Abstract
Privacy by Design (PbD) is the most common approach followed by software developers who aim to reduce risks within their application designs, yet it remains commonplace for developers to retain little conceptual understanding of what is meant by privacy. A vision is to develop an intelligent privacy assistant to whom developers can easily ask questions to learn how to incorporate different privacy-preserving ideas into their IoT application designs. This article lays the foundations toward developing such a privacy assistant by synthesising existing PbD knowledge to elicit requirements. It is believed that such a privacy assistant should not just prescribe a list of privacy-preserving ideas that developers should incorporate into their design. Instead, it should explain how each prescribed idea helps to protect privacy in a given application design context—this approach is defined as “Explainable Privacy.” A total of 74 privacy patterns were analysed and reviewed using ten different PbD schemes to understand how each privacy pattern is built and how each helps to ensure privacy. Due to page limitations, we have presented a detailed analysis in Reference [3]. In addition, different real-world Internet of Things (IoT) use-cases, including a healthcare application, were used to demonstrate how each privacy pattern could be applied to a given application design. By doing so, several knowledge engineering requirements were identified that need to be considered when developing a privacy assistant. It was also found that, when compared to other IoT application domains, privacy patterns can significantly benefit healthcare applications. In conclusion, this article identifies the research challenges that must be addressed if one wishes to construct an intelligent privacy assistant that can truly augment software developers’ capabilities at the design phase.
- Intersoft Consulting. 2020. Privacy by Design. Retrieved from https://gdpr-info.eu/issues/privacy-by-design/.Google Scholar
- Hezam Akram Abdul-Ghani and Dimitri Konstantas. 2019. A comprehensive study of security and privacy guidelines, threats, and countermeasures: An IoT perspective. J. Sensor Actuat. Netw. 8, 2 (2019), 22.Google Scholar
Cross Ref
- Lamya Alkhariji, Mahmoud Barhamgi, Omer Rana, and Charith Perera. 2020. Examining the Interplay between Privacy by Design (PbD) Schemes and Privacy Patterns. Technical Report. Cardiff University, Cardiff. Retrieved from http://iotgarage.net/publications/pdfs/PbDSchemesAndPrivacyPatterns.pdf.Google Scholar
- Malik Nadeem Anwar, Mohammed Nazir, and Adeeb Mansoor Ansari. 2020. Modeling security threats for smart cities: A STRIDE-based approach. In Smart Cities—Opportunities and Challenges. Springer, 387–396.Google Scholar
- David Budgen. 2003. Software Design. Addison-Wesley. 468 pages. Google Scholar
Digital Library
- F. Bushmann, Regine Meunier, and Hans Rohnert. 1996. Pattern-oriented Software Architecture: A System of Patterns. John Wiley&Sons, 476. DOI:https://doi.org/10.1192/bjp.108.452.101 Google Scholar
Digital Library
- Fred H. Cate. 2006. The failure of fair information practice principles. In Consumer Protection in the Age of the “Information Economy.” 341–377. Google Scholar
- Ann Cavoukian. 2009. Privacy by Design the 7 Foundational Principles Implementation and Mapping of Fair Information Practices. Technical Report. Retrieved from https://www.iab.org/wp-content/IAB-uploads/2011/03/fred_carter.pdf.Google Scholar
- Ann Cavoukian. 2010. Resolution on privacy by design. In Proceedings of the 32nd International Conference of Data Protection and Privacy Commissioners.Google Scholar
- Ann Cavoukian and Jeff Jonas. 2012. Privacy by Design in the Age of Big Data. Technical Report. Information and Privacy Commissioner, Ontario, Canada. 1–17.Google Scholar
- Datong Chen, Jie Yang, Robert Malkin, and Howard D. Wactlar. 2007. Detecting social interactions of the elderly in a nursing home environment. ACM Trans. Multimedia Comput. Commun. Appl. 3, 1 (2007), 6. DOI:https://doi.org/10.1145/1198302.1198308 Google Scholar
Digital Library
- Pierre Dewitte, Kim Wuyts, Laurens Sion, Dimitri Van Landuyt, Ivo Emanuilov, Peggy Valcke, and Wouter Joosen. 2019. A comparison of system description models for data protection by design. In Proceedings of the 34th ACM/SIGAPP Symposium on Applied Computing. 1512–1515. Google Scholar
Digital Library
- European Commission. 2016. General data protection regulation (GDPR). Offic. J. Eur. Union (2016).Google Scholar
- Asuncion Gomez-perez Figueroa and Mari Carmen Suarez. 2009. Neon methodology for building ontology networks: A scenario-based methodology. Demetra EOOD (Feb. 2009), 1–18. DOI:https://doi.org/10.1016/j.landurbplan.2011.04.007Google Scholar
- Gina Fisk, Calvin Ardi, Neale Pickett, John Heidemann, Mike Fisk, and Christos Papadopoulos. 2015. Privacy principles for sharing cyber security data. In Proceedings of the IEEE Security and Privacy Workshops. IEEE, 193–197. DOI:https://doi.org/10.1109/SPW.2015.23 Google Scholar
Digital Library
- Aldo Gangemi and Valentina Presutti. 2009. Ontology Design Patterns. Springer, Berlin, 221–243. DOI:https://doi.org/10.1007/978-3-540-92673-3_10Google Scholar
- Muneeb Ul Hassan, Mubashir Husain Rehmani, and Jinjun Chen. 2019. Privacy preservation in blockchain-based IoT systems: Integration issues, prospects, challenges, and future research directions. Future Gen. Comput. Syst. 97 (2019), 512–529.Google Scholar
Cross Ref
- Pascal Hitzler, Markus Krtzsch, and Sebastian Rudolph. 2009. Foundations of Semantic Web Technologies. Chapman & Hall/CRC. Retrieved from http://www.semantic-web-book.org/page/Foundations_of_Semantic_Web_Technologies. Google Scholar
Digital Library
- Jaap-Henk Hoepman. 2014. Privacy design strategies. In ICT Systems Security and Privacy Protection, Nora Cuppens-Boulahia, Frédéric Cuppens, Sushil Jajodia, Anas Abou El Kalam, and Thierry Sans (Eds.). IFIP Advances in Information and Communication Technology, Vol. 428. Springer, Berlin, 446–459. Google Scholar
- Jason Hong. 2017. The privacy landscape of pervasive computing. IEEE Pervas. Comput. 16, 3 (2017), 40–48. DOI:https://doi.org/10.1109/MPRV.2017.2940957Google Scholar
Digital Library
- IBM. 2019. Carfinder: Real-time Vehicle Tracking for AUDI. Retrieved from https://www.iotone.com/casestudy/carfinder-real-time-vehicle-tracking-for-audi/c1080.Google Scholar
- ISO/IEC 29100. 2011. Information Technology—Security Techniques—Privacy Framework. Technical Report.Google Scholar
- Wei Li, Tianyi Song, Yingshu Li, Liran Ma, Jiguo Yu, and Xiuzhen Cheng. 2017. A hierarchical game framework for data privacy preservation in context-aware IoT applications. In Proceedings of the IEEE Symposium on Privacy-Aware Computing (PAC’17). IEEE, 176–177.Google Scholar
Cross Ref
- Microsoft. 2019. Microsoft Security Development Lifecycle Threat Modelling. Retrieved from https://www.microsoft.com/en-us/securityengineering/sdl/threatmodeling.Google Scholar
- Minister of Justice. 2015. Personal Information Protection and Electronic Documents Act. Technical Report. Retrieved from http://laws-lois.justice.gc.ca/eng/acts/P-8.6/FullText.html.Google Scholar
- Danie E. Oleary. 1995. Some privacy issues in knowledge discovery: The OECD personal privacy guidelines. IEEE Expert-Intell. Syst. Appl. 10, 2 (1995), 48–59. DOI:https://doi.org/10.1109/64.395352 Google Scholar
Digital Library
- A Patrick. 2005. Just-in-time click-through agreements: Interface widgets for confirming informed, unambiguous consent. J. Internet Law 9, 3 (2005), 17–19.Google Scholar
- Charith Perera, Lamya Alkhariji, Atheer Jeraisy, and Omer Rana. 2020. Privacy Patterns for Internet of Things: A Handbook. Technical Report. Retrieved from http://iotgarage.net/publications/pdfs/PrivacyPatternsHandbook.pdfGoogle Scholar
- Charith Perera, Mahmoud Barhamgi, Arosha K. Bandara, Muhammad Ajmal, Blaine Price, and Bashar Nuseibeh. 2020. Designing privacy-aware Internet of Things applications. Info. Sci. 512 (Mar. 2020), 238–257. Retrieved from http://arxiv.org/abs/1703.03892.Google Scholar
- Charith Perera, Ciaran Mccormick, Arosha Bandara, Blaine A. Price, and Bashar Nuseibeh. 2016. Privacy-by-design framework for assessing Internet of Things applications and platforms. In Proceedings of the 6th International Conference on the Internet of Things. 83–92. Google Scholar
Digital Library
- Charith Perera, Arkady Zaslavsky, Peter Christen, and Dimitrios Georgakopoulos. 2014. Context aware computing for the Internet of Things: A survey. IEEE Commun. Surveys Tutor. 16, 1 (2014), 414–454. Google Scholar
Cross Ref
- Privacypatterns.eu. 2016. Collecting patterns for better privacy. Retrieved from https://privacypatterns.eu.Google Scholar
- Privacypatterns.org. 2015. Privacy Patterns. Retrieved from https://privacypatterns.org/.Google Scholar
- Martin Rost and Kirsten Bock. 2011. Privacy by design and the new protection goals. DuD (Jan. 2011), 1–9. Retrieved from https://www.european-privacy-seal.eu/AppFile/GetFile/ca6cdc46-d4dd-477d-9172-48ed5f54a99c.Google Scholar
- Ira S. Rubinstein and Nathaniel Good. 2013. Privacy by design: A counterfactual analysis of Google and Facebook privacy incidents. Berkeley Technol. Law J. 28, 2 (2013), 1333–1413. DOI:https://doi.org/10.2139/ssrn.2128146 arxiv:arXiv:1011.1669v3Google Scholar
- Kazuya Sakai, Wei Shinn Ku, Min Te Sun, and Roger Zimmermann. 2013. Privacy preserving continuous multimedia streaming in MANETs. ACM Trans. Multimedia Comput. Commun. Appl. 9, 4 (2013), 23:1–23:22. DOI:https://doi.org/10.1145/2501643.2501645 Google Scholar
Digital Library
- G. S. V. S. Sivaram, Mohan S. Kankanhalli, and K. R. Ramakrishnan. 2009. Design of multimedia surveillance systems. ACM Trans. Multimedia Comput. Commun. Appl. 5, 3 (2009), 134–140. DOI:https://doi.org/10.1145/1556134.1556140 Google Scholar
Digital Library
- Junjue Wang, Brandon Amos, Anupam Das, Padmanabhan Pillai, Norman Sadeh, and Mahadev Satyanarayanan. 2018. Enabling live video analytics with a scalable and privacy-aware framework. ACM Trans. Multimedia Comput. Commun. Appl. 14, 3s (2018), 64:1–64:24. DOI:https://doi.org/10.1145/3209659 Google Scholar
Digital Library
- Richmond Y. Wong and Deirdre K. Mulligan. 2019. Bringing design to the privacy table: Broadening “Design” in “Privacy by Design” through the lens of HCI. In Proceedings of the CHI Conference on Human Factors in Computing Systems. 1–17. Google Scholar
Digital Library
- David Wright, Paul De Hert, and Serge Gutwirth. 2011. Are the OECD guidelines at 30 showing their age? Commun. ACM 54, 2 (2011), 119. DOI:https://doi.org/10.1145/1897816.1897848 Google Scholar
Digital Library
- David Wright and Charles Raab. 2014. Privacy principles, risks and harms. Int. Rev. Law Comput. Technol. 28, 3 (2014), 277–298. DOI:https://doi.org/10.1080/13600869.2014.913874 Google Scholar
Digital Library
- Dapeng Wu, Boran Yang, Honggang Wang, Chonggang Wang, and Ruyan Wang. 2016. Privacy-preserving multimedia big data aggregation in large-scale wireless sensor networks. ACM Trans. Multimedia Computi. Commun. Appl. 14, 4s (2016), 60:1–60:19. DOI:https://doi.org/10.1145/2978570 Google Scholar
Digital Library
Index Terms
Synthesising Privacy by Design Knowledge Toward Explainable Internet of Things Application Designing in Healthcare
Recommendations
Privacy Laws and Privacy by Design Schemes for the Internet of Things: A Developer’s Perspective
Internet of Things applications have the potential to derive sensitive information about individuals. Therefore, developers must exercise due diligence to make sure that data are managed according to the privacy regulations and data protection laws. ...
Designing privacy-aware internet of things applications
Highlights- We evaluate how a proposed set of privacy guidelines can be used to effectively improve the IoT application designs. In support of this, we integrate the ...
AbstractInternet of Things (IoT) applications typically collect and analyse personal data that can be used to derive sensitive information about individuals. However, thus far, privacy concerns have not been explicitly considered in software ...
Designing Privacy-by-Design
APF 2012: Revised Selected Papers of the First Annual Privacy Forum on Privacy Technologies and Policy - Volume 8319The proposal for a new privacy regulation d.d. January 25th 2012 introduces sanctions of up to 2% of the annual turnover of enterprises. This elevates the importance of mitigation of privacy risks. This paper makes Privacy by Design more concrete, and ...






Comments