Privacy in Practice: Exploring Concrete Relationships Between Privacy Patterns and Privacy by Design Principles in Software Engineering

Abstract

Ensuring the fulfillment of customer preferences and requirements and adherence to legal compliance have emerged as critical considerations for software development organizations. Legislation such as the Brazillian LGPD and the European Union's GDPR highlight the importance of integrating personal data privacy rights from the beginning of system development and throughout the data lifecycle, as mentioned in the fundamental principles of Privacy by Design. However, recent studies still emphasize the need for processes, methods, guides, and tools that help translate Privacy by Design principles into practical software engineering activities. In this context, this article aims to explore the integration of abstract Privacy by Design principles into tangible Software Engineering practices. To this end, a mapping was carried out between Privacy Patterns and the principles of Privacy by Design. This process translated abstract concepts into practical activities. The reliability of the mapping process among the researchers was assessed by calculating the Intraclass Correction Coefficient (ICC). The findings underscore that when software engineers apply one or more Privacy Patterns to address personal data privacy requirements, as revealed through the correlations conducted in this study, they also tend to adhere to one or more Privacy by Design principles.