Privacy engineering is an emerging field of engineering which aims to provide methodologies, tools, and techniques to ensure systems provide acceptable levels of

privacy Privacy (, ) is the ability of an individual or group to seclude themselves or information about themselves, and thereby express themselves selectively. The domain of privacy partially overlaps with security, which can include the concepts of a ...

. In the US, an acceptable level of privacy is defined in terms of compliance to the functional and non-functional requirements set out through a

privacy policy A privacy policy is a statement or legal document (in privacy law) that discloses some or all of the ways a party gathers, uses, discloses, and manages a customer or client's data. Personal information can be anything that can be used to identif ...

, which is a contractual artifact displaying the data controlling entities compliance to legislation such as Fair Information Practices, health record security regulation and other

privacy laws Privacy law is the body of law that deals with the regulating, storing, and using of personally identifiable information, personal healthcare information, and financial information of individuals, which can be collected by governments, public o ...

. In the EU, however, the

General Data Protection Regulation The General Data Protection Regulation (GDPR) is a European Union regulation on data protection and privacy in the EU and the European Economic Area (EEA). The GDPR is an important component of EU privacy law and of human rights law, in partic ...

(GDPR) sets the requirements that need to be fulfilled. In the rest of the world, the requirements change depending on local implementations of

and

data protection Information privacy is the relationship between the collection and dissemination of data, technology, the public expectation of privacy, contextual information norms, and the legal and political issues surrounding them. It is also known as data pr ...

laws.

Definition and scope

The definition of privacy engineering given by National Institute of Standards and Technology (NIST) is: While privacy has been developing as a legal domain, privacy engineering has only really come to the fore in recent years as the necessity of implementing said privacy laws in information systems has become a definite requirement to the deployment of such information systems. For example, IPEN outlines their position in this respect as: Privacy engineering involves aspects such as process management,

security Security is protection from, or resilience against, potential harm (or other unwanted coercive change) caused by others, by restraining the freedom of others to act. Beneficiaries (technically referents) of security may be of persons and social ...

ontology In metaphysics, ontology is the philosophical study of being, as well as related concepts such as existence, becoming, and reality. Ontology addresses questions like how entities are grouped into categories and which of these entities exis ...

and

software engineering Software engineering is a systematic engineering approach to software development. A software engineer is a person who applies the principles of software engineering to design, develop, maintain, test, and evaluate computer software. The term '' ...

. The actual application of these derives from necessary legal compliances, privacy policies and 'manifestos' such as Privacy-by-Design. Pbdmanifestoengineering

Towards the more implementation levels, privacy engineering employs

privacy enhancing technologies Privacy-enhancing technologies (PET) are technologies that embody fundamental data protection principles by minimizing personal data use, maximizing data security, and empowering individuals. PETs allow online users to protect the privacy of their ...

to enable anonymisation and

de-identification De-identification is the process used to prevent someone's personal identity from being revealed. For example, data produced during human subject research might be de-identified to preserve the privacy of research participants. Biological data ...

of data. Privacy engineering requires suitable security engineering practices to be deployed, and some privacy aspects can be implemented using security techniques. A privacy impact assessment is another tool within this context and its use does not imply that privacy engineering is being practiced. One area of concern is the proper definition and application of terms such as personal data, personally identifiable information, anonymisation and pseudo-anonymisation which lack sufficient and detailed enough meanings when applied to software, information systems and data sets. Another facet of information system privacy has been the ethical use of such systems with particular concern on

surveillance Surveillance is the monitoring of behavior, many activities, or information for the purpose of information gathering, influencing, managing or directing. This can include observation from a distance by means of electronic equipment, such as c ...

big data Though used sometimes loosely partly because of a lack of formal definition, the interpretation that seems to best describe Big data is the one associated with large body of information that we could not comprehend when used only in smaller am ...

collection,

artificial intelligence Artificial intelligence (AI) is intelligence—perceiving, synthesizing, and inferring information—demonstrated by machines, as opposed to intelligence displayed by animals and humans. Example tasks in which this is done include speech re ...

etc. Some members of the privacy and privacy engineering community advocate for the idea of ethics engineering or reject the possibility of engineering privacy into systems intended for surveillance. Software engineers often encounter problems when interpreting legal norms into current technology. Legal requirements are by nature neutral to technology, and will in case of legal conflict be interpreted by a court in the context of the current status of both technology and privacy practice.

Core practices

As this particular field is still in its infancy and somewhat dominated by the legal aspects, the following list just outlines the primary areas on which privacy engineering is based: * Data flow modelling * Development of suitable terminologies/ontologies for expressing types, usages, purposes etc. of information *

Privacy Impact Assessment A Privacy Impact Assessment (PIA) is a process which assists organizations in identifying and managing the privacy risks arising from new projects, initiatives, systems, processes, strategies, policies, business relationships etc. It benefits variou ...

(PIA) * Privacy management and processes *

Requirements engineering Requirements engineering (RE) is the process of defining, documenting, and maintaining requirements in the engineering design process. It is a common role in systems engineering and software engineering. The first use of the term ''requirement ...

Risk assessment Broadly speaking, a risk assessment is the combined effort of: # identifying and analyzing potential (future) events that may negatively impact individuals, assets, and/or the environment (i.e. hazard analysis); and # making judgments "on the to ...

Semantics Semantics (from grc, σημαντικός ''sēmantikós'', "significant") is the study of reference, meaning, or truth. The term can be used to refer to subfields of several distinct disciplines, including philosophy Philosophy (f ...

Despite the lack of a cohesive development of the above areas, courses already exist for the training of privacy engineering. The International Workshop on Privacy Engineering co-located with IEEE Symposium on Security and Privacy provides a venue to address "the gap between research and practice in systematizing and evaluating approaches to capture and address privacy issues while engineering information systems". A number of approaches to privacy engineering exist. The LINDDUN methodology takes a risk-centric approach to privacy engineering where personal data flows at risk are identified and then secured with privacy controls. Guidance for interpretation of the GDPR has been provided in the GDPR recitals, which have been coded into a decision toolhttps://privacypatterns.cs.ru.nl/tool/ that maps GDPR into software engineering forces with the goal to identify suitable privacy design patterns. One further approach uses eight privacy design strategies - four technical and four administrative strategies - to protect data and to implement data subject rights.

Aspects of information

Privacy engineering is particularly concerned with the processing of information over the following aspects or

ontologies In computer science and information science, an ontology encompasses a representation, formal naming, and definition of the categories, properties, and relations between the concepts, data, and entities that substantiate one, many, or all domains ...

and their relations to their implementation in software: * Data Processing Ontologies * Information Type Ontologies (as opposed to PII or machine types) * Notions of controller and processor * The notions of authority and identity (ostensibly of the source(s) of data) *

Provenance Provenance (from the French ''provenir'', 'to come from/forth') is the chronology of the ownership, custody or location of a historical object. The term was originally mostly used in relation to works of art but is now used in similar senses i ...

of information, including the notion of data subject * Purpose of information, viz: primary vs

secondary Secondary may refer to: Science and nature * Secondary emission, of particles ** Secondary electrons, electrons generated as ionization products * The secondary winding, or the electrical or electronic circuit connected to the secondary winding i ...

collection * Semantics of information and data sets (see also noise and anonymisation) * Usage of information Further to this how the above then affect the security classification, risk classification and thus the levels of protection and flow within a system can then the metricised or calculated.

Definitions of privacy

Privacy is an area dominated by legal aspects but requires implementation using, ostensibly, engineering techniques, disciplines and skills. Privacy Engineering as an overall discipline takes its basis from considering privacy not just as a legal aspect or engineering aspect and their unification but also utilizing the following areas: * Privacy as a philosophical aspect * Privacy as an economic aspect, particularly

game theory Game theory is the study of mathematical models of strategic interactions among rational agents. Myerson, Roger B. (1991). ''Game Theory: Analysis of Conflict,'' Harvard University Press, p.&nbs1 Chapter-preview links, ppvii–xi It has appli ...

* Privacy as a sociological aspect

Legal basis

The impetus for technological progress in privacy engineering stems from general

privacy law Privacy law is the body of law that deals with the regulating, storing, and using of personally identifiable information, personal healthcare information, and financial information of individuals, which can be Personally identifiable information ...

s and various particular legal acts: *

Children's Online Privacy Protection Act The Children's Online Privacy Protection Act of 1998 (COPPA) is a United States federal law, located at (). The act, effective April 21, 2000, applies to the online collection of personal information by persons or entities under U.S. juri ...

Driver's Privacy Protection Act The Driver's Privacy Protection Act of 1994 (also referred to as the "DPPA"), Title XXX of the Violent Crime Control and Law Enforcement Act, is a United States federal statute governing the privacy and disclosure of personal information gathered ...

Intimate Privacy Protection Act The Intimate Privacy Protection Act (IPPA) is a proposed amendment to Title 18 of the United States Code that would make it a crime to distribute nonconsensual pornography. The bill would "provide that it is unlawful to knowingly distribute a priv ...

* Online Privacy Protection Act *

Privacy Act of 1974 The Privacy Act of 1974 (, ), a United States federal law, establishes a Code of Fair Information Practice that governs the collection, maintenance, use, and dissemination of personally identifiable information about individuals that is maintaine ...

* Privacy Protection Act of 1980 * Telephone Records and Privacy Protection Act of 2006 *

Video Privacy Protection Act The Video Privacy Protection Act (VPPA) is a bill that was passed by the United States Congress in 1988 as and signed into law by President Ronald Reagan. It was created to prevent what it refers to as "wrongful disclosure of video tape rental ...

Notes and references

{{Engineering fields Security engineering