Privacy by Design and Assessment Guidelines

This project examines how privacy can be systematically incorporated into Internet of Things systems by providing reusable design guidelines and assessment methods for software engineers. As IoT applications increasingly collect and process personal data across diverse contexts, software developers face the challenge of embedding privacy protections into system architectures from the earliest design stages rather than retrofitting them after deployment. The research develops a comprehensive privacy-by-design methodology tailored to the unique characteristics of IoT systems, where data collection is pervasive, devices are resource-constrained, and traditional consent mechanisms are often impractical. The project produces actionable guidelines that map privacy principles to concrete software engineering practices, enabling developers to identify privacy risks, select appropriate mitigation strategies, and verify compliance with regulatory frameworks including GDPR.

A structured privacy assessment methodology accompanies the design guidelines, allowing engineering teams to evaluate the privacy posture of IoT applications at various stages of the development lifecycle. This assessment framework provides repeatable processes for measuring how effectively privacy protections have been integrated into system architectures, supporting continuous improvement throughout the software engineering workflow.

The research also addresses user-centric privacy engineering, investigating how data service composition and crowd-sensed trust aggregation can preserve individual privacy in networked IoT environments. Conducted as a strategic collaboration from 2015 to 2020, the project has generated multiple publications addressing privacy-aware IoT application design, privacy in data service composition, and privacy-preserving trust mechanisms for Internet of People networks.

Team