Towards Organizing the Growing Knowledge on Privacy Engineering

Regulation asks engineers to stick to privacy and data protection principles and apply them throughout the development process of their projects. However, in spite of the availability of technological solutions to identify and address different privacy threats these have not seen widespread adoption in the engineering practice, and developers still find difficulties in introducing privacy considerations in their new products and services. In this context, privacy engineering has emerged as an inter-disciplinary field that aims to bridge legal, computer science and engineering worlds, as well as concepts from other disciplines. The goal is to provide engineers with methods and tools that are closer to their mindset, and allow them to systematically address privacy concerns and introduce solutions within the workflow and environment they are accustomed to. This paper provides an introduction to Privacy Engineering, describing a conceptual metamodel useful to organize the increasing knowledge in this emergent field and make it more accessible to engineers. We exemplify some of this knowledge focusing on privacy design patterns, a set of privacy engineering elements that distill best-practices available.

[1]  Eran Toch,et al.  Privacy by designers: software developers’ privacy mindset , 2018, 2018 IEEE/ACM 40th International Conference on Software Engineering (ICSE).

[2]  Lorrie Faith Cranor,et al.  Improving App Privacy: Nudging App Developers to Protect User Privacy , 2014, IEEE Security & Privacy.

[3]  Kieron O'Hara,et al.  The Seven Veils of Privacy , 2016, IEEE Internet Comput..

[4]  Olha Drozd,et al.  Privacy Pattern Catalogue: A Tool for Integrating Privacy Principles of ISO/IEC 29100 into the Software Development Process , 2015, Privacy and Identity Management.

[5]  Jaap-Henk Hoepman,et al.  A system of privacy patterns for user control , 2018, SAC.

[6]  Sjaak Brinkkemper,et al.  Method engineering: engineering of information systems development methods and tools , 1996, Inf. Softw. Technol..

[7]  Peter Sommerlad,et al.  Pattern-Oriented Software Architecture: A System of Patterns: John Wiley & Sons , 1987 .

[8]  Josep Domingo-Ferrer,et al.  Privacy and Data Protection by Design - from policy to engineering , 2014, ArXiv.

[9]  Jaap-Henk Hoepman,et al.  A Critical Analysis of Privacy Design Strategies , 2016, 2016 IEEE Security and Privacy Workshops (SPW).

[10]  Daniel J. Solove A Taxonomy of Privacy , 2006 .

[11]  Eran Toch,et al.  Privacy Mindset, Technological Mindset , 2014 .

[12]  David Wright,et al.  PRIPARE: Integrating Privacy Best Practices into a Privacy Engineering Methodology , 2015, 2015 IEEE Security and Privacy Workshops.

[13]  Helen Nissenbaum,et al.  Privacy in Context - Technology, Policy, and the Integrity of Social Life , 2009 .

[14]  José M. del Álamo,et al.  Organizing Design Patterns for Privacy: A Taxonomy of Types of Relationships , 2017, EuroPLoP.

[15]  Walid Maalej,et al.  On lawful disclosure of personal user data: What should app developers do? , 2014, 2014 IEEE 7th International Workshop on Requirements Engineering and Law (RELAW).

[16]  Jason Hong,et al.  Privacy patterns for online interactions , 2006, PLoP '06.

[17]  Nick Doty,et al.  Privacy is an essentially contested concept: a multi-dimensional analytic for mapping privacy , 2016, Philosophical Transactions of the Royal Society A: Mathematical, Physical and Engineering Sciences.

[18]  Naomi B. Lefkovitz,et al.  An Introduction to Privacy Engineering and Risk Management in Federal Systems , 2017 .

[19]  José M. del Álamo,et al.  A Metamodel for Privacy Engineering Methods , 2017, IWPE@SP.

[20]  Munawar Hafiz,et al.  A pattern language for developing privacy enhancing technologies , 2013, Softw. Pract. Exp..

[21]  Javier Franch Gutiérrez,et al.  Bridging the gap among academics and practitioners in non-functional requirements management: some reflections and proposals for the future , 2012 .

[22]  Stefan Fenz,et al.  A taxonomy for privacy enhancing technologies , 2015, Comput. Secur..

[23]  Jaap-Henk Hoepman,et al.  PDF hosted at the Radboud Repository of the Radboud University Nijmegen , 2022 .