Skip to main content

Simple Privacy Engineering Principles

PR #704
Author(s)milstan (


Privacy is a complex yet essential component of human socialization. Ever since software Systems became tools for human connectedness, a need emerged to engineer privacy in them.

Academic research offers insight into the definition and function of privacy. Growing body of regulation specifics how software Systems and Organizations operating them should behave in order to ensure privacy. Yet, it remains challenging for a software engineer to grasp all that information and translate it into design of a software System.

We propose simple engineering principles that embody key understandings of privacy in the context of software engineering. While it is impossible to guarantee compliance with regulation upfront, Systems engineered in the spirit of these principles are more likely than others to be compliant or easily made compliant with privacy regulations.


  • The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119
  • The key word "CAN" denotes ability of someone or something, and is interpreted as "MUST be able to"
  • The key words "blindnet devkit", "CCPA", "CPRA", "Capture Fragment", "Component", "Data Capture", "Data Capture Fragment", "Data Consumer", "Data Subject", "DPO", "Fragment", "GDPR", "HIPPA", "Internet User", "Organization", "Privateform", "Privacy Request", "System", "Submitter", "User" are to be interpreted as described in RFC-Lexicon-2



To let the user know.

Transparency means letting the user know what to expect (upfront transparency), and what is actually going on (ongoing transparency).

Transparency refers to different kinds of information that the user might want to know. Particular regulations define specific information.

Among the most common are:

  • Who can access the data
  • Where is the data stored
  • What is done with the data
  • Why is data being collected and used
  • For how long is the data kept


To keep the unintended parties away.

Data is handled in a way that ensures that only the intended parties can access it. This might involve different approaches to security and access management. The System (and its administrators and the Organization controlling it) may be an unintended party. Particular regulations impose specific techniques.


To let the user negotiate the data usage.

Control means letting the users make requests related to data concerning them. The usage of data is negotiated within the limits of what the System needs to fulfill its purpose.

Particular regulations define specific requests the users must be able to make.


Normative References

Informative References

Privacy Legislation