![]() | This article is rated C-class on Wikipedia's
content assessment scale. It is of interest to the following WikiProjects: | ||||||||||||||||||||||||||||||||||||||||||||||||
|
This section doesn't make sense. It doesn't seem to actually describe what it says it does, and in fact reads a lot like the marketing material found on Ann Cavoukian's own page. See Talk:Ann Cavoukian#Changes made by 38.112.93.138. I don't want to remove it, because it might actually be useful, but not in its current form. - 69.196.184.175 ( talk) 21:35, 24 January 2014 (UTC)
The usefulness is probably in the notion that PbD does not work if it comes down to only applying ICT measures, but that it should address comprehensive measures in a range of aspects of an organisation, product or system life cycle. But that's not what it says now. Jrest ( talk) 16:06, 26 January 2014 (UTC)
Should this be three areas/spheres of application? Emergentchaos ( talk) 17:16, 26 January 2014 (UTC)
If "this" refers to "organisation, product or system life cycle": I am not sure the point is to make it three of anything. In our paper [1] we present a more generic set of Privacy Design patterns that may be the start of a more complete set:
This list is not complete or definitive in any way. It just serves now to illustrate that there may be more to it then currently is described. — Preceding unsigned comment added by Jrest ( talk • contribs) 20:38, 26 January 2014 (UTC)
References
Bad english - 'designing so data don't need protection' s.b. doesn't not don't Sweedj ( talk) 09:55, 20 April 2017 (UTC) Changed - but IMHO data is plural, so I would suggest it is changing something that was correct Sjewiki22 ( talk) 10:15, 20 April 2017 (UTC)
The general structure of this article is difficult to determine because the concept has different meanings in different contexts (e.g. Canada vs USA vs EU) and because there is not even documented consensus on a greatest common denominator of the meaning. Jrest ( talk) 16:06, 26 January 2014 (UTC)
Many parties -me included- may be biased because the concept is part of active research and policy development. An example of this bias is the tendency of North American legislation to let business themselves work out what this concept should mean (evolutionary approach) while EU tends to take a more regulatory approach, although this has not yet instantiated in this case. Jrest ( talk) 16:06, 26 January 2014 (UTC)
I have cleaned up the article to bring it in line with the Wikipedia:Manual of Style, and specifically WP:BOLDFACE and Wikipedia:Manual of Style/Capital letters. Ground Zero | t 12:26, 15 May 2014 (UTC)
The section on the seven foundational principles is copied in whole from Ann Cavoukian's website (which is credited, although it is not made explicit that what follows is a direct copy-paste job). The amount of information is superfluous and the tone of the text is too "infomercially" for an encyclopedia. Unless someone edits this section to make in more neutral in tone (and cite it correctly if still necessary), I will delete at least the seven descriptions. Gerard RvE ( talk) 12:34, 21 May 2014 (UTC)
Per WP:COPYVIO, I have removed this text and more that had been copied from privacybydesign.ca. Ground Zero | t 16:58, 24 June 2014 (UTC)
The article as is uses van Rest et al.'s criticism of privacy by design. But in fact, this article does criticise the EUs minimal definition of privacy by design and not the approach carried out by Ann Cavoukian. In fact, in their extended definition they propose to implement the seven foundational principles. Does anyone else see this contradiction? If I get some feedback, I may edit this paragraph, but I want to have at least one other opinion on that. — Preceding unsigned comment added by Kraeuterp ( talk • contribs) 08:18, 9 January 2015 (UTC)
I have some comments to improve on the technical correctness of this article. The article mentions DHCP being a protocol being a good example of privacy by design. This is completely untrue. DHCP servers and protocol require and rely on the Ethernet MAC address which is provided by each client on the network. The Ethernet MAC address is an identifiable address that can be used to track each client and thus removes all possible privacy you might have expected from DHCP providing you with a dynamic IP address. In fact most DHCP servers have options that allow for the IP address assigned by be persistent across sessions (after they expire, they renew and provide the same address to the client) because some operating systems get confused and have issues with too many different addresses. IMHO as an IT expert and engineer, DHCP is a very bad example to use as privacy by design. I think you should consider removing this as an example. Thanks!
Let me provide further details... you go to the computer store to purchase a computer. That computer has a serial number on it which retailers and manufacturers record for warranty purposes. And you purchase the computer (easiest with a credit card) your name and contact details are provided automatically (or provided also through the warranty registration). You go home and plugin the computer, and if you think you are expecting privacy because you use DHCP to connect to the internet (through your ISP), you're wrong. Even if some how you escape providing your contact details at the time of purchase or warranty registration, the NSA will simply associate any LOGIN to any account that you do with your MAC address and various mappings of dynamically assigned IP addresses, you are still fully traceable on the internet from these points. The entirety of the network protocol stacks from top to bottom was not designed with privacy by design in mind, so you can not use any networking protocol as an example because it is not compliant to the requirements of privacy by design.
The Above Criticism on DHCP is non-scientific as its critique refers to persistent MAC and not DHCP itself. DHCP in itself does not require any persistent MAC, only that the device in question establish means to authenticate a session which could be based 100% on identifiers created for the session. Sjewiki22 ( talk) 06:26, 7 December 2017 (UTC)
Another problem with privacy by design is that it also conflicts with security requirements. IMHO, you can not have both, either you have privacy, or you have security, but you can not fully realize both because they conflict with each other. IMHO, security is more important than privacy (even though I am personally a very huge advocate for privacy) because there are always a few bad apples out there (bad persons) who undertake causing problems for everyone. It is utopian to think that you can live without security in this world, it is just not possible. So unfortunately have to give up a bit of privacy in order to ensure security. That is just the way the world works unfortunately. Thanks!
This is unfounded statements based on a false dichotomy. There is no reason in general to assume a trade-of between security (of all) and privacy (security of one). On the contrary, security of an ICT system depends on each external stakeholder being secure EVEN IF the ICT system security is circumvented. In fault-tolerant system design, you assume such deliberate or accidental failure to occur and design in order NOT to trust intended security and only rely on actual ability to revoke and recover when such failure occur. Sjewiki22 ( talk) 06:31, 7 December 2017 (UTC)
This section is unprecise and as such nonenforceable lacking the necessary scientific rigor for Wikipedia. The problem clearly show itself in the examples that ALL can be characterized by obivous security vulnerabilities leaking personal data. Applying the term "Privacy by Design" is as such not scientific, but merely what looks like a product or personal "brand" for someone that wants to claim or be associated with positive terminology.
Either unambiguous clarification need to be made or the article as such should be deleted.
One could apply strict and concise validations criteria.
If Privacy can be defined as Security (absence of risk) for one Citizen, then Privacy by Design in digital terms can be defined as enabling services without creating personal data, i.e. without creating risk to the citizens of secondary use.
Such a definition would be consistent with the 2003 EU Workshop on Privacy Enhancing Technologies, where the separation between "Privacy friendly" and "Privacy Enhancing" exactly broke over the creation of personal data/transfer of control over secondary data usage. [[ [1]|Slide 3]] Sjewiki22 ( talk) 10:43, 22 November 2016 (UTC)
Tried, but honestly, the entire article should be re-written focusing on clear definitions, case examples (e.g. GPS, radio broadcast, cash, etc.) and problemsolving principles and technologies instead of personal promotion and false marketing-claims Sjewiki22 ( talk) 15:24, 5 December 2016 (UTC)
Yes, this is a notable topic however the entire thing is written exclusively to use and promote a single author's point of view on the subject. There is no way to remove the promotionalism because nearly all of the sources are this person's work. WP:TNT Jbh Talk 15:42, 5 December 2016 (UTC)
This page is not unambiguously promotional, because... (your reason here) -- 2620:149:6:1007:C420:3639:E0D:1582 ( talk) 17:06, 5 December 2016 (UTC)
After being directed here by a google search, I found this page useful because it contains details not only about a book by Ann Cavoukian but also criticisms of it. The page is larger than the book itself because it's shedding light on an important piece of work in the privacy space, with arguments both for and against the work. Definitely not unambiguously promotional.
The statement 'may have been derived from this' seems to be contextless. Sweedj ( talk) 09:46, 20 April 2017 (UTC)
Better now? Sjewiki22 ( talk) 10:08, 20 April 2017 (UTC)
This article and term clearly is subject to attempts to capture the term for personal promotion and/or reduce the term to have no scientific meaning ("best effort" or "data protection by design").
The latest edit was a clear example of such as it introduced major changes towards the later with no justification.
I suggest a) To restructure the article so people having contributed to the field of Privacy Enhancing Technologies can be properly attributed
People like David Chaum, later e.g. Stefan Brands, Jan Camenish and even the RSA (Ron Rivest etc.) deserve a lot more credit that some DP-people trying to claim the right to capture the field without providing solutions or adding scientifically.
b) To introduce a scale to differentiate between Privacy by Design and mere Privacy Friendly or best intention This was the exact same discussion we had in 2004 as part of the EU Workshop on the same topic where interests tried to define policies by undermining terminology to not include security from citizen perspective. [1]
This article is heavily problematic. It has no clear structure; it has extremely partial views towards the particular conception of privacy by design as Privacy-enhancing technologies, which is not in line with legal nor academic consensus. Attempts to clarify legal inaccuracies in the article are being reversed by a single editor: the GDPR for example does not mention 'privacy by design' at all, but data protection by design, which is not the same as privacy enhancing technologies.
The article is regularly updated with commercial interests such as courses, and namedropping of particular individuals who are not clearly involved in the development of the concepts. At best, the vast majority of individuals named should have resources cited, not their names placed into the article.
Data protection by design is a separate area from privacy by design. There is a separate page for Privacy Enhancing Technologies which should be cited and developed in, and most PETs related areas should be developed on that page not on this one. The editor making the majority of the changes here is claiming that anything that is not "providing solutions or adding scientifically" should be excluded. This is absurd given that the law does not mandate privacy enhancing technologies, but data protection by design. It is not a correct legal readinng and is based on the editor's own normative preferences. Both mathematically and informationally theoretically private 'solutions' should be highlighted on the page as well as the approaches which are better supported by the legal text of the GDPR. Mirive ( talk) 14:11, 22 April 2018 (UTC)
"Data Protection by Design" is great but about system internal security which has little or nothing to do with privacy (as control is still in the system and thus not with the citizen). The legal principle (GDPR) is mainly "Data minimization" first, then purpose specification/limitation, then informed consent. (Not incorporating claims of secondary interests overriding principles). This is not excluding anything nor is it biased. The problem here is about attempts from especially one person to claim to fame to dictate terminology (what was already a long established field) backed by interests in circumventing GDPR while corporate marketing or government propaganda able to claim "Privacy by Design". It is a simple problem of hegemony through terminology undermining the principles, i.e. to make the term without content and useless for anything than PR.
It is fair to separate between the process of designing (designing privacy best effort and methodologies to do so) and a state of design (Privacy by Design), but not to claim that claiming to follow some process steps automatically incorporate state-of-the-art and certainly not as a assurance reaching a state where control do not transfer from citizen to a system. Sjewiki22 ( talk) 05:27, 25 April 2018 (UTC)
The article should be about the subject Privacy by Design, which is referenced as a fundamental part of data protection. It is not just about GDPR since Privacy by design was created in Canada, was adopted globally, is in use in the USA, and strongly influenced GDPR. It is not just about Privacy Enhancing Technologies, whilst the initial impetus was a study of PET, it quickly moved into something fundamentally different as a set of principles for data protection and the idea that it is possible to have Privacy, Security and Usability in the same solution and that all of these aspects are important.
In the war between the different agendas in this article, the result is a number of things like the reference to Kim Cameron's seven "Laws of Identity" which have nothing to do with the principles of Privacy by design apart from the number 7.
Please add your thoughts, Regards RonaldDuncan ( talk) 17:43, 25 April 2018 (UTC)
Ronald. It is a fallacy to claim that to have "Privacy, Security and Usablity in the same solution" require or can even be achieved when control is to be in the solution and not with the citizen in question. Problem was that the DPA's have only been working with lightweight solutions and therefore apply weak definitions that goes nowhere towards ensuring privacy (or security for all or usability for users). We can discuss whether asymmetric encryption, blinded encryption, onion routing or digital cash was the first publications of Privacy by Design. But these were invented and implemented somewhere between 5 and 15 years BEFORE the DPAs got involved that now for mere personal marketing (supported by the main interests in data abuse) claim the right to define terms so no privacy is ensured. The functional covering term to use for such purposes is "Data protection by Design". Sjewiki22 ( talk) 17:40, 27 April 2018 (UTC)
Sjewiki22. My suggestion is that you create an article on Privacy enhancing technologies, and that we put the PET information into that article, and we have this article focused on "Privacy by Design" in its data protection sense. Most of the references to "Privacy by Design" I have found point to it coming from the Data Protection Officers rather than the technology community, and that it is the background to the GDPR "Data protection by design"/"Privacy by design". Clearly there are different view points as to if "Privacy, Security and Usability" can be achieved or not with out PET and if it has to be citizen centric or solution centric with auditing of the solution. Currently the regulatory framework is solution centric with legal redress for solutions that fail to meed the legislation. I think it is important that this article better reflects the status now that the DPAs have got involved and created a global legislative framework. RonaldDuncan ( talk) 09:14, 6 May 2018 (UTC)
RonaldDuncan. Pointless suggestion. You have no "Privacy by Design" without "Privacy Enhancing Technologies" - it simply makes no sense as PETs are the only substance to the design issue. DPAs are not contributing to the issue, they borrow it and may best case be attributed the term itself (but not the content, see the 1995 report). The core of the issue is the interests in NOT making "Privacy by Design" in any measurable way but merely talk of intentions or "best effort" with no consequences. It does makes sense to separate between the individual tool and the whole system - i.e. you can have lots of privacy enhancing technologies involved, but in the end, it only takes one identifier to reverse the design 100% in a privacy invasive model Sjewiki22 ( talk) 15:04, 14 May 2018 (UTC)
You seem to be forgetting that GDPR didn't really change anything. It ads aspects including bigger fines and enforce responsibility on the data controller etc., but the principles are unchanged. GDPR, HIPPA or whatever regulation you point to - neither of these "define" Privacy by Design (or Security by Design for that sake) as the term only makes sense as in "data that need no protection as privacy is ensured by design" which of course require citizen being in unconditional control, i.e. when the control is not in the system regardless of policies, agreements or legal restrictions. Sjewiki22 ( talk) 15:04, 14 May 2018 (UTC)
If DPAs want a term for policy/regulatory-only privacy (does not make sense IMHO - tried and failed many times, i.e. P3P, sticky policies, self-regulation etc) then the term should be "Privacy by Regulation" or "Privacy by Policy", i.e. not a security technically related "design" Sjewiki22 ( talk) 15:15, 14 May 2018 (UTC)
Sjewiki22. I would like to proceed with the rewrite, I happy to create it in my sandbox along with a draft article on PET. You have further edited the article to remove any reference to the Data Protection Office/Information Commissioners Office origin of the term. Since it is a term that is widely used in Data Protection law, I think that your view point that the term is wrong is not helpful. The term may be wrong, but it is the one used by DPOs/DPAs in their area of expertise. RonaldDuncan ( talk) 16:22, 1 June 2018 (UTC)
RonaldDuncan First, I have NOT removed the reference to the 1995 workshop report nor have I removed the fluffy reformulation of the "7 laws of Identity". Second. I do, however, not accept the wrongful notion that some DPA have the right to define (and erode) such a basic term 15 years after. Just as I strongly reject your notion (an the many other interests) to separate the term from its origin in Privacy Enhancing Technologies and basic security. Sjewiki22 ( talk) 12:12, 3 June 2018 (UTC)
I see the proposal to rewrite the article, which I both welcome and have suggested myself. I think we would all benefit from this.
This discussion is old going all the way back to e.g. the 2003 EU Workshop on Privacy Enhancing Technologies where the scientific community across the Atlantic reacted strongly in opposition to commercial attempts to undermine terminology leading to the use of "Privacy friendly" for non-complete technologies without invalidating solutions actually ensuring citizen control.
It is vital to not allow erosion of rights through fluffy definitions, or using terms covering both good and bad at the same time allowing for invasive structures claiming to be good (as e.g. Facebook have been doing with "Privacy by Design" while retaining corporate control over data or claims of "Data Anonymization" or "Differential Privacy").
In this, it is important to distinguish clearly between the many efforts in the design process (e.g. "privacy engineering") and a categorization of outcome.
There is no assurance what-so-ever that a certain process will lead to a solution that ensures Privacy by Design just as technological or other changes may erode the security of what was previous fairly considered "Privacy by Design". Therefore the label of "Privacy by Design" on a particular solution has to be dynamic and subject to - in principle - continuous evaluation.
In this I recommend the EU approach of NOT trying to define or require "Privacy by Design" per see beyond "data minimization" according to state-of-the-art.
The legal definition in EU is essentially whether or nor data is subject to legal restrictions, i.e. "Identified or identifiable" maintaining a close linkage to scientific reality as security and thereby control is a fluid question.
We could benefit from a categorization covering some of the greyzone issues (e.g. related to accountability as one of the main parameters in a multi-dimensional problem), but I presently do not see a legitimate source of such a scale.
In short, I would be part of the large professional scientific community that would reject strongly to allowing a fluffy definition to provide data controllers (whether government or private) a free "get out of jail card" for back-doors or reducing the term to non-consequential marketing or propaganda use. Sjewiki22 ( talk) 12:12, 3 June 2018 (UTC)
As a cautionary comment. I would perhaps suggest that someone with close ties to CloudBuy indicate commercial interest in the topic with main agenda of a rewrite so as to justify a corporate use of personal data. The linkage between Privacy by Design and cloud is addressed including how to create isolated processes in cloud in a 2011 report from the Danish It and Telecoms Agency. [1]. Building profiles or "digital twins" as the presently business hype term outside citizen control clearly is not compatible with the term "Privacy by Design". Sjewiki22 ( talk) 12:35, 3 June 2018 (UTC) I am happy to create a draft rewrite in my sandbox. Regarding the potential conflict of interest with CloudBuy, we have been through a lot of work proving to our customers that we are GDPR compliant, and thus I have a lot of practical experience of implementing cloud systems whilst maintaining compliance with regulation in a heavily audited environment. Privacy by Design is an area that I have been familiar with for a long period, since we have been operating for 20 years and security and privacy engineering have been important aspects of our platform. I do not see a conflict with my work since the article is about the concept of privacy by design and its regulatory meaning as opposed to any particular implementation. RonaldDuncan ( talk) 13:44, 5 June 2018 (UTC)
This is a perverted manipulation. Please undo anything you did since July 16th and avoid making changes until the draft in your sandbox has been discussed as agreed. This version is not representing science but only a very narrow and special interest-focussed perspective while editing out all prior foundational work or sources not benefiting one agenda - CC @ Sjewiki22: @ Oshwah: @ ViperSnake151: @ Deimorz: @ Mirive: @ TheDJ: @ RA0808: @ Mauls: @ Diannaa: @ Mauls: @ FlippyFlink: @ Sphilbrick: @ Jhertel: @ Fabienpe: @ Fixuture: @ Dhugot: @ ShelleyAdams: @ Psheld: Sjewiki22 ( talk) 09:14, 19 July 2018 (UTC)
You searched for sources that confirmed your view and interest only - ignoring facts and all the links provided deleting anything (eg Danish eGov work on Privacy by Design and Security by Design and Rethinking PKI - building in Privacy) but the self-promotional bullshit. Ann Cavokian and Borking did not invent Privacy by Design, they just labeled what was already an established field but - respect - was among the most active in trying to talk it into the legal political space and 15 years later added a fluffy minor rewrite of a already fluffy "7 laws of identity".
The only really well-defined definition of privacy across legal, technical and other fields is the definition of whether GDPR protection apply - "if data is NOT identified or identifiable" - then you can say with certainty it is Privacy by Design. And that is exactly GDPR points towards with e.g. "data minimization according to state of the art" - despite all the legal loopholes in GDPR to handle rights and obligations when privacy is not designed in from the start - so it is not even an issue of conflict between technical and legal fields.
There is only one acceptable action - revert to the neutral pre-july 16 version and then lets redo the article. IMHO this is bordering fraud from interest groups that want to circumvent regulation and principles. Sjewiki22 ( talk) 09:14, 20 July 2018 (UTC)
@
RonaldDuncan: I have no problem to acknowledge the origin of the term "Privacy by Design" to the 1995 report and I have no stake in that question.
The problem is that creating a label do not provide the right to dictate scientific content. Both "privacy" and "design" was prior to this which the report also clearly states. Creating a term does not get to redefine neither - especially not 15 years after and especially not reducing it some a mere intentional issue without any useful metrics or definitions as to outcome of the process.
If so, the term becomes useless as anything including the worst violations can claim "Privacy by Design" as claim of best effort is all it takes. You often see e.g. Google, Facebook, NSA and even EU member state bureaucracies claiming "privacy by design" even though it is utterly absurd.
This problem on terminology hegemony between DP bureaucrats (and the both commercial, bureaucracy and "national security" interests behind them) and hardcore privacy/anonymity design scientists and civil liberties is not new. I refer to e.g. the 2003 EU Workshop on clarifications and the Danish eGov report "New Digital Security Models" as an operational attempt to reconcile the differences.
You do not get to hide this as "criticism" to a useless and pointless description.
Privacy by Design ends where data becomes "Identified or identifiable" - whether this is a right and whether there are greyzones or reasons to relax the requirements refering to the richer concept of multi-party Security by Design should not be used for terminology obfuscation as it prevents creation of meaning and debate.
References
A conflict of interest tag was added by @ Sjewiki22:. It needs to be debated here. @ Sjewiki22: could you state what the conflict of interest is since you added the tag RonaldDuncan ( talk) 22:11, 19 July 2018 (UTC)
You clearly represent a commercial interest in avoiding clear definitions of Privacy by Design as your income originate from server-side control of personal/customer data (CloudBuy), i.e. in inherent conflict with the very purpose of Privacy by Design. All have some bias, but this conflict of interest is obvious in the rewrite despite prior warning as to the issue and an explicit agreement to do the editions on another page instead of merely applying your view as you did. Sjewiki22 ( talk) 09:50, 20 July 2018 (UTC)
@@ RonaldDuncan: I do not know if you are faking it for selfish reasons or simply have no idea what you are talking about. We are in the areas of Greys Law so I will assume lack of knowledge but insist on the principles be uphold.
I will repeat - "Privacy by Design" ends where data become "identified or identifiable" - no more to say, never has been. At this point GDPR is not vague and neither was EU regulation in 1995 as this is unchanged and based on science on when data needs regulatory protection as the citizen loose control.
Ann Cavoukian do not get to define privacy even despite the large interest group that like her fluffy and non-consequential non-definition that merely talk about intent but providing no measures or useful definitions on outcome.
This security principle (do no evil/harm as in DO NOT CREATE personal data in the first place) can be used for standardization but isn't as the wolves define standards to control the prey and when we apply Privacy by Design within existing standards, they are changed to eliminate individual control for no other reason than commercial control (e.g. ISO 18000 NFC blocking for open security in RFID e.g. ISO 14443) and lock-in.
You do not solve this problem by stashing garbage rhetoric on top of it or adding your own analysis of sources as "criticism" to an already defunct description. And this has nothing to do with "data protection" as that only cover digital spaces that are not "Privacy by Design". The article is pure bullshit as-is covering only an attempt for personal self-promotion which suits all the ones that do not want privacy for selfish interests.
The point about moving from Privacy by Design (unconditional individual control) to Security by Design is that security is a multi-stakeholder issue and we need mechanism to deal with contradictional interests. The reference to the danish eGov report document how many such apparent contradictions are typically flawed assumptions in themselves that can be resolved through redesign, e.g. solving the apparent trade-off problem om progressive taxation and transaction anonymity.
In some cases, you need to relax on the strict Privacy by Design requirement (even remaining the normative goal) e.g. the issue of Conditional Identification as post-transaction accountability involves mechanisms that are subject to thirdparty control (e.g. a judge) as necessary to reconcile stakeholder security requirements.
Point is we can do almost all transaction anonymously but in order to enforce e.g. taxation or accountability some greyzone relaxation is needed according to state-of-the-art. Whenever we can do this even better, regulation at least in EU say we must do so.
So - politely - revert to the pre-July 16 neutral version where Ann Cavoukians contribution was recogniced but the nonsense do not get to dictate what privacy is nor undermine what is today raised to the highest-order normative design goal in all ICT design. As stated prior to your editions, the article are in need of rewrite and clarification, but not reverting to the self-promotional non-scientific version it was.
"Privacy by Design" ends when data becomes "identified or identifiable" - it did so in 1995 and it still does today and there is a large field of scholars have done tremendous work over the last 4-5 decades on the complex problems that some lightweight bureaucrats or data abusers do not get to ignore or overrule. I assume you "protect" customer data, but it has nothing to do with "Privacy by Design" - if so, the data needed no protection on behalf of customers. Sjewiki22 ( talk) 11:54, 20 July 2018 (UTC)
@ RonaldDuncan: Absolutely not. First you need to undo your damage Sjewiki22 ( talk) 16:32, 20 July 2018 (UTC)
[COMMENTS REMOVED ~ Rob13 Talk 22:57, 29 July 2018 (UTC)
Deleted section regarding Sjewiki22 after clarification below that assertion was correct that Sjewiki22 is an expert with a strong point of view on privacy by design RonaldDuncan ( talk) 10:10, 22 July 2018 (UTC)
@ RonaldDuncan: Ad hominem and privacy violations are (especially in this context) not the way to go. I haven't rejected but this is not about me and I do not try to take credit beyond exemplifying. I stepped down from editing, the second Viper suggested there might be an issue.
But you, dear Sir, did not and continued despite the warning - so I kindly reiterate to undo your damage including the above.
The issue here is about erosion of terminology, attempt to hi-jack a generic and additional which I will refrain from adding here.
This is about the fact that "Privacy by Design" is not a framework and - if so - it is certainly not invented by AC but by others before her and after.
It s not a trademark to be owned (and if so actually Nokia tried to), but a generic as in ensuring privacy by design as opposed to "by law (what you are allowed to)" , "by self-regulation (moral/self-interest)/policy (promise)/agreement (contract)/.. (or whatever).
Relabeling privacy design as "Privacy by Design" does not give you the right to define privacy, design or how privacy is designed - especially not after it is raised to a principle (not by GDPR as GDPR do not mention the term "Privacy by Design", but by European Human Rights Convention).
I do not want to criticize AC as I recognize her long work as a Privacy Commissioner and one that zealously been advocating for privacy and also the view that privacy is about design. She is free to promote some guidelines and as Commissioner probably even obligated to do so.
Nor should we chastise those that work for "data protection" to defend citizen against misuse of their data after they have lost control. But they have a post-collection perspective ignoring that at that point privacy is already violated.
So I am fine by giving AC the credit of promoting a set of guidelines as one approach. Not to give her the credit and especially not to implicitly redefining Privacy as mere "data protection" Sjewiki22 ( talk) 09:56, 21 July 2018 (UTC)
Especially, you should see the 2011 report as a response that 1) AC was wrong in 2009 as you - even in cloud - do NOT have to rely on "2) accountable business" or other organizational dependencies that can be overridden (which is in itself incompatible with "by design") and 2) Yes, we need in some situation to go beyond the Privacy by Design main goal of anonymity in transactions as the citizen may have conflicting security interest with e.g. providers need for accountability (as anonymity is inherently non-ability to hold you accountable even if all other parties work together) which is defined as Security by Design (as security is a multi-stakeholder issue whereas privacy is security from the citizen perspective only). Collecting data for profiling, marketing etc. is an interest, not a legitimate requirement for the transaction Sjewiki22 ( talk) 11:19, 22 July 2018 (UTC)
I have taken off the COI from the article. @ Sjewiki22: has suggested changes to the article and put in an appeal at the top of the talk page for other editors to get involved. My view is that I have performed clean up on the article after the various edits by Sjewiki22, posted the resulting cleaned up article, and a number of other editors have tidied up the results. RonaldDuncan ( talk) 10:34, 23 July 2018 (UTC)
As a professional in the field, it has been suggested that I should not engage in edition, so I won't.
Privacy and Anonymity is a well-established field with scholars working in the area for many decades
Referring to the 1995 report - the issue is "the path to anonymity" and on-route "minimization", i.e. the GOAL is NOT to "manage data", but to eliminate personal data or "preserve anonymity". This principle was built into the 1995 EU Data protection regulation defining restrictions on all data that are "identified or identifiable" and further emphasized in GDPR update of same article 25 "Data minimization according to state-of-the-art".
In 2009 (almost 15 years after), AC without substantiation tries to steal the agenda claiming personal ownership while publishing a set of guidelines which she blatantly calls a "Framework". Said guidelines contains nothing on anonymity or data minimization, but simple represent some overall statements that are not measurable or in any way represent a scientific framework.
Further - her unsubstantiated claim is that privacy CANNOT be designed so she try to reduce privacy to something handled by "2) accountable business" which reduces the step as a unilateral attack on privacy per see trying to give up on the root principles which "Privacy by Design" is about, see i.e. the report of 1995.
In short
I ask of the community to avoid this systemic misinformation and especially
a) To NOT acknowledge AC claim of origin.
"Privacy by design" is a generic with many authors, some mentioned in the 1995 report. I claim no such authorship and is fine with reference that the 1995 workshop was probably the first time the explicit term was used but privacy design predates this and privacy by design is a generic based on science, not a trademark to be owned and used for personal or corporate profit.
b) To NOT accept ACs 2009 version or set of guidelines as the or even a framework for "Privacy by Design". The fact that the "foundational principles" somehow got referenced in the 2010 DP conference do not raise them and especially not the reduction of "privacy" to "data protection" to science, principle or law.
c) To start this article by
- a goals definition respecting both the science, the original 1995 goals and existing regulation. Privacy by Design can never be reduced to something about "data protection" as that imply we are already beyond inherent privacy assurance "by design" and deep into weaker structures such as "by law, "by policy", "by agreement" or otherwise.
The 1995 is very clear on this and repeatedly talk about designing to preserve anonymity and if not possible to minimize personal data collection and pseudonymise actively (to split the real identity from the pseudonymous identity - NOT to to de-identify afterwards).
- emphasize Privacy Enhancing Technologies as the core of all Privacy by Design But with reference to GDPR "state-of-the-art" also respect that this is work in progress which has since the 1995 report (and the today rather funny "Identity Protector") progressed enormously in many aspects. E.g. TOR has raised the bar on "anonymity", similar the existing of production mature blinded cryptographic libraries etc.
The actual technologies should be covered elsewhere, but examples of state-of-the-art is relevant in this article.
d) But also recognize the efforts by the DPs to promote focus on technical design over "by regulation".
In this, AC and Borking should both be recommended as some of the early adopters. I have no agenda attacking or criticizing anyone personal, but they do not get to raise their personal biased opinion to science.
And mention the 2009 as a set of progressive guidelines mainly focusing on the corporate internal efforts that deserves special mentioning but NOT a definition of or a framework for "Privacy by Design" as that is better left to scientific reality and state-of-the-art.
In short - I ask of Wikipedia community to not be used for shameless self-promotion in a way that distort scientific reality and try to reduce the fundamental right to privacy to something about "data protection"
I will be happy to assist but the process since july 16th has been hostage taking ignoring all objections. Sjewiki22 ( talk) 09:54, 22 July 2018 (UTC)
@ Sjewiki22: @ Matthew V. Milone: Thanks Matthew, I had a long phone call with Sjewiki22 yesterday, and explained that we need evidence in the form of reliable references. Sjewiki22 is going to get some suggestions for Generic "Privacy by Design" as opposed to AC "Privacy by Design" and how it is being implemented in the state of the art. There is also another section about future improvements at the bottom of the article :). Look forward to your contributions. RonaldDuncan ( talk) 15:47, 24 July 2018 (UTC)
@ Sjewiki22: Hopefully another editor will come into this discussion. However, they may not want to get involved. In the meantime, I am very happy to work with you on some content about the generic meaning of Privacy by Design vs the "Privacy by Design" PbD of AC and your "Security by Design" SbD that you created as an extension. My view on your SbD is that it is interesting, but has not been widely adopted vs PbD which has been. There is a lot that could be improved in the article and your input will be helpful. The key thing is that any info in the article must be well referenced, for the AC PbD there are over 500 papers in google scholar that reference it so it is easy to find references. The challenge is that in 500 references it is easy to paint a picture that is very biased and so there needs to be balance if there are multiple points of view. I have sent you an email so we can have a conference call, and hopefully discuss and summarise here rather than debating in multiple sections in this talk page. RonaldDuncan ( talk) 10:45, 23 July 2018 (UTC)
This page has no Spanish version, but theres is one: Q110101609 at [ [1]] I propose merging it into this one. — Preceding unsigned comment added by 2A02:8071:884:B420:0:0:0:EC9C ( talk) 20:44, 7 June 2023 (UTC)