blogzilla, profile picture
Uploaded byblogzilla
PPTX, PDF3,085 views

Privacy by design

The document outlines the principles of 'Privacy by Design,' emphasizing proactive measures and user-centric approaches in data protection. It discusses foundational guidelines for implementing privacy in organizational practices, as well as the role of data protection regulations and privacy rights. Additionally, it addresses strategies for ensuring privacy in various technologies and highlights challenges and limitations in achieving effective privacy protections.

Embed presentation

Downloaded 92 times
Privacy by Design Ian Brown, Prof. of Information Security and Privacy Oxford Internet Institute, University of Oxford @IanBrownOII
Privacy by Design principles 1. Proactive not Reactive; Preventative not Remedial 2. Privacy as the Default Setting 3. Privacy Embedded into Design 4. Full Functionality: Positive-Sum, not Zero-Sum 5. End-to-End Security — Full Lifecycle Protection 6. Visibility and Transparency — Keep it Open 7. Respect for User Privacy — Keep it User-Centric Cavoukian et al. (2010)
32nd International Conference of DP and Privacy Commissioners (Jerusalem 2010) 1. Recognize Privacy by Design as an essential component of fundamental privacy protection; 2. Encourage the adoption of Privacy by Design’s Foundational Principles… as guidance to establishing privacy as an organization’s default mode of operation; 3. Invite Data Protection and Privacy Commissioners/Authorities to: a. promote Privacy by Design, as widely as possible through distribution of materials, education and personal advocacy; b. foster the incorporation of the Privacy by Design Foundational Principles in the formulation of privacy policy and legislation within their respective jurisdictions; c. proactively encourage research on Privacy by Design…
General Data Protection Regulation §23: Data protection by design and by default 1. …the controller… shall…implement appropriate and proportionate technical and organisational measures and procedures in such a way that the processing will meet the requirements of this Regulation and ensure the protection of the rights of the data subject… 2. The controller shall ensure that, by default, only those personal data are processed which are necessary for each specific purpose of the processing and are especially not collected, retained or disseminated beyond the minimum necessary for those purposes… COM(2012) 11 final
European Parliament’s additions • 1 … Data protection by design shall have particular regard to the entire lifecycle management of personal data from collection to processing to deletion, systematically focusing on comprehensive procedural safeguards regarding the accuracy, confidentiality, integrity, physical security and deletion of personal data. • 1a In order to foster its widespread implementation in different economic sectors, data protection by design shall be a prerequisite for public procurement tenders
Privacy system requirements • Purpose limitation (comprising both specification of the purpose and limiting the use to that stated purpose) • Data minimisation • Data quality • Transparency (Openness in OECD terms). • Data subject rights (in terms of consent, and the right to view, erase, and rectify personal data) • The right to be forgotten. • Adequate protection (Security Safeguards in OECD terms). • Data portability • Data breach notifications. • Accountability and (provable) compliance J-H Hoepmann (2014)
Privacy design strategies Strategy Pattern Minimise Select before you collect; anonymisation; pseudonymisation Hide (from all, or third, parties) Encryption, onion routing, anonymous credentials, homomorphic encryption Separate Distributed processing and storage where feasible; split database tables; secure multi-party computation; unlinkability Aggregate Aggregation over time and geography; dynamic location granularity Inform Transparency, data breach notifications, UI design Control Informed consent, UI design Enforce Access control, privacy rights management Demonstrate Privacy rights management, logging J-H Hoepmann (2014)
“Spy bins” and smartphones Image: Renew London
Transport pricing • Monitor all traffic centrally (London), at kerbside (W London) or deduct payment from pay-as-you-go toll cards (Singapore)? On- board unit (Balasch et al. 2010)? Or tax parking spaces? • Link all payment card usage (Oyster) or use unlinkable RFID tokens (Shenzen)? MIT Technology Review (2006)
Privacy-friendly smart meters • Personal data remains at customer premises under their direct control • Network broadcasts tariff data to meters, which control appliances • Heavily aggregated information used for billing and price comparison Rial and Danezis (2011)
Location-Based Services • Can we use features of mobile phone networks to supply anonymous, targeted adverts? H Haddadi, P Hui, T Henderson and I Brown (2010) MobiAd: Private and Scalable Mobile Advertising, ACM International Workshop on Mobility in the Evolving Internet Architecture, Chicago
Limitations • ENISA experts identify: • Fragility/non-composability of privacy properties • Privacy metrics and utility limitations • Increased complexity • Implementation obstacles • Unclear or too narrow interpretation • Utility in Internet of Things and Big Data systems • FTC staff IoT report: “flexible” minimisation: don’t collect data, or unneeded data, or sensitive data; de-identify; or seek consent • Article 29 Working Party: “insists that the data minimisation principle plays an essential role” (Opinion 8/2014) • EDPS: DP must cover “use and collection of data. A differentiation in this regard has never been made in EU data protection law and it has the potential to weaken the protection of fundamental rights.”
References • J. Balasch, A. Rial, C. Troncoso, C. Geuens, B. Preneel and I. Verbauwhede (2010) PrETP: Privacy-Preserving Electronic Toll Pricing. Usenix Security Symposium, pp. 63-78. • ENISA (2014), Privacy and Data Protection by Design – from policy to engineering. • European Data Protection Supervisor (2015) Value of the EU Data Protection Reform against the Big Data challenges, 5th European Data Protection Days, Berlin. • Federal Trade Commission Staff Report, Internet of Things: Privacy & Security in a Connected World, Jan. 2015. • H. Haddadi, P. Hui and I. Brown (2010) MobiAd: Private and Scalable Mobile Advertising, ACM International Workshop on Mobility in the Evolving Internet Architecture, Chicago. • J.-H. Hoepman (2014) Privacy Design Strategies (extended abstract). ICT Systems Security and Privacy Protection - 29th IFIP TC 11 International Conference, SEC 2014, Marrakech. • A. Rial and G. Danezis (2011) Privacy-Preserving Smart Metering, ACM Workshop on Privacy in the Electronic Society, Chicago.

More Related Content

PPTX
Privacy by Design: White Papaer
byKristyn Greenwood
 
PPTX
Privacy by Design: legal perspective
byDr. Mira Suleimenova, CIPPe
 
PPTX
Privacy by Design - taking in account the state of the art
byJames Mulhern
 
PDF
Privacy by Design and by Default + General Data Protection Regulation with Si...
byPeter Procházka
 
PPTX
Training privacy by design
byTommy Vandepitte
 
PDF
Privacy by design
byProf. Jacques Folon (Ph.D)
 
PDF
18 Tips for Data Classification - Data Sheet by Secure Islands
bySecure Islands - Data Security Policy
 
PDF
GDPR for Dummies
byCaroline Boscher
 
Privacy by Design: White Papaer
byKristyn Greenwood
 
Privacy by Design: legal perspective
byDr. Mira Suleimenova, CIPPe
 
Privacy by Design - taking in account the state of the art
byJames Mulhern
 
Privacy by Design and by Default + General Data Protection Regulation with Si...
byPeter Procházka
 
Training privacy by design
byTommy Vandepitte
 
Privacy by design
byProf. Jacques Folon (Ph.D)
 
18 Tips for Data Classification - Data Sheet by Secure Islands
bySecure Islands - Data Security Policy
 
GDPR for Dummies
byCaroline Boscher
 

What's hot

PPTX
General Data Protection Regulation
byBCC - Solutions for IBM Collaboration Software
 
PPTX
SECURITY AND CONTROL
byshinydey
 
PDF
ISO 27005:2022 Overview 221028.pdf
byAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
PPTX
Planning for security and security audit process
byDivya Tiwari
 
PPTX
Cissp- Security and Risk Management
byHamed Moghaddam
 
PPTX
Sensitive data
byS.M. Towhidul Islam
 
PPTX
ISO 27001 Awareness/TRansition.pptx
byDr Madhu Aman Sharma
 
PPTX
Data protection
byRaviPrashant5
 
PDF
Iso 27001 2013
byMagda CHELLY, Ph.D, S-CISO, CISSP®
 
PPT
Database auditing essentials
byCraig Mullins
 
PPTX
Cyber risks in supply chains
byAparajita Banerjee
 
PPTX
Information security management system
byArani Srinivasan
 
PPT
Bioinformatioc: Information Retrieval
byDr. Rupak Chakravarty
 
PDF
GDPR Demystified
bySPIN Chennai
 
PDF
Urgensi RUU Perlindungan Data Pribadi
byEryk Budi Pratama
 
PPTX
Cyber Security Organizational Operating Model and Governance
bySrinidhi Aithal
 
PPTX
The Protection of Personal Information Act 4 of 2013
byMyron Duncan Burton Betshanger
 
PDF
Information Security Management
byBhadra Gowdra
 
PDF
What about GDPR?
byMartin Hawksey
 
PPT
Norma Iso 27001
byJuana Rotted
 
General Data Protection Regulation
byBCC - Solutions for IBM Collaboration Software
 
SECURITY AND CONTROL
byshinydey
 
ISO 27005:2022 Overview 221028.pdf
byAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Planning for security and security audit process
byDivya Tiwari
 
Cissp- Security and Risk Management
byHamed Moghaddam
 
Sensitive data
byS.M. Towhidul Islam
 
ISO 27001 Awareness/TRansition.pptx
byDr Madhu Aman Sharma
 
Data protection
byRaviPrashant5
 
Iso 27001 2013
byMagda CHELLY, Ph.D, S-CISO, CISSP®
 
Database auditing essentials
byCraig Mullins
 
Cyber risks in supply chains
byAparajita Banerjee
 
Information security management system
byArani Srinivasan
 
Bioinformatioc: Information Retrieval
byDr. Rupak Chakravarty
 
GDPR Demystified
bySPIN Chennai
 
Urgensi RUU Perlindungan Data Pribadi
byEryk Budi Pratama
 
Cyber Security Organizational Operating Model and Governance
bySrinidhi Aithal
 
The Protection of Personal Information Act 4 of 2013
byMyron Duncan Burton Betshanger
 
Information Security Management
byBhadra Gowdra
 
What about GDPR?
byMartin Hawksey
 
Norma Iso 27001
byJuana Rotted
 

Similar to Privacy by design

PDF
GDPR and Security.pdf
byAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
PDF
Secure Software Design for Data Privacy
byNarudom Roongsiriwong, CISSP
 
PPT
Privacy by Design Seminar - Jan 22, 2015
byDr. Ann Cavoukian
 
PDF
DN18 | Privacy by Design for Blockchain | Silvan Jongerius | TechGDPR
byDataconomy Media
 
PPT
6006717 PRIVACY DESIGN APPROACH USED.ppt
byssuser57666f
 
PPTX
Privacy by design Austin Chambers 11-9-17
byJanelle RW Hsia
 
PPTX
Privacy by Design or Privacy by Re-engineering
byAndre Cardinaal
 
PPTX
Mobileprivacyazahir
byAzahir Hifzalla
 
PPTX
FINAL presentationMay2016
byMelissa Krasnow
 
PPT
Copyright and privacy by design - what lessons have we learned?
byblogzilla
 
PPT
Mobile Solutions and Privacy – Not One at the Expense of the Other
bybradley_g
 
PDF
TLabs - deutsche telekom
byChristina Azzam
 
PDF
Csa privacy by design & gdpr austin chambers 11-4-17
byTrish McGinity, CCSK
 
PPT
Updating the EU Data Protection Directive
byblogzilla
 
PPTX
Privacy Discusssion GM667 Saint Mary's University of MN
bySaint Mary's University of Minnesota
 
PDF
Polina Zvyagina - Airbnb - Privacy & GDPR Compliance - Stanford Engineering -...
byBurton Lee
 
PPTX
Keeping our secrets? Shaping Internet technologies for the public good
byblogzilla
 
PPTX
Designing for Privacy in an Increasingly Public World
byRobert Stribley
 
PPT
Ubicomp challenges for privacy law
byblogzilla
 
PDF
When Privacy Scales - Intelligent Product Design under GDPR
byAmanda Casari
 
GDPR and Security.pdf
byAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Secure Software Design for Data Privacy
byNarudom Roongsiriwong, CISSP
 
Privacy by Design Seminar - Jan 22, 2015
byDr. Ann Cavoukian
 
DN18 | Privacy by Design for Blockchain | Silvan Jongerius | TechGDPR
byDataconomy Media
 
6006717 PRIVACY DESIGN APPROACH USED.ppt
byssuser57666f
 
Privacy by design Austin Chambers 11-9-17
byJanelle RW Hsia
 
Privacy by Design or Privacy by Re-engineering
byAndre Cardinaal
 
Mobileprivacyazahir
byAzahir Hifzalla
 
FINAL presentationMay2016
byMelissa Krasnow
 
Copyright and privacy by design - what lessons have we learned?
byblogzilla
 
Mobile Solutions and Privacy – Not One at the Expense of the Other
bybradley_g
 
TLabs - deutsche telekom
byChristina Azzam
 
Csa privacy by design & gdpr austin chambers 11-4-17
byTrish McGinity, CCSK
 
Updating the EU Data Protection Directive
byblogzilla
 
Privacy Discusssion GM667 Saint Mary's University of MN
bySaint Mary's University of Minnesota
 
Polina Zvyagina - Airbnb - Privacy & GDPR Compliance - Stanford Engineering -...
byBurton Lee
 
Keeping our secrets? Shaping Internet technologies for the public good
byblogzilla
 
Designing for Privacy in an Increasingly Public World
byRobert Stribley
 
Ubicomp challenges for privacy law
byblogzilla
 
When Privacy Scales - Intelligent Product Design under GDPR
byAmanda Casari
 

More from blogzilla

PPTX
Regulation and the Internet of Things
byblogzilla
 
PPTX
Introduction to Cybersecurity for Elections
byblogzilla
 
PPT
The Data Retention Directive: recent developments
byblogzilla
 
PDF
Privacy and Data Protection in South Africa
byblogzilla
 
PPTX
Trust in the Cloud
byblogzilla
 
PDF
Interoperability in the Digital Services Act
byblogzilla
 
PDF
Interoperability for SNS competition
byblogzilla
 
PDF
Data science and privacy regulation
byblogzilla
 
PPTX
Where next for encryption regulation?
byblogzilla
 
PPTX
Making effective policy use of academic expertise
byblogzilla
 
PPTX
Trusted government access to private sector data
byblogzilla
 
PPTX
Human rights and the future of surveillance - Lord Anderson QC
byblogzilla
 
PPTX
Global Cyber Security Capacity Centre
byblogzilla
 
PPTX
Lessons for interoperability remedies from UK Open Banking
byblogzilla
 
PPTX
Where next for the Regulation of Investigatory Powers Act?
byblogzilla
 
PPTX
Privacy post-Snowden
byblogzilla
 
PPTX
Transatlantic data flows following the Schrems II judgment
byblogzilla
 
PPTX
Key issues in data protection policy
byblogzilla
 
PPTX
Cyber Essentials for Managers
byblogzilla
 
PPTX
Covid exposure apps in England and Wales
byblogzilla
 
Regulation and the Internet of Things
byblogzilla
 
Introduction to Cybersecurity for Elections
byblogzilla
 
The Data Retention Directive: recent developments
byblogzilla
 
Privacy and Data Protection in South Africa
byblogzilla
 
Trust in the Cloud
byblogzilla
 
Interoperability in the Digital Services Act
byblogzilla
 
Interoperability for SNS competition
byblogzilla
 
Data science and privacy regulation
byblogzilla
 
Where next for encryption regulation?
byblogzilla
 
Making effective policy use of academic expertise
byblogzilla
 
Trusted government access to private sector data
byblogzilla
 
Human rights and the future of surveillance - Lord Anderson QC
byblogzilla
 
Global Cyber Security Capacity Centre
byblogzilla
 
Lessons for interoperability remedies from UK Open Banking
byblogzilla
 
Where next for the Regulation of Investigatory Powers Act?
byblogzilla
 
Privacy post-Snowden
byblogzilla
 
Transatlantic data flows following the Schrems II judgment
byblogzilla
 
Key issues in data protection policy
byblogzilla
 
Cyber Essentials for Managers
byblogzilla
 
Covid exposure apps in England and Wales
byblogzilla
 

Recently uploaded

PPTX
Why Most GenAI Projects Fail to Scale and How to Become One of the Success St...
byEarley Information Science
 
PDF
Security Forum Sessions from Houston 2025 Event
byMark Simos
 
PDF
HCSP-Presales-Campus Network Planning and Design V2.0
byVeronica916344
 
PDF
TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape
byTrustArc
 
PPTX
communication-skills-with-technology tools
byJaleto Sunkemo
 
PDF
Internet_of_Things_IoT_for_Next_Generation_Smart_Systems_Utilizing.pdf
byRoshanSyed12
 
PDF
Workshop on Sustaining & Growing Open Source Communities - GAS2025
bySammy Fung
 
PDF
Access Control 2025: From Security Silo to Software-Defined Ecosystem
byMemoori
 
PDF
What Is a Private LLM and Why Enterprises Need It
byAivada
 
PDF
Data Virtualization in Action: Scaling APIs and Apps with FME
bySafe Software
 
PDF
Fundamentals and Frontiers of Post Quantum Cryptography
byGokul Alex
 
PPTX
Gemini vs ChatGPT : Comparing Top AI Models
byDigicarrom
 
PDF
Is It Possible to Have Wi-Fi Without an Internet Provider
bySidra Jefferi
 
PPTX
Top _HR Technology Trends _for 2026_.pptx
byAutomationEdge Technologies
 
PDF
Lab 1.5 - Sharing Secrets with GPG ~ 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
PDF
Six Shifts For 2026 (And The Next Six Years)
byDavid Armano
 
PDF
Cross-Cultural Agile Development -Challenges and Strategies for Overcoming Them-
byTakashi Makino
 
PPTX
MGw_MRS Benfits seu beficios de redes 4g
byJoaquimBarros18
 
PDF
WCAG Analyzer Tools and Techniques for User-Friendly Websites
byAccessibility Analyzer
 
PPTX
Software Analysis &Design ethiopia chap-2.pptx
byAbbas484771
 
Why Most GenAI Projects Fail to Scale and How to Become One of the Success St...
byEarley Information Science
 
Security Forum Sessions from Houston 2025 Event
byMark Simos
 
HCSP-Presales-Campus Network Planning and Design V2.0
byVeronica916344
 
TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape
byTrustArc
 
communication-skills-with-technology tools
byJaleto Sunkemo
 
Internet_of_Things_IoT_for_Next_Generation_Smart_Systems_Utilizing.pdf
byRoshanSyed12
 
Workshop on Sustaining & Growing Open Source Communities - GAS2025
bySammy Fung
 
Access Control 2025: From Security Silo to Software-Defined Ecosystem
byMemoori
 
What Is a Private LLM and Why Enterprises Need It
byAivada
 
Data Virtualization in Action: Scaling APIs and Apps with FME
bySafe Software
 
Fundamentals and Frontiers of Post Quantum Cryptography
byGokul Alex
 
Gemini vs ChatGPT : Comparing Top AI Models
byDigicarrom
 
Is It Possible to Have Wi-Fi Without an Internet Provider
bySidra Jefferi
 
Top _HR Technology Trends _for 2026_.pptx
byAutomationEdge Technologies
 
Lab 1.5 - Sharing Secrets with GPG ~ 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
Six Shifts For 2026 (And The Next Six Years)
byDavid Armano
 
Cross-Cultural Agile Development -Challenges and Strategies for Overcoming Them-
byTakashi Makino
 
MGw_MRS Benfits seu beficios de redes 4g
byJoaquimBarros18
 
WCAG Analyzer Tools and Techniques for User-Friendly Websites
byAccessibility Analyzer
 
Software Analysis &Design ethiopia chap-2.pptx
byAbbas484771
 

Privacy by design

  • 1.
    Privacy by Design IanBrown, Prof. of Information Security and Privacy Oxford Internet Institute, University of Oxford @IanBrownOII
  • 2.
    Privacy by Designprinciples 1. Proactive not Reactive; Preventative not Remedial 2. Privacy as the Default Setting 3. Privacy Embedded into Design 4. Full Functionality: Positive-Sum, not Zero-Sum 5. End-to-End Security — Full Lifecycle Protection 6. Visibility and Transparency — Keep it Open 7. Respect for User Privacy — Keep it User-Centric Cavoukian et al. (2010)
  • 3.
    32nd International Conferenceof DP and Privacy Commissioners (Jerusalem 2010) 1. Recognize Privacy by Design as an essential component of fundamental privacy protection; 2. Encourage the adoption of Privacy by Design’s Foundational Principles… as guidance to establishing privacy as an organization’s default mode of operation; 3. Invite Data Protection and Privacy Commissioners/Authorities to: a. promote Privacy by Design, as widely as possible through distribution of materials, education and personal advocacy; b. foster the incorporation of the Privacy by Design Foundational Principles in the formulation of privacy policy and legislation within their respective jurisdictions; c. proactively encourage research on Privacy by Design…
  • 4.
    General Data ProtectionRegulation §23: Data protection by design and by default 1. …the controller… shall…implement appropriate and proportionate technical and organisational measures and procedures in such a way that the processing will meet the requirements of this Regulation and ensure the protection of the rights of the data subject… 2. The controller shall ensure that, by default, only those personal data are processed which are necessary for each specific purpose of the processing and are especially not collected, retained or disseminated beyond the minimum necessary for those purposes… COM(2012) 11 final
  • 5.
    European Parliament’s additions •1 … Data protection by design shall have particular regard to the entire lifecycle management of personal data from collection to processing to deletion, systematically focusing on comprehensive procedural safeguards regarding the accuracy, confidentiality, integrity, physical security and deletion of personal data. • 1a In order to foster its widespread implementation in different economic sectors, data protection by design shall be a prerequisite for public procurement tenders
  • 6.
    Privacy system requirements •Purpose limitation (comprising both specification of the purpose and limiting the use to that stated purpose) • Data minimisation • Data quality • Transparency (Openness in OECD terms). • Data subject rights (in terms of consent, and the right to view, erase, and rectify personal data) • The right to be forgotten. • Adequate protection (Security Safeguards in OECD terms). • Data portability • Data breach notifications. • Accountability and (provable) compliance J-H Hoepmann (2014)
  • 7.
    Privacy design strategies StrategyPattern Minimise Select before you collect; anonymisation; pseudonymisation Hide (from all, or third, parties) Encryption, onion routing, anonymous credentials, homomorphic encryption Separate Distributed processing and storage where feasible; split database tables; secure multi-party computation; unlinkability Aggregate Aggregation over time and geography; dynamic location granularity Inform Transparency, data breach notifications, UI design Control Informed consent, UI design Enforce Access control, privacy rights management Demonstrate Privacy rights management, logging J-H Hoepmann (2014)
  • 8.
    “Spy bins” andsmartphones Image: Renew London
  • 9.
    Transport pricing • Monitorall traffic centrally (London), at kerbside (W London) or deduct payment from pay-as-you-go toll cards (Singapore)? On- board unit (Balasch et al. 2010)? Or tax parking spaces? • Link all payment card usage (Oyster) or use unlinkable RFID tokens (Shenzen)? MIT Technology Review (2006)
  • 10.
    Privacy-friendly smart meters •Personal data remains at customer premises under their direct control • Network broadcasts tariff data to meters, which control appliances • Heavily aggregated information used for billing and price comparison Rial and Danezis (2011)
  • 11.
    Location-Based Services • Canwe use features of mobile phone networks to supply anonymous, targeted adverts? H Haddadi, P Hui, T Henderson and I Brown (2010) MobiAd: Private and Scalable Mobile Advertising, ACM International Workshop on Mobility in the Evolving Internet Architecture, Chicago
  • 12.
    Limitations • ENISA expertsidentify: • Fragility/non-composability of privacy properties • Privacy metrics and utility limitations • Increased complexity • Implementation obstacles • Unclear or too narrow interpretation • Utility in Internet of Things and Big Data systems • FTC staff IoT report: “flexible” minimisation: don’t collect data, or unneeded data, or sensitive data; de-identify; or seek consent • Article 29 Working Party: “insists that the data minimisation principle plays an essential role” (Opinion 8/2014) • EDPS: DP must cover “use and collection of data. A differentiation in this regard has never been made in EU data protection law and it has the potential to weaken the protection of fundamental rights.”
  • 13.
    References • J. Balasch,A. Rial, C. Troncoso, C. Geuens, B. Preneel and I. Verbauwhede (2010) PrETP: Privacy-Preserving Electronic Toll Pricing. Usenix Security Symposium, pp. 63-78. • ENISA (2014), Privacy and Data Protection by Design – from policy to engineering. • European Data Protection Supervisor (2015) Value of the EU Data Protection Reform against the Big Data challenges, 5th European Data Protection Days, Berlin. • Federal Trade Commission Staff Report, Internet of Things: Privacy & Security in a Connected World, Jan. 2015. • H. Haddadi, P. Hui and I. Brown (2010) MobiAd: Private and Scalable Mobile Advertising, ACM International Workshop on Mobility in the Evolving Internet Architecture, Chicago. • J.-H. Hoepman (2014) Privacy Design Strategies (extended abstract). ICT Systems Security and Privacy Protection - 29th IFIP TC 11 International Conference, SEC 2014, Marrakech. • A. Rial and G. Danezis (2011) Privacy-Preserving Smart Metering, ACM Workshop on Privacy in the Electronic Society, Chicago.

Editor's Notes

  • #2 http://www.economist.com/news/world-week/21599834-kals-cartoon?fsrc=scn/tw_ec/kals_cartoon
  • #5 Parliament/Council versions: https://edri.org/files/EP_Council_Comparison.pdf
  • #10 http://www.docstoc.com/docs/88760415/PrETP-Privacy-Preserving-Electronic-Toll-Pricing
  • #11 http://research.microsoft.com/en-us/projects/privacy_in_metering/mainwpes.pdf