Internet of Things Garage

Designing Privacy by Design IoT Applications

Interactive Design Method for Augmenting Software Design Process Toward Privacy Aware Internet of Things Application Designs

Internet of Things (IoT) applications development and design process is more complicated than others, such as desktop, web, or mobile. That’s because IoT applications need both software and hardware to cooperate across multiple nodes with different capabilities. Moreover, it requires different software engineers with different expertise to cooperate (e.g., frontend, backend, and database). Due to the above complications, non-functional requirements, such as privacy tend to be overlooked.

Yearly, a significant number of devices and applications are connecting to the Internet, which raises potential privacy risks. Typically, IoT applications collect and analyse personal data that can be used to derive sensitive information about individuals. However, thus far, privacy concerns have not been explicitly considered (i.e., as unified manner), despite isolated solutions (i.e., a specific technique that address specific privacy challenge) in software engineering processes when designing and developing IoT applications, partly due to a lack of Privacy-by-Design (PbD) methods for the IoT.

This project’s primary objective is to efficiently, effectively, and collaboratively develop an interactive design method (facilitate through a tool) that incorporates privacy-preserving techniques into the early phases of the software development life cycle. We envision our tool to be collaboratively used by business analysts, requirement engineers, user experience designers, and software engineers together during the process of creating privacy by design IoT application designs. Our secondary objective is to explore whether such a tool could also enhance novice engineers’ privacy knowledge. This project is composed of three main objectives:




PETRAS National Centre of Excellence for IoT Systems Cybersecurity is a consortium of eleven leading UK universities which will work together over the next three years to explore critical issues in privacy, ethics, trust, reliability, acceptability, and security.

My Data Fix

UK qualified corporate and finance lawyer with regulatory expertise gained from an international career. My Data Fix specialises in all aspects of data privacy, having worked as the Global Data Protection Officer for an international organisation whose business is personal data.


Obeo provides open modeling software solutions to create and transform complex systems. Obeo is a provider of Open Source technologies such as Sirius (graphic modeling) and Acceleo (code generation), Obeo markets Obeo Designer and Obeo SmartEA software solutions (mapping and strategic business transformation).


Nada Alhirabi, Stephanie Beaumont, Jose Tomas Llanos, Dulani Meedeniya, Omer Rana, and Charith Perera PARROT: Interactive Privacy-Aware Internet of Things Application Design Tool, In Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies (IMWUT), Volume 7, Issue 1(1), pp 1–37, March 2023
Nada Alhirabi, Stephanie Beaumont, Omer Rana, and Charith PereraPrivacy-Patterns for IoT Application Developers, In Adjunct Proceedings of the 2022 ACM International Joint Conference on Pervasive and Ubiquitous Computing (UbiComp/ISWC '22), Association for Computing Machinery, New York, NY, USA, 7–9
Nada Alhirabi, Omer Rana, and Charith PereraDemo Abstract: PARROT: Privacy by Design Tool for Internet of Things, In Proceedings of the 2022 IEEE/ACM Seventh International Conference on Internet-of-Things Design and Implementation (IoTDI) 2022, 107-108 (2)
Nada Alhirabi, Omer Rana, Charith Perera, Security and Privacy Requirements for the Internet of Things: A Survey, ACM Transactions on Internet of Things (TIOT), Volume 2, Issue 1(6), February 2021 (37)
Charith Perera, Mahmoud Barhamgi, and Massimo Vecchio, Envisioning Tool Support for Designing Privacy-Aware Internet of Thing Applications, IEEE Internet of Things Magazine (IOTM) Volume 4, Issue 1, March 2021 (6)