Privacy by Design is prescribed by the new European General Data Protection Regulation. Ge ing this privacy preserving design philosophy appropriately adopted is a challenge, however. One natural approach to this challenge would be to leverage design pa erns in the privacy domain. However, privacy pa erns are scattered, unrelated, inconsistent, and immature. is paper presents a pa ern system for user control, which is built upon an existing privacy pa ern catalog. By ensuring implementability and uniformity within descriptions, and establishing relationships using consistent terminology, we alleviate some of the aforementioned issues. CCS CONCEPTS•So ware and its engineering → Patterns; •Security and privacy → Privacy protections; Privacy-preserving protocols; Usability in security and privacy; KEYWORDS privacy by design; privacy pa erns; pa ern system; data protection; privacy design strategies ACM Reference format:
Privacy by design is a new paradigm that promotes embedding privacy considerations throughout the development of information systems, to protect user privacy. Privacy engineering is the nascent field of research and practice that aims to realize this new paradigm systematically and efficiently, by delivering reusable elements such as methods, techniques, and tools that software and systems engineers can apply in their daily work. However, as a new field, its contributions are still scattered, and there is little information on their quantity or maturity. To bridge this gap, we have carried out a systematic mapping study to provide engineers and researchers with a snapshot of the reusable elements available for the systematic design of privacy-friendly software-based information systems. The results show that there is an emerging and growing interest in the field, being privacy patterns, the hottest research topic. However, the maturity of some of the contributions found is still low as they usually lack empirical evidence that demonstrates their benefits, which may hinder their adoption in practice. In this paper, we describe the most advanced research areas and discuss some of the gaps found, suggesting areas where researchers and funding institutions can focus their efforts.
Software Quality Control (SQC) techniques are widely used throughout the software development process with the objective of assessing and detecting anomalies that affect the quality of an information system. Privacy is one quality attribute of software systems for which several SQC techniques have been proposed in recent years. However, research has been carried out from different perspectives and, consequently, it has led to a growing body of knowledge scattered across different domains. To bridge this gap, we have carried out a systematic mapping study to provide practitioners and researchers with an overview of the state-of-the-art techniques to carry out software quality control of information systems focusing on aspects of privacy. Our results show a steady growth in the research efforts in this field. The European General Data Protection Regulation seems to have a significant influence on this growth, since 37% of techniques that focus on assessing compliance derive their assessment criteria from this legal framework. The maturity of the techniques varies between the type of technique: Formal verification techniques exhibit the lowest level of maturity while the combination of techniques has demonstrated its successful application in real-world scenarios. The latter seems a promising avenue of research as it provides better results in terms of coverage, precision and effectiveness than the application of individual, isolated techniques. In this paper, we describe the existing SQC techniques focusing on privacy and provide a suitable basis for identifying future research directions.
The pervasiveness of Android mobile applications and the services they support allow the personal data of individuals to be collected and shared worldwide. However, data protection legislations usually require all participants in a personal data flow to ensure an equivalent level of personal data protection, regardless of location. In particular, the European General Data Protection Regulation constrains cross-border transfers of personal data to non-EU countries and establishes specific requirements to carry them out. This paper presents a method to systematically assess compliance of Android mobile apps with the requirements for cross-border transfers established by the European data protection regulation. We have validated the method with one hundred Android apps, finding an outstanding 66% of ambiguous, inconsistent and omitted cross-border transfer disclosures.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.