Privacy by Design

Regulators, academics and industry have called for privacy-by-design as a way to address growing privacy concerns with rapidly developing technology. The public and private sector are responding — hiring privacy engineers to join the ranks of privacy-oriented professionals, often working under the guidance of a chief privacy officer. Yet, implementing concepts of privacy through design is an open challenge and research area. There is a limited, disparate, and fragmented body of research affirmatively positioned as privacy-by-design.

There is a need for a broader research vision that frames and explores the problem at the conceptual, engineering, design, operational, and organizational levels. A broader vision will allow researchers from various disciplines to interact and collaborate to develop solutions that address practical privacy needs.

Four workshops will be aimed at identifying a shared research vision to support the practice of privacy-by-design. They will convene both practitioners with direct experience of the challenges in implementing privacy-by-design from a range of fields—software developers, privacy engineers, usability and interaction designers, chief privacy officers—and researchers from an equally broad range of disciplines.

The goals for the four workshops include:

  • To take stock of the methods, tools, and approaches currently used to design for privacy. 
  • Broaden the lens through which privacy-by-design is viewed by the research community—positioning technical design along side theoretical/conceptual, organizational, and regulatory design questions. 
  • Begin the process of building an interdisciplinary community of researchers to develop broader theoretical foundations, systematic approaches, as well as organizational and regulatory models for supporting the practice of privacy-by-design. 

WORKSHOP #1

Name: State of Research and Practice

Date: February 5-6, 2015
Location: Berkeley, CA

Participant Lightning Slides

Workshop References 

Workshop Agenda

The following are slides from the workshop. 

Welcome (Ann Drobnis and Susan Graham)

Background for Concepts of Privacy Exercise (Deirdre Mulligan and Helen Nissenbaum)

Case Study Breakouts

215/NSA Case Study (Travis Breaux)
Tesla (Nick Doty)
Tesla Tussle (Mike Berger)
License Plate Readers (Susan Graham)

Review of Privacy Concepts in CS Research (Seda Gurses)

Definitions and Approaches from CS (Jeannette Wing, Anupam Datta, Michael Carl Tschantz) 

Contextual Integrity and Values in Design (Helen Nissenbaum)

Privacy Taxonomies and Analytics (Deirdre Mulligan and Colin Koopman) 

Intel (Jonathan Fox) 

NITRD (Tomas Vagoun) 

Department of Transportation (Ed Fok)

Case Study Breakouts

Group #1 (Joseph Hall)
Group #2 (Ira Rubinstein)
Group #3 (Nicole Ozer)
Group #4 (Deirdre Mulligan)

Internet Standards (Alissa Cooper)

NIST (Sean Brooks) 

Relationship between Privacy by Design, Compliance, & Risk Management (Peter Swire)

ENISE (Jaap-Henk Hoepman)

 

 
WORKSHOP #2

Name: Privacy Enabling Design

Date: May 7-8, 2015
Location: Atlanta, GA 
Hotel: Georgia Tech Hotel and Conference Center 

Workshop Agenda

Participant Lightning Slides

The following are slides from the workshop. 

Session 3: Privacy Case Studies and Commentaries

Liana Leahy, MeYouHealth

Aislinn Grigas, Mozilla

Session 4: HCI Applied to Privacy

Keith Edwards, Georgia Tech

Alfred Kobsa, UC Irvine

Day 2 Ideas

Peter Swire 

Session 7: Creepy vs. Delight

Torrey Podmajersky, Microsoft

Session 8: Designing for the Pubic's Privacy

John Yuda, 18F

Jennifer Ehlers, 18F

 
WORKSHOP #3

Name: Engineering Privacy

Date: August 31-September 1, 2015
Location: Pittsburgh, PA 
Hotel: Omni William Penn Hotel

Workshop Agenda

This workshop will survey emerging challenges in engineering privacy from applications of cryptographic protocols and privacy-preserving databases, to formal notations and programming languages in identity management, de-identification, and software specification. This survey will review known challenges, such as understanding privacy policies (e.g., privacy laws in regulated sectors like healthcare and finance; privacy promises in self-regulated sectors like Web services) in computational terms so that tools can be developed to help with their enforcement, which includes conflicts introduced by cross-references from one legal text to another, difficulties reflecting use based models, modeling business process’ compliance with the law; and policy weaknesses exposed by computer scientists that limit the utility of translation for privacy protection (e.g., the atomic view of information types that ignores statistical correlations leading to weak de-identification requirements and ineffective approaches to privacy-preserving big data analytics). The workshop will raise awareness of how well these results address the concepts and open problems identified in workshop #2, as well as serve to identify open research questions.

The Computing Community Consortium (CCC) will cover travel expenses for all participants who desire it. Please make your hotel reservations (as indicated on your registration) and your own travel arrangements to get to the workshop, including purchasing airline tickets. Following the symposium, CCC will circulate a reimbursement form that participants will need to complete and submit, along with copies of receipts for amounts exceeding $75.

In general, standard Federal travel policies apply: CCC will reimburse for non-refundable economy airfare on U.S. Flag carriers; per diem amounts will be enforced; and no alcohol will be covered.

For more information on Federal reimbursement guidelines, please follow the links below: 
General Travel
International Travel

Additional questions about the reimbursement policy should be directed to Ann Drobnis, CCC Director (adrobnis [at] cra.org).

 

WORKSHOP #4

Name: Regulation as Catalyst

Date: TBD
Location: TBD
Hotel: TBD

This workshop will review the lessons learned from workshops #1-3 and examine how existing regulatory models, along with other factors, shape organizations’ understanding of privacy problems, approaches, and solutions.  Building on workshop-generated insights on the strengths and limitations of current approaches—in terms of concepts, incentives, actors—the workshop will consider how well regulatory models respond to privacy-by-design challenges, and identify open research questions. A goal of the overall project is to broaden the lens through which privacy-by-design is viewed by the research community—positioning technical design along side theoretical/conceptual, organizational, and regulatory design questions. Building on insights from earlier workshops we will identify open research questions about the relationship between regulatory form and other external and internal features of the privacy field, and the expression of privacy in firm practice. 

The Computing Community Consortium (CCC) will cover travel expenses for all participants who desire it. The CCC will make hotel reservations (as indicated on your registration) at the workshop hotel.  Participants will be asked to make their own travel arrangements to get to the workshop, including purchasing airline tickets. Following the symposium, CCC will circulate a reimbursement form that participants will need to complete and submit, along with copies of receipts for amounts exceeding $75.

In general, standard Federal travel policies apply: CCC will reimburse for non-refundable economy airfare on U.S. Flag carriers; per diem amounts will be enforced; and no alcohol will be covered.

For more information on Federal reimbursement guidelines, please follow the links below: 
General Travel
International Travel

Additional questions about the reimbursement policy should be directed to Ann Drobnis, CCC Director (adrobnis [at] cra.org).

 
ORGANIZING COMMITTEE

Deirdre K. Mulligan (Chair) University of California, Berkeley

Annie Antón Georgia Institute of Technology

Ken Bamberger University of California, Berkeley

Travis Breaux Carnegie Mellon University

Nathan Good Good Research

Susan Graham University of California, Berkeley and the Computing Community Consortium

Susan Landau Worcester Polytechnic Institute

Helen Nissenbaum New York University

Fred Schneider Cornell University

Peter Swire Georgia Institute of Technology

Ira Rubinstein New York University

Ann Drobnis Computing Community Consortium Director

 
WORKSHOP REPORTS

Privacy by Design Workshop 1 Report

 

Privacy by Design Workshop 2 Report