Privacy represents a broad variety of concerns — subjective, contextual, hard-to-define — that real people have about the flows of personal information.
Translating these concerns (as well as corporate and legal liability) into technical artifacts — a process known generally as "privacy-by-design" — has proven difficult. How can we best convert lawyer speak into engineering speak? How can problems be elegantly anticipated early in the development process?
Drawing inspiration from Christopher Alexander and the success of software design patterns in improving communication about tried-and-true practices, we hope privacy patterns will:
- standardize language for privacy-preserving technologies
- document common solutions to privacy problems
- help designers identify and address privacy concerns
We're currently compiling some patterns to get started, but our goal is for this to be a living document constructed by the community of engineers, designers, lawyers and regulators involved in this topic.
This material is based in part upon work supported by the U.S. Department of Homeland Security under grant award #2006-CS-001-000001 and the National Institute of Standards and Technology, under grant award #60NANB1D0127, under the auspices of the Institute for Information Infrastructure Protection (I3P) research program. The I3P is managed by Dartmouth College. The views and conclusions contained in this document are those of the authors and should not be interpreted as necessarily representing the official policies, either expressed or implied, of the U.S. Department of Homeland Security, the I3P, or Dartmouth College.
The Berkeley Center for Law and Technology supported this research in part in conjunction with a research gift from Nokia.
If you're interested in privacy patterns — because you'd like to contribute your own content, support the project in some way or suggest an improvement — please contact Nick Doty at [email protected].