Engineering privacy requirements valuable lessons from another realm

The Privacy by Design approach to systems engineering introduces privacy requirements in the early stages of development, instead of patching up a built system afterwards. However, `vague', `disconnected from technology', or `aspirational' are some terms employed nowadays to refer to the privacy principles which must lead the development process. Although privacy has become a first-class citizen in the realm of non-functional requirements and some methodological frameworks help developers by providing design guidance, software engineers often miss a solid reference detailing which specific, technical requirements they must abide by, and a systematic methodology to follow. In this position paper, we look into a domain that has already successfully tackled these problems - web accessibility -, and propose translating their findings into the realm of privacy requirements engineering, analyzing as well the gaps not yet covered by current privacy initiatives.

[1]  Cacm Staff,et al.  Operationalizing privacy by design , 2012 .

[2]  A. Cavoukian Operationalizing Privacy by Design: A Guide to Implementing Strong Privacy Practices , 2012 .

[3]  F. Cate The Failure of Fair Information Practice Principles , 2006 .

[4]  Marc Langheinrich,et al.  Privacy by Design - Principles of Privacy-Aware Ubiquitous Systems , 2001, UbiComp.

[5]  Carmela Troncoso,et al.  Engineering Privacy by Design , 2011 .

[6]  C. Raab,et al.  Privacy principles, risks and harms , 2014 .

[7]  Antonio Kung PEARs: Privacy Enhancing ARchitectures , 2014, APF.

[8]  Jacek Zadrożny,et al.  Web Content Accessibility Guidelines (WCAG) 2.0 – zasady i wytyczne do tworzenia dostępnych serwisów internetowych , 2014 .

[9]  Adriana Gamazo,et al.  EURYDICE (2013): Key data on teachers and school leaders in Europe. 2013 edition Eurydice report (Luxembourg Publications Office of the European Union) , 2013 .

[10]  Gregg C. Vanderheiden,et al.  Web Content Accessibility Guidelines (WCAG) 2.0 , 2008 .

[11]  Jaap-Henk Hoepman,et al.  PDF hosted at the Radboud Repository of the Radboud University Nijmegen , 2022 .

[12]  Peter Bodorik,et al.  Sociotechnical architecture for online privacy , 2005, IEEE Security & Privacy Magazine.

[13]  CACM Staff Operationalizing privacy by design , 2012, CACM.

[14]  Ira S. Rubinstein,et al.  Privacy by Design: A Counterfactual Analysis of Google and Facebook Privacy Incidents , 2012 .

[15]  Vinton G. Cerf Computer science revisited , 2012, CACM.

[16]  David Krebs 'Privacy by Design': Nice-to-Have or a Necessary Principle of Data Protection Law? , 2013 .

[17]  Luiz Marcio Cysneiros,et al.  Designing for privacy and other competing requirements , 2002 .

[18]  Stefanos Gritzalis,et al.  Addressing privacy requirements in system design: the PriS method , 2008, Requirements Engineering.