Addressing the challenge of privacy engineering

The main idea behind PbD is to embed privacy into the design of (the architecture of) an IT system rather than integrating it as a separate component after the system has been implemented. The first efforts to define PbD are credited to Cavoukian, who set out the core principles of this concept.

The importance of privacy by design has been generally acknowledged, with experts predicting that

“… privacy will be an integral part of the next wave in the technology revolution and that innovators who are emphasizing privacy as an integral part of the product lifecycle are on the right track.”

However, translating these principles into engineering is still challenging; something that has been acknowledged, among others, by the European Union Agency for Network and Information Security (ENISA). Despite the fact that we are approaching the second year after entrance into force of the GDPR, there is still no standard or agreed best practice on how to integrate privacy into software development lifecycle.

In order to address this problem, Capgemini’s security expert, Dr. Fatbardh Veseli, together with researchers from Germany’s Goethe University and Sweden’s Karlstadt University, has developed a systematic approach to engineering privacy by design. The approach extends an existing privacy threat modeling framework – LINDDUN – and was demonstrated within the European innovation Project Credential to design and implement an architecture for a cloud-based, identity wallet platform.

The enhanced framework builds on data flow diagrams (DFDs) to model privacy threats at the design of a system. The framework itself is an instantiation of a model for privacy impact assessments (PIA), which is also required by the GDPR. Importantly, this approach addresses the need to consider environmental constraints, the project itself, and for an established process for continuously documenting such constraints and their impact on privacy into account. Furthermore, it defines mechanisms beyond privacy enhancing technologies (PETs) to mitigate identified threats, including the definition of organizational measures and promoting the integration privacy-friendly development principles in the software development lifecycle.

This framework has received positive feedback from different audiences within the EU, especially because it can directly be integrated into software engineering processes, addressing the acknowledged gap between regulation and engineering. Capgemini is happy to share this framework with its clients and guide them in integrating privacy into the software engineering practice, supporting compliance with (the principle of privacy by design of) the EU-GDPR. The enhanced framework is publicly available from Springer.

For more information, visit our Cybersecurity-page.

Dr. Fatbardh Veseli

Expert in Identity and Access Management, Privacy-by-Design, Security Management

I work as a senior cybersecurity consultant within Capgemini’s Cloud Infrastructure Services and cover a broad spectrum of topics. My topical focus lies within the topics of privacy architecture and I follow an end-to-end approach to addressing practical challenges within privacy engineering / privacy by design from a technical, organizational and regulatory perspective. Similarly, I complement privacy with further security domains, including identity and access management, threat modeling, and general enterprise architecture.
My work experience covers both major research and industry projects in Germany and Europe, where I had the chance to contribute both technically and in management positions to not only complying, but also contributing to shaping relevant regulation and standardization projects.
I hold talks on my topics of expertise worldwide and gladly continue to contribute in identifying and addressing gaps in these domains both within scientific and business conferences. In this regard, I am happy to be a part of shaping today’s and tomorrow’s information security landscape.