Recently, I had the chance to collaborate with great group of privacy engineering experts. In our collaboration, we investigated factors that hamper the adoption of privacy engineering primitives, methods and strategies in real-world information systems.
In particular, we identified the following four tactics to foster adoption:
- Consciously broaden the scope beyond anonymization, data Minimization and security. The technology scope of privacy engineering should also encompass the other privacy principles such as transparency.
- Recognize functional and nonfunctional properties of privacy mechanisms and acknowledge the importance of the latter. To be adopted in practice, privacy mechanisms need to be easy to (re-)use, implement/integrate and scalable and performant.
- Let perfection not be the enemy of the good. Focus on practical, realistic solutions rather than on mostly theoretic solutions offering 100% formal guarantees.
- Provide easy to use, feasible, and economically viable solutions to drive adoption.
You can read all the details in our paper. The pre-print is available on arxiv , the version published in the IEEE Security & Privacy magazine can be found on IEEE xplore.