Privacy by Design Beyond the Screen: (How) Is it Possible?

Description and aim of the workshop

“Privacy by Design” (PbD) has become a widely supported concept, but there are very few real-life cases in which Privacy by Design has really worked, so far. Is it possible to embed legal privacy rules in technology design? And what does it mean to ‘embed’ ‘legal rules’ in ‘design’? Legal rules and software rules are radically different: the law needs natural language and open norms to deal with unforeseen cases; design also needs to deal with unforeseen cases, but is shaped through hardware and software instead of through natural language; and software needs programming language with determinate rules. Moreover, privacy consists not only in data protection (regulating data flows) but also in physical forms of privacy (e.g., bodily and spatial privacy). Combining all these in one approach – Privacy by Design – is daunting, but necessary if we want to protect privacy in an age of ubiquitous technology.

This workshop brings together scholars from law, regulation, ethics, philosophy of technology, industrial design, robotics, computer science, requirements engineering, and HCI. We aim to connect concepts from the legal world (such as proportionality, lawfulness, private life) with concepts in technology design (such as default settings, granularity, access rights), in a way that works. This is two-way traffic: legal norms are used to inform technology design, and technology-embedded privacy protection reflects back on how legal norms are interpreted, conceived, and shaped.

Research and discussions on PbD often tend to be either very abstract (discussing the pros and cons and (im)possibilities of PbD as such) or very concrete (discussing how a concrete application can build in some aspect of privacy protection). Although both levels of discussion are valuable, we think that most is to be gained by a workshop at an intermediate level of abstraction. Thus, in this workshop we will discuss the challenges and opportunities of PbD at the meso-level of two up-coming categories of technologies: smart toys and augmented reality (AR) applications. This enables discussing PbD in concrete settings (smart toys in the setting of closed, private spaces such as the home, with children as primary users; augmented reality in the setting of public space, with smartphone (or smart glasses) users as primary users), focusing on the conceptual and strategic level of how and where privacy by design could be shaped in these settings. Scenarios on smart toys and augmented reality will be developed and distributed before the workshop.

The workshop aims to 1) bridge approaches between disciplines, 2) find common ground between legal, technical, and design concepts; 3) conceptually discuss the ‘locus’ of Privacy by Design (in the hardwiring, in default settings, and/or in the design of the environment); 4) apply Privacy by Design to the scenarios of smart toys and augmented reality; and 5) identify implications for law and technology.

The proposed outcome is a research agenda for PbD (substantive; methodological; educational); a policy brief outlining where and how PbD can and should be taken up policy-makers; and a kick-start of joint, multidisciplinary academic papers.