research-article

A System of Privacy Patterns for Informing Users: Creating a Pattern System

Authors:

Michael Colesky,

Julio C. CaizaAuthors Info & Claims

EuroPLoP '18: Proceedings of the 23rd European Conference on Pattern Languages of Programs

Article No.: 16, Pages 1 - 11

https://doi.org/10.1145/3282308.3282325

Published: 04 July 2018 Publication History

Abstract

The General Data Protection Regulation mandates data protection in the European Union. This includes data protection by design and having privacy-preserving defaults. This legislation has been in force since May 2018, promising severe consequences for violation. Fulfilling its mandate for data protection is not trivial, though. One approach for realizing this is the use of privacy design patterns. We have recently started consolidating such patterns into useful collections. In this paper we improve a subset of these, constructing a pattern system. This helps to identify contextually appropriate patterns. It better illustrates their application and relation to each other. The pattern system guides software developers, so that they can help users understand how their information system uses personal data. To achieve this, we rewrite our patterns to meet specific requirements. In particular, we add implementability and interconnection, while improving consistency and organization. This results in a system of patterns for informing users.

References

[1]

G Aggarwal and E Bursztein. 2010. An Analysis of Private Browsing Modes in Modern Browsers. USENIX Security ... (2010), 1--8.

Digital Library

[2]

Shane Ahern, Dean Eckles, Nathan Good, Simon King, Mor Naaman, and Rahul Nair. 2007. Over-Exposed? Privacy Patterns and Considerations in Online and Mobile Photo Sharing. In Proceedings of the conference on Human factors in computing systems - CHI '07. 357--366.

Digital Library

[3]

Christopher Alexander. 1979. The Timeless Way of Building. Oxford University Press, New York.

[4]

H. Baraki, K. Geihs, A. Hoffmann, C. Voigtmann, R. Kniewel, B.E. Macek, and J. Zirfas. 2014. Towards Interdisciplinary Design Patterns for Ubiquitous Computing Applications. Technical Report. Kassel Univeristy, Kassel, Germany. https://books.google.nl/books?id=D40vBgAAQBAJ

[5]

Christoph Boesch, Frank Kargl, Henning Kopp, and Patrick Mosby. 2013. privacypatterns.eu - collecting patterns for better privacy. (2013). https://privacypatterns.eu/

[6]

Frank Buschmann, Regine Maunier, Hans Rohnert, Peter Sommerlad, and Michael Stal. 1996. Pattern-Oriented Software Architecture, A System of Patterns. 459 pages.

Digital Library

[7]

Julio C. Caiza, Yod-Samuel Martín, José M. Del Alamo, and Danny S. Guamán. 2017. Organizing Design Patterns for Privacy: A Taxonomy of Types of Relationships. (2017).

Digital Library

[8]

Ann Cavoukian. 2009. Privacy by Design. Technical Report. Ontario, Canada.

[9]

Eric S. Chung, Jason I. Hong, James Lin, Madhu K. Prabaker, James a. Landay, and Alan L. Liu. 2004. Development and Evaluation of Emerging Design Patterns for Ubiquitous Computing. Proceedings of the conference on Designing Interactive Systems: processes, practices, methods, and techniques - DIS (2004), 233--242.

Digital Library

[10]

Michael Colesky, Jaap-Henk Hoepman, and Christiaan Hillen. 2016. A Critical Analysis of Privacy Design Strategies. In Proceedings of the 2nd International Workshop on Privacy Engineering - IWPE. IEEE, San Jose, CA. http://ieeexplore.ieee.org/document/7527750/

[11]

George Danezis, Josep Domingo-Ferrer, Marit Hansen, Jaap-Henk Hoepman, Daniel Le Métayer, Rodica Tirtea, and Stefan Schiffner. 2014. Privacy and Data Protection by Design -- from policy to engineering. Technical Report.

[12]

Nick Doty and Mohit Gupta. 2003. Privacy Design Patterns and Anti-Patterns Patterns Misapplied and Unintended Consequences. (2003), 1--5.

[13]

Nick Doty and Mohit Gupta. 2018. privacypatterns. (2018). http://github.com/privacypatterns/patterns

[14]

Nick Doty, Mohit Gupta, and Jeff Zych. 2015. privacypatterns.org - Privacy Patterns. (2015). http://privacypatterns.org/

[15]

Olha Drozd. 2016. Privacy pattern catalogue: A tool for integrating privacy principles of ISO/IEC 29100 into the software development process. IFIP AICT (2016).

[16]

European Parliament and Council of the European Union. 2015. General Data Protection Regulation. Official Journal of the European Union 119 (2015). http://eur-lex.europa.eu/legal-content/EN/TXT/?qid=1487245302979&uri=CELEX:32016R0679

[17]

Simone Fischer-Hübner, Christina Köffel, John-Sören Pettersson, Peter Wolkerstorfer, Cornelia Graf, Leif Erik Holtz, Ulrich König, Hans Hedbom, and Benjamin Kellermann. 2010. HCI Pattern Collection - Version 2. (2010).

[18]

Eric Freeman, Elisabeth Robson, Bert Bates, and Kathy Sierra. 2004. Head First Design Patterns. O' Reilly & Associates, Inc. 694 pages. https://dl.acm.org/citation.cfm?id=1076324

Digital Library

[19]

Erich Gamma, Richard Helm, Ralph Johnson, and John Vlissides. 1994. Design patterns: elements of reusable object-oriented software. Addison-Wesley. 395 pages.

Digital Library

[20]

Cornelia Graf, Peter Wolkerstorfer, Arjan Geven, and Manfred Tscheligi. 2010. A Pattern Collection for Privacy Enhancing Technology. In Proceedings of the 2nd IARA International Conferences of Pervasive Patterns and Applications - PATTERNS 2010, Vol. 2.72--77.

[21]

Eduardo Guerra and Elisa Yumi Nakagawa. 2015. Relating Patterns and Reference Architectures. In Pattern Languages of Program Design. Hillside, 1--9. http://hillside.net/plop/2015/papers/proceedings/

Digital Library

[22]

Seda Gürses, Carmela Troncoso, and Claudia Diaz. 2011. Engineering Privacy by design. In Conference on Computers, Privacy & Data Protection (CPDP 2011).

[23]

Niel B. Harrison. 2006. Advanced Pattern Writing. Pattern Languages of Program Design 5 (2006). http://europlop.net/sites/default/files/files/1_2003_Harrison_AdvancedPatternWriting.pdf

[24]

Jaap-Henk Hoepman. 2014. Privacy Design Strategies. In Proceedings of the IFIP International Conference on Information Security and Privacy Protection - IFIP SEC. 446--459.

[25]

Giovanni Iachello and Jason Hong. 2007. End-User Privacy in Human-Computer Interaction. Foundations and Trends in Human-Computer Interaction (2007), 1--137.

Digital Library

[26]

Marc Langheinrich. 2001. Privacy by Design - Principles of Privacy-Aware Ubiquitous Systems. Ubicomp 2001: Ubiquitous Computing (2001), 273--291.

Digital Library

[27]

Jörg Lenhard, Lothar Fritsch, and Sebastian Herold. 2017. A Literature Study on Privacy Patterns Research. SEAA 2017 (2017).

[28]

Gerard Meszaros and Jim Doble. 1997. A pattern language for pattern writing. Pattern languages of program design (1997), 1--36. http://xunitpatterns.com/~gerard/plopd3-pattern-writing-patterns-paper.pdf

Digital Library

[29]

Daniel Le Métayer. 2013. Privacy by design: a formal framework for the analysis of architectural choices. Codaspy (2013), 95--104.

Digital Library

[30]

Till Schümmer. 2004. The Public Privacy - Patterns for Filtering Personal Information in Collaborative Systems. In Proceedings of CHI workshop on Human-Computer-Human-Interaction Patterns. 1--35.

[31]

Johanneke Siljee. 2015. Privacy transparency patterns. In EuroPLoP '15. 1--11.

Digital Library

[32]

Hanke van Rossum, Huib Gardeniers, John J. Borking, Ann Cavoukian, John Brans, Noel Muttupulle, and Nick Magistrale. 1995. Privacy-Enhancing Technologies: The Path to Anonymity. Vol. I. Information and Privacy Commissioner/Ontario, The Hague. 1--60 pages.

Cited By

Herwanto GEkaputra FQuirchmayr GTjoa A(2024)Toward a Holistic Privacy Requirements Engineering Process: Insights From a Systematic Literature ReviewIEEE Access10.1109/ACCESS.2024.338088812(47518-47542)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3380888
Herwanto GQuirchmayr GTjoa A(2024)Learning to Rank Privacy Design Patterns: A Semantic Approach to Meeting Privacy RequirementsRequirements Engineering: Foundation for Software Quality10.1007/978-3-031-57327-9_4(57-73)Online publication date: 8-Apr-2024
https://dl.acm.org/doi/10.1007/978-3-031-57327-9_4
Caiza JLópez GGuamán D(2023)Elementos Reusables para Experimentar con Metodologías Basadas en Estrategias y Patrones de PrivacidadRevista Politécnica10.33333/rp.vol51n2.1051:2(113-121)Online publication date: 1-May-2023
https://doi.org/10.33333/rp.vol51n2.10
Show More Cited By

Index Terms

A System of Privacy Patterns for Informing Users: Creating a Pattern System
1. Security and privacy
  1. Human and societal aspects of security and privacy
    1. Privacy protections
    2. Usability in security and privacy
  2. Security services
    1. Privacy-preserving protocols
2. Software and its engineering
  1. Software notations and tools
    1. General programming languages
      1. Language features
        Patterns

Recommendations

A framework and roadmap for enhancing the application of privacy design patterns
SAC '20: Proceedings of the 35th Annual ACM Symposium on Applied Computing

Privacy patterns have become a cornerstone of the Privacy by Design paradigm realization by being used in different methodologies, strategies, tools, and many other privacy engineering proposals reported in the state-of-the-art. While these proposals ...
Organizing Design Patterns for Privacy: A Taxonomy of Types of Relationships
EuroPLoP '17: Proceedings of the 22nd European Conference on Pattern Languages of Programs

There has recently been an upsurge of legislative, technical and organizational frameworks in the field of privacy which recommend, and even mandate the need to consider privacy issues in the design of information systems. Privacy design patterns have ...
A system of privacy patterns for user control
SAC '18: Proceedings of the 33rd Annual ACM Symposium on Applied Computing

Privacy by Design is prescribed by the new European General Data Protection Regulation. Getting this privacy preserving design philosophy appropriately adopted is a challenge, however. One natural approach to this challenge would be to leverage design ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences

EuroPLoP '18: Proceedings of the 23rd European Conference on Pattern Languages of Programs

July 2018

322 pages

ISBN:9781450363877

DOI:10.1145/3282308

Copyright © 2018 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

In-Cooperation

Hillside Europe: Hillside Europe

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 04 July 2018

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Funding Sources

NWO
SENESCYT

Conference

EuroPLoP '18

EuroPLoP '18: 23rd European Conference on Pattern Languages of Programs

July 4 - 8, 2018

Irsee, Germany

Acceptance Rates

EuroPLoP '18 Paper Acceptance Rate 35 of 53 submissions, 66%;

Overall Acceptance Rate 216 of 354 submissions, 61%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

10
Total Citations
View Citations
261
Total Downloads

Downloads (Last 12 months)36
Downloads (Last 6 weeks)4

Reflects downloads up to 26 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Herwanto GEkaputra FQuirchmayr GTjoa A(2024)Toward a Holistic Privacy Requirements Engineering Process: Insights From a Systematic Literature ReviewIEEE Access10.1109/ACCESS.2024.338088812(47518-47542)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3380888
Herwanto GQuirchmayr GTjoa A(2024)Learning to Rank Privacy Design Patterns: A Semantic Approach to Meeting Privacy RequirementsRequirements Engineering: Foundation for Software Quality10.1007/978-3-031-57327-9_4(57-73)Online publication date: 8-Apr-2024
https://dl.acm.org/doi/10.1007/978-3-031-57327-9_4
Caiza JLópez GGuamán D(2023)Elementos Reusables para Experimentar con Metodologías Basadas en Estrategias y Patrones de PrivacidadRevista Politécnica10.33333/rp.vol51n2.1051:2(113-121)Online publication date: 1-May-2023
https://doi.org/10.33333/rp.vol51n2.10
Nurgalieva LFrik ADoherty G(2023)A Narrative Review of Factors Affecting the Implementation of Privacy and Security Practices in Software DevelopmentACM Computing Surveys10.1145/358995155:14s(1-27)Online publication date: 4-Apr-2023
https://dl.acm.org/doi/10.1145/3589951
Saltarella MDesolda GLanzilotti RBarletta V(2023)Translating Privacy Design Principles Into Human-Centered Software Lifecycle: A Literature ReviewInternational Journal of Human–Computer Interaction10.1080/10447318.2023.221996440:17(4465-4483)Online publication date: 20-Jun-2023
https://doi.org/10.1080/10447318.2023.2219964
Tolsdorf JIacono L(2023)Data Cart: A Privacy Pattern for Personal Data Management in OrganizationsHuman Factors in Privacy Research10.1007/978-3-031-28643-8_18(353-378)Online publication date: 10-Mar-2023
https://doi.org/10.1007/978-3-031-28643-8_18
Barth SIonita DHartel P(2022)Understanding Online Privacy—A Systematic Review of Privacy Visualizations and Privacy by Design GuidelinesACM Computing Surveys10.1145/350228855:3(1-37)Online publication date: 3-Feb-2022
https://dl.acm.org/doi/10.1145/3502288
Al-Momani ABösch CWuyts KSion LJoosen WKargl FHong JBures MPark JCerny T(2022)Mitigation lost in translationProceedings of the 37th ACM/SIGAPP Symposium on Applied Computing10.1145/3477314.3507107(1236-1247)Online publication date: 25-Apr-2022
https://dl.acm.org/doi/10.1145/3477314.3507107
Caiza JAlamo JGuamán DJaramillo-Alcázar ÁHung CHong JBechini ASong E(2021)An exploratory experiment on privacy patternsProceedings of the 36th Annual ACM Symposium on Applied Computing10.1145/3412841.3441995(1209-1216)Online publication date: 22-Mar-2021
https://dl.acm.org/doi/10.1145/3412841.3441995
Pedroza GMuntes-Mulero VMartin YMockly G(2021)A Model-based Approach to Realize Privacy and Data Protection by Design2021 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)10.1109/EuroSPW54576.2021.00042(332-339)Online publication date: Sep-2021
https://doi.org/10.1109/EuroSPW54576.2021.00042

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents