# Privacy engineering

> Mediated Wiki article. Canonical URL: https://mediated.wiki/source/Privacy_engineering
> Markdown URL: https://mediated.wiki/source/Privacy_engineering.md
> Source: https://en.wikipedia.org/wiki/Privacy_engineering
> Source revision: 1347009826
> License: Creative Commons Attribution-ShareAlike 4.0 International (https://creativecommons.org/licenses/by-sa/4.0/)

Aspect of information systems engineering

**Privacy engineering** is an emerging field of engineering which aims to provide methodologies, tools, and techniques to ensure systems provide acceptable levels of [privacy](/source/Privacy). Its focus lies in organizing and assessing methods to identify and tackle privacy concerns within the engineering of [information systems](/source/Information_system).[1]

In the [US](/source/United_States), an acceptable level of privacy is defined in terms of compliance to the functional and non-functional requirements set out through a [privacy policy](/source/Privacy_policy), which is a contractual artifact displaying the data controlling entities compliance to legislation such as [Fair Information Practices](/source/FTC_fair_information_practice), health record security regulation and other [privacy laws](/source/Privacy_laws_of_the_United_States). In the [EU](/source/European_Union), however, the [General Data Protection Regulation](/source/General_Data_Protection_Regulation) (GDPR) sets the requirements that need to be fulfilled. In the rest of the world, the requirements change depending on local implementations of [privacy](/source/Privacy_law) and [data protection](/source/Information_privacy) laws.

## Definition and scope

The definition of privacy engineering given by [National Institute of Standards and Technology (NIST)](/source/National_Institute_of_Standards_and_Technology) is:[2]

*Focuses on providing guidance that can be used to decrease privacy risks, and enable organizations to make purposeful decisions about resource allocation and effective implementation of controls in information systems.*

While privacy has been developing as a legal domain, privacy engineering has only really come to the fore in recent years as the necessity of implementing said privacy laws in information systems has become a definite requirement to the deployment of such information systems. For example, IPEN outlines their position in this respect as:[3]

One reason for the lack of attention to privacy issues in development is the lack of appropriate tools and best practices. Developers have to deliver quickly in order to minimize time to market and effort, and often will re-use existing components, despite their privacy flaws. There are, unfortunately, few building blocks for privacy-friendly applications and services, and security can often be weak as well.

Privacy engineering involves aspects such as process management, [security](/source/Security), [ontology](/source/Ontology_(information_science)) and [software engineering](/source/Software_engineering).[4] The actual application of these derives from necessary legal compliances, privacy policies and 'manifestos' such as [Privacy-by-Design](/source/Privacy_by_Design).[5]

Relationship between PbD and Privacy Engineering

Towards the more implementation levels, privacy engineering employs [privacy enhancing technologies](/source/Privacy-enhancing_technologies) to enable [anonymisation](/source/Anonymisation) and [de-identification](/source/De-identification) of data. Privacy engineering requires suitable security engineering practices to be deployed, and some privacy aspects can be implemented using security techniques. A privacy impact assessment is another tool within this context and its use does not imply that privacy engineering is being practiced.

One area of concern is the proper definition and application of terms such as personal data, personally identifiable information, anonymisation and [pseudo-anonymisation](/source/Pseudo-anonymisation) which lack sufficient and detailed enough meanings when applied to software, information systems and data sets.

Another facet of information system privacy has been the ethical use of such systems with particular concern on [surveillance](/source/Surveillance), [big data](/source/Big_data) collection, [artificial intelligence](/source/Artificial_intelligence) etc. Some members of the privacy and privacy engineering community advocate for the idea of [ethics engineering](/source/Ethics_engineering) or reject the possibility of engineering privacy into systems intended for surveillance.

Software engineers often encounter problems when interpreting legal norms into current technology. Legal requirements are by nature neutral to technology and will in case of legal conflict be interpreted by a court in the context of the current status of both technology and privacy practice.

## Core practices

As this particular field is still in its infancy and somewhat dominated by the legal aspects, the following list just outlines the primary areas on which privacy engineering is based:

- [Data flow modelling](/source/Data_flow_diagram)

- Development of suitable terminologies/ontologies for expressing types, usages, purposes etc. of information

- [Privacy Impact Assessment](/source/Privacy_Impact_Assessment) (PIA)

- Privacy management and processes[6][7]

- [Requirements engineering](/source/Requirements_engineering)

- [Risk assessment](/source/Risk_assessment)

- [Semantics](/source/Semantics)

Despite the lack of a cohesive development of the above areas, courses already exist for the training of privacy engineering.[8][9][10] The International Workshop on Privacy Engineering co-located with [IEEE Symposium](/source/IEEE_Symposium_on_Computer_Arithmetic) on Security and Privacy provides a venue to address "the gap between research and practice in systematizing and evaluating approaches to capture and address privacy issues while engineering information systems".[11][12][13]

A number of approaches to privacy engineering exist. The LINDDUN[14] methodology takes a risk-centric approach to privacy engineering where personal data flows at risk are identified and then secured with privacy controls.[15][16] Guidance for interpretation of the GDPR has been provided in the GDPR recitals,[17] which have been coded into a decision tool[18] that maps GDPR into software engineering forces[18] with the goal to identify suitable privacy design patterns.[19][20] One further approach uses eight privacy design strategies - four technical and four administrative strategies - to protect data and to implement data subject rights.[21]

## Aspects of information

Privacy engineering is particularly concerned with the processing of information over the following aspects or [ontologies](/source/Upper_ontology) and their relations[22] to their implementation in software:

- Data Processing Ontologies

- Information Type Ontologies (as opposed to PII or machine types)

- Notions of controller and processor[23]

- The notions of authority and identity (ostensibly of the source(s) of data)

- [Provenance](/source/Data_provenance) of information, including the notion of data subject[24]

- Purpose of information, viz: primary vs [secondary](/source/Secondary_data) collection

- [Semantics of information](/source/Semantic_data_model) and data sets (see also noise and [anonymisation](/source/Data_anonymization))

- Usage of information

Further to this how the above then affect the security classification, risk classification and thus the levels of protection and flow within a system can then the metricised or calculated.

## Definitions of privacy

Privacy is an area dominated by legal aspects but requires implementation using, ostensibly, engineering techniques, disciplines and skills. Privacy Engineering as an overall discipline takes its basis from considering privacy not just as a legal aspect or engineering aspect and their unification but also utilizing the following areas:[25]

- Privacy as a philosophical aspect

- Privacy as an economic aspect, particularly [game theory](/source/Game_theory)

- Privacy as a sociological aspect

## Legal basis

The impetus for technological progress in privacy engineering stems from general [privacy laws](/source/Privacy_law) and various particular legal acts:

- [Children's Online Privacy Protection Act](/source/Children's_Online_Privacy_Protection_Act)

- [Driver's Privacy Protection Act](/source/Driver's_Privacy_Protection_Act)

- [Intimate Privacy Protection Act](/source/Intimate_Privacy_Protection_Act)

- [Online Privacy Protection Act](/source/Online_Privacy_Protection_Act)

- [Privacy Act of 1974](/source/Privacy_Act_of_1974)

- [Privacy Protection Act of 1980](/source/Privacy_Protection_Act_of_1980)

- [Telephone Records and Privacy Protection Act of 2006](/source/Telephone_Records_and_Privacy_Protection_Act_of_2006)

- [Video Privacy Protection Act](/source/Video_Privacy_Protection_Act)

## See also

- [Data Protection Directive](/source/Data_Protection_Directive)

- [Information security](/source/Information_security)

- [Privacy software](/source/Privacy_software)

- [Risk management](/source/Risk_management)

- Free and open [MOOC](/source/Massive_open_online_course) course module on privacy by design and management with [Karlstad University](/source/Karlstad_University)'s Privacy by Design on-line course.[26][27]

- [Carnegie Mellon University's Privacy Engineering Program](https://privacy.cs.cmu.edu/index.html) - Offers a rich curriculum on the technical, legal, and policy aspects of privacy engineering, this program is known for its comprehensive approach. Additional insights into the program's impact, as well as [students' projects and work](https://privacy-engineering-cmu.github.io/), are available on their dedicated blog.[28][29]

## Notes and references

1. **[^](#cite_ref-1)** Gürses, Seda, and Jose M. Del Alamo. "Privacy engineering: Shaping an emerging field of research and practice." *IEEE Security & Privacy* 14.2 (2016): 40-46.

1. **[^](#cite_ref-2)** ["Privacy Engineering at NIST"](http://csrc.nist.gov/projects/privacy_engineering/index.html). NIST. Retrieved 3 May 2015.

1. **[^](#cite_ref-3)** ["Background and purpose"](https://secure.edps.europa.eu/EDPSWEB/edps/EDPS/IPEN). Retrieved 9 May 2015.

1. **[^](#cite_ref-4)** Oliver, Ian (July 2014). [*Privacy Engineering: A Dataflow and Ontological Approach*](https://web.archive.org/web/20180314095044/http://www.privacyengineeringbook.net/) (1st ed.). CreateSpace. [ISBN](/source/ISBN_(identifier)) [978-1497569713](https://en.wikipedia.org/wiki/Special:BookSources/978-1497569713). Archived from [the original](http://www.privacyengineeringbook.net) on 14 March 2018. Retrieved 3 May 2015.

1. **[^](#cite_ref-5)** Gürses, Seda; Troncoso, Carmela; Diaz, Claudia (2011). [*Engineering Privacy by Design*](https://www.cosic.esat.kuleuven.be/publications/article-1542.pdf) (PDF). International Conference on Privacy and Data Protection (CPDP) Book. Retrieved 11 May 2015.

1. **[^](#cite_ref-6)** Dennedy, Fox, Finneran (2014-01-23). *The Privacy Engineer's Manifesto* (1st ed.). APress. [ISBN](/source/ISBN_(identifier)) [978-1-4302-6355-5](https://en.wikipedia.org/wiki/Special:BookSources/978-1-4302-6355-5).{{[cite book](https://en.wikipedia.org/wiki/Template:Cite_book)}}: CS1 maint: multiple names: authors list ([link](https://en.wikipedia.org/wiki/Category:CS1_maint:_multiple_names:_authors_list))

1. **[^](#cite_ref-7)** MITRE Corp. ["Privacy Engineering Framework"](https://web.archive.org/web/20150504001843/http://www.mitre.org/publications/technical-papers/privacy-engineering-framework). Archived from [the original](http://www.mitre.org/publications/technical-papers/privacy-engineering-framework) on 4 May 2015. Retrieved 4 May 2015.

1. **[^](#cite_ref-8)** ["MSIT-Privacy Engineering"](http://privacy.cs.cmu.edu). Carnegie Mellon University.

1. **[^](#cite_ref-9)** ["Privacy Engineering"](https://cybersecurity.berkeley.edu/academics/curriculum/privacy-engineering/). *cybersecurity.berkeley.edu*. University of California, Berkeley.

1. **[^](#cite_ref-10)** Oliver, Ian (17 March 2015). ["Introduction to Privacy and Privacy Engineering"](https://web.archive.org/web/20150518110133/http://www.slideshare.net/ianoliver79/introduction-to-privacy-and-privacy-engineering). EIT Summer School, University of Brighton. Archived from [the original](https://www.slideshare.net/ianoliver79/introduction-to-privacy-and-privacy-engineering) on 18 May 2015. Retrieved 9 May 2015.

1. **[^](#cite_ref-11)** ["International Workshop on Privacy Engineering"](http://ieee-security.org/TC/SPW2017/IWPfxfE/). IEEE Security.

1. **[^](#cite_ref-12)** ["IEEE Symposium on Security and Privacy"](http://www.ieee-security.org/TC/SP2017/index.html). IEEE Security.

1. **[^](#cite_ref-13)** Gurses, Del Alamo (Mar 2016), "Privacy Engineering: Shaping an Emerging Field of Research and Practice", *IEEE Security and Privacy*, **14** (2): 40, [Bibcode](/source/Bibcode_(identifier)):[2016ISPri..14b..40G](https://ui.adsabs.harvard.edu/abs/2016ISPri..14b..40G), [doi](/source/Doi_(identifier)):[10.1109/MSP.2016.37](https://doi.org/10.1109%2FMSP.2016.37)

1. **[^](#cite_ref-14)** ["HOME"](https://www.linddun.org/). *LINDDUN*.

1. **[^](#cite_ref-15)** "A LINDDUN-Based framework for privacy threat analysis on identification and authentication processes". *Computers & Security*.

1. **[^](#cite_ref-16)** [Wuyts, K., & Joosen, W. (2015). LINDDUN privacy threat modeling: a tutorial. *CW Reports*. accessed 2019-12-10](https://lirias.kuleuven.be/retrieve/331950)

1. **[^](#cite_ref-17)** ["Recitals of the GDPR (General Data Protection Regulation)"](https://gdpr-info.eu/recitals/).

1. ^ [***a***](#cite_ref-auto_18-0) [***b***](#cite_ref-auto_18-1) ["GDPR tool"](https://privacypatterns.cs.ru.nl/tool/).

1. **[^](#cite_ref-19)** Colesky, M.; Demetzou, K.; Fritsch, L.; Herold, S. (2019-03-01). ["Helping Software Architects Familiarize with the General Data Protection Regulation"](http://urn.kb.se/resolve?urn=urn:nbn:se:kau:diva-71838). *2019 IEEE International Conference on Software Architecture Companion (ICSA-C)*. pp. 226–229. [doi](/source/Doi_(identifier)):[10.1109/ICSA-C.2019.00046](https://doi.org/10.1109%2FICSA-C.2019.00046). [ISBN](/source/ISBN_(identifier)) [978-1-7281-1876-5](https://en.wikipedia.org/wiki/Special:BookSources/978-1-7281-1876-5). [S2CID](/source/S2CID_(identifier)) [155108256](https://api.semanticscholar.org/CorpusID:155108256).

1. **[^](#cite_ref-20)** Lenhard, J.; Fritsch, L.; Herold, S. (2017-08-01). "A Literature Study on Privacy Patterns Research". *2017 43rd Euromicro Conference on Software Engineering and Advanced Applications (SEAA)*. pp. 194–201. [doi](/source/Doi_(identifier)):[10.1109/SEAA.2017.28](https://doi.org/10.1109%2FSEAA.2017.28). [ISBN](/source/ISBN_(identifier)) [978-1-5386-2141-7](https://en.wikipedia.org/wiki/Special:BookSources/978-1-5386-2141-7). [S2CID](/source/S2CID_(identifier)) [26302099](https://api.semanticscholar.org/CorpusID:26302099).

1. **[^](#cite_ref-21)** Colesky, M.; Hoepman, J.; Hillen, C. (2016-05-01). "A Critical Analysis of Privacy Design Strategies". *2016 IEEE Security and Privacy Workshops (SPW)*. pp. 33–40. [doi](/source/Doi_(identifier)):[10.1109/SPW.2016.23](https://doi.org/10.1109%2FSPW.2016.23). [ISBN](/source/ISBN_(identifier)) [978-1-5090-3690-5](https://en.wikipedia.org/wiki/Special:BookSources/978-1-5090-3690-5). [S2CID](/source/S2CID_(identifier)) [15713950](https://api.semanticscholar.org/CorpusID:15713950).

1. **[^](#cite_ref-22)** Stanford Encyclopedia of Philosophy. ["Semantic Conceptions of Information"](http://plato.stanford.edu/entries/information-semantic/). Retrieved 9 May 2015.

1. **[^](#cite_ref-23)** Article 29 Data Protection Working Party (16 February 2010), *Opinion 1/2010 on the concepts of "controller" and "processor"*, vol. 00264/10/EN WP 169{{[citation](https://en.wikipedia.org/wiki/Template:Citation)}}: CS1 maint: numeric names: authors list ([link](https://en.wikipedia.org/wiki/Category:CS1_maint:_numeric_names:_authors_list))

1. **[^](#cite_ref-24)** Paul Groth, Luc Moreau. ["An Overview of the PROV Family of Documents"](http://www.w3.org/TR/prov-overview/). W3C. Retrieved 10 May 2015.

1. **[^](#cite_ref-25)** Gurses, Seda; del Alamo, Jose M. (March 2016). "Privacy Engineering: Shaping an Emerging Field of Research and Practice". *IEEE Security & Privacy*. **14** (2): 40–46. [Bibcode](/source/Bibcode_(identifier)):[2016ISPri..14b..40G](https://ui.adsabs.harvard.edu/abs/2016ISPri..14b..40G). [doi](/source/Doi_(identifier)):[10.1109/MSP.2016.37](https://doi.org/10.1109%2FMSP.2016.37). [ISSN](/source/ISSN_(identifier)) [1540-7993](https://search.worldcat.org/issn/1540-7993). [S2CID](/source/S2CID_(identifier)) [10983799](https://api.semanticscholar.org/CorpusID:10983799).

1. **[^](#cite_ref-26)** ["Privacy by design | Karlstads universitet"](https://www.kau.se/cs/pbd). *www.kau.se*.

1. **[^](#cite_ref-27)** Fischer-Hübner, Simone; Martucci, Leonardo A.; Fritsch, Lothar; Pulls, Tobias; Herold, Sebastian; Iwaya, Leonardo H.; Alfredsson, Stefan; Zuccato, Albin (2018). ["A MOOC on Privacy by Design and the GDPR"](https://hal.inria.fr/hal-02125760/file/472720_1_En_8_Chapter.pdf) (PDF). In Drevin, Lynette; Theocharidou, Marianthi (eds.). *Information Security Education – Towards a Cybersecure Society*. IFIP Advances in Information and Communication Technology. Vol. 531. Springer International Publishing. pp. 95–107. [doi](/source/Doi_(identifier)):[10.1007/978-3-319-99734-6_8](https://doi.org/10.1007%2F978-3-319-99734-6_8). [ISBN](/source/ISBN_(identifier)) [978-3-319-99734-6](https://en.wikipedia.org/wiki/Special:BookSources/978-3-319-99734-6).

1. **[^](#cite_ref-28)** ["Carnegie Mellon University Privacy Engineering Program"](https://privacy.cs.cmu.edu/index.html).

1. **[^](#cite_ref-29)** ["CMU Privacy Engineering Student Blogs and Work"](https://privacy-engineering-cmu.github.io/).

v t e Privacy Principles Right of access to personal data Reasonable expectation of privacy Right to privacy Right to be forgotten Post-mortem privacy Privacy laws Australia Brazil Canada China Denmark England European Union Germany Ghana New Zealand Russia Singapore Sri Lanka Switzerland United Kingdom United States California, amended in 2020 Data protection authorities Australia Denmark European Union France Germany India Indonesia Ireland Isle of Man Netherlands Norway Philippines Poland South Korea Spain Sweden Switzerland Thailand Turkey United Kingdom Areas Consumer Digital Education Medical Workplace Information privacy Automotive Law Financial Internet Facebook Google Twitter Email Personal data Personal identifier Social networking services Privacy-enhancing technologies Privacy engineering Privacy-invasive software Privacy policy Privacy software Secret ballot Virtual assistant privacy Advocacy organizations American Civil Liberties Union Center for Democracy and Technology Computer Professionals for Social Responsibility Data Privacy Lab Electronic Frontier Foundation Electronic Privacy Information Center European Digital Rights Future of Privacy Forum Global Network Initiative International Association of Privacy Professionals NOYB Privacy International See also Anonymity Cellphone surveillance Data security Eavesdropping Global surveillance Identity theft Mass surveillance Panopticon PRISM Search warrant Wiretapping Human rights Personality rights Category

v t e Engineering History Outline List of engineering branches Specialties and interdisciplinarity Civil Architectural Coastal Construction Earthquake Ecological Environmental Sanitary Geological Geotechnical Hydraulic Mining Municipal/urban Offshore River Structural Transportation Traffic Railway Mechanical Acoustic Aerospace Automotive Biomechanical Energy Manufacturing Marine Naval architecture Railway Sports Thermal Tribology Electrical Broadcast outline Control Electromechanics Electronics Microwaves Optical Power Radio-frequency Signal processing Telecommunications Chemical Biochemical/bioprocess Biological Bioresource Genetic Tissue Chemical reaction Electrochemical Food Molecular Paper Petroleum Process Reaction Materials Biomaterial Ceramics Corrosion Metallurgy Molecular Nanotechnology Polymers Semiconductors Surfaces Computer AI Computer Cybersecurity Data Networks Robotics Software Engineering education Bachelor of Engineering Bachelor of Science Master's degree Doctorate Graduate certificate Engineer's degree Licensed engineer Related topics Engineer Reverse Engineering Glossaries Engineering A–L M–Z Aerospace engineering Civil engineering Electrical and electronics engineering Mechanical engineering Structural engineering Other Agricultural Audio Automation Biomedical Bioinformatics Clinical Health technology Pharmaceutical Rehabilitation Building services MEP Design Explosives Facilities Fire Forensic Climate Geomatics Graphics Industrial Information Instrumentation Instrumentation and control Logistics Management Mathematics Mechatronics Military Nuclear Ontology Packaging Physics Privacy Safety Security Survey Sustainability Systems Textile Category Commons Wikiproject Portal

---
Adapted from the Wikipedia article [Privacy engineering](https://en.wikipedia.org/wiki/Privacy_engineering) by Wikipedia contributors ([contributor history](https://en.wikipedia.org/wiki/Privacy_engineering?action=history)). Available under [Creative Commons Attribution-ShareAlike 4.0 International](https://creativecommons.org/licenses/by-sa/4.0/). Changes may have been made.