From: Making context the central concept in privacy engineering
Aspects raised in the interviews | Initial position | Implications of first validation |
---|---|---|
Understanding of context | Dynamic entity defined by knowledge focus, not a container described by a set of characteristics (e.g. individual privacy preference statements) | Dynamic definition fruitful basis for the design |
Need to extend CI theory | Context part of the theory underdeveloped | Development gap recognised |
Knowledge aspects of context | Focus should be on the three types of knowledge (external, contextual and procedural) | Different aspects are understood applied to privacy use cases |
Context triggers | Event-driven approach to handling privacy in context | Concept useful starting point for privacy engineering |
Data sharing policy | Concept encapsulating preference handling on behalf of the user | Considered useful as an overall idea; however, many questions about structure and management not dealt with in the first development cycle |
Contextual graph formalism | Graph presented as an abstract example (template) | Should be introduced in a pedagogical example related to privacy (see updated Fig. 7); the graph should be explained in relation to other graph types if it should be used in applications |
Provisional definition of data privacy | Guiding definition for use in design was provided | The definition was improved (see the Understanding data privacy’ section) for clarity and scope |
Organisational design | Focus on role of data sharing policies | Questions to the envisioned business process motivated extending the Organisational design—defining data sharing policies’ section, explaining more in depth the role of ML and the personal data sharing policies’ relationship to institutional privacy policies |
Technical design | An application scenario was presented | The role of high-level technical architecture and scenarios is highlighted; design at this level could potentially drive future design cycles |
Use of smart contracts | These artefacts are part of cutting edge technologies, and in our proposal given, the role of executing data sharing decisions | According to interviews blockchain and smart contracts should be explored |
Use of ML | ML is positioned as a key instrument in delegating the execution of policies to the IT system, allowing users to focus on their main activities | Interviews showed support for making ML an important part of the design |