Skip to main content

Table 1 Summary of first validation by aspect

From: Making context the central concept in privacy engineering

Aspects raised in the interviews Initial position Implications of first validation
Understanding of context Dynamic entity defined by knowledge focus, not a container described by a set of characteristics (e.g. individual privacy preference statements) Dynamic definition fruitful basis for the design
Need to extend CI theory Context part of the theory underdeveloped Development gap recognised
Knowledge aspects of context Focus should be on the three types of knowledge (external, contextual and procedural) Different aspects are understood applied to privacy use cases
Context triggers Event-driven approach to handling privacy in context Concept useful starting point for privacy engineering
Data sharing policy Concept encapsulating preference handling on behalf of the user Considered useful as an overall idea; however, many questions about structure and management not dealt with in the first development cycle
Contextual graph formalism Graph presented as an abstract example (template) Should be introduced in a pedagogical example related to privacy (see updated Fig. 7); the graph should be explained in relation to other graph types if it should be used in applications
Provisional definition of data privacy Guiding definition for use in design was provided The definition was improved (see the Understanding data privacy’ section) for clarity and scope
Organisational design Focus on role of data sharing policies Questions to the envisioned business process motivated extending the Organisational design—defining data sharing policies’ section, explaining more in depth the role of ML and the personal data sharing policies’ relationship to institutional privacy policies
Technical design An application scenario was presented The role of high-level technical architecture and scenarios is highlighted; design at this level could potentially drive future design cycles
Use of smart contracts These artefacts are part of cutting edge technologies, and in our proposal given, the role of executing data sharing decisions According to interviews blockchain and smart contracts should be explored
Use of ML ML is positioned as a key instrument in delegating the execution of policies to the IT system, allowing users to focus on their main activities Interviews showed support for making ML an important part of the design