Privacy Engineering From Principles to Practice: A Roadmap
Frank Pallas, Katharina Koerner, Isabel Barberá, Jaap-Henk Hoepman, Meiko Jensen, Nandita Rao Narla, Nikita Samarin, Max-R. Ulbricht, Isabel Wagner, Kim Wuyts, Christian Zimmermann
TL;DR
Privacy engineering is presented as a practice-driven field that must move beyond a narrow focus on anonymization and formal guarantees. The authors propose a roadmap that broadens scope to include legal principles, second-order non-functional properties, and reusable artifacts, all grounded in enterprise information systems. Key contributions include a taxonomy of non-functional properties, a critique of all-or-nothing privacy guarantees, and a supply-side strategy to deliver practical, measurable privacy technologies that regulators can reasonably require. The framework aims to bridge academia and industry, enabling scalable, privacy-preserving systems that satisfy risk-based regulatory requirements and foster user trust.
Abstract
Privacy engineering is gaining momentum in industry and academia alike. So far, manifold low-level primitives and higher-level methods and strategies have successfully been established. Still, fostering adoption in real-world information systems calls for additional aspects to be consciously considered in research and practice.