A Critical Analysis of Privacy Design Strategies

  title={A Critical Analysis of Privacy Design Strategies},
  author={Michael Colesky and Jaap-Henk Hoepman and Christiaan Hillen},
  journal={2016 IEEE Security and Privacy Workshops (SPW)},
The upcoming General Data Protection Regulation is quickly becoming of great concern to organizations which process personal data of European citizens. [] Key Method We have identified a collection of such tactics based on an extensive literature review, in particular a catalogue of surveyed privacy patterns. We explore the relationships between the concepts we introduce and similar concepts used in software engineering. This paper helps bridge the gap between data protection requirements set out in law, and…

Figures and Tables from this paper

A Systematic Mapping Study on Privacy by Design in Software Engineering

The findings suggest that PbD in software engineering is still an immature field and that there is a need for privacyaware approaches for software engineering and their validation in industrial settings.

A System of Privacy Patterns for Informing Users: Creating a Pattern System

A subset of privacy design patterns is improved, constructing a pattern system that adds implementability and interconnection, while improving consistency and organization, which results in a system of patterns for informing users.

Towards Organizing the Growing Knowledge on Privacy Engineering

An introduction to Privacy Engineering is provided, describing a conceptual metamodel useful to organize the increasing knowledge in this emergent field and make it more accessible to engineers.

A system of privacy patterns for user control

This paper presents a pattern system for user control, which is built upon an existing privacy pattern catalog, and ensures implementability and uniformity within descriptions, and establishing relationships using consistent terminology to alleviate some of the aforementioned issues.

"Appropriate Technical and Organizational Measures": Identifying Privacy Engineering Approaches to Meet GDPR Requirements

It is concluded that recent privacy engineering approaches have the conceptual background to cover the GDPR, but advocate research on the integration of privacy concerns in software development processes.

Reusable Elements for the Systematic Design of Privacy-Friendly Information Systems: A Mapping Study

The most advanced research areas in privacy engineering are described and some of the gaps found are discussed, suggesting areas where researchers and funding institutions can focus their efforts.

Analysing and extending privacy patterns with architectural context

This paper provides a new structural and interaction view of the patterns by relating privacy regulation contexts and analyses the patterns in architectural contexts and map available privacy-preserving techniques for implementing each privacy pattern.

Privacy Architectural Strategies: An Approach for Achieving Various Levels of Privacy Protection

This work presents an engineering approach to Privacy by Design that uses the concept of architectural strategies to support the adoption of PETs in the early stages of the design process to achieve various levels of privacy protection.

A Model-based Approach to Realize Privacy and Data Protection by Design

This paper presents a comprehensive approach to support different phases of the design process with special attention to the integration of privacy and data protection principles, a generic model-based approach that can be specialized according to the specifics of different application domains.

Integrating a Practice Perspective to Privacy by Design

This work proposes to use a socio-technical design approach based on the established method of STWT (socio-technical walkthrough) that allows multiple stakeholders to reflect on process models they design collaboratively over multiple sessions to incorporate aspects relevant for privacy by design.



Privacy Design Strategies

These strategies help IT architects to support privacy by design early in the software development life cycle, during concept development and analysis and provide a useful classification of privacy design patterns and the underlying privacy enhancing technologies.

Linking Privacy Solutions to Developer Goals

This paper attempts to scope the privacy landscape for software engineering by proposing an operational definition for privacy and by describing a privacy taxonomy, which is rooted in the definition and presents a classification of privacy objectives, which correspond to the developer's goals.

Towards Organizational Privacy Patterns

This paper presents a first set of privacy organizational patterns, which are abstractions of real world situations and problems that businesses run into and capture the problem, the context of the generic problem and the proven solutions to the problem.

Context-Aware Privacy Design Pattern Selection

A decision based support system that assesses context and deduces a list of recommendations and controls that can be used for privacy, security and other types of requirement is proposed.

How to capture, model, and verify the knowledge of legal, security, and privacy experts: a pattern-based approach

This paper investigates the methodology needed to capture security and privacy requirements for a Health Care Centre using a smart items infrastructure and determines which solutions best fit the (legal) problems that they face.

Playing the Legal Card: Using Ideation Cards to Raise Data Protection Issues within the Design Process

It is found that, whilst wishing to protect users, regulation is viewed as a compliance issue and it is argued for the use of instruments, such as cards, as a means to engage designers in leading a human-centered approach to regulation.

A pattern language for developing privacy enhancing technologies

  • M. Hafiz
  • Computer Science
    Softw. Pract. Exp.
  • 2013
This paper describes the first pattern language for developing PETs, which contains 12 privacy patterns that can be applied to design anonymity systems for various types of online communication, online data sharing, location monitoring, voting, and electronic cash management.

A Pattern Collection for Privacy Enhancing Technology

A short overview of the whole pattern collection is provided and two patterns are presented, which will support the develop ment of PET UIs and the benefit of using them.

k-Anonymity: A Model for Protecting Privacy

  • L. Sweeney
  • Computer Science
    Int. J. Uncertain. Fuzziness Knowl. Based Syst.
  • 2002
The solution provided in this paper includes a formal protection model named k-anonymity and a set of accompanying policies for deployment and examines re-identification attacks that can be realized on releases that adhere to k- anonymity unless accompanying policies are respected.