Towards a principled approach for engineering privacy by design

Privacy by Design has emerged as a proactive, integrative, and creative approach for embedding privacy requirements into the early stages of the design of information and communication technologies, business practices, and physical designs and infrastructures. Yet, Privacy by Design is no `silver bullet'. Challenges involved in engineering Privacy by Design include a lack of holistic, systematic and integrative methodologies that address the complexity and variability of privacy, and support the translation of its foundational principles into engineering activities. In some ways this is understandable: the approach was developed to take into account a range of sources and standards. However, a consequence is that its foundational principles are given at a high level of abstraction without accompanying methodologies and guidelines to elicit concrete privacy requirements and specify appropriate design decisions. In this report, we analyse three privacy requirements engineering methods from which we derived a set of criteria that meet these challenges. In essence, these criteria are in consonance with the foundational principles of Privacy by Design to aid software engineers in identifying activities that can lead to privacy harms in a concrete and meaningful manner, and specifying appropriate design decisions at an architectural level in a rational and positive-sum manner. To this end, we put forward a proposal for engineering Privacy by Design that can be developed upon these criteria.