SoK: Engineering privacy-aware high-tech systems

Giovanni Maria Riva, Alexandr Vasenev, Nicola Zannone

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

Abstract

The processing of personal data is becoming a key business factor, especially for high-tech system industries such as automotive and healthcare service providers. To protect such data, the European Union (EU) has introduced the General Data Protection Regulation (GDPR), with the aim to standardize and strengthen data protection policies across EU countries. The GDPR defines stringent requirements on the collection and processing of personal data and imposes severe fines and penalties on data controllers and processors for non-compliance. Although the GDPR is enforce since 2018, many public and private organizations are still struggling to fully comply with the regulation. A main reason for this is the lack of usable methodologies that can support developers in designing of GDPR-complaint high-tech systems. This paper examines the growing literature on methodologies for the design of privacy-aware systems, and identifies the main challenges to be addressed in order to facilitate developers in the design of such systems. In particular, we investigate to what extent existing methodologies (i) cover GDPR and privacy-by-design principles, (ii) address different levels of system design concerns, and (iii) have demonstrated their suitability for the purpose. Our literature study shows that the domain landscape appears to be heterogeneous and disconnected, as existing methodologies often focus only on subsets of the GDPR principles and/or on specific angles of system design. Based on our findings, we provide recommendations on the definition of comprehensive methodologies tailored to designing GDPR-compliant high-tech systems.

Original languageEnglish
Title of host publicationProceedings of the 15th International Conference on Availability, Reliability and Security, ARES 2020
PublisherAssociation for Computing Machinery, Inc
ISBN (Electronic)9781450388337
DOIs
Publication statusPublished - 25 Aug 2020
Event15th International Conference on Availability, Reliability and Security, ARES 2020 - Virtual, Online, Ireland
Duration: 25 Aug 202028 Aug 2020

Publication series

NameACM International Conference Proceeding Series

Conference

Conference15th International Conference on Availability, Reliability and Security, ARES 2020
CountryIreland
CityVirtual, Online
Period25/08/2028/08/20

Keywords

  • GDPR
  • Privacy-by-design
  • System engineering
  • Systematic literature review

Fingerprint Dive into the research topics of 'SoK: Engineering privacy-aware high-tech systems'. Together they form a unique fingerprint.

Cite this