Abstract
Abstract. In light of increasing public pressure and strict regulation, issues of information security and privacy gain prominence in the e-government domain. A promising approach to ensure data protection is to embrace the Privacy by Design principles and practices in the public sector but this remains a major challenge for practitioners. This article leverages in-depth interviews with e-government stakeholders in Bulgaria to explore their opinions and preferences on data protection issues, thus outlining the main drivers and barriers for Privacy by Design implementations. The key insight is that increasing citizen demands and regulatory oversight engender a change in privacy thinking that defies the current status quo. Limited understanding, scarcity of best practices, legacy systems and insufficient financial and administrative capacity seem to be the main implementation obstacles.
Keywords. Privacy by Design, e-government, data protection, personal data.
JEL. C80, H10, H11.
References
Aad, I., & Niemi, V. (2010). NRC data collection and the privacy by design principles. Proc. of PhoneSense, pp.41-45.
Almagwashi, H., Tawileh, A., & Gray, A. (2014). Citizens' perception towards preserving privacy in e-government services: a cross-sectional study. In: Proceedings of the 8th International Conference on Theory and Practice of Electronic Governance (pp.24-27). ACM.
Bednar, K., Spiekermann, S., & Langheinrich, M. (2019). Engineering privacy by design: Are engineers ready to live up to the challenge?. The Information Society, 35(3), 122-142. 10.1080/01972243.2019.1583296
Braun, V., & Clarke, V. (2006). Using thematic analysis in psychology. Qualitative Research in Psychology, 3(2), 77-101.
Brey, P. (2007). Ethical aspects of information security and privacy. In M. Petković & W. Jonker (Eds.), Security, Privacy, and Trust in Modern Data Management, (pp.21-36), Springer Berlin Heidelberg.
Burnard, P., Gill, P., Stewart, K., Treasure, E., & Chadwick., B. (2008). Analysing and presenting qualitative data. British Dental Journal, 204(8), 429-432. 10.1038/sj.bdj.2008.292
Buscher, M. Wood, L. & Perng, S.Y. (2013). Privacy, security, liberty: informing the design of emergency management information systems. In: 10th International Conference on Information Systems for Crisis Response and Management. KIT, Karlsruhe.
Caiza, J.C., Martín, Y.S., Guamán, D.S., Del Alamo, J.M., & Yelmo, J.C. (2019). Reusable elements for the systematic design of privacy-friendly information systems: A mapping study. IEEE Access, 7, 66512-66535. 10.1109/ACCESS.2019.2918003
Carew, P.J., & Stapleton, L. (2005). Towards a privacy framework for information systems development. In: Information Systems Development (pp.77-88). Springer, Boston, MA.
Cavoukian, A. (2011). Privacy by design in law, policy and practice. A white paper for regulators, decision-makers and policy-makers. [Retrieved from].
Cavoukian, A. (2012a). Privacy by Desing. IEEE Technology and Society Magazine, 4, 18-19. 10.1109/MTS.2012.2225459
Cavoukian, A. (2012b). Privacy by design and the emerging personal data ecosystem. Privacy By Design. Canada: Ontario Information Commissioner. [Retrieved from].
Cavoukian, A., Taylor, S., & Abrams, M.E. (2010). Privacy by design: Essential for organizational accountability and strong business practices. Identity in the Information Society, 3(2), 405-413. doi. 10.1007/s12394-010-0053-z
Colesky, M., Hoepman, J.H., & Hillen, C. (2016). A critical analysis of privacy design strategies. In: Security and Privacy Workshops (SPW), 2016 IEEE (pp.33-40). IEEE.
Cronk, J. (2018). Strategic Privacy by Design. US: International Association of Privacy Professionals (IAPP).
D'Acquisto, G., Domingo-Ferrer, J., Kikiras, P., Torra, V., de Montjoye, Y.A., & Bourka, A. (2015). Privacy by design in big data: an overview of privacy enhancing technologies in the era of big data analytics. arXiv preprint arXiv:1512.06000. [Retrieved from].
de Casterle, B.D., Gastmans, C., Bryon, E. & Denier, Y., (2012). QUAGOL: A guide for qualitative data analysis. International Journal of Nursing Studies, 49(3), 360-371. 10.1016/j.ijnurstu.2011.09.012
Dennedy, M.F., Fox, J. & Finneran, T. (2014). The Privacy Engineer’s Manifesto: Getting from Policy to Code to QA to Value. US: Apress Media LLC.
Denscombe, M. (2014). The Good Research Guide: For Small-Scale Social Research Projects. McGraw-Hill Education.
Di Iorio, C.T., Carinci, F., Brillante, M., Azzopardi, J., Beck, P., Bratina, N., ... & Jecht, M. (2012). Cross-border flow of health information: is ‘privacy by design’enough? Privacy performance assessment in EUBIROD. The European Journal of Public Health, 23(2), 247-253. doi. 10.1093/eurpub/cks043
Ebrahim, Z., & Irani, Z. (2005). E-government adoption: architecture and barriers. Business Process Management Journal, 11(5), 589-611. 10.1108/14637150510619902
Etikan, I., Musa, S.A., & Alkassim, R. S. (2016). Comparison of convenience sampling and purposive sampling. American Journal of Theoretical and Applied Statistics, 5(1), 1-4.
Friginal, J., Gambs, S., Guiochet, J., & Killijian, M.O. (2014). Towards privacy-driven design of a dynamic carpooling system. Pervasive and Mobile Computing, 14(1), 71-82. 10.1016/j.pmcj.2014.05.009
Gill, P., Stewart, K., Treasure, E., & Chadwick, B. (2008). Methods of data collection in qualitative research: interviews and focus groups. British Dental Journal, 204(6), 291-295. 10.1038/bdj.2008.192
Harrison, M.I., Koppel, R., & Bar-Lev, S. (2007). Unintended consequences of information technologies in health care—an interactive sociotechnical analysis. Journal of the American Medical Informatics Association, 14(5), 542-549. doi. 10.1197/jamia.M2384
Hoel, T., & Chen, W. (2016). Privacy-driven design of learning analytics applications–exploring the design space of solutions for data sharing and interoperability. Journal of Learning Analytics, 3(1), 139-158. 10.18608/jla.2016.31.9
Hoepman, J.H. (2014). Privacy design strategies. In: IFIP International Information Security Conference (pp.446-459). Springer, Berlin, Heidelberg.
Hustinx, P. (2010). Privacy by design: Delivering the promises. Identity in the Information Society, 3(2), 253-255. 10.1007/s12394-010-0061-z
Ihmouda, R., & Alwi, N.H.M. (2014). E-government development models: Review of social-technical security aspects. International conference on Intelligent Systems, Data Mining and Information Technology (ICIDIT’2014), April 21-22, 2014 Bangkok, Thailand.
Islam, M.B., & Iannella, R. (2011). Privacy by design: Does it matter for social networks?. In: IFIP PrimeLife International Summer School on Privacy and Identity Management for Life (pp.207-220). Springer, Berlin, Heidelberg.
Kim, G.H., Trimi, S., & Chung, J.H. (2014). Big-data applications in the government sector. Communications of the ACM, 57(3), 78-85. 10.1145/2500873
Klitou, D. (2014). Privacy-invading technologies and privacy by design. Safeguarding Privacy, Liberty and Security in the 21st Century, 25. Springer.
Koops, B.J., Hoepman, J.H., & Leenes, R. (2013). Open-source intelligence and privacy by design. Computer Law & Security Review, 29(6), 676-688. 10.1016/j.clsr.2013.09.005
Kowalski, S. (1994). IT Insecurity: A Multi-Discipline Inquiry. Department of Computer and System Sciences, University of Stockholm and Royal Institute of Technology, Sweden.
Kum, H.C., & Ahalt, S. (2013). Privacy-by-design: Understanding data access models for secondary data. AMIA Summits on Translational Science Proceedings, 2013, pp.126-130.
Kum, H.C., Ragan, E.D., Ilangovan, G., Ramezani, M., Li, Q., & Schmit, C. (2019). Enhancing privacy through an interactive on-demand incremental information disclosure interface: applying privacy-by-design to record linkage. In Fifteenth Symposium on Usable Privacy and Security {SOUPS} 2019. [Retrieved from].
Langheinrich, M. (2001). Privacy by design—principles of privacy-aware ubiquitous systems. In: International conference on Ubiquitous Computing (pp.273-291). Springer, Berlin, Heidelberg.
Ma, Q., Johnston, A.C., & Pearson, J.M. (2008). Information security management objectives and practices: a parsimonious framework. Information Management & Computer Security, 16(3), 251-270. 10.1108/09685220810893207
Magableh, A.A., & Al Sobeh, A.M. (2018). Securing Software Development Stages Using Aspect-Orientation Concepts. International Journal of Software Engineering & Applications (IJSEA), 9(6), 57-71.
McAfee, A., Brynjolfsson, E., & Davenport, T.H. (2012). Big data: the management revolution. Harvard Business Review, 90(10), 60-68.
Monreale, A., Rinzivillo, S., Pratesi, F., Giannotti, F., & Pedreschi, D. (2014). Privacy-by-design in big data analytics and social mining. EPJ Data Science, 3(1), 10. doi. 10.1140/epjds/s13688-014-0010-4
Pencarrick Hertzman, C., Meagher, N., & McGrail, K.M. (2013). Privacy by Design at Population Data BC: a case study describing the technical, administrative, and physical controls for privacy-sensitive secondary use of personal information for research in the public interest. Journal of the American Medical Informatics Association, 20(1), 25-28. doi. 10.1136/amiajnl-2012-001011
Rajamäki, J., & Simola, J. (2019). How to apply privacy by design in OSINT and big data analytics?. In ECCWS 2019 18th European Conference on Cyber Warfare and Security (p.364). Academic Conferences and publishing limited.
Rost, M., & Bock, K. (2011). Privacy by design and the new protection goals. DuD, January.
Rubinstein, I.S., & Good, N. (2013). Privacy by design: A counterfactual analysis of Google and Facebook privacy incidents. Berkeley Tech. LJ, 28, 1333-1413.
Sahama, T., Simpson, L., & Lane, B. (2013, October). Security and Privacy in eHealth: Is it possible?. In: e-Health Networking, Applications & Services (Healthcom), 2013 IEEE 15th International Conference on (pp.249-253). IEEE.
Saldaña, J. (2015). The Coding Manual for Qualitative Researchers. Sage.
Schaar, P. (2010). Privacy by design. Identity in the Information Society, 3(2), 267-274. 10.1007/s12394-010-0055-x
Spiekermann-Hoff, S. (2012). The Challenges of Privacy by Design. Communications of the ACM (CACM), 55(7). 34-37. 10.1145/2209249.2209263
Tarimo, C. N. (2006). ICT Security Readiness Checklist for Developing Countries: A Social-Technical Approach. Department of Computer and System Sciences, University of Stockholm and Royal Institute of Technology, Sweden.
van Zoonen, L. (2016). Privacy concerns in smart cities. Government Information Quarterly, 33(3), 472-480. 10.1016/j.giq.2016.06.004
Veit, D., & Huntgeburth, J. (2014). Foundations of digital government. Leading and Managing in the Digital Era, 158.
Williams, M.A. (2009). Privacy management, the law & business strategies: A case for privacy driven design. In: Computational Science and Engineering, 2009. CSE'09. International Conference on. Vol. 3, pp.60-67. IEEE.