Abstract

http://ssrn.com/abstract=2128146
 
 

Citations (1)



 


 



Privacy by Design: A Counterfactual Analysis of Google and Facebook Privacy Incidents


Ira Rubinstein


New York University (NYU) - Information Law Institut

Nathan Good


Good Research

August 11, 2012

28 Berkeley Technology Law Journal 1333 (2013)
NYU School of Law, Public Law Research Paper No. 12-43

Abstract:     
Regulators here and abroad have embraced “privacy by design” as a critical element of their ongoing revision of current privacy laws. The underlying idea is to “build in” privacy (in the form of Fair Information Practices or FIPs) when creating software products and services. But FIPs are not self-executing. Rather, privacy by design requires the translation of FIPs into engineering and usability principles and practices. The best way to ensure that software includes the broad goals of privacy as described in the FIPs and any related corporate privacy guidelines is by including it in the definition of software “requirements.” And a main component of making a specification or requirement for software design is to make it concrete, specific and preferably associated with a metric. Equally important is developing software interfaces and other visual elements that are focused around end-user goals, needs, wants and constraints.

The Article offers the first comprehensive analysis of engineering and usability principles specifically relevant to privacy. Based on the relevant technical literature, it derives a small number of relevant principles and illustrates them by reference to ten recent privacy incidents involving Google and Facebook.

The Article concludes that all ten privacy incidents might have been avoided by the application of these privacy engineering and usability principles. Further, we suggest that the main challenge to effective privacy by design is not the lack of design guidelines. Rather, it is that business concerns often compete with and overshadow privacy concerns. Hence the solution lies in providing firms with much clearer guidance about applicable design principles and how best to incorporate them into their software development processes. Greater guidance is also needed for how to balance privacy with business interests, and there must be oversight mechanisms as well.

Number of Pages in PDF File: 83

Keywords: Privacy, privacy by design, fair information practices, usability

Accepted Paper Series





Download This Paper

Date posted: August 12, 2012 ; Last revised: February 21, 2014

Suggested Citation

Rubinstein, Ira and Good, Nathan, Privacy by Design: A Counterfactual Analysis of Google and Facebook Privacy Incidents (August 11, 2012). 28 Berkeley Technology Law Journal 1333 (2013); NYU School of Law, Public Law Research Paper No. 12-43. Available at SSRN: http://ssrn.com/abstract=2128146 or http://dx.doi.org/10.2139/ssrn.2128146

Contact Information

Ira Rubinstein (Contact Author)
New York University (NYU) - Information Law Institut ( email )
40 Washington Square South
New York, NY 10012-1301
United States
Nathan Good
Good Research ( email )
828 San Pablo Ave
Suite 120D
ALBANY, CA CA 94706
United States
Feedback to SSRN


Paper statistics
Abstract Views: 4,030
Downloads: 832
Download Rank: 15,333
Citations:  1

© 2014 Social Science Electronic Publishing, Inc. All Rights Reserved.  FAQ   Terms of Use   Privacy Policy   Copyright   Contact Us
This page was processed by apollo1 in 0.391 seconds