Privacy requirements are often not well considered in system design. The objective of this paper is to help interested system designers in three ways: First, it is discussed how “privacy” should be understood when designing systems that take into account the protection of individuals’ rights and their private spheres. Here specifically the concept of linkage control as an essence of privacy is introduced. Second, the paper presents a list of ten issues in system design collected during the daily work of a Data Protection Authority. Some of the mistakes are based on today’s design of data processing systems; some belong to typical attitudes or mindsets of various disciplines dealing with system design (technology, law, economics and others). Third, it is explained how working with protection goals can improve system design: In addition to the well-known information security protection goals, namely confidentiality, integrity and availability, three complementing privacy protection goals – unlinkability, transparency and intervenability – are proposed.