Privacy architectural strategies: an approach for achieving various levels of privacy protection

Conference item

A wide array of Privacy-Enhancing Technologies (PETs) have been proposed as technical measures to provide various levels of privacy protection. Each technical measure is a building block that addresses specific privacy issues and is applicable to specific contexts. Existing approaches, however, do not provide step-by-step guidance to illustrate how these PETs can be appropriately adopted in a contextual and structured manner. From an engineering perspective, it is important to illustrate precisely how to design and implement privacy requirements and incorporate them into software architectures, as well as to choose between alternative PETs. We present an engineering approach to Privacy by Design (PbD) that uses the concept of architectural strategies to support the adoption of PETs in the early stages of the design process to achieve various levels of privacy protection. These strategies are collections of architectural tactics, which are described through design patterns and realised by PETs. We illustrate the approach’s use in the context of eToll pricing systems and argue that this contribution lays the foundation for developing appropriate privacy engineering methodologies.

Authors: Alshammari, M; Simpson, A

• Publication status: Published
• Peer review status: Peer reviewed
• Publisher: Association for Computing Machinery
• Host title: Workshop on Privacy in the Electronic Society, Toronto, Canada - October 15, 2018
• Journal: Workshop on Privacy in the Electronic Society 2018
• Pages: 143-154
• Publication date: 2018-10-15
• Acceptance date: 2018-08-18
• DOI: 10.1145/3267323.3268957
• ISBN: 9781450359894
• Keywords: architectural tactics; privacy-enhancing technologies; privacy patterns; privacy design strategies; Data privacy