Skip to Content

Addressing the challenge of privacy engineering

Capgemini
June 23, 2020

The main idea behind PbD is to embed privacy into the design of (the architecture of) an IT system rather than integrating it as a separate component after the system has been implemented. The first efforts to define PbD are credited to Cavoukian, who set out the core principles of this concept.

Figure 1: Privacy by design principles by Cavoukian

The importance of privacy by design has been generally acknowledged, with experts predicting that

… privacy will be an integral part of the next wave in the technology revolution and that innovators who are emphasizing privacy as an integral part of the product lifecycle are on the right track.”

However, translating these principles into engineering is still challenging; something that has been acknowledged, among others, by the European Union Agency for Network and Information Security (ENISA). Despite the fact that we are approaching the second year after entrance into force of the GDPR, there is still no standard or agreed best practice on how to integrate privacy into software development lifecycle.

In order to address this problem, Capgemini’s security expert, Dr. Fatbardh Veseli, together with researchers from Germany’s Goethe University and Sweden’s Karlstadt University, has developed a systematic approach to engineering privacy by design. The approach extends an existing privacy threat modeling framework – LINDDUN – and was demonstrated within the European innovation Project Credential to design and implement an architecture for a cloud-based, identity wallet platform.

Figure 2: Enhanced approach to applying privacy by design

The enhanced framework builds on data flow diagrams (DFDs) to model privacy threats at the design of a system. The framework itself is an instantiation of a model for privacy impact assessments (PIA), which is also required by the GDPR. Importantly, this approach addresses the need to consider environmental constraints, the project itself, and for an established process for continuously documenting such constraints and their impact on privacy into account. Furthermore, it defines mechanisms beyond privacy enhancing technologies (PETs) to mitigate identified threats, including the definition of organizational measures and promoting the integration privacy-friendly development principles in the software development lifecycle.

This framework has received positive feedback from different audiences within the EU, especially because it can directly be integrated into software engineering processes, addressing the acknowledged gap between regulation and engineering. Capgemini is happy to share this framework with its clients and guide them in integrating privacy into the software engineering practice, supporting compliance with (the principle of privacy by design of) the EU-GDPR. The enhanced framework is publicly available from Springer.

For more information, visit here.