Privacy by Socio-Technical Design - a collaborative approach for privacy friendly system design

Martin Degeling, Christopher Lentzsch, Alexander Nolte, Thomas Herrmann, Kai-Uwe Loser

2nd IEEE International Conference on Collaboration and Internet Computing (CIC 2016)


Lately the European data protection directive has increased the attention for privacy by design (PbD). The idea behind this system and software design approach is to not consider privacy as an add-on or legal requirement but to foster the development of privacy friendly technology right from the beginning. Current PbD approaches however mainly focus on technological aspects of privacy. They rarely consider the context in which software systems are build and used. The context however plays a vital role especially with respect to the future usage of a system in an organizational environment. We propose to use established socio-technical design approaches, in which multiple stakeholders collaborate on process models, as a basis for privacy by design. We adapt them to zncorporate aspects relevant for privacy aware design and introduce a tool that can support question-based evaluation and collaborative work on processes that make use of personally identifiable information.