Privacy Mindset, Technological Mindset

71 Pages Posted: 26 Jul 2014 Last revised: 21 Jul 2015

See all articles by Michael Birnhack

Michael Birnhack

Tel Aviv University - Buchmann Faculty of Law

Eran Toch

Tel Aviv University - Department of Industrial Engineering

Irit Hadar

University of Haifa - Information Systems Department

Date Written: July 25, 2014


Policymakers around the world constantly search for new tools to address growing concerns as to informational privacy (data protection). One solution that has gained support in recent years among policy makers is Privacy by Design (PbD). The idea is simple: think of privacy ex ante, and embed privacy within the design of a new technological system, rather than try to fix it ex post, when it is often too late. However, PbD is yet to gain an active role in engineering practices. Thus far, there are only a few success stories.

We argue that a major obstacle for PbD is the discursive and conceptual gap between law and technology. A better diagnosis of the gaps between the legal and technological perceptions of privacy is a crucial step in seeking viable solutions. We juxtapose the two fields by reading each field in terms of the other field. We reverse engineer the law, so as to expose its hidden assumptions about technology (the law’s technological mindset), and we read canonical technological texts, so as to expose their hidden assumptions about privacy (technology’s privacy mindset). Our focus is on one set of informational privacy practices: the large corporation that collects data from individual data subjects.

This dual reverse engineering indicates substantial gaps between the legal perception of informational privacy, as reflected in the set of principles commonly known as Fair Information Privacy Principles (FIPPs) and the perceptions of the engineering community. While both information technology and privacy law attempt to regulate the flow of data, they do so in utterly different ways, holding different goals and applying different constraints. The gaps between law and technology point to potential avenues to save PbD.

Keywords: privacy, informational privacy, data protection, privacy by design, big data, organizational privacy climate, engineering

Suggested Citation

Birnhack, Michael D. and Toch, Eran and Hadar, Irit, Privacy Mindset, Technological Mindset (July 25, 2014). 55 Jurimetrics 55-114 (2014). Available at SSRN: or

Michael D. Birnhack (Contact Author)

Tel Aviv University - Buchmann Faculty of Law ( email )

Ramat Aviv
Tel Aviv 69978, IL
+972-3-640-6623 (Phone)

Eran Toch

Tel Aviv University - Department of Industrial Engineering ( email )

Tel Aviv 6997801

Irit Hadar

University of Haifa - Information Systems Department ( email )

Mount Carmel
Haifa, 31905

Register to save articles to
your library


Paper statistics

Abstract Views