skip to main content
research-article

Synthesising Privacy by Design Knowledge Toward Explainable Internet of Things Application Designing in Healthcare

Published:14 June 2021Publication History
Skip Abstract Section

Abstract

Privacy by Design (PbD) is the most common approach followed by software developers who aim to reduce risks within their application designs, yet it remains commonplace for developers to retain little conceptual understanding of what is meant by privacy. A vision is to develop an intelligent privacy assistant to whom developers can easily ask questions to learn how to incorporate different privacy-preserving ideas into their IoT application designs. This article lays the foundations toward developing such a privacy assistant by synthesising existing PbD knowledge to elicit requirements. It is believed that such a privacy assistant should not just prescribe a list of privacy-preserving ideas that developers should incorporate into their design. Instead, it should explain how each prescribed idea helps to protect privacy in a given application design context—this approach is defined as “Explainable Privacy.” A total of 74 privacy patterns were analysed and reviewed using ten different PbD schemes to understand how each privacy pattern is built and how each helps to ensure privacy. Due to page limitations, we have presented a detailed analysis in Reference [3]. In addition, different real-world Internet of Things (IoT) use-cases, including a healthcare application, were used to demonstrate how each privacy pattern could be applied to a given application design. By doing so, several knowledge engineering requirements were identified that need to be considered when developing a privacy assistant. It was also found that, when compared to other IoT application domains, privacy patterns can significantly benefit healthcare applications. In conclusion, this article identifies the research challenges that must be addressed if one wishes to construct an intelligent privacy assistant that can truly augment software developers’ capabilities at the design phase.

References

  1. Intersoft Consulting. 2020. Privacy by Design. Retrieved from https://gdpr-info.eu/issues/privacy-by-design/.Google ScholarGoogle Scholar
  2. Hezam Akram Abdul-Ghani and Dimitri Konstantas. 2019. A comprehensive study of security and privacy guidelines, threats, and countermeasures: An IoT perspective. J. Sensor Actuat. Netw. 8, 2 (2019), 22.Google ScholarGoogle ScholarCross RefCross Ref
  3. Lamya Alkhariji, Mahmoud Barhamgi, Omer Rana, and Charith Perera. 2020. Examining the Interplay between Privacy by Design (PbD) Schemes and Privacy Patterns. Technical Report. Cardiff University, Cardiff. Retrieved from http://iotgarage.net/publications/pdfs/PbDSchemesAndPrivacyPatterns.pdf.Google ScholarGoogle Scholar
  4. Malik Nadeem Anwar, Mohammed Nazir, and Adeeb Mansoor Ansari. 2020. Modeling security threats for smart cities: A STRIDE-based approach. In Smart Cities—Opportunities and Challenges. Springer, 387–396.Google ScholarGoogle Scholar
  5. David Budgen. 2003. Software Design. Addison-Wesley. 468 pages. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. F. Bushmann, Regine Meunier, and Hans Rohnert. 1996. Pattern-oriented Software Architecture: A System of Patterns. John Wiley&Sons, 476. DOI:https://doi.org/10.1192/bjp.108.452.101 Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. Fred H. Cate. 2006. The failure of fair information practice principles. In Consumer Protection in the Age of the “Information Economy.” 341–377. Google ScholarGoogle Scholar
  8. Ann Cavoukian. 2009. Privacy by Design the 7 Foundational Principles Implementation and Mapping of Fair Information Practices. Technical Report. Retrieved from https://www.iab.org/wp-content/IAB-uploads/2011/03/fred_carter.pdf.Google ScholarGoogle Scholar
  9. Ann Cavoukian. 2010. Resolution on privacy by design. In Proceedings of the 32nd International Conference of Data Protection and Privacy Commissioners.Google ScholarGoogle Scholar
  10. Ann Cavoukian and Jeff Jonas. 2012. Privacy by Design in the Age of Big Data. Technical Report. Information and Privacy Commissioner, Ontario, Canada. 1–17.Google ScholarGoogle Scholar
  11. Datong Chen, Jie Yang, Robert Malkin, and Howard D. Wactlar. 2007. Detecting social interactions of the elderly in a nursing home environment. ACM Trans. Multimedia Comput. Commun. Appl. 3, 1 (2007), 6. DOI:https://doi.org/10.1145/1198302.1198308 Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. Pierre Dewitte, Kim Wuyts, Laurens Sion, Dimitri Van Landuyt, Ivo Emanuilov, Peggy Valcke, and Wouter Joosen. 2019. A comparison of system description models for data protection by design. In Proceedings of the 34th ACM/SIGAPP Symposium on Applied Computing. 1512–1515. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. European Commission. 2016. General data protection regulation (GDPR). Offic. J. Eur. Union (2016).Google ScholarGoogle Scholar
  14. Asuncion Gomez-perez Figueroa and Mari Carmen Suarez. 2009. Neon methodology for building ontology networks: A scenario-based methodology. Demetra EOOD (Feb. 2009), 1–18. DOI:https://doi.org/10.1016/j.landurbplan.2011.04.007Google ScholarGoogle Scholar
  15. Gina Fisk, Calvin Ardi, Neale Pickett, John Heidemann, Mike Fisk, and Christos Papadopoulos. 2015. Privacy principles for sharing cyber security data. In Proceedings of the IEEE Security and Privacy Workshops. IEEE, 193–197. DOI:https://doi.org/10.1109/SPW.2015.23 Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. Aldo Gangemi and Valentina Presutti. 2009. Ontology Design Patterns. Springer, Berlin, 221–243. DOI:https://doi.org/10.1007/978-3-540-92673-3_10Google ScholarGoogle Scholar
  17. Muneeb Ul Hassan, Mubashir Husain Rehmani, and Jinjun Chen. 2019. Privacy preservation in blockchain-based IoT systems: Integration issues, prospects, challenges, and future research directions. Future Gen. Comput. Syst. 97 (2019), 512–529.Google ScholarGoogle ScholarCross RefCross Ref
  18. Pascal Hitzler, Markus Krtzsch, and Sebastian Rudolph. 2009. Foundations of Semantic Web Technologies. Chapman & Hall/CRC. Retrieved from http://www.semantic-web-book.org/page/Foundations_of_Semantic_Web_Technologies. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. Jaap-Henk Hoepman. 2014. Privacy design strategies. In ICT Systems Security and Privacy Protection, Nora Cuppens-Boulahia, Frédéric Cuppens, Sushil Jajodia, Anas Abou El Kalam, and Thierry Sans (Eds.). IFIP Advances in Information and Communication Technology, Vol. 428. Springer, Berlin, 446–459. Google ScholarGoogle Scholar
  20. Jason Hong. 2017. The privacy landscape of pervasive computing. IEEE Pervas. Comput. 16, 3 (2017), 40–48. DOI:https://doi.org/10.1109/MPRV.2017.2940957Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. IBM. 2019. Carfinder: Real-time Vehicle Tracking for AUDI. Retrieved from https://www.iotone.com/casestudy/carfinder-real-time-vehicle-tracking-for-audi/c1080.Google ScholarGoogle Scholar
  22. ISO/IEC 29100. 2011. Information Technology—Security Techniques—Privacy Framework. Technical Report.Google ScholarGoogle Scholar
  23. Wei Li, Tianyi Song, Yingshu Li, Liran Ma, Jiguo Yu, and Xiuzhen Cheng. 2017. A hierarchical game framework for data privacy preservation in context-aware IoT applications. In Proceedings of the IEEE Symposium on Privacy-Aware Computing (PAC’17). IEEE, 176–177.Google ScholarGoogle ScholarCross RefCross Ref
  24. Microsoft. 2019. Microsoft Security Development Lifecycle Threat Modelling. Retrieved from https://www.microsoft.com/en-us/securityengineering/sdl/threatmodeling.Google ScholarGoogle Scholar
  25. Minister of Justice. 2015. Personal Information Protection and Electronic Documents Act. Technical Report. Retrieved from http://laws-lois.justice.gc.ca/eng/acts/P-8.6/FullText.html.Google ScholarGoogle Scholar
  26. Danie E. Oleary. 1995. Some privacy issues in knowledge discovery: The OECD personal privacy guidelines. IEEE Expert-Intell. Syst. Appl. 10, 2 (1995), 48–59. DOI:https://doi.org/10.1109/64.395352 Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. A Patrick. 2005. Just-in-time click-through agreements: Interface widgets for confirming informed, unambiguous consent. J. Internet Law 9, 3 (2005), 17–19.Google ScholarGoogle Scholar
  28. Charith Perera, Lamya Alkhariji, Atheer Jeraisy, and Omer Rana. 2020. Privacy Patterns for Internet of Things: A Handbook. Technical Report. Retrieved from http://iotgarage.net/publications/pdfs/PrivacyPatternsHandbook.pdfGoogle ScholarGoogle Scholar
  29. Charith Perera, Mahmoud Barhamgi, Arosha K. Bandara, Muhammad Ajmal, Blaine Price, and Bashar Nuseibeh. 2020. Designing privacy-aware Internet of Things applications. Info. Sci. 512 (Mar. 2020), 238–257. Retrieved from http://arxiv.org/abs/1703.03892.Google ScholarGoogle Scholar
  30. Charith Perera, Ciaran Mccormick, Arosha Bandara, Blaine A. Price, and Bashar Nuseibeh. 2016. Privacy-by-design framework for assessing Internet of Things applications and platforms. In Proceedings of the 6th International Conference on the Internet of Things. 83–92. Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. Charith Perera, Arkady Zaslavsky, Peter Christen, and Dimitrios Georgakopoulos. 2014. Context aware computing for the Internet of Things: A survey. IEEE Commun. Surveys Tutor. 16, 1 (2014), 414–454. Google ScholarGoogle ScholarCross RefCross Ref
  32. Privacypatterns.eu. 2016. Collecting patterns for better privacy. Retrieved from https://privacypatterns.eu.Google ScholarGoogle Scholar
  33. Privacypatterns.org. 2015. Privacy Patterns. Retrieved from https://privacypatterns.org/.Google ScholarGoogle Scholar
  34. Martin Rost and Kirsten Bock. 2011. Privacy by design and the new protection goals. DuD (Jan. 2011), 1–9. Retrieved from https://www.european-privacy-seal.eu/AppFile/GetFile/ca6cdc46-d4dd-477d-9172-48ed5f54a99c.Google ScholarGoogle Scholar
  35. Ira S. Rubinstein and Nathaniel Good. 2013. Privacy by design: A counterfactual analysis of Google and Facebook privacy incidents. Berkeley Technol. Law J. 28, 2 (2013), 1333–1413. DOI:https://doi.org/10.2139/ssrn.2128146 arxiv:arXiv:1011.1669v3Google ScholarGoogle Scholar
  36. Kazuya Sakai, Wei Shinn Ku, Min Te Sun, and Roger Zimmermann. 2013. Privacy preserving continuous multimedia streaming in MANETs. ACM Trans. Multimedia Comput. Commun. Appl. 9, 4 (2013), 23:1–23:22. DOI:https://doi.org/10.1145/2501643.2501645 Google ScholarGoogle ScholarDigital LibraryDigital Library
  37. G. S. V. S. Sivaram, Mohan S. Kankanhalli, and K. R. Ramakrishnan. 2009. Design of multimedia surveillance systems. ACM Trans. Multimedia Comput. Commun. Appl. 5, 3 (2009), 134–140. DOI:https://doi.org/10.1145/1556134.1556140 Google ScholarGoogle ScholarDigital LibraryDigital Library
  38. Junjue Wang, Brandon Amos, Anupam Das, Padmanabhan Pillai, Norman Sadeh, and Mahadev Satyanarayanan. 2018. Enabling live video analytics with a scalable and privacy-aware framework. ACM Trans. Multimedia Comput. Commun. Appl. 14, 3s (2018), 64:1–64:24. DOI:https://doi.org/10.1145/3209659 Google ScholarGoogle ScholarDigital LibraryDigital Library
  39. Richmond Y. Wong and Deirdre K. Mulligan. 2019. Bringing design to the privacy table: Broadening “Design” in “Privacy by Design” through the lens of HCI. In Proceedings of the CHI Conference on Human Factors in Computing Systems. 1–17. Google ScholarGoogle ScholarDigital LibraryDigital Library
  40. David Wright, Paul De Hert, and Serge Gutwirth. 2011. Are the OECD guidelines at 30 showing their age? Commun. ACM 54, 2 (2011), 119. DOI:https://doi.org/10.1145/1897816.1897848 Google ScholarGoogle ScholarDigital LibraryDigital Library
  41. David Wright and Charles Raab. 2014. Privacy principles, risks and harms. Int. Rev. Law Comput. Technol. 28, 3 (2014), 277–298. DOI:https://doi.org/10.1080/13600869.2014.913874 Google ScholarGoogle ScholarDigital LibraryDigital Library
  42. Dapeng Wu, Boran Yang, Honggang Wang, Chonggang Wang, and Ruyan Wang. 2016. Privacy-preserving multimedia big data aggregation in large-scale wireless sensor networks. ACM Trans. Multimedia Computi. Commun. Appl. 14, 4s (2016), 60:1–60:19. DOI:https://doi.org/10.1145/2978570 Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Synthesising Privacy by Design Knowledge Toward Explainable Internet of Things Application Designing in Healthcare

        Recommendations

        Comments

        Login options

        Check if you have access through your login credentials or your institution to get full access on this article.

        Sign in

        Full Access

        PDF Format

        View or Download as a PDF file.

        PDF

        eReader

        View online with eReader.

        eReader

        HTML Format

        View this article in HTML Format .

        View HTML Format
        About Cookies On This Site

        We use cookies to ensure that we give you the best experience on our website.

        Learn more

        Got it!