Skip to main content
SpringerLink
Log in

Privacy Engineering in the Data Mesh: Towards a Decentralized Data Privacy Governance Framework

  • Conference paper
  • First Online:
Service-Oriented Computing – ICSOC 2023 Workshops (ICSOC 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14518))

Included in the following conference series:

  • 123 Accesses

Abstract

Privacy engineering, emphasizing data protection during the design, build, and maintenance of software systems, faces new challenges and opportunities in the emerging decentralized data architectures, namely data mesh. By decentralizing data product ownership across domains, data mesh offers a novel paradigm to rethink how privacy principles are incorporated and maintained in modern system architectures. This paper introduces a conceptual framework that integrates privacy engineering principles with the decentralized nature of data mesh. Our approach provides a holistic view, capturing essential dimensions from both domains. We explore the intersections of privacy engineering and data mesh dimensions and provide guidelines for the stakeholders of a data mesh initiative to embed better data privacy controls. Our framework aims to offer a blueprint to ensure robust privacy practices are inherent, not just additive, during the adoption of data mesh.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 59.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 74.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Agarwal, V., et al.: Compliance-as-code for cybersecurity automation in hybrid cloud. In: 2022 IEEE 15th International Conference on Cloud Computing (CLOUD), pp. 427–437 (2022)

    Google Scholar 

  2. Antignac, T., Sands, D., Schneider, G.: Data minimisation: a language-based approach. In: De Capitani di Vimercati, S., Martinelli, F. (eds.) SEC 2017. IAICT, vol. 502, pp. 442–456. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-58469-0_30

    Chapter  Google Scholar 

  3. Bier, C., Birnstill, P., Krempel, E., Vagts, H., Beyerer, J.: Enhancing privacy by design from a developer’s perspective. In: Preneel, B., Ikonomou, D. (eds.) APF 2012. LNCS, vol. 8319, pp. 73–85. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-54069-1_5

    Chapter  Google Scholar 

  4. Cavoukian, A., et al.: Privacy by design: the 7 foundational principles. Information and privacy commissioner of Ontario, Canada 5, 12 (2009)

    Google Scholar 

  5. Chen, D., Zhao, H.: Data security and privacy protection issues in cloud computing. In: 2012 International Conference on Computer Science and Electronics Engineering, vol. 1, pp. 647–651 (2012)

    Google Scholar 

  6. Cranor, L.: Web Privacy with P3P. O’Reilly Media Inc., Sebastopol (2002)

    Google Scholar 

  7. Cranor, L.F.: Necessary but not sufficient: standardized mechanisms for privacy notice and choice. J. Telecommun. High Technol. Law 10, 273 (2012)

    Google Scholar 

  8. Crosby, M., Pattanayak, P., Verma, S., Kalyanaraman, V., et al.: Blockchain technology: beyond bitcoin. Appl. Innov. 2(6–10), 71 (2016)

    Google Scholar 

  9. Danezis, G., et al.: Privacy and data protection by design-from policy to engineering. arXiv preprint arXiv:1501.03726 (2015)

  10. De Montjoye, Y.A., Rocher, L., Pentland, A.S.: bandicoot: a python toolbox for mobile phone metadata. J. Mach. Learn. Res. 17(1), 6100–6104 (2016)

    MathSciNet  Google Scholar 

  11. Dehghani, Z.: Data Mesh Delivering Data-Driven Value at Scale. O’Reilly Media, Sebastopol (2022)

    Google Scholar 

  12. Díaz, C., Seys, S., Claessens, J., Preneel, B.: Towards measuring anonymity. In: Dingledine, R., Syverson, P. (eds.) PET 2002. LNCS, vol. 2482, pp. 54–68. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36467-6_5

    Chapter  Google Scholar 

  13. El Emam, K., Dankar, F.K.: Protecting privacy using k-anonymity. J. Am. Med. Inform. Assoc. 15(5), 627–637 (2008)

    Article  Google Scholar 

  14. Fang, L., LeFevre, K.: Privacy wizards for social networking sites. In: Proceedings of the 19th International Conference on World Wide Web, pp. 351–360 (2010)

    Google Scholar 

  15. Friedland, G., Sommer, R.: Cybercasing the joint: on the privacy implications of geo-tagging. In: 5th USENIX Workshop on Hot Topics in Security (HotSec 2010) (2010)

    Google Scholar 

  16. Goedegebuure, A., et al.: Data mesh: a systematic gray literature review. arXiv preprint arXiv:2304.01062 (2023)

  17. Grünewald, E.: Cloud native privacy engineering through DevPrivOps. In: Friedewald, M., Krenn, S., Schiering, I., Schiffner, S. (eds.) Privacy and Identity 2021. IAICT, vol. 644, pp. 122–141. Springer, Cham (2022). https://doi.org/10.1007/978-3-030-99100-5_10

    Chapter  Google Scholar 

  18. Heurix, J., Zimmermann, P., Neubauer, T., Fenz, S.: A taxonomy for privacy enhancing technologies. Comput. Secur. 53, 1–17 (2015)

    Article  Google Scholar 

  19. Hoepman, J.-H.: Privacy design strategies. In: Cuppens-Boulahia, N., Cuppens, F., Jajodia, S., Abou El Kalam, A., Sans, T. (eds.) SEC 2014. IAICT, vol. 428, pp. 446–459. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-55415-5_38

    Chapter  Google Scholar 

  20. Jarmul, K.: Privacy-first data via data mesh (2022). https://www.thoughtworks.com/insights/articles/privacy-first-data-via-data-mesh

  21. Khatri, V., Brown, C.V.: Designing data governance. Commun. ACM 53(1), 148–152 (2010)

    Article  Google Scholar 

  22. Kumara, I., Kayes, A.S.M., Mundt, P., Schneider, R.: Data governance. In: Liebregts, W., van den Heuvel, W.-J., van den Born, A. (eds.) Data Science for Entrepreneurship. CCB, pp. 37–62. Springer, Cham (2023). https://doi.org/10.1007/978-3-031-19554-9_3

    Chapter  Google Scholar 

  23. Lăzăroiu, G., Kovacova, M., Kliestikova, J., Kubala, P., Valaskova, K., Dengov, V.V.: Data governance and automated individual decision-making in the digital privacy general data protection regulation. Administratie si Manag. Public 31, 132–142 (2018)

    Google Scholar 

  24. de Montjoye, Y.A., Hidalgo, C.A., Verleysen, M., Blondel, V.D.: Unique in the crowd: the privacy bounds of human mobility. Sci. Rep. 3(1), 1376 (2013)

    Article  Google Scholar 

  25. Newman, S.: Building Microservices. O’Reilly Media Inc., Sebastopol (2021)

    Google Scholar 

  26. Otto, P.N., Antón, A.I.: Addressing legal requirements in requirements engineering: a systematic literature review. IEEE Trans. Softw. Eng. 43(2), 158–171 (2017)

    Google Scholar 

  27. Pardau, S.L.: The California consumer privacy act: towards a European-style privacy regime in the United States. J. Tech. L. & Pol’y 23, 68 (2018)

    Google Scholar 

  28. General Data Protection Regulation: Regulation (EU) 2016/679 of the European parliament and of the council. Regulation (EU) 679/2016 (2016)

    Google Scholar 

  29. Richards, M.: Microservices vs. Service-Oriented Architecture. O’Reilly Media, Sebastopol (2015)

    Google Scholar 

  30. Schneider, S., Sunyaev, A.: Determinant factors of cloud-sourcing decisions: reflecting on the IT outsourcing literature in the era of cloud computing. J. Inf. Technol. 31, 1–31 (2016). https://doi.org/10.1057/jit.2014.25

    Article  Google Scholar 

  31. Spiekermann, S., Korunovska, J., Langheinrich, M.: Inside the organization: why privacy and security engineering is a challenge for engineers. Proc. IEEE 107(3), 600–615 (2018)

    Article  Google Scholar 

  32. Sweeney, L.: k-anonymity: a model for protecting privacy. Int. J. Uncertainty Fuzziness Knowl.-Based Syst. 10(5), 557–570 (2002)

    Article  MathSciNet  Google Scholar 

  33. Voigt, P., von dem Bussche, A.: Enforcement and fines under the GDPR. In: Voigt, P., von dem Bussche, A. (eds.) The EU General Data Protection Regulation (GDPR), pp. 201–217. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-57959-7_7

    Chapter  Google Scholar 

  34. Wider, A., Verma, S., Akhtar, A.: Decentralized data governance as part of a data mesh platform: concepts and approaches. In: 2023 IEEE International Conference on Web Services (ICWS), pp. 746–754 (2023)

    Google Scholar 

  35. Williams, J., Nee, L.: Privacy engineering. Computer 55(10), 113–118 (2022)

    Article  Google Scholar 

  36. Xu, R., Baracaldo, N., Joshi, J.: Privacy-preserving machine learning: methods, challenges and directions. arXiv preprint arXiv:2108.04417 (2021)

Download references

Author information

Authors and Affiliations

  1. Jheronimus Academy of Data Science, TU/e, Eindhoven, The Netherlands

    Nemania Borovits & Damian A. Tamburri

  2. Jheronimus Academy of Data Science, Tilburg University, Tilburg, The Netherlands

    Indika Kumara & Willem-Jan Van Den Heuvel

Authors
  1. Nemania Borovits
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Indika Kumara
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Damian A. Tamburri
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Willem-Jan Van Den Heuvel
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Nemania Borovits .

Editor information

Editors and Affiliations

  1. Sapienza University of Rome, Rome, Italy

    Flavia Monti

  2. Politecnico di Milano, Milan, Italy

    Pierluigi Plebani

  3. École de Technologie Supérieure, Montréal, QC, Canada

    Naouel Moha

  4. University of New South Wales, Sydney, NSW, Australia

    Hye-young Paik

  5. University of Stuttgart, Stuttgart, Germany

    Johanna Barzen

  6. Queensland University of Technology, Brisbane, QLD, Australia

    Gowri Ramachandran

  7. University of Brescia, Brescia, Italy

    Devis Bianchini

  8. TU/e – JADS, Politecnico di Milano, Milan, Italy

    Damian A. Tamburri

  9. Sapienza University of Rome, Rome, Italy

    Massimo Mecella

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Borovits, N., Kumara, I., Tamburri, D.A., Van Den Heuvel, WJ. (2024). Privacy Engineering in the Data Mesh: Towards a Decentralized Data Privacy Governance Framework. In: Monti, F., et al. Service-Oriented Computing – ICSOC 2023 Workshops. ICSOC 2023. Lecture Notes in Computer Science, vol 14518. Springer, Singapore. https://doi.org/10.1007/978-981-97-0989-2_21

Download citation

  • DOI: https://doi.org/10.1007/978-981-97-0989-2_21

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-97-0988-5

  • Online ISBN: 978-981-97-0989-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation