• Source: Privacy engineering

Privacy engineering is an emerging field of engineering which aims to provide methodologies, tools, and techniques to ensure systems provide acceptable levels of privacy. Its focus lies in organizing and assessing methods to identify and tackle privacy concerns within the engineering of information systems.
In the US, an acceptable level of privacy is defined in terms of compliance to the functional and non-functional requirements set out through a privacy policy, which is a contractual artifact displaying the data controlling entities compliance to legislation such as Fair Information Practices, health record security regulation and other privacy laws. In the EU, however, the General Data Protection Regulation (GDPR) sets the requirements that need to be fulfilled. In the rest of the world, the requirements change depending on local implementations of privacy and data protection laws.




Definition and scope


The definition of privacy engineering given by National Institute of Standards and Technology (NIST) is:

Focuses on providing guidance that can be used to decrease privacy risks, and enable organizations to make purposeful decisions about resource allocation and effective implementation of controls in information systems.
While privacy has been developing as a legal domain, privacy engineering has only really come to the fore in recent years as the necessity of implementing said privacy laws in information systems has become a definite requirement to the deployment of such information systems. For example, IPEN outlines their position in this respect as:

One reason for the lack of attention to privacy issues in development is the lack of appropriate tools and best practices. Developers have to deliver quickly in order to minimize time to market and effort, and often will re-use existing components, despite their privacy flaws. There are, unfortunately, few building blocks for privacy-friendly applications and services, and security can often be weak as well.
Privacy engineering involves aspects such as process management, security, ontology and software engineering. The actual application of these derives from necessary legal compliances, privacy policies and 'manifestos' such as Privacy-by-Design.

Towards the more implementation levels, privacy engineering employs privacy enhancing technologies to enable anonymisation and de-identification of data. Privacy engineering requires suitable security engineering practices to be deployed, and some privacy aspects can be implemented using security techniques. A privacy impact assessment is another tool within this context and its use does not imply that privacy engineering is being practiced.
One area of concern is the proper definition and application of terms such as personal data, personally identifiable information, anonymisation and pseudo-anonymisation which lack sufficient and detailed enough meanings when applied to software, information systems and data sets.
Another facet of information system privacy has been the ethical use of such systems with particular concern on surveillance, big data collection, artificial intelligence etc. Some members of the privacy and privacy engineering community advocate for the idea of ethics engineering or reject the possibility of engineering privacy into systems intended for surveillance.
Software engineers often encounter problems when interpreting legal norms into current technology. Legal requirements are by nature neutral to technology and will in case of legal conflict be interpreted by a court in the context of the current status of both technology and privacy practice.




Core practices


As this particular field is still in its infancy and somewhat dominated by the legal aspects, the following list just outlines the primary areas on which privacy engineering is based:

Data flow modelling
Development of suitable terminologies/ontologies for expressing types, usages, purposes etc. of information
Privacy Impact Assessment (PIA)
Privacy management and processes
Requirements engineering
Risk assessment
Semantics
Despite the lack of a cohesive development of the above areas, courses already exist for the training of privacy engineering. The International Workshop on Privacy Engineering co-located with IEEE Symposium on Security and Privacy provides a venue to address "the gap between research and practice in systematizing and evaluating approaches to capture and address privacy issues while engineering information systems".
A number of approaches to privacy engineering exist. The LINDDUN methodology takes a risk-centric approach to privacy engineering where personal data flows at risk are identified and then secured with privacy controls. Guidance for interpretation of the GDPR has been provided in the GDPR recitals, which have been coded into a decision tool that maps GDPR into software engineering forces with the goal to identify suitable privacy design patterns. One further approach uses eight privacy design strategies - four technical and four administrative strategies - to protect data and to implement data subject rights.




Aspects of information


Privacy engineering is particularly concerned with the processing of information over the following aspects or ontologies and their relations to their implementation in software:

Data Processing Ontologies
Information Type Ontologies (as opposed to PII or machine types)
Notions of controller and processor
The notions of authority and identity (ostensibly of the source(s) of data)
Provenance of information, including the notion of data subject
Purpose of information, viz: primary vs secondary collection
Semantics of information and data sets (see also noise and anonymisation)
Usage of information
Further to this how the above then affect the security classification, risk classification and thus the levels of protection and flow within a system can then the metricised or calculated.




Definitions of privacy


Privacy is an area dominated by legal aspects but requires implementation using, ostensibly, engineering techniques, disciplines and skills. Privacy Engineering as an overall discipline takes its basis from considering privacy not just as a legal aspect or engineering aspect and their unification but also utilizing the following areas:

Privacy as a philosophical aspect
Privacy as an economic aspect, particularly game theory
Privacy as a sociological aspect




Legal basis


The impetus for technological progress in privacy engineering stems from general privacy laws and various particular legal acts:

Children's Online Privacy Protection Act
Driver's Privacy Protection Act
Intimate Privacy Protection Act
Online Privacy Protection Act
Privacy Act of 1974
Privacy Protection Act of 1980
Telephone Records and Privacy Protection Act of 2006
Video Privacy Protection Act




See also


Data Protection Directive
Information security
Privacy software
Risk management
Free and open MOOC course module on privacy by design and management with Karlstad University's Privacy by Design on-line course.
Carnegie Mellon University's Privacy Engineering Program - Offers a rich curriculum on the technical, legal, and policy aspects of privacy engineering, this program is known for its comprehensive approach. Additional insights into the program's impact, as well as students' projects and work, are available on their dedicated blog.




Notes and references

Kata Kunci Pencarian:

• ChatGPT
• X (media sosial)
• Privasi internet
• Telnet
• Schneider Electric
• Ekonomi Singapura
• Upaya mitigasi kebocoran data
• WhatsApp
• Sistem pengenalan wajah
• TikTok
• Privacy engineering
• Privacy by design
• Privacy software
• Privacy laws of the United States
• George Danezis
• Right to privacy
• Privacy-enhancing technologies
• Consumer privacy
• Data security
• Privacy settings