ABSTRACT
The processing of personal data is becoming a key business factor, especially for high-tech system industries such as automotive and healthcare service providers. To protect such data, the European Union (EU) has introduced the General Data Protection Regulation (GDPR), with the aim to standardize and strengthen data protection policies across EU countries. The GDPR defines stringent requirements on the collection and processing of personal data and imposes severe fines and penalties on data controllers and processors for non-compliance. Although the GDPR is enforce since 2018, many public and private organizations are still struggling to fully comply with the regulation. A main reason for this is the lack of usable methodologies that can support developers in designing of GDPR-complaint high-tech systems. This paper examines the growing literature on methodologies for the design of privacy-aware systems, and identifies the main challenges to be addressed in order to facilitate developers in the design of such systems. In particular, we investigate to what extent existing methodologies (i) cover GDPR and privacy-by-design principles, (ii) address different levels of system design concerns, and (iii) have demonstrated their suitability for the purpose. Our literature study shows that the domain landscape appears to be heterogeneous and disconnected, as existing methodologies often focus only on subsets of the GDPR principles and/or on specific angles of system design. Based on our findings, we provide recommendations on the definition of comprehensive methodologies tailored to designing GDPR-compliant high-tech systems.
- Hezam Akram Abdulghani, Niels Alexander Nijdam, Anastasija Collen, and Dimitri Konstantas. 2019. A Study on Security and Privacy Guidelines, Counter-measures, Threats: IoT Data at Rest Perspective. Symmetry 11, 6 (2019), 774.Google ScholarCross Ref
- Amir Shayan Ahmadian, Daniel Strüber, Volker Riediger, and Jan Jürjens. 2018. Supporting privacy impact assessment by model-based privacy analysis. In Annual Symposium on Applied Computing. ACM, 1467--1474.Google ScholarDigital Library
- Thibaud Antignac and Daniel Le Métayer. 2014. Privacy architectures: Reasoning about data minimisation and integrity. In International Workshop on Security and Trust Management. Springer, 17--32.Google ScholarCross Ref
- Thibaud Antignac, Riccardo Scandariato, and Gerardo Schneider. 2018. Privacy compliance via model transformations. In European Symposium on Security and Privacy Workshops. IEEE, 120--126.Google ScholarCross Ref
- Tjerk Bijlsma, Bram van der Sanden, Yonghui Li, Rob Janssen, and Raymond Tinsel. 2019. Decision support methodology for evolutionary embedded system design. In International Symposium on Systems Engineering. IEEE, 1--8.Google Scholar
- Fredrik Blix, Salah Addin Elshekeil, and Saran Laoyookhong. 2017. Data protection by design in systems development: From legal requirements to technical solutions. In International Conference for Internet Technology and Secured Transactions. IEEE, 98--103.Google ScholarCross Ref
- Julio Caiza, Yod-Samuel Martín, Danny Guamán, Jose Del Alamo, and Juan Yelmo. 2019. Reusable Elements for the Systematic Design of Privacy-Friendly Information Systems: A Mapping Study. IEEE Access 7 (2019), 66512--66535.Google ScholarCross Ref
- Ann Cavoukian. 2009. Privacy by design: The 7 foundational principles. Information and Privacy Commissioner of Ontario, Canada 5 (2009).Google Scholar
- Michael Colesky, Jaap-Henk Hoepman, and Christiaan Hillen. 2016. A critical analysis of privacy design strategies. In Security & Privacy Workshops. IEEE, 33--40.Google ScholarCross Ref
- Luca Compagna, Paul El Khoury, Fabio Massacci, Reshma Thomas, and Nicola Zannone. 2007. How to capture, model, and verify the knowledge of legal, security, and privacy experts: a pattern-based approach. In International Conference on Artificial Intelligence and Law. ACM, 149--153.Google ScholarDigital Library
- Council of European Union. 2014. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).Google Scholar
- George Danezis, Josep Domingo-Ferrer, Marit Hansen, Jaap-Henk Hoepman, Daniel Le Metayer, Rodica Tirtea, and Stefan Schiffner. 2015. Privacy and data protection by design-from policy to engineering. arXiv:1501.03726 (2015).Google Scholar
- Martin Degeling, Christopher Lentzsch, Alexander Nolte, Thomas Herrmann, and Kai-Uwe Loser. 2016. Privacy by socio-technical design: A collaborative approach for privacy friendly system design. In International Conference on Collaboration and Internet Computing. IEEE, 502--505.Google ScholarCross Ref
- Mina Deng, Kim Wuyts, Riccardo Scandariato, Bart Preneel, and Wouter Joosen. 2011. A privacy threat analysis framework: supporting the elicitation and fulfillment of privacy requirements. Requirements Engineering 16, 1 (2011), 3--32.Google ScholarDigital Library
- Detlev Gabel and Tim Hickman. 2019. GDPR Handbook: Unlocking the EU General Data Protection Regulation: A practical handbook on the EU's new data protection law. Technology Newsflash (2019).Google Scholar
- Harald Gjermundrød, Ioanna Dionysiou, and Kyriakos Costa. 2016. privacy-Tracker: a privacy-by-design GDPR-compliant framework with verifiable data traceability controls. In Inter. Conference on Web Engineering. Springer, 3--15.Google Scholar
- Ian Goldberg, David Wagner, and Eric Brewer. 1997. Privacy-enhancing technologies for the Internet. In COMPCON. IEEE, 103--109.Google Scholar
- Paolo Guarda and Nicola Zannone. 2009. Towards the development of privacy-aware systems. Information & Software Technology 51, 2 (2009), 337--350.Google ScholarDigital Library
- Munawar Hafiz. 2006. A collection of privacy design patterns. In Conference on Pattern Languages of Programs. ACM, 7.Google ScholarDigital Library
- IEEE. 2000. Recommended Practice for Architecture Description of Software Intensive Systems. ANSI/IEEE 1471--2000.Google Scholar
- Shareeful Islam, Haralambos Mouratidis, and Stefan Wagner. 2010. Towards a framework to elicit and manage security and privacy requirements from laws and regulations. In International Working Conference on Requirements Engineering: Foundation for Software Quality. Springer, 255--261.Google ScholarCross Ref
- ISO/IEC/IEEE. 2011. Systems and software engineering - Architecture description. ISO/IEC/IEEE 42010:2011.Google Scholar
- ISO/IEC/IEEE. 2015. Systems and software engineering - System life cycle processes. ISO/IEC/IEEE 15288:2015.Google Scholar
- Jörn Kahrmann and Ina Schiering. 2014. Patterns in privacy-a pattern-based approach for assessments. In International Summer School on Privacy and Identity Management. Springer, 153--166.Google Scholar
- Christos Kalloniatis, Evangelia Kavakli, and Stefanos Gritzalis. 2008. Addressing privacy requirements in system design: the PriS method. Requirements Engineering 13, 3 (2008), 241--255.Google ScholarDigital Library
- Antonio Kung. 2014. PEARs: privacy enhancing architectures. In Annual Privacy Forum. Springer, 18--29.Google Scholar
- Antonio Kung, Johann-Christoph Freytag, and Frank Kargl. 2011. Privacy-by-design in its applications. In International Symposium on a World of Wireless, Mobile and Multimedia Networks. IEEE, 1--6.Google ScholarDigital Library
- Christian Kurtz, Martin Semmann, and Tilo Bohmann. 2018. Privacy by Design to Comply with GDPR: A Review on Third-Party Data Processors. In Americas Conference on Information Systems. Association for Information Systems.Google Scholar
- Eleni-Laskarina Makri and Costas Lambrinoudakis. 2015. Towards a Common Security and Privacy Requirements Elicitation Methodology. In International Conference on Global Security, Safety, and Sustainability. Springer, 151--159.Google ScholarCross Ref
- Lukas Malina, Gautam Srivastava, Petr Dzurenda, Jan Hajny, and Sara Ricci. 2019. A Privacy-Enhancing Framework for Internet of Things Services. In International Conference on Network and System Security. Springer, 77--97.Google ScholarCross Ref
- Miguel Ehécatl Morales-Trujillo and Gabriel Alberto Garcia-Mireles. 2018. Extending ISO/IEC 29110 Basic Profile with Privacy-by-Design Approach: A Case Study in the Health Care Sector. In International Conference on the Quality of Information and Communications Technology. IEEE, 56--64.Google ScholarCross Ref
- Miguel Ehécatl Morales-Trujillo, Erick Orlando Matla-Cruz, Gabriel Alberto García-Mireles, and Mario Piattini. 2018. Privacy by design in software engineering: a systematic mapping study. Avances en Ingenieria de Software a Nivel Iberoamericano (2018), 107--120.Google Scholar
- Gerrit Muller. 2004. CAFCR: A multi-view method for embedded systems architecting; balancing genericity and specificity. (2004).Google Scholar
- Gerrit Muller. 2011. Systems architecting: A business perspective. CRC Press.Google Scholar
- National Science Foundation. 2020. Cyber-Physical Systems(CPS). https://www.nsf.gov/pubs/2020/nsf20563/nsf20563.pdf.Google Scholar
- Nicolás Notario, Alberto Crespo, Yod-Samuel Martín, Jose M Del Alamo, Daniel Le Métayer, Thibaud Antignac, Antonio Kung, Inga Kroener, and David Wright. 2015. PRIPARE: integrating privacy best practices into a privacy engineering methodology. In Security and Privacy Workshops. IEEE, 151--158.Google ScholarDigital Library
- Inah Omoronyia, Ubong Etuk, and Peter Inglis. 2019. A Privacy Awareness System for Software Design. International Journal of Software Engineering and Knowledge Engineering 29, 10 (2019), 1557--1604.Google ScholarCross Ref
- Argyri Pattakou, Aikaterini-Georgia Mavroeidi, Vasiliki Diamantopoulou, Christos Kalloniatis, and Stefanos Gritzalis. 2018. Towards the Design of Usable Privacy by Design Methodologies. In International Workshop on Evolving Security & Privacy Requirements Engineering. IEEE, 1--8.Google ScholarCross Ref
- Kai Petersen, Sairam Vakkalanka, and Ludwik Kuzniarz. 2015. Guidelines for conducting systematic mapping studies in software engineering: An update. Information and Software Technology 64 (2015), 1--18.Google ScholarDigital Library
- Sandra Domenique Ringmann, Hanno Langweg, and Marcel Waldvogel. 2018. Requirements for legally compliant software based on the GDPR. In OTM Confederated International Conferences. Springer, 258--276.Google ScholarDigital Library
- Marco Robol, Mattia Salnitri, and Paolo Giorgini. 2017. Toward GDPR-Compliant Socio-Technical Systems: modeling language and reasoning framework. In IFIP Working Conference on the Practice of Enterprise Modeling. Springer, 236--250.Google ScholarCross Ref
- Sarah Spiekermann and Lorrie Faith Cranor. 2009. Engineering privacy. IEEE Transactions on Software Engineering 35, 1 (2009), 67--82.Google ScholarDigital Library
- Benjamin E Ujcich, Adam Bates, and William H Sanders. 2018. A provenance model for the European union general data protection regulation. In International Provenance and Annotation Workshop. Springer, 45--57.Google ScholarCross Ref
- Evangelia Vanezi, Georgia Kapitsaki, Dimitrios Kouzapas, and Anna Philippou. 2019. A Formal Modeling Scheme for Analyzing a Software System Design against the GDPR. In International Conference on Evaluation of Novel Approaches to Software Engineering. SCITEPRESS, 68--79.Google ScholarDigital Library
- Evangelia Vanezi, Dimitrios Kouzapas, Georgia M Kapitsaki, Theodora Costi, Alexandros Yeratziotis, Christos Mettouris, Anna Philippou, and George A Papadopoulos. 2019. GDPR Compliance in the Design of the INFORM e-Learning Platform: a Case Study. In International Conference on Research Challenges in Information Science. IEEE, 1--12.Google ScholarCross Ref
- Sauro Vicini, Francesco Alberti, Nicolás Notario, Alberto Crespo, Juan Ramón Troncoso Pastoriza, and Alberto Sanna. 2016. Co-creating security-and-privacy-by-design systems. In International Conference on Availability, Reliability and Security. IEEE, 768--775.Google ScholarCross Ref
Index Terms
- SoK: engineering privacy-aware high-tech systems
Recommendations
The Effect of the GDPR on Privacy Policies: Recent Progress and Future Promise
Special Issue on Analytics for Cybersecurity and Privacy, Part 2 and Regular PapersThe General Data Protection Regulation (GDPR) is considered by some to be the most important change in data privacy regulation in 20 years. Effective May 2018, the European Union GDPR privacy law applies to any organization that collects and processes ...
Supporting privacy impact assessment by model-based privacy analysis
SAC '18: Proceedings of the 33rd Annual ACM Symposium on Applied ComputingAccording to Article 35 of the General Data Protection Regulation (GDPR), data controllers are obligated to conduct a privacy impact assessment (PIA) to ensure the protection of sensitive data. Failure to properly protect sensitive data may affect data ...
Designing Privacy-by-Design
APF 2012: Revised Selected Papers of the First Annual Privacy Forum on Privacy Technologies and Policy - Volume 8319The proposal for a new privacy regulation d.d. January 25th 2012 introduces sanctions of up to 2% of the annual turnover of enterprises. This elevates the importance of mitigation of privacy risks. This paper makes Privacy by Design more concrete, and ...
Comments