This website was mostly translated automatically from the
German
version. We apologize for any translation errors.
x
Privacy Frameworks
Privacy engineering must always be oriented to the relevant
legal framework. Frameworks can help us to more easily capture such
requirements and translate them into concrete technical
requirements and measures. Ideally, they represent the current
state of the art and the current legal opinion and thus help us to
reduce risks in the implementation of privacy engineering. In this
sense, frameworks are a link between the often abstract legal
requirements and concrete technical measures that can be
implemented in practice.
Choosing the right framework is not always easy. In general, one
should first be clear about the context in which the framework is
to be used. For example, if you are looking for a framework that is
suitable for the development of a software solution in Europe (e.g.
in Germany), it makes sense to orientate yourself towards national
frameworks.
In general, it should be noted that the use of a specific
framework alone does not guarantee that the solution developed with
it is automatically legally compliant. Frameworks have different
overlaps with specific jurisdictions and international frameworks
in particular are often not compliant.
Considered frameworks
In the following sections, we will take a look at some
frameworks that are of great practical importance. In particular,
we will focus on the European region and especially on Germany. The
following frameworks will be discussed:
European & German Frameworks
Standard Data Protection Model (SDM)
BSI IT basic protection
International frameworks
OECD Guidelines
Generally Accepted Privacy Principles
(GAPP)
ISO 2700X series (not specifically designed
for privacy)
US-centric frameworks
NIST Privacy Framework
Federal Trade Commissions' (FTC) Fair Information
Privacy Principles (FIPS)
Privacy Frameworks
Privacy engineering must always be oriented to the relevant legal framework. Frameworks can help us to more easily capture such requirements and translate them into concrete technical requirements and measures. Ideally, they represent the current state of the art and the current legal opinion and thus help us to reduce risks in the implementation of privacy engineering. In this sense, frameworks are a link between the often abstract legal requirements and concrete technical measures that can be implemented in practice.
Choosing the right framework is not always easy. In general, one should first be clear about the context in which the framework is to be used. For example, if you are looking for a framework that is suitable for the development of a software solution in Europe (e.g. in Germany), it makes sense to orientate yourself towards national frameworks.
In general, it should be noted that the use of a specific framework alone does not guarantee that the solution developed with it is automatically legally compliant. Frameworks have different overlaps with specific jurisdictions and international frameworks in particular are often not compliant.
Considered frameworks
In the following sections, we will take a look at some frameworks that are of great practical importance. In particular, we will focus on the European region and especially on Germany. The following frameworks will be discussed:
European & German Frameworks
International frameworks
US-centric frameworks