Addressing the challenge of privacy engineering

Capgemini presents the framework for engineering privacy by design

Publish date:

The paradigm of privacy by design (PbD) has gained importance, both in academia and industry, since its inclusion in regulations, most notably in the EU General Data Protection Regulation (GDPR).

The main idea behind PbD is to embed privacy into the design of (the architecture of) an IT system rather than integrating it as a separate component after the system has been implemented. The first efforts to define PbD are credited to Cavoukian, who set out the core principles of this concept.

Figure 1: Privacy by design principles by Cavoukian

The importance of privacy by design has been generally acknowledged, with experts predicting that

… privacy will be an integral part of the next wave in the technology revolution and that innovators who are emphasizing privacy as an integral part of the product lifecycle are on the right track.”

However, translating these principles into engineering is still challenging; something that has been acknowledged, among others, by the European Union Agency for Network and Information Security (ENISA). Despite the fact that we are approaching the second year after entrance into force of the GDPR, there is still no standard or agreed best practice on how to integrate privacy into software development lifecycle.

In order to address this problem, Capgemini’s security expert, Dr. Fatbardh Veseli, together with researchers from Germany’s Goethe University and Sweden’s Karlstadt University, has developed a systematic approach to engineering privacy by design. The approach extends an existing privacy threat modeling framework – LINDDUN – and was demonstrated within the European innovation Project Credential to design and implement an architecture for a cloud-based, identity wallet platform.

Figure 2: Enhanced approach to applying privacy by design

The enhanced framework builds on data flow diagrams (DFDs) to model privacy threats at the design of a system. The framework itself is an instantiation of a model for privacy impact assessments (PIA), which is also required by the GDPR. Importantly, this approach addresses the need to consider environmental constraints, the project itself, and for an established process for continuously documenting such constraints and their impact on privacy into account. Furthermore, it defines mechanisms beyond privacy enhancing technologies (PETs) to mitigate identified threats, including the definition of organizational measures and promoting the integration privacy-friendly development principles in the software development lifecycle.

This framework has received positive feedback from different audiences within the EU, especially because it can directly be integrated into software engineering processes, addressing the acknowledged gap between regulation and engineering. Capgemini is happy to share this framework with its clients and guide them in integrating privacy into the software engineering practice, supporting compliance with (the principle of privacy by design of) the EU-GDPR. The enhanced framework is publicly available from Springer.

For more information, visit www.capgemini.com/cybersecurity

Related Posts

Cybersecurity

Cybersecurity: Don’t trust anyone

Geert van der Linden
Date icon November 25, 2020

Zero-trust security isn’t a one-time measure, it’s a check that must be carried out again and...

Cybersecurity

Cybersecurity Architecture: Some matters of opinion

Lee Newcombe
Date icon November 18, 2020

Good architecture helps to align the systems we build and operate to the underlying needs of...

Cybersecurity

Application Security Testing: Agility meets security

Date icon October 27, 2020

By combining automated processes and human expertise in effective and relevant solutions, it...