The challenges of privacy by design

Spiekermann, Sarah

doi:10.1145/2209249.2209263

Cited by 112 publications

(73 citation statements)

References 2 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…"Privacy by Design is an engineering and strategic management approach that commits to selectively and sustainably minimize information systems' privacy risks through pro-active technical and governance controls." (Spiekermann, 2012). Privacy-by-design has been driven by the increasing recognition that a respect for user privacy cannot be realised through bolted-on measures that are only added to a system after it is deployed.…”

Section: Existing Privacy Compliance Procedures and Privacy-by-designmentioning

confidence: 99%

A systematic methodology for privacy impact assessments: a design science approach

Oetzel

Spiekermann

2014

European Journal of Information Systems

Self Cite

128

108

View full text Add to dashboard Cite

A systematic methodology for privacy impact assessments: a design science approach Article (Accepted for Publication) (Refereed) AbstractFor companies that develop and operate IT applications that process the personal data of customers and employees, a major problem is protecting this data and preventing privacy breaches. Failure to adequately address this problem can result in considerable damage to the company's reputation and finances, as well as negative affects for customers or employees (data subjects). We address this problem by proposing a methodology that systematically considers privacy issues by using a step-bystep privacy impact assessment (so called 'PIA'). Existing PIA approaches lack easy applicability because they are either insufficiently structured or imprecise and lengthy. We argue that companies that employ the PIA proposed in this article can achieve 'privacy-by-design', which is widely heralded by data protection authorities. In fact, the German Federal Office for Information Security (BSI) ratified the approach we present in this article for the technical field of RFID and published it as a guideline in November 2011. The contribution of the artefacts we created is twofold: First, we provide a formal problem representation structure for the analysis of privacy requirements. Second, we reduce the complexity of the privacy regulation landscape for practitioners who need to make privacy management decisions for their IT applications.

show abstract

Section: Existing Privacy Compliance Procedures and Privacy-by-designmentioning

confidence: 99%

A systematic methodology for privacy impact assessments: a design science approach

Oetzel

Spiekermann

2014

European Journal of Information Systems

Self Cite

128

108

View full text Add to dashboard Cite

show abstract

“…For example, P5 said, The principles are complex and lengthy, how can I implement them?. Previous work has also challenged privacy practices such as PbD for being complex and too theoretical to be used within the software development processes [13,21,30,32]. These privacy practices are mostly generated through social and legal research [4,21], in order to broadly capture a vast amount of privacy requirements and present them in an abstract form, such as the respect for user privacy principle in PbD.…”

Section: Participants Had Trouble Relating Privacy Requirements Into mentioning

confidence: 99%

Why developers cannot embed privacy into software systems?

Senarath

Arachchilage

2018

Proceedings of the 22nd International Conference on Evaluation and Assessment in Software Engineering 2018

View full text Add to dashboard Cite

Pervasive use of software applications continue to challenge user privacy when users interact with software systems. Even though privacy practices such as Privacy by Design (PbD), have clear instructions for software developers to embed privacy into software designs, those practices are yet to become a common practice among software developers. The difficulty of developing privacy preserving software systems highlights the importance of investigating software developers and the problems they face when they are asked to embed privacy into application designs. Software developers are the community who can put practices such as PbD into action. Therefore identifying the problems they face when embedding privacy into software applications and providing solutions to those problems are important to enable the development of privacy preserving software systems. This study investigates 36 software developers in a software design task with instructions to embed privacy in order to identify the problems they face. We derive recommendation guidelines to address the problems to enable the development of privacy preserving software systems.

show abstract

“…Scholars have noted the challenges of engineering privacy without such a concomitant consideration of these "softer" organizational aspects [19,21,28]. An integral element in this is the PIA [16,29]. Use of PIAs appears to be confined mostly to governments and a few very large corporations, although in the latter case there is scant evidence on the quality of the assessments being carried out [31].…”

Section: Related Work In Pbd and Piasmentioning

confidence: 99%

From Privacy Impact Assessment to Social Impact Assessment

Edwards

McAuley

Diver

2016

2016 IEEE Security and Privacy Workshops (SPW)

View full text Add to dashboard Cite

Abstract-In order to address the continued decline in consumer trust in all things digital, and specifically the Internet of Things (IoT), we propose a radical overhaul of IoT design processes. Privacy by Design has been proposed as a suitable framework, but we argue the current approach has two failings: it presents too abstract a framework to inform design; and it is often applied after many critical design decisions have been made in defining the business opportunity. To rebuild trust we need the philosophy of Privacy by Design to be transformed into a wider Social Impact Assessment and delivered with practical guidance to be applied at product/service concept stage as well as throughout the system's engineering.

show abstract

The challenges of privacy by design

Abstract: Heralded by regulators, Privacy by Design holds the promise to solve the digital world's privacy problems. But there are immense challenges, including management commitment and step-by-step methods to integrate privacy into systems.

Cited by 112 publications

References 2 publications

A systematic methodology for privacy impact assessments: a design science approach

A systematic methodology for privacy impact assessments: a design science approach

Why developers cannot embed privacy into software systems?

From Privacy Impact Assessment to Social Impact Assessment

Contact Info

Product

Resources

About