Internet of Things Garage

Learning Privacy and Laws Through AI-Mediated Exploration and Design

Facilitating Novice Software Engineers to Learn Privacy by Design and Privacy Laws through AI-Mediated Exploration and Design Activities

Internet of Things (IoT) applications development and design process is more complicated than others, such as desktop, web, or mobile. IoT applications need software and hardware to cooperate across multiple nodes with different capabilities. Moreover, it requires different software engineers with different expertise to cooperate (e.g., frontend, backend, database). Due to the above complications, non-functional requirements like privacy tend to be overlooked. One way to address this problem is to better educate novice software engineers about applying privacy-preserving measures in their IoT systems design process. Currently, universities are mostly focusing on teaching cyber security than privacy. Therefore, novice software engineers have very limited knowledge of designing a privacy-aware system, especially when collecting sensitive information using sensors in IoT applications.

In this project, our focus is to develop a technique (formulate as a tool) driven by AI to help novice software engineers to learn privacy and privacy laws by using design activities. The novice engineers will use our tool to implicitly and explicitly help them understand how to incorporate privacy-preserving design features into their IoT system. It is important to note that our focus is on enhancing novice engineers’ teaching and learning experience. We do not aim for the proposed technique to be used in the context of industrial software engineering. However, we believe that the knowledge that noise of ranging is gained from interacting with our tool will enable them to apply privacy-preserving measures in an industrial setting. As a community, privacy researchers have developed a large number of privacy-preserving measures identified by various names, such as privacy principles, guidelines, strategies, goals, and patterns (which add up to 168 privacy-preserving measures in total).

Each of these privacy-preserving measures is varied in granularity; some are very high level, and others are low level (close to implementation). Despite investing a significant amount of resources over many years (e.g.,,, there aren’t any unified mechanisms at the moment to help novice software engineers learn how to apply those privacy-preserving measures in their designs in a meaningful way. One of our key objectives is to encapsulate all this knowledge into a tool where novice engineers will incrementally learn how these heterogeneous sets of privacy-preserving measures could be potentially used to preserve privacy and comply with privacy laws. This project has three main objectives:




PETRAS National Centre of Excellence for IoT Systems Cybersecurity is a consortium of eleven leading UK universities which will work together over the next three years to explore critical issues in privacy, ethics, trust, reliability, acceptability, and security.

My Data Fix

UK qualified corporate and finance lawyer with regulatory expertise gained from an international career. My Data Fix specialises in all aspects of data privacy, having worked as the Global Data Protection Officer for an international organisation whose business is personal data.


Obeo provides open modeling software solutions to create and transform complex systems. Obeo is a provider of Open Source technologies such as Sirius (graphic modeling) and Acceleo (code generation), Obeo markets Obeo Designer and Obeo SmartEA software solutions (mapping and strategic business transformation).