Privacy by Design: From Technologies to Architectures (Position Paper)
This is an incremental position paper proposing a shift in focus for privacy by design, targeting researchers and practitioners in privacy and system design.
The paper argues that privacy by design should be addressed at the architectural level with methodologies, rather than just focusing on technologies and components, and suggests using formal methods to handle its complexity and tensions with other requirements, based on ongoing work on a privacy by design environment.
Existing work on privacy by design mostly focus on technologies rather than methodologies and on components rather than architectures. In this paper, we advocate the idea that privacy by design should also be addressed at the architectural level and be associated with suitable methodologies. Among other benefits, architectural descriptions enable a more systematic exploration of the design space. In addition, because privacy is intrinsically a complex notion that can be in tension with other requirements, we believe that formal methods should play a key role in this area. After presenting our position, we provide some hints on how our approach can turn into practice based on ongoing work on a privacy by design environment.