Top

Published in:

2018 | OriginalPaper | Chapter

2. Start with Privacy by Design in All Big Data Applications

Authors : Ann Cavoukian, Michelle Chibba

Published in: Guide to Big Data Applications

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

The term “Big Data” is used to describe a universe of very large datasets that hold a variety of data types. This has spawned a new generation of information architectures and applications to facilitate the fast processing speeds and the visualization needed to analyze and extract value from these extremely large sets of data, using distributed platforms. While not all data in Big Data applications will be personally identifiable, when this is the case, privacy interests arise. To be clear, privacy requirements are not obstacles to innovation or to realizing societal benefits from Big Data analytics—in fact, they can actually foster innovation and doubly-enabling, win–win outcomes. This is achieved by taking a Privacy by Design approach to Big Data applications. This chapter begins by defining information privacy, then it will provide an overview of the privacy risks associated with Big Data applications. Finally, the authors will discuss Privacy by Design as an international framework for privacy, then provide guidance on using the Privacy by Design Framework and the 7 Foundational Principles, to achieve both innovation and privacy—not one at the expense of the other.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter Strategic Applications of Big Data

next chapter Privacy Preserving Federated Big Data Analysis

NIST (2015) defines ‘pseudonymization’ as a specific kind of transformation in which the names and other information that directly identifies an individual are replaced with pseudonyms. Pseudonymization allows linking information belonging to an individual across multiple data records or information systems, provided that all direct identifiers are systematically pseudonymized. Pseudonymization can be readily reversed if the entity that performed the pseudonymization retains a table linking the original identities to the pseudonyms, or if the substitution is performed using an algorithm for which the parameters are known or can be discovered.

There are many government Open Data initiatives such as U.S. Government’s Open Data at www.data.gov; Canadian Government’s Open Data at http://open.canada.ca/en/open-data; UN Data at http://data.un.org/; EU Open Data Portal at https://data.europa.eu/euodp/en/data/. This is just a sample of the many Open Data sources around the world.

In news media an echo chamber is a metaphorical description of a situation in which information, ideas, or beliefs are amplified or reinforced by transmission and repetition inside an “enclosed” system, where different or competing views are censored, disallowed, or otherwise underrepresented. The term is by analogy with an acoustic echo chamber, where sounds reverberate.

Article 29 Data protection working party (2013). Opinion 03/2013 on purpose limitation. http://ec.europa.eu/justice/data-protection/index_en.htm. Accessed 2 August 2016.

Blum, A., Ligett, K., Roth, A. (2008). A learning theory approach to non-interactive database privacy. In Proceedings of the 40th ACM SIGACT Symposium on Theory of Computing (pp. 609–618).

Cameron, K. (2013). Afterword. In M. Hildebrandt et al. (Eds.), Digital Enlightenment Yearbook 2013. Amsterdam: IOS Press.

Cavoukian, A. (2009). Privacy and government 2.0: the implications of an open world. http://www.ontla.on.ca/library/repository/mon/23006/293152.pdf. Accessed 22 November 2016.

Cavoukian, A. (2011). Privacy by Design: The 7 Foundational Principles. Ontario: IPC.

Cavoukian, A. (2013a). A Primer on Metadata: Separating Fact from Fiction. Ontario: IPC. http://www.ipc.on.ca/images/Resources/metadata.pdf.

Cavoukian, A. (2013b). Privacy by design: leadership, methods, and results. In S. Gutwirth, R. Leenes, P. de Hert, & Y. Poullet (Eds.), Chapter in European Data Protection: Coming of Age (pp. 175–202). Dordrecht: Springer Science & Business Media Dordrecht.CrossRef

Cavoukian, A., & Cameron, K. (2011). Wi-Fi Positioning Systems: Beware of Unintended Cosnequences: Issues Involving Unforeseen Uses of Pre-Existing Architecture. Ontario: IPC.

Cavoukian, A., & El Emam. (2014). De-identification Protocols: Essential for Protecting Privacy, Ontario: IPC.

Cavoukian, A., & Jonas, J. (2012). Privacy by Design in the Age of Big Data. Ontario: IPC.

Cavoukian, A., & Weiss, J.B. (2012). Privacy by Design and User Interfaces: Emerging Design Criteria—Keep it User-Centric. Ontario: IPC.

Cavoukian, A., Bansal, N., & Koudas, N. (2014a). Building Privacy into Mobile Location Analytics (MLA) through Privacy by Design. Ontario: IPC.

Cavoukian, A., Dix, A., & El Emam, K. (2014b). The Unintended Consequences of Privacy Paternalism. Ontario: IPC.

Clarke, R. (2000). Beyond OECD guidelines; privacy protection for the 21st century. Xamax Consultancy Pty Ltd. http://www.rogerclarke.com/DV/PP21C.html. Accessed 22 November 2016.

CNW (2010). Landmark resolution passed to preserve the future of privacy. Press Release. Toronto, ON, Canada. http://www.newswire.ca/news-releases/landmark-resolution-passed-to-preserve-the-future-of-privacy-546018632.html. Accessed 22 November 2016.

Cukier, K., & Mayer-Schonberger, V. (2013). The dictatorship of data. MIT Technology Review. https://www.technologyreview.com/s/514591/the-dictatorship-of-data/. Accessed 22 November 2016.

Damiani, M. L. (2013). Privacy enhancing techniques for the protection of mobility patterns in LBS: research issues and trends. In S. Gutwirth, R. Leenes, P. de Hert, & Y. Poullet (Eds.), Chapter in european data protection: coming of age (pp. 223–238). Dordrecht: Springer Science & Business Media Dordrecht.CrossRef

Department of Commerce (US DOC) (2016). EU-U.S. privacy shield fact sheet. Office of public affairs, US department of commerce. https://www.commerce.gov/news/fact-sheets/2016/02/eu-us-privacy-shield. Accessed 22 November 2016.

Dwork, C. (2006). Differential privacy. In Proceedings of the 33rd International Colloquium on Automata, Languages and Programming (ICALP) (Vol. 2, pp. 1–12).

Dwork, C. (2014). Differential privacy: a cryptographic approach to private data analysis. In J. Lane, V. Stodden, S. Bender, & H. Nissenbaum (Eds.), Privacy, big data, and the public good: Frameworks for engagement. New York: Cambridge University Press.

El Emam, K. (2013a). Benefiting from big data while protecting privacy. In K. El Emam (Ed.), Chapter in risky business: sharing health data while protecting privacy. Bloomington, IN: Trafford Publishing.

El Emam, K. (2013b). In K. El Emam (Ed.), Who’s afraid of big data? chapter in risky business: Sharing health data while protecting privacy. Bloomington, IN, USA: Trafford Publishing.

El Emam, K., Buckeridge, D., Tamblyn, R., Neisa, A., Jonker, E., & Verma, A. (2011). The re-identification risk of Canadians from longitudinal demographics. BMC Medical Informatics and Decision Making, 11:46. http://bmcmedinformdecismak.biomedcentral.com/articles/10.1186/1472-6947-11-46. Accessed 22 November 2016.

ENISA. (2015). Privacy by design in big data: An overview of privacy enhancing technologies in the era of big data analytics. www.enisa.europa.eu. Accessed 22 November 2016.

EPIC (n.d.). Website: https://epic.org/privacy/consumer/code_fair_info.html. Accessed 22 November 2016.

EU Commission (2012). Fact sheet on the right to be forgotten. http://ec.europa.eu/justice/data-protection/files/factsheets/factsheet_data_protection_en.pdf. Accessed 22 November 2016.

EU Commission (2015). Fact sheet—questions and answers—data protection reform. Brussels. http://europa.eu/rapid/press-release_MEMO-15-6385_en.htm. Accessed 4 November 2016.

EU Commission (2016). The EU data protection reform and big data factsheet. http://ec.europa.eu/justice/data-protection/files/data-protection-big-data_factsheet_web_en.pdf. Accessed 22 November 2016.

EU Commission (2016b). EU-U.S. Privacy Shield Fact Sheet. Department of Justice. July 2016. http://ec.europa.eu/justice/data-protection/files/factsheets/factsheet_eu-us_privacy_shield_en.pdf. Accessed 22 November 2016.

Fogarty, D., & Bell, P. C. (2014). Should you outsource analytics? MIT Sloan Management Review, 55(2), Winter.

FTC (2012). Protecting consumer privacy in an era of rapid change: Recommendations for businesses and policymakers. https://www.ftc.gov/sites/default/files/documents/reports/federal-trade-commission-report-protecting-consumer-privacy-era-rapid-change-recommendations/120326privacyreport.pdf Accessed August 2016.

FTC (2016). Big data: A tool for inclusion or exclusion? Understanding the Issues. https://www.ftc.gov/system/files/documents/reports/big-data-tool-inclusion-or-exclusion-understanding-issues/160106big-data-rpt.pdf. Accessed 23 November 2016.

Gürses, S.F. Troncoso, C., & Diaz, C. (2011). Engineering privacy by design, Computers, Privacy & Data Protection. http://www.cosic.esat.kuleuven.be/publications/article-1542.pdf. Accessed 19 November 2016.

Harris, M. (2015). Recap of covington’s privacy by design workshop. inside privacy: updates on developments in data privacy and cybsersecurity. Covington & Burlington LLP, U.S. https://www.insideprivacy.com/united-states/recap-of-covingtons-privacy-by-design-workshop/. Accessed 19 November 2016.

HHS (2012). Guidance regarding methods for de-identification of protected health information in accordance with the health insurance portability and accountability act (HIPPA) privacy rule. http://www.hhs.gov/hipaa/for-professionals/privacy/special-topics/de-identification/index.html. Accessed 2 August 2016.

Information Commissioner’s Office (ICO) (2013). Privacy in Mobile Apps: Guide for app developers. https://ico.org.uk/media/for-organisations/documents/1596/privacy-in-mobile-apps-dp-guidance.pdf Accessed 22 November 2016.

Innes, J. (2013). Realizing the promise of open data: an example of the canadian discharge abstract database. In K. El Emam (Ed.), Chapter in Risky Business: Sharing Health Data While Protecting Privacy. Bloomington, IN, USA: Trafford Publishing.

International Working Group on Data Protection in Telecommunications (IWGDPT) (2004) Common position on privacy and location information in mobile communications services. https://datenschutz-berlin.de/content/europa-international/international-working-group-on-data-protection-in-telecommunications-iwgdpt/working-papers-and-common-positions-adopted-by-the-working-group. Accessed 22 November 2016.

International Working Group on Data Protection in Telecommunications (IWGDPT) (2014). Working Paper on Big Data and Privacy: Privacy principles under pressure in the age of Big Data analytics. 55th Meeting. https://datenschutz-berlin.de/content/europa-international/international-working-group-on-data-protection-in-telecommunications-iwgdpt/working-papers-and-common-positions-adopted-by-the-working-group. Accessed 22 November 2016.

Lane, J., et al. (2014). Privacy, big data and the public good: frameworks for engagement. Cambridge: Cambridge University Press.CrossRef

Lindell, Y., & Pinkas, B. (2002). Privacy preserving data mining. Journal of Cryptology, 15, 177–206. International Association for Cryptologic Research.MathSciNetCrossRefMATH

Lomas, N. (2015). Europe’s top court strikes down safe Harbor data-transfer agreement with U.S. Techcrunch. https://techcrunch.com/2015/10/06/europes-top-court-strikes-down-safe-harbor-data-transfer-agreement-with-u-s/. Accessed 22 November 2016.

Mayer, J., Mutchler, P., & Mitchell, J. C. (2016). Evaluating the privacy properties of telephone metadata. Proceedings of the National Academies of Science, U S A, 113(20), 5536–5541.CrossRef

Monreale, A., Rinzivillo, S., Pratesi, F., Giannotti, F., & Pedreschi, D. (2014). Privacy-by-design in big data analytics and social mining. EPJ Data Science, 3(1), 1–26. 10.1140/epjds/s13688-014-0010-4. Accessed 22 November 2016.

NIST. (2010). Guide to protecting the confidentiality of personally identifiable information (PII). NIST special publication 800–122. Gaithersburg, MD: Computer Science Division.

NIST (2015). De-identification of Personal Information. NISTR 8053. This publication is available free of charge from: 10.6028/NIST.IR.8053. Accessed 19 November 2016.

Official Journal of the European Union (2016). Regulation (EU) 2016/679 Of The European Parliament and of the Council. http://ec.europa.eu/justice/data-protection/reform/files/regulation_oj_en.pdf. Accessed 19 November 2016.

Quattrociocchi, W. Scala, A., & Sunstein, C.R. (2016) Echo Chambers on Facebook. Preliminary draft, not yet published. Available at: http://ssrn.com/abstract=2795110. Accessed 19 November 2016.

Richards, N. M., & King, J. H. (2013). Big data Ethics. Wake Forest Law Review, 49, 393–433.

Ritter, D. (2014). When to Act on a correlation, and when Not To. Harvard Business Review. https://hbr.org/2014/03/when-to-act-on-a-correlation-and-when-not-to. Accessed 19 November 2016.

Singer, N. (2011). The trouble with the echo chamber online. New York Times online. http://www.nytimes.com/2011/05/29/technology/29stream.html?_r=0. Accessed 19 November 2016.

Solove, D. J. (2007). I’ve got nothing to hide’ and other misunderstandings of privacy. San Diego Law Review, 44, 745.

Solove, D. (2014). Why did in bloom die? A hard lesson about education privacy. Privacy + Security Blog. TeachPrivacy. Accessed 4 Aug 2016. https://www.teachprivacy.com/inbloom-die-hard-lesson-education-privacy/

Sweeney, L. (2013) Discrimination in online ad delivery. http://dataprivacylab.org/projects/onlineads/1071-1.pdf. Accessed 22 November 2016.

Tene, O., & Polonetsky, J. (2013). Big data for all: Privacy and user control in the age of analytics. New Journal of Technology and Intellectual Property, 11(5), 239–272.

Thaler, J., Ullman, J., & Vadhan, S. (2010). PCPs and the hardness of generating synthetic data. Electronic Colloquium on Computational Complexity, Technical Report, TR10–TR07.

TRUSTe/NCSA (2016). Consumer privacy infographic—US Edition. https://www.truste.com/resources/privacy-research/ncsa-consumer-privacy-index-us/. Accessed 4 November 2016.

Turow, J., Feldman, L, & Meltzer, K. (2015). Open to exploitation: american shoppers online and offline. A report from the Annenberg Public Policy Center of the University of Pennsylvania. http://www.annenbergpublicpolicycenter.org/open-to-exploitation-american-shoppers-online-and-offline/. Accessed 22 November 2016.

United Nations General Assembly (2016). Resolution adopted by the General Assembly. The right to privacy in the digital age (68/167). http://www.un.org/ga/search/view_doc.asp?symbol=A/RES/68/167. Accessed 4 November 2016.

Zhang, Y., Chen, Q., & Zhong, S. (2016). Privacy-preserving data aggregation in mobile phone sensing. Information Forensics and Security IEEE Transactions on, 11, 980–992.CrossRef

Title: Start with Privacy by Design in All Big Data Applications
Authors: Ann Cavoukian
Michelle Chibba
Publisher: Springer International Publishing
Book: Guide to Big Data Applications
Print ISBN: 978-3-319-53816-7

Electronic ISBN: 978-3-319-53817-4

Copyright Year: 2018
DOI: https://doi.org/10.1007/978-3-319-53817-4_2

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"