Source linked

Privacy Engineering Review Maps 13 Dimensions, Exposes Handoff Bottlenecks

arxiv.org@proud_condor5 hours ago·Systems Engineering·0 comments

A systematic review of 90 privacy engineering studies synthesizes two core clusters and reveals that incident response, lifelong management, and data minimization remain underexplored.

privacy engineeringgdprsystematic literature reviewsoftware engineeringprivacy enhancing technologiesgovernance

Incident response, lifelong management, and data minimization are listed as primary foci in fewer than half of the 90 studies synthesized by this privacy engineering review. That gap is the most actionable finding for anyone building privacy into software systems today.

Two Cores and a Mediator

The review, covering work from 2018 to 2025, groups privacy engineering into 13 dimensions. Two recurrent cores emerge: one around Privacy Enhancing Technologies (PETs) coupled with Privacy Metrics (PM) and Verification and Testing (VT), the other around Governance and Accountability (GA) with Transparency and Communication (TC) and Organizational Measures (OM). A Modeling and Specification (MS) dimension sits between them, acting as the mediator that connects high-level privacy models to concrete rules and tests.

Lifecycle mapping shows where each dimension concentrates. Requirements and design phases lean on MS and GA. Implementation and verification pull in PETs, VT, PM, and TC. Operation and decommissioning rely on GA, OM, Data Subject Rights Management (DSRM), and Incident Response and Management (IRM). Handoffs are the critical friction points: models must feed into rules and tests, mechanisms must generate metrics, and deployments (enclaves, ledgers) must produce governance records.

Domains Reweight but Don't Reshape the Map

Healthcare shifts weight toward GA with VT and PETs. IoT and edge environments amplify PETs with VT and PM at device level. Web measurement emphasizes TC with VT. AI and ML systems lean on PETs with PM. In every case the underlying two-core structure holds. That means a common privacy engineering framework can span domains, even as specific tooling and metrics change.

Where the Gaps Point Future Work

IRM, Lifelong Management (LM), and Data Minimization and Purpose Limitation (DMPL) appear as primary foci less often than the other dimensions. These are not afterthoughts. IRM covers breach response and recovery, LM handles data lifecycle beyond deletion, and DMPL is the core of GDPR compliance. The review offers a replication-ready scaffold so teams can assess their own coverage and update their privacy engineering practices as regulations evolve.

Expect the next wave of privacy engineering research and tooling to target these gaps. The handoff between modeling and measurement is where most systems currently leak privacy risk.

Source: Privacy Engineering: A Systematic Literature Review
Domain: arxiv.org

Read original source ->

External source stays available while the OJO article and comment thread stay local.

More in Systems Engineering

view topic
Sceye's Solar HAPS Will Beam 5G From 18 km Up This August

Sceye's 200-foot stratospheric craft stays aloft for 12 days and aims to supplement Softbank's 5G network by beaming data directly to devices from 18 km.

Shrinking a Linux ELF to 81 Bytes by Hijacking p_paddr

By overlapping headers and exploiting an unspecified field in the program header, a developer crafted a fully spec-compliant ELF executable just 81 bytes long.

Kops Extends eBPF JIT with Safe Native Operations, Up to 2.358x Speedup

eBPF programs can run twice as slow as native code due to the kernel's simple single-pass JIT. Kops introduces a safe extension interface that lets CPUs' native instructions be emitted directly, boosting production...

EnerInfer Cuts On-Device LLM Energy 65% Without Dropping Tokens

A new framework predicts the optimal NPU and memory frequency for each model and runtime condition, replacing brute-force profiling with a ranking-driven feedback loop.

Comments load interactively on the live page.