This note is the abstract of the doctoral thesis “CONTRIBUCIÓN AL DISEÑO DE SISTEMAS RESPETUOSOS CON LA PRIVACIDAD USANDO PATRONES”, which is stored at the university repository (http://oa.upm.es/65829/).

All the associated papers to this doctoral thesis and its research line are listed at the end of this note.

Today, data and its processing are inherent in the digital society we live in. Data have become so linked to people that to guarantee their human right to privacy, their personal data must be protected. The scenario is complex. Organizations use data to support their business models, and people are increasingly aware of and concerned about their privacy. Additionally, there have been scandals involving the massive and illicit use of data.

Different mechanisms have been defined to try to establish order in such a scenario. For example, the concept of Privacy by Design aims to create information systems ensuring the protection of people’s right to privacy from their conception. This concept has been embraced by legislation such as the European General Data Protection Regulation of 2016, which, in a more pragmatic approach, mandates Data Protection by Design.

Tools, techniques, methods and theories proposed by the emerging field of Privacy Engineering would make it possible to fulfill this mandate. The number of these proposals has been continuously increasing, but those oriented to the design activity in systems development are scattered and still need to prove their usefulness in practice. However, given the necessity of these elements to support developers, several of them (e.g., methods) are already part of reports and technical recommendations made by the Spanish Data Protection Authority and the European Union Agency for Cybersecurity.

This doctoral thesis aims to contribute to the knowledge about the design of privacy-aware systems by making advances towards its implementation in practice. It specifically focuses on design patterns as they naturally fit into the current situation of privacy engineering. That is, the design process must take into account considerations coming from different fields (e.g., legal, technical), the level of privacy to be achieved depends on the application context of a system being designed (e.g., health, location), developers are not privacy experts and design patterns are well-known elements in the software development process.

In order to achieve this objective, this thesis has been divided into three parts. The first part, after an exhaustive systematic study of the state of the art, presents a map of reusable elements for the design of privacy-aware information systems. The map clearly shows a group of the following elements capturing the most attention from researchers: methods and strategies, reference models, privacy patterns and tools. Privacy patterns in particular are a cross-cutting research area and have the most contributions of any of these elements.

The analysis of the research in privacy patterns shows that most of these contributions have focused on the development of new patterns and on methods and approaches based on these new patterns. However, the question of how to apply privacy patterns successfully has received little attention. There is a great need to study this topic to implement patterns in practice and to prove the benefits assumed by other privacy-pattern-based approaches.

Thus, the second part of this thesis discusses in detail the process of applying privacy patterns. An exploratory experimental study is performed to determine developers’ perception about privacy patterns and to prove the benefits usually attributed to their application. To identify points of improvement, a study is carried out to analyze the most mature research area of the security patterns and to elaborate a framework that organizes the elements that positively or negatively affect the successful application of patterns. In addition, those elements that would have the greatest positive impact on achieving a successful pattern application are identified.

Finally, in the third part of this thesis, the most impactful and priority elements are developed: a taxonomy of types of relationships for privacy patterns and two systems of privacy patterns. The taxonomy makes it easy for researchers to establish normalized relationships between privacy patterns. Furthermore, it would allow a developer to navigate through groups of privacy patterns to find the most appropriate pattern to solve a problem. Regarding the pattern systems, the first one focuses on informing users about the processing of their personal data, while the other allows users to control such processing. The study uses a group of privacy patterns from the repository available at privacypatterns.org and updates them to allow them to reach the pattern system level.

The contributions made throughout this thesis provide a comprehensive overview of the elements of privacy-aware design, address for the first time the issues regarding the application of privacy patterns, create a framework that points the way for many future contributions and elaborate on two of the most impactful elements. In this way, the stated objective is achieved.

Associated papers to this doctoral thesis and its research line:

  • Caiza, J. C., Martin, Y.-S., Guaman, D. S., Del Alamo, J. M., & Yelmo, J. C. (2019). Reusable Elements for the Systematic Design of Privacy-Friendly Information Systems: A Mapping Study. IEEE Access, 7, 66512–66535. https://doi.org/10.1109/ACCESS.2019.2918003
  • Julio C. Caiza, Jose M. Del Alamo, Danny S. Guamán, and Ángel Jaramillo-Alcázar. 2021. An exploratory experiment on privacy patterns: limitations and possibilities. In Proceedings of ACM SAC Conference, Gwangju, South Korea, March 22- March 26, 2021 (SAC’21), 8 pages. DOI: 10.1145/3412841.3441995
  • Caiza, J. C., Del Alamo, J. M., & Guamán, D. S. (2020). A framework and roadmap for enhancing the application of privacy design patterns. The 35th ACM/SIGAPP Symposium On Applied Computing, 1297–1304. https://doi.org/10.1145/3341105.3375768
  • Caiza, J. C., Martín, Y.-S., Del Alamo, J. M., & Guamán, D. S. (2017). Organizing design patterns for privacy: A taxonomy of types of relationships. Proceedings of the 22nd European Conference on Pattern Languages of Programs – EuroPLoP ’17, 1–11. https://doi.org/10.1145/3147704.3147739
  • Colesky, M., Caiza, J. C., Del Álamo, J., Hoepman, J.-H., & Martín, Y.-S. (2018). A system of privacy patterns for user control. 33rd Annual ACM Symposium on Applied Computing, 1150–1156. https://doi.org/10.1145/3167132.3167257
  • Colesky, M., & Caiza, J. C. (2019). A System of Privacy Patterns for Informing Users: Creating a Pattern System. Proceedings of the 23rd European Conference on Pattern Languages of Programs – EuroPLoP ’18, 1–11. https://doi.org/10.1145/3282308.3282325

About Julio César Caiza

Starting in the world of Privacy Research. PhD student at Universidad Politécnica de Madrid (SPAIN). Auxiliary Professor at Escuela Politécnica Nacional (ECUADOR).

CC BY-NC-ND 4.0 Contributions to the design of privacy-friendly systems using patterns por jcaiza está licenciado bajo una Licencia Creative Commons Atribución-NoComercial-SinDerivar 4.0 Internacional.

Deja un comentario

Tu dirección de correo electrónico no será publicada. Los campos obligatorios están marcados con *