Synthesising Privacy by Design Knowledge Towards Explainable Internet of Things Application Designing in Healthcare

TL;DR

This paper aims to develop an explainable privacy assistant for IoT healthcare applications by synthesizing existing privacy by design knowledge, analyzing privacy patterns, and identifying requirements to enhance developer understanding and application of privacy principles.

Contribution

It synthesizes privacy patterns across schemes, analyzes their application in IoT healthcare, and identifies knowledge engineering requirements for an explainable privacy assistant.

Findings

Privacy patterns benefit healthcare IoT applications significantly.

Analysis of 74 privacy patterns across 10 schemes.

Identified key knowledge engineering requirements for privacy assistant.

Abstract

Privacy by Design (PbD) is the most common approach followed by software developers who aim to reduce risks within their application designs, yet it remains commonplace for developers to retain little conceptual understanding of what is meant by privacy. A vision is to develop an intelligent privacy assistant to whom developers can easily ask questions in order to learn how to incorporate different privacy-preserving ideas into their IoT application designs. This paper lays the foundations toward developing such a privacy assistant by synthesising existing PbD knowledge so as to elicit requirements. It is believed that such a privacy assistant should not just prescribe a list of privacy-preserving ideas that developers should incorporate into their design. Instead, it should explain how each prescribed idea helps to protect privacy in a given application design context-this approach is defined as 'Explainable Privacy'. A total of 74 privacy patterns were analysed and reviewed using ten different PbD schemes to understand how each privacy pattern is built and how each helps to ensure privacy. Due to page limitations, we have presented a detailed analysis in [3]. In addition, different real-world Internet of Things (IoT) use-cases, including a healthcare application, were used to demonstrate how each privacy pattern could be applied to a given application design. By doing so, several knowledge engineering requirements were identified that need to be considered when developing a privacy assistant. It was also found that, when compared to other IoT application domains, privacy patterns can significantly benefit healthcare applications. In conclusion, this paper identifies the research challenges that must be addressed if one wishes to construct an intelligent privacy assistant that can truly augment software developers' capabilities at the design phase.