Embedding Privacy into Software Systems : A Privacy Engineering Methodology for Data Minimisation

Abstract

Ubiquitous software systems (online shopping, social networking apps) today collect, store and process user data, such as user’s name, age, credit card number and location. If these systems collect unnecessary data, and store and share data without implementing privacy, data could be hacked and used to steal a users’ identity, or to cause reputation or/and financial loss to users. Therefore, systems should be designed taking privacy into account. Data Minimisation (DM) is a privacy concept that is recognised in the European General Data Protection Directive, which shows that systems should minimise the collection and use of data in a system by design. However, the developers who design systems are not privacy experts. They are unable to implement DM in systems without guidance. Therefore, the research reported in this thesis focuses on developing a Privacy Engineering Methodology (PEM) that would enable developers to implement DM in software systems through understanding data privacy risks. Three experiments were conducted in this endeavour. The first experiment investigated the difficulties faced by developers when following privacy concepts, similar to DM into their development practices. The findings showed that developers lacked knowledge on privacy concepts and that most concepts are not compatible with the way developers usually work. The second experiment investigated privacy risks associated with data in software systems. The results indicated that the sensitivity of data and the visibility of the data in a system were directly proportional to the data privacy risk, and the relevance of data to the system was inversely proportional to the data privacy risk. Knowledge from experiments one and two were used to develop a PEM that enables developers to practice DM through understanding the data privacy risks associated with data. The final experiment of the thesis investigated the intention of software developers to use the PEM using a modified version of the Technology Acceptance Model (TAM). Results indicated that developers had a positive intention to use the PEM and that understanding data privacy risks enable developers to decide how to ensure user privacy in systems. Therefore, this thesis determines that data privacy risks could be used as an effective tool to enable software developers to practice DM. The thesis also encourages that common privacy theories should be presented as PEMs to enable developers to use them within their development practices