A Decision Support System for Design for Privacy

Pearson, Siani; Benameur, Azzedine

doi:10.1007/978-3-642-20769-3_23

Cited by 5 publications

(4 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Hafiz [26], for example, presents a set of privacy mitigations in response to known attacks and extends the work to present a pattern language to help developers choose patterns that are relevant to a particular domain (for which the domestic IoT is not one) [27]. Pearson [28,29] argue that we need to move beyond guides and checklists and towards “automated support for software developers in early phases of software development” given that “developers do not usually possess privacy expertise”. The authors utilise a decision support-based system where developers provide a set of requirements (in the form of a questionnaire) and these are then used to generate a candidate set of high-level privacy patterns (such as opt-in consent, or negotiation around privacy preferences) that must be implemented by the developer.…”

Section: Introductionmentioning

confidence: 99%

Privacy Engineering for Domestic IoT: Enabling Due Diligence

Lodge

Crabtree

2019

Sensors

View full text Add to dashboard Cite

The EU’s General Data Protection Regulation (GDPR) has recently come into effect and insofar as Internet of Things (IoT) applications touch EU citizens or their data, developers are obliged to exercise due diligence and ensure they undertake Data Protection by Design and Default (DPbD). GDPR mandates the use of Data Protection Impact Assessments (DPIAs) as a key heuristic enabling DPbD. However, research has shown that developers generally lack the competence needed to deal effectively with legal aspects of privacy management and that the difficulties of complying with regulation are likely to grow considerably. Privacy engineering seeks to shift the focus from interpreting texts and guidelines or consulting legal experts to embedding data protection within the development process itself. There are, however, few examples in practice. We present a privacy-oriented, flow-based integrated development environment (IDE) for building domestic IoT applications. The IDE enables due diligence in (a) helping developers reason about personal data during the actual in vivo construction of IoT applications; (b) advising developers as to whether or not the design choices they are making occasion the need for a DPIA; and (c) attaching and making available to others (including data processors, data controllers, data protection officers, users and supervisory authorities) specific privacy-related information that has arisen during an application’s development.

show abstract

Section: Introductionmentioning

confidence: 99%

Privacy Engineering for Domestic IoT: Enabling Due Diligence

Lodge

Crabtree

2019

Sensors

View full text Add to dashboard Cite

show abstract

“…Our work is therefore complementary to the above proposals and contributes to establish links between privacy risk analysis and privacy by design. The need to take into account the actual privacy risks or threats is mentioned in a number of papers [25], [34], [38] but, to our best knowledge, has not been explored in detail in previous works.…”

Section: Choice Of Architecturementioning

confidence: 99%

A Refinement Approach for the Reuse of Privacy Risk Analysis Results

Métayer

2017

Privacy Technologies and Policy

View full text Add to dashboard Cite

“…Design patterns are used in [14] to define eight privacy strategies 8 called respectively: Minimise, Hide, Separate, Aggregate, Inform, Control, Enforce and Demonstrate. Other authors put forward pattern-based approaches: [13] proposes a language for privacy patterns allowing for a designer to choose relevant PETs; [29] describes a solution for online interactions; at a higher level, [25] proposes a decision support tool based on design patterns to help software engineers to take into account privacy guidelines in the early stage of development.…”

Section: Related Workmentioning

confidence: 99%

Trust Driven Strategies for Privacy by Design

Antignac

Métayer

2015

IFIP Advances in Information and Communication Technology

View full text Add to dashboard Cite

Part 2: Full PapersInternational audienceIn this paper, we describe a multi-step approach to privacy by design. The main design step is the choice of the types of trust that can be accepted by the stakeholders, which is a key driver for the construction of an acceptable architecture. Architectures can be initially defined in a purely informal way and then mapped into a formal dedicated model. A tool integrating the approach can be used by designers to build and verify architectures. We apply the approach to a case study, an electronic toll pricing system, and show how different solutions can be suggested to the designer depending on different trust assumptions

show abstract

A Decision Support System for Design for Privacy

Cited by 5 publications

References 15 publications

Privacy Engineering for Domestic IoT: Enabling Due Diligence

Privacy Engineering for Domestic IoT: Enabling Due Diligence

A Refinement Approach for the Reuse of Privacy Risk Analysis Results

Trust Driven Strategies for Privacy by Design

Contact Info

Product

Resources

About