IEEE Transactions on Software Engineering, Vol. 35, Nr. 1, 2009
16 Pages Posted: 5 Sep 2008 Last revised: 5 Aug 2014
Date Written: Jänner/Februar 2009
In this paper we integrate insights from diverse islands of research on electronic privacy to offer a holistic view of privacy engineering and a systematic structure for the discipline's topics. First we discuss privacy requirements grounded in both historic and contemporary perspectives on privacy. We use a two-layer model of user privacy concerns to relate them to system operations (data transfer, storage and processing) and examine their effects on user behavior. In the second part of the paper we develop guidelines for building privacy-friendly systems. We distinguish two approaches: "privacy by policy" and "privacy by architecture." The privacy by policy approach focuses on the implementation of the notice and choice principles of fair information practices (FIPs), while the privacy by architecture approach minimizes the collection of identifiable personal data and emphasizes anonymization and client-side data storage and processing. We discuss both approaches with a view to their technical overlaps and boundaries as well as to economic feasibility. The paper aims to introduce engineers and computer scientists to the privacy research domain and provide concrete guidance on how to design privacy-friendly systems.
Keywords: anonymity, privacy, privacy enhancing technologies, engineering
JEL Classification: O33, O38
Suggested Citation: Suggested Citation