This paper provides a short survey on transparency tools for
privacy purposes. It defines the term transparency tools, argues why they
are important and gives examples for transparency tools. A classification
of transparency tools is suggested and some example tools are analyzed
with the help of the classification

Die Arbeit mit Schutzzielen hat sich grundsätzlich bewährt. Sie sind so formuliert, dass sie
die Anforderungen an technische und organisatorische Systeme sowohl abstrakt über

blickbar als auch in Form von Maßnahmen hinreichend konkret faßbar machen. Der
Beitrag empfiehlt, sie in Datenschutzgesetze und Verträge aufzunehmen, als Leitlinien für
den Entwurf und Betrieb von IT-Infrastrukturen heranzuziehen und in Mechanismen
transformiert als WebService-Policies auszudrücken – und unterbreitet einen
Strukturierungsvorschlag.

At the present time, an individual is required to reveal his identity when engaging in a wide range
of activities. Every time he uses a credit card, makes a telephone call, pays his taxes, subscribes to a
magazine, or buys something at the grocery store using a credit or debit card, an identifiable record
of each transaction is created and recorded in a computer database somewhere. In order to obtain a
service or make a purchase (using something other than cash), organizations require that you
identify yourself. This practice is so strong that it is simply treated as a given, an individual’s
identity must be collected and recorded in association with services rendered or purchases made.
But must this always be the case? Are there no situations where transactions may be conducted
anonymously, yet securely? We believe that there are, and will outline a number of methods and
technologies by which anonymous yet authentic transactions may be conducted.

As a legal concept, privacy is defined rather vaguely. That vagueness, some argue, is part of its protective function. The open-ended definition allows people to invoke privacy as a category to protect their personal lives and autonomy from intrusions by others—including the state that endows them with citizenship rights and runs surveillance programs. European Data Protection Directive (DPD) or Fair Information Practice Principles (FIPPs) on the other hand are procedural measures, such as notice and choice, data retention limitation, and subject access rights. These principles are seen to be instrumental to making the collection and processing activities of organizations transparent. Although less ambiguous, data protection principles still need to be translated into technical requirements and are vulnerable to narrow interpretations. Moreover, FIPPs fall short of mitigating all the privacy concerns of users toward a given organization. They also do not address privacy concerns users may have with respect to other users, with people in their social environments, and toward a greater public.