Privacy by Design and Software Engineering

Andrade, Vinícius C.; Gomes, Rhodrigo Deda; Reinehr, Sheila; Freitas, Cinthia Obladen de Almendra; Malucelli, Andreia

doi:10.1145/3571473.3571480

Cited by 6 publications

(4 citation statements)

References 60 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The present study sought to investigate how the fundamental principles of Privacy by Design [Cavoukian 2009] can be related to better software engineering practices, recognizing the challenges highlighted by several authors regarding the difficulty of translating these highly abstract principles into practical software development activities [Andrade et al 2022;Baldassarre et al 2020;Morales-Trujillo et al 2018;Peixoto et al 2023]. Faced with this complexity, our approach aimed to create a bridge between principles and tangible actions for developers using the 72 Privacy Patterns cataloged by the University of California [UC Berkeley School of Information 2024].…”

Section: Discussionmentioning

confidence: 99%

“…Data privacy may encounter challenges across the software life cycle, potentially compromising its ultimate quality [Andrade et al 2022;Brito et al 2020]. Consequently, laws and regulations, including the General Data Protection Law (Lei Geral de Proteção de Dados -LGPD) [BRASIL 2018] and the European General Data Protection Regulation (GDPR) [EU 2016], emphasize the significance of incorporating Privacy by Design (PbD) principles [Cavoukian 2009].…”

Section: Introductionmentioning

confidence: 99%

“…While implementing PbD principles in software projects is feasible, a significant level of abstraction remains [Andrade et al 2022;Baldassarre et al 2020;Morales-Trujillo et al 2018;Peixoto et al 2023]. PbD lacks the detailed guidance necessary for software engineers to seamlessly adopt regulations during the design and development of applications, thereby posing challenges to its effective implementation.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Privacy in Practice: Exploring Concrete Relationships Between Privacy Patterns and Privacy by Design Principles in Software Engineering

Andrade,

Ribeiro,

Canteri

et al. 2024

Anais Do XXVII Congresso Ibero-Americano Em Engenharia De Software (CIbSE 2024)

Self Cite

View full text Add to dashboard Cite

Ensuring the fulfillment of customer preferences and requirements and adherence to legal compliance have emerged as critical considerations for software development organizations. Legislation such as the Brazillian LGPD and the European Union's GDPR highlight the importance of integrating personal data privacy rights from the beginning of system development and throughout the data lifecycle, as mentioned in the fundamental principles of Privacy by Design. However, recent studies still emphasize the need for processes, methods, guides, and tools that help translate Privacy by Design principles into practical software engineering activities. In this context, this article aims to explore the integration of abstract Privacy by Design principles into tangible Software Engineering practices. To this end, a mapping was carried out between Privacy Patterns and the principles of Privacy by Design. This process translated abstract concepts into practical activities. The reliability of the mapping process among the researchers was assessed by calculating the Intraclass Correction Coefficient (ICC). The findings underscore that when software engineers apply one or more Privacy Patterns to address personal data privacy requirements, as revealed through the correlations conducted in this study, they also tend to adhere to one or more Privacy by Design principles.

show abstract

Section: Discussionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Privacy in Practice: Exploring Concrete Relationships Between Privacy Patterns and Privacy by Design Principles in Software Engineering

Andrade,

Ribeiro,

Canteri

et al. 2024

Anais Do XXVII Congresso Ibero-Americano Em Engenharia De Software (CIbSE 2024)

Self Cite

View full text Add to dashboard Cite

show abstract

“…Among such theoretical approaches, LINDDUN (DistriNet, 2020) and LINDDUN Go (Wuyts et al, 2020) have been introduced as privacy engineering methods based on threat modelling to ease the early identification and mitigation of privacy threats in software systems. These proposals consider PbD features that have been rather absent when defining models, processes and tools in the software development lifecycle (SDLC) to make it fully compliant with GDPR and similar legislations (Andrade et al, 2023). For instance, a human-centered approach has been proposed (Teresa Baldassarre et al, 2021) to enhance SCRUM so that privacy and security features can be introduced in agile software development.…”

Section: Privacy-by-design Approachesmentioning

confidence: 99%

Towards Designing a Privacy-Oriented Architecture for Managing Personal Identifiable Information

Guzmán-Castillo,

Suntaxi,

Flores-Sarango

et al. 2024

JISIS

View full text Add to dashboard Cite

Recent threat reports have warned researchers and security professionals about a shortage of cybersecurity skills to face devastating personal data breaches. As a response, governments have taken on the challenge of proposing specific legislation to protect citizens' privacy while holding information-processing companies accountable for any misuse. However, unauthorized access to such information, or possible negligent destruction of personal records are some issues that cannot be dealt with privacy laws alone. In this research, we introduce the functional requirements to deploy PriVARq, a novel privacy-oriented architecture to proactively manage any consensual submission of personal identifiable information (PII); i.e. during its collection, processing, verification and transference. PriVARq’s main contribution is the balance between legal frameworks and industry-leading security standards to mitigate the former’s shortage of practical solutions to tackle some privacy and security issues when dealing with PII. Consequently, for defining PriVARq’s functional requirements, a privacy-by-design approach is employed which not only considers legislation proposed in Europe and Latin America but also analyzes technical aspects outlined in international security standards. We aim to provide a proactive approach to reduce the shortage of skills and solutions to tackle privacy leakages in public repositories and devise future research venues to implement PriVARq in public and private organizations.

show abstract

Collaborative Network 5.0: By Design Human Values and Human-Centred Based Extended Collaborative Networks

Marchetti,

Nikghadam-Hojjati,

Barata

2023

IFIP Advances in Information and Communication Technology

View full text Add to dashboard Cite

Privacy by Design and Software Engineering

Cited by 6 publications

References 60 publications

Privacy in Practice: Exploring Concrete Relationships Between Privacy Patterns and Privacy by Design Principles in Software Engineering

Privacy in Practice: Exploring Concrete Relationships Between Privacy Patterns and Privacy by Design Principles in Software Engineering

Towards Designing a Privacy-Oriented Architecture for Managing Personal Identifiable Information

Collaborative Network 5.0: By Design Human Values and Human-Centred Based Extended Collaborative Networks

Contact Info

Product

Resources

About