Reusable Elements for the Systematic Design of Privacy-Friendly Information Systems: A Mapping Study

Privacy by design is a new paradigm that promotes embedding privacy considerations throughout the development of information systems, to protect user privacy. Privacy engineering is the nascent field of research and practice that aims to realize this new paradigm systematically and efficiently, by delivering reusable elements such as methods, techniques, and tools that software and systems engineers can apply in their daily work. However, as a new field, its contributions are still scattered, and there is little information on their quantity or maturity. To bridge this gap, we have carried out a systematic mapping study to provide engineers and researchers with a snapshot of the reusable elements available for the systematic design of privacy-friendly software-based information systems. The results show that there is an emerging and growing interest in the field, being privacy patterns, the hottest research topic. However, the maturity of some of the contributions found is still low as they usually lack empirical evidence that demonstrates their benefits, which may hinder their adoption in practice. In this paper, we describe the most advanced research areas and discuss some of the gaps found, suggesting areas where researchers and funding institutions can focus their efforts.

[1]  Kirstie Hawkey,et al.  Participatory design research to understand the legal and technological perspectives in designing health information technology , 2017, SIGDOC.

[2]  Michael Waidner,et al.  Privacy-enabled services for enterprises , 2002, Proceedings. 13th International Workshop on Database and Expert Systems Applications.

[3]  Nick Doty,et al.  Privacy Design Patterns and Anti-Patterns Patterns Misapplied and Unintended Consequences , 2013 .

[4]  Siani Pearson,et al.  A Decision Support System for Design for Privacy , 2010, PrimeLife.

[5]  Carmela Troncoso,et al.  PRIPARE: A New Vision on Engineering Privacy and Security by Design , 2014, CSP Forum.

[6]  Riccardo Scandariato,et al.  A Privacy-Aware Conceptual Model for Handling Personal Data , 2016, ISoLA.

[7]  Kristian Beckers,et al.  A pattern-based method for establishing a cloud-specific information security management system , 2013, Requirements Engineering.

[8]  M. Hafiz A collection of privacy design patterns , 2006, PLoP '06.

[9]  John Mylopoulos,et al.  Towards an Ontology for Privacy Requirements via a Systematic Literature Review , 2017, ER.

[10]  David Wright,et al.  PRIPARE: Integrating Privacy Best Practices into a Privacy Engineering Methodology , 2015, 2015 IEEE Security and Privacy Workshops.

[11]  Abbas Rasoolzadegan Barforoush,et al.  The state of the art on design patterns: A systematic mapping of the literature , 2017, J. Syst. Softw..

[12]  J. Slay,et al.  Designing Privacy for You Practical Approach for User-Centric Privacy , 2017 .

[13]  Henrich Christopher Pöhls,et al.  Selected Cloud Security Patterns to Improve End User Security and Privacy in Public Clouds , 2016, APF.

[14]  Sandra R. Murillo,et al.  Enhancing Privacy Notice Applications through Interaction Design , 2016, 2016 4th International Conference in Software Engineering Research and Innovation (CONISOFT).

[15]  Atsuo Hazeyama,et al.  Literature Survey on Technologies for Developing Privacy-Aware Software , 2016, 2016 IEEE 24th International Requirements Engineering Conference Workshops (REW).

[16]  Cheryl Campanella Bracken,et al.  Practical Resources for Assessing and Reporting Intercoder Reliability in Content Analysis Research Projects , 2005 .

[17]  Kurt Stenzel,et al.  Modeling information flow properties with UML , 2015, 2015 7th International Conference on New Technologies, Mobility and Security (NTMS).

[18]  José M. del Álamo,et al.  Organizing Design Patterns for Privacy: A Taxonomy of Types of Relationships , 2017, EuroPLoP.

[19]  Günter Schreier,et al.  Architecture for an Advanced Biomedical Collaboration Domain for the European Paediatric Cancer Research Community (ABCD-4-E) , 2015, eHealth.

[20]  Christiaan Hillen,et al.  The Pseudonym Broker Privacy Pattern in Medical Data Collection , 2015, 2015 IEEE Trustcom/BigDataSE/ISPA.

[21]  Thomas Herrmann,et al.  Privacy by Socio-Technical Design: A Collaborative Approach for Privacy Friendly System Design , 2016, 2016 IEEE 2nd International Conference on Collaboration and Internet Computing (CIC).

[22]  Stephen B. Wicker,et al.  A Privacy-Aware Architecture for Demand Response Systems , 2011, 2011 44th Hawaii International Conference on System Sciences.

[23]  Jaap-Henk Hoepman,et al.  A Critical Analysis of Privacy Design Strategies , 2016, 2016 IEEE Security and Privacy Workshops (SPW).

[24]  Nalin Asanka Gamagedara Arachchilage,et al.  Why developers cannot embed privacy into software systems?: An empirical investigation , 2018, EASE.

[25]  Haralambos Mouratidis,et al.  Supporting Privacy by Design Using Privacy Process Patterns , 2017, SEC.

[26]  Sören Preibusch,et al.  Toward Accountable Discrimination-Aware Data Mining: The Importance of Keeping the Human in the Loop - and Under the Looking Glass , 2017, Big Data.

[27]  M. Brewer,et al.  Research Design and Issues of Validity , 2000 .

[28]  Tom Rodden,et al.  Playing the Legal Card: Using Ideation Cards to Raise Data Protection Issues within the Design Process , 2015, CHI.

[29]  Stefanos Gritzalis,et al.  Addressing privacy requirements in system design: the PriS method , 2008, Requirements Engineering.

[30]  Kai Petersen,et al.  Systematic Mapping Studies in Software Engineering , 2008, EASE.

[31]  Daniel Le Métayer Privacy by design: a formal framework for the analysis of architectural choices , 2013, CODASPY '13.

[32]  Maarten H. Everts,et al.  Designing Privacy-by-Design , 2012, APF.

[33]  Aziz Mohaisen,et al.  Secure Encounter-Based Mobile Social Networks: Requirements, Designs, and Tradeoffs , 2013, IEEE Transactions on Dependable and Secure Computing.

[34]  Ruhul Amin,et al.  A Novel Reference Security Model with the Situation Based Access Policy for Accessing EPHR Data , 2016, Journal of Medical Systems.

[35]  Haralambos Mouratidis,et al.  Incorporating privacy patterns into semi-automatic business process derivation , 2016, 2016 IEEE Tenth International Conference on Research Challenges in Information Science (RCIS).

[36]  Sasikanth Avancha,et al.  A privacy framework for mobile health and home-care systems , 2009, SPIMACS '09.

[37]  Daniel Le Métayer,et al.  Automated consent through privacy agents: Legal requirements and technical architecture , 2009, Comput. Law Secur. Rev..

[38]  Twittie Senivongse,et al.  Development of privacy design patterns based on privacy principles and UML , 2017, 2017 18th IEEE/ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD).

[39]  Antonio F. Gómez-Skarmeta,et al.  An ARM-Compliant Architecture for User Privacy in Smart Cities: SMARTIE - Quality by Design in the IoT , 2017, Wirel. Commun. Mob. Comput..

[40]  Airi Lampinen,et al.  We're in it together: interpersonal management of disclosure in social network services , 2011, CHI.

[41]  Jaap-Henk Hoepman,et al.  Privacy Design Strategies (The Little Blue Book) , 2018 .

[42]  Munawar Hafiz,et al.  A pattern language for developing privacy enhancing technologies , 2013, Softw. Pract. Exp..

[43]  Stefanos Gritzalis,et al.  Protecting privacy in system design: the electronic voting case , 2007 .

[44]  Sunny Consolvo,et al.  Development of a Privacy Addendum for Open Source Licenses: Value Sensitive Design in Industry , 2006, UbiComp.

[45]  S. Gritzalis,et al.  Dealing with privacy issues during the system design process , 2005, Proceedings of the Fifth IEEE International Symposium on Signal Processing and Information Technology, 2005..

[46]  Kpatcha M. Bayarou,et al.  Towards a Holistic Privacy Engineering Approach for Smart Grid Systems , 2011, 2011IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications.

[47]  Ulrich Lang,et al.  A Cybermodel for Privacy by Design: Building privacy protection into consumer electronics , 2015, IEEE Consumer Electronics Magazine.

[48]  Hans Hedbom,et al.  A Survey on Transparency Tools for Enhancing Privacy , 2008, FIDIS.

[49]  Nalin Asanka Gamagedara Arachchilage,et al.  Understanding Software Developers' Approach towards Implementing Data Minimization , 2018, ArXiv.

[50]  Jaap-Henk Hoepman,et al.  A system of privacy patterns for user control , 2018, SAC.

[51]  Siani Pearson,et al.  Context-Aware Privacy Design Pattern Selection , 2010, TrustBus.

[52]  Svetha Venkatesh,et al.  A Framework for the design of privacy preserving pervasive healthcare , 2009, 2009 IEEE International Conference on Multimedia and Expo.

[53]  Jan Jürjens,et al.  Model-based privacy and security analysis with CARiSMA , 2017, ESEC/SIGSOFT FSE.

[54]  Guanling Chen,et al.  Analyzing Privacy Designs of Mobile Social Networking Applications , 2008, 2008 IEEE/IFIP International Conference on Embedded and Ubiquitous Computing.

[55]  Stefanos Gritzalis,et al.  Using Privacy Process Patterns for Incorporating Privacy Requirements into the System Design Process , 2007, The Second International Conference on Availability, Reliability and Security (ARES'07).

[56]  Ali Sunyaev,et al.  One Size does not Fit All: Information Security and Information Privacy for genomic Cloud Services , 2016, ECIS.

[57]  Marco Vieira,et al.  Requirements, design and evaluation of a privacy reference architecture for web applications and services , 2015, SAC.

[58]  Zhendong Ma,et al.  Towards a Multidisciplinary Framework to Include Privacy in the Design of Video Surveillance Systems , 2014, APF.

[59]  Brian Henderson-Sellers,et al.  Situational Method Engineering: State-of-the-Art Review , 2010, J. Univers. Comput. Sci..

[60]  Antonio Kung PEARs: Privacy Enhancing ARchitectures , 2014, APF.

[61]  Roel Wieringa,et al.  Requirements engineering paper classification and evaluation criteria: a proposal and a discussion , 2005, Requirements Engineering.

[62]  Fabrice Muhlenbach,et al.  Data model for health telemonitoring and persuasive system design , 2017, Int. J. Intell. Inf. Database Syst..

[63]  Burkhard Schafer,et al.  Edinburgh Research Explorer Opening the black box , 2022 .

[64]  Marit Hansen,et al.  Top 10 Mistakes in System Design from a Privacy Perspective and Privacy Protection Goals , 2011, PrimeLife.

[65]  Antonio Kung,et al.  Privacy Verification Using Ontologies , 2011, 2011 Sixth International Conference on Availability, Reliability and Security.

[66]  Francis G. McCabe,et al.  Reference Model for Service Oriented Architecture 1.0 , 2006 .

[67]  Josephine Wolff Application-layer design patterns for accountable-anonymous online identities , 2013 .

[68]  Umesh Chandra,et al.  Mobile phone-to-phone personal context sharing , 2009, 2009 9th International Symposium on Communications and Information Technology.

[69]  James A. Landay,et al.  Privacy risk models for designing privacy-sensitive ubiquitous computing systems , 2004, DIS '04.

[70]  Sebastian Herold,et al.  A Literature Study on Privacy Patterns Research , 2017, 2017 43rd Euromicro Conference on Software Engineering and Advanced Applications (SEAA).

[71]  Sjaak Brinkkemper,et al.  Method engineering: engineering of information systems development methods and tools , 1996, Inf. Softw. Technol..

[72]  Philip W. L. Fong,et al.  A Privacy Preservation Model for Facebook-Style Social Network Systems , 2009, ESORICS.

[73]  Antonio Cavacini What is the best database for computer science journal articles? , 2014, Scientometrics.

[74]  John Mylopoulos,et al.  Goal-Oriented Requirements Engineering: A Systematic Literature Map , 2016, 2016 IEEE 24th International Requirements Engineering Conference (RE).

[75]  B. J. Oates,et al.  Researching Information Systems and Computing , 2005 .

[76]  José M. del Álamo,et al.  A Metamodel for Privacy Engineering Methods , 2017, IWPE@SP.

[77]  Dan Lin,et al.  Preventing Information Leakage from Indexing in the Cloud , 2010, 2010 IEEE 3rd International Conference on Cloud Computing.

[78]  Prashant J. Shenoy,et al.  Private memoirs of a smart meter , 2010, BuildSys '10.

[79]  Christian Kray,et al.  Ephemerality Is the New Black: A Novel Perspective on Location Data Management and Location Privacy in LBS , 2016, LBS.

[80]  Barbara Kitchenham,et al.  What's up with software metrics? - A preliminary mapping study , 2010, J. Syst. Softw..

[81]  Tore Dybå,et al.  The Future of Empirical Methods in Software Engineering Research , 2007, Future of Software Engineering (FOSE '07).

[82]  James A. Landay,et al.  An architecture for privacy-sensitive ubiquitous computing , 2004, MobiSys '04.

[83]  José M. del Álamo,et al.  Privacy Engineering: Shaping an Emerging Field of Research and Practice , 2016, IEEE Security & Privacy.

[84]  Olha Drozd,et al.  Privacy Pattern Catalogue: A Tool for Integrating Privacy Principles of ISO/IEC 29100 into the Software Development Process , 2015, Privacy and Identity Management.

[85]  Clark D. Thomborson,et al.  Privacy patterns , 2016, 2016 14th Annual Conference on Privacy, Security and Trust (PST).

[86]  Ralph Johnson,et al.  design patterns elements of reusable object oriented software , 2019 .

[87]  José Luis Fernández Alemán,et al.  Security and privacy in electronic health records: A systematic literature review , 2013, J. Biomed. Informatics.

[88]  Stefanos Gritzalis,et al.  Methods for Designing Privacy Aware Information Systems: A Review , 2009, 2009 13th Panhellenic Conference on Informatics.

[89]  H. P Gassmann,et al.  OECD guidelines governing the protection of privacy and transborder flows of personal data , 1981 .

[90]  Eran Toch,et al.  How Developers Make Design Decisions about Users' Privacy: The Place of Professional Communities and Organizational Climate , 2017, CSCW Companion.

[91]  Jaap-Henk Hoepman,et al.  PDF hosted at the Radboud Repository of the Radboud University Nijmegen , 2022 .

[92]  Max Jacobson,et al.  A Pattern Language: Towns, Buildings, Construction , 1981 .

[93]  Gregory D. Abowd,et al.  Privacy and proportionality: adapting legal evaluation techniques to inform design in ubiquitous computing , 2005, CHI.

[94]  Ruzanna Chitchyan,et al.  Privacy Requirements: Present & Future , 2017, 2017 IEEE/ACM 39th International Conference on Software Engineering: Software Engineering in Society Track (ICSE-SEIS).

[95]  Kai Petersen,et al.  Guidelines for conducting systematic mapping studies in software engineering: An update , 2015, Inf. Softw. Technol..

[96]  Stefanos Gritzalis,et al.  Supporting the design of privacy-aware business processes via privacy process patterns , 2017, 2017 11th International Conference on Research Challenges in Information Science (RCIS).

[97]  Eran Toch,et al.  Privacy by designers: software developers’ privacy mindset , 2018, 2018 IEEE/ACM 40th International Conference on Software Engineering (ICSE).

[98]  Svenja Polst,et al.  A User-Centered Model for Usable Security and Privacy , 2017, HCI.

[99]  C. Bier,et al.  Common privacy patterns in video surveillance and smart energy , 2012, 2012 7th International Conference on Computing and Convergence Technology (ICCCT).

[100]  Klemens Böhm,et al.  Semantic Support for Security-Annotated Business Process Models , 2011, BMMDS/EMMSAD.

[101]  Stefan Fenz,et al.  A taxonomy for privacy enhancing technologies , 2015, Comput. Secur..

[102]  Jeremy Hsu What you need to know about Europe's data privacy rules [Resources_At Work] , 2018, IEEE Spectrum.

[103]  Michael Sirivianos,et al.  Cyber security risks for minors: A taxonomy and a software architecture , 2016, 2016 11th International Workshop on Semantic and Social Media Adaptation and Personalization (SMAP).

[104]  Jason Hong,et al.  Privacy patterns for online interactions , 2006, PLoP '06.

[105]  Kirstie Hawkey,et al.  Proposed Privacy Patterns for Privacy Preserving Healthcare Systems in Accord with Nova Scotia's Personal Health Information Act , 2016, HCI.

[106]  Kristian Beckers,et al.  Comparing Privacy Requirements Engineering Approaches , 2012, 2012 Seventh International Conference on Availability, Reliability and Security.