Some Preliminary Comments on the DIRECTIVE 95/46/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data.
TL;DR: The objectives of the European Community, as laid down in the Treaty, as amended by the Treaty on European Union, include creating an ever closer union among the peoples of Europe, fostering closer relations between the States belonging to the Community, ensuring economic and social progress by common action to eliminate the barriers which divide Europe, encouraging the constant improvement of the living conditions of its peoples, preserving and strengthening peace and liberty and promoting democracy on the basis of the fundamental rights recognized in the constitution and laws of the Member States and in the European Convention for the Protection of Human Rights and Fundamental Freedoms
Journal ArticleDOI
Ethical and privacy principles for learning analytics
Abelardo Pardo,George Siemens +1 more
TL;DR: A set of principles is identified to narrow the scope of the discussion and point to pragmatic approaches to help design and research learning experiences where important ethical and privacy issues are considered.
Journal ArticleDOI
Privacy in the Internet of Things: threats and challenges
TL;DR: In this paper, the privacy issues in the Internet of Things are analyzed in detail, pointing out the challenges that need to be overcome to ensure that the internet of Things becomes a reality.
Book ChapterDOI
Privacy, Security and Trust in Cloud Computing
TL;DR: This chapter assesses how security, trust and privacy issues occur in the context of cloud computing and discusses ways in which they may be addressed.
Journal ArticleDOI
Research Note---Effects of Individual Self-Protection, Industry Self-Regulation, and Government Regulation on Privacy Concerns: A Study of Location-Based Services
TL;DR: The results support the core assertion that perceived control over personal information is a key factor affecting context-specific concerns for information privacy and have important implications for service providers and consumers as well as for regulatory bodies and technology developers.
References
More filters
Journal ArticleDOI
k -anonymity: a model for protecting privacy
TL;DR: The solution provided in this paper includes a formal protection model named k-anonymity and a set of accompanying policies for deployment and examines re-identification attacks that can be realized on releases that adhere to k- anonymity unless accompanying policies are respected.
ReportDOI
Tor: the second-generation onion router
TL;DR: This second-generation Onion Routing system addresses limitations in the original design by adding perfect forward secrecy, congestion control, directory servers, integrity checking, configurable exit policies, and a practical design for location-hidden services via rendezvous points.
Journal ArticleDOI
L-diversity: Privacy beyond k-anonymity
TL;DR: This paper shows with two simple attacks that a \kappa-anonymized dataset has some subtle, but severe privacy problems, and proposes a novel and powerful privacy definition called \ell-diversity, which is practical and can be implemented efficiently.
Journal ArticleDOI
Privacy-preserving data mining
TL;DR: This work considers the concrete case of building a decision-tree classifier from training data in which the values of individual records have been perturbed and proposes a novel reconstruction procedure to accurately estimate the distribution of original data values.
Proceedings ArticleDOI
L-diversity: privacy beyond k-anonymity
TL;DR: This paper shows with two simple attacks that a \kappa-anonymized dataset has some subtle, but severe privacy problems, and proposes a novel and powerful privacy definition called \ell-diversity, which is practical and can be implemented efficiently.